At the Intersection of Technology and Real Life

SAP Patches Serious Code Injection, DoS Vulnerabilities

Michael York Reading, PA SecurityWeek, Syndicated Stories

German software maker SAP has published 10 advisories to document flaws and fixes for a range of serious security vulnerabilities.

Read the full article here

Latest Headlines

I Am Not a Soldier, but I Have Been Trained to Kill

15 January 2021

A sprawling tactical industry is teaching American civilians how to fight like Special Ops forces. By preparing for violence at home, are they calling it into being? [...]

The Case for Cannibalism, or: How to Survive the Donner Party

13 January 2021

Don’t be a young, healthy, single man. That’s our first piece of advice. [...]

The Unsettling Truth About the ‘Mostly Harmless’ Hiker

12 January 2021

His emaciated body was discovered in a tent, just a few miles from a major Florida highway. His identity—and troubled past—were discovered by the internet. [...]

How Many Microcovids Would You Spend on a Burrito?

12 January 2021

Six nerdy roommates used public health data to create an online Covid-risk points system for every activity—and protect their pandemic pod. [...]

The Autonomous-Car Chaos of the 2004 Darpa Grand Challenge

6 January 2021

The self-driving vehicles smashed, burned, flipped, and tipped. But the ambitious race through the Mojave launched an industry. [...]

A 25-Year-Old Bet Comes Due: Has Tech Destroyed Society?

5 January 2021

In 1995, a WIRED cofounder challenged a Luddite-loving doomsayer to a prescient wager on tech and civilization’s fate. Now their judge weighs in. [...]

The F-14 and the Secret History of the First Microprocessor

23 December 2020

In a weird way, I’ve known Ray Holt all my life, but I never knew what he had accomplished—or how his inventions wove their way into my own family. [...]

Some of Our Favorite Longreads of 2020

22 December 2020

It was a brutal year. Take a breath and enjoy some of our favorite in-depth stories. [...]

Get Rich Selling Used Fashion Online—or Cry Trying

10 December 2020

The social shopping app Poshmark promises women the chance to spin gold out of secondhand threads. The reality is a lot of spinning, and little gold. [...]

A Race Car Crash From Hell—and the Science That Saved Its Driver

6 December 2020

Romain Grosjean’s F1 car slammed into a wall at 137 mph and burst into flames. He walked away because of decades of work by unsung scientists and engineers. [...]

Pro-Trump 'Enemies of the People' doxing site is still active

16 January 2021

Enemies of the People, the website inciting violence against U.S. officials who refused to support the President's claims to voter fraud, is still active and continues to expose personal details from more individuals. [...]

Stolen credit card shop Joker's Stash closes after making a fortune

16 January 2021

The administrator of Joker's Stash, one of the longest-running marketplace for stolen credit cards, announced on Friday that they would permanently shut down the operation next month. [...]

The Week in Ransomware - January 15th 2021 - Locking you up

15 January 2021

It has been another quiet week for ransomware, though we did have some interesting stories come out this week. [...]

Google to kill Chrome Sync feature in third-party browsers

15 January 2021

Google says that it will block third-party Chromium web browsers from using private Google APIs after discovering that they were integrating them although they're intended to be used only in Chrome. [...]

Windows Finger command abused by phishing to download malware

15 January 2021

Attackers are using the normally harmless Windows Finger command to download and install a malicious backdoor on victims' devices. [...]

Hackers leaked altered Pfizer data to sabotage trust in vaccines

15 January 2021

The European Medicines Agency (EMA) today revealed that some of the stolen Pfizer/BioNTech vaccine candidate data was doctored by threat actors before being leaked online with the end goal of undermining the public's trust in COVID-19 vaccines. [...]

Scotland environmental regulator hit by ‘ongoing’ ransomware attack

15 January 2021

The Scottish Environment Protection Agency confirmed on Thursday that some of its contact center, internal systems, processes and internal communications were affected following a ransomware attack that took place on Christmas Eve. [...]

Signal down after getting flooded with new users

15 January 2021

Signal users are currently experiencing issues around the world, with users unable to send and receive messages. When attempting to send messages via Signal, users are seeing loading screen and error message "502". [...]

Microsoft warns of incoming Windows Zerologon patch enforcement

15 January 2021

Microsoft today warned admins that updates addressing the Windows Zerologon vulnerability will transition into the enforcement phase starting next month. [...]

Undisclosed Apache Velocity XSS vulnerability impacts GOV sites

15 January 2021

An undisclosed XSS vulnerability in Apache Velocity Tools can be exploited by unauthenticated attackers to target government sites, including NASA and NOAA. [...]

The best VR games and experiences on Oculus Quest and Quest 2 - CNET

17 January 2021

Fitness and sports, multiplayer gaming, virtual theater, strange worlds: This is what you have to check out first. [...]

After Twitter banned Trump, misinformation plummeted, says report - CNET

17 January 2021

In the week after Trump was muzzled, misinformation about election fraud tumbled by 73 percent, a researcher says. [...]

10 best car insurance companies in the US for 2021 - Roadshow

17 January 2021

Auto insurance is essential for safe, legal driving. [...]

Facebook bans ads for gun accessories in run-up to inauguration - CNET

16 January 2021

The move comes as the US braces for the possibility of more violence ahead of the Jan. 20 swearing in of President-elect Joe Biden. [...]

The best fitness trackers for 2021 - CNET

16 January 2021

Whether you're looking for band or a watch, these four options will help kick your fitness routine into high gear. [...]

Nissan's NV350 Office Pod lets you work anywhere -- seriously - Roadshow

16 January 2021

Want to work in the forest away from a cubicle? No problem. [...]

Martin Luther King Jr. Day: Movies, TV shows and books on systemic racism - CNET

16 January 2021

Ahead of the federal holiday Monday celebrating the birthday of the civil rights leader, here are materials to help educate all ages about the fight for racial justice. [...]

The best MLK Day sales and deals you can get right now: Save $70 on Dyson, $30 on AirPods, $60 on Apple Watch and more - CNET

16 January 2021

You can save on an Echo Show, smartwatches and smart speakers, not to mention outdoor wear, Shutterfly photo books, Keurig and more. [...]

Those WandaVision retro commercials hint at dark things to come - CNET

16 January 2021

That Stark Industries toaster and Hydra-labeled watch suggest a dark side beneath the suburban sunshine for Marvel's Wanda and Vision. [...]

Game of Thrones dire wolves were real. We now know why they went extinct - CNET

16 January 2021

DNA evidence shows that the now famous -- and extinct -- dire wolf species couldn't mate with gray wolves. [...]

NSA Appoints Rob Joyce as Cyber Director

15 January 2021

Joyce has long worked in US cybersecurity leadership, most recently serving as the NSA's top representative in the UK. [...]

Successful Malware Incidents Rise as Attackers Shift Tactics

15 January 2021

As employees moved to working from home and on mobile devices, attackers followed them and focused on weekend attacks, a security firm says. [...]

Name That Toon: Before I Go ...

15 January 2021

Feeling creative? Submit your caption in the comments, and our panel of experts will reward the winner with a $25 Amazon gift card. [...]

How to Achieve Collaboration Tool Compliance

15 January 2021

Organizations must fully understand the regulatory guidance on collaboration security and privacy so they can continue to implement and expand their use of tools such as Zoom and Teams. [...]

These Kids Are All Right

15 January 2021

Faculty and students at the William E. Doar School for the Performing Arts in Washington, D.C. created "Cyberspace," a rap song about online safety as part of the NSA's national STOP. THINK. CONNECT. campaign back in 2012. Wonder how many went into security. [...]

Shifting Privacy Landscape, Disruptive Technologies Will Test Businesses

14 January 2021

A new machine learning tool aims to mine privacy policies on behalf of users. [...]

'Chimera' Threat Group Abuses Microsoft & Google Cloud Services

14 January 2021

Researchers detail a new threat group targeting cloud services to achieve goals aligning with Chinese interests. [...]

Businesses Struggle with Cloud Availability as Attackers Take Aim

14 January 2021

Researchers find organizations struggle with availability for cloud applications as government officials warn of cloud-focused cyberattacks. [...]

NSA Recommends Using Only 'Designated' DNS Resolvers

14 January 2021

Agency provides guidelines on securely deploying DNS over HTTPS, aka DoH. [...]

Who Is Responsible for Protecting Physical Security Systems From Cyberattacks?

14 January 2021

It's a question that continues to engage debate, as the majority of new physical security devices being installed are now connected to a network. While this offers myriad benefits, it also raises the question: Who is responsible for their cybersecurity? [...]

Why Cyber Security Should Be at the Top of Your Christmas List

17 December 2020

To take advantage of emerging trends in both technology and cyberspace, businesses need to manage risks in ways beyond those traditionally handled by the information security function. [...]

United States Federal Government’s Shift to Identity-Centric Security

17 December 2020

Governments are increasingly facing new legislation, standards, frameworks, and policies to protect critical and sensitive information. [...]

How Extreme Weather Will Create Chaos on Infrastructure

21 October 2020

Extreme weather events will soon become more frequent and widespread, devastating areas of the world that typically don’t experience them and amplifying the destruction in areas that do. [...]

BSIMM11 Observes the Cutting Edge of Software Security Initiatives

21 October 2020

In addition to helping an organization start an SSI, the BSIMM also gives them a way to evaluate the maturity of their SSI. [...]

Sustaining Video Collaboration Through End-to-End Encryption

21 October 2020

By infusing end-to-end encryption into any video strategy, it ensures not only the sustainability of the channel, but the businesses that rely on it. [...]

Will Robo-Helpers Help Themselves to Your Data?

8 September 2020

Are you sure that your robo-helpers are secure? [...]

Securing the Hybrid Workforce Begins with Three Crucial Steps

2 September 2020

The global shift to a remote workforce has redefined the way organizations structure their business models. [...]

A New Strategy for DDoS Protection: Log Analysis on Steroids

26 August 2020

Incorporating a data lake philosophy into your security strategy is like putting log analysis on steroids. [...]

COVID-19 Aside, Data Protection Regulations March Ahead: What To Consider

26 August 2020

Despite the COVID-19 pandemic, companies are obligated to comply with many laws governing data security and privacy [...]

SecurityWeek Extends ICS Cyber Security Conference Call for Presentations to August 31, 2020

12 August 2020

The official Call for Presentations (speakers) for SecurityWeek’s 2020 Industrial Control Systems (ICS) Cyber Security Conference, being held October 19 – 22, 2020 in SecurityWeek’s Virtual Conference Center, has been extended to August 31st. [...]

DuckDuckGo surpasses 100 million daily search queries for the first time

16 January 2021

DuckDuckGo reaches historic milestone in a week when both Signal and Telegram saw a huge influx of new users. [...]

Delta just offered a brave lesson in listening to customers, not tech

16 January 2021

Everyone has their view of how the future of work will look. Delta Air Lines thinks the tech industry has got it all wrong. [...]

Grab this bundle and start down the path to becoming a data analytics pro

16 January 2021

Get five data analytics courses for under $30. [...]

iOS tip: Find out how many times has your iPhone battery been recharged

16 January 2021

Apple gives you a lot of information about your battery, but not this snippet of information. Here's how you can find out your iPhone's battery recharge cycles without any third-party apps or software. [...]

Iconic BugTraq security mailing list shuts down after 27 years

16 January 2021

BugTraq launched in November 1993 and it was one of the first mailing lists dedicated to disclosing vulnerabilities. [...]

Joker's Stash, the internet's largest carding forum, is shutting down

15 January 2021

Joker's Stash to shut down on February 15, 2021. [...]

Lawsuit accuses Amazon of price-fixing conspiracy in e-books, says WSJ

15 January 2021

The lawsuit, seeking class-action status, is the latest bit of scrutiny of the retail giant’s e-books business the Connecticut Attorney General opened an investigation into the company’s practices. [...]

Apple testing foldable iPhone screen prototypes, says Bloomberg

15 January 2021

Apple has “begun early work” but hasn’t yet decided on its foldable production plans, the newswire said. [...]

Google cuts off other Chromium-based browsers from its Sync service

15 January 2021

Google Sync to stop working in other browsers except Chrome starting March 15 2021. [...]

Accenture acquires Argentinean cloud services firm Wolox

15 January 2021

Founded in 2012, the Wolox team specializes in integrated services including digital business design, product creation and agile squads. [...]

Managing Cybersecurity Costs: Bake These Ingredients Into Your Annual Budget

15 January 2021

As businesses across all industries evolve, once discretionary expenses become operating costs. Insurance coverage, for example, is pretty much ‘a must’ across many industries. The latest may be cybersecurity costs, because protecting your most important currency, information, requires ongoing attention. When looking at your cybersecurity budget, factor in every part of the recipe. What are […] The post Managing Cybersecurity Costs: Bake These Ingredients Into Your Annual Budget appeared first on Security Intelligence. [...]

Hybrid Cloud Adoption Brings Security on the Go

15 January 2021

Hybrid cloud environments are a common sight in today’s digital world. IBM’s Assembling Your Cloud Orchestra report found 85% of organizations already utilize a hybrid cloud and 98% anticipate having one in place within three years. This type of cloud environment allows for more agile business processes, a novel infrastructure and produces potential new revenue […] The post Hybrid Cloud Adoption Brings Security on the Go appeared first on Security Intelligence. [...]

Misconfigurations: A Hidden but Preventable Threat to Cloud Data

15 January 2021

Working in the cloud has many advantages. But to handle your information safely, you should know how to defend against the common problem of misconfigurations leaving cloud data open to thieves. What are the Benefits of Cloud Computing? Many groups are expanding their use of the cloud. In November 2019, Gartner announced its prediction that […] The post Misconfigurations: A Hidden but Preventable Threat to Cloud Data appeared first on Security Intelligence. [...]

5 Cybersecurity Best Practices For Planning Ahead

14 January 2021

Putting best practices in place is the most efficient way to combat cybersecurity threats. But that’s easier said than done, as there are a lot of forces working against our best efforts. The talent shortage looms the largest; there simply aren’t enough qualified cybersecurity experts out there to provide organizations a strong foundation. Without a […] The post 5 Cybersecurity Best Practices For Planning Ahead appeared first on Security Intelligence. [...]

Preparing a Client Environment for Threat Management

14 January 2021

A key part of making any threat management program successful is ensuring it maps properly to the client’s needs. In the past, this has been challenging for many groups providing threat management to their internal teams. The challenge has largely been in making sure the proposed program and the suite of solutions find and call […] The post Preparing a Client Environment for Threat Management appeared first on Security Intelligence. [...]

Social Engineering And Social Media: How to Stop Oversharing

13 January 2021

You’ve done your due diligence, practice good security hygiene and have the best security tools available. Now, your security posture is strong. But, your plan is only as good as your employees, and they may be letting you down when it comes to being ready for social engineering. While employees clicking on phishing links still […] The post Social Engineering And Social Media: How to Stop Oversharing appeared first on Security Intelligence. [...]

Peaks and Valleys: The Mental Health Side of Cybersecurity Risk Management

12 January 2021

There is one risk cybersecurity experts often overlook: burnout. We can build on threat detection and incident response capabilities and use cybersecurity risk management frameworks, such as NIST CSF, to improve our overall risk posture all we want without ever looking inward. Because burnout is internal, we may not always see it. But left unmanaged, it can […] The post Peaks and Valleys: The Mental Health Side of Cybersecurity Risk Management appeared first on Security Intelligence. [...]

What is STRIDE and How Does It Anticipate Cyberattacks?

11 January 2021

STRIDE threat modeling is an important tool in a security expert’s arsenal. Threat modeling provides security teams with a practical framework for dealing with a threat. For example, the STRIDE model offers a proven methodology of next steps. It can suggest what defenses to include, the likely attacker’s profile, likely attack vectors and the assets […] The post What is STRIDE and How Does It Anticipate Cyberattacks? appeared first on Security Intelligence. [...]

Cybersecurity for Healthcare: Addressing Medical Image Privacy

11 January 2021

Medical imaging devices have greatly improved patient care and become a critical part of modern medical treatment. But, these devices weren’t always connected in ways they are today. Today’s tools are digital, networked with other devices and can be reached through a computer workstation. As such, more cyber threats can pose harm. So how can […] The post Cybersecurity for Healthcare: Addressing Medical Image Privacy appeared first on Security Intelligence. [...]

Cybersecurity Ethics: Establishing a Code for Your SOC

8 January 2021

Since security intersects so much with privacy, cybersecurity ethics decisions should be on your mind at work. Being part of a high-performing computer security incident response team (CSIRT) or security operations center (SOC) involves making big, intentional decisions. Increasing the maturity of your team is more than dropping a bag of shiny new tools and technology […] The post Cybersecurity Ethics: Establishing a Code for Your SOC appeared first on Security Intelligence. [...]

EU Regulator: Hackers ‘Manipulated’ Stolen Vaccine Documents

16 January 2021

The European Union’s drug regulator said Friday that COVID-19 vaccine documents stolen from its servers by hackers have been not only leaked to the web, but “manipulated.” read more [...]

Tens of Vulnerabilities in Siemens PLM Products Allow Code Execution

15 January 2021

Siemens this week informed customers that some of its product development solutions are affected by a total of nearly two dozen vulnerabilities that can be exploited for arbitrary code execution using malicious files. read more [...]

Data Security Startup Qohash Raises $6 Million

15 January 2021

Canadian data security startup Qohash this week announced it raised CAD 8 million (approximately USD $6.3 million) in Series A funding. The financing was led by FINTOP Capital. read more [...]

Microsoft Reminds Organizations of Upcoming Phase in Patching Zerologon Vulnerability

15 January 2021

Microsoft this week published a reminder for organizations that a February 9 security update will kick off the second phase of patching for the Zerologon vulnerability. read more [...]

Facebook Takes Legal Action Against Data Scrapers

15 January 2021

Facebook on Thursday announced that it took legal action against two individuals for scraping data from its website. read more [...]

Malvuln Project Catalogues Vulnerabilities Found in Malware

15 January 2021

A researcher has launched Malvuln, a project that catalogues vulnerabilities discovered in malware and provides information on how those vulnerabilities can be exploited. read more [...]

NSA Publishes Guidance for Enterprises on Adoption of Encrypted DNS

15 January 2021

The National Security Agency (NSA) on Wednesday published guidance for businesses on the adoption of an encrypted domain name system (DNS) protocol, specifically DNS over HTTPS. read more [...]

Telegram-Based Automated Scam Service Helps Fraudsters Make Millions

15 January 2021

More than 40 scammer groups are actively engaged in schemes leveraging a scam-as-a-service offering that provides users the tools and resources needed to conduct fraud, according to threat hunting and intelligence company Group-IB. read more [...]

Vulnerability Exposes F5 BIG-IP Systems to Remote DoS Attacks

14 January 2021

A vulnerability discovered by a researcher in a BIG-IP product from F5 Networks can be exploited to launch remote denial-of-service (DoS) attacks. read more [...]

Report: TikTok Harvested MAC Addresses By Exploiting Android Loophole

14 January 2021

The ongoing controversies surrounding TikTok hit a new gear on Thursday with a bombshell report accusing the Chinese company of spying on millions of Android users using a technique banned by Google. read more [...]

Checkout wants to be Rapyd and Fast

16 January 2021

Hello and welcome back to Equity, TechCrunch’s venture-capital-focused podcast, where we unpack the numbers behind the headlines. We’re back on this lovely Saturday with a bonus episode! Again! There is enough going on that to avoid failing to bring you stuff that we think matters, we are back yet again for more. This time around we […] [...]

Extra Crunch roundup: Antitrust jitters, SPAC odyssey, white-hot IPOs, more

16 January 2021

Some time ago, I gave up on the idea of identifying a thread that could connect each story in this weekly roundup. There are no unified theories for technology news. [...]

Facebook blocks new events around DC and state capitols

16 January 2021

As a precaution against coordinated violence as the U.S. approaches President-elect Joe Biden’s inauguration, Facebook announced a few new measures it’s putting in place. In a blog post and tweets from Facebook Policy Communications Director Andy Stone, the company explained that it would block any events slated to happen near the White House, the U.S. […] [...]

