Schneier on Security
FEBRUARY 4, 2021
At the same time the Russians were using a backdoored SolarWinds update to attack networks worldwide, another threat actor — believed to be Chinese in origin — was using an already existing vulnerability in Orion to penetrate networks : Two people briefed on the case said FBI investigators recently found that the National Finance Center, a federal payroll agency inside the U.S.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Krebs on Security
FEBRUARY 1, 2021
Authorities in the United Kingdom have arrested a 20-year-old man for allegedly operating an online service for sending high-volume phishing campaigns via mobile text messages. The service, marketed in the underground under the name “ SMS Bandits ,” has been responsible for blasting out huge volumes of phishing lures spoofing everything from COVID-19 pandemic relief efforts to PayPal, telecommunications providers and tax revenue agencies.
Troy Hunt
FEBRUARY 4, 2021
This week's update comes to you amongst the noisy backdrop of the garden being literally chopped up by high pressure hose (which I think my beautiful Rhode Broadcaster mic successfully excluded). As I say in the intro, it appears the horticulture industry is a little like the software one where you get cowboys who in this case, put in plants that were way too big and whose roots now threaten to break through the tiles and the house itself, Little Shop of Horrors style.
Advertisement
Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.
Schneier on Security
FEBRUARY 3, 2021
Microsoft analyzed details of the SolarWinds attack: Microsoft and FireEye only detected the Sunburst or Solorigate malware in December, but Crowdstrike reported this month that another related piece of malware, Sunspot , was deployed in September 2019, at the time hackers breached SolarWinds’ internal network. Other related malware includes Teardrop aka Raindrop.
The Last Watchdog
FEBRUARY 3, 2021
It’s only February, and 2021 already is rapidly shaping up to be the year of supply-chain hacks. Related: The quickening of cyber warfare. The latest twist: mobile network operator UScellular on Jan. 21 disclosed how cybercriminals broke into its Customer Relationship Management (CRM) platform as a gateway to compromise the cell phones of an undisclosed number of the telecom giant’s customers.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
|
Troy Hunt
FEBRUARY 4, 2021
For about the last decade, a huge proportion of my interactions with people has been remote and across different cultures and time zones. Initially this was in my previous life at Pfizer due to the regional nature of my role and over the last six years, it's been as an independent either talking to people remotely or travelling to different places. Since I began dropping content into this post, pretty much everyone now finds themselves in the same position - conducting most of their meetings onl
Schneier on Security
FEBRUARY 1, 2021
Andrew Appel discusses Georgia’s voting machines, how the paper ballots facilitated a recount, and the problem with automatic ballot-marking devices: Suppose the polling-place optical scanners had been hacked (enough to change the outcome). Then this would have been detected in the audit, and (in principle) Georgia would have been able to recover by doing a full recount.
Joseph Steinberg
FEBRUARY 2, 2021
While we have become somewhat accustomed to the data collection practices of online retailers seeking to analyze our purchase histories in order to better target their marketing efforts, many people may not realize that even some well-known retailers also use data provided by people whose purchases the retailer itself cancelled. To understand the significance of the issue, please consider a recent experience of mine: The week of Black Friday weekend, I ordered a new refrigerator from an online r
Krebs on Security
FEBRUARY 2, 2021
ValidCC , a dark web bazaar run by a cybercrime group that for more than six years hacked online merchants and sold stolen payment card data, abruptly closed up shop last week. The proprietors of the popular store said their servers were seized as part of a coordinated law enforcement operation designed to disconnect and confiscate its infrastructure.
Advertisement
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
Tech Republic Security
FEBRUARY 1, 2021
Security experts explain why this approach is all about data and resilience, not deliberately sabotaging your own network.
The Last Watchdog
FEBRUARY 1, 2021
The cybersecurity operational risks businesses face today are daunting, to say the least. Related: Embedding security into DevOps. Edge-less networks and cloud-supplied infrastructure bring many benefits, to be sure. But they also introduce unprecedented exposures – fresh attack vectors that skilled and motivated threat actors are taking full advantage of.
Joseph Steinberg
FEBRUARY 3, 2021
Cybersecurity For Dummies , the best-selling cybersecurity guide written by Joseph Steinberg for general audiences, is now available in French. Like its English, German, and Dutch counterparts, the French edition, entitled La Cybersécurité pour les Nuls , helps people stay cyber-secure regardless of their technical skillsets. Readers of the book learn what threats exist, as well as how to identify, protect against, detect, and respond to such threats.
Malwarebytes
FEBRUARY 5, 2021
Late last December we started getting a distress call from our forum patrons. Patrons were experiencing ads that were opening via their default browser out of nowhere. The odd part is none of them had recently installed any apps, and the apps they had installed came from the Google Play store. Then one patron, who goes by username Anon00, discovered that it was coming from a long-time installed app, Barcode Scanner.
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
Tech Republic Security
FEBRUARY 1, 2021
Security experts suggest using IOBs to move from reacting to a cyberattack to preventing the incident.
Zero Day
FEBRUARY 5, 2021
A security researcher has found a malicious Chrome extension in the wild abusing the Chrome Sync process.
Hot for Security
FEBRUARY 5, 2021
A fake version of the WhatsApp messaging app is suspected of being created by an Italian spyware company to snoop upon individuals and steal sensitive data. Read more in my article on the Hot for Security blog.
The Hacker News
FEBRUARY 4, 2021
Google has patched a zero-day vulnerability in Chrome web browser for desktop that it says is being actively exploited in the wild. The company released 88.0.4324.150 for Windows, Mac, and Linux, with a fix for a heap buffer overflow flaw (CVE-2021-21148) in its V8 JavaScript rendering engine.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Tech Republic Security
FEBRUARY 4, 2021
"The direct gateway to organizations' most critical data and assets" is an attractive target for hackers, Salt Security found in a new report.
Zero Day
FEBRUARY 5, 2021
SitePoint admits data breach after one million user creds were sold on a hacking forum last December.
Security Boulevard
FEBRUARY 4, 2021
The past year has put digital identity challenges, security and passwords under scrutiny. This report explains why passwordless is the future. Passwords are deeply ingrainetd in all aspects of our digital reality. A year ago, NordPass estimated that the average person had 70 to 80 passwords. And yet, password compromises and shared secrets remain the.
Graham Cluley
FEBRUARY 4, 2021
French cybersecurity firm Stormshield has revealed that it has suffered a security breach, and hackers have accessed sensitive information.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Tech Republic Security
FEBRUARY 5, 2021
Attackers are taking advantage of a security flaw in the way Plex Media servers look for compatible media devices and streaming clients, says Netscout.
Zero Day
FEBRUARY 4, 2021
Google Chrome 88.0.4324.150 released with a fix. Users advised to update.
We Live Security
FEBRUARY 2, 2021
ESET researchers publish a white paper about unique multiplatform malware they’ve named Kobalos. The post Kobalos – A complex Linux threat to high performance computing infrastructure appeared first on WeLiveSecurity.
Naked Security
FEBRUARY 5, 2021
Google is playing its cards close to its chest to avoid giving too much away.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Tech Republic Security
FEBRUARY 3, 2021
Enterprise security software is essential to protecting company data, personnel, and customers. Learn about some of the popular options available for your organization.
Zero Day
FEBRUARY 4, 2021
Sum is up from the $6.5 million the company paid security researchers a year before, in 2019.
Security Affairs
JANUARY 31, 2021
Expert disclosed an unpatched vulnerability in Microsoft Azure Functions that could be exploited to escape the Docker container hosting them. Cybersecurity researcher Paul Litvak from Intezer Lab disclosed an unpatched vulnerability in Microsoft Azure Functions that could be exploited by an attacker to escalate privileges and escape the Docker container that hosts them.
CyberSecurity Insiders
FEBRUARY 5, 2021
The SolarWinds Cyber Attack seems to be like a never-ending saga as daily a new revelation is being made by US Department of Homeland Security. Now, the latest find is that the hacking group suspected to be from Russia is reported to be only interested in Microsoft Corporation products and services. Brandon Wales, the director of DHS Cybersecurity and Infrastructure Security Agency, has confirmed the news and stated that the hacking operation was massive and could have been launched with a long-
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Expert insights. Personalized for you.
363 
Let's personalize your content