When hosting a video conference, make sure you password protect the conference so only authorized individuals can join. If there are any strangers or people who you do not recongize on the call, remove them.Read More Hosting a Video Conference
This blog provides a list of upcoming and archived talks in the webcast series.Read More [email protected] Schedule
This blog provides information about the new SANS ICS webcast series aims to equipping security professionals and control system engineers with the security awareness, work-specific knowledge, and resources they need to secure automation and control sy…Read More SANS ICS & Dragos host webcast series to strengthen the Industrial Control Systems Community
This blog provides resources related to healthcare security.Read More SANS Healthcare Security Resources
Microsoft today rolled out updates to plug at least 56 security holes in its Windows operating systems and other software. One of the bugs is already being actively exploited, and six of them were publicized prior to today, potentially giving attackers a head start in figuring out how to exploit the flaws.Read More Microsoft Patch Tuesday, February 2021 Edition
The intrusion also shows how redundancy and detection can minimize damage and reduce impact to the population.Read More Florida Water Utility Hack Highlights Risks to Critical Infrastructure
Today’s VERT Alert addresses Microsoft’s February 2021 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-928 on Wednesday, February 10th. In-The-Wild & Disclosed CVEs CVE-2021-1732 A vulnerabi…Read More VERT Threat Alert: February 2021 Patch Tuesday Analysis
Microsoft February 2021 Patch Tuesday addresses 56 vulnerabilities, including a flaw that is known to be actively exploited in the wild. Microsoft February 2021 Patch Tuesday security updates address 56 CVEs in multiple products, including Windows components, .NET Framework, Azure IoT, Azure Kubernetes Service, Microsoft Edge for Android, Exchange Server, Office and Office Services and […]Read More Microsoft February 2021 Patch Tuesday fixes 56 bugs, including an actively exploited Windows zero-day
The two will join forces to accelerate digital transformation in key industries.
The post Telus and Google Cloud ink 10-year collaboration deal first appeared on IT World Canada.
Microsoft’s monthly security fixes addressed a Win32k zero-day, six publicly known flaws, and three bugs in the Windows TCP/IP stack.Read More Microsoft Fixes Windows Zero-Day in Patch Tuesday Rollout
Microsoft last week gave the green light for Windows 10 2004, signaling to commercial customers that the May 2020 feature upgrade is now reliable enough for them to widely deploy.”Windows 10, version 2004 is designated for broad deployment,” Microso…Read More Microsoft issues green light for Windows 10 2004. (But what’s the point?)
Genetic testing company with 10 million customers’ data has ‘huge cybersecurity implications’The genetic testing company 23andMe will go public through a partnership with a firm backed by the billionaire Richard Branson, in a deal that has raised fresh…Read More Fears over DNA privacy as 23andMe goes public in deal with Richard Branson
An international operation conducted by Ukraine’s police, along with the US and Australia peers, shut down the world’s largest phishing Service U-Admin. Last week, an international operation conducted by Ukraine’s police, along with the US and Australian authorities, lead to the shut down of the world’s phishing framework U-Admin. The National Police and its Main […]
The post Ukraine’s police arrested the author of the U-Admin phishing kit appeared first on Security Affairs.Read More Ukraine’s police arrested the author of the U-Admin phishing kit
The supply chain attack that Trojanized a SolarWinds update to infect and spy on the IT management platform’s customer base continues to be analyzed. Early reports have called the methods highly sophisticated and the actors highly trained. We do know that IP addresses, a command and control server and a malicious product update file were […]
The post Essential Threat Intelligence: Importance of Fundamentals in Identifying IOCs appeared first on Webroot Blog.Read More Essential Threat Intelligence: Importance of Fundamentals in Identifying IOCs
Beware pseudo-geeks bearing ‘gifts’.Read More Beware of technical “experts” bombarding you with bug reports
All users of Plex Media Server are urged to apply the hotfix, which directs their servers to respond to UDP requests only from the local network and not the public internet.Read More Plex patches media server bug potentially exploited by DDoS attackers
A Canadian expert wasn’t surprised to hear about the attack through a remote desktop application
The post Cyberattack on Florida water treatment plant raises alarms in Canada first appeared on IT World Canada.Read More Cyberattack on Florida water treatment plant raises alarms in Canada
The concept of a trail of breadcrumbs in the offensive security community is nothing new; for many years, researchers on both sides of the ethical spectrum have followed the compass based on industry-wide security findings, often leading to groundbreaking discoveries in both legacy and modern codebases alike. This happened in countless instances, from Java to […]
The post Researchers Follow the Breadcrumbs: The Latest Vulnerabilities in Windows’ Network Stack appeared first on McAfee Blogs.Read More Researchers Follow the Breadcrumbs: The Latest Vulnerabilities in Windows’ Network Stack
Faced with tight budgets and limited resources, municipalities are being forced to do more with less. A panel of experts at Technicity West share tips on how to find partners in a work-from-home world
The post Technicity West: Experts urge municipaliti…
Cloud-based big data platform boosts extended detection and response (XDR) offering.Read More SentinelOne Buys Data Analytics Company Scalyr
The challenges of remote work have been amplified for every industry during the COVID-19 pandemic, and the public sector is no different. At Technicity West, a panel of experts discussed these issues and how they’ve changed the way people work.
