Tech Republic Security

JULY 21, 2021

Artificial intelligence is a powerful tool, and an expert says we had better ensure it stays just that—a useful tool.

Artificial Intelligence 218

Artificial Intelligence Cybersecurity 218

Krebs on Security

JULY 19, 2021

Browse the comments on virtually any story about a ransomware attack and you will almost surely encounter the view that the victim organization could have avoided paying their extortionists if only they’d had proper data backups. But the ugly truth is there are many non-obvious reasons why victims end up paying even when they have done nearly everything right from a data backup perspective.

Backups 359

Backups Ransomware Encryption Insurance 359

Daniel Miessler

JULY 23, 2021

There’s massive confusion in the security community around Security Through Obscurity. In general, most people know it’s bad, but they can’t say exactly why. And because of this, people tend to think the “Obscurity” in “Security Through Obscurity” equates to secrecy , meaning if you hide anything, it’s Security Through Obscurity.

Encryption 300

Encryption Information Security 300

Troy Hunt

JULY 21, 2021

When the Ashley Madison data breach occurred in 2015, it made headline news around the world. Not just infosec headlines or tech headlines, but the headlines of major consumer media the likes my mum and dad would read. What was deemed especially newsworthy was the presence of email addresses in the breach which really shouldn't have been there; let me list off some headlines to illustrate the point: Ashley Madison Hack: 10,000 Gov’t Officials’ Email Addresses on Leaked Ashley

Accountability 363

Accountability Data breaches Government InfoSec 363

Advertisement

Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.

Cyber threats

Schneier on Security

JULY 23, 2021

A Catholic priest was outed through commercially available surveillance data. Vice has a good analysis : The news starkly demonstrates not only the inherent power of location data, but how the chance to wield that power has trickled down from corporations and intelligence agencies to essentially any sort of disgruntled, unscrupulous, or dangerous individual.

Surveillance 363

Surveillance Marketing Data collection 363

Lohrman on Security

JULY 18, 2021

Global leaders want to carve out specific areas of critical infrastructure to be protected under international agreements from cyber attacks. But where does that leave others?

Government 363

Government Cyber Attacks Ransomware 363

Krebs on Security

JULY 21, 2021

A 18-year-old Tennessee man who helped set in motion a fraudulent distress call to police that led to the death of a 60-year-old grandfather in 2020 was sentenced to 60 months in prison today. 60-year-old Mark Herring died of a heart attack after police surrounded his home in response to a swatting attack. Shane Sonderman , of Lauderdale County, Tenn. admitted to conspiring with a group of criminals that’s been “swatting” and harassing people for months in a bid to coerce targe

Accountability 351

Accountability Media Wireless Passwords 351

Schneier on Security

JULY 20, 2021

NSO Group, the Israeli cyberweapons arms manufacturer behind the Pegasus spyware — used by authoritarian regimes around the world to spy on dissidents, journalists, human rights workers, and others — was hacked. Or, at least, an enormous trove of documents was leaked to journalists. There’s a lot to read out there. Amnesty International has a report.

Hacking 364

Hacking Spyware Manufacturing Software 364

Troy Hunt

JULY 23, 2021

This week, by popular demand, it's Charlotte! Oh - and Scott. People had been asking for Charlotte for a while, so we finally decided to do a weekly update together on how she's been transitioning from Mac to PC. Plus, she has to put up with all my IoT shenanigans so that made for some fun conversation, along with how our respective homelands are dealing with the current pandemic (less fun, but very important).

IoT 349

IoT 349

The Last Watchdog

JULY 21, 2021

Most of us, by now, take electronic signatures for granted. Related: Why PKI will endure as the Internet’s secure core. Popular services, like DocuSign and Adobe Sign, have established themselves as convenient, familiar tools to conduct daily commerce, exclusively online. Yet electronic signatures do have their security limitations. That’s why “wet” signatures, i.e. signing in the presence of a notary, remains a requirement for some transactions involving high dollars or very sensitive rec

Computers and Electronics 269

Computers and Electronics Authentication Digital transformation Internet 269

Advertisement

The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.

Cybersecurity

Krebs on Security

JULY 20, 2021

Peter Levashov, appearing via Zoom at his sentencing hearing today. A federal judge in Connecticut today handed down a sentence of time served to spam kingpin Peter “Severa” Levashov , a prolific purveyor of malicious and junk email, and the creator of malware strains that infected millions of Microsoft computers globally. Levashov has been in federal custody since his extradition to the United States and guilty plea in 2018, and was facing up to 12 more years in prison.

Antivirus 339

Antivirus Cybercrime Identity Theft Scams 339

Schneier on Security

JULY 22, 2021

From SentinelLabs , a critical vulnerability in HP printer drivers: Researchers have released technical details on a high-severity privilege-escalation flaw in HP printer drivers (also used by Samsung and Xerox), which impacts hundreds of millions of Windows machines. If exploited, cyberattackers could bypass security products; install programs; view, change, encrypt or delete data; or create new accounts with more extensive user rights.

Encryption 359

Encryption Accountability 359

Joseph Steinberg

JULY 22, 2021

I recently came across the following interesting infographic (reproduced with permission), comparing unseen cybersecurity threats to the threats faced by basketball teams that do not fully recognize and appreciate the offensive capabilities of one or more opposing players. While professional sports and cybersecurity may seem like two completely unrelated disciplines, the reality is that professionals working in both fields face similar prospects of suffering serious failures if they fail to both

Cybersecurity 246

Cybersecurity Artificial Intelligence Information Security 246

Tech Republic Security

JULY 23, 2021

Commentary: DuckDuckGo is small by Google's standards, but the company is proving it's very possible to make a lot of money with just a bit more privacy.