GitLab oversaw a $195 million secondary sale that values the company at $6 billion

15 January 2021

GitLab has confirmed with TechCrunch that it oversaw a $195 million secondary sale that values the company at $6 billion. CNBC broke the story earlier today. The company’s impressive valuation comes after its most recent 2019 Series E in which it raised $268 million on a 2.75 billion valuation, an increase of $3.25 billion in […] [...]

The pandemic was top of mind in the tech of CES 2021

15 January 2021

Of course COVID-19 was bound to be an unavoidable topic during the first-ever all-virtual CES. After all, the topic is at front of mind regardless of the topic these days. Close to a year into the pandemic, presenters still understandably feel obligated to address the always-present elephant in the room. Sometimes it was as simple […] [...]

Daily Crunch: WhatsApp responds to privacy backlash

15 January 2021

WhatsApp delays enforcement of a controversial privacy change, Apple may get rid of the Touch Bar in future MacBooks and Bumble files to go public. This is your Daily Crunch for January 15, 2021. The big story: WhatsApp responds to privacy backlash Earlier this month, WhatsApp sent users a notification asking them to consent to […] [...]

Twitter’s decentralized future

15 January 2021

This week, Twitter CEO Jack Dorsey finally responded publicly to the company’s decision to ban President Trump from its platform, writing that Twitter had “faced an extraordinary and untenable circumstance” and that he did not “feel pride” about the decision. In the same thread, he took time to call out a nascent Twitter-sponsored initiative called […] [...]

Marc Lore leaves Walmart a little over four years after selling Jet.com for $3B

15 January 2021

Marc Lore, the executive vice president, president and CEO of U.S. e-commerce for Walmart, is stepping down a little over four years after selling his e-commerce company Jet.com to the country’s largest retailer for $3 billion. Lore’s tenure at the company was a mixed bag. Walmart instituted several new technology initiatives under Lore’s tenure, but […] [...]

Coinbase commits to a ‘better customer experience’ following complaints

15 January 2021

Coinbase has a problem. As interest in Bitcoin has soared along with its price, the popular cryptocurrency exchange has found itself the target of a growing spate of angry customers who haven’t been able to access customer service. A quick look at Twitter tells the story. As one upset user of the service ranted earlier […] [...]

15 steps to fundraising a new VC or private equity fund

15 January 2021

Based on my experience, taking the 15 steps below will help build the core of a high-performing fundraising and investor relations function. [...]

WhatsApp Delays Controversial 'Data-Sharing' Privacy Policy Update By 3 Months

16 January 2021

WhatsApp said on Friday that it wouldn't enforce its recently announced controversial data sharing policy update until May 15. Originally set to go into effect next month on February 8, the three-month delay comes following "a lot of misinformation" about a revision to its privacy policy that allows WhatsApp to share data with Facebook, sparking widespread concerns about the exact kind of [...]

NSA Suggests Enterprises Use 'Designated' DNS-over-HTTPS' Resolvers

16 January 2021

The U.S. National Security Agency (NSA) on Friday said DNS over HTTPS (DoH) — if configured appropriately in enterprise environments — can help prevent "numerous" initial access, command-and-control, and exfiltration techniques used by threat actors. "DNS over Hypertext Transfer Protocol over Transport Layer Security (HTTPS), often referred to as DNS over HTTPS (DoH), encrypts DNS requests by [...]

Joker's Stash, The Largest Carding Marketplace, Announces Shutdown

16 January 2021

Joker's Stash, the largest dark web marketplace notorious for selling compromised payment card data, has announced plans to shut down its operations on February 15, 2021. In a message board post on a Russian-language underground cybercrime forum, the operator of the site — who goes by the name "JokerStash" — said "it's time for us to leave forever" and that "we will never ever open again," [...]

Researchers Disclose Undocumented Chinese Malware Used in Recent Attacks

15 January 2021

Cybersecurity researchers have disclosed a series of attacks by a threat actor of Chinese origin that has targeted organizations in Russia and Hong Kong with malware — including a previously undocumented backdoor. Attributing the campaign to Winnti (or APT41), Positive Technologies dated the first attack to May 12, 2020, when the APT used LNK shortcuts to extract and run the malware payload. A [...]

Experts Uncover Malware Attacks Against Colombian Government and Companies

14 January 2021

Cybersecurity researchers took the wraps off an ongoing surveillance campaign directed against Colombian government institutions and private companies in the energy and metallurgical industries. In a report published by ESET on Tuesday, the Slovak internet security company said the attacks — dubbed "Operation Spalax" — began in 2020, with the modus operandi sharing some similarities to an APT [...]

Intel Adds Hardware-Enabled Ransomware Detection to 11th Gen vPro Chips

13 January 2021

Intel and Cybereason have partnered to build anti-ransomware defenses into the chipmaker's newly announced 11th generation Core vPro business-class processors. The hardware-based security enhancements are baked into Intel's vPro platform via its Hardware Shield and Threat Detection Technology (TDT), enabling profiling and detection of ransomware and other threats that have an impact on the CPU [...]

Buyer's Guide for Securing Internal Environment with a Small Cybersecurity Team

13 January 2021

Ensuring the cybersecurity of your internal environment when you have a small security team is challenging. If you want to maintain the highest security level with a small team, your strategy has to be 'do more with less,' and with the right technology, you can leverage your team and protect your internal environment from breaches. The "buyer's guide for securing the internal environment with a [...]

Authorities Take Down World's Largest Illegal Dark Web Marketplace

13 January 2021

Europol on Tuesday said it shut down DarkMarket, the world's largest online marketplace for illicit goods, as part of an international operation involving Germany, Australia, Denmark, Moldova, Ukraine, the U.K.'s National Crime Agency (NCA), and the U.S. Federal Bureau of Investigation (FBI). At the time of closure, DarkMarket is believed to have had 500,000 users and more than 2,400 vendors, [...]

Hackers Steal Mimecast Certificate Used to Securely Connect with Microsoft 365

13 January 2021

Mimecast said on Tuesday that "a sophisticated threat actor" had compromised a digital certificate it provided to certain customers to securely connect its products to Microsoft 365 (M365) Exchange. The discovery was made after the breach was notified by Microsoft, the London-based company said in an alert posted on its website, adding it's reached out to the impacted organizations to remediate [...]

Microsoft Issues Patches for Defender Zero-Day and 82 Other Windows Flaws

13 January 2021

For the first patch Tuesday of 2021, Microsoft released security updates addressing a total of 83 flaws spanning as many as 11 products and services, including an actively exploited zero-day vulnerability. The latest security patches cover Microsoft Windows, Edge browser, ChakraCore, Office and Microsoft Office Services, and Web Apps, Visual Studio, Microsoft Malware Protection Engine, .NET Core [...]

Researchers Test UN’s Cybersecurity, Find Data on 100k

11 January 2021

Independent security researchers testing the security of the United Nations were able to compromise public-facing servers and a cloud-based development account for the U.N. and lift data on more than 100,000 staff and employees, according to a report released Monday. The post Researchers Test UN’s Cybersecurity, Find Data on 100k appeared first...Read the whole entry... »Related StoriesPodcast Episode 189: AppSec for Pandemic Times, A Conversation with GitLab Security VP Jonathan HuntEpisode 199 COVID’s Other Legacy: Data Theft and Enterprise InsecurityEpisode 197: The Russia Hack Is A 5 Alarm Fire | Also: Shoppers Beware! [...]

Episode 199 COVID’s Other Legacy: Data Theft and Enterprise Insecurity

8 January 2021

In this episode of the podcast (#199), sponsored by LastPass, we talk with Shareth Ben of Securonix about how massive layoffs that have resulted from the COVID pandemic put organizations at far greater risk of data theft. In our second segment, we’re joined by Barry McMahon, a Senior Global Product Marketing Manager at LogMeIn, to talk about...Read the whole entry... » Related StoriesEpisode 197: The Russia Hack Is A 5 Alarm Fire | Also: Shoppers Beware!Episode 190: 20 Years, 300 CVEs. Also: COVID’s Lasting Security LessonsEpisode 194: What Happened To All The Election Hacks? [...]

Episode 198: Must Hear Interviews from 2020

31 December 2020

Trying times have a way of peeling back the curtains and seeing our world with new eyes. We The post Episode 198: Must Hear Interviews from 2020 appeared first on The Security Ledger. Related StoriesEpisode 195: Cyber Monday Super Deals Carry Cyber RiskDHS Looking Into Cyber Risk from TCL Smart TVsEpisode 197: The Russia Hack Is A 5 Alarm Fire | Also: Shoppers Beware! [...]

Update: Neopets Is Still A Thing And Its Exposing Sensitive Data

28 December 2020

Neopets, the virtual pets website has exposed a wide range of sensitive data online including information that might be used to identify site users, security researchers report. The post Update: Neopets Is Still A Thing And Its Exposing Sensitive Data appeared first on The Security Ledger. Related StoriesAmid Security Concerns: to Zoom or not to Zoom?Researchers Test UN’s Cybersecurity, Find Data on 100kEpisode 168: Application Security Debt is growing and Securing Web Apps in the Age of IoT [...]

Update: DHS Looking Into Cyber Risk from TCL Smart TVs

22 December 2020

The acting head of the U.S. Department of Homeland Security said the agency was assessing the cyber risk of smart TVs sold by the Chinese electronics giant TCL, following reports that the devices may give the company "back door" access to deployed sets. The post Update: DHS Looking Into Cyber Risk from TCL Smart TVs appeared first on The Security...Read the whole entry... »Related StoriesEpisode 195: Cyber Monday Super Deals Carry Cyber RiskTV Maker TCL Denies Back Door, Promises Better ProcessSecurity Holes Opened Back Door To TCL Android Smart TVs [...]

Episode 197: The Russia Hack Is A 5 Alarm Fire | Also: Shoppers Beware!

18 December 2020

In this podcast, sponsored by LastPass, former U.S. CISO Greg Touhill joins us to talk about news of a vast hack of U.S. government networks, which he calls a "five alarm fire" reportedly set by Russia. The post Episode 197: The Russia Hack Is A 5 Alarm Fire | Also: Shoppers Beware! appeared first on The Security Ledger. Related StoriesEpisode 199 COVID’s Other Legacy: Data Theft and Enterprise InsecurityEpisode 194: What Happened To All The Election Hacks?Episode 196: Building the Case Against Sandworm with Cisco Talos [...]

