π΄ Researchers Develop New Side-Channel Attacks on Intel CPUs π΄
π Read
via "Dark Reading: ".
Load Value Injection (LVI) takes advantage of speculative execution processes just like Meltdown and Spectre, say security researchers from Bitdefender and several universities.π Read
via "Dark Reading: ".
Dark Reading
Researchers Develop New Side-Channel Attacks on Intel CPUs
Load Value Injection (LVI) takes advantage of speculative execution processes just like Meltdown and Spectre, say security researchers from Bitdefender and several universities.
π Zeek 3.1.1 π
π Go!
via "Security Tool Files β Packet Storm".
Zeek is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Zeek provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Zeek has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for securing their cyber-infrastructure. Zeek's user community includes major universities, research labs, supercomputing centers, and open-science communities.π Go!
via "Security Tool Files β Packet Storm".
Packetstormsecurity
Zeek 3.1.1 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
β Microsoft Patches 26 Critical Bugs in Big March Update β
π Read
via "Threatpost".
March security updates include 115 CVEs patching everything from Windows, Office and Microsoftβs new Chromium-based Edge web browser.π Read
via "Threatpost".
Threat Post
Microsoft Patches 26 Critical Bugs in Big March Update
March security updates include 115 CVEs patching everything from Windows, Office and Microsoftβs new Chromium-based Edge web browser.
β Critical Bugs in Rockwell, Johnson Controls ICS Gear β
π Read
via "Threatpost".
Bugs affecting programmable logic controllers (PLC) and physical access-control systems for facilities are rated 9.8 in severity.π Read
via "Threatpost".
Threat Post
Critical Bugs in Rockwell, Johnson Controls ICS Gear
Bugs affecting programmable logic controllers (PLC) and physical access-control systems for facilities are rated 9.8 in severity.
π Two attendees at RSA tech conference in San Francisco stricken with COVID-19 π
π Read
via "Security on TechRepublic".
The organizers of the popular security conference, RSA, which drew over 36,000 people to San Francisco in February, confirmed that at least two people who attended have tested positive for COVID-19.π Read
via "Security on TechRepublic".
TechRepublic
Exabeam employees at RSA tech conference in San Francisco stricken with COVID-19
The two people who tested positive for COVID-19 may have been at the company's booth at RSA, which drew over 36,000 people to San Francisco in February.
π Closing the cybersecurity gender gap would boost the US economy by $30B π
π Read
via "Security on TechRepublic".
82% of women in cybersecurity jobs agree the industry has a gender bias problem. Fixing it would not only improve morale and confidence, but also result in an economic boost to the cybersecurity industry.π Read
via "Security on TechRepublic".
TechRepublic
Closing the cybersecurity gender gap would boost the US economy by $30B
82% of women in cybersecurity jobs agree the industry has a gender bias problem. Fixing it would not only improve morale and confidence, but also result in an economic boost to the cybersecurity industry.
β Brave browser to block web fingerprinting with randomisation β
π Read
via "Naked Security".
Brave is testing a new defence against fingerprinting: confusing algorithms by randomising some of the data they collect.π Read
via "Naked Security".
Naked Security
Brave browser to block web fingerprinting with randomisation
Brave is testing a new defence against fingerprinting: confusing algorithms by randomising some of the data they collect.
β Trial for accused CIA leaker ends in hung jury β
π Read
via "Naked Security".
The US is expected to press for a retrial in the high-stakes trial of Joshua Schulte, suspected of raiding the CIA's cyber arsenal.π Read
via "Naked Security".
Naked Security
Trial for accused CIA leaker ends in hung jury
The US is expected to press for a retrial in the high-stakes trial of Joshua Schulte, suspected of raiding the CIAβs cyber arsenal.
β FBI arrests alleged owner of Deer.io, top market for stolen accounts β
π Read
via "Naked Security".
Started around 2013, the site claims to host over 24,000 active shops doing brisk business in stolen PII and hacking services.π Read
via "Naked Security".
Naked Security
FBI arrests alleged owner of Deer.io, top market for stolen accounts
Started around 2013, the site claims to host over 24,000 active shops doing brisk business in stolen PII and hacking services.
β Necurs Botnet in Crosshairs of Global Takedown Offensive β
π Read
via "Threatpost".
The tech giant will take control of the U.S.-based infrastructure used by the criminals behind the worldβs most prolific botnet used to distribute malware and infect victim computers.π Read
via "Threatpost".
Threat Post
Necurs Botnet in Crosshairs of Global Takedown Offensive
The tech giant will take control of the U.S.-based infrastructure used by the criminals behind the worldβs most prolific botnet used to distribute malware and infect victim computers.
π Local governments: Don't pay ransoms to hackers π
π Read
via "Security on TechRepublic".
A Deloitte survey about ransomware also recommends that local governments use air-gapped system backups.π Read
via "Security on TechRepublic".
TechRepublic
Local governments: Don't pay ransoms to hackers
A Deloitte survey about ransomware also recommends that local governments use air-gapped system backups.
β The Ultimate Security Budget Excel Template β The Easiest Way to Plan and Monitor Your Security Spending β
π Read
via "Threatpost".
The Ultimate Security Budget Plan & Track Excel template provides security executives with a clear and intuitive tool to keep track of planned vs. actual spend, ensuring that security needs are addressed while maintaining the budgetary frame.π Read
via "Threatpost".
Threat Post
The Ultimate Security Budget Excel Template β The Easiest Way to Plan and Monitor Your Security Spending
The Ultimate Security Budget Plan & Track Excel template provides security executives with a clear and intuitive tool to keep track of planned vs. actual spend.
π΄ Why CSP Isn't Enough to Stop Magecart-Like Attacks π΄
π Read
via "Dark Reading: ".
As Magecart and formjacking attacks become more sophisticated, it's essential to address not only what services may interact with users, but what that interaction looks like and how to control it.π Read
via "Dark Reading: ".
Darkreading
Why CSP Isn't Enough to Stop Magecart-Like Attacks
As Magecart and formjacking attacks become more sophisticated, it's essential to address not only what services may interact with users, but what that interaction looks like and how to control it.
β More Than Half of IoT Devices Vulnerable to Severe Attacks β
π Read
via "Threatpost".
A full 98 percent of all IoT device traffic is unencrypted, exposing personal and confidential data on the network.π Read
via "Threatpost".
Threat Post
More Than Half of IoT Devices Vulnerable to Severe Attacks
A full 98 percent of all IoT device traffic is unencrypted, exposing personal and confidential data on the network.
π Media and e-commerce brands are top targets for phishing attacks π
π Read
via "Security on TechRepublic".
Some 84% of phishing URLs seen by content delivery network Akamai were abusing media and e-commerce companies.π Read
via "Security on TechRepublic".
TechRepublic
Media and e-commerce brands are top targets for phishing attacks
Some 84% of phishing URLs seen by content delivery network Akamai were abusing media and e-commerce companies.
π Trend Micro VP talks cloud security, IoT risks, and ransomware π
π Read
via "Security on TechRepublic".
In an interview at RSA 2020, Greg Young, the vice present of cybersecurity at Trend Micro, said that companies need to focus on cloud security posture management to make sure all cloud instances are configured correctly and securely.π Read
via "Security on TechRepublic".
TechRepublic
Trend Micro VP talks cloud security, IoT risks, and ransomware
In an interview at RSA 2020, Greg Young, the vice present of cybersecurity at Trend Micro, said that companies need to focus on cloud security posture management to make sure all cloud instances are configured correctly and securely.
π Hackers are working harder to make phishing and malware look legitimate π
π Read
via "Security on TechRepublic".
A Trend Micro report finds that spammers are using public and hosted cloud infrastructure to slip malicious emails past security defenses.π Read
via "Security on TechRepublic".
TechRepublic
Hackers are working harder to make phishing and malware look legitimate
A Trend Micro report finds that spammers are using public and hosted cloud infrastructure to slip malicious emails past security defenses.
β New TrickBot Variant Updates Anti-Analysis Tricks β
π Read
via "Threatpost".
A new TrickBot variant shows that the malware is continuing to swap out new anti-analysis and persistence tactics.π Read
via "Threatpost".
Threat Post
New TrickBot Variant Updates Anti-Analysis Tricks
A new TrickBot variant shows that the malware is continuing to swap out new anti-analysis and persistence tactics.
ATENTIONβΌ New - CVE-2012-1101
π Read
via "National Vulnerability Database".
systemd 37-1 does not properly handle non-existent services, which causes a denial of service (failure of login procedure).π Read
via "National Vulnerability Database".
β S2 Ep30: Letβs Encrypt, ULTRASOUND attacks, backups for ransom β Naked Security Podcast β
π Read
via "Naked Security".
Listen to the latest episode now!π Read
via "Naked Security".
Naked Security
S2 Ep30: Letβs Encrypt, ULTRASOUND attacks, backups for ransom β Naked Security Podcast
Listen to the latest episode now!
π΄ Blacklists Miss 21% of Phishing Attacks, Internet Traffic Reveals π΄
π Read
via "Dark Reading: ".
Visibility into phishing attacks by content delivery networks and security firms shows many domains fail to be classified as malicious.π Read
via "Dark Reading: ".
Darkreading
Blacklists Miss 21% of Phishing Attacks, Internet Traffic Reveals
Visibility into phishing attacks by content delivery networks and security firms shows many domains fail to be classified as malicious.