218

218

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

Cisco Security

JULY 23, 2021

Bringing focus back to organizations’ IT, and empowering security heroes. Esports are becoming massively popular, and you’ll commonly hear about how a player “carried the team on their back,” a phrase often used when a teammate perseveres through adversity, contributes more than their fair share, and ultimately delivers a win. Over the last year and a half, IT and security heroes globally have adapted and met the needs of their workforces that had to rapidly pivot to remote work.

VPN 145

VPN Marketing Technology Firewall 145

Bleeping Computer

JULY 23, 2021

Scammers are already taking advantage of the hype surrounding Microsoft's next Windows release to push fake Windows 11 installers riddled with malware, adware, and other malicious tools. [.].

Adware 145

Adware Malware 145

The Hacker News

JULY 23, 2021

A malware known for targeting macOS operating system has been updated once again to add more features to its toolset that allows it to amass and exfiltrate sensitive data stored in a variety of apps, including apps such as Google Chrome and Telegram, as part of further "refinements in its tactics.

Malware 145

Malware Software 145

Tech Republic Security

JULY 22, 2021

Knowing that many organizations fail to patch known flaws, attackers continually scan for security holes that they can exploit, says Barracuda.

218

218

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Cisco Security

JULY 22, 2021

Ransomware. Certainly not a new form of cybercrime, but one that has dominated mainstream headlines in recent months. High-profile cyberattacks on critical infrastructure and sectors in the global economy, such as government agencies, a major U.S. fuel pipeline, and one of the world’s largest meat processing plants have put a giant spotlight on ransomware.

Ransomware 145

Ransomware DNS Authentication Cybercrime 145

Bleeping Computer

JULY 23, 2021

A new NTLM relay attack called PetitPotam has been discovered that allows threat actors to take over a domain controller, and thus an entire Windows domain. [.].

145

145

Malwarebytes

JULY 22, 2021

A very serious security flaw in immensely popular printer drivers has been disclosed and it could affect many millions of Windows systems. The printer driver was issued by HP, but it’s also in use by Samsung and Xerox. All the affected printers are laser printers. The most surprising about this find is probably that the vulnerability apparently has existed since 2005 and was only found 16 years later.

Software 145

Software Firmware Manufacturing Engineering 145

Tech Republic Security

JULY 20, 2021

A new report finds that 74% of companies have been the victim of phishing in the last year. Staff shortages, a lack of security training and an increase in mobile device usage for work are factors.

Phishing 218

Phishing Mobile 218

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Security Boulevard

JULY 21, 2021

With digital business initiatives accelerating across nearly every industry, Gartner projects worldwide IT spending to reach a whopping $4.1 trillion by the end of the year. This data reflects something every forward-looking business leader already knows–digital transformation (DX) is the key to remaining competitive in 2021 and beyond. However, to fully reap the benefits of digital transformation, organizations must.

Digital transformation 145

Digital transformation CISO Security Awareness InfoSec 145

We Live Security

JULY 21, 2021

Cybercriminals may target the popular event with ransomware, phishing, or DDoS attacks in a bid to increase their notoriety or make money. The post Cybercriminals may target 2020 Tokyo Olympics, FBI warns appeared first on WeLiveSecurity.

DDOS 145

DDOS Phishing Ransomware Cybersecurity 145

Malwarebytes

JULY 21, 2021

Users with low privileges can access sensitive Registry database files on Windows 10 and Windows 11, leaving them vulnerable to a local elevation of privilege vulnerability known as SeriousSAM or HiveNightmare. Doesn’t sound serious? Reassured that users must already have access to the system and be able to execute code on said system to use this vulnerability?

Passwords 145

Passwords Authentication Accountability Backups 145

Tech Republic Security

JULY 22, 2021

An attacker who exploits this flaw could use system privileges to install programs, view or delete data, and create accounts with full user rights.

Accountability 217

Accountability 217

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Bleeping Computer

JULY 20, 2021

Windows 10 and Windows 11 are vulnerable to a local elevation of privilege vulnerability after discovering that users with low privileges can access sensitive Registry database files. [.].

145

145

We Live Security

JULY 20, 2021

On iOS we have seen link shortener services pushing spam calendar files to victims’ devices. The post Some URL shortener services distribute Android malware, including banking or SMS trojans appeared first on WeLiveSecurity.

Banking 145

Banking Malware Mobile 145

Security Boulevard

JULY 23, 2021

Cyber criminals are taking advantage of the global crisis coronavirus pandemic (COVID-19) to attempt cyber scams! The Wave of Coronavirus Cyber Scams While the world is busy fighting with the coronavirus pandemic (COVID-19), cyber attackers are misusing this global crisis for their malicious use. The outbreak of newly discovered endangering infectious disease coronavirus (COVID-19) has […].

Scams 145

Scams Cyber Attacks 145

Tech Republic Security

JULY 21, 2021

About one-quarter of respondents do not incorporate any of the listed measures to protect these devices and many feel as though consumers are not responsible for smart and IoT device security.

IoT 217

IoT Cybersecurity 217

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk