Schneier on Security
OCTOBER 28, 2021
Microsoft is reporting that the same attacker that was behind the SolarWinds breach — the Russian SVR, which Microsoft is calling Nobelium — is continuing with similar supply-chain attacks: Nobelium has been attempting to replicate the approach it has used in past attacks by targeting organizations integral to the global IT supply chain.
Krebs on Security
OCTOBER 25, 2021
The Conti ransomware affiliate program appears to have altered its business plan recently. Organizations infected with Conti’s malware who refuse to negotiate a ransom payment are added to Conti’s victim shaming blog, where confidential files stolen from victims may be published or sold. But sometime over the past 48 hours, the cybercriminal syndicate updated its victim shaming blog to indicate that it is now selling access to many of the organizations it has hacked.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Joseph Steinberg
OCTOBER 27, 2021
A hospital suffering through a ransomware attack failed to provide proper care for an expectant mother and her newborn child, leading to the child’s death, according to a lawsuit filed in the US State of Alabama. Springhill Medical Center, a hospital in based in Mobile, Alabama, was hit with ransomware during the summer of 2019; the cyberattack crippled the medical facility’s information systems, causing multiple computer systems and networks to be unusable for over a week – the same period of t
Troy Hunt
OCTOBER 23, 2021
Well this is a totally different office view! I'm properly getting into working more on the acoustics and aesthetics to make this the most productive environment possible which means this week things are in a bit of disarray due to ongoing works. Speaking of disarray, I've not been able to raise this week's sponsor in time so as I say in the video, their appearance on my blog this week is a bit. unusual.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Schneier on Security
OCTOBER 27, 2021
Vice has a detailed article about how the FBI gets data from cell phone providers like AT&T, T-Mobile, and Verizon, based on a leaked (I think) 2019 139-page presentation.
Krebs on Security
OCTOBER 28, 2021
In December 2018, bling vendor Signet Jewelers fixed a weakness in their Kay Jewelers and Jared websites that exposed the order information for all of their online customers. This week, Signet subsidiary Zales.com updated its website to remediate a nearly identical customer data exposure. Last week, KrebsOnSecurity heard from a reader who was browsing Zales.com and suddenly found they were looking at someone else’s order information on the website, including their name, billing address, sh
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Tech Republic Security
OCTOBER 26, 2021
Supply chain attacks, misinformation campaigns, mobile malware and larger scale data breaches are just some of the threats to watch for next year, Check Point Software says.
Bleeping Computer
OCTOBER 28, 2021
A security researcher has disclosed technical details for a Windows zero-day privilege elevation vulnerability and a public proof-of-concept (PoC) exploit that gives SYSTEM privileges under certain conditions. [.].
We Live Security
OCTOBER 26, 2021
Organizations that aim to pull ahead of the competition need to develop a strong security culture from top to bottom. The post Putting cybersecurity first: Why secure‑by‑design must be the norm appeared first on WeLiveSecurity.
CSO Magazine
OCTOBER 26, 2021
Every organization wants to keep its employees’ cybersecurity skills up to date, but for many, the cost of advanced formal trainings can break the budget. At the SANS Institute, for instance, considered by many to be the gold standard for professional trainings, courses can cost more than $5,000 per person. At high profile conferences like Black Hat, even one- or two-day sessions can range to close to $4,000.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Tech Republic Security
OCTOBER 27, 2021
The cybercrime group behind the SolarWinds hack remains focused on the global IT supply chain, says Microsoft, with 140 resellers and service providers targeted since May.
Bleeping Computer
OCTOBER 23, 2021
The Federal Trade Commission (FTC) found that six largest internet service providers (ISPs) in the U.S. collect and share customers' personal data without providing them with info on how it's used or meaningful ways to control this process. [.].
CyberSecurity Insiders
OCTOBER 28, 2021
US Federal Bureau of Investigation (FBI) has issued an alert that a new ransomware dubbed as Ranzy Locker is on the prowl in the wild and has so far attained success in victimizing over 30 companies operating in America. Confirming the same, the Cybersecurity and Infrastructure Security Agency (CISA) issued a warning that Ranzy Locker Ransomware has the potential to target its victims through brute force attacks launched on Remote Desktop Protocol (RDP).
CSO Magazine
OCTOBER 26, 2021
What if you could spend your days trying to gain access to other people's networks and computer systems—and not get in trouble for it? Of course, that's every spy and cybercriminal's dream, but only ethical hackers, also known as white hat hackers or penetration testers, can feel sure that they'll get away with their break-ins. These security pros are hired to probe systems for vulnerabilities, so that their targets can figure out where their security needs beefing up.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Tech Republic Security
OCTOBER 27, 2021
It's not necessary to spend a great deal of time or money to learn the skills required to work in some of the most exciting and highly paid positions in the tech industry.
