Security Bloggers Network

Weekly Top 10

Latest Posts

Consider Cybersecurity topics, authors and tags that you are interested in when trying to search. You can also enter your own custom search criteria. You can also select a topic or syndication source below to filter all the blog posts.

While convenient, browser extensions can be a source of data breach. Here’s how to eliminate malicious browser extensions to keep your systems secure. The post Find and Eliminate Malicious Browser Extensions appeared first on JumpCloud ...
Read More
|
This post is the hardest one to write. I've been thinking about it for years without being able to put words to paper. With the COVID-19 stay-at-home directive, I can't procrastinate anymore, so here goes.As outlined in Part 9, Fall 2011 was a tough period. To make it tougher, the CIO decided to hire two ...
Read More
|
Menlo Security has detected a sophisticated, multi-stage attack leveraging the current COVID-19 pandemic. Our data has shown that COVID-19–based attacks are much more successful than typical phishing attacks. The global pandemic is literally a life-or-death situation that is changing constantly, and people are trying to stay up to date with the latest developments. Cybercriminals have ...
Read More
|
Thanks to 0xdade for publishing these outstanding Shmoocon 2020 Convention videos via the 0xdade YouTube channel and the 0xdade Shmoocon 2020 Playlist for everyone to view, learn and, of course, enjoy. Permalink ...
Read More
|
via the comic delivery system monikered Randall Munroe at XKCD! (To View The Full, Superb Crafted Piece, Visit XKCD! Permalink ...
Read More
|
Thanks to 0xdade for publishing these outstanding Shmoocon 2020 Convention videos via the 0xdade YouTube channel and the 0xdade Shmoocon 2020 Playlist for everyone to view, learn and, of course, enjoy. Permalink ...
Read More
|
Full disk encryption (FDE) is an important security feature. Here’s how to check if it’s enabled on Mac and Windows systems. The post How to Check If FDE Is on for Your Endpoints appeared first on JumpCloud ...
Read More
|
This post may seem off-topic for my regular cybercrime and cyber security readers, but these are unusual times. Regular readers know that part of what my team at the UAB Computer Forensics Research Lab has been working on is looking for scams and fraud related to Covid-19 / CoronaVirus. Part of that process has been ...
Read More
|
It’s pretty clear from a series of rapid and unfortunate missteps by Zoom that there’s something fundamentally wrong with the company. We already knew the origin story didn’t sound great. A VP of Engineering at WebEx, after being acquired by Cisco, didn’t like working for the parent company and left to start a direct competitor ...
Read More
|
The coronavirus pandemic has changed the way so many of us live our lives that it’s on many of our minds throughout most of the day. Cybercriminals, always camouflaging their tricks to blend in with the latest topics, know this all too well. As a result, they have already launched countless scams preying on the ...
Read More
|
Imperva is enhancing support for its customers in Asia by increasing capacity at its PoP in Kuala Lumpur (KL), Malaysia. Home to hundreds of multinational companies, KL’s thriving high-tech economy and strong financial center positions it well as a global hot-spot for business. Imperva is boosting its services at its KL PoP by increasing capacity ...
Read More
|
First off, no -- the Internet is not going to break! That said, the news media is awash with stories and statistics about how the Internet is faring with the increase in traffic due to isolation protocols forcing daily functions ...
Read More
|
For decades, those of us who work on the infrastructure of the web have heard and talked a lot about "inflection points" -- points at which we have seen notable increases in Internet usage driven by commerce, entertainment, financial services, ...
Read More
|
Although effective for remote access, RDP ports are vulnerable to attack when exposed to the internet. Learn how to protect remote workers here. The post Adding MFA to RDP Access appeared first on JumpCloud ...
Read More
|
Thanks to 0xdade for publishing these outstanding Shmoocon 2020 Convention videos via the 0xdade YouTube channel and the 0xdade Shmoocon 2020 Playlist for everyone to view, learn and, of course, enjoy. Permalink ...
Read More
|
Researchers discovered a flaw in the Zoom chat feature that could allow attackers to steal users’ Windows login credentials. Over the past month, as much of the population began working from home and discontinuing social gatherings, the number of Zoom video conferences has skyrocketed. Since 2020 began, 2 million new users have signed up with ...
Read More
|
In September 2019, NIST (National Institute of Standards and Technology) published the first draft of its Zero Trust Architecture (ZTA) for public feedback. A second draft was issued in February 2020 that incorporated industry feedback from the first cycle and ...
Read More
|
The COVID-19 crisis has forced enterprises everywhere to find new ways of maintaining valued relationships with customers and partners. At Akamai, we are here to support you at every step during these uncertain times. With this in mind, we are ...
Read More
|
Threat actors are repurposing Nigerian Prince or 419 lures with novel coronavirus messaging to capitalize on the current pandemic. Today’s examples demonstrate how they are doing it ...
Read More
|
A vulnerability researcher has received a bug bounty after discovering security holes in Apple’s software that could allow malicious parties to hijack an iPhone or Mac user’s camera and spy upon them. Bug hunter Ryan Pickren is richer to the tune of $75,000 after responsibly disclosing seven zero-day vulnerabilities in the Apple Safari browser for ...
Read More
|
via the Comic Noggins of Nitrozac and Snaggy at The Joy of Tech® Permalink ...
Read More
|
Learn strategies to migrate your directory service to the cloud and centralize access control and device management. The post Going Domainless: Cloud Directory Migration Strategy appeared first on JumpCloud ...
Read More
|
We have been on an amazing ride in the last 8 months since launching our comic strip, Adventures of CISO Ed & Co. Week after week, CISO Ed and his infosec colleagues highlight the stories and frustrations of a typical cybersecurity team while bringing some levity to the serious business of cybersecurity ...
Read More
|
Learn why application security vulnerabilities are a serious consideration in tech due diligence and how to evaluate your security risk in M&A transactions. The post [Webinar] Are You Acquiring the Next Big Breach? appeared first on Software Integrity Blog ...
Read More
There are the threats you know of. Then, there are the threats you should actually be defending against. Right now, some people think that these are the big cybersecurity monsters: ...
Read More
|
Thanks to 0xdade for publishing these outstanding Shmoocon 2020 Convention videos via the 0xdade YouTube channel and the 0xdade Shmoocon 2020 Playlist for everyone to view, learn and, of course, enjoy. Permalink ...
Read More
|
Zoom has disabled a feature in its web conferencing software that allowed the company to secretly gather data and match the information with LinkedIn sources, giving some users the ability to identify participants in the conference without their knowledge. Following a New York Times investigation, Zoom decided to eliminate its LinkedIn data mining entirely, citing ...
Read More
|
Over the past few weeks, Zoom's use has exploded since it became the video conferencing platform of choice in today's COVID-19 world. (My own university, Harvard, uses it for all of its classes. Boris Johnson had a cabinet meeting over Zoom.) Over that same period, the company has been exposed for having both lousy privacy ...
Read More
|
These tips will help organizational leaders enable their remote workforce, build a healthy culture, and ensure employees are productive. The post 3 Tips to Enable Your Remote Workforce appeared first on JumpCloud ...
Read More
|
The US Cybersecurity and Infrastructure Security Agency (CISA) is advising companies, institutions and regular users to update their Google Chrome browsers to the latest version as soon as possible. Given the dominant position of Google Chrome in the Internet browser market, it makes sense for CISA to get involved when there’s a significant risk. Google ...
Read More
|
Guardicore Labs this week published a report detailing how a malicious botnet has been using a brute force technique for nearly two years now to compromise systems running Microsoft SQL Server databases, then deploying multiple backdoors and executing numerous malicious modules including multifunctional remote access tools (RATs) and cryptominers. Ophir Harpaz, a cybersecurity researcher for ...
Read More
|
Security Boulevard
Twitter recently warned users of a Mozilla Firefox bug that grants access to accounts’ non-public information to anyone using the device. “We recently learned that the way Mozilla Firefox stores cached data may have resulted in non-public information being inadvertently stored in the browser’s cache,” Twitter said in a statement on April 2. “This means ...
Read More
|
A while back I wrote a blog post after a colleague shared a new JavaScript auditing tool called AuditJS. I wanted to update that based on more time with the tool, particularly since a new version was recently released! AuditJS is a free tool leveraging Sonatype's OSS Index. OSSI exposes a ReST API aggregating several ...
Read More
|
A quick overview of data breaches from the healthcare industry in March 2020 reveals 26 security incidents added to the Health Insurance Portability and Accountability Act (HIPAA) Breach Reporting Tool. The HIPPA Breach notification Rule“requires covered entities to notify patients when their unsecured protected heath information (PHI) is impermissibly used or disclosed—or “breached,”—in a way ...
Read More
|
Investigative report on how commercial bug-bounty programs like HackerOne, Bugcrowd, and SynAck are being used to silence researchers: Used properly, bug bounty platforms connect security researchers with organizations wanting extra scrutiny. In exchange for reporting a security flaw, the researcher receives payment (a bounty) as a thank you for doing the right thing. However, CSO's ...
Read More
|
Below The Surface is a monthly firmware threat report from the research team at Eclypsium. Each issue contains the latest threat research, insights and advice on enterprise firmware and hardware security ...
Read More
|
World’s first in-depth, public test of security services vs. targeted attacks. This email security test report is the product of two years of advanced threat research. We have worked with the security companies themselves and with their customers. We have monitored what the bad guys have been doing and identified and replicated real-world email threats ...
Read More
|
As more and more ransomware victims recover their data by paying up, the extortion payments made to ruthless cybercrooks are motivating the ransomware industry, new research suggests ...
Read More
|
 The compliance space is constantly changing. Simply put, being compliant means obeying the rules. The complexity is high for organizations operating across multiple geographies with multiple sets of standards and regulations, leading to a market that is set to reach $64.62 billion by 2025. In 2020, businesses will continue to grapple with evolving data security ...
Read More
|
Security Boulevard
Learn more about how partners can help their customers implement a secure remote access strategy that scales to ensure business continuity ...
Read More
|
The FortiGuard Labs team has been monitoring a significant spike in attacks targeting remote workers. Learn more about these cyber threats and how organizations can protect against them ...
Read More
|
The post A Deep Dive Into Building A 50+ Person WordPress Studio With Mario Peshev appeared first on MalCare ...
Read More
YesWeHack, a European bug bounty platform, is providing universities and schools with free access to its educational platform YesWeHackEDU. This offer aims to allow educational institutions to hold a practice-oriented cybersecurity training. As of 1st April 2020, all universities and schools can benefit from free licenses of YesWeHackEDU, which are valid until 31st May 2020.Preparation ...
Read More
|
Get to know SANS Instructor for ICS courses, Don C. Weber ...
Read More
|
As a passionate DevSecOps personnel, I wanted to build a portfolio of security tools that both the DevOps and the security community would love to use. The security tools marketplace is quite messy — people are forced to use, work and integrate with security products that are unfit for the purpose — often by senior leaders who are mis-sold ...
Read More
|
A survey revealed that approximately half of employees didn’t know how to respond in the event their organization suffered a ransomware infection. In its survey of North American business employees, Kaspersky found that 45% of respondents overall did not know the proper steps they should take in response to a ransomware attack. Respondents whose employer ...
Read More
|
Managed detection and response (MDR) is gaining momentum, but there is confusion about what it actually is. The MDR Manifesto was created to provide a definition and foundation for the basic capabilities MDR should provide ...
Read More
|