Security Bloggers Network

Many thanks to DEF CON and Conference Speakers for publishing their outstanding presentations; of which, originally appeared at the organization's DEFCON 28 SAFE MODE Conference, and on the DEF CON YouTube channel. Enjoy! Permalink ...
Read More

via the comic delivery system monikered Randall Munroe resident at XKCD! Permalink ...
Read More

Many thanks to DEF CON and Conference Speakers for publishing their outstanding presentations; of which, originally appeared at the organization's DEFCON 28 SAFE MODE Conference, and on the DEF CON YouTube channel. Enjoy! Permalink ...
Read More

It's December, so you know what that means: Predictions for what's to come for cyber in 2021. We brought together a number of IronNet experts, from executives to researchers, to speculate on what the Year of the Ox has in store for the cyber world.    From Anthony Grenga, Director of IronNet's Security Operations Center: ...
Read More

Many thanks to DEF CON and Conference Speakers for publishing their outstanding presentations; of which, originally appeared at the organization's DEFCON 28 SAFE MODE Conference, and on the DEF CON YouTube channel. Enjoy! Permalink ...
Read More

Brazil’s Ministry of Health is under fire again for another massive leak of personal information ...
Read More

via the comic delivery system monikered Randall Munroe resident at XKCD! Permalink ...
Read More

  El 2020 en definitiva obligó a organizaciones a dar un giro de 180 grados a la forma en que estaban establecidas las rutinas de trabajo y reafirmó lo fundamental que es un equipo de TI.  Bastante se ha hablado … The post Tendencias TI para el 2021: así será la nueva normalidad appeared first on ...
Read More

Attackers are always trying to come up with new ways to evade detection from the wide range of security controls available for web applications. This also extends to malware like PHP shells, which are typically left on compromised websites as a backdoor to maintain unauthorized access. MARIJUANA is the name of a PHP shell that ...
Read More

Many thanks to DEF CON and Conference Speakers for publishing their outstanding presentations; of which, originally appeared at the organization's DEFCON 28 SAFE MODE Conference, and on the DEF CON YouTube channel. Enjoy! Permalink ...
Read More

The post Celebrating 20 Years of Cybersecurity Excellence appeared first on Digital Defense, Inc ...
Read More

Why Tying the Knot Between IoT and Users Is a Three-Layer Wedding Cake Is your Internet of Things (IoT) project stuck in device registration mode with seemingly no way to get out? Or have you been able to “break out” to realize greater business value by “marrying” your IoT to your human user profiles? Let ...
Read More

Following on from last weeks post in which I summed up my top 5 blogs of the year, the sequel that one person asked me for was, what were the most watched videos of mine during 2020? Well, wonder no more, as I give you the top 5 in reverse order, cue the Top of ...
Read More

As part of our commitment to continuous improvement, we’re happy to announce that Policies in the Avast Business Management Consoles is getting a makeover. Configuring and managing policies for all your business devices is about to get easier than ever ...
Read More

Automation is becoming more and more prevalent and sought after by Security Operations Centers (SOC). This is driven by the increasing cybersecurity skills gap, intensified by the volume of security data and alerts that require... The post Palo Alto Networks XSOAR Integration: Maximizing Automation for Incident Detection and Remediation appeared first on Respond Software ...
Read More

Five worthy reads is a regular column on five noteworthy items we’ve discovered while researching trending and timeless topics. In this edition, we’ll learn about hyperscale data centers, including how they function, and the considerations and challenges organization face in … The post Five worthy reads: Hyperscale: The path ahead for data centers and organizations ...
Read More

The U.S. Internal Revenue Service (IRS) said this week that beginning in 2021 it will allow all taxpayers to apply for an identity protection personal identification number (IP PIN), a single-use code designed to block identity thieves from falsely claiming a tax refund in your name. Currently, IP PINs are issued only to those who ...
Read More

The world has waited for 10 months for the good news that arrived this week—the first inoculations of the COVID-19 vaccine would be given in the UK within days. Those same 10 months also saw threat actors working to take advantage of the supply chain knowledge void in which governments and individuals find themselves. This ...
Read More

Internet Isolation Enables a Zero Trust Approach That Protects Remote Users from Cybersecurity Threats without Impacting the User Experience. Federal agencies are being forced to rethink the way they empower public servants with the tools and information they need to make government work. Even before the Covid-19 global pandemic, agencies were undergoing digital transformation in ...
Read More

The Egregor ransomware gang struck TransLink, the authority responsible for managing Metro Vancouver’s transportation network. On December 1, TransLink announced that certain issues were affecting its phones, online services and payment systems. The authority later confirmed that it had suffered a ransomware attack and that those responsible for the infection had used its printers to ...
Read More

The Hackney Council cyberattack was first reported on Tuesday 13 October 2020. A full seven weeks later, as of 2 December, twenty one of the ser... (Feed generated with FetchRSS) ...
Read More

This month’s top story in the threat landscape boils down to one word:  TrickBoot.  Put simply: the most prominent and dangerous criminal malware apparatus behind the TrickBot toolset (yes, the same campaigns that lead to the destructive Ryuk and Conti ransomware that’s netted the group over $150m in the last few years) now has a ...
Read More

Language EnglishTags: <a href='/blog?tag='></a> <a href='/blog?tag='></a> <a href='/blog?tag='></a> There’s no doubting the many benefits brought by a move to the cloud; it offers organizations flexibility, scalability and reduces capital costs. The adoption of cloud computing is widespread with 80% of organizations predicted to make the move by 2025. When moving on-premise infrastructures, organizations can also benefit ...
Read More

Many of us will be spending time away from our family members this holiday season, even with Covid-19 vaccines on the horizon. Not being able to see grandchildren or nieces and nephews will be especially heartbreaking for older family members. And, unfortunately, many people in older generations either don’t have the technology to stay in ...
Read More

A 34-year-old hacking law called the Computer Fraud and Abuse Act (CFAA) sits at the center of a U.S. Supreme Court hearing where the defense insists the law was too vaguely written. Nathan van Buren, a former Georgia police officer, is on trial for allegedly accepting payment to search for a license plate in the ...
Read More

The novel coronavirus pandemic has been a boon for cybercriminals seeking profit amid chaos. Tanium’s special report of 1,000 chief executives and VPs revealed that 90% of enterprises surveyed experienced an increase in cyberattacks due to the pandemic and nearly all (98%) of CXOs and VPs incurred security challenges within the first two months. Hackers ...
Read More

Learn more about how a Web Application Firewall with API security can protect organizations from online shopping threats ...
Read More

Taking a holistic approach to security and risk is essential for any organization that uses Kubernetes or other cloud based container platform. As an open source container orchestration system for automating deployment, scaling, and management of containerized applications, Kubernetes is … Read more The post A Holistic Approach to Kubernetes Security and Compliance appeared first ...
Read More

Posted on Dec 4, 2020by Kacy Zurkus We are mere weeks away from the close of 2020, and not a day goes by without me hearing someone say they can’t wait for this year to be over. Certainly, the year has posed challenges for many of us personally and professionally. In fact, the cybersecurity industry ...
Read More

This is the Part 2 of a 3-part blog on how to use the NIST cybersecurity framework without getting bogged down and lost in the minutia of the specification documents. Part 1 can be found here, and we recommend you read this piece first if you have not already done so. Let’s recall the 5 ...
Read More

DATA SECURITY PODCAST In a recent podcast interview with Hillarie McClure, Multimedia Director of Cybercrime Magazine, and Tom Cornelius, who currently serves as both the senior partner at Compliance Forge, and senior director at the Secure Controls Framework Council, discuss the latest views on data security, and the why organizations have a constant struggle with vulnerability ...
Read More

Collector Add-On: Silo for Research enhances researcher workflows to automate recurring collection of data at appropriate times to avoid detection ...
Read More

The Anti-Phishing Working Group (APWG), known for its collaborative analysis of phishing attacks and identify theft techniques, has released its Phishing Activity Trends Report for Q3 of 2020. Highlights from the report include more than two hundred thousand unique phishing websites detected in August and September, SSL encryption for phishing sites overtaking SSL deployment for ...
Read More

Table of Contents: What Is Kubernetes? Kubernetes Security and the Cloud Native Environment Kubernetes Security Issues and DevOps Kubernetes Security Best Practices   Kubernetes Security Context  Kubernetes Security Tools  Kubernetes Security Audit Reducing Kubernetes Attack Surfaces    What Is Kubernetes? Kubernetes is an open source orchestration platform for containerized workflows. It is the best way ...
Read More

Many thanks to DEF CON and Conference Speakers for publishing their outstanding presentations; of which, originally appeared at the organization's DEFCON 28 SAFE MODE Conference, and on the DEF CON YouTube channel. Enjoy! Permalink ...
Read More

This month wraps up a year of heightened activity on all fronts. As we cover in the December Threat Intelligence Brief, we are seeing adversaries that are taking advantage of the COVID-19 crisis to ongoing nation-state threats, including Chinese cyber espionage activity reported in newly published research, the threats are rampant.  ...
Read More

Overview Each week on Friday, we post a social media challenge known as “Detective Nevil Mystery Challenge”.  On November 13th of 2020, we released a challenge that contained a payload and it was only solved by one person on twitter.  That challenge is as follows: I decided it might be a good idea to do ...
Read More

via the Comic Noggins of Nitrozac and Snaggy at The Joy of Tech®! Permalink ...
Read More

Discover magazine has just published a review of the 1980s phenom known as the 414s (Milwaukee area code, adopted by teenage hackers) While the 414s’ antics didn’t spark a nuclear conflict, they did ignite a national conversation on computer security… They get called pioneers, which I suppose is reasonable when compared to those today who ...
Read More

Way back in 1999, I wrote about open-source software: First, simply publishing the code does not automatically mean that people will examine it for security flaws. Security researchers are fickle and busy people. They do not have the time to examine every piece of source code that is published. So while opening up source code ...
Read More

The hacker’s forum called OGUsers has ironically been a tempting target for criminals, with a series of at least three successful hacking attempts in the past couple of years: Once in May 2019, a second time in March 2020, and a third time just last week ...
Read More

Many thanks to DEF CON and Conference Speakers for publishing their outstanding presentations; of which, originally appeared at the organization's DEFCON 28 SAFE MODE Conference, and on the DEF CON YouTube channel. Enjoy! Permalink ...
Read More

46% of analysts believe using the dark web in financial crime investigations would be valuable but aren’t currently equipped to pursue such research safely ...
Read More

The PCI DSS scoping guidance indicates that common shared services that provide services to the CDE, such as DNS, can be in scope and must be assessed for PCI DSS compliance ...
Read More

Although far from new in technological terms, the ubiquity of public and hybrid cloud use is a relatively recent phenomenon. Driven in part by the current COVID-19 pandemic, it would be difficult to find an organization that isn't relying on a cloud-based service right now ...
Read More

In the run-up to Christmas, we surveyed 2000 UK consumers to understand what really rings their festive bells when shopping. We offered a list of potential considerations that people look for, before they decide where and when to make their purchasers, and asked shoppers to rank them in order of importance. The post Christmas Shopping: ...
Read More

As I had mentioned previously, this year, I’m going back to school. Not to take classes, but to teach a course at my alma mater, Fanshawe College. I did this about a decade ago and thought it was interesting, so I was excited to give it another go. Additionally, after a friend mentioned that their ...
Read More

A survey by Zendesk highlighted that before reaching out to support channels, 81% of respondents try to take care of[…] The post Reducing ticket volume with self-service portals appeared first on LogonBox Journal ...
Read More

On November 19, Veracode published new, official Docker images for use in continuous integration pipelines. The images, which provide access to Pipeline Scan, Policy (or Sandbox) scans, and the ability to access Veracode APIs via the Java API Wrapper or via HTTPie with the Veracode API Signing tool, make it easy to include the current ...
Read More

Embraer, a Brazilian manufacturer of aircraft, has disclosed that hackers managed to breach its computer systems, and steal data. Although Embraer may not be a household name, it is the world’s third-largest producer of civil aircraft (after Boeing and Airbus), having delivered more than 8,000 aeroplanes to date. According to a press release issued by ...
Read More