Lohrman on Security

FEBRUARY 21, 2021

Mobile 295

Mobile 295

Tech Republic Security

FEBRUARY 22, 2021

A study on CIO and CISO prioritization showed these two areas are most important this year. Cloud security is another area high on their lists.

CISO 190

CISO Cybersecurity 190

The Hacker News

FEBRUARY 22, 2021

An ever-evolving and rampant form of cybercrime that targets emails as the potential medium to conduct fraud is known as Business Email Compromise. Targeting commercial, government as well as non-profit organizations, BEC can lead to huge amounts of data loss, security breach, and compromised financial assets.

Authentication 135

Authentication Cybercrime Government 135

CSO Magazine

FEBRUARY 23, 2021

Cybersecurity audit fatigue has become a very real issue for organizations that are required to comply with multiple government, industry, and internal requirements.

Government 111

Government Cybersecurity 111

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Krebs on Security

FEBRUARY 23, 2021

Easily the most sophisticated skimming devices made for hacking terminals at retail self-checkout lanes are a new breed of PIN pad overlay combined with a flexible, paper-thin device that fits inside the terminal’s chip reader slot. What enables these skimmers to be so slim? They draw their power from the low-voltage current that gets triggered when a chip-based card is inserted.

Retail 333

Retail Banking Accountability Wireless 333

Schneier on Security

FEBRUARY 25, 2021

I am a co-author on a report published by the Hoover Institution: “ Chinese Technology Platforms Operating in the United States.” From a blog post : The report suggests a comprehensive framework for understanding and assessing the risks posed by Chinese technology platforms in the United States and developing tailored responses. It starts from the common view of the signatories — one reflected in numerous publicly available threat assessments — that China’s power is

Technology 298

Technology Risk 298

The Hacker News

FEBRUARY 25, 2021

Cybersecurity researchers today unwrapped a new campaign aimed at spying on vulnerable Tibetan communities globally by deploying a malicious Firefox extension on target systems.

Accountability 145

Accountability Cybersecurity 145

SC Magazine

FEBRUARY 22, 2021

Today’s columnist, Ryan Noon of Material Security, says we can expect more SolarWinds attacks until we change to an “inside-out” strategy that assumes attackers are already inside the network and security teams set defenses accordingly. ecooper99 CreativeCommons Credit: CC BY 2.0. Airport security has been designed (in theory) to detect threats to air travel before a malicious person or item makes it to the plane.

Accountability 144

Accountability Firewall Phishing Technology 144

Schneier on Security

FEBRUARY 23, 2021

Alex Birsan writes about being able to install malware into proprietary corporate software by naming the code files to be identical to internal corporate code files. From a ZDNet article : Today, developers at small or large companies use package managers to download and import libraries that are then assembled together using build tools to create a final app.

Malware 284

Malware Software 284

Tech Republic Security

FEBRUARY 22, 2021

Most organizations don't give the same thought and attention to their non-human workers, such as bots, RPAs and service accounts, as they do human workers and identity lifecycles.

Accountability 189

Accountability 189

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

The Hacker News

FEBRUARY 24, 2021

The cybersecurity world is constantly evolving to new forms of threats and vulnerabilities. But ransomware proves to be a different animal—most destructive, persistent, notoriously challenging to prevent, and is showing no signs of slowing down.

Ransomware 145

Ransomware Data breaches Cybersecurity 145

Security Boulevard

FEBRUARY 26, 2021

Almost a year ago, the world turned upside down and seemingly everything changed due to the COVID-19 pandemic. In that time, entire workforces went – and stayed – home, cloud adoption skyrocketed and digital transformation. The post Pandemic Cyber Crime, By the Numbers appeared first on Security Boulevard.

Digital transformation 143

Digital transformation Network Security 143

Schneier on Security

FEBRUARY 24, 2021

Researchers found, and Microsoft has patched, a vulnerability in Windows Defender that has been around for twelve years. There is no evidence that anyone has used the vulnerability during that time. The flaw, discovered by researchers at the security firm SentinelOne, showed up in a driver that Windows Defender — renamed Microsoft Defender last year — uses to delete the invasive files and infrastructure that malware can create.

Malware 258

Malware 258

Tech Republic Security

FEBRUARY 23, 2021

DDoS, SQL injection and man-in-the-middle are just a few of the attacks that can compromise your network. Tom Merritt lists five things to know about network attacks.

DDOS 197

DDOS 197

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Security Affairs

FEBRUARY 20, 2021

Sequoia Capital, one of the most prominent venture capital firms, told its investors that an unauthorized third party had access to their information. Sequoia Capital, one of the most prominent venture capital firms that focus on the technology industry, discloses a data breach. The company informed its investors that an unauthorized third party had access to their personal and financial information.

