Threat Level as of JANUARY 2021

For JANUARY 2021, the Cyber Threat Alert Level has has been evaluated and because of COVID-19 Pandemic, has remained in the "GUARDED" security levels.
Organizations and users are advised to update and apply all appropriate vendor security patches to vulnerable systems and to continue to update their antivirus signatures daily. Another line of defense includes user awareness training regarding the threats posed by attachments and hypertext links contained in emails especially from un-trusted sources.




Want to see the true potential impact of ignoring social distancing? Through a partnership with @xmodesocial, we analyzed secondary locations of anonymized mobile devices that were active at a single Ft. Lauderdale beach during spring break. This is where they went across the US: pic.twitter.com/3A3ePn9Vin
— Tectonix GEO (@TectonixGEO) March 25, 2020
"Knowledge about your enemies will help you win. Thus, treat threat intelligence with the respect it deserves and use it to protect your organization from all the relevant adversaries."
- How to Collect, Refine, Utilize and Create Threat Intelligence, October 2016, Gartner
Are you living in a SMART HOME?
SMART HOMES based on the IoT (Internet of Things - Amazon Alexa, Google Siri, Ring Doorbell etc) provide comfort & convenient management of our complicated life, however, SMART HOMES are also the largest threat to our privacy and risk of identity theft --
Threats with IoTs
- 5 Undeniable Reasons To Prioritize Enterprise IoT Security December 31, 2019The “Internet of Things” (IoT) is already a part of the enterprise, whether cyber security administrators are ready or not. Cyber Security Hub developed a market report that uncovers five reasons why...
- 5 Reasons IoT Security Is Becoming A Priority December 26, 2019The IoT network is projected to skyrocket in the coming years. Its device count could exceed 20 billion by 2020. This report aims to synthesize various aspects of the IoT platform with five useful tip...
- IoT Device Deployments Are Outpacing IoT Security Measures July 26, 2019Devices powering the Internet of Things (IoT) are everywhere. Yet, the most problematic concern about this technology is its security. IoT devices are known to be highly vulnerable to cyber attacks. P...
- NIST Releases IoT Cyber Security And Privacy Risks Report June 27, 2019There are many enterprises already reaping the benefits of leveraging the Internet of Things (IoT) technology and devices, however as Bain & Company reports, “The IoT could be growing even faster with...
- The Ethics Of The IoT: Are Engineers Failing To Speak Up? June 26, 2019It’s easy to be complacent and give in to breach fatigue as each passing week brings a new cyber security breach, but engineers working on IoT projects are ethically bound to raise legitimate concerns...
- Industrial IoT Concerns Worsen As More Devices Connect To The Web February 27, 2019IIoT is a growing platform that could spell true danger. IoT devices managing critical infrastructure may leave organizations vulnerable in the coming years as threat actors prey on any and every netw...
- IoT Devices At Forefront Of Cyber Security Efforts October 30, 2018One Forbes Tech Council cyber theme references IoT device security, a “hot-button” issue that will also be incorporated in the upcoming Cyber Security Digital Summit. Here's a look at the changing IoT...
- Top 5 Security Initiatives Include IIoT, ML & Extensive Research October 30, 2018Many CISOs are thinking about laborious shifts and resource-heavy decisions well in advance. Here, we aim to help light the path, providing security practitioners a look at some of the most sweeping i...
- IoT Spending Predicted To Rise While Industry Calls For Regulations August 1, 2018IoT has felt a meteoric surge within the enterprise. Connected devices are gathering, en masse, within organizations, posing new security threats. Spending in the space is projected to grow by a large...
- ‘The New Normal’: Security Concerns Around IoT Inundation June 18, 2018Digitalization is driving rapid change in the technology space. This transformation is fed by the unprecedented expansion of the Internet of Things (IoT) network. Here's a look.
IoT For All
- The World of AI: How It Works & What It Does April 9, 2021The post The World of AI: How It Works & What It Does appeared first on IoT For All From machine learning to deep learning, catch up on the world of artificial intelligence and how it will be used in the future. The post The World of AI: How It Works & What It Does […]
- Survey Drones: Rethinking the Construction Industry April 9, 2021The post Survey Drones: Rethinking the Construction Industry appeared first on IoT For All IoT-enabled Survey Drones are creating new opportunities for enhanced monitoring and processes in the construction industry. The post Survey Drones: Rethinking the Construction Industry appeared first on IoT For All.
- 5 Strategies for Running a Successful IoT Project April 9, 2021The post 5 Strategies for Running a Successful IoT Project appeared first on IoT For All Discover the top 5 strategies for running a successful IoT project. The post 5 Strategies for Running a Successful IoT Project appeared first on IoT For All.
- Future Role of Artificial Intelligence in Logistics and Transportation April 8, 2021The post Future Role of Artificial Intelligence in Logistics and Transportation appeared first on IoT For All AI-powered systems will enable better customer experiences, improved fleet management, and better overall business margins in the transportation sector. The post Future Role of Artificial Intelligence in Logistics and Transportation appeared first on IoT For All.
- Here’s Why The Public Cloud Is Changing Innovation April 8, 2021The post Here’s Why The Public Cloud Is Changing Innovation appeared first on IoT For All Today, we are living in the golden age of innovation due to the great technological computing resources available in the public cloud. The post Here’s Why The Public Cloud Is Changing Innovation appeared first on IoT For All.
NIST National Vulnerabilty Database
Search the NIST database for a known vulnerability now ---
National Vulnerability Database
- CVE-2021-20691 (yomi-search) April 7, 2021Cross-site scripting vulnerability in Yomi-Search Ver4.22 allows remote attackers to inject an arbitrary script via unspecified vectors.
- CVE-2021-20690 (yomi-search) April 7, 2021Cross-site scripting vulnerability in Yomi-Search Ver4.22 allows remote attackers to inject an arbitrary script via unspecified vectors.
- CVE-2021-20687 (kagemai) April 7, 2021Cross-site request forgery (CSRF) vulnerability in Kagemai 0.8.8 allows remote attackers to hijack the authentication of administrators via unspecified vectors.
- CVE-2021-20689 (yomi-search) April 7, 2021Cross-site scripting vulnerability in Yomi-Search Ver4.22 allows remote attackers to inject an arbitrary script via unspecified vectors.
- CVE-2021-20685 (kagemai) April 7, 2021Cross-site scripting vulnerability in Kagemai 0.8.8 allows remote attackers to inject an arbitrary script via unspecified vectors.
- CVE-2021-20686 (kagemai) April 7, 2021Cross-site scripting vulnerability in Kagemai 0.8.8 allows remote attackers to inject an arbitrary script via unspecified vectors.
- CVE-2020-13421 (openiam) April 6, 2021OpenIAM before 4.2.0.3 has Incorrect Access Control for the Create User, Modify User Permissions, and Password Reset actions.
- CVE-2020-13420 (openiam) April 6, 2021OpenIAM before 4.2.0.3 allows remote attackers to execute arbitrary code via Groovy Script.
