Daniel Miessler
SEPTEMBER 12, 2021
This post will talk about my initial thoughts on The OWASP Top 10 release for 2021. Let me start by saying that I have respect for the people working on this project, and that as a project maintainer myself, I know how impossibly hard this is. Right, so with that out of the way, here’s what struck me with this list, along with some comments on building lists like this in general.
Krebs on Security
SEPTEMBER 15, 2021
TTEC , [ NASDAQ: TTEC ], a company used by some of the world’s largest brands to help manage customer support and sales online and over the phone, is dealing with disruptions from a network security incident resulting from a ransomware attack, KrebsOnSecurity has learned. While many companies have been laying off or furloughing workers in response to the Coronavirus pandemic, TTEC has been massively hiring.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Schneier on Security
SEPTEMBER 17, 2021
Citizen Lab released a report on a zero-click iMessage exploit that is used in NSO Group’s Pegasus spyware. Apple patched the vulnerability; everyone needs to update their OS immediately. News articles on the exploit.
Troy Hunt
SEPTEMBER 17, 2021
Never a dull moment! Most important stuff this week is talking about next week, namely because Scott Helme and I will be dong a live stream together for the 5th anniversary of my weekly update vids. We'd love questions and topics in advance or just drop in on the day, we're planning it for 18:00 Gold Coast time on Friday 24 which will be 09:00 that morning in London and ridiculous o'clock everywhere in the US.
Advertisement
Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.
Daniel Miessler
SEPTEMBER 17, 2021
In a previous post I talked about how security questionnaires are security theater. They were in 2018—and they still are—but pointing this out always raised the same challenge: Fine, but we have to do something. What’s the alternative? It’s a fair point, and I think we have an answer. I’m a bit allergic to 1.0 and 2.0 designations, but in this case I think we have a clear transition.
Krebs on Security
SEPTEMBER 16, 2021
A jury in California today reached a guilty verdict in the trial of Matthew Gatrel , a St. Charles, Ill. man charged in 2018 with operating two online services that allowed paying customers to launch powerful distributed denial-of-service (DDoS) attacks against Internet users and websites. Gatrel’s conviction comes roughly two weeks after his co-conspirator pleaded guilty to criminal charges related to running the services.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
|
Tech Republic Security
SEPTEMBER 14, 2021
Designed to combat zero-day flaws exploited in Apple's operating systems, the patch applies to the iPhone, iPad, Apple Watch and Mac.
Anton on Security
SEPTEMBER 16, 2021
Sometimes great old blog posts are hard to find (especially on Medium ), so I decided to do a periodic list blog with my favorite posts over the past quarter. Here is the next one. The posts below are ranked by lifetime views. This covers both Anton on Security and my posts from Google Cloud blog , and now our Cloud Security Podcast too! Top 5 most popular posts of all times: “Security Correlation Then and Now: A Sad Truth About SIEM” “Can We Have “Detection as Code”?
Krebs on Security
SEPTEMBER 14, 2021
Microsoft today pushed software updates to plug dozens of security holes in Windows and related products, including a vulnerability that is already being exploited in active attacks. Also, Apple has issued an emergency update to fix a flaw that’s reportedly been abused to install spyware on iOS products, and Google ‘s got a new version of Chrome that tackles two zero-day flaws.
Schneier on Security
SEPTEMBER 13, 2021
Susan Landau wrote an essay on the privacy, efficacy, and equity of contract-tracing smartphone apps. Also see her excellent book on the topic.
Advertisement
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
Tech Republic Security
SEPTEMBER 13, 2021
Most executives cite ransomware as their biggest security concern but few have run simulated attacks to prepare, says Deloitte.
Lohrman on Security
SEPTEMBER 12, 2021
Using software bots has become commonplace in many workplaces around the world, but with worker shortages, will robots start filling more roles soon?
The Last Watchdog
SEPTEMBER 13, 2021
Surfshark wants to help individual citizens take very direct control of their online privacy and security. Thus, Surfshark has just become the first VPN provider to launch an antivirus solution as part of its all-in-one security bundle Surfshark One. Related: Turning humans into malware detectors. This development is part and parcel of rising the trend of VPN providers hustling to deliver innovative “DIY security” services into the hands of individual consumers.
Schneier on Security
SEPTEMBER 14, 2021
This is a current list of where and when I am scheduled to speak: I’m keynoting CIISec Live —an all-online event—September 15-16, 2021. I’m speaking at the Infosecurity Magazine EMEA Autumn Online Summit on September 21, 2021. I’m speaking at the Cybersecurity and Data Privacy Law Conference in Plano, Texas, USA, September 22-23, 2021. I’m speaking at the fourth annual Managing Cyber Risk from the C-Suite conference—a virtual event conducted through Webex—on October 5, 2021.
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
Tech Republic Security
SEPTEMBER 17, 2021
A flaw in the MSHTML engine that lets an attacker use a malicious Office document to install malware is currently being used against the energy, industrial, banking, medical tech, and other sectors.
Thales Cloud Protection & Licensing
SEPTEMBER 13, 2021
Authentication and access management increasingly perceived as core to Zero Trust Security. madhav. Tue, 09/14/2021 - 05:52. The changing global environment has brought many changes to all organizations. While many consider that remote access to corporate resources and data as the key disruption, security teams had to face many more challenges. The acceleration of cloud migration and the proliferation of containers, microservices and IoT devices have placed identity in the center of corporate se
We Live Security
SEPTEMBER 17, 2021
The (probably) penultimate post in our occasional series demystifying Latin American banking trojans. The post Numando: Count once, code twice appeared first on WeLiveSecurity.
CSO Magazine
SEPTEMBER 16, 2021
Social engineering definition. Social engineering is the art of exploiting human psychology, rather than technical hacking techniques, to gain access to buildings, systems or data. For example, instead of trying to find a software vulnerability, a social engineer might call an employee and pose as an IT support person, trying to trick the employee into divulging his password.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Tech Republic Security
SEPTEMBER 14, 2021
Social media is overflowing with quizzes, surveys and opportunities to tell the world about yourself. Learn why you should skip these to protect yourself and your identity.
eSecurity Planet
SEPTEMBER 16, 2021
An investigation by McAfee researchers into a case of a suspected malware infection uncovered a cyber attack that had been sitting in the victim organization’s network for years stealing data. The investigators said the advanced threat actors used a mixture of known and unique malware tools in the attack – which they dubbed Operation Harvest – to compromise the victim’s IT environment, exfiltrate the data and evade detection.
The Hacker News
SEPTEMBER 16, 2021
Continuous integration vendor Travis CI has patched a serious security flaw that exposed API keys, access tokens, and credentials, potentially putting organizations that use public source code repositories at risk of further attacks.
Zero Day
SEPTEMBER 15, 2021
IBM says that over half of cloud security breaches are caused by issues simple to rectify.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Tech Republic Security
SEPTEMBER 17, 2021
Sixty-seven percent lack confidence in their ability to recover business-critical data, which is troubling given that the amount of data businesses manage has grown by more than 10x since 2016.
Security Boulevard
SEPTEMBER 15, 2021
To stay a step ahead of cyber defenders, malware authors are using “exotic” programming languages—such as Go (Golang), Rust, Nim and Dlang—to evade detection and impede reverse engineering efforts. Unconventional languages are composed of more complex and convoluted binaries that are harder to decipher than traditional languages like C# or C++. This entices both APTs.
Trend Micro
SEPTEMBER 14, 2021
Citizen Lab has released a report on a new iPhone threat dubbed ForcedEntry. This zero-click exploit seems to be able to circumvent Apple's BlastDoor security, and allow attackers access to a device without user interaction.
We Live Security
SEPTEMBER 14, 2021
Discover the best ways to mitigate your organization's attack surface, in order to maximize cybersecurity. The post What is a cyberattack surface and how can you reduce it? appeared first on WeLiveSecurity.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Tech Republic Security
SEPTEMBER 15, 2021
By using an alternative means of authentication, you can now go passwordless on your Microsoft account.
Zero Day
SEPTEMBER 14, 2021
Banks, however, have experienced the highest volume of ransomware attacks this year.
Bleeping Computer
SEPTEMBER 15, 2021
The justice ministry of the South African government is working on restoring its operations after a recent ransomware attack encrypted all its systems, making all electronic services unavailable both internally and to the public. [.].
Security Affairs
SEPTEMBER 12, 2021
A new banking trojan dubbed maxtrilha (due to its encryption key) has been discovered in the last few days and targeting customers of European and South American banks. The new maxtrilha trojan is being disseminated and targeting several banks around the world. Criminals are constantly creating variants of popular banking trojans, keeping in mind the same modus operandi but changing the malware internals and its capabilities making it a fully undetectable (FUD) weapon.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Expert insights. Personalized for you.
364 
Let's personalize your content