Schneier on Security
FEBRUARY 4, 2021
At the same time the Russians were using a backdoored SolarWinds update to attack networks worldwide, another threat actor — believed to be Chinese in origin — was using an already existing vulnerability in Orion to penetrate networks : Two people briefed on the case said FBI investigators recently found that the National Finance Center, a federal payroll agency inside the U.S.
Krebs on Security
FEBRUARY 1, 2021
Authorities in the United Kingdom have arrested a 20-year-old man for allegedly operating an online service for sending high-volume phishing campaigns via mobile text messages. The service, marketed in the underground under the name “ SMS Bandits ,” has been responsible for blasting out huge volumes of phishing lures spoofing everything from COVID-19 pandemic relief efforts to PayPal, telecommunications providers and tax revenue agencies.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Troy Hunt
FEBRUARY 4, 2021
For about the last decade, a huge proportion of my interactions with people has been remote and across different cultures and time zones. Initially this was in my previous life at Pfizer due to the regional nature of my role and over the last six years, it's been as an independent either talking to people remotely or travelling to different places. Since I began dropping content into this post, pretty much everyone now finds themselves in the same position - conducting most of their meetings onl
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Schneier on Security
FEBRUARY 3, 2021
Microsoft analyzed details of the SolarWinds attack: Microsoft and FireEye only detected the Sunburst or Solorigate malware in December, but Crowdstrike reported this month that another related piece of malware, Sunspot , was deployed in September 2019, at the time hackers breached SolarWinds’ internal network. Other related malware includes Teardrop aka Raindrop.
Krebs on Security
FEBRUARY 4, 2021
Facebook, Instagram , TikTok , and Twitter this week all took steps to crack down on users involved in trafficking hijacked user accounts across their platforms. The coordinated action seized hundreds of accounts the companies say have played a major role in facilitating the trade and often lucrative resale of compromised, highly sought-after usernames.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Tech Republic Security
FEBRUARY 1, 2021
Security experts explain why this approach is all about data and resilience, not deliberately sabotaging your own network.
Schneier on Security
FEBRUARY 1, 2021
Andrew Appel discusses Georgia’s voting machines, how the paper ballots facilitated a recount, and the problem with automatic ballot-marking devices: Suppose the polling-place optical scanners had been hacked (enough to change the outcome). Then this would have been detected in the audit, and (in principle) Georgia would have been able to recover by doing a full recount.
Malwarebytes
FEBRUARY 5, 2021
Late last December we started getting a distress call from our forum patrons. Patrons were experiencing ads that were opening via their default browser out of nowhere. The odd part is none of them had recently installed any apps, and the apps they had installed came from the Google Play store. Then one patron, who goes by username Anon00, discovered that it was coming from a long-time installed app, Barcode Scanner.
Hot for Security
FEBRUARY 5, 2021
A fake version of the WhatsApp messaging app is suspected of being created by an Italian spyware company to snoop upon individuals and steal sensitive data. Read more in my article on the Hot for Security blog.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Tech Republic Security
FEBRUARY 3, 2021
Enterprise security software is essential to protecting company data, personnel, and customers. Learn about some of the popular options available for your organization.
The Hacker News
FEBRUARY 4, 2021
Google has patched a zero-day vulnerability in Chrome web browser for desktop that it says is being actively exploited in the wild. The company released 88.0.4324.150 for Windows, Mac, and Linux, with a fix for a heap buffer overflow flaw (CVE-2021-21148) in its V8 JavaScript rendering engine.
Security Boulevard
FEBRUARY 4, 2021
The past year has put digital identity challenges, security and passwords under scrutiny. This report explains why passwordless is the future. Passwords are deeply ingrainetd in all aspects of our digital reality. A year ago, NordPass estimated that the average person had 70 to 80 passwords. And yet, password compromises and shared secrets remain the.
We Live Security
FEBRUARY 2, 2021
ESET researchers publish a white paper about unique multiplatform malware they’ve named Kobalos. The post Kobalos – A complex Linux threat to high performance computing infrastructure appeared first on WeLiveSecurity.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Tech Republic Security
FEBRUARY 5, 2021
Attackers are taking advantage of a security flaw in the way Plex Media servers look for compatible media devices and streaming clients, says Netscout.
CyberSecurity Insiders
FEBRUARY 5, 2021
The SolarWinds Cyber Attack seems to be like a never-ending saga as daily a new revelation is being made by US Department of Homeland Security. Now, the latest find is that the hacking group suspected to be from Russia is reported to be only interested in Microsoft Corporation products and services. Brandon Wales, the director of DHS Cybersecurity and Infrastructure Security Agency, has confirmed the news and stated that the hacking operation was massive and could have been launched with a long-
Graham Cluley
FEBRUARY 1, 2021
Karen Banks from Swadlincote in South Derbyshire, England, isn't very happy with whoever managed to post a message on an electronic traffic information sign in the neighbouring town of Burton.
Security Boulevard
FEBRUARY 1, 2021
Predicting a global pandemic that reshaped how we interact with each other and our devices at a fundamental level […]. The post 3 Cybersecurity Resolutions to Survive 2021 appeared first on NuData Security. The post 3 Cybersecurity Resolutions to Survive 2021 appeared first on Security Boulevard.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Tech Republic Security
FEBRUARY 1, 2021
Used for offensive and defensive purposes, a penetration testing device can be configured to perform automated checks on network security and more.
We Live Security
FEBRUARY 3, 2021
The US Federal Trade Commission received 1.4 million reports of identity theft last year, double the number from 2019. The post Identity theft spikes amid pandemic appeared first on WeLiveSecurity.
Graham Cluley
JANUARY 31, 2021
The website of Mensa - the club for people who have scored highly in an IQ test but who feel their social lives would be improved by hanging out with other people who chose to join a club after scoring highly in an IQ test - is said to have suffered a cyber attack. Coincidentally (or not) the news comes as a board member of British Mensa resigns, citing poor password security.
Security Boulevard
JANUARY 31, 2021
The pandemic and resulting migration to remote work emphasized the importance of having a digital transformation process in place. The companies that did so appeared to be the companies that had the smoothest transition. Cloud computing played a pivotal role, allowing employees to have the access they needed to do their work. The downside was. The post Taking a Data-Centric Approach to Cloud Security appeared first on Security Boulevard.
Advertisement
Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.
Tech Republic Security
FEBRUARY 4, 2021
"The direct gateway to organizations' most critical data and assets" is an attractive target for hackers, Salt Security found in a new report.
Security Affairs
JANUARY 30, 2021
US wireless carrier UScellular discloses data breach, personal information of customers may have been exposed and their phone numbers ported. US wireless carrier UScellular discloses a data breach that exposed personal information of its customers. United States Cellular Corporation, is the fourth-largest wireless carrier in the United States, with over 4.9 million customers in 426 markets in 23 states as of the second quarter of 2020.
CyberSecurity Insiders
FEBRUARY 3, 2021
Most of the American office workers are reportedly becoming vulnerable to cyber attacks and that’s because of their oversharing on social media platforms says a survey conducted by email services provider named Tessian. Out of 4000 UK and US Professionals interviewed in during the research titled “How to hack a human”, the email security vendor discovered that half of the IT professionals were seen sharing personal details on Facebook and Twitter like their driving license numbers, contact detai
The Hacker News
FEBRUARY 4, 2021
Phishing and Malware Among the major cyber threats, the malware remains a significant danger. The 2017 WannaCry outbreak that cost businesses worldwide up to $4 billion is still in recent memory, and other new strains of malware are discovered on a daily basis.
Advertisement
Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!
Tech Republic Security
FEBRUARY 1, 2021
Security experts suggest using IOBs to move from reacting to a cyberattack to preventing the incident.
Security Affairs
JANUARY 31, 2021
Experts from Great Firewall Report analyzed recent upgrades to China’s Great Firewall and revealed that it can be circumvented. Members of the Great Firewall Report group have analyzed the recent improvement implemented for China’s Great Firewall censorship system and revealed that it is possible to bypass it.
CyberSecurity Insiders
FEBRUARY 4, 2021
DriveSure, a subsidiary of Krex Inc has stuck in a data controversy where hackers have leaked details related to millions of US Drivers stolen from the database. As per the details to Cybersecurity Insiders, the details were siphoned from a database on December 7th,2020 and was leaked on a hacking forum this week as the car dealership service provider might have not paid heed to the demands of the hackers.
Security Boulevard
FEBRUARY 3, 2021
Warning: Businesses can get addicted to the cloud. It might start with a small experiment; just one application and no critical data. Next, scattered employees start messing around in the cloud, shadow IT-style. In the end, all your data has gone cloudy! Even if a company only uses SaaS applications, they could conceivably achieve such. The post Getting Started With Cloud Data Protection appeared first on Security Boulevard.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Expert insights. Personalized for you.
356 
Let's personalize your content