Troy Hunt

JANUARY 23, 2022

I have been, and still remain, a massive proponent of "the cloud" I built Have I Been Pwned (HIBP) as a cloud-first service that took advantage of modern cloud paradigms such as Azure Table Storage to massively drive down costs at crazy levels of performance I never could have achieved before. I wrote many blog posts about doing big things for small dollars and did talks all over the world about the great success I'd had with these approaches.

Passwords 363

Passwords Accountability Firewall Risk 363

Krebs on Security

JANUARY 8, 2022

Many readers were surprised to learn recently that the popular Norton 360 antivirus suite now ships with a program which lets customers make money mining virtual currency. But Norton 360 isn’t alone in this dubious endeavor: Avira antivirus — which has built a base of 500 million users worldwide largely by making the product free — was recently bought by the same company that owns Norton 360 and is introducing its customers to a service called Avira Crypto.

Antivirus 351

Antivirus Cryptocurrency Identity Theft Software 351

Anton on Security

JANUARY 10, 2022

New Paper: “Future Of The SOC: Process Consistency and Creativity: a Delicate Balance” (Paper 3 of 4) Sorry, it took us a year (long story), but paper #3 in Deloitte/Google collaboration on SOC is finally out. Enjoy “Future Of The SOC: Process Consistency and Creativity: a Delicate Balance” [PDF]. If you missed them, the previous papers are: “Future of the SOC: Forces shaping modern security operations” [PDF] (Paper 1 of 4) “Future of the SOC: SOC People?

Engineering 339

Engineering Technology Cybersecurity 339

Schneier on Security

JANUARY 18, 2022

Rolling Stone is reporting that the UK government has hired the M&C Saatchi advertising agency to launch an anti-encryption advertising campaign. Presumably they’ll lean heavily on the “think of the children!” rhetoric we’re seeing in this current wave of the crypto wars. The technical eavesdropping mechanisms have shifted to client-side scanning, which won’t actually help — but since that’s not really the point, it’s not argued on its merits.

Encryption 338

Encryption Government Advertising Marketing 338

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Tech Republic Security

JANUARY 20, 2022

The Microsoft RDP vulnerability is a serious problem, but with a few caveats: It's been patched, and experts say it may be less likely to happen than it seems at first glance.

218

218

Bleeping Computer

JANUARY 12, 2022

Windows 10 users and administrators report problems making L2TP VPN connections after installing the recent Windows 10 KB5009543 and Windows 11 KB5009566 cumulative updates. [.].

VPN 145

VPN 145

eSecurity Planet

JANUARY 20, 2022

Incidents of malware targeting Linux-based Internet of Things (IoT) devices jumped by more than a third in 2021, with three malware families the primary drivers behind the increase. According to a report by CrowdStrike , there was a 35 percent year-over year growth in 2021 of malware targeting these devices, and the XorDDoS, Mirai and Mozi families were responsible for 22 percent of all Linux-based IoT malware.

IoT 145

IoT DDOS Malware Internet 145

We Live Security

JANUARY 18, 2022

ESET researchers take a deep look into recent attacks carried out by Donot Team throughout 2020 and 2021, targeting government and military entities in several South Asian countries. The post DoNot Go! Do not respawn! appeared first on WeLiveSecurity.

Government 145

Government 145

Malwarebytes

JANUARY 6, 2022

When removing malware from an iOS device, it is said that users need to restart the device to clear the malware from memory. That is no longer the case. Security researchers from ZecOps have created a new proof-of-concept (PoC) iPhone Trojan capable of doing “fun” things. Not only can it fake a device shutting down, it can also let attackers snoop via the device’s built-in microphone and camera, and receive potentially sensitive data due to it still being connected to a live ne

Malware 145

Malware Internet Internet 145

Tech Republic Security

JANUARY 11, 2022

Google took over the top spot for malicious downloads from Microsoft OneDrive as attackers created free accounts, uploaded malware and shared documents with unsuspecting users, says Netskope.

Accountability 218

Accountability Malware 218

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Bleeping Computer

JANUARY 14, 2022

The Federal Security Service (FSB) of the Russian Federation has announced today that they shut down the REvil ransomware gang after U.S. authorities reported on the leader. [.].

Ransomware 145

Ransomware 145

Security Boulevard

JANUARY 17, 2022

As per an article by The Hindu, 50,035 cases of cybercrime were reported in 2020, 11.8% more than in 2019 while 60.2% of cybercrimes were of fraud. Every organization or institution has some sort of information or data that needs to be protected. Organizations invest large sums of money to secure that information and data. […]. The post Cybercrime: Rising Concern to Cyber World appeared first on Kratikal Blogs.

Cybercrime 145

Cybercrime Social Engineering Engineering Cybersecurity 145

eSecurity Planet

JANUARY 13, 2022

An astonishing incident in recent days highlights the risks of widespread dependence on open source software – while also highlighting the free labor corporations benefit from by using open source software. Marak Squires, an open source coder and maintainer, sabotaged his repository to protest against unpaid work and his failed attempts to monetize faker.js and color.js , two major NPM packages used by a huge range of other packages and projects.

Software 145

Software Accountability Malware Risk 145

We Live Security

JANUARY 17, 2022

Do you often take to social media to broadcast details about your job, employer or coworkers? Think before you share – less may be more. The post Social media in the workplace: Cybersecurity dos and don’ts for employees appeared first on WeLiveSecurity.

Media 145

Media Cybersecurity 145

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Graham Cluley

JANUARY 11, 2022

Patchwork, an Indian hacking group also known by such bizarre names as Hangover Group, Dropping Elephant, Chinastrats, and Monsoon, has proven the old adage that to err is human, but to really c**k things up you need to be a cybercriminal.

Hacking 145

Hacking Phishing Malware 145

Tech Republic Security

JANUARY 11, 2022

As malicious bot activity increases and attacks surge against APIs, MFA will become more of a mandate and the CISO will take on a greater role, predicts Ping Identity CEO and founder Andre Durand.

CISO 218

CISO Cybersecurity 218

Bleeping Computer

JANUARY 30, 2022

A team of researchers from French, Israeli, and Australian universities has explored the possibility of using people's GPUs to create unique fingerprints and use them for persistent web tracking. [.].

145

145

Security Boulevard

JANUARY 11, 2022

Knowing whether your JavaScript is secure is crucial to maintaining a safe user experience for your customers. Learn how to check! The post How to Check If your JavaScript Security is Working appeared first on Feroot. The post How to Check If your JavaScript Security is Working appeared first on Security Boulevard.

145

145

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Security Affairs

JANUARY 21, 2022

McAfee addressed a security flaw in its McAfee Agent software for Windows that allows running arbitrary code with SYSTEM privileges. McAfee (now Trellix) has addressed a high-severity vulnerability, tracked as CVE-2022-0166 , that resides in McAfee Agent software for Windows. An attacker can exploit this flaw to escalate privileges and execute arbitrary code with SYSTEM privileges.

Software 144

Software Hacking Accountability Information Security 144

We Live Security

JANUARY 5, 2022

From social engineering to looking over your shoulder, here are some of the most common tricks that bad guys use to steal passwords. The post 5 ways hackers steal passwords (and how to stop them) appeared first on WeLiveSecurity.

Passwords 145

Passwords Social Engineering Engineering 145

The Hacker News

JANUARY 21, 2022

In yet another instance of software supply chain attack, dozens of WordPress themes and plugins hosted on a developer's website were backdoored with malicious code in the first half of September 2021 with the goal of infecting further sites.

Software 144

Software 144

Tech Republic Security

JANUARY 10, 2022

The modern world would grind to a halt without URLs, but years of inconsistent parsing specifications have created an environment ripe for exploitation that puts countless businesses at risk.

Risk 215

Risk 215

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

Bleeping Computer

JANUARY 23, 2022

The Federal Bureau of Investigation (FBI) warned Americans this week that cybercriminals are using maliciously crafted Quick Response (QR) codes to steal their credentials and financial info. [.].

145

145

Security Boulevard

JANUARY 20, 2022

Despite your best efforts to prevent it, you get hit by a massive cyberattack. Maybe it’s a data breach; maybe a ransomware attack or maybe a supply chain disruption. You engage a forensics team, work with law enforcement entities and find out that the likely perpetrators were hackers in Russia; possibly working with the Russian. The post Does Your Cyberinsurance Policy Cover Cyberwar?

Data breaches 145

Data breaches Ransomware Insurance Risk 145

Security Affairs

JANUARY 2, 2022

The Lapsus$ ransomware hit Impresa, the largest media conglomerate in Portugal and the owner of SIC and Expresso. The Lapsus$ ransomware gang has compromised the infrastructure of Impresa, the largest media conglomerate in Portugal. Impresa owns SIC TV channel, and Expresso newspaper, among other leading media, like several magazine publications. The attack took place during the New Year holiday, the websites of the Impresa group, the SIC TV channels, and the Expresso were forced offline.

Media 144

Media Ransomware Telecommunications Accountability 144

We Live Security

JANUARY 3, 2022

Be alert, be proactive and break these 10 bad habits to improve your cyber-hygiene in 2022. The post Breaking the habit: Top 10 bad cybersecurity habits to shed in 2022 appeared first on WeLiveSecurity.

Cybersecurity 145

Cybersecurity 145

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

Risk

Appknox

JANUARY 17, 2022

BFSI (Banking, Financial Service and Insurance) organizations have remained a primary target of cybercriminals over the last several years. Given the amount of sensitive data that the BFSI sector has to deal with, they become an obvious goldmine for hackers and that is why they have to prioritise cybersecurity above all else.

Financial Services 143

Financial Services Cybersecurity Insurance Banking 143

Tech Republic Security

JANUARY 10, 2022

As the digital landscape has grown, the organizational need for cybersecurity and data protection has risen. A new study takes a look at where CISOs stand in businesses.

CISO 216

CISO Cybersecurity 216

Bleeping Computer

JANUARY 22, 2022

This week, the Cybersecurity and Infrastructure Security Agency (CISA) added seventeen actively exploited vulnerabilities to the 'Known Exploited Vulnerabilities Catalog. [.].

Cybersecurity 145

Cybersecurity 145

Security Boulevard

JANUARY 11, 2022

MFA, or multi-factor authentication, has the power to prevent the majority of data breaches. Yet many organizations are still lagging in implementation. The post 5 Reasons Why You Shouldn’t Wait Any Longer to Deploy MFA appeared first on Security Boulevard.

Data breaches 145

Data breaches Authentication 145

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity