Krebs on Security
MARCH 20, 2020
Finastra , a company that provides a range of technology solutions to banks worldwide, said it was shutting down key systems in response to a security breach discovered Friday morning. The company’s public statement and notice to customers does not mention the cause of the outage, but their response so far is straight out of the playbook for dealing with ransomware attacks.
Troy Hunt
MARCH 18, 2020
Under normal circumstances, we'd be sitting on a stage, beers in hands and doing our (I think we can use this term now) "world famous" Cyber-broken talk. It's like Top gear for nerds. @troyhunt #NDCLondon pic.twitter.com/wxzhM6uOCG — HarryMiller (@HarryMillerr) January 31, 2019 Scott and I have been doing these for a couple of years now, initially as a bit of a space-filler at NDC Security on the Gold Coast.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Schneier on Security
MARCH 16, 2020
The TSA is allowing people to bring larger bottles of hand sanitizer with them on airplanes: Passengers will now be allowed to travel with containers of liquid hand sanitizer up to 12 ounces. However, the agency cautioned that the shift could mean slightly longer waits at checkpoint because the containers may have to be screened separately when going through security.
The Last Watchdog
MARCH 16, 2020
Many companies take an old-school approach to bringing up the rear guard, if you will, when it comes to protecting IT assets. It’s called network segmentation. The idea is to divide the network up into segments, called subnetworks, to both optimize performance as well as strengthen security. Related: A use case for endpoint encryption At RSA 2020 in San Francisco recently, I learned about how something called “micro segmentation” is rapidly emerging as a viable security strategy.
Advertisement
Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.
Krebs on Security
MARCH 16, 2020
Anyone who’s seen the 1984 hit movie Ghostbusters likely recalls the pivotal scene where a government bureaucrat orders the shutdown of the ghost containment unit , effectively unleashing a pent-up phantom menace on New York City. Now, something similar is in danger of happening in cyberspace: Shadowserver.org , an all-volunteer nonprofit organization that works to help Internet service providers (ISPs) identify and quarantine malware infections and botnets, has lost its longtime primary s
Troy Hunt
MARCH 19, 2020
Subject: Data Breach of [your service] Hi, my name is Troy Hunt and I run the ethical data breach notification service known as Have I Been Pwned: [link]. People regularly send me data from compromised systems which are being traded amongst individuals who collect breaches. Recently, a collection of data allegedly taken from the [your service] was sent to me and I believe there’s a high likelihood your site was indeed hacked.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
|
Adam Shostack
MARCH 17, 2020
The current situation is scary and anxiety-provoking, and I can’t do much to fix that. One thing I can do is give people a chance to learn, and so I’m making my Linkedin Learning classes free this week. (I’m told that each class is free for the day, so you’ll need to watch each within a day of starting the course.). These links should open the courses (and as I understand it, start the clock).
Krebs on Security
MARCH 20, 2020
In February, hardware maker Zyxel fixed a zero-day vulnerability in its routers and VPN firewall products after KrebsOnSecurity told the company the flaw was being abused by attackers to break into devices. This week, security researchers said they spotted that same vulnerability being exploited by a new variant of Mirai , a malware strain that targets vulnerable Internet of Things (IoT) devices for use in large-scale attacks and as proxies for other cybercrime activity.
Troy Hunt
MARCH 15, 2020
Of course it's virtual because let's face it, nobody is going anywhere at the moment. Plenty of you aren't even going into an office any more let alone fronting up to a conference with hundreds or even thousands of people. That sucks for you because you end up both missing out on events and sooner or later, suffering from cabin fever (I've always found that difficult across many years of remote work).
Schneier on Security
MARCH 20, 2020
Israel is using emergency surveillance powers to track people who may have COVID-19, joining China and Iran in using mass surveillance in this way. I believe pressure will increase to leverage existing corporate surveillance infrastructure for these purposes in the US and other countries. With that in mind, the EFF has some good thinking on how to balance public safety with civil liberties: Thus, any data collection and digital monitoring of potential carriers of COVID-19 should take into consid
Advertisement
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
Adam Levin
MARCH 18, 2020
The worldwide Covid-19 pandemic has created a massive strain on hospitals and medical facilities. In response to this, many medical professionals are taking elective and non-life-threatening appointments online. “We’re really ramping up telehealth, especially for elderly patients to limit their exposure, while still taking care of their medical needs,” says Dr.
Tech Republic Security
MARCH 17, 2020
The app promises access to a coronavirus map tracker but instead holds your contacts and other data for ransom, DomainTools found.
Troy Hunt
MARCH 20, 2020
Geez, where do I even begin? I honestly wasn't sure, then I could hear the kids playing in the background whilst I was setting up and per the video thought "yeah, stuff it, I'll leave that in" because as messed up as a bunch of stuff is, life goes on. And that's where I really wanted to start this week - what life looks like today. As I say in the video, it's paradoxical because it's all (mostly) very normal here, but it's painful to watch what's happening to friends around the world.
Schneier on Security
MARCH 18, 2020
Interesting data : A study that analyzed all the vulnerability disclosures between 2010 and 2019 found that around 55% of all the security bugs that have been weaponized and exploited in the wild were for two major application frameworks, namely WordPress and Apache Struts. The Drupal content management system ranked third, followed by Ruby on Rails and Laravel, according to a report published this week by risk analysis firm RiskSense.
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
Adam Levin
MARCH 17, 2020
The COVID19 pandemic, also known as the novel coronavirus, has affected daily life in unprecedented ways. Because of home-work and homeschooling measures, millions of Americans are using video conferencing for the first time. With this surge in new users, there will be many cyber security challenges. Workplace meetings, college classes, and even children’s playdates are now being held via webcam in the hopes of preventing the spread of the virus.
Tech Republic Security
MARCH 19, 2020
Security company is using thermal imaging and AI to identify people with a temperature of 100 degrees.
Adam Shostack
MARCH 19, 2020
This post comes from a conversation I had on Linkedin with Clint Gibler. He wrote: One challenge I’ve heard from a number of companies is that, with say 3-5 AppSec engineers supporting 500 – 1000 devs, you can’t TM every story, or even every epic. So what do you focus on? The high risk / most critical things. But what are those? It’s not always easy to have visibility or even awareness of everything being built in fast moving, complex, large environments.
The Last Watchdog
MARCH 17, 2020
Encryption is a cornerstone of digital commerce. But it has also proven to be a profound constraint on the full blossoming of cloud computing and the Internet of Things. Related: A ‘homomorphic-like’ encryption solution We know very well how to encrypt data in transit. And we’ve mastered how to encrypt — and decrypt — data at rest.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Adam Levin
MARCH 19, 2020
Home routers are typically an easy point of entry for hackers looking for sensitive data. With more employees working remotely, it’s now more important than ever to make sure their routers, and by proxy your company’s data, are protected. . Ensure remote workers are more secure by following these five tips: Change the Default Password: Routers should have the manufacturer default password updated the moment it’s turned on and connected.
Tech Republic Security
MARCH 16, 2020
If you want to enable two-factor authentication for Nextcloud on a per-user basis, it's just a simple app installation away.
Security Affairs
MARCH 20, 2020
Experts warn of scanning activity conducted by Russia-linked APT28 cyberespionage group, hackers are searching for vulnerable mail servers. According to security researchers from Trend Micro, the Russia-linked APT28 cyberespionage group has been scanning vulnerable email servers for more than a year. The APT28 group (aka Fancy Bear , Pawn Storm , Sofacy Group , Sednit , and STRONTIUM ) has been active since at least 2007 and it has targeted governments, militaries, and security organizati
The Last Watchdog
MARCH 18, 2020
Corporate America’s love affair with cloud computing has hit a feverish pitch. Yet ignorance persists when it comes to a momentous challenge at hand: how to go about tapping the benefits of digital transformation while also keeping cyber exposures to a minimum level. Related: Why some CEOs have quit tweeting That’s the upshot of FireMon’s second annual State of Hybrid Cloud Security Report of 522 IT and security professionals, some 14 percent of whom occupy C-suite positions.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Thales Cloud Protection & Licensing
MARCH 19, 2020
The need to ensure the ability to work from anywhere is more important than ever. In today’s business environment, constant access to information and services is essential for communication and getting business done whether you are in sales, finance, marketing or the legal profession. This is especially true when we face global incidents like we face today.
Tech Republic Security
MARCH 16, 2020
A Venafi study looked into what digital infrastructure will suffer from cyberattacks, which are most vulnerable, and what it means.
Security Affairs
MARCH 17, 2020
Malware researchers from Cybaze-Yoroi ZLab have uncovered a new Ursnif campaign that is targeting Italy with a new infection chain. Introduction. Ursnif is one of the most and widespread common threats today delivered through malspam campaigns. It appeared on the threat landscape about 13 years ago and gained its popularity since 2014 when its source code was leaked online giving the opportunity to several threat actors to develop their own version.
Adam Levin
MARCH 19, 2020
With businesses sending employees to work from home in the wake of Covid-19, the cybersecurity of their home offices has become paramount. One of the best ways to keep employee and business data protected is by having them connect via Virtual Private Network. . Here are five ways VPNs can keep remote employees secure. Better Network and Firewall Protection: By routing an employee’s internet traffic through your company network, you can provide the same firewalls and network-level protection that
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Daniel Miessler
MARCH 17, 2020
THIS WEEK’S TOPICS: Virus updates, Github gets NPM, New Stimulus, Amazon Hiring 100K, Saltwater Nozzles, Technology News, Human News, Ideas Trends & Analysis, Discovery, Recommendations, and the Weekly Aphorism…. The newsletter serves as the show notes for the podcast. —. If you get value from this content, you can support it directly by becoming a member.
Tech Republic Security
MARCH 20, 2020
Experts discuss what precautions companies need to be taking right now that a record number of people are working outside of offices.
Security Affairs
MARCH 16, 2020
While the Coronavirus is spreading in the U.S., a mysterious cyberattack hit the Department of Health and Human Services on Saturday. According to Bloomberg, that cited three people familiar with the matter, a cyberattack hit the U.S. Department of Health and Human Services on Saturday night. People cited by Bloomberg confirmed that the cyber attack aimed at slowing the agency’s systems down. “The U.S.
Adam Levin
MARCH 18, 2020
With companies telling their employees to stay home to slow the spread of Covid-19, many are holding meetings remotely. Here’s what to look for when choosing a videoconferencing platform: End-to-end encryption: This makes it harder to intercept any potentially sensitive information being discussed. Attendance via PIN: The only attendees allowed into a meeting should be issued a personal identification number that changes each meeting.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Expert insights. Personalized for you.
329 
Let's personalize your content