Tuesday, August 3, 2021

New Normal Demands New Security Leadership Structure

At the inaugural Omdia Analyst Summit, experts discuss where the past year has created gaps in traditional security strategy and how organizations can fill them.

Multiple Zero-Day Flaws Discovered in Popular Hospital Pneumatic Tube System

"PwnedPiper" flaws could allow attackers to disrupt delivery of lab samples or steal hospital employee credentials, new research shows.

8 Security Tools to be Unveiled at Black Hat USA

Security researchers and practitioners share a host of new cyber tools for penetration testing, reverse engineering, malware defense, and more.

Biden Administration Responds to Geopolitical Cyber Threats

In response to growing concerns regarding the recent uptick in large-scale, nation-state-backed ransomware attacks on critical infrastructure, the Biden administration is taking new action to tackle the evolving challenges posed by ransomware attacks.

7 Hot Cyber Threat Trends to Expect at Black Hat

A sneak peek of some of the main themes at Black Hat USA next month.

Law Firm for Ford, Pfizer, Exxon Discloses Ransomware Attack

Campbell Conroy & O'Neil reports the attack affected personal data including Social Security numbers, passport numbers, and payment card data for some individuals.

US Accuses China of Using Criminal Hackers in Cyber Espionage Operations

DOJ indicts four Chinese individuals for alleged role in attacks targeting intellectual property, trade secrets belonging to defense contractors, maritime companies, aircraft service firms, and others.

How Gaming Attack Data Aids Defenders Across Industries

Web application attacks against the video game industry quadrupled in 2020 compared to the previous year, but companies outside entertainment can learn from the data.

NSO Group Spyware Used On Journalists & Activists Worldwide

An investigation finds Pegasus spyware, intended for use on criminals and terrorists, has been used in targeted campaigns against others around the world.

When Ransomware Comes to (Your) Town

While steps for defending against a ransomware attack vary based on the size of the government entity and the resources available to each one, rooting out ransomware ultimately will come down to two things: system architecture and partnerships.

Breaking Down the Threat of Going All-In With Microsoft Security

Limit risk by dividing responsibility for infrastructure, tools, and security.

7 Ways AI and ML Are Helping and Hurting Cybersecurity

In the right hands, artificial intelligence and machine learning can enrich our cyber defenses. In the wrong hands, they can create significant harm.

Researchers Create New Approach to Detect Brand Impersonation

A team of Microsoft researchers developed and trained a Siamese Neural Network to detect brand impersonation attacks.

Recent Attacks Lead to Renewed Calls for Banning Ransom Payments

While attackers in protected jurisdictions continue to get massive sums for continuing to breach organizations, the ransomware threat will only continue to grow.

4 Future Integrated Circuit Threats to Watch

Threats to the supply chains for ICs and other computer components are poised to wreak even more havoc on organizations.

How to Attract More Computer Science Grads to the Cybersecurity Field

With 465,000 cybersecurity job openings in the United States, why is recruiting so difficult? A recent college graduate offers his take.

Attackers Exploited 4 Zero-Day Flaws in Chrome, Safari & IE

At least two government-backed actors -- including one Russian group -- used the now-patched flaws in separate campaigns, Google says.

State Dept. to Pay Up to $10M for Information on Foreign Cyberattacks

The Rewards for Justice program, a counterterrorism tool, is now aimed at collecting information on nation-states that use hackers to disrupt critical infrastructure.

CISA Launches New Website to Aid Ransomware Defenders

StopRansomware.gov provides information to help organizations protect against, and respond to, ransomware attacks.

Microsoft: Israeli Firm's Tools Used to Target Activists, Dissidents

Candiru sold spyware that exploited Windows vulnerabilities and had been used in attacks against dissidents, activists, and journalists.
SecurityWeek

Mismanagement Driving Cybersecurity Skills Gap: Research

“To some extent, this data supports the theory that the cybersecurity skills shortage is related to mismanagement rather than a dearth of qualified candidates or advanced skills.” read more
Google

Linux Kernel Security Done Right

Posted by Kees Cook, Software Engineer, Google Open Source Security TeamTo borrow from an excellent analogy between the modern computer ecosystem and the US automotive industry of the 1960s, the Linux kernel runs well: when driving down the highway,...

Raccoon Stealer Bundles Malware, Propagates Via Google SEO

An update to the stealer-as-a-service platform hides in pirated software, pilfers crypto-coins and installs a software dropper for downloads of more malware.
SecurityWeek

SAP Customer Survey Reveals False Sense of Security

Many SAP customers have a false sense of security, according to a new report from risk management consultancy Turnkey Consulting and business-critical application security firm Onapsis. The SAP Security Survey Report 2021 is based on information from over 100 SAP...

BazarCaller – the malware gang that talks you into infecting yourself

Calling someone back feels safer than clicking an unknown link... but it isn't! Remind your friends and family.