Trending Now
LATEST
Half of Government Security Incidents Caused by Missing Patches
Half of Government Security Incidents Caused by Missing PatchesCybersecurity is both a driver and a major barrier to public sector IT modernization, according to new research from BAE Systems Applied Intelligence.
The cyber consultancy polled 250 managers with IT responsibility...
Blessed are the cryptographers, labelling them criminal enablers is just foolish
Preserving privacy is hard. I know because when I tried, I quickly learned not to play with weapons Column Nearly a decade ago I decided to try my hand as a cryptographer. It went about as well as you...
Ransomware Gang Leaks Metropolitan Police Data After Failed Negotiations
The cybercrime syndicate behind Babuk ransomware has leaked more personal files belonging to the Metropolitan Police Department (MPD) after negotiations with the DC Police broke down, warning that they intend to publish all data ransom demands are not met.
"The...
NSA and ODNI analyze potential risks to 5G networks
U.S. Intelligence agencies warn of weaknesses in 5G networks that could be exploited by crooks and nation-state actors for intelligence gathering.
The U.S. National Security Agency (NSA), along with the DHS Cybersecurity and Infrastructure Security Agency (CISA), and the Office...
Alert: Hackers Exploit Adobe Reader 0-Day Vulnerability in the Wild
Adobe has released Patch Tuesday updates for the month of May with fixes for multiple vulnerabilities spanning 12 different products, including a zero-day flaw affecting Adobe Reader that's actively exploited in the wild.
The list of updated applications includes Adobe Experience Manager,...
Beijing twirls ban-hammer at 84 more apps it says need to stop slurping excess data
Online lending apps and more given fifteen days to ‘rectify’ behaviour China’s Central Cyberspace Affairs Commission has named 84 apps it says breach local privacy laws and given their developers 15 days to “rectify” their code.…
SAP Patches High-Severity Flaws in Business One, NetWeaver Products
SAP has released a total of six new security notes on its May 2021 Security Patch Day, along with updates for five other security notes, including three rated Hot News.
read more
South Korea orders urgent review of energy infrastructure cybersecurity
No prizes for guessing why, as Colonial Pipeline outage stretches patience and looks like lasting a week South Korea’s Ministry of Trade, Energy and Infrastructure has ordered a review of the cybersecurity preparedness of the nation’s energy infrastructure.…
ISC StormCast for Wednesday, May 12th, 2021
Microsoft Patch Tuesday https://isc.sans.edu/forums/diary/Microsoft+May+2021+Patch+Tuesday/27408 WiFi Fragmentation Attacks https://www.fragattacks.com
Ransomware Gang Threatens Release of DC Police Records
A Russian-speaking ransomware syndicate that stole data from the Washington, D.C., police department says negotiations over payment have broken down, with it rejecting a $100,000 payment, and it will release sensitive information that could put lives at risk if...
Synthetic Identity Theft: When Everybody Knows Your Name
You probably have a place where everyone knows your name — and maybe your address and your birthday and your favorite drink. That place could be your favorite restaurant, your office or your grandma’s house. It doesn’t matter where...
Tech industry quietly patches FragAttacks Wi-Fi flaws that leak data, weaken security
Dozen design, implementation blunders date back 24 years A dozen Wi-Fi design and implementation flaws make it possible for miscreants to steal transmitted data and bypass firewalls to attack devices on home networks, according to security researcher Mathy Vanhoef.…
SN 818: News From the Darkside – Exim Email Server, Tor's Exit Nodes, TsuNAME, Project Hail Mary
Picture of the week.
TsuNAME - "DNS Configuration Flaw Lets Attackers Take Down DNS Servers"
Huh Google?
Tor's Exit Nodes.
21 Nails in Exim's coffin.
Project Hail Mary: A Novel.
Closing the loop.
SpinRite update.
News from the Darkside.
We invite you to read our show notes at...
SN 818: News From the Darkside – Exim Email Server, Tor's Exit Nodes, TsuNAME, Project Hail Mary
Picture of the week.
TsuNAME - "DNS Configuration Flaw Lets Attackers Take Down DNS Servers"
Huh Google?
Tor's Exit Nodes.
21 Nails in Exim's coffin.
Project Hail Mary: A Novel.
Closing the loop.
SpinRite update.
News from the Darkside.
We invite you to read our show notes at...
Risky Business #623 — Ransomware threatens US energy security
On this week’s show Patrick Gray, Adam Boileau and Chris Krebs...
AWS configuration issues lead to exposure of 5 million records
Researchers reported on Tuesday that Amazon Web Services System Manager (SSM) misconfigurations led to the potential exposure of more than 5 million documents with personally identifiable information and credit card transactions on more than 3,000 SSM documents.
In a...
A Startup With NSA Roots Wants Silently Disarming Cyberattacks on the Wire to Become the Norm
Trinity Cyber takes a new spin on some traditional network-security techniques, but can its approach catch on widely?
Hackers target Windows users exploiting a Zero-Day in Reader
Adobe confirmed that a zero-day vulnerability affecting Adobe Reader for Windows has been exploited in the wild in limited attacks.
Adobe security updates for May 2021 address at least 43 CVEs in Experience Manager, InDesign, Illustrator, InCopy, Adobe Genuine Service,...
Shining a Light on DARKSIDE Ransomware Operations
Since initially surfacing in August 2020, the creators of DARKSIDE
ransomware and their affiliates have launched a global crime spree
affecting organizations in more than 15 countries and multiple
industry verticals. Like many of their peers,...
BrandPost: Automated, Orchestrated, and Integrated: The Open Platform Approach
As organizations increasingly shift to cloud, the IT infrastructure becomes riddled with complexity. SecOps, NetOps, and ITOps teams have their hands full using multiple tools to manage data and applications across the distributed environment.For SecOps in particular, tying these...
BrandPost: Merging NetOps, ITOps, and SecOps for Enhanced Visibility
Visibility into network traffic, endpoints, cloud infrastructure, and more is crucial – especially considering the sophistication of cyber threats, the widely distributed workforce, and the escalation of cloud adoption.Yet, many organizations have developed silos over time. Networking, IT, and...
LEADERS
Microsoft Patch Tuesday, May 2021 Edition
Microsoft today released fixes to plug at least 55 security holes in its Windows operating systems and other software. Four of these weaknesses can be exploited by malware and malcontents to seize complete, remote control over vulnerable systems without...
Microsoft Patch Tuesday, May 2021 Edition
Microsoft today released fixes to plug at least 55 security holes in its Windows operating systems and other software. Four of these weaknesses can be exploited by malware and malcontents to seize complete, remote control over vulnerable systems without...
A Closer Look at the DarkSide Ransomware Gang
The FBI confirmed this week that a relatively new ransomware group known as DarkSide is responsible for an attack that caused Colonial Pipeline to shut down 5,550 miles of pipe, stranding countless barrels of gasoline, diesel and jet fuel...
AI Security Risk Assessment Tool
Microsoft researchers just released an open-source automation tool for security testing AI systems: “Counterfit.” Details on their blog.
The DarkSide ransomware gang must be shitting itself right now
So, what do you do if you're a ransomware gang which has just caught the attention of not just the world's media, but also the FBI and the President of the United States?
