Sat.Nov 06, 2021 - Fri.Nov 12, 2021

3 Ways to Deal With the Trojan Source Attack

Dark Reading

These scripts and commands provide short-term fixes for blocking the Trojan Source attack that abuses Unicode to inject malicious backdoors in source code

110
110

GUEST ESSAY: Securely managing access controls is vital to preserving the privacy of healthcare data

The Last Watchdog

There’s no doubt, the increasing use of telemedicine, the explosion of health-based cloud apps, and innovative medical IoT devices are improving the patient care experience. Related: Hackers relentlessly target healthcare providers.

Access 217
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

How to Minimize Ransomware's Trail of Destruction and Its Associated Costs

Dark Reading

One of the biggest mistakes an organization can make is blindly throwing technology at the problem instead of properly investing in building a security team

SMS About Bank Fraud as a Pretext for Voice Phishing

Krebs on Security

Most of us have probably heard the term “smishing” — which is a portmanteau for traditional ph ishing scams sent through SMS text messages. Smishing messages usually include a link to a site that spoofs a popular bank and tries to siphon personal information.

Your Guide to Using Conversational Marketing to Drive Demand Generation

What is conversational marketing really about? This guide will examine the market forces at play, shifting buyer trends, how to leverage conversation marketing, and the tactics involved in adopting it for a B2B demand generation strategy.

Hackers Targeted Hong Kong Apple Devices in Widespread Attack

WIRED Threat Level

Visitors to pro-democracy and media sites in the region were infected with malware that could download files, steal data, and more. Security Security / Cyberattacks and Hacks

More Trending

Researcher Details Vulnerabilities Found in AWS API Gateway

Dark Reading

AWS fixed the security flaws that left the API service at risk of so-called HTTP header-smuggling attacks, says the researcher who discovered them

Risk 110

REvil Ransom Arrest, $6M Seizure, and $10M Reward

Krebs on Security

The U.S. Department of Justice today announced the arrest of Ukrainian man accused of deploying ransomware on behalf of the REvil ransomware gang, a Russian-speaking cybercriminal collective that has extorted hundreds of millions from victim organizations. The DOJ also said it had seized $6.1

The Best Wi-Fi 6 Routers Secure and Fast Enough for Business

eSecurity Planet

Remote work and home offices were an afterthought until the COVID-19 pandemic. They were then vaulted to the forefront of security concerns so quickly that security and IT teams were caught off guard. Now, remote work is likely here to stay even after the pandemic is gone.

macOS Zero-Day exploited in watering hole attacks on users in Hong Kong

Security Affairs

Google revealed that threat actors recently exploited a zero-day vulnerability in macOS to deliver malware to users in Hong Kong.

The Modern Software Checklist: The Secret to Understanding Your Data Security Needs

Understanding your data security needs is tough enough, but what can be even more difficult is choosing the right software to fit your company. This checklist will help you evaluate the scope of services offered by various encryption solutions on the market.

Open Source Project Aims to Detect Living-Off-the-Land Attacks

Dark Reading

The machine learning classifier from Adobe can determine whether system commands are malicious and classify them using a variety of tags useful for security analysts

Microsoft Patch Tuesday, November 2021 Edition

Krebs on Security

Microsoft Corp. today released updates to quash at least 55 security bugs in its Windows operating systems and other software.

MacOS Zero-Day Used against Hong Kong Activists

Schneier on Security

Google researchers discovered a MacOS zero-day exploit being used against Hong Kong activists. It was a “watering hole” attack, which means the malware was hidden in a legitimate website. Users visiting that website would get infected.

IT 93

Experts found 14 new flaws in BusyBox, millions of devices at risk

Security Affairs

Researchers have identified a total of 14 new vulnerabilities in BusyBox that expose million of Unix-based devices to cyberattacks. Researchers from software development company JFrog and industrial cybersecurity firm Claroty have identified a total of 14 new critical vulnerabilities in BusyBox.

Risk 93

The Importance of PCI Compliance and Data Ownership When Issuing Payment Cards

This eBook provides a practical explanation of the different PCI compliance approaches that payment card issuers can adopt, as well as the importance of both protecting user PII and gaining ownership and portability of their sensitive data.

