Lohrman on Security

FEBRUARY 21, 2021

Mobile 319

Mobile 319

Tech Republic Security

FEBRUARY 22, 2021

A study on CIO and CISO prioritization showed these two areas are most important this year. Cloud security is another area high on their lists.

CISO 211

CISO Cybersecurity 211

The Hacker News

FEBRUARY 22, 2021

An ever-evolving and rampant form of cybercrime that targets emails as the potential medium to conduct fraud is known as Business Email Compromise. Targeting commercial, government as well as non-profit organizations, BEC can lead to huge amounts of data loss, security breach, and compromised financial assets.

Authentication 142

Authentication Cybercrime Government 142

CSO Magazine

FEBRUARY 23, 2021

Cybersecurity audit fatigue has become a very real issue for organizations that are required to comply with multiple government, industry, and internal requirements.

Government 111

Government Cybersecurity 111

Advertisement

Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.

Cyber threats

Schneier on Security

FEBRUARY 25, 2021

I am a co-author on a report published by the Hoover Institution: “ Chinese Technology Platforms Operating in the United States.” From a blog post : The report suggests a comprehensive framework for understanding and assessing the risks posed by Chinese technology platforms in the United States and developing tailored responses. It starts from the common view of the signatories — one reflected in numerous publicly available threat assessments — that China’s power is

Technology 342

Technology Risk 342

Krebs on Security

FEBRUARY 23, 2021

Easily the most sophisticated skimming devices made for hacking terminals at retail self-checkout lanes are a new breed of PIN pad overlay combined with a flexible, paper-thin device that fits inside the terminal’s chip reader slot. What enables these skimmers to be so slim? They draw their power from the low-voltage current that gets triggered when a chip-based card is inserted.

Retail 338

Retail Banking Accountability Wireless 338

Tech Republic Security

FEBRUARY 24, 2021

BlackBerry researchers see more double-extortion ransomware attacks, attackers demanding ransom from healthcare patients, and rising bitcoin prices driving the growth of ransomware.

Ransomware 218

Ransomware Healthcare 218

Schneier on Security

FEBRUARY 23, 2021

Alex Birsan writes about being able to install malware into proprietary corporate software by naming the code files to be identical to internal corporate code files. From a ZDNet article : Today, developers at small or large companies use package managers to download and import libraries that are then assembled together using build tools to create a final app.

Malware 327

Malware Software 327

The Last Watchdog

FEBRUARY 23, 2021

Human suffering and economic losses weren’t the only two things that escalated with the spread of Covid 19 last year. Related: Can ‘SASE’ help companies secure connectivity? Network breaches also increased steadily and dramatically month-to-month in 2020. This development is delineated in a recent report from technology research firm Forrester.

Technology 174

Technology Marketing Internet Internet 174

Zero Day

FEBRUARY 26, 2021

There's been a 2,000% increase of new malware written in Go over the past few years.

Malware 145

Malware 145

Advertisement

The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.

Cybersecurity

Tech Republic Security

FEBRUARY 23, 2021

DDoS, SQL injection and man-in-the-middle are just a few of the attacks that can compromise your network. Tom Merritt lists five things to know about network attacks.

DDOS 215

DDOS 215

Schneier on Security

FEBRUARY 24, 2021

Researchers found, and Microsoft has patched, a vulnerability in Windows Defender that has been around for twelve years. There is no evidence that anyone has used the vulnerability during that time. The flaw, discovered by researchers at the security firm SentinelOne, showed up in a driver that Windows Defender — renamed Microsoft Defender last year — uses to delete the invasive files and infrastructure that malware can create.

Malware 277

Malware 277

The Hacker News

FEBRUARY 25, 2021

Cybersecurity researchers today unwrapped a new campaign aimed at spying on vulnerable Tibetan communities globally by deploying a malicious Firefox extension on target systems.

Accountability 145

Accountability Cybersecurity 145

Zero Day

FEBRUARY 25, 2021

CrowdStrike puts together a list of connections and how cybercrime groups cooperate with each other.

Cybercrime 145

Cybercrime 145

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

Tech Republic Security

FEBRUARY 23, 2021

With the shift to remote learning, schools are facing greater security risks and smaller financial margins, says BlueVoyant.

Risk 211

Risk 211

Schneier on Security

FEBRUARY 22, 2021

Really good op-ed in the New York Times about how vulnerable the GPS system is to interference, spoofing, and jamming — and potential alternatives. The 2018 National Defense Authorization Act included funding for the Departments of Defense, Homeland Security and Transportation to jointly conduct demonstrations of various alternatives to GPS, which were concluded last March.

Backups 269

Backups Technology Hacking Cybersecurity 269

SecureList

FEBRUARY 25, 2021

Lazarus targets defense industry with ThreatNeedle (PDF). We named Lazarus the most active group of 2020. We’ve observed numerous activities by this notorious APT group targeting various industries. The group has changed target depending on the primary objective. Google TAG has recently published a post about a campaign by Lazarus targeting security researchers.

Malware 145

Malware Phishing Passwords Encryption 145

Zero Day

FEBRUARY 24, 2021

Ukrainian officials blame "one of the hacker spy groups from the Russian Federation.

Cyber Attacks 145

Cyber Attacks Government 145

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Tech Republic Security

FEBRUARY 22, 2021

Most organizations don't give the same thought and attention to their non-human workers, such as bots, RPAs and service accounts, as they do human workers and identity lifecycles.

Accountability 210

Accountability 210

Schneier on Security

FEBRUARY 26, 2021

Excellent Brookings paper: “ Why data ownership is the wrong approach to protecting privacy.” From the introduction: Treating data like it is property fails to recognize either the value that varieties of personal information serve or the abiding interest that individuals have in their personal information even if they choose to “sell” it.

265

265

The Hacker News

FEBRUARY 24, 2021

The cybersecurity world is constantly evolving to new forms of threats and vulnerabilities. But ransomware proves to be a different animal—most destructive, persistent, notoriously challenging to prevent, and is showing no signs of slowing down.

Ransomware 145

Ransomware Data breaches Cybersecurity 145

Zero Day

FEBRUARY 23, 2021

Bombardier is the latest in a long string of hacks caused by companies using old versions of the Accellion FTA file-sharing server.

Hacking 145

Hacking Ransomware 145

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Tech Republic Security

FEBRUARY 25, 2021

The Stanford Internet Observatory alleged that the Chinese government may have had access to audio data from Clubhouse. Here's what users should know.

Internet 209

Internet Internet Government 209

Security Affairs

FEBRUARY 26, 2021

French experts spotted a new Ryuk ransomware variant that implements self-spreading capabilities to infect other devices on victims’ local networks. Experts from French national cyber-security agency ANSSI have spotted a new Ryuk ransomware variant that implements worm-like capabilities that allow within local networks. “On top of its usual functions, this version holds a new attribute allowing it to self replicate over the local network.” reads the report published by the ANSS

Ransomware 145

Ransomware Passwords Accountability Encryption 145

WIRED Threat Level

FEBRUARY 22, 2021

The hackers used the agency’s EpMe exploit to attack Windows devices years before the Shadow Brokers leaked the agency’s zero-day arsenal online.

Hacking 145

Hacking 145

Zero Day

FEBRUARY 24, 2021

IBM says attack rates have doubled against medical entities since the pandemic began.

145

145

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Tech Republic Security

FEBRUARY 26, 2021

The benefits of working remotely are numerous, but there are significant hidden costs that need to be factored in.

208

208

Security Affairs

FEBRUARY 20, 2021

Sequoia Capital, one of the most prominent venture capital firms, told its investors that an unauthorized third party had access to their information. Sequoia Capital, one of the most prominent venture capital firms that focus on the technology industry, discloses a data breach. The company informed its investors that an unauthorized third party had access to their personal and financial information.

Data breaches 145

Data breaches Phishing Cyber threats Cybersecurity 145

SC Magazine

FEBRUARY 22, 2021

Today’s columnist, Ryan Noon of Material Security, says we can expect more SolarWinds attacks until we change to an “inside-out” strategy that assumes attackers are already inside the network and security teams set defenses accordingly. ecooper99 CreativeCommons Credit: CC BY 2.0. Airport security has been designed (in theory) to detect threats to air travel before a malicious person or item makes it to the plane.

Accountability 144

Accountability Firewall Phishing Technology 144

Zero Day

FEBRUARY 23, 2021

Security researchers say the Chinese Flash app is behaving lide adware and opening browser windows to show ads.

Adware 145

Adware 145

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk