Krebs on Security

OCTOBER 31, 2021

Virtually all compilers — programs that transform human-readable source code into computer-executable machine code — are vulnerable to an insidious attack in which an adversary can introduce targeted vulnerabilities into any software without being detected, new research released today warns. The vulnerability disclosure was coordinated with multiple organizations, some of whom are now releasing updates to address the security weakness.

Security 363

Security Paper Information Security IT 363

Data Breach Today

NOVEMBER 1, 2021

Operators Left Exposed After Overreaching, Says McAfee Enterprise’s John Fokker How is the ransomware ecosystem set to evolve? Since some operations overreached - notably with DarkSide's hit on Colonial Pipeline - "what we're seeing … is that there is going to be a power balance shift," says McAfee's John Fokker, with more affiliates, not gang leaders, calling the shots.

Ransomware 314

Ransomware 314

The Last Watchdog

NOVEMBER 3, 2021

Last Watchdog’s mission is to foster useful understanding about emerging cybersecurity and privacy exposures. Related article: The road to a Pulitzer. While I no longer concern myself with seeking professional recognition for doing this, it’s, of course, always terrific to receive peer validation that we’re steering a good course. That’s why I’m thrilled to point out that Last Watchdog has been recognized, once again, as a trusted source of information on cybersecurity and privacy topics.

Cybersecurity 278

Cybersecurity Privacy Data breaches Ransomware 278

Thales Cloud Protection & Licensing

NOVEMBER 2, 2021

Quantum Resistant Encryption – Are You Ready? madhav. Tue, 11/02/2021 - 09:10. . Some good news and a couple of tips for being prepared. Over the past few months, a handful of Thales CPL clients have mentioned their concern regarding the future threat of quantum computing to their data security frameworks. If you take a good hard look at the risks arising from Quantum, there is bad news and good news.

Encryption 156

Encryption Risk Cybersecurity Compliance 156

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Cloud

Krebs on Security

NOVEMBER 4, 2021

The holiday shopping season always means big business for phishers, who tend to find increased success this time of year with a lure about a wayward package that needs redelivery. Here’s a look at a fairly elaborate SMS-based phishing scam that spoofs FedEx in a bid to extract personal and financial information from unwary recipients. One of dozens of FedEx-themed phishing sites currently being advertised via SMS spam.

Phishing 332

Phishing Insurance Passwords Privacy 332

The Last Watchdog

NOVEMBER 4, 2021

Filing systems, historically speaking, have been all about helping its users find information quickly. Related: GDPR and the new privacy paradigm. Europe’s General Data Protection Regulations (GDPR) changed the game. Generally, filing systems sort by date, department, topic, etc. Legacy filing systems were not built to keep track of the personal data of specific individuals primarily to be in compliance with the many data protection regulations popping up around the world.

Personal data 237

Personal data Privacy Data Privacy Unstructured data 237

Security Affairs

NOVEMBER 4, 2021

Cisco fixed critical flaws that could have allowed unauthenticated attackers to access its devices with hard-coded credentials or default SSH keys. Cisco has released security updates to address two critical vulnerabilities that could have allowed unauthenticated attackers to log in to affected devices using hard-coded credentials or default SSH keys.

Passwords 145

Passwords Authentication Security IT 145

Krebs on Security

NOVEMBER 2, 2021

A number of publications in September warned about the emergence of “ Groove ,” a new ransomware group that called on competing extortion gangs to unite in attacking U.S. government interests online. It now appears that Groove was all a big hoax designed to toy with security firms and journalists. “An appeal to business brothers!” reads the Oct. 22 post from Groove calling for attacks on the United States government sector.

Ransomware 280

Ransomware Passwords Information Security Government 280

Data Breach Today

NOVEMBER 2, 2021

A Nevada Cancer Center Is Also Dealing With the Aftermath of an Attack A recent cyberattack on Community Medical Centers in Northern California has potentially compromised the information of more than 656,000 individuals. Meanwhile, Las Vegas Cancer Center reportedly fell victim to a ransomware attack during Labor Day weekend.

Ransomware 262

Ransomware 262

Advertisement

Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?

The Last Watchdog

NOVEMBER 1, 2021

It doesn’t matter if you want to learn a new language or figure out how to fix your broken clothes dryer; the tools, tutorials, and templates you need are available online. Related: Enlisting ‘human sensors’ Unfortunately, with crime-as-a-service, the same is true for people interested in trying their hand at cybercrime. The dark web provides virtually everything potential attackers need to make their move.

Phishing 150

Phishing Ransomware Security awareness Security 150

Security Affairs

NOVEMBER 5, 2021

US officials believe that a drone was employed in an attempted attack on a power substation in Pennsylvania last year. . US officials believe threat actors used a drone in an attempted attack on a power substation in Pennsylvania last year. The attackers used a DJI Mavic 2 quadcopter-type drone, with a thick copper wire attached underneath it via nylon cords.

Security 145

Security IT Information Security 145

Threatpost

NOVEMBER 5, 2021

CISA is urging vendors to patch, given the release of public exploit code & a proof of concept tool for bugs that open billions of devices – phones, PCs, toys, etc. – to DoS & code execution.

Security 141

Security 141

Data Breach Today

NOVEMBER 1, 2021

How CISOs Can Ensure That the Business Succeeds While It Transforms While doing digital transformation, CISOs tend to look more at technology and try to adapt it without making the distinction between technologies that are must-have and good to have. Krishnamurthy Rajesh of ICRA says CISOs must analyze risks, update security, and change the mindset of employees.

Digital transformation 261

Digital transformation Risk Security IT 261

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

IT

WIRED Threat Level

NOVEMBER 5, 2021

DDoSecrets published the trove Friday afternoon. Privacy advocates say it shows how pervasive law enforcement's eye has become, and how lax its data protection can be.

Privacy 145

Privacy IT Security 145

Security Affairs

OCTOBER 30, 2021

MITRE and CISA announced the release of the “2021 Common Weakness Enumeration (CWE) Most Important Hardware Weaknesses” list. MITRE and the DHS’s Cybersecurity and Infrastructure Security Agency (CISA) have announced the release of the “2021 Common Weakness Enumeration (CWE) Most Important Hardware Weaknesses” list. The list was published with the intent of raising awareness of common hardware weaknesses through CWE and educating designers and programmers on how to address them as part of the pr

Manufacturing 145

Manufacturing Education Access Security 145

Dark Reading

NOVEMBER 4, 2021

Hiring managers must rethink old-school practices to find the right candidates and be ready to engage in meaningful conversations about their company's values. Here are three ways to start.

Cybersecurity 132

Cybersecurity 132

Data Breach Today

OCTOBER 30, 2021

Threat Actors Believed Responsible For More Than 1,800 Ransomware Attacks The suspected cyber actors behind deployment of ransomware strains such as LockerGoga, MegaCortex and Dharma, among others, are under arrest, after a joint operation involving law enforcement and judiciary from eight countries. They are believed to have affected more than 1,800 victims.

Ransomware 252

Ransomware 252

Speaker: Anindo Banerjea, CTO at Civio & Tony Karrer, CTO at Aggregage

When developing a Gen AI application, one of the most significant challenges is improving accuracy. This can be especially difficult when working with a large data corpus, and as the complexity of the task increases. The number of use cases/corner cases that the system is expected to handle essentially explodes. 💥 Anindo Banerjea is here to showcase his significant experience building AI/ML SaaS applications as he walks us through the current problems his company, Civio, is solving.

IT Governance

NOVEMBER 4, 2021

BEC (business email compromise) scams are a type of phishing attack in which fraudsters trick people into handing over money or corporate data. Unlike most phishing attacks, they are highly targeted. The scammer will take the time to compromise or replicate the email address of an organisation’s CEO or another high-level executive, and then email an employee with their request.

Phishing 130

Phishing Education Authentication Access 130

Security Affairs

NOVEMBER 2, 2021

Researchers devised a new attack method called ‘Trojan Source’ that allows hide vulnerabilities into the source code of a software project. Trojan Source is a new attack technique demonstrated by a group of Cambridge researchers that can allow threat actors to hide vulnerabilities in the source code of a software project. The technique could be exploited to inject stealth malware without impacting the semantics of the source code while changing its logic. “We present a new type

Paper 145

Paper IT Risk Security 145

Schneier on Security

NOVEMBER 1, 2021

Really interesting research demonstrating how to hide vulnerabilities in source code by manipulating how Unicode text is displayed. It’s really clever, and not the sort of attack one would normally think about. From Ross Anderson’s blog : We have discovered ways of manipulating the encoding of source code files so that human viewers and compilers see different logic.

Security 129

Security IT Paper 129

Data Breach Today

NOVEMBER 3, 2021

BOD 22-01 Imposes Strict Deadlines for Remediation of Publicly Known Exploits The U.S. Cybersecurity and Infrastructure Security Agency on Wednesday issued a new directive - BOD 22-01 - requiring federal civilian agencies to patch vulnerabilities known to be actively exploited in the wild.

Cybersecurity 247

Cybersecurity Security 247

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Cloud

Hunton Privacy

NOVEMBER 3, 2021

On October 28, 2021, the European Parliament’s Committee on Industry, Research and Energy adopted a draft directive on cybersecurity (“NIS2 Directive”). The NIS2 Directive will broaden the scope of the existing NIS Directive to apply to “important sectors,” such as waste management, postal services, chemicals, food, medical device manufacturers, digital providers and producers of electronics, in addition to “essential sectors.

Cybersecurity 126

Cybersecurity Manufacturing Encryption Security 126

Security Affairs

NOVEMBER 3, 2021

The U.K. Labour Party discloses a data breach after a ransomware attack hit a service provider that is managing its data. The U.K. Labour Party discloses a data breach after a service provider that manages its data was hit by a ransomware attack. The party notified relevant authorities and members that some of their information was impacted by the security breach.

Data breaches 143

Data breaches Ransomware Authentication Security 143

Schneier on Security

NOVEMBER 4, 2021

The Israeli cyberweapons arms manufacturer — and human rights violator , and probably war criminal — NSO Group has been added to the US Department of Commerce’s trade blacklist. US companies and individuals cannot sell to them. Aside from the obvious difficulties this causes, it’ll make it harder for them to buy zero-day vulnerabilities on the open market.

Manufacturing 124

Manufacturing Marketing IT Security 124

Data Breach Today

NOVEMBER 2, 2021

European Commission: Guidelines Aim to Protect Wireless Privacy, Prevent Fraud Wireless device makers in the European Union market will soon have to adhere to a new set of cybersecurity guidelines at the design and production stages of manufacturing, according to the European Commission. The guidelines target devices such as mobile phones, tablets and other products.

Cybersecurity 244

Cybersecurity Manufacturing Marketing Privacy 244

Speaker: Aindra Misra, Senior Manager, Product Management (Data, ML, and Cloud Infrastructure) at BILL

Join us for an insightful webinar that explores the critical intersection of data privacy and AI governance. In today’s rapidly evolving tech landscape, building robust governance frameworks is essential to fostering innovation while staying compliant with regulations. Our expert speaker, Aindra Misra, will guide you through best practices for ensuring data protection while leveraging AI capabilities.

Data Privacy

eSecurity Planet

NOVEMBER 4, 2021

A fundamental cornerstone of security is layers. We use passwords to authenticate our users, run antivirus to keep malware off our endpoints , monitor our networks, and implement firewalls so we can have multiple defenses against attackers. Then, our team members travel for business or work from home and sit outside of all of those layers of security.

Access 123

Access Security Cloud Encryption 123

Security Affairs

OCTOBER 31, 2021

Chaos Ransomware operators target gamers’ Windows devices using Minecraft alt lists as a lure and promoting them on gaming forums. Minecraft is one of the most popular games in the world, it had more than 140 million monthly active players in August 2021. Cybercriminals are attempting to exploit this popularity, the Chaos Ransomware gang is targeting Japanese gamers’ Windows devices through fake Minecraft alt lists promoted on gaming forums.

Ransomware 145

Ransomware Encryption Passwords IT 145

Schneier on Security

NOVEMBER 3, 2021

It turns out that it’s surprisingly easy to create a fake Harvard student and get a harvard.edu email account. Scammers are using that prestigious domain name to shill brands : Basically, it appears that anyone with $300 to spare can ­– or could, depending on whether Harvard successfully shuts down the practice — advertise nearly anything they wanted on Harvard.edu, in posts that borrow the university’s domain and prestige while making no mention of the fact that it in reality

Access 121

Access IT 121