Saturday, July 11, 2020

The CSO guide to top security conferences, 2020

There is nothing like attending a face-to-face event for career networking and knowledge gathering, and we don’t have to tell you how helpful it can be to get a hands-on demo of a new tool or to have your...

New DOE document names China, Russia as threats to US bulk power system

On May 1, the Trump Administration issued an Executive Order on Securing the United States Bulk Power System that seeks to remove from the power grid crucial electric equipment supplied by vendors from foreign adversarial nations. Yesterday, the Department...

What is cryptojacking? How to prevent, detect, and recover from it

Cryptojacking definition Cryptojacking is the unauthorized use of someone else’s computer to mine cryptocurrency. Hackers do this by either getting the victim to click on a malicious link in an email that loads cryptomining code on the computer, or by...

BrandPost: Securing and Connecting a New Era of Remote Work

Many organizations were successful in making remote work happen during the global coronavirus pandemic, with 72% saying they were equipped to manage a mobile workforce, according to the Cisco CIO Impact Report: Covid-19.WakeMed Health and Hospitals was one of...

How to protect Windows networks from ransomware attacks

Honda’s Customer Service and Financial Services were apparently hit by a ransomware attack recently. Kaspersky found samples in the VirusTotal database that make it appear that the company was targeted by the Snake ransomware. This incident made me think...

California Consumer Privacy Act (CCPA): What you need to know to be compliant

In late June, 2018, California passed a consumer privacy act, AB 375, that could have more repercussions on U.S. companies than the European Union’s General Data Protection Regulation (GDPR) that went into effect this past spring. The California law...

Privilege escalation explained: Why these flaws are so valuable to hackers

Privilege escalation definitionTo read this article in full, please click here(Insider Story)

15 hot tech skills getting hotter — no certification required

Employers are apt to invest more often in cash premiums for noncertified tech skills compared to certifications. Here are a few they’re coveting the most now and going forward.

Protecting high-value research data from nation-state attackers

Joint NCSC-DHS-CISA advisories and a warning from the FBI have recently highlighted activities of nation-state-backed groups targeting organizations focused on COVID-19 research. The goal is to obtain information for their domestic COVID-19 research efforts. To read this article in full,...

7 points your security team needs to know about IPv6 (but probably doesn’t)

If you think your security team does not have to know about IPv6 because it’s not yet deployed in your organization, think again. Your employees and networks depend on Internet Protocol version 6, the modern communications protocol for computers...

BrandPost: Developing Cybersecurity Skills in Untapped Resources to Fill the Talent Shortage

CISOs are challenged with filling critical cybersecurity roles in their organizations due to the shortage of talent and cybersecurity expertise. One untapped resource that organizations looking to fill security roles should pay more attention to in their recruitment efforts...

10 biggest cybersecurity M&A deals of 2019

2019 was another big year for mergers and acquisitions (M&A) in the cybersecurity industry. According to Momentum Cyber, more than 150 deals totaling more than $23 billion in value took place this year. Four billion-dollar deals have occurred in...

What is DLP? How data loss prevention software works and why you need it

Data loss prevention (DLP) is a set of practices (and products) that ensure that an organization's sensitive or critical data remains available to authorized users and isn't shared with or available to unauthorized users. The term as been around...

Domestic 5G development at core of US communications security plan

In late March, during the first phase of the coronavirus lockdown, the White House issued a little-noticed document entitled The National Strategy to Secure 5G of the United States, which articulates a “vision for America to lead the development,...

DDoS explained: How distributed denial of service attacks are evolving

What is a DDoS attack? A distributed denial of service (DDoS) attack is when an attacker, or attackers, attempt to make it impossible for a service to be delivered. This can be achieved by thwarting access to virtually anything: servers,...

Solar power shines light on security for the renewable energy industry

Cyberattacks on energy companies are becoming more common. State-sponsored groups such as Hexane or DragonFly target them routinely to sabotage operations and steal intellectual property (IP) while criminal groups try to extort money with the ransomware attacks like the...

BrandPost: Simplified Security Starts with Integration

Over the years, the changing cyberattack landscape has caused security teams to deploy dozens of point solutions. Layer on the associated monitoring tools and consoles from multiple vendors, and the result is unmanageable complexity.In fact, 86% of organizations are...

BrandPost: Securing Access to Cloud: The Roles of SASE and SD-WAN

As companies rapidly adopt multi-cloud platforms and services, security concerns have ramped up. Organizations now have to think about securing both access and connections to the data and applications that are increasingly moving outside of the enterprise.At the same...

John the Ripper explained: An essential password cracker for your hacker toolkit

John the Ripper definition To read this article in full, please click here(Insider Story)

Bipartisan bill could bring back the White House national cyber director role

Last week a bipartisan group of US House of Representatives legislators introduced the National Cyber Director Act to create the position of a national cyber director within the White House. The creation of this role is one of the...

Windows 10 Security Game-Changer As Microsoft Reveals New Hacker Protection

Microsoft is set to bring a powerful new security feature to Windows 10 that just might be a game-changer.

15 Billion Stolen Logins Are Circulating on the Dark Web

Plus: Facebook's Roger Stone takedown, the BlueLeaks server seizure, and more of the week's top security news.
The Hacker News

Exclusive: Any Chingari App (Indian TikTok Clone) Account Can Be Hacked Easily

Following vulnerability disclosure in the Mitron app, another viral TikTok clone in India has now been found vulnerable to a critical but easy-to-exploit authentication bypass vulnerability, allowing anyone to hijack any user account and tamper with their information, content,...

Is TikTok Seriously Dangerous—Do You Need To Delete It?

Here's the reality behind all the headlines...

iPhone User Sues LinkedIn For Reading Clipboard Data After iOS 14 Alert Revelations

The fallout from Apple's new iOS 14 privacy notification feature continues as one iPhone user files a class-action lawsuit against LinkedIn for silently reading clipboard data.