Flash Is Dead—But Not Gone

WIRED Threat Level

Security Security / Security NewsZombie versions of Adobe’s troubled software can still cause problems in systems around the world.

NEW TECH: Will ‘Secure Access Service Edge’ — SASE — Be the Answer to Secure Connectivity?

The Last Watchdog

Company networks have evolved rather spectacularly in just 20 years along a couple of distinct tracks: connectivity and security. Related: The shared burden of securing the Internet of Things. Security, meanwhile, has morphed into a glut of point solutions that mostly serve to highlight the myriad gaps in an ever-expanding attack surface. It’s called Secure Access Service Edge, or SASE , as coined by research firm Gartner.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Hackers Hide Software Skimmer in Social Media Sharing Icons

Security Affairs

Security researchers have uncovered a new technique to inject a software skimmer onto checkout pages, the malware hides in social media buttons. Security experts at Sansec have detailed a new technique used by crooks to inject a software skimmer into checkout pages.

SUPERNOVA, a Backdoor Found While Investigating SolarWinds Hack

Security Affairs

While investigating the recent SolarWinds Orion supply-chain attack security researchers discovered another backdoor, tracked SUPERNOVA. The post SUPERNOVA, a backdoor found while investigating SolarWinds hack appeared first on Security Affairs.

How to Measure DevSecOps Progress and Ensure Success

Speaker: Shannon Lietz, Director of DevSecOps Team, Intuit

The new DevSecOps team is up and running, and you feel ready to take on rising security threats while delivering quality software updates. But that leaves just one question: how do you monitor your new program as effectively and efficiently as possible? Join Shannon Lietz, Director of DevsecOps at Intuit, and award-winning innovator, to learn the answers to these questions so you can lead your DevSecOps team to the top!

Router Security

Schneier on Security

This report is six months old, and I don’t know anything about the organization that produced it, but it has some alarming data about router security. A published private key provides no security at all.

Banking on Cloud Security

Data Breach Today

These are the results that banking institutions can receive by shifting security to the cloud, says David Vergara of OneSpan. "Better, cheaper, faster." At a time when multi-channel fraud is surging and the customer experience is paramount, cloud needs serious consideration, he says

Cloud 173

Updated Minebridge RAT Targets Security Researchers

Data Breach Today

Zscaler: Malware Buries Itself Into TeamViewer The operators behind the Minebridge remote-access Trojan have updated the malware, which is targeting security researchers by using a malicious payload disguised in an attached document, according to the security firm Zscaler

Access 164

Cloud Pak for Security

Data Breach Today

Cloud Pak for Security Digital transformation is accelerating. This webinar will take a deep dive into IBM's Cloud Pak for Security where you will learn how to: Gain insights without moving your data; Respond faster to secuirty incidents with automation and investigative capabilities; Run anywhere, connect security openly Organisations are adopting SAAS solutions at increasing rates to reduce internal IT constraints and budgets.

Cloud 157

FTC Settlement With Zoom Sets Security Requirements

Data Breach Today

Agency Requires Comprehensive Security Program As part of a settlement of allegations that Zoom "engaged in a series of deceptive and unfair practices that undermined the security of its users," the U.S.

Shift Left Security? Development Does Not Want to Own It.

Speaker: Shlomo Bielak, CTO, Benchmark Corp

Shifting security left to the earliest part of development is currently in the spotlight in the developer world. What teams are now discovering is, this approach results in misdirected ownership for developers and a frustrated security team. In the current climate, we cannot afford to let security implementations falter. It's time to manage your team's energies to maximize DevOps efficiency, all the while maintaining top security standards. Join Shlomo Bielak, and learn how to keep your DevSecOps team focused and connected without creating silos.

French Security Firm Says Hackers Accessed Its Source Code

Data Breach Today

Stormshield Is a Major Supplier of Security Products to the French Government French security vendor Stormshield has launched an investigation after an internal review found that hackers accessed the source code of the company's network security product.

Access 226

Using an 'Intrinsic Security' Approach

Data Breach Today

Organizations need to build security into their cloud environments to help thwart cyberthreats, says Tom Com of VMware, who describes this "intrinsic security" approach

Cloud 156

ENISA Highlights AI Security Risks for Autonomous Cars

Data Breach Today

Automakers Should Employ Security-By-Design to Thwart Cyber Risks Autonomous vehicle manufacturers are advised to adopt security-by-design models to mitigate cybersecurity risks, as artificial intelligence is susceptible to evasion and poisoning attacks, says a new ENISA report

Phishing Attacks Dodge Email Security

Data Breach Today

Cofense: Fraudsters Use Trusted Web Services to Evade Security Protocols A fresh round of phishing attacks is relying on using trusted services and a well-designed social engineering scheme to trick users into enabling malware to bypass an end point's security protocols, says Aaron Higbee of the security firm Cofense.

National Security Risks of Late-Stage Capitalism

Schneier on Security

It was a huge attack, with major implications for US national security. SolarWinds certainly seems to have underspent on security. A cybersecurity adviser for the company said that he quit after his recommendations to strengthen security were ignored.

Risk 113

Florida City's Water Hack: Poor IT Security Laid Bare

Data Breach Today

The incident is likely to raise questions about the vulnerability of critical infrastructure in small towns on slim IT security budgets

Tom Kellermann: Post-Election Security Analysis

Data Breach Today

election security measures seem to have worked. Cybersecurity Strategist Warns of Pre-Inauguration Nation-State Strikes The good news: U.S. The bad news: Disinformation and misinformation campaigns continue.

Medieval Security Techniques

Schneier on Security

Sonja Drummer describes (with photographs) two medieval security techniques. Uncategorized authentication history of security

NSA embraces the Zero Trust Security Model

Security Affairs

The National Security Agency (NSA) published a document to explain the advantages of implementing a zero-trust model. The National Security Agency (NSA) recently published a document to explain the benefits of adopting a zero-trust model, and advice to navigate the process.

Detecting Network Security Incidents

Data Breach Today

ENISA's Rossella Mattioli Reviews New Report Rossella Mattioli, a network and information security expert at ENISA, the European Union Agency for Cybersecurity, discusses a new report offering insights on detecting network security incidents

Florida's Water Hack: Poor IT Security Laid Bare

Data Breach Today

The incident is likely to raise questions over the vulnerability of critical infrastructure in small towns on slim IT security budgets

Report Sizes Up How AI Poses a Security Threat

Data Breach Today

is in danger of falling behind China and Russia in developing artificial intelligence technologies and countering cybersecurity threats that could develop as AI use becomes more widespread, according to a newly released report from the National Security Commission on Artificial Intelligence

Election Security: A Harsh Assessment

Data Breach Today

Security Researcher, CISA Director Raise Serious Concerns A security researcher says voting equipment in the U.S. is still riddled with security flaws that opportunistic foreign adversaries could use to pose a threat to the November election.

Medical Device Security Alerts: The Latest Updates

Data Breach Today

More Devices Affected by 'Ripple20' Vulnerabilities Federal regulators have issued another round of security alerts about vulnerabilities in medical device products from several manufacturers, including an update on those affected by so-called "Ripple-20" flaws earlier identified in the Treck TCP/IP stack.

Insurer Chubb Investigating 'Security Incident'

Data Breach Today

Maze Gang Claims Insurer Is a Victim, Emsisoft Reports Switzerland-based global insurance firm Chubb acknowledges that it's investigating a "security incident." Meanwhile, the Maze ransomware gang is claiming Chubb is its latest victim, according to researchers at the security firm Emsisoft

Tips on Securing Endpoints, Ensuring Compliance

Data Breach Today

Matthew Burns of HCL Software discusses securing endpoints and ensuring compliance during exceptional times in an interview following a recent series of virtual roundtables on the subject

Shareholder Sues SolarWinds for Alleged Security Failures

Data Breach Today

Lawsuit Alleges Software Vendor Misled Investors Over the Security of Its Products A SolarWinds shareholder has filed a lawsuit claiming the company included misleading statements - regarding the security of its products - in its filings with the U.S. Securities and Exchange Commissio

SolarWinds Incident Response: 4 Essential Security Alerts

Data Breach Today

Federal Agencies Ordered to Immediately 'Disconnect or Power Down' SolarWinds Orion What should incident responders grappling with the complex online attack campaign that successfully distributed a Trojanized version of SolarWinds Orion network-monitoring software to customers focus on first?

Securing the New 'Branch Office'

Data Breach Today

The "remote workforce" of 2020 is gone. Now we're talking about the new, permanent "branch office" - and it comes with its own unique set of cybersecurity concerns, says Derek Manky of FortiGuard Labs. He discusses new social engineering trends and how to respond

Redefining Security Analytics

Data Breach Today

Chronicle's Anton Chuvakin on How to Fill the Gaps for Analysts There are glaring holes in how enterprises currently tackle security analytics, and by redefining the approach, the analyst's role can be transformed. Dr. Anton Chuvakin of Chronicle explains how

Nihilistic Password Security Questions

Schneier on Security

Uncategorized humor passwords security questionsPosted three years ago, but definitely appropriate for the times.

Mobile Health App and API Security: Common Flaws

Data Breach Today

Broken object level authorization, or BOLA, vulnerabilities are among the most common and worrisome weaknesses contained in dozens of mobile health applications used by patients and clinicians, posing security and privacy risks to health information, says cybersecurity researcher Alissa Knight

Database Security Best Practices

eSecurity Planet

In this article, we cover some database security best practices that can help keep your databases safe from attackers. In the traditional sense, this means keeping your database server in a secure, locked environment with access controls in place to keep unauthorized people out.

Ticketmaster Fined $1.7 Million for Data Security Failures

Data Breach Today

Its failure to properly secure chatbot software led to attackers stealing at least 9.4 Following Alerts of Potential Fraud, Ticketmaster Took 9 Weeks to Spot Big Breach Ticketmaster UK has been fined $1.7

Security Affairs newsletter Round 303

Security Affairs

Every week the best security articles from Security Affairs free for you in your email box. If you want to receive the weekly Security Affairs Newsletter for free subscribe here. The post Security Affairs newsletter Round 303 appeared first on Security Affairs.

NTT Security and WhiteHat Security Describe Deal

Data Breach Today

NTT's Khiro Mishra and WhiteHat's Craig Hinkley on Application Security NTT Security has signed a definitive agreement to acquire WhiteHat Security. NTT Security's Khiro Mishra and WhiteHat Security's Craig Hinkley say the deal will help bring more application security - and DevSecOps - products, services and smarts to more organizations

Lack of Secure Coding Called a National Security Threat

Data Breach Today

The lack of secure coding is a pervasive and serious threat to national security, according to a new paper from the Institute for Critical Infrastructure Technology. In an interview, Rob Roy, co-author of the report, outlines what steps should be taken to encourage or enforce secure coding practices

Paper 213

Phishing Emails Spoof Australia's Cyber Security Center

Data Breach Today

Messages Contain Malware, Attempt to Steal Banking Credentials The Australian Cyber Security Center is warning that fraudsters have recently started sending phishing emails that spoof the agency and contain malware designed to steal banking credentials

Building a Stronger Security Infrastructure

Data Breach Today

Peter Yapp, former deputy director at the UK's National Cyber Security Center, provides insights on building a stronger security infrastructure