Schneier on Security
JANUARY 27, 2023
Early in his career, Kevin Mitnick successfully hacked California law. He told me the story when he heard about my new book , which he partially recounts his 2012 book, Ghost in the Wires. The setup is that he just discovered that there’s warrant for his arrest by the California Youth Authority, and he’s trying to figure out if there’s any way out of it.
Troy Hunt
JANUARY 27, 2023
Breaches all over the place today! Well, this past week, and there's some debate as to whether one of them is a breach, a scrape or if the term just doesn't matter anyway. Plus, we've been kitchen shopping, I'm helping friends out with connected doorbells and other random but somehow related things this week. Enjoy 😊 References I'll be "at" GOTO Aarhus in May (there online, but definitely speaking at the show) Following all the awesome input, we decided t
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Tech Republic Security
JANUARY 27, 2023
Working with international law enforcement, the FBI said it has seized control of the servers the Hive group uses to communicate with members. The post FBI takes down Hive ransomware group appeared first on TechRepublic.
Schneier on Security
JANUARY 27, 2023
This is a good list of modern phishing techniques.
Speaker: Speakers:
In today's digital age, having an untrained workforce can be a significant risk to your business. Cyber threats are evolving; without proper training, your employees could be the weakest link in your defense. This webinar empowers leaders like you with the tools and strategies needed to transform your employees into a robust frontline defense against cyber attacks.
Tech Republic Security
JANUARY 27, 2023
TechRepublic speaks with Carlos Morales of Neustar Security Services on the best ways for companies to spend on cybersecurity — even if their budgets are tighter. The post Here’s how IT budgets should fill cybersecurity moats in 2023 appeared first on TechRepublic.
Bleeping Computer
JANUARY 27, 2023
Microsoft says this week's five-hour-long Microsoft 365 worldwide outage was caused by a router IP address change that led to packet forwarding issues between all other routers in its Wide Area Network (WAN). [.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Security Boulevard
JANUARY 27, 2023
Law enforcement agencies from several countries got together and took down the site. They also worked to decrypt victims’ data. The post ‘Hive’ Russian Ransomware Gang Shut Down by FBI, DoJ, Europol, Bundeskriminalamt, et al appeared first on Security Boulevard.
We Live Security
JANUARY 27, 2023
Sandworm continues to conduct attacks against carefully chosen targets in the war-torn country The post SwiftSlicer: New destructive wiper malware strikes Ukraine appeared first on WeLiveSecurity
Security Boulevard
JANUARY 27, 2023
The Federal Trade Commission (FTC) chair, Lina M. Khan, recently announced the commission’s intent to adjust a rule that would prohibit non-compete agreements by workers or independent contractors. Their rationale? Unfair competition—which, therefore, falls under the purview of the FTC. This could have a huge impact on the cybersecurity and IT industries, and open up.
Bleeping Computer
JANUARY 27, 2023
Security researchers have analyzed a variant of the PlugX malware that can hide malicious files on removable USB devices and then infect the Windows hosts they connect to. [.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Security Boulevard
JANUARY 27, 2023
Chainguard this week made available a memory-safe distribution of Linux, dubbed Wolfi, that promises to eliminate the root cause of the bulk of known software vulnerabilities. In addition, Chainguard has partnered with the Internet Security Research Group (ISRG) to create a Rustls TLS library for Wolfi available as the default backend in libcurl. All curl.
CyberSecurity Insiders
JANUARY 27, 2023
Russia launched a war on Ukraine, its neighboring country, on February 24th of the year 2022. And still the Zelenskyy led nation hasn’t surrendered to Moscow, all because of the extreme support from the west, regarding arms & ammunition, essentials and, of course, funds. As the war is fast approaching the one year long milestone, Putin intensified the war by attacking the civilian populace from December last year.
Security Boulevard
JANUARY 27, 2023
Artificial intelligence (AI) is rapidly becoming a powerful tool in the cybersecurity landscape, with the potential to revolutionize the way we detect and respond to cyber threats. However, as with any technology, there are also risks associated with the use of AI in cybersecurity. In this blog post, we will explore both the advantages and dangers of AI in cybersecurity, including examples of how cybercriminals could use AI to improve social engineering attacks and how cybersecurity companies ca
Bleeping Computer
JANUARY 27, 2023
For the most part, this week has been relatively quiet regarding ransomware attacks and researcher — that is, until the FBI announced the disruption of the Hive ransomware operation. [.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Security Boulevard
JANUARY 27, 2023
A breach at LastPass is the gift that keeps on giving—or taking, depending on your perspective. LastPass parent company GoTo raised the alarm this week that, in addition to stealing encrypted backups containing customer data, hackers nicked an encryption key last November. “An unauthorized party gained access to a third-party cloud-based storage service, which LastPass.