Episode 196: Building the Case Against Sandworm with Cisco Talos

10 December 2020

Cisco's Matt Olney, the Director of Talos Threat Intelligence and Interdiction and Craig Williams, the Talos Director of Outreach about the case against The post Episode 196: Building the Case Against Sandworm with Cisco Talos appeared first on The Security Ledger. Related StoriesEpisode 197: The Russia Hack Is A 5 Alarm Fire | Also: Shoppers Beware!Episode 194: What Happened To All The Election Hacks?Episode 190: 20 Years, 300 CVEs. Also: COVID’s Lasting Security Lessons [...]

Episode 195: Cyber Monday Super Deals Carry Cyber Risk

3 December 2020

While many organizations think the notion of keyboards, monitors and other hardware "spying" on them as the stuff of "James Bond" movies, Yossi Appleboum of Sepio Systems says that the threat is real - and much more common that either companies or consumers are aware. The post Episode 195: Cyber Monday Super Deals Carry Cyber Risk appeared first...Read the whole entry... » Related StoriesDHS Looking Into Cyber Risk from TCL Smart TVsEpisode 198: Must Hear Interviews from 2020TV Maker TCL Denies Back Door, Promises Better Process [...]

Containers Complicate Compliance (And What To Do About It)

30 November 2020

If you work within the security industry, compliance is seen almost as a dirty word. You have likely run into situations like that which @Nemesis09 describes below. Here, we see it’s all too common for organizations to treat testing compliance as a checkbox exercise and to thereby view compliance in a way that goes against its entire purpose....Read the whole entry... »Related StoriesResearchers Test UN’s Cybersecurity, Find Data on 100kEpisode 199 COVID’s Other Legacy: Data Theft and Enterprise InsecurityEpisode 197: The Russia Hack Is A 5 Alarm Fire | Also: Shoppers Beware! [...]

Exploitable Flaw in NPM Private IP App Lurks Everywhere, Anywhere

25 November 2020

A serious security flaw in a commonly used npm security module, private-ip, may affect hundreds of thousands of private and public applications. The post Exploitable Flaw in NPM Private IP App Lurks Everywhere, Anywhere appeared first on The Security Ledger. Related StoriesTV Maker TCL Denies Back Door, Promises Better ProcessSecurity Holes Opened Back Door To TCL Android Smart TVsEpisode 198: Must Hear Interviews from 2020 [...]

Critical NASA rocket test ends early with a shutdown

17 January 2021

A critical NASA rocket test ended with a shutdown on Saturday, a little over a minute into what was planned to be an eight-minute test. This trial run was a vital checkpoint for NASA’s much-delayed Space Launch System. The SLS is set to play a key role in the agency’s Artemis program which aims to return astronauts to the Moon. During today’s Green Run test, the four rocket engines in the SLS core fired for a little over a minute while anchored in NASA’s rocket test stand. The team had planned to have the engines fire for approximately eight minutes,… [...]

Facebook suspends ads for weapon accessories until at least January 22nd

16 January 2021

Illustration by Alex Castro / The Verge Facebook has updated its Inauguration Day preparations to include a temporary ban on ads that promote weapon accessories and protective equipment at least through January 22nd “out of an abundance of caution,” the company said in a new blog post Saturday. “We already prohibit ads for weapons, ammunition and weapon enhancements like silencers. But we will now also prohibit ads for accessories such as gun safes, vests and gun holsters in the US,” the statement reads. The ban comes after Facebook was criticized for allowing posts across its platforms that promoted and organized… [...]

Ford reportedly delays some deliveries of its Mustang Mach-E

16 January 2021

Photo by Andrew Hawkins / The Verge Ford will delay deliveries for hundreds of its Mustang Mach-E vehicles to perform quality checks, Electrek reported. The automaker began delivering the Mach-E SUV in December, but some buyers reported that their upcoming delivery dates had been pushed back, by as long as a month in some cases, according to Electrek. The Mustang Mach-E SUV is Ford’s first update to the iconic Mustang brand ever, and the company’s biggest foray into the EV marketplace. Ford didn’t immediately return a request for comment from The Verge on Saturday, but a spokesperson told Electrek it… [...]

Some Twitter employees have reportedly locked their accounts fearing reprisal from Trump supporters

16 January 2021

Illustration by Alex Castro / The Verge Some Twitter employees have set their accounts to private and scrubbed their online biographies over concerns they may be targeted by supporters of President Trump, the New York Times reported. In addition, some Twitter executives have been assigned personal security as the company reckons with its decision to bar one of its loudest voices. Trump’s @realDonaldTrump account was permanently suspended from Twitter January 8th, “due to the risk of further incitement of violence,” Twitter said in its statement. The president told supporters at a rally just before an attack on the Capitol January… [...]

The Verge Awards at CES 2021: can’t touch this

16 January 2021

Illustration by Grayson Blackmon / The Verge Rating the all-digital Consumer Electronics Show Continue reading… [...]

Unlike Airbnb, VRBO reportedly won’t cancel reservations in DC during inauguration week

16 January 2021

vrbo Short-term rental site VRBO does not plan to cancel reservations in the DC area during the inauguration next week, even though competitor Airbnb has already done so. First reported by BuzzFeed News, VRBO said in a blog post Friday afternoon that it was “encouraging hosts to cancel bookings during this time,” if they believed a guest was violating its policies, but stopped short of a blanket cancellation. Following the January 6th attack on the Capitol that left six people dead, DC-area officials said in a joint statement that they were “encouraging Americans not to come to Washington, D.C. and… [...]

The tech trends we saw kick off at CES 2021

16 January 2021

Image: Razer Another CES is in the books. Going all-virtual meant that it was a smaller show than usual — and since it was already a show that’s been on the decline in terms of influence for a few years now, we could feel it. Still: there were some big stories to follow and things to learn about what’s coming up in consumer tech. That’s the thing about CES: most of the time the best technology shown off here is conceptual, wildly expensive, a long way off in the future, or all of the above. We’re interested in it not… [...]

Watch NASA test fire its massive new rocket

16 January 2021

The B-2 Test Stand at NASA’s Stennis Space Center near Bay St. Louis, Mississippi. | NASA Update 6:05PM ET: A little over a minute after the Green Run hot fire test began, the engines shut down. Update 3:10PM ET: NASA has moved up the time for the Green Run hot fire test. The NASA broadcast will now start at 3:20PM ET, and the test window opens at 4PM ET. Four huge rocket engines will roar to life on Saturday, in a crucial test for NASA’s powerful next-generation rocket. This long-awaited trial run won’t leave the ground, but it will be… [...]

CES showed off the COVID-19 mask gimmick arms race

16 January 2021

Illustration by Alex Castro / The Verge Millions of people in the US started buying face masks in 2020, and companies, unsurprisingly, rushed to take advantage of the surge of demand for a new product. At CES 2021, the gadget-ification of the mask was on full display. Leading the pack was Razer’s transparent voice-amplifying, light-up concept mask. AirPop promoted its Active+ Smart Mask, which monitors users’ breathing rates and alerts them via a smartphone app when the mask’s filter needs changing. Binatone’s MaskFone has built-in earbuds and a mic for phone calls. Turning masks into a status symbol is nothing… [...]

Cyberpunk 2077 full development reportedly didn’t start until 2016

16 January 2021

Image: CD Projekt Red A new report looking into what went amiss with the rollout of Cyberpunk 2077 points to overconfidence from management at CD Projekt Red as a key problem, and reveals that “full development” of the game — announced in 2012— didn’t begin until 2016. Jason Schreier of Bloomberg interviewed more than 20 current and former CD Projekt staff, and found that the game’s development was plagued by unrealistic deadlines and technical issues. The company “hit the reset button” on the game in 2016, but a demo of Cyberpunk 2077 showed at E3 in 2018 was “almost entirely… [...]

If Covid-19 Did Start With a Lab Leak, Would We Ever Know?

16 January 2021

The two major investigations into the origins of the pandemic are compromised by potential conflicts of interest. Those problems need to be fixed—fast. [...]

The FBI Has Made Over 100 Arrests Related to the Capitol Riot

16 January 2021

Plus: A dark web takedown, a bitcoin scam, and more of the week's top security news. [...]

What Hades Can Teach Us About Ancient Greek Masculinity

16 January 2021

Everyone in the game may be hot, but some of the characterizations we see aren't as subversive as you might think. [...]

DJI's Latest Compact Drone Is a Blast to Fly

16 January 2021

The Mini 2 is still lightweight yet has enough flying power for some windy conditions, and it comes equipped with a better camera. [...]

The Physics of Reddit's Spinning Solar System Icon

16 January 2021

If the dots on the loading screen were planets, is their motion realistic? And can we actually model it? [...]

The Race Is On to Identify and Stop Inauguration Rioters

16 January 2021

As tech companies scramble to tackle the extreme far-right, police and law enforcement are encasing Washington, DC, in a ring of steel. [...]

Can This Group Revive the Finicky Corpse Flower?

16 January 2021

In botanic gardens around the world, the reproductive future of the famously smelly plant is threatened. A new collaborative program wants to save it. [...]

Big Tech Can’t Ban Its Way Out of This

16 January 2021

Platforms are scrambling to avoid being used by right-wing extremists targeting the inauguration. But the seeds of this crisis were sown long ago. [...]

The Bygone Glory of Blockbuster's 'Pokémon Snap' Station

16 January 2021

Nintendo is releasing a new version of the game in April. But nothing can replace the magic of the rental store's printed-out pocket monsters. [...]

14 Best Weekend Deals on TVs, Laptops, and More

16 January 2021

It’s a long weekend. These discounted picks will help you sit down, tune out, and tune in to your screens to while away the time. [...]

SAP Patches Serious Code Injection, DoS Vulnerabilities

Related Posts

Tens of Vulnerabilities in Siemens PLM Products Allow Code Execution

Vulnerability Exposes F5 BIG-IP Systems to Remote DoS Attacks

New Zealand Central Bank Says Accellion Service at Heart of Cyberattack