We Live Security
OCTOBER 27, 2021
There are no code, functionality or operational similarities to suggest that this is a tool from a known threat actor. The post Wslink: Unique and undocumented malicious loader that runs as a server appeared first on WeLiveSecurity.
Bleeping Computer
OCTOBER 28, 2021
The private key used to sign EU Digital Covid certificates has been reportedly leaked and is being circulated on messaging apps and forums. The key has also been misused to generate forged certificates, such as those for Adolf Hitler, Mickey Mouse, Sponge Bob—all of which are being recognized as valid by the official government apps. [.].
Security Boulevard
OCTOBER 23, 2021
Human hacking is a modern way to think about phishing in its entirety, which is anything malicious that reaches a user to steal credentials, data, or financial information. By focusing on phishing as an email problem or a spam problem is giving hackers the upper hand. Today, only protecting email and leaving other digital communication […]. The post Human Hacking and Multi-Channel Phishing is Surging first appeared on SlashNext.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Tech Republic Security
OCTOBER 25, 2021
Law enforcement officials and cyber specialists hacked into REvil's network, gaining control of some of its servers, sources told Reuters.
CyberSecurity Insiders
OCTOBER 29, 2021
A few simple changes to your devices and accounts can help discourage cyber criminals from trying to access your data. Getting started is easy. This short guide presents some quick measures you can take to protect your privacy and keep your personal info safe. Prevent Data Breaches. Giants like Facebook and Target have suffered breaches and password leaks, so it’s safe to say data from at least one of your online accounts could have been leaked.
Bleeping Computer
OCTOBER 23, 2021
Hackers hijacked the popular UA-Parser-JS NPM library, with millions of downloads a week, to infect Linux and Windows devices with cryptominers and password-stealing trojans in a supply-chain attack. [.].
Security Boulevard
OCTOBER 25, 2021
Your internet service provider watches your browsing habits, records them and sells you to the highest bidder—so says the Federal Trade Commission. The post FTC: ISPs are Spying on You. ISPs: Deal With It. appeared first on Security Boulevard.
Advertisement
Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.
Tech Republic Security
OCTOBER 26, 2021
The stakes may not be as high as in the hit Netflix show, but you could still lose your data or identity if you fail to follow the rules for dodging the latest brand of pop-culture-themed scams.
CyberSecurity Insiders
OCTOBER 24, 2021
Hackers are always interested in events that grab the attention of the entire globe and one such sporting event was the Tokyo Olympics 2020 that was postponed by the organizers because of COVID-19 Pandemic and rescheduled and held between July–August 2021 i.e. in this year. A recent statement issued by the Summer Olympics Organizer from Japan revealed that the cyber threat to the games event was so intense that the organizing committee had to hire a third party firm that with a dedicated team of
Bleeping Computer
OCTOBER 28, 2021
New Android malware can root infected devices to take complete control and silently tweak system settings, as well as evade detection using code abstraction and anti-emulation checks. [.].
Security Boulevard
OCTOBER 29, 2021
As Cybersecurity Awareness Month draws to a close, we’ve had a chance to reflect on the state of the cybersecurity. The post Modern cybersecurity needs not just awareness, but a whole new perspective appeared first on Entrust Blog. The post Modern cybersecurity needs not just awareness, but a whole new perspective appeared first on Security Boulevard.
Advertisement
Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!
Tech Republic Security
OCTOBER 25, 2021
More than half of those surveyed by data management firm Cohesity said that companies that pay the ransom in an attack encourage ransomware and bad actors.
Security Affairs
OCTOBER 23, 2021
Cisco fixes an OS command-injection flaw, tracked as CVE-2021-1529, in Cisco SD-WAN that could allow privilege escalation and lead to arbitrary code execution. Cisco addressed a high-severity OS command-injection vulnerability, tracked as CVE-2021-1529, in Cisco SD-WAN that could allow privilege escalation and lead to arbitrary code execution. Cisco SD-WAN is a cloud-delivered overlay WAN architecture that enables digital and cloud transformation at enterprises, it allows to connect disparate of
CyberSecurity Insiders
OCTOBER 28, 2021
According to the Gramm Leach Bliley Act (GLBA) of 1999, all financial institutions and those in lending stream should follow certain rules that help protect customer’s sensitive data. At the same time, they should maintain transparency while sharing information with other institutions and should evaluate their data security & protection practices from time to time to avoid any cyber incidents such as data breach and malware attacks.
Security Through Education
OCTOBER 27, 2021
As security professionals, we are conditioned by consistent exposure to adversarial simulation training. This immersive form of education allows us to develop and maintain a secure environment outside of the workplace, as well as in it. This begs the question, could a bank teller do the same if given some basic exposure to this training? What about a C-level executive?
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Expert insights. Personalized for you.
308 
Let's personalize your content