- CVE-2020-13422 (openiam) April 6, 2021OpenIAM before 4.2.0.3 does not verify if a user has permissions to perform /webconsole/rest/api/* administrative actions.
- CVE-2020-13419 (openiam) April 6, 2021OpenIAM before 4.2.0.3 allows Directory Traversal in the Batch task.
National Vulnerability Database
- CVE-2021-20020 April 10, 2021A command execution vulnerability in SonicWall GMS 9.3 allows a remote unauthenticated attacker to locally escalate privilege to root.
- CVE-2021-30480 April 9, 2021Zoom Chat through 2021-04-09 on Windows and macOS allows certain remote authenticated attackers to execute arbitrary code without user interaction. An attacker must be within the same organization, or an external party who has been accepted as a contact. NOTE: this is specific to the Zoom Chat software, which is different from the chat feature […]
- CVE-2021-21195 April 9, 2021Use after free in V8 in Google Chrome prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2021-21196 April 9, 2021Heap buffer overflow in TabStrip in Google Chrome on Windows prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2021-21197 April 9, 2021Heap buffer overflow in TabStrip in Google Chrome prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2021-21198 April 9, 2021Out of bounds read in IPC in Google Chrome prior to 89.0.4389.114 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
- CVE-2021-21194 April 9, 2021Use after free in screen sharing in Google Chrome prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2021-21199 April 9, 2021Use after free in Aura in Google Chrome on Linux prior to 89.0.4389.114 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.
- CVE-2021-25373 April 9, 2021Using unsafe PendingIntent in Customization Service prior to version 2.2.02.1 in Android O(8.x), 2.4.03.0 in Android P(9.0), 2.7.02.1 in Android Q(10.0) and 2.9.01.1 in Android R(11.0) allows local attackers to perform unauthorized action without permission via hijacking the PendingIntent.
- CVE-2021-25374 April 9, 2021An improper authorization vulnerability in Samsung Members "samsungrewards" scheme for deeplink in versions 2.4.83.9 in Android O(8.1) and below, and 3.9.00.9 in Android P(9.0) and above allows remote attackers to access a user data related with Samsung Account.
Tenable Product Security Advisories
- [R1] Nessus Agent 8.2.4 Fixes Multiple Vulnerabilities April 7, 2021Nessus Agent leverages third-party software to help provide underlying functionality. Two separate third-party components (OpenSSL and sqlite) were found to contain vulnerabilities, and updated versions have been made available by the providers. Out of caution and in line with good practice, Tenable opted to upgrade the bundled libraries to address the potential impact of these […]
- [R1] Nessus 8.14.0 Fixes One Vulnerability April 5, 2021Nessus versions 8.13.2 and earlier were found to contain a privilege escalation vulnerability which could allow a Nessus administrator user to upload a specially crafted file that could lead to gaining administrator privileges on the Nessus host.
- [R1] Tenable.sc 5.18.0 Fixes One Third-party Vulnerability March 31, 2021Tenable.sc leverages third-party software to help provide underlying functionality. One of the third-party components (OpenSSL) was found to contain vulnerabilities, and updated versions have been made available by the providers. Out of caution and in line with good practice, Tenable opted to upgrade the bundled OpenSSL components to address the potential impact of these issues. […]
- [R1] Nessus 8.13.2 Fixes Multiple Third-party Vulnerabilities March 31, 2021Nessus leverages third-party software to help provide underlying functionality. One of the third-party components (OpenSSL) was found to contain vulnerabilities, and updated versions have been made available by the providers. Out of caution and in line with good practice, Tenable opted to upgrade the bundled OpenSSL components to address the potential impact of these issues. […]
- [R1] Nessus Agent 8.2.3 Fixes Multiple Vulnerabilities March 17, 2021Nessus Agent versions 7.2.0 through 8.2.2 were found to inadvertently capture the IAM role security token on the local host during initial linking of the Nessus Agent when installed on an Amazon EC2 instance. This could allow a privileged attacker to obtain the token. Additionally, one third-party component (OpenSSL) was found to contain vulnerabilities, and […]
- [R2] Stand-alone Security Patches Available for Tenable.sc versions 5.13.0 to 5.17.0 March 1, 2021Tenable.sc and Tenable.sc Core versions 5.13.0 through 5.17.0 were found to contain a vulnerability that could allow an authenticated, unprivileged user to perform Remote Code Execution (RCE) on the Tenable.sc server via Hypertext Preprocessor unserialization. Additionally, one third-party component (OpenSSL) was found to contain vulnerabilities, and updated versions have been made available by the providers. […]
- [R1] Nessus Network Monitor 5.13.0 Fixes One Third-party Vulnerability February 16, 2021Nessus Network Monitor leverages third-party software to help provide underlying functionality. One of the third-party components (jQuery) was found to contain vulnerabilities, and updated versions have been made available by the providers. Out of caution and in line with good practice, Tenable opted to upgrade the bundled jQuery components to address the potential impact of […]
- [R1] Nessus AMI 8.13.1 Fixes One Vulnerability February 2, 2021Nessus AMI versions 8.12.0 and earlier were found to either not validate, or incorrectly validate, a certificate which could allow an attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack.
- [R1] Tenable.sc 5.17.0 Fixes Multiple Vulnerabilities December 21, 2020Tenable.sc leverages third-party software to help provide underlying functionality. Two separate third-party components (jQuery and OpenSSL) were found to contain vulnerabilities, and updated versions have been made available by the providers. Out of caution and in line with good practice, Tenable opted to upgrade the bundled libraries to address the potential impact of these issues. […]
- [R1] Nessus 8.13.1 Fixes Multiple Vulnerabilities December 17, 2020Nessus leverages third-party software to help provide underlying functionality. One third-party component (OpenSSL) was found to contain vulnerabilities, and updated versions have been made available by the providers. Out of caution and in line with good practice, Tenable opted to upgrade the bundled libraries to address the potential impact of these issues. Nessus version 8.13.1 […]
The State of Security
- Digging Into the Third Zero-Day Chrome Flaw of 2021 April 9, 2021Hidden deep in Google’s release notes for the new version of Chrome that shipped on March 1 is a fix for an “object lifecycle issue.” Or, for the less technically inclined, a major bug. Bugs like these have been common in Chrome, leading some to wonder whether the world’s most popular web browser is as […]
- Integrity: How It’s More than Just Data Security and FIM April 8, 2021Integrity is a word thrown around a lot in the cybersecurity space. That’s not surprising. It is one of the three components that make up the CIA Triad, after all. However, the meaning and use of the word has been relatively limited in many security circles up until now. Let’s take a look at the […]
- A new headache for ransomware-hit companies. Extortionists emailing your customers April 7, 2021Cybercriminal extortionists have adopted a new tactic to apply even more pressure on their corporate victims: contacting the victims’ customers, and asking them to demand a ransom is paid to protect their own privacy. At the end of March, Bleeping Computer reported that the Clop ransomware gang had not stopped at threatening hacked companies and […]
- Managing Your Assets with Tripwire Enterprise April 7, 2021Asset management is a tricky subject. In many cases, organizations have no idea about how many assets they have, let alone where they are all located. Fortunately, there are tools that can assist with reaching your asset management goals. While Tripwire Enterprise (TE) is great for detecting unauthorized changes on your system and also for ensuring your […]
- 3 Best Practices for Building Secure Container Images April 6, 2021Organizations are increasingly turning to containers to fuel their digital transformations. According to BMC, a 2019 survey found that more than 87% of respondents were running containers—up from 55% just two years earlier. Additionally, 90% of survey participants that were running applications in containers were doing so in production. That was up from 84% in […]
- Industrial IoT Needs to Catch Up to Consumer IoT April 6, 2021When it comes to cybersecurity, industrial IT—consisting mainly of operational technology (OT) and industrial control systems (ICS)—has failed to keep up with development in the enterprise IT world. That’s mostly because industries’ adoption of internet technology has been slower when compared with enterprises. It would take some time to close the gap, but concerted efforts […]
- Federal agencies given five days to find hacked Exchange servers April 1, 2021CISA, the US Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, has told federal agencies that they have until 12:00pm EDT on Monday April 5 to scan their networks for evidence of intrusion by malicious actors, and report back the results. CISA is ordering agencies with on-premises Microsoft Exchange servers to urgently conduct the […]
- Report: USB threats to ICS systems have nearly doubled April 1, 2021The latest Honeywell USB Threat Report 2020 indicates that the number of threats specifically targeting Operational Technology systems has nearly doubled from 16% to 28%, while the number of threats capable of disrupting those systems rose from 26% to 59% over the same period. Let’s face it. Critical infrastructure operators in manufacturing, aerospace, energy, shipping, […]
- Integrity – It’s a Matter of Trust April 1, 2021When you think of the cybersecurity “CIA” triad of Confidentiality, Integrity, and Availability, which one of those is most important to your organization? From a privacy standpoint, confidentiality reigns supreme. Confidentiality is so important that it is codified into many of the cyber regulations of recent years, most notably the California Consumer Privacy Act (CCPA), as […]
- Role of Encryption in GDPR Compliance March 31, 2021Encryption has been a hot topic of discussion during the implementation phase of most data privacy laws. In the age where organizations are dealing with large volumes of data each day, the protection of this sensitive data is critical. The data, which is seen as a business-critical asset for organizations, should be protected against malicious […]
Attacks!
- Another Cyber Attack Affecting Water Supply April 9, 2021Ellsworth, Kansas experienced a cyber security breach that threatened drinking water safety. The hacker remotely accessed one of a Post Rock Water District computer to shut down the cleaning and disin...
- 2021 Top Breaches: Part I April 2, 2021Q1, 2021 saw the fallout from the Solarigate which of course began last year as well as the gargantuan Microsoft Exchange incident. Not to be outdone, nation state actors also showcased real world aff...
- IOTW: Hackers Prove Modern-Day Security Firm Is Anything But March 26, 2021The breach highlights the irony of a security company leveling-up the industry by going hi-tech, utilizing IoT and ML technologies doing anything but, by losing 150,000 of its live-feed security camer...
- IOTW: A Massive Zero-Day Attack On Microsoft Exchange Users March 12, 2021It appears that a number of other state-sponsored and rogue hacking groups were tipped off to the vulnerability. Several additional hacking groups have recently been identified as taking advantage of...
- IOTW: China Possibly To Blame For India’s 2020 Power Outage As Cyber Warfare Inc... March 5, 2021India is taking extra measures to keep threat actors out of its infrastructure including strengthening firewalls, blacklisting additional IP addresses, and utilizing antivirus software. Cyber attacks...
- IOTW: The U.S. Department Of Justice Takes A Stand Against North Korean Hackers March 4, 2021The indictment serves as evidence that the United States is increasingly willing to punish cybercriminal actors; a move that was previously reserved for government hacks. Included in the indictment is...
- IOTW: End-Of-Life Third Party Software Responsible For Singtel Hack February 22, 2021Bank account information was stolen from 28 former employees. A few dozen credit card numbers belonging to staff members of a Singtel corporate customer and information from 23 related enterprises wer...
- IOTW: A Thwarted Poisoning Attempt In A Small Florida County Serves As A Warning... February 12, 2021The hack itself was unsophisticated in nature, but it exemplifies a big-picture problem that has concerned cyber security experts for years: internet accessible operational technology (OT). That conce...
- IOTW: Another Solarigate Target Identified by Microsoft February 11, 2021Microsoft’s investigation into Solarigate, has identified yet another victim. Mimecast is a cloud-based email management system that incorporates security, archiving, and other services into the Offic...
- Think Like A 2021 Cyber Security Attacker February 11, 2021Threats now breach and move laterally through software updates while the cyber security infrastructure perimeter continues to exponentially expand with new cloud-based tools to serve a distributed wor...
Network Threats
- 100% Zero Trust: Protecting & Enabling The New Workplace In 2021 And Beyond January 25, 2021Well before 2020, CEOs were facing unprecedented challenges as they led their companies into the digital era—an era that would shake up business models, change the workforce, and test an organis...
- Real-Time Change In Incident Management May 24, 2020Jim Brady discusses real-time change in incident management. His extensive experience in a multitude of security roles throughout his career means he has seen a lot of changes in the healthcare cyber...
- Risk Management Implications From Shadow IT Behavior April 20, 2020This CS Hub report addresses some of the shadow IT risk management challenges today’s organizations face. It includes references to some, but not all, cyber security solution types that should be incl...
- Managing Security In the Ever-Changing Remote Workplace April 15, 2020In the immediate shift to remote work during the impact of COVID-19, many organizations adopted modern technologies like video conferencing systems, shared drives, or an improved VPN infrastructure so...
- Mitigating Risks From Shadow IT April 15, 2020Though shadow IT is not a new phenomenon, it can still be risky business. Moreover, current world events may be fueling a new wave of shadow IT. Most employees don't consider themselves an insider th...
- How to Manage Ransomware Attacks Against Your Remote Workforce April 7, 2020Your organization may be adjusting to the new normal of working from home, but threat actors are always poised to identify new security vulnerabilities and take advantage of the vulnerabilities that r...
- Diagnosing Disaster: How To Recover From An Attack December 26, 2019This report on incident response and recovery offers pivoting strategies and identifies top internal and external challenges for security teams.
- Matching Your Investment To Security Outcomes: Incident Detection & Response Don... September 4, 2019What is the value of your organization's data and assets to an attacker? To have a truly robust cyber defense plan, it is critical that organizations recognize their desired outcomes while dedicating...
- Incident Of The Week: Historic Capital One Hack Reaches 100 Million Customers Af... August 2, 2019A closer look at what happened in the Capital One mega-breach, the kinds of data compromised, and the financial services organization’s response in the CShub Incident Of The Week.
- Incident Of The Week: 4 Million Bulgarian Citizens Affected By Tax Agency Data B... July 26, 2019More than 4 million of Bulgaria’s 7 million citizens were affected by a security breach in June 2019, which compromised personally-identifiable data and financial records lifted from the country’s tax...
Mobile Device Threats
- Security Standards For 5G March 24, 2020Gartner predicts that the 5G enterprise IoT endpoint installed base will more than triple between 2020 and 2021, from 3.5 million units in 2020 to 11.4 million units in 2021. By 2023, the enterprise 5...
- RSAC2020: IoT Is Officially Part Of Enterprise Mobility March 6, 2020Risk that comes from mobile and IoT devices must be factored into the enterprise security program. Security leaders need to be looking at those risks holistically and strategically, rather than operat...
- Email Phishing Overshadows Risk Of Mobile Malware January 2, 2020Like the mobile device’s counterpart, workstations and laptops, many loaded malware campaigns begin with phishing attempts. Cyber Security Hub developed a market report to explore the perceptions, cha...
- Incident Of The Week: FaceApp Now Viral For Security Risks July 19, 2019FaceApp has become popular for its ability to take a photo of anyone’s face and age it, or transform its features. Developed by a Russian-based company, it has gone viral because many are questioning...
- BYOD Rules And The Future Of Medical Data Security April 24, 2019Healthcare organizations have always been extremely attractive targets to cyber criminals, so the increasing use of personal or third party mobile devices highlights a need for the implementation of m...
- Incident Of The Week: Group FaceTime Glitch Exposes Privacy Breach February 1, 2019According to The New York Times, on Jan. 19, a 14-year-old from Arizona discovered a glitch using FaceTime, Apple’s video chatting software — he could eavesdrop on his friend’s phone before his friend...
- 5 Reasons To Use Biometrics To Secure Mobile Devices January 24, 2019It is no secret that mobile devices are under attack. From phishing scams to a host of other issues, mobile devices are increasingly seen as a vulnerability in the enterprise, and as an easy target fo...
- 7 Mobile Security Bloggers To Follow January 15, 2019With new enterprise mobile device security threats and vulnerabilities being discovered on a frequent basis, it helps to read analysis from numerous industry leaders.
- 11 Ways To Boost Your Mobile Device Security Now January 11, 2019Since mobile devices can represent an enormous security risk, enterprises need to be aware of every solution. Here are 11 initiatives from IQPC's Enterprise Mobility Exchange, to enhance mobile device...
- Palo Alto Networks CSO Talks Risk Metrics, Algorithms & Automation October 30, 2018On the May 14 episode of “Task Force 7 Radio,” host George Rettas sat down with Palo Alto Networks CSO, Rick Howard, to outline risk management, the security kill-chain and much more.
Threats From Malware
- How To Keep Remote Workers Secure During COVID-19 And Other Crises April 7, 2020The headlines have been screaming about Zoom bombing lately, and it was just a matter of time before hackers took advantage of a remote workforce to infiltrate video conference calls. There has also b...
- Incident Of The Week: Defense Electronics Manufacturer CPI Succumbs To Ransomwar... March 23, 2020Electronics manufacturer Communications & Power Industries (CPI) was victimized by having its data encrypted and held ransom. Some of its customers include the US Department of Defense and the DoD’s D...
- Malware Analysis Strives To Outpace Enterprise Digitalization March 4, 2020Malware analysis is an essential element for developing the efficient removal tools that can ultimately eliminate malware from an infected system. The adoption of BYOD mobile devices and introduction...
- Incident Of The Week: Wawa, Champagne French Bakery Café And Islands Restaurants... December 20, 2019In this Incident Of The Week report, a trio of retailers disclosed payment card incidents resulting in data breaches. Bad actors are infecting point-of-sale (POS) terminals with malware. The malware c...
- Incident Of The Week UPDATE: Hy-Vee Details Investigation Into 2019 Payment Card... October 4, 2019Malware installed on point-of-sale terminals at Midwestern U.S. retailer Hy-Vee resulted in a collection of more than 5 million payment card records appearing for sale online. This Incident Of The Wee...
- Incident Of The Week: Russell Stover's Chocolates Latest To Disclose Retail Poin... September 9, 2019In this Cyber Security Hub Incident of the Week, Russell Stover’s Chocolates disclosed that payment card data from transactions at its retail stores may have been exposed for 7 months earlier this yea...
- Incident Of The Week: Apple iPhones Affected By Data Breach Discovered By Google... September 6, 2019Apple has patched a series of iPhone vulnerabilities discovered by Google’s Project Zero security researchers allowing malware to be embedded into iOS devices. Infiltrated smartphones were capable of...
- Incident Of The Week: Malware Infects 25M Android Phones July 12, 2019Cyber security researcher Check Point has warned Android users in a blog on July 10, 2019, that as many as 25 million Android mobile devices have been hit with a malware now being called ‘Agent Smith....
- Incident Of The Week: Checkers Restaurants Details Data Breach June 18, 2019Checkers Drive-In Restaurants Inc. notified its customers that about 15% of its restaurants in 20 states may have had data exposures possibly starting back into 2015, and some lasting until about mid-...
- Incident Of The Week: Cyber Attack Takes Weather Channel Offline April 26, 2019On Thursday, April 18, 2019, The Weather Channel live broadcast went offline for about an hour according to The Wall Street Journal, which the company later confirmed in a Twitter statement was due to...
Threats to Data
- Add More Relevant Attack Detection To Your Threat Intelligence December 7, 2020Download this whitepaper to gain a better appreciation of how the Domain Name System (DNS) functions and its role in today’s internet architecture and learn how DNS derived threat data can be used to...
- IoT Security September 23, 2020Digital identities for IoT devices identify them within their ecosystem. From there, authorization is granted only to the IDs of the devices we want active on our home or enterprise network. This syst...
- Incident of the Week: Virgin Media Exposes Data of 900,000 People March 20, 2020The company attributed the hacking to a member of staff who had “incorrectly configured” the database, and promised it's building a specific online service which will allow individuals to find out if...
- $450 Million Cybersecurity Investment Fund Formed February 20, 2020An increase in threats and cyber-attacks against enterprise systems, data and personnel requires an investment in innovative organizations to provide defensive solutions. ForgePoint Capital has announ...
- Incident Of The Week: Security Researcher Uncovers 440 Million Records From Esté... February 18, 2020A security researcher discovered an exposed database containing 440 million records belonging to beauty manufacturer Estée Lauder. The data for an education platform was publicly accessible. In this I...
- Incident Of The Week UPDATE: Wawa Customer Payment Card Data Found on Dark Web February 15, 2020Convenience and fuel retail chain Wawa disclosed a data incident in December 2019. Now, payment card information for 30 million customers has been found for sale online. We discuss how a malware attac...
- Survey: Security Tops List Of Aerospace And Defense Developer Concerns February 11, 2020Software has become increasingly essential to aerospace and defense development. In a recent survey of more than 300 developers, the top concern cited by this industry’s developers is security. Read t...
- The Role Of Human Factors In Enterprise Cyber Security February 10, 2020Regardless of the means of attack—email, cloud applications, the web, social media, or other vectors—threat actors repeatedly demonstrated the effectiveness of social engineering tactics. This whitepa...
- The Immediate Impact Of AI In The Security Operations Center (SOC) February 5, 2020The impact of AI is already being felt in the enterprise organization. And no surprise, cyber-attackers are leveraging machine learning to carry out more sophisticated attacks. Is the tech mature enou...
- The Value Of Separating Compliance And Enterprise Cyber Security Goals January 17, 2020Cyber Security Hub created a market report offering end-user “best practices” for data privacy legislation and stack GDPR up against other international measures on compliance. Further, it provides in...
Cloud Threats
- The Cyber Security Issues That Arise When Transitioning to the Cloud April 30, 2020These are extraordinary times and in the haste to migrate to the cloud, organizations may be losing sight of security protocols, cautioned Ranulf Green, head of assurance USA for Context Information S...
- Incident Of The Week: Misconfigured Servers Result In 250 Million Microsoft Cust... January 27, 2020A misconfiguration applied to five Elasticsearch database servers in December 2019 led to the exposure of 250 million customer support records for software maker Microsoft. How should less sophisticat...
- Public Cloud Platforms – A Honey Pot For Threat Actors December 26, 2019Each of the various cloud types offer enterprise cost benefits, as well as other efficiencies. However, cloud computing drastically widens the attack surface, offering hackers the upper hand in an end...
- Cloud Security: A CISO Guide September 30, 2019Enterprises are migrating to the cloud, taking their data and applications to this platform. However, the cyber security risks are often overlooked. This Cyber Security Hub Guide provides insight from...
- Behind The Data Breach: Understanding Cloud Security And Misconfigurations September 17, 2019Many breaches occurring today are applications that reside in the cloud and often explained as a misconfiguration on the customer side. Hosting the right internal discussions and having the proper con...
- Moving To The Cloud: Considerations Beyond The Bottom Line August 12, 2019Organizations are rapidly moving to cloud providers to reduce costs, pursue digital transformation initiatives, and improve the agility of business. Moving to the cloud transfers cyber risks in many a...
- Incident Of The Week: Historic Capital One Hack Reaches 100 Million Customers Af... August 2, 2019A closer look at what happened in the Capital One mega-breach, the kinds of data compromised, and the financial services organization’s response in the CShub Incident Of The Week.
- Cloud Security Market Report: Exploring The Right Enterprise Strategy July 29, 2019This Cyber Security Hub market report examines the ins and outs of today’s hybrid cloud setups so enterprises can better understand the technology and vulnerabilities, in order to develop the right cl...
- Incident Of The Week: Cloud Security Breach Of PCM Inc. June 28, 2019PCM has approximately 4,000 employees, more than 2,000 customers and made about $2.2 billion in revenue in 2018. The sizeable U.S.-based cloud solution provider discovered a digital intrusion in mid-M...
- Preparing Enterprises For Quantum Computing Cyber Security Threats June 17, 2019While the arrival of quantum computing may still be uncertain, there are many enterprises that have high expectations for the technology. Conversely, the same quantum computer also has the potential t...
Executive Decisions
- Cyber Security Woman Of The Year April 9, 2021CSHub is partnering with The Cybersecurity Woman of the Year (CSWY) an annual global awards event spotlighting women for their outstanding achievements in the field of security. Tina Gravel discusses...
- Attaining True Managed Risk Visibility From On-Prem To The Cloud April 7, 2021Gain the ability to: Classify assets in an environment to measure and manage risk; Incorporate the risk associated with users that are a part of a third-party breach; Attain easy measurement to be abl...
- 5 Cyber Security Basics For Every Enterprise April 7, 2021As companies continue to become more digital, their level of cyber risk will continue to rise, so they need to have both proactive and reactive cyber security practices to minimize that risk. Followin...
- Reducing Vulnerabilities by Aligning Developers and Operations with Security April 5, 2021This demo showcases: Engaging with in-depth lesson content while providing security teams and management visibility; Quickly providing evidence of completion of training to internal compliance teams a...
- DevSecOps: An Integrated Approach to Embedding Security into DevOps - A Best Pra... April 2, 2021Download this e-book to realize: Security within the Common Development Methodologies; The different ways to embedding Security into DevOps; The current approach to security within DevOps
- Setting The Four Cornerstones Of Cloud Security: Accountability, Strategy, Visib... April 1, 2021Cloud migration led to cloud evolution which has led to a cloud-first mindset. With a pandemic push, global corporate enterprise has gravitated to the exponential perimeter. The four cornerstones of c...
- Cyber Security Talent Evolution April 1, 2021It's tough to take advantage of tacit knowledge at the same time as cyber security job functions are disrupted by the cloud. All the while, the cyber security organization is facing a true innovation...
- Attracting The Talent Needed For An Advanced Identity Approach March 31, 2021Evaluating internal talent to ensure the right mindset is evolving the Identity infrastructure is important. Some suggest that cyber security identity operations would benefit from non-cyber security...
- Unpacking The Past 15 Years of IAM March 30, 2021Costs add up while the enterprise becomes more vulnerable if IAM isn't done right. Andrew joins Identity As The Perimeter Asia to provide insights from his past 15 years in IAM, thoughts from the fron...
- 9 Steps To Critical Event Management Improvement March 29, 2021Download this whitepaper to realize: Why the traditional approach to managing emergencies and business disruptions is outdated; A holistic approach to Critical Event Management (CEM); A more unified,...
Security Strategy
- How CISOs and CDOs Can [and Should] Partner to Strengthen Data Governance April 7, 2021Why CDOs and CISOs are a match made in data protection heaven. How data governance fuels data security.
- Patchwork of Privilege June 26, 2020Product marketing manager from Thycotic, Erin Duncan, discusses privilege in this Digital Summit session. Erin sets the stage with this: “We know that cyber attackers are utilizing new technology and...
- Identity Access, Endpoint Security & User Productivity June 25, 2020No matter where you currently are on the “return” continuum, some form of accentuated remote work, it seems- it’s here to stay. The days of 30%ish of your workforce remotely accessing your systems som...
- Reducing Threat Impact With CIS Controls June 3, 2020Lane Roush, vice-president of Presales Systems Engineering at Arctic Wolf Networks, discusses CIS roles, controls, and tools in this digital summit session.
- Detecting And Responding At The Speed Of Business May 28, 2020Tim Condello, the global technology leader for Siemplify, details how to detect and respond to threats at the speed of business in this fun, informative 2020 Cyber Security Summit session.
- Best Practices For Thriving In An Ambiguous World May 28, 2020Christine Vanderpool is the VP of IT security and the chief information security officer for Florida Crystals Corporation and ASR Group.. When she started, there was no defined cyber security strategy...
- Implementing A Layered Approach To Phishing And Whaling May 27, 2020During this digital summit panel, Suresh Chawdhary, head of security & privacy for Nokia, stresses the importance of a layered, multi-pronged cyber security approach to best protect from phishing and...
- What Is The Current State Of Cyber Security May 27, 2020Michael Oberlaender joins host George Rettas on this episode of Task Force 7. Michael is a globally recognized thought leader, author, publisher, and speaker. With three decades of IT experience, Mic...
- Enable Secure Velocity At Scale: DevOps Automation With Identity May 14, 2020Ivan Dwyer, group product marketing manager with Okta, begins this virtual session by acknowledging the challenges of security professionals as an increasing number of organizations adopt cloud and De...
- Protecting People from the #1 Threat Vector May 4, 2020The FBI reported losses attributed to business email compromise (BEC) and Email Account Compromise (EAC) totalling over $26B between July 2016 and July 2019. While the scale of losses is staggering, h...
InfoSecurity Magazine
- Facebook Removes 16k Groups for Trading Fake Reviews April 9, 2021Double intervention by UK watchdog prompts Facebook to axe groups trading in fake reviews
- US Jails Cyber-stalker Who Targeted Attack Survivor April 9, 2021Florida man who cyberstalked survivor of murder attempt is sent to prison
- LifeLabs Launches Vulnerability Disclosure Program April 9, 2021Canadian medical laboratory teams up with Bugcrowd to boost cybersecurity
- NCSC: Large Number of Brits Are Using Easily Guessable Passwords April 9, 2021The survey found 15% of Brits use their pet's name as a password
- Learning from Recent Insider Data Breaches April 9, 2021Organizations need to ramp up their monitoring and detection capabilities
- #COVID19 Fraud Surge Threatens to Overwhelm Banks April 9, 2021Remote workers struggle with disjointed systems and outdated technology
- Hackers Hacked as Underground Carding Site is Breached April 9, 2021Swarmshop admins, buyers and sellers on the receiving end of cyber-attack
- UK Firms Suffer Record Number of Cyber-Attacks in Q1 April 9, 2021Remote working continues to expose organizations
- College Track Coach Accused of Cyberstalking April 8, 2021Athletics coach arrested on suspicion of tricking female athletes into sending him nudes
- Stimulus Stimulates Unemployment Scams April 8, 2021Suspicious unemployment-related emails up 50% in US since late February
Application and Cybersecurity Blog
- 3rd Party IT Risk – Managing the Habitual Headaches February 16, 2021While planning for our upcoming Ed TALK on the SolariGate attack with Microsoft and Equifax, I remembered a conversation from an earlier Ed TALK on managing Software Risk. 3rd party “stuff” is a staple in the modern enterprise due to our insatiable appetite for sophisticated and on-demand features. My three guests had slightly different […]
- Computer-Based Training: January 2021 Release in Review January 22, 2021To remain current with technology and threat trends, we update our training every quarter. While we enjoy showing off our new content, it’s just as important for our customers to understand why we separate and conjoin and how learners consume certain topics. Customer feedback, internal SME reviews, and research on industry and technology trends also […]
- Extending Security Knowledge to the Cloud January 21, 2021Cloud Clash 2020 Wrap-Up
- Through the Eyes of a Cybersecurity CEO: Trends For 2021 January 14, 2021Advice for Executives to Watch Next Year 2020 completely changed the way workforces operate. Digital transformation went from an emerging trend to a necessity for survival. Certain industries were brought to their knees: some didn’t make it, while others thrived. One of those industries that thrived was cyber crime. As millions scrambled and were […]
- Ed Talks: A 2020 Retrospective December 17, 2020Last August, we kicked off a monthly talk show series called Ed TALKS (edtalks.io). Each month I bring cybersecurity leaders together to debate various topics. We took December off to recover from the end-of-year madness ☺ but we'll be back at it again in January 2021.
Naked Security
- Pwn2Own 2021: Zoom, Teams, Exchange, Chrome and Edge “fully owned” April 9, 2021Two lucky winners scooped $200k for just 20 minutes' work - if you don't count the days, weeks and months of meticulous effort beforehand
- Italian charged with hiring “dark web hitman” to murder his ex-girlfriend April 8, 2021Fortunately, this suspect wasn't as anonymous as he thought...
- S3 Ep27: Census scammers, beg bounties and data breach fines [Podcast] April 8, 2021New episode - listen now!
- Too slow! Booking.com fined for not reporting data breach fast enough April 6, 2021It's not just the breach, it's the speed of the breach response...
- Criminals send out fake “census form” reminder – don’t fall for it! April 1, 2021Don't fall for fake text messages, no matter how realistic the website looks if you click through.
- S3 Ep26: Apple 0-day, crypto vulnerabilities and PHP backdoor [Podcast] April 1, 2021Latest episode - listen now!
- PHP web language narrowly avoids “backdoor” supply chain attack March 30, 2021The crooks got in and added a backdoor to PHP, but it looks as though it was caught before any harm was done.
- Naked Security Live – Lessons beyond ransomware March 29, 2021Cybercrime isn't about just one sort of attack, one type of crook, or one method of protection!
- Serious Security: OpenSSL fixes two high-severity crypto bugs March 28, 2021The bug that broke security when you turned STRICT mode on...
- Apple devices get urgent patch for zero-day exploit – update now! March 27, 2021Universal Cross Site Scripting bug means all web browsing is potentially at risk. We explain in plain English.
Cyber security
- Why managing the human factors is crucial to a successful cyber security crisis response March 9, 2021In this blog, Lorena Gutierrez discusses why a successful response to a cyber security crisis strongly relies on a number of human factors. Find out more.
- Womxn in Cyber’s latest Inspirational Womxn event March 8, 2021At Womxn in Cyber, we are always looking for opportunities to uplift and celebrate the many success stories of our colleagues.
- Why the oil and gas sector needs to stay alert to cyber security threats January 7, 2021The oil and gas sector continues to play a key role in meeting today’s energy demands. Find out why the industry must stay alert to cyber security threats.
- Why maritime cyber security regulations are vital for protecting physical safety December 22, 2020The maritime sector is increasingly under attack from cyber threat actors. Find out why cyber security regulations are vital for protecting physical safety.
- Short changed: vendors risk leaving money on the table by failing to highlight their cyber security credentials in preparation for sale November 23, 2020When preparing a divestment, vendors run the risk of having their business undervalued. Cyber security tends to be an afterthought when this is being planned.
- Six ways to reduce the risk from human-operated ransomware attacks October 28, 2020Ransomware attacks are one of the most dangerous cyber threats today. This blog will highlight six ways on how you can reduce the risk of these happening.
- Four cyber security principles that will help private equity funds maximise their return on investment October 1, 2020A new guide published by the BVCA and supported by PwC explains the importance and nuances of cyber security within the deals lifecycle.
- Eight ways to improve your cyber resilience after COVID-19 September 18, 2020In this blog we look at how businesses can evaluate and improve their cyber resilience after implementing new technologies during the COVID-19 pandemic.
- How to maintain your cyber security awareness programme with a remote workforce July 1, 2020How can you adapt your cyber security awareness programme to suit a remote workforce?
- The machines might be here - but we still need to remember the humans February 5, 2020What difference can a strong cyber culture really make?
Cyber Security
- Cybersecurity Volunteer Opportunities April 9, 2021Does anyone have any suggestion for places to volunteer that would gain me some cybersecurity experience? I'm an entry level person, so, I'm primarily looking to gain experience. Please let me know if there are any suggestions for gaining experience that an employer would find valuable. Thank you! submitted by /u/Round-Campaign-1692 [link] [comments]
- How exactly do digital intelligence companies like Cellebrite and AccsessData break into locked iPhones? April 9, 2021Do they physically change components/hardware of phones? Or do they run some kind of program that can “break” into phones? submitted by /u/Status-Recognition-2 [link] [comments]
- Cybersecurity Roles: Deadline-based vs. Respond as Problems Arise April 4, 2021Which cybersecurity job roles are more deadline-based? (I’m thinking Security Software Eng, since it fits into SDLC, which is deadline-based. What else?) Which roles are more “respond as problems arise?” (I’m guessing defenders/ analysts fall into this category?) submitted by /u/Dudeguybrochingo [link] [comments]
- Reliable sources of information on cyberattacks March 31, 2021Hi everyone! I'm Italian so my engilsh isn't that good (and so on). I'm into political science at the university and for a research i was looking for authoritative and reliable sources of information about cyberattacks and cybersecurity. At the moment the only thing that comes close to what i'm searching is the Center of […]
- Malicious commits made to the PHP source repo. The malicious code was spotted quickly, but this was a brazen attempt at a supply chain hack. March 30, 2021submitted by /u/NeoPaper [link] [comments]
- New here March 27, 2021So hey everybody, new to CyberSec and all things Red and Blue. Any pointers, tips or resources to get started? Im kind of strong in networking and starting off with Sec+ studying as well. My motto is : “In this game, your defense is only as good as your offense. You can’t stop what you […]
- Working in Consultancy Firms March 26, 2021I’m a student looking to get into cybersecurity in the future. Most cybersecurity job postings I see in my area are consultancy firms. To those who have experience working in consultancy firms: * What was/ is your role? * What is a day-to-day schedule like? Is work-life-balance good? * What are the pros and cons […]
- This was submitted via a WordPress contact form and is one of several spam attempts that I think is aimed to disrupt my website. Does anyone know what this code is meant to do? March 26, 2021submitted by /u/tomjarvis [link] [comments]
- got a scary email, really need advice March 24, 2021im not sure this is the right place to post this, but im kind of panickinggot this email yesterday apparently, and i want to know what level of fear should i have the part that really scarily adds up is the password, which i do use,or more accurately, DIDchanged it immediately upon seeing this email […]
- Login Attempts March 24, 2021Unauthorized login attempts When reviewing my account history, I noticed there were several unsuccessful attempts (from different countries) trying to log into my Hotmail/outlook account. Any experts out there know if this is normal for most users? Advise? Tips? submitted by /u/56Researcher65 [link] [comments]
Cyber Attacks, Cyber Crime and Cyber Security
- Is Kerberoasting still effective if the passwords are salted? March 26, 2020Pretty straightforward, but I'm having difficulty finding resources to confirm. Admittedly, I've never kerberoasted before. I see from many results that many Active Directory instances do not salt passwords. I'm wondering if the passwords were salted, would it mitigate a kerberoast? submitted by /u/PhotoCropDuster [link] [comments]
- help with server January 7, 2020My friend has challenged me to gen into his server so I attempted to. it was on his wifi so I found it over the LAN and I ran a portscan, HTTP and SSH were open, I ran a wordlist attack on ssh and it didn't work, I do have a web interface and it […]
- This sub is dead. If you post here, I will assume you are a spammer/bot, and ban you from this as well as my other subreddits July 21, 2018submitted by /u/misconfig_exe [link] [comments]
- WPA2 is Officially compromised October 16, 2017submitted by /u/PhotoCropDuster [link] [comments]
- Who are the best cyberSecurity experts to follow on Twitter? [x-posted to /r/security] August 9, 2017I'm just looking to stay in-the-know through twitter. Info on any other websites/social media I can use to stay relevant with the latest cyber vulnerabilities/threats are welcome. submitted by /u/swiftversion4 [link] [comments]
- Friend of a friend being threatened by a dox attack July 28, 2017Hi, not sure if this is the right place, but a friend of a friend is being messaged by someone threatening to post on the bathomet doxxing board, after some research, looks like a small board that almost died out a while ago, but if anyone had any more information on what they can actually […]
- Searching for project idea. July 9, 2017I'm a under-grad pursuing Engineering degree in Computer Science. I'm looking for research or software project in cyber security. If possible provide some way to get ideas; Or if it's not too demanding, help me in searching for some. submitted by /u/the_introverted_pen [link] [comments]
- Massive hacker attack on banks, Postal Services and Energy companies in Ukraine June 27, 2017submitted by /u/Escaladed99 [link] [comments]
- Reddit, let’s get organized. More than 30 subreddits have announced they’re joining the Internet-wide day of action to save net neutrality on July 12th • r/technology June 15, 2017submitted by /u/misconfig_exe [link] [comments]
- Credit cards hacks, breaches and thefts: Why they keep happening June 5, 2017submitted by /u/chace_thibodeaux [link] [comments]
Krebs on Security
- Are You One of the 533M People Who Got Facebooked? April 6, 2021Ne'er-do-wells leaked personal data -- including phone numbers -- for some 553 million Facebook users this week. Facebook says the data was collected before 2020 when it changed things to prevent such information from being scraped from profiles. To my mind, this just reinforces the need to remove mobile phone numbers from all of your […]
- Ransom Gangs Emailing Victim Customers for Leverage April 5, 2021Some of the top ransomware gangs are deploying a new pressure tactic to push more victim organizations into paying an extortion demand: Emailing the victim's customers and partners directly, warning that their data will be leaked to the dark web unless they can convince the victim firm to pay up.
- Ubiquiti All But Confirms Breach Response Iniquity April 4, 2021For four days this past week, Internet-of-Things giant Ubiquiti failed to respond to requests for comment on a whistleblower's allegations that the company had massively downplayed a "catastrophic" two-month breach ending in January to save its stock price, and that Ubiquiti's insinuation that a third-party was to blame was a fabrication. I was happy to […]
- New KrebsOnSecurity Mobile-Friendly Site April 1, 2021Dear Readers, this has been long overdue, but at last I give you a more responsive, mobile-friendly version of KrebsOnSecurity. We tried to keep the visual changes to a minimum and focus on a simple theme that presents information in a straightforward, easy-to-read format. Please bear with us over the next few days as we […]
- Whistleblower: Ubiquiti Breach “Catastrophic” March 30, 2021On Jan. 11, Ubiquiti Inc. [NYSE:UI] — a major vendor of cloud-enabled Internet of Things (IoT) devices such as routers, network video recorders and security cameras — disclosed that a breach involving a third-party cloud provider had exposed customer account credentials. Now a source who participated in the incident response to that breach alleges Ubiquiti […]
- No, I Did Not Hack Your MS Exchange Server March 28, 2021New data suggests someone has compromised more than 21,000 Microsoft Exchange Server email systems worldwide and infected them with malware that invokes both KrebsOnSecurity and Yours Truly by name. Let's just get this out of the way right now: It wasn't me.
- Phish Leads to Breach at Calif. State Controller March 23, 2021A phishing attack last week gave attackers access to email and files at the California State Controller's Office (SCO), an agency responsible for handling more than $100 billion in public funds each year. The phishers had access for more than 24 hours, and sources tell KrebsOnSecurity the intruders used that time to steal Social Security […]
- RedTorch Formed from Ashes of Norse Corp. March 22, 2021Remember Norse Corp., the company behind the interactive "pew-pew" cyber attack map shown in the image blow? Norse imploded rather suddenly in 2016 following a series of managerial missteps and funding debacles. Now, the founders of Norse have launched a new company with a somewhat different vision: RedTorch, which for the past two years has […]
- Fintech Giant Fiserv Used Unclaimed Domain March 17, 2021If you sell Web-based software for a living and ship code that references an unregistered domain name, you are asking for trouble. But when the same mistake is made by a Fortune 500 company, the results can range from costly to disastrous. Here's the story of one such goof committed by Fiserv [NASDAQ:FISV], a $6 […]
- Can We Stop Pretending SMS Is Secure Now? March 16, 2021SMS text messages were already the weakest link securing just about anything online, mainly because there are tens of thousands of people (many of them low-paid mobile store employees) who can be tricked or bribed into swapping control over a mobile phone number to someone else. Now we're learning about an entire ecosystem of companies […]
WeLiveSecurity
- Week in security with Tony Anscombe April 9, 2021Janeleiro banking trojan takes aim at Brazil – Lazarus deploys Vyveva backdoor in South Africa – The long shelf life of leaked data The post Week in security with Tony Anscombe appeared first on WeLiveSecurityEditor
- Data from 500 million LinkedIn accounts put up for sale April 9, 2021The treasure trove of data reportedly includes users’ LinkedIn IDs, full names, email addresses, phone numbers and workplace information The post Data from 500 million LinkedIn accounts put up for sale appeared first on WeLiveSecurityAmer Owaida
- Does data stolen in a data breach expire? April 8, 2021Some personal information just doesn’t age – here’s what the Facebook data leak may mean for you The post Does data stolen in a data breach expire? appeared first on WeLiveSecurityTony Anscombe
- (Are you) afreight of the dark? Watch out for Vyveva, new Lazarus backdoor April 8, 2021ESET researchers discover a new Lazarus backdoor deployed against a freight logistics firm in South Africa The post (Are you) afreight of the dark? Watch out for Vyveva, new Lazarus backdoor appeared first on WeLiveSecurityFilip Jurčacko
- $38 million worth of gift cards stolen and sold on dark web April 7, 2021Easy to redeem and hard to trace, gift cards remain a hot commodity in the criminal underground The post $38 million worth of gift cards stolen and sold on dark web appeared first on WeLiveSecurityAmer Owaida
- Supply‑chain attacks: When trust goes wrong, try hope? April 7, 2021How can organizations tackle the growing menace of attacks that shake trust in software? The post Supply‑chain attacks: When trust goes wrong, try hope? appeared first on WeLiveSecurityCameron Camp
- Janeleiro, the time traveler: A new old banking trojan in Brazil April 6, 2021ESET Research uncovers a new threat that targets organizations operating in various sectors in Brazil The post Janeleiro, the time traveler: A new old banking trojan in Brazil appeared first on WeLiveSecurityFacundo Muñoz
- Week in security with Tony Anscombe April 2, 2021PHP source code briefly backdoored – Prevent data loss before it's too late – The perils of owning a smart dishwasher The post Week in security with Tony Anscombe appeared first on WeLiveSecurityEditor
- Is your dishwasher trying to kill you? April 1, 2021Does every device in your home really need to be connected to the internet? And could your smart appliance be turned against you? The post Is your dishwasher trying to kill you? appeared first on WeLiveSecurityJake Moore
- Are you prepared to prevent data loss? March 31, 2021From losing cherished memories to missing deadlines, the impact of not having backups when a data disaster strikes can hardly be overstated The post Are you prepared to prevent data loss? appeared first on WeLiveSecurityAmer Owaida
We Live CyberSecurity Feed
- Week in security with Tony Anscombe April 9, 2021Janeleiro banking trojan takes aim at Brazil – Lazarus deploys Vyveva backdoor in South Africa – The long shelf life of leaked data The post Week in security with Tony Anscombe appeared first on WeLiveSecurity
- Data from 500 million LinkedIn accounts put up for sale April 9, 2021The treasure trove of data reportedly includes users’ LinkedIn IDs, full names, email addresses, phone numbers and workplace information The post Data from 500 million LinkedIn accounts put up for sale appeared first on WeLiveSecurity
- Does data stolen in a data breach expire? April 8, 2021Some personal information just doesn’t age – here’s what the Facebook data leak may mean for you The post Does data stolen in a data breach expire? appeared first on WeLiveSecurity
- (Are you) afreight of the dark? Watch out for Vyveva, new Lazarus backdoor April 8, 2021ESET researchers discover a new Lazarus backdoor deployed against a freight logistics firm in South Africa The post (Are you) afreight of the dark? Watch out for Vyveva, new Lazarus backdoor appeared first on WeLiveSecurity
- $38 million worth of gift cards stolen and sold on dark web April 7, 2021Easy to redeem and hard to trace, gift cards remain a hot commodity in the criminal underground The post $38 million worth of gift cards stolen and sold on dark web appeared first on WeLiveSecurity
- Supply‑chain attacks: When trust goes wrong, try hope? April 7, 2021How can organizations tackle the growing menace of attacks that shake trust in software? The post Supply‑chain attacks: When trust goes wrong, try hope? appeared first on WeLiveSecurity
- Janeleiro, the time traveler: A new old banking trojan in Brazil April 6, 2021ESET Research uncovers a new threat that targets organizations operating in various sectors in Brazil The post Janeleiro, the time traveler: A new old banking trojan in Brazil appeared first on WeLiveSecurity
- Week in security with Tony Anscombe April 2, 2021PHP source code briefly backdoored – Prevent data loss before it's too late – The perils of owning a smart dishwasher The post Week in security with Tony Anscombe appeared first on WeLiveSecurity
- Is your dishwasher trying to kill you? April 1, 2021Does every device in your home really need to be connected to the internet? And could your smart appliance be turned against you? The post Is your dishwasher trying to kill you? appeared first on WeLiveSecurity
- Are you prepared to prevent data loss? March 31, 2021From losing cherished memories to missing deadlines, the impact of not having backups when a data disaster strikes can hardly be overstated The post Are you prepared to prevent data loss? appeared first on WeLiveSecurity