Dark Reading

NOVEMBER 8, 2021

These scripts and commands provide short-term fixes for blocking the Trojan Source attack that abuses Unicode to inject malicious backdoors in source code.

130

130

The Last Watchdog

NOVEMBER 8, 2021

There’s no doubt, the increasing use of telemedicine, the explosion of health-based cloud apps, and innovative medical IoT devices are improving the patient care experience. Related: Hackers relentlessly target healthcare providers. However, healthcare data ranks at the top of the list for needing improvements in security and privacy protections. This data is managed by different entities, such as primary care facilities, acute care facilities and within associated applications that collect, sto

Privacy 349

Privacy Access Security IoT 349

Dark Reading

NOVEMBER 9, 2021

One of the biggest mistakes an organization can make is blindly throwing technology at the problem instead of properly investing in building a security team.

Ransomware 104

Ransomware IT Security 104

Krebs on Security

NOVEMBER 10, 2021

Most of us have probably heard the term “smishing” — which is a portmanteau for traditional ph ishing scams sent through SMS text messages. Smishing messages usually include a link to a site that spoofs a popular bank and tries to siphon personal information. But increasingly, phishers are turning to a hybrid form of smishing — blasting out linkless text messages about suspicious bank transfers as a pretext for immediately calling and scamming anyone who responds via text

Phishing 362

Phishing Security IT 362

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Cloud

Preservica

NOVEMBER 9, 2021

Welcome to the "How we do it" Video Series. If you are a Clerk, Records Manager or Archivist for City or County Government, our practical “How we do it” videos are for you! We have compiled a series of videos, from users in City and County Government to share how they quickly and easily perform common electronic records preservation and access tasks with Preservica’ s solutions.

Digital preservation 144

Digital preservation Records Management Archiving Government 144

Security Affairs

NOVEMBER 10, 2021

South Korean users have been targeted with a new sophisticated Android spyware, tracked as PhoneSpy, as part of an ongoing campaign. Researchers from Zimperium zLabs uncovered an ongoing campaign aimed at infecting the mobile phones of South Korean users with new sophisticated android spyware dubbed PhoneSpy. The malware already hit more than a thousand South Korean victims.

Phishing 145

Phishing Access Communications IT 145

Krebs on Security

NOVEMBER 8, 2021

The U.S. Department of Justice today announced the arrest of Ukrainian man accused of deploying ransomware on behalf of the REvil ransomware gang, a Russian-speaking cybercriminal collective that has extorted hundreds of millions from victim organizations. The DOJ also said it had seized $6.1 million in cryptocurrency sent to another REvil affiliate, and that the U.S.

Ransomware 320

Ransomware Passwords Systems administration IT 320

Thales Cloud Protection & Licensing

NOVEMBER 9, 2021

Evolution of Cloud Security: From Shared Responsibility to Shared Fate. madhav. Tue, 11/09/2021 - 11:20. Over the past year and a half, we have witnessed seismic changes with the accelerated adoption of the cloud and the shift to hybrid working. According to McKinsey, cloud adoption has been accelerated by three years compared to pre-pandemic adoption rates while Gartner is estimating that spending on public cloud services will exceed $480 billion next year.

Cloud 123

Cloud Security Encryption Insurance 123

Threatpost

NOVEMBER 10, 2021

The distributed computing vendor patched the flaw, affecting Citrix ADC and Gateway, along with another flaw impacting availability for SD-WAN appliances.

Access 138

Access Cloud Security 138

Advertisement

Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?

Security Affairs

NOVEMBER 12, 2021

Google revealed that threat actors recently exploited a zero-day vulnerability in macOS to deliver malware to users in Hong Kong. Google TAG researchers discovered that threat actors leveraged a zero-day vulnerability in macOS in a watering hole campaign aimed at delivering malware to users in Hong Kong. The attackers exploited a XNU privilege escalation vulnerability ( CVE-2021-30869 ) unpatched in macOS Catalina.

Encryption 145

Encryption IT Security Information Security 145

Krebs on Security

NOVEMBER 9, 2021

Microsoft Corp. today released updates to quash at least 55 security bugs in its Windows operating systems and other software. Two of the patches address vulnerabilities that are already being used in active attacks online, and four of the flaws were disclosed publicly before today — potentially giving adversaries a head start in figuring out how to exploit them.

Passwords 271

Passwords Authentication Security Ransomware 271

eSecurity Planet

NOVEMBER 10, 2021

For a security technology that’s only a few years old, microsegmentation is catching on quickly. According to a new report from edge security vendor Byos, 88 percent of cybersecurity leaders believe microsegmentation is essential to achieving zero trust security, and 83 percent are currently leveraging microsegmentation in some form. Despite such strong uptake, the market still has plenty of room to grow, the report found: only 17 percent have fully invested in microsegmentation to the poi

Communications 127

Communications IoT Access Marketing 127

Schneier on Security

NOVEMBER 10, 2021

I just don’t think it’s possible to create a hack-proof computer system, especially when the system is physically in the hands of the hackers. The Sony Playstation 5 is the latest example: Hackers may have just made some big strides towards possibly jailbreaking the PlayStation 5 over the weekend, with the hacking group Fail0verflow claiming to have managed to obtain PS5 root keys allowing them to decrypt the console’s firmware. […].

Paper 124

Paper Access Security IT 124

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

IT

Security Affairs

NOVEMBER 10, 2021

Researchers have identified a total of 14 new vulnerabilities in BusyBox that expose million of Unix-based devices to cyberattacks. Researchers from software development company JFrog and industrial cybersecurity firm Claroty have identified a total of 14 new critical vulnerabilities in BusyBox. The software is used by many network appliances and embedded devices with limited memory and storage resources.

Risk 139

Risk Cybersecurity IT Security 139

WIRED Threat Level

NOVEMBER 11, 2021

Visitors to pro-democracy and media sites in the region were infected with malware that could download files, steal data, and more.

Security 143

Security 143

Dark Reading

NOVEMBER 10, 2021

AWS fixed the security flaws that left the API service at risk of so-called HTTP header-smuggling attacks, says the researcher who discovered them.

Risk 132

Risk Security 132

Schneier on Security

NOVEMBER 12, 2021

Google researchers discovered a MacOS zero-day exploit being used against Hong Kong activists. It was a “watering hole” attack, which means the malware was hidden in a legitimate website. Users visiting that website would get infected. From an article : Google’s researchers were able to trigger the exploits and study them by visiting the websites compromised by the hackers.

Cybersecurity 122

Cybersecurity Security IT 122

Speaker: Anindo Banerjea, CTO at Civio & Tony Karrer, CTO at Aggregage

When developing a Gen AI application, one of the most significant challenges is improving accuracy. This can be especially difficult when working with a large data corpus, and as the complexity of the task increases. The number of use cases/corner cases that the system is expected to handle essentially explodes. 💥 Anindo Banerjea is here to showcase his significant experience building AI/ML SaaS applications as he walks us through the current problems his company, Civio, is solving.

Security Affairs

NOVEMBER 7, 2021

Threat actors are impersonating cybersecurity firm Proofpoint to trick victims into providing Microsoft Office 365 and Gmail credentials. Cybercriminals are impersonating the cybersecurity firm Proofpoint to trick victims into providing Microsoft Office 365 and Google Gmail credentials. The phishing messages use mortgage payments as a lure, they have the subject “Re: Payoff Request.”. “The email claimed to contain a secure file sent via Proofpoint as a link.” reads the post published

Phishing 140

Phishing Security Cybersecurity IT 140

Threatpost

NOVEMBER 10, 2021

Researchers have a working exploit for the vulnerability (now patched), which allows for unauthenticated RCE and affects an estimated 70,000+ VPN/firewalls.

Security 127

Security 127

eSecurity Planet

NOVEMBER 8, 2021

The McAfee consumer security business, which trades on the NASDAQ under the symbol MCFE, will be going private in a deal valued at more than $14 billion. McAfee had sold its Enterprise business just a few months ago, to a private consortium led by Symphony Technology Group (STG) – and McAfee Enterprise was subsequently merged with the FireEye security products business that STG acquired from Mandiant (MNDT).

Cybersecurity 117

Cybersecurity Security IT 117

OpenText Information Management

NOVEMBER 8, 2021

While public clouds offer a breadth of benefits such as cost savings, scalability, and flexibility, many government entities are hesitant to make the leap. As of 2019, only 11% of federal IT systems are running in the cloud, and less than 5% of private government clouds are experiencing the full breadth of benefits available from cloud adoption. This is largely due to security, privacy, … The post The big challenges in wide-scale government cloud adoption appeared first on OpenText Blogs.

Cloud 116

Cloud Government Privacy Security 116

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Cloud

Security Affairs

NOVEMBER 11, 2021

Researchers at AT&T discovered a new BotenaGo botnet that is using thirty three exploits to target millions of routers and IoT devices. BotenaGo is a new botnet discovered by researchers at AT&T that leverages thirty three exploits to target millions of routers and IoT devices. Below is the list of exploits used by the bot: Vulnerability Affected devices CVE-2020-8515 DrayTek Vigor2960 1.3.1_Beta, Vigor3900 1.4.4_Beta, and Vigor300B 1.3.3_Beta, 1.4.2.1_Beta, and 1.4.4_Beta devices CVE-20

IoT 140

IoT Communications IT Security 140

Threatpost

NOVEMBER 12, 2021

Immutable storage and more: Sonya Duffin, data protection expert at Veritas Technologies, offers the Top 10 steps for building a multi-layer resilience profile.

Cybersecurity 120

Cybersecurity Ransomware Cloud Security 120

Dark Reading

NOVEMBER 10, 2021

OT security engineers and personnel should approach senior management with an emphasis on risk reduction benefits and with a concrete plan to secure budget and funding before it's too late.

Security 113

Security Cybersecurity Risk IT 113

Hunton Privacy

NOVEMBER 12, 2021

On November 5, 2021, the Federal Trade Commission suggested two preventative steps small businesses can take to protect against ransomware risks: Step #1: Make sure your tech team is following best practices to fend off a ransomware attack. Be prepared by backing up data. Set up off-line, off-site encrypted backups of information essential to the business.

Ransomware 108

Ransomware Passwords Authentication Education 108

Speaker: Aindra Misra, Senior Manager, Product Management (Data, ML, and Cloud Infrastructure) at BILL

Join us for an insightful webinar that explores the critical intersection of data privacy and AI governance. In today’s rapidly evolving tech landscape, building robust governance frameworks is essential to fostering innovation while staying compliant with regulations. Our expert speaker, Aindra Misra, will guide you through best practices for ensuring data protection while leveraging AI capabilities.

Data Privacy

Security Affairs

NOVEMBER 8, 2021

Operation Cyclone – Six alleged affiliates with the Clop ransomware operation were arrested in an international joint law enforcement operation led by Interpol. Interpol announced the arrest of six alleged affiliates with the Clop ransomware operation as part of an international joint law enforcement operation codenamed Operation Cyclone. Law enforcement authorities from South Korea, Ukraine, and the United States, joint their efforts in a 30-month investigation that was coordinated by Int

Ransomware 142

Ransomware Access Risk Security 142

Threatpost

NOVEMBER 12, 2021

Europol reports that criminal groups are undermining the EU’s economy and its society, offering everything from murder-for-hire to kidnapping, torture and mutilation.

IT 116

IT 116

Dark Reading

NOVEMBER 9, 2021

By focusing on the organization rather than the threat, AI can identify subtle changes in your digital environment that point to a cyber threat.

Security 123

Security 123