Sat.May 01, 2021 - Fri.May 07, 2021

article thumbnail

5 IT security strategies that you should think about as employees return to the office

CyberSecurity Insiders

This blog was written by an independent guest blogger. Without a doubt, digital transformation accelerated amid the pandemic and made it possible for employees to work remotely. However, it also intensified the threat landscape created by malicious attackers who jumped on the first opportunity to attack the more vulnerable home networks. As remote working becomes the new norm, it is paramount to have an agile infrastructure and team for security.

article thumbnail

Popular routers found vulnerable to hacker attacks

We Live Security

Millions of Brits could be at risk of cyberattacks due to poor default passwords and a lack of firmware updates. The post Popular routers found vulnerable to hacker attacks appeared first on WeLiveSecurity.

Firmware 145
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Tesla Remotely Hacked from a Drone

Schneier on Security

This is an impressive hack: Security researchers Ralf-Philipp Weinmann of Kunnamon, Inc. and Benedikt Schmotzle of Comsecuris GmbH have found remote zero-click security vulnerabilities in an open-source software component (ConnMan) used in Tesla automobiles that allowed them to compromise parked cars and control their infotainment systems over WiFi.

Hacking 359
article thumbnail

Malicious Office 365 Apps Are the Ultimate Insiders

Krebs on Security

Phishers targeting Microsoft Office 365 users increasingly are turning to specialized links that take users to their organization’s own email login page. After a user logs in, the link prompts them to install a malicious but innocuously-named app that gives the attacker persistent, password-free access to any of the user’s emails and files, both of which are then plundered to launch malware and phishing scams against others.

article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Email Security, Working from Home and World Password Day

Lohrman on Security

What is the future of passwords? More urgently, how are you doing with using (or reusing) passwords now? Here are some helpful tips ahead of World Password Day on May 6.

Passwords 247
article thumbnail

DevOps is getting code released faster than ever. But security is lagging behind

Tech Republic Security

DevOps is speeding up software release cycles like never before. But according to GitLab's latest survey, finger-pointing over who should be in charge of security remains an issue.

Software 217

More Trending

article thumbnail

The Wages of Password Re-Use: Your Money or Your Life

Krebs on Security

When normal computer users fall into the nasty habit of recycling passwords, the result is most often some type of financial loss. When cybercriminals develop the same habit, it can eventually cost them their freedom. Our passwords can say a lot about us, and much of what they have to say is unflattering.

Passwords 347
article thumbnail

Apple Guidance on Intimate Partner Surveillance

Adam Shostack

Apple has released (or I’ve just come across) a document Device and Data Access when Personal Safety is At Risk. Apple makes it easy to connect and share your life with the people closest to you. What you share, and whom you share it with, is up to you — including the decision to make changes to better protect your information or personal safety.

article thumbnail

Cybersecurity: Don't blame employees—make them feel like part of the solution

Tech Republic Security

Scientists find that blaming employees is counterproductive and suggest creating a safe environment for people to admit their mistakes and learn from them. One company already puts that into practice.

article thumbnail

The Story of Colossus

Schneier on Security

Nice video of a talk by Chris Shore on the history of Colossus.

350
350
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Investment Scammer John Davies Reinvents Himself?

Krebs on Security

John Bernard , a pseudonym used by a convicted thief and con artist named John Clifton Davies who’s fleeced dozens of technology startups out of an estimated $30 million, appears to have reinvented himself again after being exposed in a recent investigative series published here. Sources tell KrebsOnSecurity that Davies/Bernard is now posing as John Cavendish and head of a new “private office” called Hempton Business Management LLP.

Scams 306
article thumbnail

MY TAKE: Agile cryptography is coming, now that ‘attribute-based encryption’ is ready for prime time

The Last Watchdog

Encryption agility is going to be essential as we move forward with digital transformation. Refer: The vital role of basic research. All of the technical innovation cybersecurity vendors are churning out to deal with ever-expanding cyber risks, at the end of the day, come down to protecting encrypted data. But cryptography historically has been anything but agile; major advances require years, if not decades, of inspired theoretical research.

article thumbnail

This ambitious Microsoft project aims to fix cloud computing security

Tech Republic Security

Microsoft Research's Project Freta aims to find invisible malware running on the cloud.

Malware 209
article thumbnail

New Spectre-Like Attacks

Schneier on Security

There’s new research that demonstrates security vulnerabilities in all of the AMD and Intel chips with micro-op caches, including the ones that were specifically engineered to be resistant to the Spectre/Meltdown attacks of three years ago. Details : The new line of attacks exploits the micro-op cache: an on-chip structure that speeds up computing by storing simple commands and allowing the processor to fetch them quickly and early in the speculative execution process, as the team explains

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Very Many Qualcomm Phone Chips Hiding Very Nasty Vulnerability

Security Boulevard

A high-severity bug affects almost 40% of Android phones. The security hole is in Qualcomm modems. The post Very Many Qualcomm Phone Chips Hiding Very Nasty Vulnerability appeared first on Security Boulevard.

IoT 145
article thumbnail

Insurer AXA says it will no longer cover ransomware payments in France

Hot for Security

Insurance giant AXA has said that it is no longer writing cyberinsurance policies in France that cover ransom payments to extortionists. AXA’s decision, which appears to be a first for the cyberinsurance industry, will still it still reimburse companies for the cost of responding and recovering from a ransomware attack – but will not cover the often significant sums of cryptocurrency demanded by criminal gangs after they have compromised a network, and encrypted or stolen data.

Insurance 145
article thumbnail

These breached "Star Wars"-themed passwords need more than the force to save them

Tech Republic Security

Turns out, even the most sci-fi-inspired passwords still need the occasional capital letter and special character splashed in.

Passwords 204
article thumbnail

Identifying the Person Behind Bitcoin Fog

Schneier on Security

The person behind the Bitcoin Fog was identified and arrested. Bitcoin Fog was an anonymization service: for a fee, it mixed a bunch of people’s bitcoins up so that it was hard to figure out where any individual coins came from. It ran for ten years. Identifying the person behind Bitcoin Fog serves as an illustrative example of how hard it is to be anonymous online in the face of a competent police investigation: Most remarkable, however, is the IRS’s account of tracking down Sterlin

article thumbnail

The Importance of User Roles and Permissions in Cybersecurity Software

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

article thumbnail

Beware! Hackers target users with fake COVID-19 vaccine registration app

Quick Heal Antivirus

Have you received an SMS with a link that says, “Register for vaccine using COVID-19 app”? Well, beware! The post Beware! Hackers target users with fake COVID-19 vaccine registration app appeared first on Quick Heal Blog | Latest computer security news, tips, and advice.

Malware 145
article thumbnail

Millions put at risk by old, out of date routers

Malwarebytes

Since the first stay-at-home measures were imposed by governments to keep everyone safe from the worsening COVID-19 pandemic, we at Malwarebytes have been making sure that you, dear reader, are as cyber-secure as possible in your home network, while you try to work and while your children attend online classes. There has been much discussion of antivirus protection, patching your software, and using VPNs.

Risk 145
article thumbnail

World Password Day: How to keep yourself and your company data secure

Tech Republic Security

The first Thursday in May is World Password Day. Learn some tips for what your organization should do to foster good password management techniques.

Passwords 202
article thumbnail

19 petabytes of data exposed across 29,000+ unprotected databases

Security Affairs

CyberNews researchers found more than 29,000 unprotected databases worldwide that are still publicly accessible, leaving close to 19,000 terabytes of data exposed to anyone, including threat actors. Most organizations use databases to store sensitive information. This includes passwords, usernames, document scans, health records, bank account and credit card details, as well as other essential data, all easily searchable and conveniently stored in one place.

Passwords 145
article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

Operation TunnelSnake

SecureList

Windows rootkits, especially those operating in kernel space, are pieces of malware infamous for their near absolute power in the operating system. Usually deployed as drivers, such implants have high privileges in the system, allowing them to intercept and potentially tamper with core I/O operations conducted by the underlying OS, like reading or writing to files or processing incoming and outgoing network packets.

Malware 145
article thumbnail

Facebook bans Signal ads that reveal the depth of what it knows about you

Malwarebytes

Most of our readers are well aware of the fact that the big tech corporations, especially those that run social media know a great deal about us and our behavior. But it rarely hits home how much personal data they have about us and how they can guess, quite correctly, even more. Lots more. Signal came up with an idea to drive that point home. A simple but very effective idea, nothing short of genius.

article thumbnail

Android phones may be vulnerable to security flaw in Qualcomm chip

Tech Republic Security

Patched on Qualcomm's end, the flaw could allow attackers to access your call history and text messages and eavesdrop on your phone conversations, says Check Point Research.

190
190
article thumbnail

Ousaban: Private photo collection hidden in a CABinet

We Live Security

Another in our occasional series demystifying Latin American banking trojans. The post Ousaban: Private photo collection hidden in a CABinet appeared first on WeLiveSecurity.

Banking 145
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

Cybersecurity Fosters Competitive Advantage

Security Boulevard

Tens of billions of dollars each year are spent on cybersecurity, yet cybercriminals continue to succeed. There seems to be a never-ending stream of cybersecurity bad news. Companies constantly experience negative security events – Facebook, Verkada, and Elekta are recent examples. Cybersecurity failures become public relations, customer relations, and financial problems for companies.

article thumbnail

Redefining What it Means to be a Hacker with Eric Head aka todayisnew

SecurityTrails

Sitting down with Eric Head, one of the most successful bug bounty hunters, known online as todayisnew, to discuss his mindful practices and how to remain focused on your goals.

145
145
article thumbnail

How to set up camera privacy settings in Windows 10

Tech Republic Security

Before you can use a camera app in Windows 10 you have to allow access to the camera itself. Only then can you allow access to the app. We walk you through it.

170
170
article thumbnail

Best Security Company | Cisco Systems

SC Magazine

(Justin Sullivan/Getty Images). Cisco’s Customer Experience organization reports that 44% of support cases are resolved in a day or less and 75% successfully reduce the risk of downtime. The Cisco Secure portfolio offers three distinct advantages: First, the breadth of its products and size of Cisco’s customer base means it has a large footprint in an industry where scale matters.

DNS 145
article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!