Trending Now
LATEST
Do you have a grip on the lifecycle security of your AWS-deployed applications?
Learn how to manage the risks of cloud native environments with Aqua and AWS Promo There’s no doubt that adopting DevOps methodologies and CI/CD pipelines, and extending cloud native technologies like containerization can massively accelerate your application development and...
Beef up security in Firefox with Fission
Jack Wallen shows you how to enable Fission. Firefox developers understand web browser security is at a premium, so they've rolled out a site isolation feature.
Cybersecurity professionals: Positive reinforcement works wonders with users
The blame game is not working; experts suggest using positive reinforcement to improve employee attitude and performance.
Google Patches High-Risk Android Security Flaws
Google this week pushed out a security-themed Android update with fixes for more than 30 security flaws that expose mobile users to a range of malicious hacker attacks.
The latest Android update provides documentation on 33 security bugs, some serious...
Awful transaction and timing: AT&T finally ditches DirecTV
Enlarge (credit: Getty Images | Ronald Martinez)
AT&T has completed its spinoff of DirecTV after six years of mismanagement in which nearly 10 million customers ditched the company's pay-TV services.
AT&T bought DirecTV for $49 billion ($67 billion including...
Mismanagement Driving Cybersecurity Skills Gap: Research
“To some extent, this data supports the theory that the cybersecurity skills shortage is related to mismanagement rather than a dearth of qualified candidates or advanced skills.”
read more
Linux Kernel Security Done Right
Posted by Kees Cook, Software Engineer, Google Open Source Security TeamTo borrow from an excellent analogy between the modern computer ecosystem and the US automotive industry of the 1960s, the Linux kernel runs well: when driving down the highway,...
Shrug & Move On – ASW #160
This week, we welcome Maggie Jauregui, Offensive Security Researcher at Intel, to discuss Platform Firmware Security! Firmware security is complex and continues to be an industry challenge. In this podcast we'll talk about the reasons firmware security remains a...
DDoS attacks largely target the US and the computers and internet sectors
DDoS attacks are a nuisance to be sure, but they're also used in a variety of ways that make them a severe threat, says Atlas VPN.
SAP Customer Survey Reveals False Sense of Security
Many SAP customers have a false sense of security, according to a new report from risk management consultancy Turnkey Consulting and business-critical application security firm Onapsis.
The SAP Security Survey Report 2021 is based on information from over 100 SAP...
BazarCaller – the malware gang that talks you into infecting yourself
Calling someone back feels safer than clicking an unknown link... but it isn't! Remind your friends and family.
How American Law Lets Feds Spy On WhatsApp Without Needing To Say Why
Pen registers let governments keep tabs on who WhatsApp users are talking with, when and what IP addresses they’re using, and they don’t have to give judges a full explanation as to why. The same goes for surveillance on...
UK’s Ministry of Defence coughs up bug bounties for public-facing web pentesting
Small steps could lead to bigger strides The Ministry of Defence has paid out the first bug bounties to ethical computer hackers who probed its websites for vulnerabilities, according to a cheery missive from HackerOne.…
Cisco fixed Remote Code Execution issue in Firepower Device Manager On-Box software
Cisco addressed a vulnerability in the Firepower Device Manager (FDM) On-Box software that allows attackers to execute arbitrary code on vulnerable devices.
Cisco has addressed a vulnerability in the Firepower Device Manager (FDM) On-Box software, tracked as CVE-2021-1518,...
Olympic-themed passwords put people at risk
Beyond using "tokyo" and "olympics" as their passwords, people have been turning to names of athletes, such as "kenny," "williams," and "asher," says NordPass.
Finite State Raises $30 Million in Series B Funding
Connected device security provider Finite State on Monday announced that it has raised $30 million in Series B funding. To date, the company has raised $49.5 million.
The funding round was led by Energize Ventures. Merlin Ventures and Schneider Electric...
How to go from stolen PC to network intrusion in 30 minutes
Enlarge (credit: Getty Images)
Let’s say you’re a large company that has just shipped an employee a brand-new replacement laptop. And let’s say it comes preconfigured to use all the latest best security practices, including full-disk encryption using...
Raccoon stealer-as-a-service will now try to grab your cryptocurrency
The malware has been upgraded to target even more financial information.
Code Execution Flaw Found in Cisco Firepower Device Manager On-Box Software
Cisco has addressed a vulnerability in the Firepower Device Manager (FDM) On-Box software that could be exploited to gain code execution on vulnerable devices.
FDM On-Box is used to configure Cisco Firepower firewalls, providing administrators with both management and diagnostics...
Connect Ubuntu Linux Desktop 21.04 to an Active Directory domain: Here's how
Jack Wallen walks you through the steps to join Ubuntu Desktop to Active Directory domains.
Paragon: Yet Another Cyberweapons Arms Manufacturer
Forbes has the story:
Paragon’s product will also likely get spyware critics and surveillance experts alike rubbernecking: It claims to give police the power to remotely break into encrypted instant messaging communications, whether that’s WhatsApp, Signal, Facebook Messenger or Gmail,...
Cynet Empowers IT Resellers and Service Providers to Become Fully Qualified MSSPs
As cyber incidents increase in scope and impact, more and more organizations come to realize that outsourcing their defenses is the best practice—significantly increasing the Managed Security Service Provider (MSSP) market opportunities.
Until recently, IT integrators, VARs, and MSPs haven't...
Chinese Hackers Target Major Southeast Asian Telecom Companies
Three distinct clusters of malicious activities operating on behalf of Chinese state interests have staged a series of attacks to target networks belonging to at least five major telecommunications companies located in Southeast Asian countries since 2017.
"The goal of...
Shopping for execs: ID management biz Okta poaches Google’s veep of engineering to run product dev activities
Head techie for Chocolate Factory's search ad biz departs Mountain View Identity-as-a-service slinger Okta has poached Google veep of engineering Sagnik Nandy to become its president and chief tech officer.…
The Kaseya ransomware attack: A timeline
The attack on US-based software provider Kaseya by notorious Russia-linked ransomware group REvil in July 2021 is estimated to have affected up to 2,000 global organizations. REvil targeted a vulnerability (CVE-2021-30116) in a Kaseya remote computer management tool to...
LEADERS
Paragon: Yet Another Cyberweapons Arms Manufacturer
Forbes has the story:
Paragon’s product will also likely get spyware critics and surveillance experts alike rubbernecking: It claims to give police the power to remotely break into encrypted instant messaging communications, whether that’s WhatsApp, Signal, Facebook Messenger or Gmail,...
The European Space Agency Launches Hackable Satellite
Of course this is hackable:
A sophisticated telecommunications satellite that can be completely repurposed while in space has launched.
Because the satellite can be reprogrammed in orbit, it can respond to changing demands during its lifetime.
The satellite can detect and...
Weekly Update 254
Presently sponsored by: Varonis. Reduce your SaaS blast radius with data-centric security for AWS, G Drive, Box, Salesforce, Slack and more.The plan this week was to do a super simple update whilst having some time out. In the back...
Friday Squid Blogging: Squid Skin Is Naturally Anti-microbial
Often it feels like squid just evolved better than us mammals.
As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.
Read my blog posting guidelines here.
I Am Parting With My Crypto Library
The time has come for me to find a new home for my (paper) cryptography library. It’s about 150 linear feet of books, conference proceedings, journals, and monographs — mostly from the 1980s, 1990s, and 2000s.
My preference is that...
