The Last Watchdog
JUNE 2, 2021
The amount of data in the world topped an astounding 59 zetabytes in 2020, much of it pooling in data lakes. Related: The importance of basic research. We’ve barely scratched the surface of applying artificial intelligence and advanced data analytics to the raw data collecting in these gargantuan cloud-storage structures erected by Amazon, Microsoft and Google.
The Hacker News
MAY 31, 2021
Are you aware of how secure your domain is? In most organizations, there is an assumption that their domains are secure and within a few months, but the truth soon dawns on them that it isn't.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
We Live Security
MAY 31, 2021
You may not be able to escape internet trolls, but you have a choice about how you will deal with them – here’s how you can handle trolls without losing your cool. The post Don’t feed the trolls and other tips for avoiding online drama appeared first on WeLiveSecurity.
Joseph Steinberg
JUNE 3, 2021
Joseph Steinberg recently discussed with Fox Business Network host and commentator, Kennedy, why hackers are targeting meat companies, pipelines, and other important elements of the US economy’s supply chain… and, what can Americans do to stop such attacks. To listen to the discussion, please either utilize the embedded player below, or click the image underneath it.
Advertisement
Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.
Schneier on Security
JUNE 2, 2021
The New York Times has a long story on the DarkSide ransomware gang. A glimpse into DarkSide’s secret communications in the months leading up to the Colonial Pipeline attack reveals a criminal operation on the rise, pulling in millions of dollars in ransom payments each month. DarkSide offers what is known as “ransomware as a service,” in which a malware developer charges a user fee to so-called affiliates like Woris, who may not have the technical skills to actually create ran
Krebs on Security
MAY 29, 2021
Fake, positive reviews have infiltrated nearly every corner of life online these days, confusing consumers while offering an unwelcome advantage to fraudsters and sub-par products everywhere. Happily, identifying and tracking these fake reviewer accounts is often the easiest way to spot scams. Here’s the story of how bogus reviews on a counterfeit Microsoft Authenticator browser extension exposed dozens of other extensions that siphoned personal and financial data.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
|
Joseph Steinberg
JUNE 1, 2021
Cybercriminals Are Impersonating Meal-Kit Services In Order To Steal Money And Personal Information. Cybercriminals are exploiting the tremendous growth in the number of meal-kit subscriptions since the start of the COVID-19 pandemic – impersonating various such services, or partners of such services, in order to steal people’s money and personal information.
Schneier on Security
JUNE 1, 2021
The website for the M1racles security vulnerability is an excellent demonstration that not all vulnerabilities are exploitable. Be sure to read the FAQ through to the end.
Adam Levin
JUNE 4, 2021
You would think that ExaGrid, a backup appliance and anti-ransomware service might know how to avoid ransomware, but it was hit. . According to the company’s website, “ExaGrid offers a unique approach to ensure that attackers cannot compromise the backup data, allowing organizations to be confident that they can restore the affected primary storage and avoid paying ugly ransoms.
Troy Hunt
MAY 31, 2021
Continuing with the launch of the Have I Been Pwned Domain Search API to national government cyber agencies, I am very happy to welcome the first Latin American country on board, the Dominican Republic. Their National Cybersecurity Incident Response Team (CSIRT-RD) is the 18th national CERT that has free and open access to domain inquiries across all of its government assets.
Advertisement
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
Tech Republic Security
JUNE 4, 2021
This guide covers the Colonial Pipeline attack, WannaCry, Petya and other ransomware attacks, the systems hackers target and how to avoid becoming a victim and paying cybercriminals a ransom in the event of an infection.
Schneier on Security
JUNE 4, 2021
Today is the second day of the fourteenth Workshop on Security and Human Behavior. The University of Cambridge is the host, but we’re all on Zoom. SHB is a small, annual, invitational workshop of people studying various aspects of the human side of security, organized each year by Alessandro Acquisti, Ross Anderson, and myself. The forty or so attendees include psychologists, economists, computer security researchers, sociologists, political scientists, criminologists, neuroscientists, des
The Last Watchdog
JUNE 1, 2021
Cybercriminals use various techniques for conducting cyberattacks. One such popular way to infiltrate a system is Pharming. It is an online scam attack quite similar to Phishing. Related: Credential stuffing explained. The term Pharming is a combination of two words Phishing and Farming. It is a type of social engineering cyberattack in which the website’s traffic is manipulated to steal confidential credentials from the users.
Lohrman on Security
MAY 30, 2021
The Department of Homeland Security is mandating that pipeline companies report cyber breaches to federal authorities within 12 hours of an incident, and the list of organizations who must do the same will likely grow.
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
Tech Republic Security
MAY 31, 2021
If you find an Apple AirTag that belongs to someone else, learn how to help reunite the lost items with their owner using an iOS or Android device--or, how to prevent the device from tracking you.
Adam Shostack
JUNE 1, 2021
People sometimes ask me about my recording setup, and I wanted to share some thoughts about recording good learning content. The most important thing I’ve learned is the importance of conceptualizing what you want it to look like. The other thing I’ve learned is that the more expensive gear is usually more expensive for decent reasons, and it’s easy to be penny-wise and pound foolish.
Joseph Steinberg
JUNE 3, 2021
Cyber security expert, Joseph Steinberg, has joined the Global Foundation for Cyber Studies and Research (GFCyber) as a Senior Policy Analyst. The full announcement follows: Washington, DC (June 3, 2021) — Renowned cyber security expert, Joseph Steinberg , has joined the Global Foundation for Cyber Studies and Research (GFCyber ) as a Senior Policy Analyst.
Security Boulevard
JUNE 3, 2021
Performance issues are not the only concern users have about Microsoft Office 365 and Azure cloud services: the office productivity suite also represents a major threat vector and an attractive target for network and supply chain attacks. On a quantitative level, Office 365 draws over 250 million active users, according to Microsoft statistics. Attackers can.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Tech Republic Security
JUNE 3, 2021
Underprepared, overwhelmed and unable to move forward, security teams are getting pushback from leadership and simply can't catch up to necessary post-pandemic modernization.
Trend Micro
JUNE 2, 2021
We discovered a vulnerability in macOS, iOS, and iPadOS rooted in the CVMServer. The vulnerability, labeled CVE-2021-30724, can allow threat actors to escalate their privilege if exploited.
Bleeping Computer
JUNE 2, 2021
?Kali Linux 2021.2 was released today by Offensive Security and includes new themes and features, such as access to privileged ports, new tools, and a console-based configuration utility. [.].
Malwarebytes
JUNE 1, 2021
This blog post was authored by Hossein Jazi. The Kimsuky APT—also known as Thallium, Black Banshee, and Velvet Chollima—is a North Korean threat actor that has been active since 2012. The group conducts cyber espionage operations to target government entities mainly in South Korea. On December 2020, KISA (Korean Internet & Security Agency) provided a detailed analysis about the phishing infrastructure and TTPs used by Kimsuky to target South Korea.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Tech Republic Security
JUNE 2, 2021
Security experts recommend setting basic security standards for all your data feeds, enlisting help from procurement and doing an API inventory.
SecureList
JUNE 3, 2021
Introduction. In a nutshell, email spoofing is the creation of fake emails that seem legitimate. This article analyzes the spoofing of email addresses through changing the From header, which provides information about the sender’s name and address. SMTP (Simple Mail Transfer Protocol, the main email transmission protocol in TCP/IP networks) offers no protection against spoofing, so it is fairly easy to spoof the sender’s address.
We Live Security
JUNE 1, 2021
From knock-off designer products to too-good-to-be-true job offers, here are five common schemes fraudsters use to trick teenagers out of their money and sensitive data. The post 5 common scams targeting teens – and how to stay safe appeared first on WeLiveSecurity.
Bleeping Computer
JUNE 2, 2021
NortonLifelock has added the ability to mine Ethereum cryptocurrency directly within its Norton 360 antivirus program as a way to "protect" users from malicious mining software. [.].
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Tech Republic Security
JUNE 2, 2021
All alerts mean something, even if it's just that an employee needs more training. The threat of breach is constant, and those companies who make assumptions about alerts could be in big trouble.
Zero Day
JUNE 3, 2021
The new tool has been used in ongoing cyberespionage activities.
Security Affairs
JUNE 4, 2021
Trend Micro disclosed technical details of a patched privilege escalation issue, tracked as CVE-2021-30724 , that impacts macOS, iOS and iPadOS. Trend Micro researchers disclosed technical details of a patched privilege escalation vulnerability, tracked as CVE-2021-30724 , that impacts macOS, iOS, and iPadOS. The flaw was reported to Apple by Trend Micro researcher Mickey Jin, and the It giant fixed the issue was addressed by the IT giant on May 24 with the release of macOS 11.4, iOS 14.6, and
Bleeping Computer
MAY 31, 2021
JBS Foods, a leading food company and the largest meat producer globally, was forced to shut down production at multiple sites worldwide following a cyberattack. [.].
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Expert insights. Personalized for you.
176 
Let's personalize your content