Daniel Miessler
MARCH 13, 2022
A lot of people, especially in the security industry , are concerned that NFTs are a scam. And that’s for a good reason in many cases, since many of them are. In fact, I’d say it’s something like 95%. That’s not a real number, but that’s where I’d put the ratio. But I’m not trying to convince you that NFTs are scams.
Schneier on Security
MARCH 18, 2022
My proof of COVID-19 vaccination is recorded on an easy-to-forge paper card. With little trouble, I could print a blank form, fill it out, and snap a photo. Small imperfections wouldn’t pose any problem; you can’t see whether the paper’s weight is right in a digital image. When I fly internationally, I have to show a negative COVID-19 test result. That, too, would be easy to fake.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Lohrman on Security
MARCH 13, 2022
Cyber insurance is only getting more expensive, and the market is changing dramatically, with more changes to come. So what trends will drive adoption, rates and the wider future of cyber insurance?
Tech Republic Security
MARCH 18, 2022
If you are interested in pursuing a career in cybersecurity and don't know where to start, here's your go-to guide about salaries, job markets, skills and common interview questions in the field, as well as the top security software. The post How to become a cybersecurity pro: A cheat sheet appeared first on TechRepublic.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Bleeping Computer
MARCH 18, 2022
Google's Threat Analysis Group (TAG) says the Chinese People's Liberation Army (PLA) and other Chinese intelligence agencies are trying to get more info on the ongoing Russian war in Ukraine. [.].
Schneier on Security
MARCH 16, 2022
Basically, the SafeZone library doesn’t sufficiently randomize the two prime numbers it used to generate RSA keys. They’re too close to each other, which makes them vulnerable to recovery. There aren’t many weak keys out there, but there are some: So far, Böck has identified only a handful of keys in the wild that are vulnerable to the factorization attack.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Tech Republic Security
MARCH 15, 2022
NCC Group’s study outlines the use cases for BCIs as well as the security risks associated with using them. The post Brain Computer Interfaces may be the future, but will they be secure? appeared first on TechRepublic.
Bleeping Computer
MARCH 15, 2022
Russia faces a critical IT storage crisis after Western cloud providers pulled out of the country, leaving Russia with only two more months before they run out of data storage. [.].
Schneier on Security
MARCH 17, 2022
Oops : Instead of telling you when it’s safe to cross the street, the walk signs in Crystal City, VA are just repeating ‘CHANGE PASSWORD.’ Something’s gone terribly wrong here.
Security Affairs
MARCH 17, 2022
The collective Anonymous and its affiliated groups continue to target the Russian government and private organizations. The collective Anonymous, and other groups in its ecosystem, continue to target the Russian government and private organizations. Let’s summarize the most interesting attacks observed in the last few days. Yesterday Anonymous announced the hack of the website of the Ministry of Emergencies of Russia, the hackers defaced them and published the message: “Don’t t
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Tech Republic Security
MARCH 15, 2022
Don’t let mobile malware ruin your day or your device. Be aware of how this threat happens and take good precautions to avoid it. The post Mobile malware is on the rise: Know how to protect yourself from a virus or stolen data appeared first on TechRepublic.
Bleeping Computer
MARCH 15, 2022
A recently discovered botnet under active development targets Linux systems, attempting to ensnare them into an army of bots ready to steal sensitive info, installing rootkits, creating reverse shells, and acting as web traffic proxies. [.].
Security Boulevard
MARCH 18, 2022
Cloud security management issues are increasing the flood of false positive alerts and missed critical issues and contributing to higher burnout rates for IT teams. These were among the findings of an Orca Security survey of 800 IT professionals across five countries and 10 industries, which revealed more than half (55%) of respondents use three. The post Cloud Security Tool Sprawl Draining IT Teams appeared first on Security Boulevard.
CSO Magazine
MARCH 16, 2022
A new ransomware operation dubbed LokiLocker has slowly been gaining traction since August among cybercriminals, researchers warn. The malicious program uses a relatively rare code obfuscation technique and includes a file wiper component that attackers could use against non-compliant victims. "??LokiLocker is a relatively new ransomware family targeting English-speaking victims and Windows PCs.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Tech Republic Security
MARCH 17, 2022
CISA adds 15 known exploited vulnerabilities to its catalog and BlackBerry researchers warn of a new ransomware-as-a-service family. The post Cybersecurity news: LokiLocker ransomware, Instagram phishing attack and new warnings from CISA appeared first on TechRepublic.
Bleeping Computer
MARCH 17, 2022
Threat analysts following the activity of LightBasin, a financially motivated group of hackers, report the discovery of a previously unknown Unix rootkit that is used to steal ATM banking data and conduct fraudulent transactions. [.].
Security Affairs
MARCH 15, 2022
OpenSSL addressed a high-severity denial-of-service (DoS) vulnerability, tracked as CVE-2022-0778, related to certificate parsing. OpenSSL released updates to address a high-severity denial-of-service (DoS) vulnerability, tracked as CVE-2022-0778 , that affects the BN_mod_sqrt() function used when certificate parsing. The flaw was discovered by the popular Google Project Zero researchers Tavis Ormandy.
Security Boulevard
MARCH 16, 2022
The supply chain crisis is a reminder that the systems that power the global economy are frighteningly fragile. When COVID-19 hit, it interrupted logistics networks across the planet and caused shortages so severe that it prompted The New York Times to hyperbolically claim the world “ran out of everything” in 2021. We have seen the. The post Supply Chains are an Easy Target for Cybercriminals appeared first on Security Boulevard.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Tech Republic Security
MARCH 14, 2022
One lesser-known aspect of non-fungible tokens is their vulnerability to cybercrime. Learn how you can protect yourself and your company from the potential risks of NFTs. The post NFTs: The growing cybercrime risks and how to avoid them appeared first on TechRepublic.
Bleeping Computer
MARCH 15, 2022
BSI, the federal cybersecurity authority in Germany, has issued a public statement to warn critical entities in the country against using Kaspersky antivirus software products. [.].
Trend Micro
MARCH 16, 2022
This report discusses the technical capabilities of this Cyclops Blink malware variant that targets ASUS routers and includes a list of more than 150 current and historical command-and-control (C&C) servers of the Cyclops Blink botnet.
Security Boulevard
MARCH 18, 2022
In May 2021, the U.S. national gas price average hit its highest level in six years. The cause: A ransomware attack on fuel distribution company Colonial Pipeline, made possible by the most common kind of attack—misused or stolen credentials. A stolen password belonging to a legacy VPN account led to the company paying a ransom. The post Zero-Trust’s Foundation is Identity and Access Management appeared first on Security Boulevard.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Tech Republic Security
MARCH 17, 2022
The first line of defense against ransomware lies with email authentication. Learn more information about how to take a proactive approach to cyber attacks. The post Email authentication helps governments and private companies battle ransomware appeared first on TechRepublic.
Bleeping Computer
MARCH 17, 2022
The TrickBot trojan has just added one more trick up its sleeve, now using vulnerable IoT (internet of things) devices like modem routers as proxies for its C2 (command and control) server communication. [.].
Graham Cluley
MARCH 15, 2022
Last month, the LAPSUS$ hacking group stole up to one terabyte of internal data, including hashed passwords, from graphics card maker NVIDIA. Of course, you would hope that any sensible NVIDIA employee would have chosen a sensible hard-to-crack password, and ensured that they weren’t using the same password anywhere else on the internet.
Security Boulevard
MARCH 18, 2022
Cyber Attackers Tap Cloud Native Technologies in Russia-Ukraine War. brooke.crothers. Fri, 03/18/2022 - 16:58. 13 views. Aqua said it gathered data from public repositories that contain code and tools for targeting cyber-aggression on both sides of the conflict. Then it analyzed container images in Docker Hub and popular code libraries and software packages (including PyPI, NPM, Ruby), searching for names and text labels that called for action against either side.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Tech Republic Security
MARCH 14, 2022
A new social engineering method is spreading this malware, and it’s very easy to fall for. Here’s what it’s doing and how to avoid it. The post Cybersecurity: Attacker uses websites’ contact forms to spread BazarLoader malware appeared first on TechRepublic.
Bleeping Computer
MARCH 15, 2022
The FBI says Russian state-backed hackers gained access to a non-governmental organization (NGO) cloud after enrolling their own device in the organization's Duo MFA following the exploitation of misconfigured default multifactor authentication (MFA) protocols. [.].
Security Affairs
MARCH 17, 2022
Researchers uncovered a new Linux botnet, tracked as B1txor20, that exploits the Log4J vulnerability and DNS tunnel. Researchers from Qihoo 360’s Netlab have discovered a new backdoor used to infect Linux systems and include them in a botnet tracked as B1txor20. The malware was first spotted on February 9, 2022, when 360Netlab’s honeypot system captured an unknown ELF file that was spreading by exploiting the Log4J vulnerability.
Malwarebytes
MARCH 17, 2022
Some don’t mind putting extra effort into making their crime appear as legitimate as possible by perpetuating more lies as long as they are guaranteed money in the end. Osondu Victor Igwilo is one such Nigerian scammer. The “catchers” 52-year-old Igwilo has been on the Federal Bureau of Investigation’s watch list since 2018. According to court documents, Igwilo was charged in 2016 in the US District Court, Southern District of Texas, Houston, Texas for “one count of
Speaker: William Hord, Vice President of ERM Services
A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.
Expert insights. Personalized for you.
287 
Let's personalize your content