Schneier on Security

SEPTEMBER 22, 2021

The Washington Post reports that the FBI had a decryption key for the REvil ransomware, but didn’t pass it along to victims because it would have disrupted an ongoing operation. The key was obtained through access to the servers of the Russia-based criminal gang behind the July attack. Deploying it immediately could have helped the victims, including schools and hospitals, avoid what analysts estimate was millions of dollars in recovery costs.

Ransomware 315

Ransomware Government Hacking 315

Krebs on Security

SEPTEMBER 20, 2021

It happens all the time: Organizations get hacked because there isn’t an obvious way for security researchers to let them know about security vulnerabilities or data leaks. Or maybe it isn’t entirely clear who should get the report when remote access to an organization’s internal network is being sold in the cybercrime underground.

Retail 315

Retail Healthcare Internet Internet 315

Tech Republic Security

SEPTEMBER 23, 2021

Issuing and installing SSL certificates doesn't have to be a challenge, especially when there are tools like acme.sh available. Jack Wallen shows you how to install and use this handy script.

Encryption 207

Encryption 207

Bleeping Computer

SEPTEMBER 24, 2021

Proof-of-concept exploit code for three iOS zero-day vulnerabilities (and a fourth one patched in July) was published on GitHub after Apple delayed patching and failed to credit the researcher. [.].

145

145

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Schneier on Security

SEPTEMBER 24, 2021

The MIT Technology Review is reporting that 2021 is a blockbuster year for zero-day exploits: One contributing factor in the higher rate of reported zero-days is the rapid global proliferation of hacking tools. Powerful groups are all pouring heaps of cash into zero-days to use for themselves — and they’re reaping the rewards. At the top of the food chain are the government-sponsored hackers.

Hacking 288

Hacking Government Technology Ransomware 288

Security Affairs

SEPTEMBER 19, 2021

The popular whistleblower Edward Snowden recommends customers of ExpressVPN VPN service to stop using it. Last week the Israeli cybersecurity firm Kape Technologies has acquired the industry’s leading virtual private networks ExpressVPN, as part of a $936 million deal. Kape announced that the acquisition will more than double its overall customer base, from almost 3 million customers to more than 6 million.

Surveillance 145

Surveillance VPN Hacking Cybersecurity 145

Bleeping Computer

SEPTEMBER 18, 2021

Windows 11 is no longer compatible with the immensely popular Oracle VirtualBox virtualization platform after Microsoft changed its hardware requirement policies for virtual machines. [.].

145

145

Schneier on Security

SEPTEMBER 21, 2021

Apparently, a nation-state hacked Alaska’s Department of Health and Social Services. Not sure why Alaska’s Department of Health and Social Services is of any interest to a nation-state, but that’s probably just my failure of imagination.

Hacking 275

Hacking Healthcare 275

We Live Security

SEPTEMBER 21, 2021

The group used phishing, BEC and other types of attacks to swindle victims out of millions. The post European police dismantle cybercrime ring with ties to Italian Mafia appeared first on WeLiveSecurity.

Cybercrime 144

Cybercrime Phishing 144

Tech Republic Security

SEPTEMBER 21, 2021

When change affects people in your organization, remember that you have a wealth of talent that needn't go to waste. Consider re-skilling to meet the company's needs as well as the employees'.

189

189

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Bleeping Computer

SEPTEMBER 21, 2021

Security researchers disclosed today a new vulnerability in Apple's macOS Finder, which makes it possible for attackers to run arbitrary commands on Macs running any macOS version up to the latest release, Big Sur. [.].

144

144

Security Boulevard

SEPTEMBER 20, 2021

The supply chain is something most people take for granted—until something goes wrong. The pandemic highlighted just how quickly business can grind to a halt if the supply chain is disrupted. Organizations have found that edge computing makes the supply chain run more efficiently, but this move to the edge requires a new approach to. The post Securing the Edge in the Supply Chain appeared first on Security Boulevard.

IoT 143

IoT Internet Internet Cybersecurity 143

We Live Security

SEPTEMBER 23, 2021

While Apple did issue a patch for the vulnerability, it seems that the fix can be easily circumvented. The post Bug in macOS Finder allows remote code execution appeared first on WeLiveSecurity.

144

144

Tech Republic Security

SEPTEMBER 24, 2021

Cybersecurity professionals rely on VPNs to secure remote endpoints with an organization's home network. One expert suggests there is a better, simpler and safer approach to accomplish the same thing.

Cybersecurity 190

Cybersecurity 190

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

The Hacker News

SEPTEMBER 21, 2021

Unidentified threat actors breached a server running an unpatched, 11-year-old version of Adobe's ColdFusion 9 software in minutes to remotely take over control and deploy file-encrypting Cring ransomware on the target's network 79 hours after the hack.

Ransomware 141

Ransomware Encryption Accountability Hacking 141

Security Boulevard

SEPTEMBER 19, 2021

Cybercriminals attacked with gusto in the first half of 2021 and attacks show no signs of slowing down. In just the first half of the year, malicious actors exploited dangerous vulnerabilities across different types of devices and operating systems, leading to major attacks that shut down fuel networks and extracted millions from enterprises. These were.

Ransomware 141

Ransomware Cryptocurrency Malware Cybersecurity 141

Bleeping Computer

SEPTEMBER 22, 2021

Bugs in the implementation of Microsoft Exchange's Autodiscover feature have leaked approximately 100,000 login names and passwords for Windows domains worldwide. [.].

Passwords 144

Passwords 144

Tech Republic Security

SEPTEMBER 23, 2021

Knock, knock. who's there? SSH. SSH who? You need to lock down your servers so that only you have access via SSH. One way to help that is with knockd. Jack Wallen shows you how.

188

188

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Security Affairs

SEPTEMBER 22, 2021

CVE-2021-40847 flaw in Netgear SOHO routers could be exploited by a remote attacker to execute arbitrary code as root. Security experts from consulting firm GRIMM have discovered a vulnerability in Small Offices/Home Offices (SOHO) Netgear routers that could be exploited by a remote attacker to execute arbitrary code as root. The flaw, tracked as CVE-2021-40847, resides in the source of a third-party component included in the firmware of many Netgear devices.

DNS 142

DNS Firmware VPN Risk 142

Malwarebytes

SEPTEMBER 21, 2021

Last week, security researcher Patrick Wardle released details of a new piece of malware masquerading as the legitimate app iTerm2. The malware was discovered earlier the same day by security researcher Zhi ( @CodeColorist on Twitter), and detailed on a Chinese-language blog. (For those who don’t speak Chinese, Safari seems to do a fair job of translating it.). iTerm2 is a legitimate replacement for the macOS Terminal app, offering some powerful features that Terminal does not.

Malware 140

Malware Passwords Engineering 140

Bleeping Computer

SEPTEMBER 22, 2021

Threat actors have already started targeting Internet-exposed VMware vCenter servers unpatched against a critical arbitrary file upload vulnerability patched yesterday that could lead to remote code execution. [.].

Internet 139

Internet Internet 139

Tech Republic Security

SEPTEMBER 20, 2021

For added security, Windows 11 will forgo the older MBR partition scheme and use GPT instead. That may require users to convert their older hard drives. Here is how to do it.

187

187

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

Security Affairs

SEPTEMBER 20, 2021

Security researchers discovered an unsecured database exposed online containing the personal information of millions of visitors to Thailand. The popular cybersecurity research Bob Diachenko discovered his personal data online stored on an unprotected Elasticsearch database containing the personal details of more than 106 million visitors to Thailand.

Engineering 145

Engineering Hacking Cybersecurity Data breaches 145

Security Boulevard

SEPTEMBER 24, 2021

September marks the third annual National Insider Threat Awareness Month, launched by various federal agencies to highlight the growing danger insider threats pose to national security. Though the initiative has successfully increased awareness of the risks associated with insider threats, many organizations remain susceptible to attacks. In fact, 60% of organizations have more than 20.

Cybersecurity 138

Cybersecurity Risk Social Engineering Engineering 138

Bleeping Computer

SEPTEMBER 19, 2021

A Pakistani fraudster was sentenced earlier this week to 12 years in prison after AT&T, the world's largest telecommunications company, lost over $200 million after he and his co-conspirators coordinated a seven year scheme that led to the fraudulent unlocking of almost 2 million phones. [.].

Telecommunications 139

Telecommunications 139

Tech Republic Security

SEPTEMBER 20, 2021

Just a couple of years of IT experience is all that's necessary to break into the cybersecurity field with this self-paced training.

Cybersecurity 199

Cybersecurity 199

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

Graham Cluley

SEPTEMBER 22, 2021

Facebook-powered Rayban-Stories - digital spectacles that are worn, and can take photos and movies of the unsuspecting public. What could possibly be wrong with that?

143

143

PCI perspectives

SEPTEMBER 24, 2021

Today, the Council has published “ PCI SSC Remote Assessment Guidelines and Procedures ”. These Guidelines define the principles and procedures for the appropriate use of remote assessments for PCI SSC standards when an onsite assessment is not possible. Here we interview Emma Sutcliffe, SVP Standards Officer on how the industry can use these guidelines to support secure remote assessment practices.

137

137

Bleeping Computer

SEPTEMBER 24, 2021

Google has released Chrome 94.0.4606.61 for Windows, Mac, and Linux, an emergency update addressing a high-severity zero-day vulnerability exploited in the wild. [.].

143

143

Tech Republic Security

SEPTEMBER 23, 2021

Commentary: Open source has never been more popular or more under attack, but there's something cloud providers can do to make OSS more secure.

189

189

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity