Lohrman on Security

FEBRUARY 21, 2021

Mobile 295

Mobile 295

Tech Republic Security

FEBRUARY 22, 2021

A study on CIO and CISO prioritization showed these two areas are most important this year. Cloud security is another area high on their lists.

CISO 200

CISO Cybersecurity 200

The Hacker News

FEBRUARY 22, 2021

An ever-evolving and rampant form of cybercrime that targets emails as the potential medium to conduct fraud is known as Business Email Compromise. Targeting commercial, government as well as non-profit organizations, BEC can lead to huge amounts of data loss, security breach, and compromised financial assets.

Authentication 145

Authentication Cybercrime Government 145

CSO Magazine

FEBRUARY 23, 2021

Cybersecurity audit fatigue has become a very real issue for organizations that are required to comply with multiple government, industry, and internal requirements.

Government 111

Government Cybersecurity 111

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

Krebs on Security

FEBRUARY 23, 2021

Easily the most sophisticated skimming devices made for hacking terminals at retail self-checkout lanes are a new breed of PIN pad overlay combined with a flexible, paper-thin device that fits inside the terminal’s chip reader slot. What enables these skimmers to be so slim? They draw their power from the low-voltage current that gets triggered when a chip-based card is inserted.

Retail 345

Retail Banking Accountability Wireless 345

Schneier on Security

FEBRUARY 25, 2021

I am a co-author on a report published by the Hoover Institution: “ Chinese Technology Platforms Operating in the United States.” From a blog post : The report suggests a comprehensive framework for understanding and assessing the risks posed by Chinese technology platforms in the United States and developing tailored responses. It starts from the common view of the signatories — one reflected in numerous publicly available threat assessments — that China’s power is

Technology 307

Technology Risk 307

Tech Republic Security

FEBRUARY 24, 2021

BlackBerry researchers see more double-extortion ransomware attacks, attackers demanding ransom from healthcare patients, and rising bitcoin prices driving the growth of ransomware.

Ransomware 218

Ransomware Healthcare 218

The Last Watchdog

FEBRUARY 23, 2021

Human suffering and economic losses weren’t the only two things that escalated with the spread of Covid 19 last year. Related: Can ‘SASE’ help companies secure connectivity? Network breaches also increased steadily and dramatically month-to-month in 2020. This development is delineated in a recent report from technology research firm Forrester.

Technology 174

Technology Marketing Internet Internet 174

Schneier on Security

FEBRUARY 23, 2021

Alex Birsan writes about being able to install malware into proprietary corporate software by naming the code files to be identical to internal corporate code files. From a ZDNet article : Today, developers at small or large companies use package managers to download and import libraries that are then assembled together using build tools to create a final app.

Malware 292

Malware Software 292

Zero Day

FEBRUARY 26, 2021

There's been a 2,000% increase of new malware written in Go over the past few years.

Malware 145

Malware 145

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Tech Republic Security

FEBRUARY 22, 2021

Known as Silver Sparrow, the malware's intent is still unknown as it has yet to deliver an actual payload, says security firm Red Canary.

Malware 208

Malware 208

Security Affairs

FEBRUARY 26, 2021

French experts spotted a new Ryuk ransomware variant that implements self-spreading capabilities to infect other devices on victims’ local networks. Experts from French national cyber-security agency ANSSI have spotted a new Ryuk ransomware variant that implements worm-like capabilities that allow within local networks. “On top of its usual functions, this version holds a new attribute allowing it to self replicate over the local network.” reads the report published by the ANSS

Ransomware 145

Ransomware Passwords Accountability Encryption 145

Schneier on Security

FEBRUARY 24, 2021

Researchers found, and Microsoft has patched, a vulnerability in Windows Defender that has been around for twelve years. There is no evidence that anyone has used the vulnerability during that time. The flaw, discovered by researchers at the security firm SentinelOne, showed up in a driver that Windows Defender — renamed Microsoft Defender last year — uses to delete the invasive files and infrastructure that malware can create.

Malware 261

Malware 261

The Hacker News

FEBRUARY 25, 2021

Cybersecurity researchers today unwrapped a new campaign aimed at spying on vulnerable Tibetan communities globally by deploying a malicious Firefox extension on target systems.

Accountability 145

Accountability Cybersecurity 145

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Tech Republic Security

FEBRUARY 23, 2021

DDoS, SQL injection and man-in-the-middle are just a few of the attacks that can compromise your network. Tom Merritt lists five things to know about network attacks.

DDOS 207

DDOS 207

Zero Day

FEBRUARY 25, 2021

CrowdStrike puts together a list of connections and how cybercrime groups cooperate with each other.

Cybercrime 145

Cybercrime 145

Schneier on Security

FEBRUARY 22, 2021

Really good op-ed in the New York Times about how vulnerable the GPS system is to interference, spoofing, and jamming — and potential alternatives. The 2018 National Defense Authorization Act included funding for the Departments of Defense, Homeland Security and Transportation to jointly conduct demonstrations of various alternatives to GPS, which were concluded last March.

Backups 257

Backups Technology Hacking Cybersecurity 257

The Hacker News

FEBRUARY 24, 2021

The cybersecurity world is constantly evolving to new forms of threats and vulnerabilities. But ransomware proves to be a different animal—most destructive, persistent, notoriously challenging to prevent, and is showing no signs of slowing down.

Ransomware 145

Ransomware Data breaches Cybersecurity 145

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Tech Republic Security

FEBRUARY 23, 2021

These eight online courses teach the fundamentals you need to pass various IT and cybersecurity certification exams from Cisco and CompTIA.

Cybersecurity 203

Cybersecurity 203

Zero Day

FEBRUARY 24, 2021

Ukrainian officials blame "one of the hacker spy groups from the Russian Federation.

Cyber Attacks 145

Cyber Attacks Government 145

Schneier on Security

FEBRUARY 26, 2021

Excellent Brookings paper: “ Why data ownership is the wrong approach to protecting privacy.” From the introduction: Treating data like it is property fails to recognize either the value that varieties of personal information serve or the abiding interest that individuals have in their personal information even if they choose to “sell” it.

255

255

WIRED Threat Level

FEBRUARY 24, 2021

A Sandworm-adjacent group has successfully breached US critical infrastructure a handful of times, according to new findings from the security firm Dragos.

Hacking 145

Hacking 145

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Tech Republic Security

FEBRUARY 23, 2021

With the shift to remote learning, schools are facing greater security risks and smaller financial margins, says BlueVoyant.

Risk 200

Risk 200

Zero Day

FEBRUARY 24, 2021

IBM says attack rates have doubled against medical entities since the pandemic began.

145

145

The Hacker News

FEBRUARY 26, 2021

A prolific North Korean state-sponsored hacking group has been tied to a new ongoing espionage campaign aimed at exfiltrating sensitive information from organizations in the defense industry.

Malware 145

Malware Hacking 145

WIRED Threat Level

FEBRUARY 22, 2021

The hackers used the agency’s EpMe exploit to attack Windows devices years before the Shadow Brokers leaked the agency’s zero-day arsenal online.

Hacking 145

Hacking 145

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

Tech Republic Security

FEBRUARY 22, 2021

Most organizations don't give the same thought and attention to their non-human workers, such as bots, RPAs and service accounts, as they do human workers and identity lifecycles.

Accountability 199

Accountability 199

Zero Day

FEBRUARY 23, 2021

Bombardier is the latest in a long string of hacks caused by companies using old versions of the Accellion FTA file-sharing server.

Hacking 145

Hacking Ransomware 145

Security Affairs

FEBRUARY 20, 2021

Sequoia Capital, one of the most prominent venture capital firms, told its investors that an unauthorized third party had access to their information. Sequoia Capital, one of the most prominent venture capital firms that focus on the technology industry, discloses a data breach. The company informed its investors that an unauthorized third party had access to their personal and financial information.

Data breaches 145

Data breaches Phishing Cyber threats Cybersecurity 145

The Hacker News

FEBRUARY 20, 2021

Brave has fixed a privacy issue in its browser that sent queries for.onion domains to public internet DNS resolvers rather than routing them through Tor nodes, thus exposing users' visits to dark web websites. The bug was addressed in a hotfix release (V1.20.108) made available yesterday.

DNS 145

DNS Internet Internet 145

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity