Schneier on Security
JULY 28, 2022
Kaspersky is reporting on a new UFEI rootkit that survives reinstalling the operating system and replacing the hard drive. From an article : The firmware compromises the UEFI, the low-level and highly opaque chain of firmware required to boot up nearly every modern computer. As the software that bridges a PC’s device firmware with its operating system, the UEFI—short for Unified Extensible Firmware Interface—is an OS in its own right.
Krebs on Security
JULY 29, 2022
The 911 service as it existed until July 28, 2022. 911[.]re, a proxy service that since 2015 has sold access to hundreds of thousands of Microsoft Windows computers daily, announced this week that it is shutting down in the wake of a data breach that destroyed key components of its business operations. The abrupt closure comes ten days after KrebsOnSecurity published an in-depth look at 911 and its connections to shady pay-per-install affiliate programs that secretly bundled 911’s proxy so
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Lohrman on Security
JULY 24, 2022
Like other forms of cyber crime, business email compromise is growing and evolving. Here’s what you need to know.
The Last Watchdog
JULY 27, 2022
Post Covid 19, attack surface management has become the focal point of defending company networks. Related: The importance of ‘SaaS posture management’ As digital transformation continues to intensify, organizations are relying more and more on hosted cloud processing power and data storage, i.e. Platform as a Service ( PaaS ,) as well as business tools of every stripe, i.e.
Advertisement
Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.
Schneier on Security
JULY 27, 2022
Good essay arguing that open-source software is a critical national-security asset and needs to be treated as such: Open source is at least as important to the economy, public services, and national security as proprietary code, but it lacks the same standards and safeguards. It bears the qualities of a public good and is as indispensable as national highways.
Krebs on Security
JULY 27, 2022
It’s been seven years since the online cheating site AshleyMadison.com was hacked and highly sensitive data about its users posted online. The leak led to the public shaming and extortion of many Ashley Madison users, and to at least two suicides. To date, little is publicly known about the perpetrators or the true motivation for the attack. But a recent review of Ashley Madison mentions across Russian cybercrime forums and far-right websites in the months leading up to the hack revealed s
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
|
The Last Watchdog
JULY 25, 2022
Cyber-attacks continue to make headlines, and wreak havoc for organizations, with no sign of abating. Having spiked during the COVID-19 pandemic, threats such as malware, ransomware, and DDoS attacks continue to accelerate. Related: Apple tools abuse widespread. A10’s security research team recorded a significant spike in the number of potential DDoS weapons available for exploitation in 2021 and early 2022.
Schneier on Security
JULY 29, 2022
Yet another article about cyber-weapons arms manufacturers and their particular supply chain. This one is about Windows and Adobe Reader zero-day exploits sold by an Austrian company named DSIRF. There’s an entire industry devoted to undermining all of our security. It needs to be stopped.
Krebs on Security
JULY 28, 2022
Microleaves , a ten-year-old proxy service that lets customers route their web traffic through millions of Microsoft Windows computers, recently fixed a vulnerability in their website that exposed their entire user database. Microleaves claims its proxy software is installed with user consent, but data exposed in the breach shows the service has a lengthy history of being supplied with new proxies by affiliates incentivized to distribute the software any which way they can — such as by sec
Tech Republic Security
JULY 29, 2022
With summer vacations taking employees out of the office, phishing attacks are on the rise. Here are three ways companies can stay prepared. The post Prevent email phishing attacks this summer with 3 defensive measures appeared first on TechRepublic.
Advertisement
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
Cisco Security
JULY 28, 2022
Ransomware and other advanced attacks continue to evolve and threaten organizations around the world. Effectively defending your endpoints from these attacks can be a complex undertaking, and a seemingly endless number of security acronyms only compounds that complexity. There are so many acronyms – EPP, EDR, MEDR, MDR, XDR, and more – for various cybersecurity products and services that it becomes difficult to understand the differences between them and choose the right solution for your organi
Schneier on Security
JULY 26, 2022
I haven’t written about Apple’s Lockdown Mode yet, mostly because I haven’t delved into the details. This is how Apple describes it: Lockdown Mode offers an extreme, optional level of security for the very few users who, because of who they are or what they do, may be personally targeted by some of the most sophisticated digital threats, such as those from NSO Group and other private companies developing state-sponsored mercenary spyware.
SecureList
JULY 25, 2022
Introduction. Rootkits are malware implants which burrow themselves in the deepest corners of the operating system. Although on paper they may seem attractive to attackers, creating them poses significant technical challenges and the slightest programming error has the potential to completely crash the victim machine. In our APT predictions for 2022 , we noted that despite these risks, we expected more attackers to reach the sophistication level required to develop such tools.
Tech Republic Security
JULY 28, 2022
The search giant explained that it pushed back its timeline once again because it needs more time for testing to ensure users’ online privacy is protected. The post Google delays removal of third-party cookies in Chrome through 2024 appeared first on TechRepublic.
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
Cisco Security
JULY 27, 2022
We’re excited to announce Cisco Secure Client, formerly AnyConnect, as the new version of one of the most widely deployed security agents. As the unified security agent for Cisco Secure , it addresses common operational use cases applicable to Cisco Secure endpoint agents. Those who install Secure Client’s next-generation software will benefit from a shared user interface for tighter and simplified management of Cisco agents for endpoint security.
Security Affairs
JULY 23, 2022
The U.S. DoJ seized $500,000 worth of Bitcoin from North Korea-linked threat actors who are behind the Maui ransomware. The U.S. Department of Justice (DoJ) has seized $500,000 worth of Bitcoin from North Korean threat actors who used the Maui ransomware to target several organizations worldwide. “The Justice Department today announced a complaint filed in the District of Kansas to forfeit cryptocurrency paid as ransom to North Korean hackers or otherwise used to launder such ransom paymen
Bleeping Computer
JULY 29, 2022
The Federal Communications Commission (FCC) warned Americans of an increasing wave of SMS (Short Message Service) phishing attacks attempting to steal their personal information and money. [.].
Tech Republic Security
JULY 26, 2022
Keeping track of all of your passwords has never been easier. Learn how to fill and save passwords on your mobile device with 1Password. The post 1Password password manager: How it works with apps appeared first on TechRepublic.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Security Boulevard
JULY 29, 2022
DSIRF GmbH codenamed ‘Knotweed’ by Microsoft and RiskIQ. The post Solved: Subzero Spyware Secret — Austrian Firm Fingered appeared first on Security Boulevard.
Cisco Security
JULY 26, 2022
We’ve all seen the headlines like “race to the cloud” and “cloud-first.” These articles and publications are true, more and more customers have adopted cloud strategies, but there is more to the story. In these customer conversations, cloud security and network security are often discussed in unison. Why is that? . Customers desire freedom and choice when establishing resilience across every aspect of their business, and this requires both the ability to remain agile, and maintain control of
Security Affairs
JULY 24, 2022
Threat actor leaked data of 5.4 million Twitter users that were obtained by exploiting a now patched flaw in the popular platform. A threat actor has leaked data of 5.4 million Twitter accounts that were obtained by exploiting a now-fixed vulnerability in the popular social media platform. The threat actor is now offering for sale the stolen data on a the popular hacking forum Breached Forums.
Tech Republic Security
JULY 27, 2022
Ducktail malware tries to hijack the accounts of individuals who use Facebook’s Business and Ads platforms, says WithSecure Intelligence. The post Infostealer malware targets Facebook business accounts to capture sensitive data appeared first on TechRepublic.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
CSO Magazine
JULY 26, 2022
ISAC and ISAO definition. [Editor's note: This article, originally published on July 3, 2019, has been updated with a directory of ISACs and ISAOs.] An Information Sharing and Analysis Center (ISAC) is an industry-specific organization that gathers and shares information on cyber threats to critical infrastructure. ISACs also facilitate the sharing of data between public and private sector groups. [ Learn what you need to know about defending critical infrastructure. | Get the latest from CSO by
Cisco Security
JULY 26, 2022
Cisco and AWS demonstrate shared responsibility that identifies Security “of” the Cloud versus Security “in” the Cloud. Shared responsibility remains central to every cloud initiative and defines how cloud providers and customers work together to achieve maximum security across all aspects of the cloud. While shared responsibility is a common term, surprisingly few people understand the model and fewer still have implemented it correctly.
Dark Reading
JULY 26, 2022
Machine learning should be considered an extension of — not a replacement for — existing security methods, systems, and teams.
Tech Republic Security
JULY 28, 2022
Since Microsoft’s shutdown of macros in Office apps, attackers are using container file types to deliver malware in one of the largest threat landscape shifts in recent history. The post How attackers are adapting to a post-macro world appeared first on TechRepublic.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
CyberSecurity Insiders
JULY 29, 2022
. The next time you are firing an employee for their low performance or doing it for any other reason, please make sure that the data they possess has been handover to you perfectly, i.e. scientifically. Otherwise, they could get involved with threat actors and target your organization with a sophisticated cyber attack that can shut down your organization on a permanent note.
Cisco Security
JULY 27, 2022
Over her 25-year-plus career, Saleema Syed has seen the information security industry from a variety of vantage points, all while championing women in technology. Syed worked as director of business systems and data management for Duo Security before rising to vice president of information technology. Later, after Duo was acquired by Cisco, she transitioned to new roles within the larger organization and now heads up operations for Webex Marketing.
Security Boulevard
JULY 28, 2022
Google’s plan to kill third party cookies is delayed—yet again. And it’s probably not surprising. The post Google ‘Delays Making Less Money’ — Third-Party Cookie Ban on Hold appeared first on Security Boulevard.
Tech Republic Security
JULY 27, 2022
If you're looking to get a powerful ERP solution up and running, Jack Wallen has the solution by way of Odoo and Docker. The post How to quickly deploy the Odoo ERP solution with Docker appeared first on TechRepublic.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Expert insights. Personalized for you.
336 
Let's personalize your content