The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added single-factor authentication to the short list of “exceptionally risky” cybersecurity practices that could expose critical infrastructure as well as government and the pri…Read More CISA Adds Single-Factor Authentication to the List of Bad Practices
If you have kids with mobile devices, create a central home charging station in your bedroom. Before the kids go to bed at night, have them put their mobile devices there so they are not tempted to play with them when they should be sleeping.Read More Kids and Mobile Devices
Organizations are under tremendous pressure to deliver innovative products and stick to tight release timelines. To keep up with the rapid release schedule, engineering teams are adopting the DevOps model for its increased efficiency and agility. It ha…Read More Overcome the Security and Compliance Challenges in DevSecOps
It’s official: Microsoft has announced that it will begin pushing the free Windows 11 upgrade to compatible PCs on October 5. The rollout will be phased, the company said in a blog post announcing the release date, beginning with new PCs, then moving on to other eligible devices based on, it said, ” intelligence models […]
The post Windows 11 release date announced; no Android app support at launch first appeared on IT World Canada.Read More Windows 11 release date announced; no Android app support at launch
The notorious Ragnarok ransomware gang appears to have abruptly closed its operations and entered retirement, releasing a universal decryption key for its past victims.
Read more in my article on the Hot for Security blog.Read More Ragnarok ransomware gang shuts down, universal decryption key released
Soft skills are just as important, if not more so, than technical skills in cybersecurity professionals. People with soft skills can be trained in tech skills, expert says.Read More Don’t forget to evaluate soft skills when hiring for cybersecurity positions
ESET’s cybersecurity expert Marc-Étienne Léveillé analyses in-depth the Quebec’s vaccine proof apps VaxiCode and VaxiCode Verif.
The post Flaw in the Quebec vaccine passport: analysis appeared first on WeLiveSecurity
Les chercheurs d’ESET expliquent les détails d’une faille découverte dans VaxiCode Vérif, l’application mobile permettant la vérification des preuves vaccinales québécoise
The post Faille dans la preuve vaccinale Québécoise : analyse appeared first on …
Recursion [noun]: see recursion.Read More Skimming the CREAM – recursive withdrawals loot $13M in cryptocash
Identity and access management is pushing application security past single-factor authentication (a password) and even multi-factor authentication to a risk management model says Ping Identity CEO.Read More Identity is replacing the password: What software developers and IT pros need to know
Andre Durand, Founder and CEO of Ping Identity, talks about out how identity and access management is changing software development and application security in this Dynamic Developer episode.Read More Ping Identity CEO explains how identity and access management is replacing the password
Tom Merritt tells us the things that are getting in the way of autonomous car adoption.Read More Top 5 autonomous car roadblocks
Tom Merritt tells us about the things that are getting in the way of autonomous car adoption.Read More Roadblocks to autonomous cars: Top 5
As small and medium businesses begin to re-open following the pandemic, it’s important to do so securely in order to protect customer’s payment card data. Too often, data breaches happen as a result of vulnerabilities that are entir…
Authentication sans password is already possible and solutions are on the market from companies like Ping Identity. With passwords passé, it’s time to make the leap to better security.Read More A passwordless future isn’t close–it’s here
The federal agency urges organizations to ditch the bad practice and instead use multi-factor authentication methods
The post Don’t use single‑factor authentication, warns CISA appeared first on WeLiveSecurity
Expert: Information management can also lead to a massive value proposition in being able to tap into governed data for business insights.Read More Data privacy, governance and insights are all important obligations for businesses
Coffee Briefings are timely deliveries of the latest ITWC headlines, interviews, and podcasts. Today’s Coffee Briefing is delivered by IT World Canada reporter Pragya Sehgal, with files from the rest of the editorial team! Missed last week’s Coffee Briefing? We’ve got you covered. What’s new this week Global logistics platform firm announces expansion in Canada […]Read More Coffee Briefing, August 31, 2021 – Global logistics platform firm expands in Canada; Apple’s News Partner Program; a podcast roundup; and more
Bringing together siloed data from all parts of the business is a huge challenge to IT departments when meeting compliance requirements.Read More Data compliance: “The world is still waking up to the challenges ahead,” expert says
Adapting to the evolving business landscape, organizations increasingly depend on Microsoft Endpoint Manager to enable hybrid work—where the endpoint is the new workplace.
The post Microsoft a Leader in 2021 Gartner® Magic Quadrant™ for Unified Endpoint Management Tools appeared first on Microsoft Security Blog.Read More Microsoft a Leader in 2021 Gartner® Magic Quadrant™ for Unified Endpoint Management Tools
The American Petroleum Institute (API) this month published the third edition of its pipeline cybersecurity standard, which focuses on managing cyber risks associated with industrial automation and control environments.
The Bad Practices catalog is a collection of practices that are considered to be “exceptionally risky” by the US Cybersecurity and Infrastructure Security Agency (CISA). The practices mentioned in the document are not to be used by organiza…Read More CISA Advises Users to Not Use Single-factor Authentication on Internet-exposed Systems
The Government of Canada accepted roughly 7,300 immigration applications over the established limit because of a vulnerability in the Canadian immigration online system. According to BleepingComputer, the hundreds of applications included documents bel…Read More Technical Flaw Led to Canada Accepting Thousands of Immigration Applications
The United States Cybersecurity and Infrastructure Security Agency (CISA) this week added single-factor authentication to its list of bad practices.
Apple is seeing growing internal criticism as employees realize the tools they’ve used to get things done throughout the pandemic can also be used to join together to fight for positive change. And Apple won’t be alone, as employees worldwide reach …Read More Apple HR needs listen to its own peeps
The DeFi platform (decentralized finance) Cream Finance confirmed yesterday a massive crypto theft. More exactly, hackers stole more than $29 million in cryptocurrency assets from the company. Patterns of the attack had been identified not less than ha…Read More Cream Finance Deprived of over $29 million in Cryptocurrency Assets
A group of academics has proposed a machine learning approach that uses authentic interactions between devices in Bluetooth networks as a foundation to handle device-to-device authentication reliably.
Called “Verification of Interaction Authenticity” (…
Late last year, the NSA declassified and released a redacted version of Lambros D. Callimahos’s Military Cryptanalytics, Part III. We just got most of the index. It’s hard to believe that there are any real secrets left in this 44-year-old …Read More More Military Cryptanalytics, Part III
Late last year, the NSA declassified and released a redacted version of Lambros D. Callimahos’s Military Cryptanalytics, Part III. We just got most of the index. It’s hard to believe that there are any real secrets left in this 44-year-old …Read More More Military Cryptanalytics, Part III
Well, that was different.Last night on my way home from a rare “In Real Life” meeting, I stopped at a McDonald’s to grab a quick Quarter Pounder. The manager got on the loudspeaker and told me they were already closed… at 7 p.m. It turns out his hea…Read More What’s going on with the ‘Great Resignation’?
In late June, Microsoft announced Windows 11, noted that the upcoming OS would have more stringent hardware requirements than Windows 10, and released a utility named PC Health Check to permit users to assess the upgrade readiness of their PCs. Just…Read More How to check if your PC can run Windows 11
Vaccination passports may facilitate the return to normalcy, but there are also concerns about what kinds of personal data they collect and how well they protect it. Here’s what you should know.
The post Vaccine passports: Is your personal data in safe…
Ransomware group retires and releases decryption key, China sets strict playtime for online video games, and Canadians may be able to take part in a battery lawsuit settlement. It’s all the tech news that’s trending right now, welcome to Hashtag Trending! It’s Tuesday, August 31, and I’m your host, Tom Li. Ransomware group Ragnarok has […]Read More Hashtag Trending August 31 – Hackers retire; China limits online game play-time; Canadian battery lawsuit settlement
Details have emerged about a now-patched security vulnerability impacting Microsoft Exchange Server that could be weaponized by an unauthenticated attacker to modify server configurations, thus leading to the disclosure of Personally Identifiable Infor…Read More New Microsoft Exchange ‘ProxyToken’ Flaw Lets Attackers Reconfigure Mailboxes
Microsoft is warning of a widespread credential phishing campaign that leverages open redirector links in email communications as a vector to trick users into visiting malicious websites while effectively bypassing security software.
Tripwire Configuration Manager is an easy-to-use service that allows you to monitor and enforce secure configuration policies across your multi-cloud environment. The Configuration Manager free trial allows users to experience the user interface and ev…Read More Getting Started with a Tripwire Configuration Manager Free Trial
Think your business is too small to get hacked? Think again.
The post What the Hack Episode Eight: Paul’s High-Touch Hacker appeared first on Adam Levin.Read More What the Hack Episode Eight: Paul’s High-Touch Hacker
Sault Ste. Marie force says 911 and online crime reporting services are OK. It isn’t known if police records have been affected
The post Northern Ontario police force recovering from ransomware attack first appeared on IT World Canada.Read More Northern Ontario police force recovering from ransomware attack
Montreal-based web hosting provider Web Hosting Canada (WHC) has revealed the cause of this weekend’s major outage. In a blog post, founder and chief executive officer Emil Falcon said that the issue was caused by unauthorized activity by a third-party service provider. “Based on our investigation to date, the morning of August 28 at approximately […]Read More Web Hosting Canada reveals cause of outage
Unless you live in a remote part of the country, chances are there’s at least one digital sign within a block of where you live. Digital signs are everywhere now, and the market around them is projected to rise to $32B by 2026 from $17.23B in 2018. The industry around digital signs has definite momentum […]
The post Don’t look now, but here comes the future of digital signage first appeared on IT World Canada.Read More Don’t look now, but here comes the future of digital signage
Although legacy systems may be essential pieces of infrastructure, their maintenance comes at a cost. They are generally complex and by design do not always interact easily with other other technologies. This leaves companies with a multilayered “patchwork” architecture. Businesses are slowly but certainly moving through the pandemic. But a tipping point has appeared. The […]
The post Moving past legacy technologies in a digital new world first appeared on IT World Canada.Read More Moving past legacy technologies in a digital new world
DoD and DIB suppliers—see how Microsoft can give your business a competitive edge toward CMMC compliance.Read More How to prepare for CMMC compliance as a defense industrial base supplier using the Microsoft cloud
When it comes to the future of Apple, it may be significant that reports this weekend claim CEO Tim Cook is now searching for a successor. But for the immediate future of your business, it may be even more important to learn that the iPhone 13 may s…Read More Analyst: iPhone 13 may be a satellite phone
I got an email the other day, and it was nearly impossible for me to tell at first whether it was legitimate. Given that some vulnerabilities can gain access to your system if you merely preview an email in Outlook, I get nervous. But I do need to d…Read More Triggered by email? Some thoughts on how to stay safe
Montreal-based service provider Web Hosting Canada has still not explained the cause of a major incident Saturday that took customers on eleven of its servers offline, with the loss of data on five of the machines. Only two of the servers have so far returned to service. As of Monday morning the company was not […]
The post Outage and data loss at Web Hosting Canada still unexplained first appeared on IT World Canada.Read More Outage and data loss at Web Hosting Canada still unexplained
Hackers allegedly accessed QR codes of provincial politicians, while a programmer was able to create a QR code for a fake person
The post Holes in Quebec’s vaccine passport app show need for tougher data authentication: Expert first appeared on IT World Canada.Read More Holes in Quebec’s vaccine passport app show need for tougher data authentication: Expert
Simple Mail Transfer Protocol or SMTP has easily exploitable security loopholes. Email routing protocols were designed in a time when cryptographic technology was at a nascent stage (e.g., the de-facto protocol for email transfer, SMTP, is nearly 40 ye…Read More How Does MTA-STS Improve Your Email Security?
Today’s podcast reports on how a new ransomware strain tries to evade detection, a ransomware gang closes, a warning for Azure Cosmos administrators and moreRead More Cyber Security Today, Aug. 30, 2021 – A new ransomware strain with a trick, a warning for Azure Cosmos administrators and more on the T-Mobile hack
Robert Chesney wrote up the Solar Winds story as a case study, and it’s a really good summary.Read More Excellent Write-up of the SolarWinds Security Breach
Windows Hello is a biometrics-based technology that enables Windows 10 users (and those who update to Windows 11) to authenticate secure access to their devices, apps, online services and networks with just a fingerprint, iris scan or facial recogni…Read More What is Windows Hello? Microsoft’s biometrics security system explained
Storage maker downgrades popular SSD, Microsoft slightly quietly loosens Windows 11 installation requirements, and Microsoft is also ending Office suite for Chromebooks. It’s all the tech news that’s trending right now, welcome to Hashtag Trending! It’s Monday, August 30, and I’m your host, Tom Li. Western Digital, one of the largest PC storage makers in […]Read More Hashtag Trending August 30 – Hashtag Trending August 30 – SSD downgrade; Windows 11 on older PCs; Microsoft ends Office app for Chromebooks
Cybercrime is one of the most significant threats facing companies today. With the average cost of a data breach reaching an all-time high of $4.24 million, the business case for cybersecurity has never been stronger. Still, some businesses seem to mis…Read More Failing to Meet Cybersecurity Standards Can Have Legal Consequences for Companies
Vulnerability Assessment and Penetration Testing (VAPT) procedures are renowned in the cybersecurity industry for their holistic role. The ethical hacking environment designed during a pentesting procedure reveals a lot of information about the system’s response to an attack. It reveals the maximum number of vulnerabilities and incident response details about the networks, systems, and applications. […]
The post 5 Compliance Requirements a Pentesting Helps to Achieve appeared first on CyberDB.Read More 5 Compliance Requirements a Pentesting Helps to Achieve
Not all heroes wear capes. Cybersecurity professionals are digital warriors who use their knowledge and skill to battle malicious hackers.
Sounds like an exciting career, right?
If the comic-book comparisons aren’t working for you, perhaps some figur…
A new ransomware family that emerged last month comes with its own bag of tricks to bypass ransomware protection by leveraging a novel technique called “intermittent encryption.”
Called LockFile, the operators of the ransomware have been found exploiti…
Google and Microsoft said they are pledging to invest a total of $30 billion in cybersecurity advancements over the next five years, as the U.S. government partners with private sector companies to address threats facing the country in the wake of a st…Read More Microsoft, Google to Invest $30 Billion in Cybersecurity Over Next 5 Years
When the Institute for Security & Technology’s Ransomware Task Force published its report on combatting ransomware this spring, the Colonial Pipeline, JBS meatpacking and Kaseya VSA attacks were still around the corner. Nevertheless, the report took the danger presented by ransomware to both businesses and global security for granted. Already in 2020, according to the […]
The post NIST’s ransomware guidelines look a lot like cyber resilience appeared first on Webroot Blog.Read More NIST’s ransomware guidelines look a lot like cyber resilience
As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.
Read my blog posting guidelines here.
This episode features discussion about a configuration issue in Microsoft Power Apps, the latest business email compromise and how to stop ransomware
The post Cyber Security Today, Week in Review for Friday Aug. 27, 2021 first appeared on IT World Canada.Read More Cyber Security Today, Week in Review for Friday Aug. 27, 2021
The buggy code’s in there, alright. Fortunately, it’s hard to get OpenSSL to use it even if you want to, which mitigates the risk.Read More Big bad decryption bug in OpenSSL – but no cause for alarm
What the Hack hosts Adam Levin, Beau Friedlander and Travis Taylor were guests on the ScamWow podcast with Caitlin Brodnick. While the primary topic of discussion was catfishing, the episode ranged across a wide variety of scams and tips and advice for…Read More What the Hack Team Featured on ScamWow Podcast
Developers are debating Apple’s statement of clarification around the App Store in resolution of a class action suit brought against it by developers in 2019. Some say the announcements don’t go far enough, but others welcome its slightly more open …Read More Developers, regulators say Apple’s App Store changes don’t do enough
Disclosure: Microsoft and Qualcomm are clients of the author.With the pandemic now in its latest wave, it is increasingly looking as if Covid-19 (and whatever comes after) will be part of our lives from now on. Companies think they will get most wor…Read More Could Windows 365 and Starlink (or 5G) underpin the future of work?
ESET research discovers SideWalk backdoor – Why data breach costs have never been higher – 620,000 personal pictures stolen from iCloud accounts
The post Week in security with Tony Anscombe appeared first on WeLiveSecurity
Seems that 47 million customers were affected. Surprising no one, T-Mobile had awful security.
I’ve lost count of how many times T-Mobile has been hacked.
This morning’s podcast looks at the latest COVID-19 phishing scam and a report on the importance of patching SSL VPNsRead More Cyber Security Today, Aug. 27, 2021 – Alleged T-Mobile hacker comes forward, a COVID-19 vaccination form scam, and more
When I was a student, back in the days before the internet, guidance counselors and journalism teachers regularly coached me about the importance of creating a résumé that would stand out from the pack.Much of that advice would not only be useless t…Read More Don’t let robot gatekeepers block your résumé
AI-powered transcription firm Otter.ai’s Otter Assistant, a tool that can automatically join calendared video meetings on a user’s behalf, expanded its reach beyond Zoom this week. It now works with Microsoft Teams, Google Meet and Cisco Webex.Avail…Read More Otter.ai expands reach of Otter Assistant for video chats
These days, mobile data is money — and if you don’t optimize your phone to handle it intelligently, you’re throwing dollars down the drain.After all, whether you have a plan with a monthly data cap or a setup where you’re billed for the data you use…Read More 13 easy ways to cut back on data use in Android
It might be tempting to blame the record-high costs of data breaches on the COVID-19 pandemic alone. But dig deeper and a more nuanced picture emerges.
The post Beyond the pandemic: Why are data breach costs at an all‑time high? appeared first o…
U.S. technology firm Kaseya has released security patches to address two zero-day vulnerabilities affecting its Unitrends enterprise backup and continuity solution that could result in privilege escalation and authenticated remote code execution.
Hashtag Trending August 27 – Reddit’s vax misinformation pushback; Google remains Safari’s default search engine; new EU crypto lawsRead More Hashtag Trending August 27 – Reddit’s vax misinformation pushback; Google remains Safari’s default search engine; new EU crypto laws
Cloud infrastructure security company Wiz on Thursday revealed details of a now-fixed Azure Cosmos database vulnerability that could have been potentially exploited to grant any Azure user full admin access to other customers’ database instances withou…Read More Critical Cosmos Database Flaw Affected Thousands of Microsoft Azure Customers
Enterprise security and network appliance vendor F5 has released patches for more than two dozen security vulnerabilities affecting multiple versions of BIG-IP and BIG-IQ devices that could potentially allow an attacker to perform a wide range of malic…Read More F5 Releases Critical Security Patch for BIG-IP and BIG-IQ Devices
A really brief intro as this is my last key strokes before going properly off the grid for the next week (like really off the grid, middle of nowhere style). Lots of little things this week, hoping next week will be the big “hey, Pwned Passwords just passed 1Read More Weekly Update 258
Botnets pose a powerful risk to individuals, enterprises, and government institutions. Here’s what you need to know.Read More Botnets: What are They and Why do They Matter?
The University of Toronto Trash Team is using satellite technology to understand the movement of plastic trash in the Toronto Harbour. Phase one of the project closes at the end of August and its goal is to understand how Toronto can solve its plastic pollution problems by finding out more about local waste sources. Earlier […]
The post University of Toronto Trash Team tracking pathways of plastic trash with satellite technology first appeared on IT World Canada.Read More University of Toronto Trash Team tracking pathways of plastic trash with satellite technology
Whether you’re trying to find the name of a catchy tune that’s picking at your brain, looking for the latest information on the topics you need to understand, or just looking for a new recipe for dinner, being a good web searcher in today’s workplace is a must. Here are some quick and easy tips […]
The post Three Tips and Tricks to become a better Web Searcher first appeared on IT World Canada.Read More Three Tips and Tricks to become a better Web Searcher
Latest episode – listen now!Read More S3 Ep47: Daylight robbery, spaghetti trouble, and mousetastic superpowers [Podcast]
Posted by Eric Brewer and Dan LorencYesterday, we were honored to participate in President Biden’s White House Cyber Security Summit where we shared recommendations to advance the administration’s cybersecurity agenda. This included our commitment to i…Read More Updates on our continued collaboration with NIST to secure the Software Supply Chain
Feature Image: Team Canada’s softball team at Tokyo. Source: Sue Ogrocki/AP With hard work, determination, and help from SAS, Team Canada’s Olympic women’s softball team made it to the podium at the Tokyo Games. Canada’s women’s softball team partnered with SAS to use data and analytics to analyze players’ tactics, a collaboration that resulted in […]Read More Canada’s Olympic softball team partners with SAS
Microsoft has been actively tracking a widespread credential phishing campaign using open redirector links, which allow attackers to use a URL in a trusted domain and embed the eventual final malicious URL as a parameter.
The post Widespread credential phishing campaign abuses open redirector links appeared first on Microsoft Security Blog.Read More Widespread credential phishing campaign abuses open redirector links
The man was after sexually explicit photos and videos that he would then share online or store in his own collection
The post Man impersonates Apple support, steals 620,000 photos from iCloud accounts appeared first on WeLiveSecurity
Supply chains are vulnerable to cyberattack and for the good of your business, it’s time to move to secure them as best you can, according to Apple and the White House.Apple to secure the tech supply chain
That’s one item of news to emerge following…
A panel on the costs of giving into ransomware says there’s one good way to blunt attacks. But, they add, a lot of planning has to be done first. Read why
The post Ban ransomware payments, experts urge — but first plan for the consequences first appeared on IT World Canada.Read More Ban ransomware payments, experts urge — but first plan for the consequences
When it comes to Google’s Android 12 update, most of our attention has revolved around the interesting improvements the software’s set to deliver. After all, from privacy enhancements to the surface-level interface progressions and the numerous smal…Read More Is Android 12 about to pop Google’s Bubbles?
Today I discuss an attack vector conducive to cross-organizational spread, in-home local propagation. Though often overlooked, this vector is especially relevant today, as many corporate employees remain working from home.
In this post, I contrast in-h…
The government says an overhaul will boost growth and increase trade – but it must be careful not to go too farThe government has announced plans to reshape the UK’s data laws such as GDPR requirements in an effort, it claims, to boost growth and incre…Read More What is GDPR and why does the UK want to reshape its data laws?
The FBI has published a warning about a ransomware gang called the OnePercent Group, which has been attacking US companies since November 2020.
Read more in my article on the Tripwire State of Security blog.Read More FBI warns of OnePercent ransomware gang – what you need to know
What’s happened? The FBI has published a warning about a ransomware gang called the OnePercent Group, which has been attacking U.S. companies since November 2020. How are companies being attacked by the OnePercent gang? The gang emails targeted i…Read More FBI warns of OnePercent ransomware gang – what you need to know
If you plug a Razer peripheral (mouse or keyboard, I think) into a Windows 10 or 11 machine, you can use a vulnerability in the Razer Synapse software — which automatically downloads — to gain SYSTEM privileges.
It should be noted that this…
Since 2008, the CIS Controls have been through many iterations of refinement and improvement, leading up to what we are presented with today in CIS Controls version 8. CIS Controls reflect the combined knowledge of experts from every part of the ecosys…Read More CIS Control 1: Inventory and Control of Enterprise Assets
A bug unravels 3D printer security, cryptocurrency sites can’t stop getting hacked, and hear our special guest spill a cup of tea while inhabiting his wife’s knicker drawer.
All this and much more can be found in the latest edition of the award-winn…Read More Smashing Security podcast #240: 3D printer hijacks, crypto fails, and a tech billionaire’s revenge
Trello is a collaborative work management app designed to track team projects, highlight tasks underway, show who they are assigned to, and detail progress towards completion.At its core, Trello relies on the principles of Kanban project boards to …Read More What is Trello? A guide to Atlassian’s collaboration and work management tool
When employees were asked to work from home at the start of the COVID-19 pandemic, some people struggled to adapt. Isolated from colleagues and lacking the structure of office life, it felt like it would be a long, tiring wait until working life returned to normal. But in the year and a half since, we have come to accept that remote working is here to stay – although perhaps not quite as prescriptively as before. A report published by Microsoft Surface and YouGov found that 87% of organisations have adopted hybrid working, in which employees divide their work time betweenRead More The compliance challenges of hybrid working
Forget watercooler conspiracies or boardroom battles. There’s a new war in the office. As companies nudge their staff to return to communal workspaces, many workers don’t actually want to – more than 50 percent of employees would rather quit, according…Read More New Passwordless Verification API Uses SIM Security for Zero Trust Remote Access