Tech Republic Security

JULY 21, 2021

Artificial intelligence is a powerful tool, and an expert says we had better ensure it stays just that—a useful tool.

Artificial Intelligence 218

Artificial Intelligence Cybersecurity 218

Krebs on Security

JULY 19, 2021

Browse the comments on virtually any story about a ransomware attack and you will almost surely encounter the view that the victim organization could have avoided paying their extortionists if only they’d had proper data backups. But the ugly truth is there are many non-obvious reasons why victims end up paying even when they have done nearly everything right from a data backup perspective.

Backups 358

Backups Ransomware Encryption Insurance 358

Daniel Miessler

JULY 23, 2021

There’s massive confusion in the security community around Security Through Obscurity. In general, most people know it’s bad, but they can’t say exactly why. And because of this, people tend to think the “Obscurity” in “Security Through Obscurity” equates to secrecy , meaning if you hide anything, it’s Security Through Obscurity.

Encryption 300

Encryption Information Security 300

Schneier on Security

JULY 20, 2021

NSO Group, the Israeli cyberweapons arms manufacturer behind the Pegasus spyware — used by authoritarian regimes around the world to spy on dissidents, journalists, human rights workers, and others — was hacked. Or, at least, an enormous trove of documents was leaked to journalists. There’s a lot to read out there. Amnesty International has a report.

Hacking 363

Hacking Spyware Manufacturing Software 363

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Troy Hunt

JULY 21, 2021

When the Ashley Madison data breach occurred in 2015, it made headline news around the world. Not just infosec headlines or tech headlines, but the headlines of major consumer media the likes my mum and dad would read. What was deemed especially newsworthy was the presence of email addresses in the breach which really shouldn't have been there; let me list off some headlines to illustrate the point: Ashley Madison Hack: 10,000 Gov’t Officials’ Email Addresses on Leaked Ashley

Accountability 363

Accountability Data breaches Government InfoSec 363

Lohrman on Security

JULY 18, 2021

Global leaders want to carve out specific areas of critical infrastructure to be protected under international agreements from cyber attacks. But where does that leave others?

Government 363

Government Cyber Attacks Ransomware 363

Schneier on Security

JULY 23, 2021

A Catholic priest was outed through commercially available surveillance data. Vice has a good analysis : The news starkly demonstrates not only the inherent power of location data, but how the chance to wield that power has trickled down from corporations and intelligence agencies to essentially any sort of disgruntled, unscrupulous, or dangerous individual.

Surveillance 360

Surveillance Marketing Data collection 360

Krebs on Security

JULY 21, 2021

A 18-year-old Tennessee man who helped set in motion a fraudulent distress call to police that led to the death of a 60-year-old grandfather in 2020 was sentenced to 60 months in prison today. 60-year-old Mark Herring died of a heart attack after police surrounded his home in response to a swatting attack. Shane Sonderman , of Lauderdale County, Tenn. admitted to conspiring with a group of criminals that’s been “swatting” and harassing people for months in a bid to coerce targe

Accountability 351

Accountability Media Wireless Passwords 351

Troy Hunt

JULY 23, 2021

This week, by popular demand, it's Charlotte! Oh - and Scott. People had been asking for Charlotte for a while, so we finally decided to do a weekly update together on how she's been transitioning from Mac to PC. Plus, she has to put up with all my IoT shenanigans so that made for some fun conversation, along with how our respective homelands are dealing with the current pandemic (less fun, but very important).

IoT 328

IoT 328

Tech Republic Security

JULY 20, 2021

A new report finds that 74% of companies have been the victim of phishing in the last year. Staff shortages, a lack of security training and an increase in mobile device usage for work are factors.

Phishing 218

Phishing Mobile 218

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Schneier on Security

JULY 22, 2021

From SentinelLabs , a critical vulnerability in HP printer drivers: Researchers have released technical details on a high-severity privilege-escalation flaw in HP printer drivers (also used by Samsung and Xerox), which impacts hundreds of millions of Windows machines. If exploited, cyberattackers could bypass security products; install programs; view, change, encrypt or delete data; or create new accounts with more extensive user rights.

Encryption 325

Encryption Accountability 325

Krebs on Security

JULY 20, 2021

Peter Levashov, appearing via Zoom at his sentencing hearing today. A federal judge in Connecticut today handed down a sentence of time served to spam kingpin Peter “Severa” Levashov , a prolific purveyor of malicious and junk email, and the creator of malware strains that infected millions of Microsoft computers globally. Levashov has been in federal custody since his extradition to the United States and guilty plea in 2018, and was facing up to 12 more years in prison.

Antivirus 320

Antivirus Cybercrime Identity Theft Scams 320

Digital Shadows

JULY 19, 2021

With the closing of another quarter, it’s once again time to have a look back at the cyber threat landscape. The post Q2 Ransomware Roll Up first appeared on Digital Shadows.

Ransomware 145

Ransomware Cyber threats Cybercrime Malware 145

Tech Republic Security

JULY 21, 2021

About one-quarter of respondents do not incorporate any of the listed measures to protect these devices and many feel as though consumers are not responsible for smart and IoT device security.

IoT 206

IoT Cybersecurity 206

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Bleeping Computer

JULY 23, 2021

Scammers are already taking advantage of the hype surrounding Microsoft's next Windows release to push fake Windows 11 installers riddled with malware, adware, and other malicious tools. [.].

