October, 2021

‘Trojan Source’ Bug Threatens the Security of All Code

Krebs on Security

Virtually all compilers — programs that transform human-readable source code into computer-executable machine code — are vulnerable to an insidious attack in which an adversary can introduce targeted vulnerabilities into any software without being detected, new research released today warns.

Data Breach Reports Rise as Supply Chain Attacks Surge

Data Breach Today

US Breach Notification Transparency Declining, Identity Theft Resource Center Warns The number of breach reports filed by U.S. organizations looks set to break records, as breaches tied to phishing, ransomware and supply chain attacks keep surging, the Identity Theft Resource Center warns.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

GUEST ESSAY: Silence on the front lines of strategic cyber assaults belies heightening tensions

The Last Watchdog

First released in the late 1920s, the novel “All Quiet on the Western Front” was publicly burned, banned, derided and censored for its “anti-war” and “unpatriotic” messages. Set in the final weeks of World War 1, the story swings heavily on the contrast between false security and the realities of war. Related: We’re in the golden era of cyber espionage. Today, we are talking about a different war dynamically morphing between a physical war and cyber war. President Joe Biden just told U.S.

What Squid Game Teaches Us About Cybersecurity

Dark Reading

When life inside the security operations center feels treacherous, here are some suggestions for getting out alive

Your Guide to Using Conversational Marketing to Drive Demand Generation

What is conversational marketing really about? This guide will examine the market forces at play, shifting buyer trends, how to leverage conversation marketing, and the tactics involved in adopting it for a B2B demand generation strategy.

MITRE and CISA publish the 2021 list of most common hardware weaknesses

Security Affairs

MITRE and CISA announced the release of the “2021 Common Weakness Enumeration (CWE) Most Important Hardware Weaknesses” list.

More Trending

What Happened to Facebook, Instagram, & WhatsApp?

Krebs on Security

Facebook and its sister properties Instagram and WhatsApp are suffering from ongoing, global outages.

Sales 275

Video Game Streamer 'Twitch' Confirms Massive Data Breach

Data Breach Today

Reports: Platform's Entire Source Code Compromised in 125GB Leak Amazon-owned video streaming service Twitch, which focuses on video games and e-sports broadcasts, reportedly suffered a massive data breach, which the company vaguely confirmed via Twitter.

GUEST ESSAY: How SPDX helps reconcile interdependencies of open, proprietary software

The Last Watchdog

Software today is built on a combination of open source and proprietary software packages. Developers can reuse and build on the packages created by others, which results in the rapid creation of new capabilities and technologies. Related: How SBOM factors into DevSecOps. This reuse creates dependencies, all of which don’t necessarily stay updated at the same pace.

The Simmering Cybersecurity Risk of Employee Burnout

Dark Reading

Why understanding human behavior is essential to building resilient security systems

Risk 111

The Modern Software Checklist: The Secret to Understanding Your Data Security Needs

Understanding your data security needs is tough enough, but what can be even more difficult is choosing the right software to fit your company. This checklist will help you evaluate the scope of services offered by various encryption solutions on the market.

Experts hacked a fully patched iOS 15 running on iPhone 13 at China’s Tianfu Cup hacking contest

Security Affairs

White hat hackers earned $1.88 million at the Tianfu Cup hacking contest by finding vulnerabilities in popular software. The Tianfu Cup is the most important hacking contest held in China, this year white hat hackers earned $1.88 Million on a total bonus of up to $1.5

An Apparent Ransomware Hack Puts the NRA in a Bind

WIRED Threat Level

The group behind the reported attack is under sanctions from the US Treasury, which means a payout could come with penalties for the victim. Security Security / Cyberattacks and Hacks

Missouri Governor Vows to Prosecute St. Louis Post-Dispatch for Reporting Security Vulnerability

Krebs on Security

On Wednesday, the St. Louis Post-Dispatch ran a story about how its staff discovered and reported a security vulnerability in a Missouri state education website that exposed the Social Security numbers of 100,000 elementary and secondary teachers. In a press conference this morning, Missouri Gov.

Ransomware Attack on Israeli Medical Center Raises Alarm

Data Breach Today

Government Authorities Issue Advisories Following Hospital Attack Government authorities in Israel are warning healthcare sector entities in the country of potential cyberattacks after a ransomware attack this week on Hillel Yaffe Medical Center in the city of Hadera.

The Importance of PCI Compliance and Data Ownership When Issuing Payment Cards

This eBook provides a practical explanation of the different PCI compliance approaches that payment card issuers can adopt, as well as the importance of both protecting user PII and gaining ownership and portability of their sensitive data.

MY TAKE: Can Project Wildland’s egalitarian platform make Google, Facebook obsolete?

The Last Watchdog

Most of the people I know professionally and personally don’t spend a lot of time contemplating the true price we pay for the amazing digital services we’ve all become addicted to. Related: Blockchain’s role in the next industrial revolution. I’ll use myself as a prime example. My professional and social life revolve around free and inexpensive information feeds and digital tools supplied by Google, Microsoft, Amazon, LinkedIn, Facebook and Twitter. I’m productive.

'TodayZoo' Phishing Kit Cobbled Together From Other Malware

Dark Reading

Microsoft's analysis of a recent phishing attack shows how cybercriminals are mixing and matching to efficiently develop their attack frameworks

Supply-chain attack on NPM Package UAParser, which has millions of daily downloads

Security Affairs

The U.S. CISA warned of crypto-mining malware hidden in a popular JavaScript NPM library, named UAParser.js, which has millions of weekly downloads. The U.S.

Mining 104

Nation-State Attacker of Telecommunications Networks

Schneier on Security

Someone has been hacking telecommunications networks around the world: LightBasin (aka UNC1945) is an activity cluster that has been consistently targeting the telecommunications sector at a global scale since at least 2016, leveraging custom tools and an in-depth knowledge of telecommunications network architectures.

LinkedIn + ZoomInfo Recruiter: Better Data for Better Candidates

Check out our latest ebook for a guide to the in-depth, wide-ranging candidate and company data offered by ZoomInfo Recruiter — and make your next round of candidate searches faster, more efficient, and ultimately more successful.

How Coinbase Phishers Steal One-Time Passwords

Krebs on Security

A recent phishing campaign targeting Coinbase users shows thieves are getting cleverer about phishing one-time passwords (OTPs) needed to complete the login process.

New File-Locking Malware With No Known Decryptor Found

Data Breach Today

DSCI: Ransomware Alkhal Likely Spread Via Phishing, Malicious URLs The Data Security Council of India has issued an advisory about newly discovered ransomware Alkhal, which uses a strong encryption tool and has no known decryptor to recover lost data. The ransomware was likely discovered on Oct.

GUEST ESSAY: Tapping Bitcoin’s security — to put a stop to ‘51% attacks’ of cryptocurrency exchanges

The Last Watchdog

Over the past five years, cryptocurrency exchanges have been the target of increasingly damaging “ 51% attacks ” resulting in the theft of over $30 million worth of cryptocurrency to date. Related: Wildland restores control of data to individuals. However, these attacks aren’t due to exchange security flaws; malicious actors are exploiting the underlying consensus protocols of blockchains themselves.

Identity-Focused Security Controls Prevail

Dark Reading

How identity and access management strategies held up during the pandemic and tips for putting together an identity security road map

Access 106

Make Payment Optimization a Part of Your Core Payment Strategy

Everything you need to know about payment optimization – an easy-to-integrate, PCI-compliant solution that enables companies to take control of their PSPs, minimize processing costs, maximize approval rates, and keep control over their payments data.

Cyber security horror stories to scare you this Halloween

IT Governance

This Sunday is both Halloween and the end of National Cyber Security Awareness Month – and what better way to mark the occasion than with some cyber security horror stories? In this blog, we look at three ways in which fraudsters trick victims into handing over their sensitive data.

The European Parliament Voted to Ban Remote Biometric Surveillance

Schneier on Security

It’s not actually banned in the EU yet — the legislative process is much more complicated than that — but it’s a step: a total ban on biometric mass surveillance.

IT 103

FCC Proposal Targets SIM Swapping, Port-Out Fraud

Krebs on Security

The U.S.

Nobelium Makes Russia Leader in Cyberattacks

Data Breach Today

Microsoft: 58% of Attacks Reported Worldwide Originated From Russia Microsoft, in its annual threat review report, Digital Defense, says 58% of cyberattacks worldwide over the past year originated in Russia. And 92% of the Russia-based threat activity came from the nation-state threat group Nobeliu

IT 253

A Recruiter’s Guide To Hiring In 2021

With vaccination rates rising, consumers spending more money, and people returning to offices, the job market is going through a period of unprecedented adjustment. As the New York Times observed, “It’s a weird moment for the American economy.” And recruiting professionals are caught in the middle. To make the most of this disruption, you need to understand the economic drivers, develop a strong strategy for unearthing valuable talent, and use the latest tech tools to get the job done. Read this guide to get your recruiting practice ready to thrive in the new normal.

GUEST ESSAY: Here’s why castle-wall defenses utterly fail at stopping deceptive adversaries

The Last Watchdog

When it comes to cyber attacks, most businesses think: “It could never happen to us,” but some plots are just hitting a little too close to home. Related: T-Mobile breach reflects rising mobile device attacks. For instance, if you’ve ever played Grand Theft Auto, you know the goal is quite simply mass destruction: Use whatever resources you have at your disposal to cause as much damage as you possibly can and just keep going. Not familiar with Grand Theft Auto? Let’s try Super Mario Bros.

7 Ways to Lock Down Enterprise Printers

Dark Reading

Following the PrintNightmare case, printer security has become a hot issue for security teams. Here are seven ways to keep printers secure on enterprise networks

Unnamed Ransomware gang uses a Python script to encrypt VMware ESXi servers

Security Affairs

An unnamed ransomware gang used a custom Python script to target VMware ESXi and encrypt all the virtual machines hosted on the server.