HHS Updates Security Risk Assessment Tool

Data Breach Today

The Department of Health and Human Services has updated its HIPAA security risk assessment tool to better assist small and mid-sized healthcare entities and their vendors in performing a comprehensive risk analysis.

Tools 186

GitHub introduces new tools and security features to secure code

Security Affairs

GitHub announced the introduction of several new tools and security features to help developers secure their code. The popular code repository hosting service GitHub continues its efforts in helping its customers in developing and maintaining a secure code.

Tools 96

Instagram’s New Security Tools are a Welcome Step, But Not Enough

Krebs on Security

Instagram users should soon have more secure options for protecting their accounts against Internet bad guys. For years, security experts have warned that hackers are exploiting weak authentication at Instagram to commandeer accounts.

Tools 158

A free Decryptor tool for GandCrab Ransomware released

Security Affairs

Good news for the victims of the latest variants of the GandCrab ransomware , NoMoreRansomware released a free decryption tool. Victims of the latest variants of the GandCrab ransomware can now decrypt their files for free using a free decryptor tool released on the the NoMoreRansom website.

Tools 95

VMware addressed flaws in its Workstation and Tools

Security Affairs

VMware has informed its users that it has patched two high-severity vulnerabilities that affect its Tools and Workstation software. VMware has patched two high-severity flaws that affect its Tools and Workstation software.

Tools 97

OilRig’s Jason email hacking tool leaked online

Security Affairs

A few hours ago, a new email hacking tool dubbed Jason and associated with the OilRig APT group was leaked through the same Telegram channel used to leak other tools. Now the group released a tool that was allegedly used by OilRig “for hacking emails and stealing information.”

Tools 99

Android 7.0+ Phones Can Now Double as Google Security Keys

Krebs on Security

and higher can now be used as Security Keys , an additional authentication layer that helps thwart phishing sites and password theft. But Google said starting this week, any mobile phone running Android 7.0+ (Nougat) can serve the same function as a USB-based security key.

9 Top Active Directory Security Tools

eSecurity Planet

Active Directory can't protect against every security risk. Here are 9 Active Directory security tools that can help

Tools 85

What the Marriott Breach Says About Security

Krebs on Security

Or a previously unknown security flaw gets exploited before it can be patched. They’re reshuffling the organizational chart so that people in charge of security report to the board, the CEO, and/or chief risk officer — anyone but the Chief Technology Officer.

Uninstall or Disable PGP Tools, Security Researchers Warn

Data Breach Today

Exploitable Vulnerabilities Could Reveal Plaintext of Encrypted Emails European computer security researchers say they have discovered vulnerabilities that relate to two techniques used to encrypt emails: PGP and S/MIME.

Tools 170

Free Tool: Honey Feed

Security Affairs

Cybersecurity expert Marco Ramilli shared another tool of his arsenal that extracts suspicious IPs from undesired connections, his HoneyPots. Hi folks, today I’d like to point you out another tool of mine which extracts suspicious IPs from undesired connections.

Tools 103

NSA Pitches Free Reverse-Engineering Tool Called Ghidra

Data Breach Today

For the Record, There's No Backdoor,' NSA's Rob Joyce Tells RSA Conference Here's free software built by the National Security Agency called Ghidra that reverse-engineers binary application files - all you have to do is install it on your system.

Tools 224

9 Top Database Security Tools

eSecurity Planet

Here are 9 top database security tools to help you protect that data Databases contain some of the most critical data in an organization.

Tools 80

How to Shop Online Like a Security Pro

Krebs on Security

Here are some other safety and security tips to keep in mind when shopping online: -WHEN IN DOUBT, CHECK ‘EM OUT: If you don’t know much about the online merchant that has the item you wish to buy, take a few minutes to investigate its reputation.

How To 279

Toyota presented PASTA (Portable Automotive Security Testbed) Car-Hacking Tool

Security Affairs

Takuya Yoshida from Toyota’s InfoTechnology Center and his colleague Tsuyoshi Toyama are members of a Toyota team that developed the new tool, called PASTA (Portable Automotive Security Testbed).

'Virtual Assistant' EHR Tools: Privacy, Security Issues

Data Breach Today

Data integrity and privacy issues are among potential concerns related to voice-activated "virtual assistant" tools that some vendors are beginning to offer for their electronic health record systems, says privacy and security expert Kate Borten

Tools 100

Experts released a free Decryption Tool for GandCrab ransomware

Security Affairs

Good news for the victims of the infamous GandCrab ransomware, security experts have created a decryption tool that allows them to decrypts files without paying the ransom. “This tool recovers files encrypted by GandCrab ransomware versions 1, 4 and 5.”

Tools 110

Intel addresses high severity flaw in Processor Diagnostic Tool

Security Affairs

Intel Patch Tuesday updates for July 2019 address a serious flaw in Processor Diagnostic Tool and minor issue in the Solid State Drives (SSD) for Data Centers (DC). ” reads the security advisory.

Tools 91

7 Low-Cost Security Tools

Dark Reading

Security hardware doesn't have to be expensive or complex to do the job. Here are seven examples of low-cost hardware that could fill a need in your security operations

Tools 82

Google: Security Keys Neutralized Employee Phishing

Krebs on Security

Google has not had any of its 85,000+ employees successfully phished on their work-related accounts since early 2017, when it began requiring all employees to use physical Security Keys in place of passwords and one-time codes, the company told KrebsOnSecurity.

Security firm released Singularity, an open source DNS Rebinding attack tool

Security Affairs

Cybersecurity firm NCC Group has released an open source tool for penetration testers that allows carrying out DNS rebinding attacks. Security firm NCC Group has released an open source tool for penetration testing dubbed Singularity of Origin that allows carrying out DNS rebinding attacks.

Tools 79

Five Eyes Intelligence agencies warn of popular hacking tools

Security Affairs

Security agencies belonging to Five Eyes (United States, United Kingdom, Canada, Australia and New Zealand) have released a joint report that details some popular hacking tools. Experts from cybersecurity agencies from Five Eyes intelligence alliance have issued a report that provides technical details on most popular hacking tool families and the way to detect and neutralizes attacks involving them. The five tools are: Remote Access Trojan: JBiFrost.

Tools 87

What’s Business Process Modeling Got to Do with It? – Choosing A BPM Tool

erwin

With business process modeling (BPM) being a key component of data governance , choosing a BPM tool is part of a dilemma many businesses either have or will soon face. Choosing a BPM Tool: An Overview. Organizations that adopt a BPM tool also enjoy greater process efficiency.

Tools 74

Snapchat staff used internal tools to spy on users

Security Affairs

Snapchat internal staff has allegedly abused their role in the company to spy on Snapchat users using and internal tools and steal data. Snapchat has internal tools that allow employees to access consumer data, and unfortunately, these tools have been abused by the internal staff.

Tools 100

Free Tools: spotting APTs through Malware streams

Security Affairs

Cyber security expert and founder of Yoroi has published a new tool that could be used to spot APTs (A dvanced Persistent Threats) through Malware streams. Honey Feed , a tool that extracts suspicious IPs from undesired connections, his HoneyPots.

Tools 99

Security expert Marco Ramilli released for free the Malware Hunter tool

Security Affairs

Malware researcher Marco Ramilli released for free the Malware Hunter tool a simple but interesting catching tool base on static YARA rules. Malware researcher Marco Ramilli released for free the Malware Hunter tool a simple but interesting catching tool base on static YARA rules.

Tools 106

Dell Security Support Tool Harbors High-Severity Flaws

Threatpost

Dell has patched two high-severity vulnerabilities in its SupportAssist software meant to aid security issues for customers. Mobile Security Vulnerabilities CSRF Dell high severity flaw remote code execution SupportAssist client vulnerability

Tools 96

12 Free, Ready-to-Use Security Tools

Dark Reading

These free tools can help you analyze what your company is up against and point ways to developing a more thorough security program There's no excuse for not knowing your exposure.

Tools 85

What You Should Know About the Equifax Data Breach Settlement

Krebs on Security

But we should probably just be grateful for that; given Equifax’s total dumpster fire of a public response to the breach , the company has shown itself incapable of operating (let alone securing) a properly functioning Web site.

Toyota PASTA Car-Hacking Tool will be soon on GitHub

Security Affairs

Toyota plans to release the PASTA (Portable Automotive Security Testbed) Car-Hacking Tool on GitHub next month. PASTA is an open-source testing platform specifically designed for car hacking, it was developed to help experts to test cyber security features of modern vehicles.

Tools 113

High-Severity Bug in Cisco Industrial Enterprise Tool Allows RCE

Threatpost

Bug allows for a remote attacker to execute arbitrary code on industrial, enterprise tools.

Sofacy APT group used a new tool in latest attacks, the Cannon

Security Affairs

The novelty in the last attacks is represented by the use of a tool that has not been seen before, attackers also used an uncommon technique to deliver the malware and to avoid running in a sandbox. Security Affairs – Sofacy APT, Cannot tool).

Tools 90

Experts found a critical vulnerability in the NSA Ghidra tool

Security Affairs

A security expert has discovered a vulnerability in the NSA Ghidra platform that could be exploited to execute code remotely. WikiLeaks obtained thousands of files allegedly originating from a CIA high-security network that details CIA hacking techniques, tools, and capabilities.

Tools 113

The NSA Makes Ghidra, a Powerful Cybersecurity Tool, Open Source

WIRED Threat Level

And now one if its powerful tools is available to everyone for free. SecurityNo one's better at hacking than the NSA.

Tools 88

FireEye releases FLASHMINGO tool to analyze Adobe Flash files

Security Affairs

Cyber security firm FireEye announced the release of FLASHMINGO, a new open source tool designed to automate the analysis of Adobe Flash files. FireEye released FLASHMINGO , a new open source tool designed to automate the analysis of Adobe Flash files.

Tools 94

Researcher Says NSA’s Ghidra Tool Can Be Used for RCE

Threatpost

Vulnerabilities Web Security attack exploit ghidra NSA Open Source project Proof of Concept reverse engineering tool vulnerability XXEResearchers have released a proof-of-concept showing how a XXE vulnerability can be exploited to attack Ghidra project users.

Tools 86

Android Debugging Tools Also Useful for Compromising Devices, Mining Cryptocurrency

Security Affairs

It is common for developers to use debugging tools with elevated privileges while they are trying to troubleshoot their code. In an ideal world, all of the security controls are applied and all of the debugging tools are removed or disabled before the code is released to the public.

Source code of tools used by OilRig APT leaked on Telegram

Security Affairs

Lab Dookhtegan hackers leaked details about operations carried out by Iran-linked OilRig group, including source code of 6 tools. It seems that the tools have been leaked since mid-March on a Telegram channel by a user with the Lab Dookhtegan pseudonym.

Tools 110

Q&A: How cutting out buzzwords could actually ease implementation of powerful security tools

The Last Watchdog

The central dilemma posed by digital transformation is this: How do companies reap the benefits of high-velocity software development without creating onerous security exposures? Why have organizations, of all sizes and in all sectors, failed to make more progress shrinking a security gap that appears, in fact, to be inexorably widening? Juniper has been in the vanguard of integrating security deeper into the plumbing of modern business networks.

Tools 116

Microsoft to Require Multi-Factor Authentication for Cloud Solution Providers

Krebs on Security

The firm had partnered with PCM because doing so was far cheaper than simply purchasing licenses directly from Microsoft, but its security team was unaware that a PCM employee or contractor maintained full access to all of their employees’email and documents in Office365.