Adware 145

Adware Malware 145

Security Boulevard

JULY 21, 2021

With digital business initiatives accelerating across nearly every industry, Gartner projects worldwide IT spending to reach a whopping $4.1 trillion by the end of the year. This data reflects something every forward-looking business leader already knows–digital transformation (DX) is the key to remaining competitive in 2021 and beyond. However, to fully reap the benefits of digital transformation, organizations must.

Digital transformation 145

Digital transformation CISO Security Awareness InfoSec 145

We Live Security

JULY 20, 2021

On iOS we have seen link shortener services pushing spam calendar files to victims’ devices. The post Some URL shortener services distribute Android malware, including banking or SMS trojans appeared first on WeLiveSecurity.

Banking 145

Banking Malware Mobile 145

Tech Republic Security

JULY 23, 2021

Commentary: DuckDuckGo is small by Google's standards, but the company is proving it's very possible to make a lot of money with just a bit more privacy.

218

218

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Bleeping Computer

JULY 20, 2021

Windows 10 and Windows 11 are vulnerable to a local elevation of privilege vulnerability after discovering that users with low privileges can access sensitive Registry database files. [.].

145

145

Security Boulevard

JULY 23, 2021

Cyber criminals are taking advantage of the global crisis coronavirus pandemic (COVID-19) to attempt cyber scams! The Wave of Coronavirus Cyber Scams While the world is busy fighting with the coronavirus pandemic (COVID-19), cyber attackers are misusing this global crisis for their malicious use. The outbreak of newly discovered endangering infectious disease coronavirus (COVID-19) has […].

Scams 145

Scams Cyber Attacks 145

We Live Security

JULY 21, 2021

Cybercriminals may target the popular event with ransomware, phishing, or DDoS attacks in a bid to increase their notoriety or make money. The post Cybercriminals may target 2020 Tokyo Olympics, FBI warns appeared first on WeLiveSecurity.

DDOS 145

DDOS Phishing Ransomware Cybersecurity 145

Tech Republic Security

JULY 22, 2021

An attacker who exploits this flaw could use system privileges to install programs, view or delete data, and create accounts with full user rights.

Accountability 217

Accountability 217

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

CyberSecurity Insiders

JULY 20, 2021

While instant card issuance has become a common service for many banks, digital issuance, where banks can issue card credentials directly to a customer’s mobile wallet, looms as the next development to revolutionise the way consumers interact with their financial services provider. . However, while this innovation seems to only apply to the issuing of digital cards, digital issuance, in combination with a bank’s mobile app, has the potential to unlock a whole variety of different services for

Financial Services 145

Financial Services Banking Mobile Retail 145

Security Boulevard

JULY 19, 2021

Best practices for securing the software supply chain. Photo by Andy Li on Unsplash. In the wake of several highly publicized supply chain attacks, regulatory and media focus is shifting to address third-party software risk. The Department of Defense’s Cybersecurity Maturity Model Certification, established on January 31st, 2020, was the first attempt at creating a supply chain security compliance mandate.

Software 145

Software Risk Data breaches Small Business 145

eSecurity Planet

JULY 23, 2021

A pair of vulnerabilities in the Linux kernel disclosed this week expose major Linux operating systems that could let a hacker either gain root privileges on a compromised host or shut down the entire OS altogether. The two flaws – CVE-2021-33909 and CVE-2021-33910, respectively – were disclosed by vulnerability management vendor Qualys in a pair of blogs that outlined the threat to Linux OSes from such companies Red Hat, Ubuntu, Debian and Fedora.

Accountability 145

Accountability Big data CISO Architecture 145

Tech Republic Security

JULY 20, 2021

This might create problems for those from poorer countries. Their countries may not have the resources to create vaccine passports that are readable everywhere.

206

206

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

CyberSecurity Insiders

JULY 22, 2021

Chine Foreign Ministry has issued a public statement condemning the distribution and usage of Pegasus Spyware surveillance software by various countries. It has also accused United States & NATO for circulating misinformation that the Chinese intelligence was funding hacking groups to launch cyber attacks on the west. Zhao Lijian, the official spokesperson from the Foreign Ministry of China, denounced the practice of cyber surveillance and termed it as an issue that is acting as a challenge

Surveillance 145

Surveillance Spyware Software Government 145

Security Boulevard

JULY 19, 2021

In January, we published the Ransomware Pandemic, a report discussing the ever-evolving threat of ransomware and the growing devastation disseminated by these malicious malware strains. The report discussed the future forecast for ransomware and how we imagined the threat would progress in the immediate future. Just six months later, these predictions have already become a.

Ransomware 145

Ransomware Malware Security Awareness Cybersecurity 145

Security Affairs

JULY 20, 2021

Experts discovered a Local Privilege Escalation, tracked as CVE-2021-33909, that could allow attackers to get root access on most Linux distros. Qualys researchers discovered a local privilege escalation (LPE) tracked as CVE-2021-33909, aka Sequoia, an unprivileged attacker can exploit the flaw to get root privileges on most Linux distros. The issue is a size_t-to-int type conversion vulnerability that resides in the filesystem layer used to manage user data in all major distros released since 2

Hacking 145

Hacking Software Information Security Cybersecurity 145

Tech Republic Security

JULY 22, 2021

Knowing that many organizations fail to patch known flaws, attackers continually scan for security holes that they can exploit, says Barracuda.

218

218

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity