Lohrman on Security
JUNE 13, 2021
After the recent ransomware attacks against Colonial Pipeline, JBS and others, there are new calls for the U.S. to hack back against cybercrimminals and hold nation-states responsible. So what now?
Hot for Security
JUNE 15, 2021
Our mobile devices are not just a means to communicate with others. They’ve evolved into a data storage device, a video and sound recorder, as well as an easy way to access our bank accounts. Mobile security is often overlooked by many technology users, who dismiss the reality of security risks brought by careless interactions with the digital world.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Joseph Steinberg
JUNE 15, 2021
Major American banks and various other parties serving them are each spending $1 Billion per year on cybersecurity, according to Bank of America’s CEO, Brian Moynihan. Moynihan made the comment on CNBC’s Squawk Box show yesterday (June 14), noting that “I became CEO 11 and a half years ago, and we probably spent $300 million to $400 million (per year) and we’re up over a billion now… The institutions around us, other institutions and my peers, spend like amounts, and our contra
Troy Hunt
JUNE 14, 2021
Today I'm very happy to welcome the Finnish government to Have I Been Pwned by granting their National Cyber Security Centre full and free access to query their government domains. API access to query their domains will give them greater visibility into the impact of data breaches on the Finnish government. Finland is now the 5th Nordic country and 21st national CERT to be onboarded with many more from around the globe to be announced shortly.
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
Schneier on Security
JUNE 17, 2021
General Packet Radio Service (GPRS) is a mobile data standard that was widely used in the early 2000s. The first encryption algorithm for that standard was GEA-1, a stream cipher built on three linear-feedback shift registers and a non-linear combining function. Although the algorithm has a 64-bit key, the effective key length is only 40 bits, due to “an exceptional interaction of the deployed LFSRs and the key initialization, which is highly unlikely to occur by chance.” GEA-1 was d
Krebs on Security
JUNE 16, 2021
Authorities in Ukraine this week charged six people alleged to be part of the CLOP ransomware group , a cybercriminal gang said to have extorted more than half a billion dollars from victims. Some of CLOP’s victims this year alone include Stanford University Medical School , the University of California , and University of Maryland. A still shot from a video showing Ukrainian police seizing a Tesla, one of many high-end vehicles seized in this week’s raids on the Clop gang.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Tech Republic Security
JUNE 18, 2021
Devices have multiple OSs and firmware running, and most organisations don't know what they have or if it's secure. Microsoft will use ReFirm to make it easier to find out without being an expert.
Schneier on Security
JUNE 14, 2021
This is a current list of where and when I am scheduled to speak: I’ll be part of a European Internet Forum virtual debate on June 17, 2021. The topic is “Decrypting the encryption debate: How to ensure public safety with a privacy-preserving and secure Internet?” I’m speaking at the all-online Society for Philosophy and Technology Conference 2021 , June 28-30, 2021.
Krebs on Security
JUNE 15, 2021
The U.S. Department of Justice (DOJ) last week announced the arrest of a 55-year-old Latvian woman who’s alleged to have worked as a programmer for Trickbot , a malware-as-a-service platform responsible for infecting millions of computers and seeding many of those systems with ransomware. Just how did a self-employed web site designer and mother of two come to work for one of the world’s most rapacious cybercriminal groups and then leave such an obvious trail of clues indicating her
Security Affairs
JUNE 18, 2021
This strange malware stops you from visiting pirate websites. Sophos researchers uncovered a malware campaign that aims at blocking infected users’ from being able to visit a large number of piracy websites. . Sophos researchers uncovered a malware campaign that aims at blocking infected users’ from visiting a large number of websites dedicated to software piracy by modifying the HOSTS file on the infected system.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Tech Republic Security
JUNE 16, 2021
Loss of revenue, brand and reputation damage, employee layoffs and business closures were some of the effects of a ransomware attack, according to Cybereason.
Schneier on Security
JUNE 15, 2021
Really interesting two part analysis of the audit conducted after the 2020 election in Windham, New Hampshire. Based on preliminary reports published by the team of experts that New Hampshire engaged to examine an election discrepancy, it appears that a buildup of dust in the read heads of optical-scan voting machines (possibly over several years of use) can cause paper-fold lines in absentee ballots to be interpreted as votes… New Hampshire (and other states) may need to maintain the accu
Krebs on Security
JUNE 18, 2021
In May 2019, KrebsOnSecurity broke the news that the website of mortgage settlement giant First American Financial Corp. [ NYSE:FAF ] was leaking more than 800 million documents — many containing sensitive financial data — related to real estate transactions dating back 16 years. This week, the U.S. Securities and Exchange Commission settled its investigation into the matter after the Fortune 500 company agreed to pay a paltry penalty of less than $500,000.
Hot for Security
JUNE 17, 2021
In December last year, we reported how the email and mailing addresses of some 270,000 Ledger customers had been published on a hacking forum following a data breach. At the time we warned users of the hardware cryptocurrency wallet to watch out for phishing scams that might attempt to steal users’ credentials. What we hadn’t predicted was that cybercriminals would use a rather more elaborate way to steal users’ credentials.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Tech Republic Security
JUNE 15, 2021
56% of all Microsoft critical vulnerabilities could have been mitigated by removing admin rights, according to the 2021 BeyondTrust Microsoft Vulnerabilities Report.
