Joseph Steinberg

MAY 12, 2021

Colonial Pipeline, which operates a 5,500-mile system that transports nearly 45% of the fuel consumed on the East Coast of the United States, shut down on Friday critical portions of its fuel distribution network in response to a crippling ransomware attack that devastated the American fuel pipeline operator; since then, fuel prices have creeped up across the United States, and 17 US States and Washington DC have declared states of emergency.

Energy and Utilities 173

Energy and Utilities Ransomware Artificial Intelligence Cyber Attacks 173

CSO Magazine

MAY 12, 2021

SOAR: Meaning and definition. SOAR is the name for a relatively new kind of security platform that coordinates information produced by a wide range of security tools and automate much of their analysis and protective responses. SOAR, which stands for security orchestration, automation, and response, is a term coined by Gartner in 2015 and since embraced by the industry as companies grapple with increasing security threats, a tight labor market, and an increasing flood of information they need to

Marketing 112

Marketing 112

eSecurity Planet

MAY 13, 2021

Oil and gas companies have two key areas of concern when addressing cybersecurity, especially in their unmanned remote facilities. They have to supply physical security that denies access to the cyber-physical assets, and they sometimes must employ several cyber defenses depending on the device or system in question. So when you are looking at doing a Zero Trust deployment for critical infrastructure, it is important to be mindful of the fact that a site’s physical security is typically th

Digital transformation 110

Digital transformation Technology Ransomware IoT 110

Krebs on Security

MAY 14, 2021

The DarkSide ransomware affiliate program responsible for the six-day outage at Colonial Pipeline this week that led to fuel shortages and price spikes across the country is running for the hills. The crime gang announced it was closing up shop after its servers were seized and someone drained the cryptocurrency from an account the group uses to pay affiliates. “Servers were seized (country not named), money of advertisers and founders was transferred to an unknown account,” reads a

Ransomware 364

Ransomware Cryptocurrency Cybercrime Healthcare 364

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

Schneier on Security

MAY 10, 2021

This is a newly unclassified NSA history of its reaction to academic cryptography in the 1970s: “ New Comes Out of the Closet: The Debate over Public Cryptography in the Inman Era ,” Cryptographic Quarterly , Spring 1996, author still classified.

362

362

Troy Hunt

MAY 9, 2021

A fairly hectic week this one, in a large part due to chasing down really flakey network issues that are causing devices (namely Shelly relays) to be inaccessible. I suspect it's ARP related and as of now, it's still not fully resolved. You know how much s**t breaks in a connected house when devices become inaccessible? Lots. But hey, at least I've finally automated my aircon!

Encryption 325

Encryption 325

Krebs on Security

MAY 11, 2021

Microsoft today released fixes to plug at least 55 security holes in its Windows operating systems and other software. Four of these weaknesses can be exploited by malware and malcontents to seize complete, remote control over vulnerable systems without any help from users. On deck this month are patches to quash a wormable flaw, a creepy wireless bug, and yet another reason to call for the death of Microsoft’s Internet Explorer (IE) web browser.

Wireless 316

Wireless Internet Internet Backups 316

Schneier on Security

MAY 10, 2021

This is a major story : a probably Russian cybercrime group called DarkSide shut down the Colonial Pipeline in a ransomware attack. The pipeline supplies much of the East Coast. This is the new and improved ransomware attack: the hackers stole nearly 100 gig of data, and are threatening to publish it. The White House has declared a state of emergency and has created a task force to deal with the problem, but it’s unclear what they can do.

Ransomware 357

Ransomware Cybercrime 357

Tech Republic Security

MAY 12, 2021

Attackers are not only demanding ransom from organizations, but also threatening their customers, users and other third parties.

Ransomware 218

Ransomware 218

The Last Watchdog

MAY 12, 2021

A permissions glut is giving rise to an explosion of new exposures in modern business networks. Related: Securing digital identities. Companies are adopting multi-cloud and hybrid cloud infrastructures and relying on wide-open app development like never before. In doing so, permissions to make myriad software connections are proliferating. Taken together these man-to-machine and machine-to-machine connections result in cool new digital services.

Cloud Migration 214

Cloud Migration Accountability Software Internet 214

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Krebs on Security

MAY 10, 2021

How much is your payroll data worth? Probably a lot more than you think. One financial startup that’s targeting the gig worker market is offering up to $500 to anyone willing to hand over the payroll account username and password given to them by their employer, plus a regular payment for each month afterwards in which those credentials still work.

Passwords 303

Passwords Mobile Accountability Marketing 303

Schneier on Security

MAY 11, 2021

Microsoft researchers just released an open-source automation tool for security testing AI systems: “ Counterfit.” Details on their blog.

Risk 338

Risk Artificial Intelligence 338

Tech Republic Security

MAY 12, 2021

Government and business both need to step up to combat ransomware attacks against critical systems before they spiral further out of control.