Why Self-Learning AI Is Changing the Paradigm of ICS Security

Dark Reading

By focusing on the organization rather than the threat, AI can identify subtle changes in your digital environment that point to a cyber threat

The Biggest Ransomware Bust Yet Might Actually Make an Impact

WIRED Threat Level

By arresting one alleged hacker associated with REVil and seizing millions from another, the US has made it clear that ransomware comes with a cost. Security Security / Security News

Hacking the Sony Playstation 5

Schneier on Security

I just don’t think it’s possible to create a hack-proof computer system, especially when the system is physically in the hands of the hackers.

Paper 92

Taiwan Government faces 5 Million hacking attempts daily

Security Affairs

Taiwan ‘s government agencies face around five million cyberattacks and probes every day, most of them from China. Around five million cyber attacks hit Taiwan’s government agencies every day, and most of the hacking attempts are originated from China.

LinkedIn + ZoomInfo Recruiter: Better Data for Better Candidates

Check out our latest ebook for a guide to the in-depth, wide-ranging candidate and company data offered by ZoomInfo Recruiter — and make your next round of candidate searches faster, more efficient, and ultimately more successful.

Firms Will Struggle to Secure Extended Attack Surface in 2022

Dark Reading

Companies are relying more heavily on third parties, remote employees, and partners, expanding their attack surface area beyond traditional boundaries

Digital transformation requires operating model changes

DXC

“Cloud technology is an enabler for industry and individuals to do things that would never have been possible before.”

Advice for Personal Digital Security

Schneier on Security

ArsTechnica’s Sean Gallagher has a two – part article on “securing your digital life.” ” It’s pretty good. Uncategorized cybersecurity risk assessment security analysis threat models

BotenaGo botnet targets millions of IoT devices using 33 exploits

Security Affairs

Researchers at AT&T discovered a new BotenaGo botnet that is using thirty three exploits to target millions of routers and IoT devices. BotenaGo is a new botnet discovered by researchers at AT&T that leverages thirty three exploits to target millions of routers and IoT devices.

IoT 91

Make Payment Optimization a Part of Your Core Payment Strategy

Everything you need to know about payment optimization – an easy-to-integrate, PCI-compliant solution that enables companies to take control of their PSPs, minimize processing costs, maximize approval rates, and keep control over their payments data.

4 Tips to Secure the OT Cybersecurity Budget You Require

Dark Reading

OT security engineers and personnel should approach senior management with an emphasis on risk reduction benefits and with a concrete plan to secure budget and funding before it's too late

Risk 101

The big challenges in wide-scale government cloud adoption

OpenText Information Management

While public clouds offer a breadth of benefits such as cost savings, scalability, and flexibility, many government entities are hesitant to make the leap.

Cloud 87

Episode 230: Are Vaccine Passports Cyber Secure?

The Security Ledger

In this episode of the podcast (#230) Siddarth Adukia, a regional Director at NCC Group, joins host Paul Roberts to talk about the (cyber) risks and (public health) rewards of vaccine passport systems: how they work, how they can be compromised and what to do about it.

Risk 83

Clop gang exploiting CVE-2021-35211 RCE in SolarWinds Serv-U in recent attack

Security Affairs

The Clop ransomware gang is exploiting CVE-2021-35211 vulnerability in SolarWinds Serv-U to compromise corporate networks.

A Recruiter’s Guide To Hiring In 2021

With vaccination rates rising, consumers spending more money, and people returning to offices, the job market is going through a period of unprecedented adjustment. As the New York Times observed, “It’s a weird moment for the American economy.” And recruiting professionals are caught in the middle. To make the most of this disruption, you need to understand the economic drivers, develop a strong strategy for unearthing valuable talent, and use the latest tech tools to get the job done. Read this guide to get your recruiting practice ready to thrive in the new normal.

Third-Party Software Risks Grow, but So Do Solutions

Dark Reading

Enterprises are more dependent than ever on open source software and need to manage the risk posed by vulnerabilities in components and third-party vendors

Risk 99

Microsegmentation Is Catching On as Key to Zero Trust

eSecurity Planet

For a security technology that’s only a few years old, microsegmentation is catching on quickly.

IoT 82

Participate in the ARMA IG Maturity Index Survey

IG Guru

Are there gaps in your information governance program? Is your organization leading or falling behind others in your industry? Now in its third year, the IG Maturity Index Survey continues to create the industry-standard benchmark for information governance.

IT 80