Schneier on Security

FEBRUARY 9, 2022

Researchers have calculated the quantum computer size necessary to break 256-bit elliptic curve public-key cryptography: Finally, we calculate the number of physical qubits required to break the 256-bit elliptic curve encryption of keys in the Bitcoin network within the small available time frame in which it would actually pose a threat to do so. It would require 317 × 10 6 physical qubits to break the encryption within one hour using the surface code, a code cycle time of 1 μ s, a reaction

Encryption 352

Encryption 352

Troy Hunt

FEBRUARY 5, 2022

I feel like perfect audio remains an unsolved problem for me. Somehow, a low "hiss" has slipped in over the last couple of weeks and messing around trying to solve it before recording this video only served to leave me without any audio at all on the first attempt, and the status quo remaining on the second attempt. And I still can't use my Apollo Twin DAC as an input device almost a year on from when I bought it.

297

297

Tech Republic Security

FEBRUARY 11, 2022

The federal agency says hundreds of victims have lost money due to scams over a two-year span. The post FBI: Criminals escalating SIM swap attacks to steal millions of dollars appeared first on TechRepublic.

Scams 207

Scams 207

eSecurity Planet

FEBRUARY 11, 2022

Machine learning (ML) and artificial intelligence (AI) have emerged as critical tools for dealing with the ever-growing volume and complexity of cybersecurity threats. Machines can recognize patterns to detect malware and unusual activity better than humans and classic software. The technology also predicts potential attacks and automatically responds to threats by identifying specific trends and cycles.

Cybersecurity 145

Cybersecurity Phishing Risk Artificial Intelligence 145

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

We Live Security

FEBRUARY 10, 2022

A trip into the dark corners of Telegram, which has become a magnet for criminals peddling everything from illegal drugs to fake money and COVID-19 vaccine passes. The post Hidden in plain sight: How the dark web is spilling onto social media appeared first on WeLiveSecurity.

Media 145

Media Cybercrime 145

Bleeping Computer

FEBRUARY 5, 2022

The Federal Bureau of Investigation (FBI) has released technical details and indicators of compromise associated with Lockbit ransomware attacks in a new flash alert published this Friday. [.].

Ransomware 145

Ransomware 145

eSecurity Planet

FEBRUARY 11, 2022

Risk management is a concept that has been around as long as companies have had assets to protect. The simplest example may be insurance. Life, health, auto, and other insurance are all designed to help a person protect against losses. Risk management also extends to physical devices, such as doors and locks to protect homes and vehicles, vaults to protect money and precious jewels, and police, fire, and CCTV to protect against other physical risks.

Risk 144

Risk Cybersecurity Encryption Technology 144

Malwarebytes

FEBRUARY 11, 2022

Apple has released a security fix for a zero-day vulnerability ( CVE-2022-22620 ) that it says “may have been actively exploited.” According to the security update information provided by Apple the vulnerability exists in WebKit—the HTML rendering engine component of its Safari browser—and can be used by an attacker to create web content that may lead to arbitrary code execution.

Engineering 140

Engineering 140

CyberSecurity Insiders

FEBRUARY 9, 2022

A malicious cyber attack has reportedly hit Vodafone Portugal servers, bringing the 4G and 5G network across the country to a complete halt since February 7th,2022. And news is out that the company couldn’t restore its servers even after 24 hours, deeply affecting wired landline services, SMS, mobile internet, digital TV and call services on a wholesome note.

Cyber Attacks 138

Cyber Attacks Mobile Internet Internet 138

Tech Republic Security

FEBRUARY 11, 2022

iPhones, iPads and the iPod Touch are all at risk, and it doesn’t matter what web browser you use: All of them could let an attacker execute arbitrary code on an infected device. The post iOS users: Patch now to avoid falling prey to this WebKit vulnerability appeared first on TechRepublic.

Risk 189

Risk Mobile 189

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Bleeping Computer

FEBRUARY 9, 2022

Researchers found three critical remote code execution (RCE) vulnerabilities in the PHP Everywhere plugin for WordPress, used by over 30,000 websites worldwide. [.].

143

143

Security Boulevard

FEBRUARY 11, 2022

FireEye Failed, Mandiant is for Sale and it’s Time for Microsoft to Get Serious with Enterprise Security An autopsy of FireEye’s missteps and why Microsoft should Acquire Mandiant and create a Security Division It’s widely rumored that Microsoft (MSFT) is in talks to acquire Mandiant (MNDT), the company once known as FireEye (FEYE). As an. The post Mandiant is for Sale and Microsoft Should Get Serious with Enterprise Security appeared first on Security Boulevard.

Cybersecurity 132

Cybersecurity 132

CyberSecurity Insiders

FEBRUARY 8, 2022

Microsoft has made it official that it has disabled macros across its office products to block malware cyber attacks. The tech giant announced officially that from now on the macros feature in the Visual Basic for Applications (VBA) running across Word, PowerPoint, Excel, Access and Visio will be in disabled form and will have to be activated on a manual note by the admin or the device owner.

Cyber Attacks 137

Cyber Attacks Malware Identity Theft Cyber Risk 137

Tech Republic Security

FEBRUARY 5, 2022

Cybersecurity incident response is not only about handling an incident – it’s also about preparing for any possible incident and learning from it. Here are six steps for a successful and efficient cybersecurity incident response. The post Cybersecurity incident response: The 6 steps to success appeared first on TechRepublic.

Cybersecurity 171

Cybersecurity 171

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

CSO Magazine

FEBRUARY 8, 2022

Enterprises are frequently deploying new security tools and services to address needs and threats. A key consideration is how to integrate these various offerings—in many cases provided by different vendors—into the existing infrastructure to support a cohesive security strategy. The move to the cloud has made security integration somewhat easier, but the process can still be a major hurdle for organizations as they try to build strong protection against the latest threats.