Bleeping Computer
JANUARY 27, 2023
The Ukrainian Computer Emergency Response Team (CERT-UA) found a cocktail of five different data-wiping malware strains deployed on the network of the country's national news agency (Ukrinform) on January 17th. [.
CSO Magazine
JANUARY 27, 2023
Security researchers warn that an increasing number of attackers are using legitimate remote monitoring and management (RMM) tools in their attacks to achieve remote access and control over systems. These tools are commonly used by managed service providers (MSPs) and IT help desks so their presence on an organization's network and systems might not raise suspicion.
The Hacker News
JANUARY 27, 2023
Orcus is a Remote Access Trojan with some distinctive characteristics. The RAT allows attackers to create plugins and offers a robust core feature set that makes it quite a dangerous malicious program in its class. RAT is quite a stable type that always makes it to the top. ANY.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
CSO Magazine
JANUARY 27, 2023
The US Department of Justice (DOJ) along with international partners have taken down the Hive ransomware group. The operation that began in July 2022 resulted in the FBI penetrating Hive’s computer networks, capturing its decryption keys, and offering them to victims worldwide, preventing victims from having to pay the $130 million in ransom demanded, DOJ said in a release on Thursday.
The Hacker News
JANUARY 27, 2023
Cybersecurity researchers have uncovered a PlugX sample that employs sneaky methods to infect attached removable USB media devices in order to propagate the malware to additional systems.
Security Boulevard
JANUARY 27, 2023
Anyone who has been in IT for the last decade knows the risks posed by ransomware and cyberattacks. They have been on our radar as a top concern for many years. But there have been changes. Most notably, the prevalence of attacks, specifically on large global companies, and the growing focus on a new target, The post Securing Against Supply Chain Attacks appeared first on Security Boulevard.
The Hacker News
JANUARY 27, 2023
The Internet Systems Consortium (ISC) has released patches to address multiple security vulnerabilities in the Berkeley Internet Name Domain (BIND) 9 Domain Name System (DNS) software suite that could lead to a denial-of-service (DoS) condition. "A remote attacker could exploit these vulnerabilities to potentially cause denial-of-service conditions and system failures," the U.S.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
eSecurity Planet
JANUARY 27, 2023
Cybercriminals recently breached U.S. federal agencies using remote monitoring and management (RMM) software as part of a widespread campaign. The malicious campaign began in June 2022 or earlier and was detected a few months later, according to an advisory from the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), and the Multi-State Information Sharing and Analysis Center (MS-ISAC).
Dark Reading
JANUARY 27, 2023
An academic analysis of website defacement behavior by 241 new hackers shows there are four clear trajectories they can take in future, researchers say.
The Hacker News
JANUARY 27, 2023
Ukraine has come under a fresh cyber onslaught from Russia that involved the deployment of a previously undocumented Golang-based data wiper dubbed SwiftSlicer. ESET attributed the attack to Sandworm, a nation-state group linked to Military Unit 74455 of the Main Intelligence Directorate of the General Staff of the Armed Forces of the Russian Federation (GRU).
We Live Security
JANUARY 27, 2023
Data Privacy Week is a reminder to protect your data – all year round. Here are three privacy-boosting habits you can start today. The post Are you in control of your personal data?
Advertisement
The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.
The Hacker News
JANUARY 27, 2023
The U.K. National Cyber Security Centre (NCSC) on Thursday warned of spear-phishing attacks mounted by Russian and Iranian state-sponsored actors for information-gathering operations.
Heimadal Security
JANUARY 27, 2023
One of the most recent finds exposed the Aurora Stealer malware imitating popular applications to infect as many users as possible. Cyble researchers were able to determine that, in order to target a variety of well-known applications, the threat actors are actively changing and customizing their phishing websites. Aurora targets data from web browsers and crypto […] The post Aurora Infostealer Malware Deploys Shapeshifting Tactics appeared first on Heimdal Security Blog.
Dark Reading
JANUARY 27, 2023
OpenAI's chatbot has the promise to revolutionize how security practitioners work.
Security Boulevard
JANUARY 27, 2023
Insight #1 " It really is time for LastPass users to stop using it. They have had many breaches over the past few years, but this latest is the worst of them all." Insight #2 " The shift left movement is dead. It’s time to re-evaluate your application security practices and instead, Shift Smart. Use the right tools at the right point in the process to provide the most effective and least noisy results.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Expert insights. Personalized for you.
313 
Let's personalize your content