Krebs on Security

NOVEMBER 13, 2021

The Federal Bureau of Investigation (FBI) confirmed today that its fbi.gov domain name and Internet address were used to blast out thousands of fake emails about a cybercrime investigation. According to an interview with the person who claimed responsibility for the hoax, the spam messages were sent by abusing insecure code in an FBI online portal designed to share information with state and local law enforcement authorities.

Access 363

Access Security Communications IT 363

The Last Watchdog

NOVEMBER 15, 2021

Industry 4.0 has brought about a metamorphosis in the world of business. The new revolution demands the integration of physical, biological and digital systems under one roof. Related: Fake news leveraged in presidential election. Such a transformation however, comes with its own set of risks. Misleading information has emerged as one of the leading cyber risks in our society, affecting political leaders, nations, and people’s lives, with the COVID-19 pandemic having only made it worse.

Risk 268

Risk Artificial Intelligence Digital transformation Paper 268

Dark Reading

NOVEMBER 17, 2021

Security experts weigh in on the value and pitfalls of extended detection and response (XDR), offering consideration and advice on this growing new category.

Security 114

Security 114

WIRED Threat Level

NOVEMBER 19, 2021

A hacking group is targeting a broad range of organizations, taking advantage of vulnerabilities that have been patched but not yet updated.

Security 145

Security 145

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

Krebs on Security

NOVEMBER 19, 2021

One of the more common ways cybercriminals cash out access to bank accounts involves draining the victim’s funds via Zelle , a “peer-to-peer” (P2P) payment service used by many financial institutions that allows customers to quickly send cash to friends and family. Naturally, a great deal of phishing schemes that precede these bank account takeovers begin with a spoofed text message from the target’s bank warning about a suspicious Zelle transfer.

IT 363

IT Passwords Authentication Phishing 363

Thales Cloud Protection & Licensing

NOVEMBER 15, 2021

How encryption can help address Cloud misconfiguration. divya. Tue, 11/16/2021 - 06:15. Cloud service providers (CSPs) try to make it simple and easy for their users to comply with data privacy regulations and mandates. Still, as all of us who work in technology know, you reduce access to granular controls when you simplify a process. On the flip side, if you allow access to granular controls, the person setting the controls needs to be an expert to set them correctly.

Encryption 143

Encryption Cloud Access Privacy 143

Schneier on Security

NOVEMBER 17, 2021

I received email from two people who told me that Microsoft Edge enabled synching without warning or consent, which means that Microsoft sucked up all of their bookmarks. Of course they can turn synching off, but it’s too late. Has this happened to anyone else, or was this user error of some sort? If this is real, can some reporter write about it?

Passwords 140

Passwords Privacy IT 140

eSecurity Planet

NOVEMBER 19, 2021

IoT security is where endpoint detection and response ( EDR ) and enterprise mobility management ( EMM ) meet the challenges of a rapidly expanding edge computing infrastructure. As the enterprise attack surface grows, IoT is yet another attack vector organizations aren’t fully prepared to defend. Internet of Things (IoT) devices are the smart consumer and business systems powering the homes, factories, and enterprise processes of tomorrow.

IoT 136

IoT Security Risk Cloud 136

Security Affairs

NOVEMBER 16, 2021

Maintainers of the npm package manager for the JavaScript programming language disclosed multiple flaws that were recently addressed. GitHub disclosed two major vulnerabilities in the npm that have been already addressed. The first vulnerability can be exploited by an attacker to publish new versions of any npm package using an account without proper authorization.

Authentication 145

Authentication Security IT Access 145

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Cloud

Dark Reading

NOVEMBER 19, 2021

Zero trust isn't a silver bullet, but if implemented well it can help create a much more robust security defense.

Ransomware 135

Ransomware Security IT 135

Troy Hunt

NOVEMBER 17, 2021

Like most of my good ideas, this one came completely by accident. The other day I was packaging up some swag to send to the winner of my impromptu best "Anonymous" meme competition and I decided to share the following tweet: Time to ramp up the 3D @haveibeenpwned printing too, been giving away a heap of these! pic.twitter.com/ffZpM5aZtx — Troy Hunt (@troyhunt) November 14, 2021 And I was promptly hit by many, many requests for 3D printed HIBP logos.

IT 27

IT 27

DLA Piper Privacy Matters

NOVEMBER 18, 2021

Author: Sinead Lynch. At DLA Piper we advise clients that develop or create technology, are enabled by technology, or whose business model is fundamentally based on technology. From start-ups, to fast growing and mid-market businesses, to mature global enterprises, DLA Piper supports innovative businesses and new ventures. It is at the heart of what we do.

Privacy 133

Privacy Digital transformation Government Financial Services 133

Security Affairs

NOVEMBER 15, 2021

Cloudflare announced to have mitigated a distributed denial-of-service (DDoS) attack that peaked at almost 2 terabytes per second (Tbps). Cloudflare, Inc. is an American web infrastructure and website security company that provides content delivery network and DDoS mitigation services. The company announced to have mitigated a distributed denial-of-service (DDoS) attack that peaked just below 2 terabytes per second (Tbps), which is the largest attack Cloudflare has seen to date.

IT 145

IT IoT Cloud Security 145

Advertisement

Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?

Dark Reading

NOVEMBER 17, 2021

Machine learning delivers plenty of benefits. But as the emerging technology gets applied more broadly, be careful about how you handle all the data used in the process.

GDPR 131

GDPR Privacy 131

eSecurity Planet

NOVEMBER 18, 2021

New cybersecurity buzzwords are always in abundance at the Gartner Security & Risk Management Summit, and the concepts that took center stage this week, like cybersecurity mesh and decentralized identity, seem well suited for new threats that have exploded onto the scene in the last year. Gartner analyst Ruggero Contu noted that security risks are becoming external: the software supply chain , the public cloud , the trading of breached data, and IoT and operational technology (OT) are all th

Cybersecurity 130

Cybersecurity Security Analytics Blockchain 130

Schneier on Security

NOVEMBER 16, 2021

The FBI has issued a bulletin describing a bitcoin variant of a wire fraud scam : As the agency describes it, the scammer will contact their victim and somehow convince them that they need to send money, either with promises of love, further riches, or by impersonating an actual institution like a bank or utility company. After the mark is convinced, the scammer will have them get cash (sometimes out of investment or retirement accounts), and head to an ATM that sells cryptocurrencies and suppor

IT 123

IT 123

Security Affairs

NOVEMBER 13, 2021

Threat actors hacked email servers of the FBI to distribute spam email impersonating FBI warnings of fake cyberattacks. The email servers of the FBI were hacked to distribute spam email impersonating the Department of Homeland Security (DHS) warnings of fake sophisticated chain attacks from an advanced threat actor. The message tells the recipients that their network has been breached and that the threat actor has stolen their data. “Our intelligence monitoring indicates exfiltration of se

Security 145

Security Information Security IT 145

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

IT

Threatpost

NOVEMBER 15, 2021

CVE-2021-0146, arising from a debugging functionality with excessive privileges, allows attackers to read encrypted files.

Encryption 122

Encryption 122

eSecurity Planet

NOVEMBER 19, 2021

In a year in which ransomware attacks seem to get worse by the day, companies have made surprising progress defending themselves against attacks. But the attention paid to the malware by journalists, cybersecurity vendors and increasingly, government agencies , has pushed companies to improve their preparedness to defend themselves against ransomware gangs, according to a report this week by security solutions vendor Cymulate.

Ransomware 130

Ransomware Cybersecurity Cloud Security 130

Schneier on Security

NOVEMBER 15, 2021

This is part 3 of Sean Gallagher’s advice for “securing your digital life.

Security 122

Security Risk Phishing Cybersecurity 122

Security Affairs

NOVEMBER 19, 2021

Researchers revealed that Conti ransomware operators earned at least $25.5 million from ransom payments since July 2021. A study conducted by Swiss security firm Prodaft with the support of blockchain analysis firm Elliptic revealed that the operators of the Conti ransomware have earned at least $25.5 million from attacks and subsequent ransoms carried out since July 2021.

Ransomware 144

Ransomware Blockchain Privacy IT 144

Speaker: Anindo Banerjea, CTO at Civio & Tony Karrer, CTO at Aggregage

When developing a Gen AI application, one of the most significant challenges is improving accuracy. This can be especially difficult when working with a large data corpus, and as the complexity of the task increases. The number of use cases/corner cases that the system is expected to handle essentially explodes. 💥 Anindo Banerjea is here to showcase his significant experience building AI/ML SaaS applications as he walks us through the current problems his company, Civio, is solving.

Dark Reading

NOVEMBER 15, 2021

Ransomware is everywhere, including the nightly news. Most people know what it is, but how do ransomware attackers get in, and how can we defend against them?

Ransomware 121

Ransomware IT 121

eSecurity Planet

NOVEMBER 18, 2021

A payload is a piece of code that executes when hackers exploit a vulnerability. In other words, it’s an exploit module. It’s usually composed of a few commands that will run on the targeted operating system (e.g., key-loggers) to steal data and other malicious acts. Most operations use payloads, but there are a few payload-less attacks, such as phishing campaigns that do not include malicious links or malware , but rely on more sophisticated deception such as spoofing to trick their targets.

Cybersecurity 129

Cybersecurity Access Phishing Security 129

Schneier on Security

NOVEMBER 19, 2021

Rowhammer is an attack technique involving accessing — that’s “hammering” — rows of bits in memory, millions of times per second, with the intent of causing bits in neighboring rows to flip. This is a side-channel attack, and the result can be all sorts of mayhem. Well, there is a new enhancement: All previous Rowhammer attacks have hammered rows with uniform patterns, such as single-sided, double-sided, or n-sided.

Access 120

Access IT 120

Security Affairs

NOVEMBER 15, 2021

Security researchers from Cleafy discovered a new Android banking trojan, named SharkBot, that is targeting banks in Europe. At the end of October, researchers from cyber security firms Cleafy and ThreatFabric have discovered a new Android banking trojan named SharkBot. The name comes after one of the domains used for its command and control servers.

Financial Services 145

Financial Services Access Security IT 145

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Cloud

Troy Hunt

NOVEMBER 19, 2021

I'm outdoors! I've really wanted to get my mobile recording setup slick for some time now and after a bunch of mucking around with various mics (and a bit of "debugging in production" during this video), I'm finally really happy with it. I've just watched this back and other than mucking around with the gain in the first part of the video, I reckon it's great.

IT 118

IT 118

eSecurity Planet

NOVEMBER 18, 2021

Email is typically the channel through which ransomware and malware are unleashed upon the enterprise. Phishing scams use it to compromise networks. Executives are conned by fake emails into sending funds to the wrong places – or worse, giving up their privileged credentials. Employees are duped into clicking on malicious email attachments and links.

Security 125

Security Phishing Cloud Ransomware 125

DLA Piper Privacy Matters

NOVEMBER 16, 2021

In the most significant development this year (arguably more so than the Data Security Law (“ DSL ”) and the Personal Information Protection Law (“ PIPL ”) coming into force), draft detailed guidance on how organisations can in practice comply with China’s strict data, e-commerce and online platform rules – including new compliance obligations – has been published.

Compliance 118

Compliance Personal data Security Risk 118