130

130

eSecurity Planet

FEBRUARY 10, 2022

Security information and event management (SIEM) technology provides foundational support for threat detection. The high costs of SIEMs once made them feasible only for larger enterprise clients, but they have become more reasonable solutions for smaller organizations over time. While a properly configured SIEM can provide effective threat protection, misuse of SIEM technology can increase costs and undermine security.

Technology 128

Technology Artificial Intelligence Penetration Testing Engineering 128

CyberSecurity Insiders

FEBRUARY 9, 2022

By Jenna Bunnell – Senior Manager, Content Marketing, Dialpad. With 53% of businesses saying it’s likely their enterprise will experience a cyberattack in the next 12 months, cybersecurity has never been more important. Software development companies can’t afford to release vulnerable products – but they also have to balance the time it takes to run security checks against the pressure to release software rapidly in a competitive market.

Cybersecurity 132

Cybersecurity Software Marketing Engineering 132

Tech Republic Security

FEBRUARY 8, 2022

Proofpoint researchers have found that “phish kits” available for purchase online are beginning to adapt to MFA by adding transparent reverse proxies to their list of tools. The post Hackers have begun adapting to wider use of multi-factor authentication appeared first on TechRepublic.

Authentication 154

Authentication Phishing 154

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Security Through Education

FEBRUARY 9, 2022

At Social-Engineer, LLC (SECOM), we define social engineering as “any act that influences a person to take an action that may or may not be in their best interest.” If you Google “social engineering,” you will get a very different and more negative definition. However, I prefer our definition, with more broad and general terms, because I feel that social engineering is not always negative.

Social Engineering 128

Social Engineering Engineering Scams Education 128

CSO Magazine

FEBRUARY 11, 2022

The US Cybersecurity and Infrastructure Security Agency (CISA) has added 15 more vulnerabilities to its catalog of flaws that are actively exploited in the wild by hackers. Some are older dating back to 2014, but two are from the past two years and are in Windows components. "These types of vulnerabilities are a frequent attack vector for malicious cyber actors of all types and pose significant risk to the federal enterprise," the agency said in its advisory.

Risk 127

Risk Cybersecurity 127

We Live Security

FEBRUARY 11, 2022

Don’t be the next victim – spot the signs of a faux romance in time and send that scammer ‘packing’. The post When love hurts: Watch out for romance scams this Valentine’s Day appeared first on WeLiveSecurity.

Scams 126

Scams 126

Tech Republic Security

FEBRUARY 9, 2022

To keep your Facebook Messenger conversations private and secured, you should start using the new end-to-end encryption feature. Jack Wallen shows you how. The post How to enable end-to-end encryption in Facebook Messenger appeared first on TechRepublic.

Encryption 148

Encryption Software 148

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Bleeping Computer

FEBRUARY 11, 2022

The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has added to the catalog of vulnerabilities another 15 security issues actively used in cyberattacks. [.].

Cybersecurity 127

Cybersecurity 127

CSO Magazine

FEBRUARY 11, 2022

A slow response to a data breach or other cybersecurity incident can cost companies time and money, as well as damage to their reputation. To help companies accelerate their response to cybersecurity incidents, Magnet Forensics is offering a new application, Magnet Automate Enterprise, designed to automatically trigger investigations into security breaches and synchronize incident detection and response tasks by third party tools.

Cybersecurity 127

Cybersecurity IoT Data breaches Mobile 127

Heimadal Security

FEBRUARY 11, 2022

The FritzFrog botnet, which has been operative for more than two years, has reemerged with a concerning infection rate, having grodawn tenfold in just a month after compromising medical, education, and government systems via a vulnerable SSH server. The malware was noticed in August 2020 and is written in the Golang programming language. As explained […].

Education 125

Education Healthcare Government Malware 125

Tech Republic Security

FEBRUARY 7, 2022

IBM developer advocate and the founder of Snyk talk about changing the way developers think about cybersecurity. The post IBM and Snyk: Developers must lead the charge on cybersecurity appeared first on TechRepublic.

Cybersecurity 148

Cybersecurity 148

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

Bleeping Computer

FEBRUARY 11, 2022

Twitter is currently experiencing a worldwide service disruption that makes it impossible for users to read tweets on the web and load threads using the mobile app. [.].

Mobile 129

Mobile Technology 129

Security Boulevard

FEBRUARY 11, 2022

Stopping automated attacks is key to protecting businesses and users in today’s threat landscape. Bots are vital to attackers being able to launch attacks at scale and profitably. To stop bot-driven attacks, many large companies rely on reCAPTCHA Enterprise, a version of google’s reCAPTCHA that claims to work invisibly on the back end to stop […]. The post Top 5 Reasons Companies Choose Arkose Labs Over reCAPTCHA Enterprise appeared first on Security Boulevard.

124

124

Graham Cluley

FEBRUARY 7, 2022

Graham Cluley Security News is sponsored this week by the folks at Teleport. Thanks to the great team there for their support! You’re woken up at 3 am, only to discover your worst nightmare. The new intern just deleted the production database during routine maintenance by accident. You quickly restore from a backup. During the … Continue reading "Who dropped the DB?

Backups 123

Backups 123

eSecurity Planet

FEBRUARY 9, 2022

Microsoft is shutting a couple of security holes, including one that has been a favored target of attackers for years and another that the enterprise software giant recently learned could be exploited to install a malicious package. At the same time, the federal government is now adding another Microsoft flaw to its list of known vulnerabilities , giving federal agencies until Feb. 18 to patch a bug in all unpatched versions of Windows 10 and urging private and commercial organizations to remedi

Risk 123

Risk Internet Internet Cybersecurity 123

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

Risk