Schneier on Security

SEPTEMBER 24, 2021

This isn’t the first time I’ve received an e-mail like this: Hey! I’ve done my research and looked at a lot of facts and old forgotten archives. I know that you are Satoshi, I do not want to tell anyone about this. I just wanted to say that you created weapons of mass destruction where niches remained poor and the rich got richer! When bitcoin first appeared, I was small, and alas, my family lost everything on this, you won’t find an apple in the winter garden, people onl

70

70

Krebs on Security

SEPTEMBER 20, 2021

It happens all the time: Organizations get hacked because there isn’t an obvious way for security researchers to let them know about security vulnerabilities or data leaks. Or maybe it isn’t entirely clear who should get the report when remote access to an organization’s internal network is being sold in the cybercrime underground.

Retail 318

Retail Healthcare Internet Internet 318

Tech Republic Security

SEPTEMBER 20, 2021

Office 365 and Azure Active Directory's security diagnostics are surprisingly useful tools.

Hacking 217

Hacking 217

The Last Watchdog

SEPTEMBER 20, 2021

An array of promising security trends is in motion. New frameworks, like SASE , CWPP and CSPM , seek to weave security more robustly into the highly dynamic, intensely complex architecture of modern business networks. Related: 5 Top SIEM myths. And a slew of new application security technologies designed specifically to infuse security deeply into specific software components – as new coding is being developed and even after it gets deployed and begins running in live use.

Software 205

Software Cloud Migration Architecture Engineering 205

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

Schneier on Security

SEPTEMBER 22, 2021

The Washington Post reports that the FBI had a decryption key for the REvil ransomware, but didn’t pass it along to victims because it would have disrupted an ongoing operation. The key was obtained through access to the servers of the Russia-based criminal gang behind the July attack. Deploying it immediately could have helped the victims, including schools and hospitals, avoid what analysts estimate was millions of dollars in recovery costs.

Ransomware 324

Ransomware Government Hacking 324

Lohrman on Security

SEPTEMBER 19, 2021

For decades, NASCIO has provided best practices for governments to learn from. This year is no different, and three finalists offer lessons for all public-sector agencies.

Government 198

Government 198

Security Affairs

SEPTEMBER 23, 2021

Apple has addressed three zero-day vulnerabilities exploited by threat actors in attacks in the wild to take over iPhones and Macs. Apple has released security updates to address three zero-day vulnerabilities exploited in attacks in the wild to compromise iPhones and Macs running vulnerable iOS and macOS versions. Apple confirmed that at least one of the flaws was exploited by threat actors to infect the device with the NSO Pegasus spyware.

Spyware 145

Spyware Hacking Information Security Malware 145

Schneier on Security

SEPTEMBER 23, 2021

ROT8000 is the Unicode equivalent of ROT13. What’s clever about it is that normal English looks like Chinese, and not like ciphertext (to a typical Westerner, that is).

Encryption 62

Encryption 62

Malwarebytes

SEPTEMBER 21, 2021

Last week, security researcher Patrick Wardle released details of a new piece of malware masquerading as the legitimate app iTerm2. The malware was discovered earlier the same day by security researcher Zhi ( @CodeColorist on Twitter), and detailed on a Chinese-language blog. (For those who don’t speak Chinese, Safari seems to do a fair job of translating it.). iTerm2 is a legitimate replacement for the macOS Terminal app, offering some powerful features that Terminal does not.

Malware 145

Malware Passwords Engineering 145

Tech Republic Security

SEPTEMBER 20, 2021

Just a couple of years of IT experience is all that's necessary to break into the cybersecurity field with this self-paced training.

Cybersecurity 208

Cybersecurity 208

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

The Hacker News

SEPTEMBER 21, 2021

Unidentified threat actors breached a server running an unpatched, 11-year-old version of Adobe's ColdFusion 9 software in minutes to remotely take over control and deploy file-encrypting Cring ransomware on the target's network 79 hours after the hack.

Ransomware 145

Ransomware Encryption Accountability Hacking 145

Schneier on Security

SEPTEMBER 24, 2021

The MIT Technology Review is reporting that 2021 is a blockbuster year for zero-day exploits: One contributing factor in the higher rate of reported zero-days is the rapid global proliferation of hacking tools. Powerful groups are all pouring heaps of cash into zero-days to use for themselves — and they’re reaping the rewards. At the top of the food chain are the government-sponsored hackers.

Hacking 301

Hacking Government Technology Ransomware 301

Zero Day

SEPTEMBER 22, 2021

Researchers were able to exploit a protocol design feature on a vast scale.

145

145

Tech Republic Security

SEPTEMBER 23, 2021

Attackers can easily buy, deploy and scale phishing campaigns to steal credentials and other sensitive data, says Microsoft.

Phishing 207

Phishing 207

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Security Affairs

SEPTEMBER 21, 2021

Security researchers disclosed a new zero-day flaw in Apple’s macOS Finder that can allow attackers to run arbitrary commands on Macs. Independent security researcher Park Minchan disclosed a zero-day vulnerability in Apple’s macOS Finder that can be exploited by attackers to run arbitrary commands on Mac systems running any macOS version.

Internet 145

Internet Internet Hacking Information Security 145

Schneier on Security

SEPTEMBER 21, 2021

Apparently, a nation-state hacked Alaska’s Department of Health and Social Services. Not sure why Alaska’s Department of Health and Social Services is of any interest to a nation-state, but that’s probably just my failure of imagination.

Hacking 289

Hacking Healthcare 289

We Live Security

SEPTEMBER 23, 2021

While Apple did issue a patch for the vulnerability, it seems that the fix can be easily circumvented. The post Bug in macOS Finder allows remote code execution appeared first on WeLiveSecurity.

145

145

Tech Republic Security

SEPTEMBER 22, 2021

NordPass: Only 33% of users surveyed had changed the default passwords on their IoT devices, leaving the rest vulnerable to attack.

IoT 205

IoT Malware Passwords 205

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Security Affairs

SEPTEMBER 20, 2021

Security researchers discovered an unsecured database exposed online containing the personal information of millions of visitors to Thailand. The popular cybersecurity research Bob Diachenko discovered his personal data online stored on an unprotected Elasticsearch database containing the personal details of more than 106 million visitors to Thailand.

Engineering 145

Engineering Hacking Cybersecurity Data breaches 145

Bleeping Computer

SEPTEMBER 18, 2021

Windows 11 is no longer compatible with the immensely popular Oracle VirtualBox virtualization platform after Microsoft changed its hardware requirement policies for virtual machines. [.].

145

145

Malwarebytes

SEPTEMBER 22, 2021

In a detailed post on Github , security researcher Watchful_IP describes how he found that the majority of the recent camera product ranges of Hikvision cameras are susceptible to a critical, unauthenticated, remote code execution (RCE) vulnerability, even with the latest firmware. Hikvision. Hangzhou Hikvision Digital Technology Co., Ltd. engages in the development, production, and sale of security products.

Firmware 145

Firmware Surveillance Marketing VPN 145

Tech Republic Security

SEPTEMBER 21, 2021

Retribution by hacking back might make you feel better, but experts urge caution and explain why it's a bad idea.

Hacking 204

Hacking 204

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Security Affairs

SEPTEMBER 19, 2021

The popular whistleblower Edward Snowden recommends customers of ExpressVPN VPN service to stop using it. Last week the Israeli cybersecurity firm Kape Technologies has acquired the industry’s leading virtual private networks ExpressVPN, as part of a $936 million deal. Kape announced that the acquisition will more than double its overall customer base, from almost 3 million customers to more than 6 million.

Surveillance 145

Surveillance VPN Hacking Cybersecurity 145

Bleeping Computer

SEPTEMBER 24, 2021

Proof-of-concept exploit code for three iOS zero-day vulnerabilities (and a fourth one patched in July) was published on GitHub after Apple delayed patching and failed to credit the researcher. [.].

145

145

We Live Security

SEPTEMBER 21, 2021

The group used phishing, BEC and other types of attacks to swindle victims out of millions. The post European police dismantle cybercrime ring with ties to Italian Mafia appeared first on WeLiveSecurity.

Cybercrime 144

Cybercrime Phishing 144

Tech Republic Security

SEPTEMBER 22, 2021

The most common targets of ransomware in the second quarter of 2021 were governmental, medical and industrial companies along with scientific and educational institutions, says Positive Technologies.

Ransomware 203

Ransomware Accountability Education Malware 203

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

Naked Security

SEPTEMBER 23, 2021

The Microsoft Autodiscover "Great Leak" explained - and how to prevent it

Passwords 144

Passwords 144

Security Affairs

SEPTEMBER 22, 2021

CVE-2021-40847 flaw in Netgear SOHO routers could be exploited by a remote attacker to execute arbitrary code as root. Security experts from consulting firm GRIMM have discovered a vulnerability in Small Offices/Home Offices (SOHO) Netgear routers that could be exploited by a remote attacker to execute arbitrary code as root. The flaw, tracked as CVE-2021-40847, resides in the source of a third-party component included in the firmware of many Netgear devices.

DNS 144

DNS Firmware VPN Risk 144

Bleeping Computer

SEPTEMBER 21, 2021

Security researchers disclosed today a new vulnerability in Apple's macOS Finder, which makes it possible for attackers to run arbitrary commands on Macs running any macOS version up to the latest release, Big Sur. [.].

144

144

Tech Republic Security

SEPTEMBER 21, 2021

More than half of consumers surveyed by Ping Identity said they ditched an online service when logging in proved too frustrating.

201

201

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity