Trending Articles

Senators Urge FTC to Probe ID.me Over Selfie Data

Krebs on Security

Some of more tech-savvy Democrats in the U.S. Senate are asking the Federal Trade Commission (FTC) to investigate identity-proofing company ID.me

130
130

iPhone Malware that Operates Even When the Phone Is Turned Off

Schneier on Security

Researchers have demonstrated iPhone malware that works even when the phone is fully shut down. t turns out that the iPhone’s Bluetooth chip­ — which is key to making features like Find My work­ — has no mechanism for digitally signing or even encrypting the firmware it runs.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

ICE Is a Domestic Surveillance Agency

Schneier on Security

Georgetown has a new report on the highly secretive bulk surveillance activities of ICE in the US: When you think about government surveillance in the United States, you likely think of the National Security Agency or the FBI.

DEA Investigating Breach of Law Enforcement Data Portal

Krebs on Security

The U.S. Drug Enforcement Administration (DEA) says it is investigating reports that hackers gained unauthorized access to an agency portal that taps into 16 different federal law enforcement databases.

How Preparation and Strategy Can Be Used to Fight and Defeat Any Ransomware Attack

Speaker: Karl Camilleri, Cloud Services Product Manager at phoenixNAP

Through a detailed analysis of major attacks and their consequences, Karl Camilleri, Cloud Services Product Manager at phoenixNAP, will discuss the state of ransomware and future predictions, as well as provide best practices for attack prevention and recovery.

GUEST ESSAY: Rising global tensions put us a few lines of code away from a significant cyber event

The Last Watchdog

Reflecting on the threats and targets that we are most concerned with given the Russia-Ukraine war, cybersecurity is now the front line of our country’s wellbeing. Cyber threats endanger businesses and individuals — they can affect supply chains, cause power grid failures, and much more. Related: Reaction to Biden’s cybersecurity order.

Weekly Update 295

Troy Hunt

A short one this week as the previous 7 days disappeared with AusCERT and other commitments. Geez it was nice to not only be back at an event, but out there socialising and attending all the related things that tend to go along with it.

More Trending

Surveillance by Driverless Car

Schneier on Security

San Francisco police are using autonomous vehicles as mobile surveillance cameras. Privacy advocates say the revelation that police are actively using AV footage is cause for alarm. This is very concerning,” Electronic Frontier Foundation (EFF) senior staff attorney Adam Schwartz told Motherboard.

MY TAKE: How ‘CAASM’ can help security teams embrace complexity – instead of trying to tame it

The Last Watchdog

The shift to software-defined everything and reliance on IT infrastructure scattered across the Internet has boosted corporate productivity rather spectacularly. Related: Stopping attack surface expansion. And yet, the modern attack surface continues to expand exponentially, largely unchecked. This dichotomy cannot be tolerated over the long run. Encouragingly, an emerging class of network visibility technology is gaining notable traction.

Protecting payments in an era of deepfakes and advanced AI

Tech Republic Security

In our digital age, you need to protect your business against advanced fraud techniques. Here's how. The post Protecting payments in an era of deepfakes and advanced AI appeared first on TechRepublic. CXO Security

171
171

How to Turn a Coke Can Into an Eavesdropping Device

Dark Reading

Cyber-researchers are testing the bounds of optical attacks with a technique that allows attackers to recover voice audio from meetings if there are shiny, lightweight objects nearby

111
111

Cover Your SaaS: How to Overcome Security Challenges and Risks For Your Organization

Speaker: Ronald Eddings, Cybersecurity Expert and Podcaster

In this webinar, Ronald Eddings, Cybersecurity Expert, will outline the relationship between SaaS apps and IT & security teams, along with several actionable solutions to overcome the new difficulties facing your organization.

The NSA Says that There are No Known Flaws in NIST’s Quantum-Resistant Algorithms

Schneier on Security

Rob Joyce, the director of cybersecurity at the NSA, said so in an interview: The NSA already has classified quantum-resistant algorithms of its own that it developed over many years, said Joyce. But it didn’t enter any of its own in the contest.

When Your Smart ID Card Reader Comes With Malware

Krebs on Security

Millions of U.S. government employees and contractors have been issued a secure smart ID card that enables physical access to buildings and controlled spaces, and provides access to government computer networks and systems at the cardholder’s appropriate security level.

NEW TECH SNAPHOT: Can ‘CAASM’ help slow, perhaps reverse, attack surface expansion?

The Last Watchdog

Defending companies as they transition to cloud-first infrastructures has become a very big problem – but it’s certainly not an unsolvable one. Coming Wed., May 18: How security teams can help drive business growth — by embracing complexity. . The good news is that a long-overdue transition to a new attack surface and security paradigm is well underway, one built on a fresh set of cloud-native security frameworks and buttressed by software-defined security technologies.

OpRussia update: Anonymous breached other organizations

Security Affairs

Another week has passed and Anonymous has hacked other Russian companies and leaked their data via DDoSecrets. The #OpRussia launched by Anonymous on Russia after the criminal invasion of Ukraine continues, the collective claims to have hacked multiple organizations and government entities.

How to Avoid the Pain and Cost of PCI Compliance While Optimizing Payments

Speaker: P. Andrew Sjogren, Sr. Product Marketing Manager at Very Good Security, Matt Doka, Co-Founder and CTO of Fivestars, and Steve Andrews, President & CEO of the Western Bankers Association 

In this webinar, we have a great set of panelists who will take you through how Zero Data strategies can be used as part of a well-rounded compliance and security approach, and get you to market much sooner by also allowing for payment optimization. They’ll share how to grow your business faster and minimize costs for both security and compliance

Nokia starts a Cybersecurity Testing Lab for 5G Networks

CyberSecurity Insiders

Nokia, once renowned for its amazing mobile phones, has now developed a testing lab completely dedicated to cybersecurity in the United States.

IoT 114

Upcoming Speaking Engagements

Schneier on Security

This is a current list of where and when I am scheduled to speak: I’m speaking on “Securing a World of Physically Capable Computers” at OWASP Belgium’s chapter meeting in Antwerp, Belgium, on May 17, 2022. I’m speaking at Future Summits in Antwerp, Belgium, on May 18, 2022.

180
180

10 reasons why we fall for scams

We Live Security

The ‘it won’t happen to me’ mindset leaves you unprepared – here are some common factors that put any of us at risk of online fraud. The post 10 reasons why we fall for scams appeared first on WeLiveSecurity. Scams

Scams 113

Thousands of WordPress Sites Hacked to Redirect Visitors to Scam Sites

The Hacker News

Cybersecurity researchers have disclosed a massive campaign that's responsible for injecting malicious JavaScript code into compromised WordPress websites that redirects visitors to scam pages and other malicious websites to generate illegitimate traffic.

Scams 113

Back to the Office: Privacy and Security Solutions to Compliance Issues for 2021 and Beyond

Speaker: Mike Cramer, Director of HIPAA & Data Security at The Word & Brown Companies

Now that companies are slowly allowing employees to return to work at the office, it's time to re-evaluate your company’s posture towards privacy and security. Join Mike Cramer, Director of HIPAA & Data Security at The Word & Brown Companies, for a discussion that will focus on compliance and the types of privacy and security measures your company should be aware of, as well as tips and methods for implementing these measures.

GUEST ESSAY: The many ways your supply chain is exposing your company to a cyber attack

The Last Watchdog

It’s a scenario executives know too well. Related: Third-party audits can hold valuable intel. You and your cybersecurity team do everything correctly to safeguard your infrastructure, yet the frightening alert still arrives that you’ve suffered a data breach. It’s a maddening situation that occurs far more often than it should.

The Danger of Online Data Brokers

Dark Reading

Enterprises should consider online data brokers as part of their risk exposure analysis if they don't already do so

Risk 113

Attacks on Managed Service Providers Expected to Increase

Schneier on Security

CISA, NSA, FBI, and similar organizations in the other Five Eyes countries are warning that attacks on MSPs — as a vector to their customers — are likely to increase. No details about what this prediction is based on. Makes sense, though.

Which phishing scams are trending in 2022?

Security Boulevard

With more people looking to cash in on hype surrounding the cryptocurrency market than ever before and an increasing digital workforce which may lack awareness of network security set-ups, cybercriminal activity remains rampant.

Scams 113

The LEGION collective calls to action to attack the final of the Eurovision song contest

Security Affairs

The Pro-Russian volunteer movement known as LEGION is calling to launch DDoS attacks against the final of the Eurovision song contest. The LEGION is a Pro-Russian volunteer movement that focuses on DDOS attacks.

DDOS 105

Why you need to add a trust and safety officer to the leadership team

Tech Republic Security

Companies need one person in charge of creating a consistent user experience that is strong on safety and trust. The post Why you need to add a trust and safety officer to the leadership team appeared first on TechRepublic. CXO Security

156
156

Google Will Use Mobile Devices to Thwart Phishing Attacks

Dark Reading

In an effort to combat phishing, Google will allow Android phones and iPhones to be used as security keys

Mobile 110

Thousands of Top Websites See What You Type—Before You Hit Submit

WIRED Threat Level

A surprising number of the top 100,000 websites effectively include keyloggers that covertly snag everything you type into a form. Security Security / Privacy

109
109

Pro-Russian hacktivists target Italy government websites

Security Affairs

Pro-Russian hacker group Killnet targeted the websites of several Italian institutions, including the senate and the National Institute of Health.

Duo Opens New Data Center in India

Cisco CSR

Back in September last year, Ash Devata, VP and GM for Zero Trust and Duo at Cisco wrote about the expansion of our international footprint with the opening of data centers in Australia, Singapore, and Japan.

Retail 103

Threat Actors Are Stealing Data Now to Decrypt When Quantum Computing Comes

Dark Reading

The technique, called store-now, decrypt later (SNDL), means organizations need to prepare now for post-quantum cryptography

110
110

Help Employees and Consumers Avoid Self-inflicted Cybersecurity Mistakes

Security Boulevard

It shouldn’t be news to anyone that people sharing information online are concerned about the safety of their data.

He cracked passwords for a living – now he’s serving 4 years in prison

Naked Security

Crooks don't need a password for every user on your network to break in and wreak havoc. One could be enough. Cryptography Law & order bust cracking Cybercrime doj

Opportunity out of crisis: Tapping the Great Resignation to close the cybersecurity skills gap

We Live Security

What can organizations do to capitalize on the current fluidity in the job market and bring fresh cybersecurity talent into the fold? The post Opportunity out of crisis: Tapping the Great Resignation to close the cybersecurity skills gap appeared first on WeLiveSecurity. We Live Progress

Network Footprints of Gamaredon Group

Cisco CSR

Below research is reflecting our observations during month of March 2022. We also would like to thank Maria Jose Erquiaga for her contribution in introduction and support during the process of writing. Overview.

Retail 101