We Live Security
JUNE 18, 2021
By failing to prepare you are preparing to fail – here’s what you can do today to minimize the impact of a potential ransomware attack in the future. The post 5 essential things to do before ransomware strikes appeared first on WeLiveSecurity.
Google Security
JUNE 16, 2021
Posted Kim Lewandowski, Google Open Source Security Team & Mark Lodato, Binary Authorization for Borg Team Supply chain integrity attacks—unauthorized modifications to software packages—have been on the rise in the past two years, and are proving to be common and reliable attack vectors that affect all consumers of software. The software development and deployment supply chain is quite complicated, with numerous threats along the source ?
Hot for Security
JUNE 18, 2021
According to a report by Catalin Cimpanu at The Record , authorities in South Korea have filed charges against employees at a computer repair store. What are the nine charged employees of the unnamed company based in Seoul alleged to have done? Created and installed ransomware onto the computers of their customers, netting more than 360 million won (approximately US $320,000.).
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Tech Republic Security
JUNE 17, 2021
With this year's Amazon Prime Day set for June 21-22, scammers are already touting "Early Prime Day Deals," says Bolster.
CyberSecurity Insiders
JUNE 14, 2021
By Tony Goulding, cybersecurity evangelist, ThycoticCentrify. Employees have dozens of interactions with fellow team members, customers, and partners per day. Due to the remote work boom and accelerated digital transformation projects, many of those conversations and exchanges are online. While your team may think they know who is on the other end of that email or completing a task you have asked them to do, there is no guarantee.
eSecurity Planet
JUNE 18, 2021
There’s a never ending cycle between the measures cybersecurity providers introduce to prevent or remediate cyber threats and the tactics cyber criminals use to get around these security measures. As soon as a security company develops a way to mitigate the latest threat, attackers develop a new threat to take its place. Artificial intelligence has emerged as a critical tool cybersecurity companies leverage to stay ahead of the curve.
Security Affairs
JUNE 12, 2021
An authentication bypass flaw in the polkit auth system service used on most Linux distros can allow to get a root shell. An authentication bypass vulnerability in the polkit auth system service, tracked as CVE-2021-3560 , which is used on most Linux distros can allow an unprivileged attacker to get a root shell. “A flaw was found in polkit. When a requesting process disconnects from dbus-daemon just before the call to polkit_system_bus_name_get_creds_sync starts, the process cannot get a
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Tech Republic Security
JUNE 14, 2021
Two experts are concerned that employees are no match for nation-state spy services tasked with obtaining a company's vital intellectual property.
Security Boulevard
JUNE 14, 2021
$4.4 million. That’s how much ransom Colonial Pipeline paid recently after a ransomware attack crippled the company’s computers, forcing it to shut down 5,500 miles of its gas pipeline, sending the Southeast into an almost overnight gas shortage. The post Ransomware Attacks Increasing: Tips to Keep Your Organization Safe | Apptega appeared first on Security Boulevard.
Bleeping Computer
JUNE 12, 2021
Financial software company Intuit has notified TurboTax customers that some of their personal and financial information was accessed by attackers following what looks like a series of account takeover attacks. [.].
Security Affairs
JUNE 17, 2021
Researchers discovered an unprotected database belonging to CVS Health that was exposed online containing over a billion records. This week WebsitePlanet along with the researcher Jeremiah Fowler discovered an unsecured database, belonging to the US healthcare and pharmaceutical giant CVS Health, that was exposed online. The database was accessible to everyone without any type of authentication. “On March 21st, 2021 the WebsitePlanet research team in cooperation with Security Researcher
Advertisement
Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.
SecureList
JUNE 16, 2021
Ferocious Kitten is an APT group that since at least 2015 has been targeting Persian-speaking individuals who appear to be based in Iran. Although it has been active for a long time, the group has mostly operated under the radar and has not been covered by security researchers to the best of our knowledge. It is only recently that it drew attention when a lure document was uploaded to VirusTotal and went public thanks to researchers on Twitter.
Security Boulevard
JUNE 12, 2021
This week we have good news and bad news. On the one hand, a COO was caught and charged with potentially attacking a rival medical institution. A stolen data marketplace was shut down and bugs were found (all around). However, there has also been an increase in high-profile cyber-attacks. Keep reading to get this week’s top cybernews. The post Security News In Review: REvil Attacks Nuclear Contractor Sol Oriens appeared first on Security Boulevard.
CSO Magazine
JUNE 15, 2021
With the new era of Windows as a service, Microsoft is rolling out changes to the operating system twice a year. Many of those changes will allow you to improve your security posture and offer more security choices. You no longer have to wait for a new operating system to deploy new security features. [ Learn how to identify, block and remove malware from Windows PCs. | Get the latest from CSO by signing up for our newsletters. ].
Security Affairs
JUNE 15, 2021
The source code for the Paradise Ransomware has been released on a hacking forum allowing threat actors to develop their customized variant. The source code for the Paradise Ransomware has been released on the hacking forum XSS allowing threat actors to develop their own customized ransomware operation. The news of the availability of the source code was first reported by Tom Malka , a senior threat intelligence analyst for security firm Security, that reported it to BleepingComputer and The Rec
Advertisement
Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!
Expert insights. Personalized for you.
304 
Let's personalize your content