Data breaches 145

Data breaches Phishing Cyber threats Cybersecurity 145

Security Boulevard

FEBRUARY 23, 2021

The General Data Protection Regulation (GDPR) came into effect on 25th May 2018. Although pertinent to the Personally Identifiable Information (PII) of citizens within the European Economic Area, its effect has reached around the world. As many organisations grappled with updating their data security practices in line with tighter legislation, several questions remained unanswered.

142

142

Schneier on Security

FEBRUARY 22, 2021

Really good op-ed in the New York Times about how vulnerable the GPS system is to interference, spoofing, and jamming — and potential alternatives. The 2018 National Defense Authorization Act included funding for the Departments of Defense, Homeland Security and Transportation to jointly conduct demonstrations of various alternatives to GPS, which were concluded last March.

Backups 255

Backups Technology Hacking Cybersecurity 255

Tech Republic Security

FEBRUARY 22, 2021

Known as Silver Sparrow, the malware's intent is still unknown as it has yet to deliver an actual payload, says security firm Red Canary.

Malware 200

Malware 200

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

PCI perspectives

FEBRUARY 26, 2021

Industry feedback is fundamental to the evolution of the PCI Data Security Standard (PCI DSS). Because of the broad impact PCI DSS has on the payment community, the Council is seeking additional feedback into the PCI DSS v4.0 validation documents. As a result of expanding stakeholder feedback opportunities to include these supporting documents, the Council is now targeting a Q4 2021 completion date for PCI DSS v4.0.

141

141

Digital Shadows

FEBRUARY 22, 2021

Over the course of 2020, Digital Shadows detected over 500 cybercriminals’ listings advertising network access across a multitude of industry. The post The Rise of Initial Access Brokers first appeared on Digital Shadows.

Advertising 141

Advertising Cybercrime 141

Schneier on Security

FEBRUARY 26, 2021

Excellent Brookings paper: “ Why data ownership is the wrong approach to protecting privacy.” From the introduction: Treating data like it is property fails to recognize either the value that varieties of personal information serve or the abiding interest that individuals have in their personal information even if they choose to “sell” it.

253

253

Tech Republic Security

FEBRUARY 25, 2021

The Stanford Internet Observatory alleged that the Chinese government may have had access to audio data from Clubhouse. Here's what users should know.

Internet 188

Internet Internet Government 188

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

Security Boulevard

FEBRUARY 24, 2021

Sysdig announced today it has donated a sysdig kernel module, along with libraries for the Falco security platform for Kubernetes, to the Cloud Native Computing Foundation (CNCF) as part of an effort to advance Linux security. The sysdig kernel module runs in the extended Berkeley Packet Filter (eBPF) microkernel created by the Linux community to. The post Sysdig Donates eBPF to CNCF to Improve Linux Security appeared first on Security Boulevard.

Security Awareness 140

Security Awareness Cybersecurity 140

The Hacker News

FEBRUARY 20, 2021

Brave has fixed a privacy issue in its browser that sent queries for.onion domains to public internet DNS resolvers rather than routing them through Tor nodes, thus exposing users' visits to dark web websites. The bug was addressed in a hotfix release (V1.20.108) made available yesterday.

DNS 139

DNS Internet Internet 139

SecureList

FEBRUARY 25, 2021

Lazarus targets defense industry with ThreatNeedle (PDF). We named Lazarus the most active group of 2020. We’ve observed numerous activities by this notorious APT group targeting various industries. The group has changed target depending on the primary objective. Google TAG has recently published a post about a campaign by Lazarus targeting security researchers.

Malware 139

Malware Phishing Passwords Encryption 139

Tech Republic Security

FEBRUARY 23, 2021

These eight online courses teach the fundamentals you need to pass various IT and cybersecurity certification exams from Cisco and CompTIA.

Cybersecurity 193

Cybersecurity 193

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

Bleeping Computer

FEBRUARY 26, 2021

A new Ryuk ransomware variant with worm-like capabilities that allow it to spread to other devices on victims' local networks has been discovered by the French national cyber-security agency while investigating an attack in early 2021. [.].

Ransomware 138

Ransomware 138

SC Magazine

FEBRUARY 22, 2021

Craig Froelich, chief information security officer of Bank of America Merrill Lynch, described how cybersecurity is not just a technology risk during a 2017 annual meeting of the Securities Industry and Financial Markets Association. (SIFMA). Diversity and inclusion programs gained a great deal of traction in the last few years as a means of hiring minorities, women and other underrepresented members of the modern security workforce.

Banking 137

Banking Cybersecurity CISO Financial Services 137

The Hacker News

FEBRUARY 26, 2021

A prolific North Korean state-sponsored hacking group has been tied to a new ongoing espionage campaign aimed at exfiltrating sensitive information from organizations in the defense industry.

Malware 135

Malware Hacking 135

Tech Republic Security

FEBRUARY 24, 2021

A new FlexJobs survey reveals 14 of the most common--and successful--job-search scams. Here's how to identify them and not become a victim.

Scams 185

Scams 185

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity