Tuesday, August 3, 2021
Internet Storm Center Infocon Status

LATEST

The Register

Do you have a grip on the lifecycle security of your AWS-deployed applications?

Learn how to manage the risks of cloud native environments with Aqua and AWS Promo  There’s no doubt that adopting DevOps methodologies and CI/CD pipelines, and extending cloud native technologies like containerization can massively accelerate your application development and...
TechRepublic

Beef up security in Firefox with Fission

Jack Wallen shows you how to enable Fission. Firefox developers understand web browser security is at a premium, so they've rolled out a site isolation feature.
TechRepublic

Cybersecurity professionals: Positive reinforcement works wonders with users

The blame game is not working; experts suggest using positive reinforcement to improve employee attitude and performance.
SecurityWeek

Google Patches High-Risk Android Security Flaws

Google this week pushed out a security-themed Android update with fixes for more than 30 security flaws that expose mobile users to a range of malicious hacker attacks. The latest Android update provides documentation on 33 security bugs, some serious...

Awful transaction and timing: AT&T finally ditches DirecTV

Enlarge (credit: Getty Images | Ronald Martinez) AT&T has completed its spinoff of DirecTV after six years of mismanagement in which nearly 10 million customers ditched the company's pay-TV services. AT&T bought DirecTV for $49 billion ($67 billion including...
SecurityWeek

Mismanagement Driving Cybersecurity Skills Gap: Research

“To some extent, this data supports the theory that the cybersecurity skills shortage is related to mismanagement rather than a dearth of qualified candidates or advanced skills.” read more
Google

Linux Kernel Security Done Right

Posted by Kees Cook, Software Engineer, Google Open Source Security TeamTo borrow from an excellent analogy between the modern computer ecosystem and the US automotive industry of the 1960s, the Linux kernel runs well: when driving down the highway,...
Security Weekly

Shrug & Move On – ASW #160

This week, we welcome Maggie Jauregui, Offensive Security Researcher at Intel, to discuss Platform Firmware Security! Firmware security is complex and continues to be an industry challenge. In this podcast we'll talk about the reasons firmware security remains a...
TechRepublic

DDoS attacks largely target the US and the computers and internet sectors

DDoS attacks are a nuisance to be sure, but they're also used in a variety of ways that make them a severe threat, says Atlas VPN.
SecurityWeek

SAP Customer Survey Reveals False Sense of Security

Many SAP customers have a false sense of security, according to a new report from risk management consultancy Turnkey Consulting and business-critical application security firm Onapsis. The SAP Security Survey Report 2021 is based on information from over 100 SAP...

BazarCaller – the malware gang that talks you into infecting yourself

Calling someone back feels safer than clicking an unknown link... but it isn't! Remind your friends and family.

How American Law Lets Feds Spy On WhatsApp Without Needing To Say Why

Pen registers let governments keep tabs on who WhatsApp users are talking with, when and what IP addresses they’re using, and they don’t have to give judges a full explanation as to why. The same goes for surveillance on...
The Register

UK’s Ministry of Defence coughs up bug bounties for public-facing web pentesting

Small steps could lead to bigger strides The Ministry of Defence has paid out the first bug bounties to ethical computer hackers who probed its websites for vulnerabilities, according to a cheery missive from HackerOne.…
Security Affairs

Cisco fixed Remote Code Execution issue in Firepower Device Manager On-Box software

Cisco addressed a vulnerability in the Firepower Device Manager (FDM) On-Box software that allows attackers to execute arbitrary code on vulnerable devices. Cisco has addressed a vulnerability in the Firepower Device Manager (FDM) On-Box software, tracked as CVE-2021-1518,...
TechRepublic

Olympic-themed passwords put people at risk

Beyond using "tokyo" and "olympics" as their passwords, people have been turning to names of athletes, such as "kenny," "williams," and "asher," says NordPass.
SecurityWeek

Finite State Raises $30 Million in Series B Funding

Connected device security provider Finite State on Monday announced that it has raised $30 million in Series B funding. To date, the company has raised $49.5 million. The funding round was led by Energize Ventures. Merlin Ventures and Schneider Electric...

How to go from stolen PC to network intrusion in 30 minutes

Enlarge (credit: Getty Images) Let’s say you’re a large company that has just shipped an employee a brand-new replacement laptop. And let’s say it comes preconfigured to use all the latest best security practices, including full-disk encryption using...
ZDNet

Raccoon stealer-as-a-service will now try to grab your cryptocurrency

The malware has been upgraded to target even more financial information.
SecurityWeek

Code Execution Flaw Found in Cisco Firepower Device Manager On-Box Software

Cisco has addressed a vulnerability in the Firepower Device Manager (FDM) On-Box software that could be exploited to gain code execution on vulnerable devices. FDM On-Box is used to configure Cisco Firepower firewalls, providing administrators with both management and diagnostics...
TechRepublic

Connect Ubuntu Linux Desktop 21.04 to an Active Directory domain: Here's how

Jack Wallen walks you through the steps to join Ubuntu Desktop to Active Directory domains.
Bruce Schneier

Paragon: Yet Another Cyberweapons Arms Manufacturer

Forbes has the story: Paragon’s product will also likely get spyware critics and surveillance experts alike rubbernecking: It claims to give police the power to remotely break into encrypted instant messaging communications, whether that’s WhatsApp, Signal, Facebook Messenger or Gmail,...
The Hacker News

Cynet Empowers IT Resellers and Service Providers to Become Fully Qualified MSSPs

As cyber incidents increase in scope and impact, more and more organizations come to realize that outsourcing their defenses is the best practice—significantly increasing the Managed Security Service Provider (MSSP) market opportunities. Until recently, IT integrators, VARs, and MSPs haven't...
The Hacker News

Chinese Hackers Target Major Southeast Asian Telecom Companies

Three distinct clusters of malicious activities operating on behalf of Chinese state interests have staged a series of attacks to target networks belonging to at least five major telecommunications companies located in Southeast Asian countries since 2017. "The goal of...
The Register

Shopping for execs: ID management biz Okta poaches Google’s veep of engineering to run product dev activities

Head techie for Chocolate Factory's search ad biz departs Mountain View Identity-as-a-service slinger Okta has poached Google veep of engineering Sagnik Nandy to become its president and chief tech officer.…

The Kaseya ransomware attack: A timeline

The attack on US-based software provider Kaseya by notorious Russia-linked ransomware group REvil in July 2021 is estimated to have affected up to 2,000 global organizations. REvil targeted a vulnerability (CVE-2021-30116) in a Kaseya remote computer management tool to...
820FollowersFollow

LEADERS

Bruce Schneier

Paragon: Yet Another Cyberweapons Arms Manufacturer

Forbes has the story: Paragon’s product will also likely get spyware critics and surveillance experts alike rubbernecking: It claims to give police the power to remotely break into encrypted instant messaging communications, whether that’s WhatsApp, Signal, Facebook Messenger or Gmail,...
Bruce Schneier

The European Space Agency Launches Hackable Satellite

Of course this is hackable: A sophisticated telecommunications satellite that can be completely repurposed while in space has launched. Because the satellite can be reprogrammed in orbit, it can respond to changing demands during its lifetime. The satellite can detect and...

Weekly Update 254

Presently sponsored by: Varonis. Reduce your SaaS blast radius with data-centric security for AWS, G Drive, Box, Salesforce, Slack and more.The plan this week was to do a super simple update whilst having some time out. In the back...
Bruce Schneier

Friday Squid Blogging: Squid Skin Is Naturally Anti-microbial

Often it feels like squid just evolved better than us mammals. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here.
Bruce Schneier

I Am Parting With My Crypto Library

The time has come for me to find a new home for my (paper) cryptography library. It’s about 150 linear feet of books, conference proceedings, journals, and monographs — mostly from the 1980s, 1990s, and 2000s. My preference is that...