Kategorie

Americká Národní správa bezpečnosti silničního provozu (NHTSA) řeší petici, která obviňuje automobilku Tesla z toho, že některé její vozy mají závadu, projevující se samovolným zrychlováním. To v konečném důsledku může vést k nehodě s následky v podobě škod na majetku i na zdraví. Podle ...

Following the recent AppArmor performance regression in Linux 5.5 (since resolved), some Phoronix readers had requested tests out of curiosity in looking at the performance impact of Fedora's decision to utilize SELinux by default. Here is how the Fedora Workstation 31 performance compares out-of-the-box with SELinux to disabling it.

Are you an Amazon Ring user? Plaintiffs suing the company say they created unique passwords but were hacked anyway, and that Ring's devices lack widely adopted security and privacy precautions. 

Citrix has finally started rolling out security patches for a critical vulnerability in ADC and Gateway software that attackers started exploiting in the wild earlier this month after the company announced the existence of the issue without releasing any permanent fix. I wish I could say, "better late than never," but since hackers don't waste time or miss any opportunity to exploit

Introduction The National Institute of Standards and Technology’s Cybersecurity Framework, or NIST CSF, was first published in 2014 to provide guidance for organizational cybersecurity defenses and risk management. This framework is renowned for its inherent flexibility and open-endedness to account for different organizational needs.  At its center, NIST CSF is comprised of five core functions. […]

The post NIST CSF core functions: Detect appeared first on Infosec Resources.

NIST CSF core functions: Detect was first posted on January 20, 2020 at 8:01 am.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com

Introduction Attackers are well known to install malicious software, or malware, onto compromised systems during a cyberattack. But what many may not know is that this is not the first opportunity attackers may have to sneak malware onto a machine. The supply chain that provides systems for organizations is also at risk of attack.  This […]

The post MITRE ATT&CK: Supply chain compromise appeared first on Infosec Resources.

MITRE ATT&CK: Supply chain compromise was first posted on January 20, 2020 at 8:00 am.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com

Testing security controls is the only way to know if they are truly defending your organization. With many different testing frameworks and tools to choose from, you have lots of options. But what do you specifically want to know? And how are the findings relevant to the threat landscape you face at this moment? "Decide what you want to know and then choose the best tool for the job."

The FBI has seized the domain for WeLeakInfo.com, a site that sold breached data records, after a multinational effort by law enforcement.

The FBI has announced that it will tell local election officials when hackers try to infiltrate their systems.

Molly Russell's grieving father has backed a psychiatrists' report, saying that tech companies must be forced to hand over anonymized data.

The Spinner personalises “subconscious influencing” for a specific target.

From nasty snakes to rickrolling the NSA, get up to date with everything we've written in the last seven days - it's weekly roundup time.

Mari Galloway, CEO of Women’s Society of Cyberjutsu, and Cyber Work podcast host Chris Sienko discuss Mari’s career journey, the ethos of Women’s Society of Cyberjutsu, and insights on how to diversify the cybersecurity workforce. – View the transcript, additional episodes and promotional offers: https://www.infosecinstitute.com/podcast – Election security training: https://www.infosecinstitute.com/iq/election-security-training/ – Join us in the fight […]

The post How Women’s Society of Cyberjutsu is diversifying security | Cyber Work Podcast appeared first on Infosec Resources.

How Women’s Society of Cyberjutsu is diversifying security | Cyber Work Podcast was first posted on January 20, 2020 at 2:00 am.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com

Internet Explorer is dead, but not the mess it left behind. Microsoft earlier today issued an emergency security advisory warning millions of Windows users of a new zero-day vulnerability in Internet Explorer (IE) browser that attackers are actively exploiting in the wild — and there is no patch yet available for it. The vulnerability, tracked as CVE-2020-0674 and rated moderated, is a remote

Researchers say that JhoneRAT has various anti-detection techniques - including making use of Google Drive, Google Forms and Twitter.

The WeLeakInfo "data breach notification" domain is no more.

Weak challenge questions by customer service reps make it easy for fraudsters to hijack a phone line and bypass 2FA to breach accounts.

Are publicly released proof-of-concept exploits more helpful for system defenders -- or bad actors?

Are publicly-released PoC exploits good or bad? Why is the Joker malware giving Google a headache? The Threatpost team discusses all this and more in this week's news wrap.

Our tips will help you boost your resistance to phishing, even when the crooks make a determined effort to reel you in.