Ransomware 218

Ransomware Government 218

Troy Hunt

MAY 14, 2021

This one is a real short intro as right now, it hurts to type (copy and paste is earlier ??): I’m Back at a *REAL* Conference; Dealing with RSI; Shellies and MQTT; My IoT Aircon Hack; Drowning in Data Breaches. References I've been at a real conference this week, with people and all! (that's a tweet with pics of the environment) I've also been dealing with some pretty unpleasant RSI (link to the blog post on my ergonomic setup, do invest early in this folks) My automated IoT aircon integration i

IoT 203

IoT Data breaches Hacking 203

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

The Last Watchdog

MAY 11, 2021

By patiently slipping past the best cybersecurity systems money can buy and evading detection for 16 months, the perpetrators of the SolarWinds hack reminded us just how much heavy lifting still needs to get done to make digital commerce as secure as it needs to be. Related: DHS launches 60-day cybersecurity sprints. Obviously, one change for the better would be if software developers and security analysts paid much closer attention to the new and updated coding packages being assembled and depl

Software 202

Software Hacking Malware Engineering 202

Schneier on Security

MAY 14, 2021

Modern ransomware has two dimensions: pay to get your data back, and pay not to have your data dumped on the Internet. The DC police are the victims of this ransomware, and the criminals have just posted personnel records — “including the results of psychological assessments and polygraph tests; driver’s license images; fingerprints; social security numbers; dates of birth; and residential, financial, and marriage histories” — for two dozen police officers.

Ransomware 335

Ransomware Cryptocurrency Cybercrime Internet 335

Tech Republic Security

MAY 10, 2021

A recent survey found an unusual reason cybersecurity is failing. Experts share what it is and how to correct it.

Technology 216

Technology Cybersecurity 216

The Hacker News

MAY 14, 2021

Threat actors are abusing Microsoft Build Engine (MSBuild) to filelessly deliver remote access trojans and password-stealing malware on targeted Windows systems.

Engineering 145

Engineering Malware Passwords Cybersecurity 145

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

The Last Watchdog

MAY 10, 2021

The value of sharing threat intelligence is obvious. It’s much easier to blunt the attack of an enemy you can clearly see coming at you. Related: Supply chains under siege. But what about trusted allies who unwittingly put your company in harm’s way? Third-party exposures can lead to devastating breaches, just ask any Solar Winds first-party customer.

Risk 195

Risk Cyber Risk Insurance Banking 195

Schneier on Security

MAY 14, 2021

This is a current list of where and when I am scheduled to speak: I’m keynoting the (all-virtual) RSA Conference 2021 , May 17-20, 2021. I’m keynoting the 5th International Symposium on Cyber Security Cryptology and Machine Learning (via Zoom), July 8-9, 2021. I’ll be speaking at an Informa event on September 14, 2021. Details to come. The list is maintained on this page.

243

243

Tech Republic Security

MAY 11, 2021

Cybersecurity expert discusses the many ways attackers could have gotten access to the Colonial Pipeline company and reminds us why the threat always looms.

Cybersecurity 216

Cybersecurity 216

Malwarebytes

MAY 14, 2021

Recently, we have seen an increasing number of reports from iPhone users about their calendars filling up with junk events. These events are most often either pornographic in nature, or claim that the device has been infected or hacked, and in all cases they contain malicious links. This phenomenon is known as “calendar spam.” Calendar spam became a big problem for Apple’s iCloud calendars back in 2016.

Scams 145

Scams Hacking Engineering 145

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

The Last Watchdog

MAY 13, 2021

In a day and age when the prime directive for many organizations is to seek digital agility above all else, cool new apps get conceived, assembled and deployed at breakneck speed. Related: DHS instigates 60-day cybersecurity sprints. Software developers are king of the hill; they are the deeply-committed disciples pursuing wide open, highly dynamic creative processes set forth in the gospels of DevOps and CI/CD.

Penetration Testing 183

Penetration Testing Digital transformation Software Architecture 183

Schneier on Security

MAY 12, 2021

I have 80 copies of my 2000 book Beyond Fear available at the very cheap price of $5 plus shipping. Note that there is a 20% chance that your book will have a “BT Counterpane” sticker on the front cover. Order your signed copy here.

189

189

Tech Republic Security

MAY 14, 2021

Old technology and fear of sharing proprietary information are keeping companies from helping each other thwart attacks.

Technology 209

Technology 209

Malwarebytes

MAY 14, 2021

WhatsApp told users last week that there was no need for alarm regarding an upcoming privacy policy deadline, as users who refuse to accept the privacy policy will not have their accounts deleted—they will just have their apps rendered useless, eventually incapable of receiving calls and messages. The planned removal of core features represents a stunning reversal for a company that long ago prioritized data privacy, transforming WhatsApp’s offering into an unworkable contradiction: Private mess

Encryption 145

Encryption Accountability Data privacy Advertising 145

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

The Last Watchdog

MAY 12, 2021

A new report from Sophos dissects how hackers spent two weeks roaming far-and-wide through the modern network of a large enterprise getting into a prime position to carry out what could’ve been a devasting ransomware attack. Related: DHS embarks on 60-day cybersecurity sprints. This detailed intelligence about a ProxyLogon-enabled attack highlights how criminal intruders are blending automation and human programming skills to great effect.

Ransomware 153

Ransomware Hacking Firewall Digital transformation 153

The Hacker News

MAY 12, 2021

Adobe has released Patch Tuesday updates for the month of May with fixes for multiple vulnerabilities spanning 12 different products, including a zero-day flaw affecting Adobe Reader that's actively exploited in the wild.

145

145

Tech Republic Security

MAY 10, 2021

Diving into a cashless future of transactions via digital wallets that keep consumers safe and reduce paper and waste.

Mobile 206

Mobile 206

Bleeping Computer

MAY 11, 2021

A Microsoft Outlook update released today for the desktop client introduced bugs that prevent users from creating or viewing mail. [.].

145

145

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity