WIRED Threat Level

JANUARY 24, 2021

Security Security / Security NewsZombie versions of Adobe’s troubled software can still cause problems in systems around the world.

Security 82

Security 82

The Last Watchdog

DECEMBER 8, 2020

Company networks have evolved rather spectacularly in just 20 years along a couple of distinct tracks: connectivity and security. Related: The shared burden of securing the Internet of Things. Security, meanwhile, has morphed into a glut of point solutions that mostly serve to highlight the myriad gaps in an ever-expanding attack surface. It’s called Secure Access Service Edge, or SASE , as coined by research firm Gartner.

Security 130

Security Access Cloud Cybersecurity 130

Security Affairs

DECEMBER 3, 2020

Security researchers have uncovered a new technique to inject a software skimmer onto checkout pages, the malware hides in social media buttons. Security experts at Sansec have detailed a new technique used by crooks to inject a software skimmer into checkout pages.

Security 111

Security Cloud Information Security IT 111

Security Affairs

DECEMBER 21, 2020

While investigating the recent SolarWinds Orion supply-chain attack security researchers discovered another backdoor, tracked SUPERNOVA. The post SUPERNOVA, a backdoor found while investigating SolarWinds hack appeared first on Security Affairs.

Security 114

Security Libraries Information Security IT 114

Speaker: Shannon Lietz, Director of DevSecOps Team, Intuit

The new DevSecOps team is up and running, and you feel ready to take on rising security threats while delivering quality software updates. But that leaves just one question: how do you monitor your new program as effectively and efficiently as possible? Join Shannon Lietz, Director of DevsecOps at Intuit, and award-winning innovator, to learn the answers to these questions so you can lead your DevSecOps team to the top!

Security

Schneier on Security

FEBRUARY 19, 2021

This report is six months old, and I don’t know anything about the organization that produced it, but it has some alarming data about router security. A published private key provides no security at all.

Security 104

Security Paper IT 104

Data Breach Today

NOVEMBER 13, 2020

These are the results that banking institutions can receive by shifting security to the cloud, says David Vergara of OneSpan. "Better, cheaper, faster." At a time when multi-channel fraud is surging and the customer experience is paramount, cloud needs serious consideration, he says

Cloud 173

Cloud Customer Experience Security 173

Data Breach Today

FEBRUARY 24, 2021

Zscaler: Malware Buries Itself Into TeamViewer The operators behind the Minebridge remote-access Trojan have updated the malware, which is targeting security researchers by using a malicious payload disguised in an attached document, according to the security firm Zscaler

Access 164

Access Security 164

Data Breach Today

OCTOBER 28, 2020

Cloud Pak for Security Digital transformation is accelerating. This webinar will take a deep dive into IBM's Cloud Pak for Security where you will learn how to: Gain insights without moving your data; Respond faster to secuirty incidents with automation and investigative capabilities; Run anywhere, connect security openly Organisations are adopting SAAS solutions at increasing rates to reduce internal IT constraints and budgets.

Cloud 157

Cloud Digital transformation Security IT 157

Data Breach Today

NOVEMBER 9, 2020

Agency Requires Comprehensive Security Program As part of a settlement of allegations that Zoom "engaged in a series of deceptive and unfair practices that undermined the security of its users," the U.S.

Security 238

Security IT 238

Speaker: Shlomo Bielak, CTO, Benchmark Corp

Shifting security left to the earliest part of development is currently in the spotlight in the developer world. What teams are now discovering is, this approach results in misdirected ownership for developers and a frustrated security team. In the current climate, we cannot afford to let security implementations falter. It's time to manage your team's energies to maximize DevOps efficiency, all the while maintaining top security standards. Join Shlomo Bielak, and learn how to keep your DevSecOps team focused and connected without creating silos.

Security

Data Breach Today

FEBRUARY 5, 2021

Stormshield Is a Major Supplier of Security Products to the French Government French security vendor Stormshield has launched an investigation after an internal review found that hackers accessed the source code of the company's network security product.

Access 226

Access IT Cybersecurity Government 226

Data Breach Today

NOVEMBER 19, 2020

Organizations need to build security into their cloud environments to help thwart cyberthreats, says Tom Com of VMware, who describes this "intrinsic security" approach

Cloud 156

Cloud Security 156

Data Breach Today

FEBRUARY 20, 2021

Automakers Should Employ Security-By-Design to Thwart Cyber Risks Autonomous vehicle manufacturers are advised to adopt security-by-design models to mitigate cybersecurity risks, as artificial intelligence is susceptible to evasion and poisoning attacks, says a new ENISA report

Artificial Intelligence 199

Artificial Intelligence Risk Manufacturing Cybersecurity 199

Data Breach Today

JULY 22, 2020

Cofense: Fraudsters Use Trusted Web Services to Evade Security Protocols A fresh round of phishing attacks is relying on using trusted services and a well-designed social engineering scheme to trick users into enabling malware to bypass an end point's security protocols, says Aaron Higbee of the security firm Cofense.

Phishing 197

Phishing Security 197

Schneier on Security

MARCH 1, 2021

It was a huge attack, with major implications for US national security. SolarWinds certainly seems to have underspent on security. A cybersecurity adviser for the company said that he quit after his recommendations to strengthen security were ignored.

Risk 113

Risk Security Marketing Government 113

Data Breach Today

FEBRUARY 11, 2021

The incident is likely to raise questions about the vulnerability of critical infrastructure in small towns on slim IT security budgets

Passwords 240

Passwords IT Security Access 240

Data Breach Today

NOVEMBER 10, 2020

election security measures seem to have worked. Cybersecurity Strategist Warns of Pre-Inauguration Nation-State Strikes The good news: U.S. The bad news: Disinformation and misinformation campaigns continue.

Cybersecurity 231

Cybersecurity Security 231

Schneier on Security

FEBRUARY 12, 2021

Sonja Drummer describes (with photographs) two medieval security techniques. Uncategorized authentication history of security

Security 80

Security Authentication 80

Security Affairs

MARCH 1, 2021

The National Security Agency (NSA) published a document to explain the advantages of implementing a zero-trust model. The National Security Agency (NSA) recently published a document to explain the benefits of adopting a zero-trust model, and advice to navigate the process.

Authentication 80

Authentication Cybersecurity Security Risk 80

Data Breach Today

JULY 3, 2020

ENISA's Rossella Mattioli Reviews New Report Rossella Mattioli, a network and information security expert at ENISA, the European Union Agency for Cybersecurity, discusses a new report offering insights on detecting network security incidents

Cybersecurity 148

Cybersecurity Security Information Security 148

Data Breach Today

FEBRUARY 10, 2021

The incident is likely to raise questions over the vulnerability of critical infrastructure in small towns on slim IT security budgets

Passwords 223

Passwords IT Security Access 223

Data Breach Today

MARCH 2, 2021

is in danger of falling behind China and Russia in developing artificial intelligence technologies and countering cybersecurity threats that could develop as AI use becomes more widespread, according to a newly released report from the National Security Commission on Artificial Intelligence

Artificial Intelligence 176

Artificial Intelligence Cybersecurity Security 176

Data Breach Today

AUGUST 6, 2020

Security Researcher, CISA Director Raise Serious Concerns A security researcher says voting equipment in the U.S. is still riddled with security flaws that opportunistic foreign adversaries could use to pose a threat to the November election.

Ransomware 171

Ransomware Security 171

Data Breach Today

JULY 31, 2020

More Devices Affected by 'Ripple20' Vulnerabilities Federal regulators have issued another round of security alerts about vulnerabilities in medical device products from several manufacturers, including an update on those affected by so-called "Ripple-20" flaws earlier identified in the Treck TCP/IP stack.

Manufacturing 247

Manufacturing Security 247

Data Breach Today

MARCH 27, 2020

Maze Gang Claims Insurer Is a Victim, Emsisoft Reports Switzerland-based global insurance firm Chubb acknowledges that it's investigating a "security incident." Meanwhile, the Maze ransomware gang is claiming Chubb is its latest victim, according to researchers at the security firm Emsisoft

Insurance 195

Insurance Ransomware Security IT 195

Data Breach Today

JANUARY 27, 2021

Matthew Burns of HCL Software discusses securing endpoints and ensuring compliance during exceptional times in an interview following a recent series of virtual roundtables on the subject

Compliance 148

Compliance Security 148

Data Breach Today

JANUARY 6, 2021

Lawsuit Alleges Software Vendor Misled Investors Over the Security of Its Products A SolarWinds shareholder has filed a lawsuit claiming the company included misleading statements - regarding the security of its products - in its filings with the U.S. Securities and Exchange Commissio

Security 155

Security IT 155

Data Breach Today

DECEMBER 14, 2020

Federal Agencies Ordered to Immediately 'Disconnect or Power Down' SolarWinds Orion What should incident responders grappling with the complex online attack campaign that successfully distributed a Trojanized version of SolarWinds Orion network-monitoring software to customers focus on first?

Security 218

Security 218

Data Breach Today

JANUARY 11, 2021

The "remote workforce" of 2020 is gone. Now we're talking about the new, permanent "branch office" - and it comes with its own unique set of cybersecurity concerns, says Derek Manky of FortiGuard Labs. He discusses new social engineering trends and how to respond

Cybersecurity 148

Cybersecurity Security IT 148

Data Breach Today

MARCH 2, 2020

Chronicle's Anton Chuvakin on How to Fill the Gaps for Analysts There are glaring holes in how enterprises currently tackle security analytics, and by redefining the approach, the analyst's role can be transformed. Dr. Anton Chuvakin of Chronicle explains how

Analytics 155

Analytics Security 155

Schneier on Security

SEPTEMBER 18, 2020

Uncategorized humor passwords security questionsPosted three years ago, but definitely appropriate for the times.

Passwords 94

Passwords Security 94

Data Breach Today

FEBRUARY 22, 2021

Broken object level authorization, or BOLA, vulnerabilities are among the most common and worrisome weaknesses contained in dozens of mobile health applications used by patients and clinicians, posing security and privacy risks to health information, says cybersecurity researcher Alissa Knight

Cybersecurity 171

Cybersecurity Risk Privacy Security 171

eSecurity Planet

MARCH 4, 2021

In this article, we cover some database security best practices that can help keep your databases safe from attackers. In the traditional sense, this means keeping your database server in a secure, locked environment with access controls in place to keep unauthorized people out.

Passwords 52

Passwords Security IT Encryption 52

Data Breach Today

NOVEMBER 16, 2020

Its failure to properly secure chatbot software led to attackers stealing at least 9.4 Following Alerts of Potential Fraud, Ticketmaster Took 9 Weeks to Spot Big Breach Ticketmaster UK has been fined $1.7

Security 263

Security Privacy IT 263

Security Affairs

FEBRUARY 28, 2021

Every week the best security articles from Security Affairs free for you in your email box. If you want to receive the weekly Security Affairs Newsletter for free subscribe here. The post Security Affairs newsletter Round 303 appeared first on Security Affairs.

Blockchain 60

Blockchain Manufacturing Authentication Security 60

Data Breach Today

MARCH 27, 2019

NTT's Khiro Mishra and WhiteHat's Craig Hinkley on Application Security NTT Security has signed a definitive agreement to acquire WhiteHat Security. NTT Security's Khiro Mishra and WhiteHat Security's Craig Hinkley say the deal will help bring more application security - and DevSecOps - products, services and smarts to more organizations

Security 149

Security 149

Data Breach Today

MAY 20, 2019

The lack of secure coding is a pervasive and serious threat to national security, according to a new paper from the Institute for Critical Infrastructure Technology. In an interview, Rob Roy, co-author of the report, outlines what steps should be taken to encourage or enforce secure coding practices

Paper 213

Paper Security 213

Data Breach Today

JANUARY 6, 2021

Messages Contain Malware, Attempt to Steal Banking Credentials The Australian Cyber Security Center is warning that fraudsters have recently started sending phishing emails that spoof the agency and contain malware designed to steal banking credentials

Phishing 156

Phishing Security 156

Data Breach Today

AUGUST 6, 2020

Peter Yapp, former deputy director at the UK's National Cyber Security Center, provides insights on building a stronger security infrastructure

Security 156

Security IT 156