Municipalities are being forced to rethink how they develop and rollout internet infrastructure across municipalities now that public spaces like libraries and rec centres are no longer the Wi-Fi hotspots they used to be.
The post Technicity West: Citi…
Team members from different backgrounds, genders, ethnicities, and neurological abilities are best equipped to tackle today’s security challenges.Read More How Neurodiversity Can Strengthen Cybersecurity Defense
An attacker hacked into a Florida city’s water treatment plant and attempted to leverage that access to poison the municipality’s water supply. According to WTSP-TV, an operator at the water treatment plant in the 15,000-person City of Oldsm…Read More Attacker Hacked into Florida City’s Water Treatment Plant, Attempted to Poison Water Supply
Cloud services was the most impersonated industry, followed by financial services, e-commerce, and social media, researchers report.Read More Microsoft & Facebook Were Phishers’ Favorite Brands in 2020
With every new Android version comes a flurry of fancy fresh features. Some of them immediately transform the way we work, while others just quietly fade away without making much noise.And then there are the features that fall somewhere in between —…Read More 10 handy hidden Android features you probably forget to use
PTS Vendors who are Participating Organizations and PCI Recognized labs are invited to review and provide feedback on the draft PCI PIN Transaction Security (PTS) Hardware Security Module (HSM) Modular Security Requirements during a…
Proofpoint’s annual State of the Phish report shows phishing still a successful tactic for threat actors
The post Data loss, credential compromise up in phishing attacks in 2020, says vendor report first appeared on IT World Canada.
Any enterprise knows the biggest problem with rapid business expansion is scale; as a company’s business grows, it will face a range of unintended consequences. One of these can be a stealthy scourge of scam apps being sold at app stores, including …Read More It’s time for an App Store scam app crackdown
While the incursion was thwarted in time, cyberattacks targeting critical infrastructure are a major cause for concern
The post Hacker attempts to poison Florida city’s water supply appeared first on WeLiveSecurity
Quantum computing is the next frontier in computer science. It can bring untold benefits, allowing the development of new materials, tackling pandemics and making the world a greener, safer place. But it also threatens to break the encryption that keeps our data safe from prying eyes. France’s recent announcement to invest €1.8b into Europe’s quantum […]
The post Europe’s Quantum Story is Accelerating, and the World Will be Better for it appeared first on McAfee Blogs.Read More Europe’s Quantum Story is Accelerating, and the World Will be Better for it
While Gartner does not have a dedicated Magic Quadrant for Bug Bounties or Crowd Security Testing yet, Gartner Peer Insights already lists 24 vendors in the “Application Crowdtesting Services” category.
We have compiled the top 5 most promising bug bou…
By 2023, the size of the global cybersecurity market is predicted to grow to $248.26 billion. The industry is expected to grow at a consistent pace. You know what that means: more open positions, better salaries, and improved perspectives for career growth. Getting a cybersecurity MA degree is not easy, and it might cost you […]
The post Why You Should Study a Cyber Security Degree in 2021 appeared first on CyberDB.Read More Why You Should Study a Cyber Security Degree in 2021
Local officials said someone took over their TeamViewer system and dangerously increased the levels of lye in the town’s water.Read More FBI, Secret Service investigating cyberattack on Florida water treatment plant
But pre-ordering does not guarantee service.
The post SpaceX Starlink satellite internet now taking pre-orders in Canada first appeared on IT World Canada.
The development team behind the NextGen Gallery plugin has addressed two severe CSRF vulnerabilities that could have allowed site takeover. The developers behind the NextGen Gallery plugin have fixed two critical Cross-site request forgery (CSRF) vulnerabilities, their exploitation could lead to a site takeover, malicious redirects, spam injection, phishing, and other malicious activities. The NextGEN […]
The post Critical flaws in NextGen Gallery WordPress plugin still impact over 500K installs appeared first on Security Affairs.Read More Critical flaws in NextGen Gallery WordPress plugin still impact over 500K installs
Why do fileless attacks persist? Let’s break down the strengths and weaknesses of the existing mitigations.Read More Fighting Fileless Malware, Part 2: Countermeasures
Taking stock of least-privilege policies will go a long way toward hardening an organization’s overall security posture.Read More SolarWinds Attack Reinforces Importance of Principle of Least Privilege
IT teams should look for services with automatic alerts about user behavior, logging, scalability, and central management.Read More How to select an enterprise VPN that protects data but doesn’t drive users crazy
A new investigation of two known threat groups show cyber actors are spying on mobile devices and PCs belonging to targeted users around the world.Read More Iranian Cyber Groups Spying on Dissidents & Others of Interest to Government
Active accounts for people who have left your organization can make exploitation easy, according to Sophos.Read More Ransomware can be installed via ghost accounts
If your marketing agency is under the impression that cyber security is strictly an IT issue, you should think again. Effective security is a company-wide commitment, and marketers play one of the most crucial roles. Consider how much personal data you collect; if that information is lost or stolen, it will severely damage your customer relationships. In fact, a Ping Identity survey found that 78% of people would stop using an organisation’s online services if it had experienced a breach. So, what should marketing agencies do to reduce the risk of cyber attacks and protect their reputation? Here are ourRead More A guide to cyber security for marketing agencies
MalwareBytes is reporting a weird software credit card skimmer. It harvests credit card data stolen by another, different skimmer:
Read More Web Credit Card Skimmer Steals Data from Another Credit Card Skimmer
Even though spotting multiple card skimmer scripts on the same online shop is not unheard of, this one stood out due to its highly specialized nature.
“The threat actors devised a version of their script that is aware of sites already injected with a Magento 1 skimmer,” Malwarebytes’ Head of Threat Intelligence Jérôme Segura explains in a report shared in advance with Bleeping Computer.
“That second skimmer will simply harvest credit card details from the already existing fake form injected by the previous attackers.”…
The start of the new year in the Technology Partnerships Office (TPO) brings with it innovative ideas and projects pushing the TPO and NIST mission forward. One of the primary goals of TPO is to elevate NIST inventions that have commercialization poten…Read More Accelerating Ideas Toward Commercialization
Traditional data and operations management across organizations and on the web can involve inefficient transaction reconciliation between siloed databases, password fatigue, and single points of failure. These often result in concerns over interoperabi…Read More NIST Publishes NISTIR 8301: Blockchain Networks—Token Design and Management Overview
The Florida-based Leon Medical Center and Nocona General Hospital in Texas have suffered attacks from hackers that have resulted in extensive information about their patients being published on the internet.
Read more in my article on the Hot for Se…Read More Hackers publish patient data stolen from two US hospital chains
Endpoint Detection and Response (EDR) platforms have received incredible attention as the platform for security teams.
Whether you’re evaluating an EDR for the first time or looking to replace your EDR, as an information security professional, you need…
Tesla invests heavily into Bitcoin, Amazon workers begin a historic vote of unionization and verified Twitter users shared an all-time-high amount of fake news in 2020.
The post Hashtag Trending – Tesla loves Bitcoin; Unionization at Amazon; Twitter’s …
On February 9, 2021, the world will celebrate the 18th iteration of Safer Internet Day. The theme of this year’s event is “Together for a better internet.” It’s a reminder that all of us have a responsibility to help make the web a safer place. One of …Read More General Tips for Children & Teens on Safer Internet Day
Law enforcement officials in Ukraine, in coordination with authorities from the U.S. and Australia, last week shut down one of the world’s largest phishing services that were used to attack financial institutions in 11 countries, causing tens of millio…Read More Ukrainian Police Arrest Author of World’s Largest Phishing Service U-Admin
Microsoft implements alerts for ‘nation-state activity’ in the Defender for Office 365 dashboard, to allow organizations to quickly respond. Since 2016, Microsoft has been alerting users of nation-state activity, now the IT giant added the same service to the Defender for Office 365 dashboard. The new security alert will notify companies when their employees are […]
The post Microsoft to notify Office 365 users of nation-state attacks appeared first on Security Affairs.Read More Microsoft to notify Office 365 users of nation-state attacks