Security Boulevard

DECEMBER 9, 2024

This blog post explores how maintaining USB security mitigates insider threats and fosters a secure workplace environment. The post The Role of USB Security in Combating Insider Threats appeared first on Security Boulevard.

Software 132

Software Security Awareness Cybersecurity 132

Troy Hunt

MARCH 3, 2025

But the confusing nature of stealer logs coupled with an overtly long blog post explaining them and the conflation of which services needed a subscription versus which were easily accessible by anyone made for a very intense last 6 days. That was a bit intense, as is usually the way after any large incident goes into HIBP.

Passwords 212

Passwords Accountability Malware 212

Schneier on Security

SEPTEMBER 6, 2024

Blog moderation policy. The first live video of the Promachoteuthis squid, filmed at a newly discovered seamount off the coast of Chile.

269

269

NSTIC

FEBRUARY 26, 2025

To make improving your security posture even easier, in this blog we are: Sharing new CSF 2.0 It has been one year since the release of the NIST Cybersecurity Framework (CSF) 2.0 !

Cybersecurity 111

Cybersecurity 111

Adam Shostack

FEBRUARY 18, 2025

If youve read my recent blog post on Hoarding, Debt and Threat Modeling , youll hear me reiterate how people often try to model everything at once and get overwhelmed in the process. I wanted to share some key themes we explored. One of the core messages I emphasized is how we can make threat modeling more accessible.

130

130

Schneier on Security

SEPTEMBER 27, 2024

Blog moderation policy. Fishermen are catching more squid as other fish are depleted.

246

246

Graham Cluley

OCTOBER 24, 2024

Read more in my article on the Tripwire State of Security blog. And the recent discovery of a new malware strain emphasises that the threat - even if much smaller than on Windows - remains real.

Ransomware 114

Ransomware Malware 114

Krebs on Security

JANUARY 7, 2025

The image that Lookout used in its blog post for Crypto Chameleon can be seen in the lower right hooded figure. That latter domain was created and deployed shortly after Lookout published its blog post on Crypto Chameleon. com and two other related control domains — thebackendserver[.]com com and lookoutsucks[.]com.

Phishing 338

Phishing Cryptocurrency Accountability Social Engineering 338

Krebs on Security

MARCH 14, 2025

. “This campaign delivers multiple families of commodity malware, including XWorm, Lumma stealer, VenomRAT, AsyncRAT, Danabot, and NetSupport RAT,” Microsoft wrote in a blog post on Thursday. “Depending on the specific payload, the specific code launched through mshta.exe varies.

Phishing 216

Phishing Malware Scams Passwords 216

Schneier on Security

OCTOBER 11, 2024

Blog moderation policy. Fishermen in Tamil Nadu are reporting smaller catches of squid.

240

240

Adam Shostack

JANUARY 2, 2025

That the White House is involved should not be a shocker to readers of this blog, and it represents a fascinating state of the evolution of the conversation around memory safety that it would reach that level. Blog overview or direct link.) Regulation The White House released a report on memory safe languages.

Software 130

Software Advertising Hacking 130

NSTIC

OCTOBER 17, 2024

This blog is part of a larger NIST series during the month of October for Cybersecurity Awareness Month , called 'Staff Stories Spotlight.'

Cybersecurity 95

Cybersecurity 95

Schneier on Security

SEPTEMBER 17, 2024

On this blog, let’s stick to the tech and the security ramifications of the threat. And it seems to be a large detonation for an overloaded battery. This reminds me of the 1996 assassination of Yahya Ayyash using a booby trapped cellphone. EDITED TO ADD: I am deleting political comments.

68

68

Daniel Miessler

DECEMBER 24, 2022

It started back in August of 2022 as a fairly common breach notification on a blog, but it, unfortunately, turned into more of a blog series. If you follow Information Security at all you are surely aware of the LastPass breach situation.

Password Management 364

Password Management Passwords Encryption Backups 364

Schneier on Security

AUGUST 12, 2024

Through this analysis, we illuminate key and novel patterns in misuse during this time period, including potential motivations, strategies, and how attackers leverage and abuse system capabilities across modalities (e.g. image, text, audio, video) in the wild. Note the graphic mapping goals with strategies.

Artificial Intelligence 318

Artificial Intelligence Risk 318

NSTIC

OCTOBER 23, 2024

This blog is part of a larger NIST series during the month of October for Cybersecurity Awareness Month , called 'Staff Stories Spotlight.'

Cybersecurity 91

Cybersecurity 91

Schneier on Security

OCTOBER 27, 2023

found no expired certificates on the server, ­ as explained in a blog post by ValdikSS, a pseudonymous anti-censorship researcher based in Russia who collaborated on the investigation. However, jabber.ru

Encryption 311

Encryption Surveillance 311

Troy Hunt

MARCH 11, 2025

Part of that is this blog post heralding what's to come, and part of it is also open sourcing the ux-rebuild repository. I'm really stoked with the work the guys I've mentioned in this blog post have done, but there will be other great ideas that none of us have thought of yet.

Passwords 302

Passwords Internet Internet 302

NSTIC

OCTOBER 28, 2024

This blog is part of a larger NIST series during the month of October for Cybersecurity Awareness Month , called 'Staff Stories Spotlight.'

Cybersecurity 104

Cybersecurity 104

Heimadal Security

NOVEMBER 1, 2024

The same threat actors breached the tech giant earlier this week and are responsible for the notorious SolarWinds supply chain attack […] The post Microsoft Warns: Midnight Blizzard’s Ongoing Spear-Phishing Campaign with RDP Files appeared first on Heimdal Security Blog.

Phishing 90

Phishing Cybersecurity 90

ZoneAlarm

FEBRUARY 23, 2025

Billion Records appeared first on ZoneAlarm Security Blog. Smart home devices, including security cameras, smart locks, and voice assistants, … The post Smart Home Data Breach Exposes 2.7

Data breaches 85

Data breaches IoT Internet Internet 85

Schneier on Security

FEBRUARY 26, 2024

There’s a lot of detail in the Apple blog post , and more in Douglas Stabila’s security analysis. Apple announced PQ3 , its post-quantum encryption standard based on the Kyber secure key-encapsulation protocol, one of the post-quantum algorithms selected by NIST in 2022. I am of two minds about this.

Encryption 336

Encryption 336

Adam Shostack

JANUARY 2, 2025

Google calls attention to our Cyber Public Health work Last week, Bill Reid and Taylor Lehmann, both in the Office of the CISO at Google Cloud, wrote a blog post, Cyber Public Health: A new approach to cybersecurity.

CISO 130

CISO Technology Cybersecurity 130

ZoneAlarm

NOVEMBER 18, 2024

These fraudulent websites … The post Fraud Network Operates 4,700 Fake Shopping Sites to Steal Credit Card Data appeared first on ZoneAlarm Security Blog. The SilkSpecter network orchestrated a massive operation involving thousands of fake e-commerce sites.

Phishing 93

Phishing Engineering Cybersecurity Data privacy 93

Krebs on Security

APRIL 10, 2024

The domain mentioned at the beginning of this story — fedetwitter.com — redirects users to the blog of a Japanese technology enthusiast. The domain setwitter.com, which Twitter/X until very recently rendered as “sex.com,” redirects to this blog post warning about the recent changes and their potential use for phishing.

Phishing 356

Phishing Media Engineering Technology 356

Troy Hunt

OCTOBER 14, 2023

here's a blog post about how stupid class actions like this are! Protect your identity now.

Data breaches 296

Data breaches Advertising Marketing Account Security 296

Heimadal Security

JANUARY 16, 2025

This article outlines the crucial steps for aligning with NIS2 standards, drawn from our comprehensive NIS2 […] The post Your Ultimate Guide to NIS2 Compliance: Key Steps and Insights appeared first on Heimdal Security Blog.

Cyber Risk 101

Cyber Risk Risk Cybersecurity 101

ZoneAlarm

DECEMBER 9, 2024

Recently, the incident returned to the spotlight due to new updates on the breachs scope … The post Anna Jaques Hospital Ransomware Breach Exposes Patient Data appeared first on ZoneAlarm Security Blog.

Ransomware 88

Ransomware Healthcare Cybersecurity 88

Krebs on Security

OCTOBER 30, 2024

“Affected insurance providers can contact us to prevent leaking of their own data and [remove it] from the sale,” RansomHub’s victim shaming blog announced on April 16. A few days after BlackCat imploded, the same stolen healthcare data was offered for sale by a competing ransomware affiliate group called RansomHub.

Healthcare 294

Healthcare Insurance Computers and Electronics Data breaches 294

Troy Hunt

FEBRUARY 25, 2025

I like to start long blog posts with a tl;dr, so here it is: We've ingested a corpus of 1.5TB worth of stealer logs known as "ALIEN TXTBASE" into Have I Been Pwned. They contain 23 billion rows with 493 million unique website and email address pairs, affecting 284M unique email addresses. Or find it unactionable noise?

Passwords 333

Passwords Accountability VPN Malware 333

Troy Hunt

MARCH 18, 2024

I linked to the story from the beginning of this blog post and got a handful of willing respondents for whom I sent their data and asked two simple questions: Does this data look accurate? As I said in the intro, this is not the conclusive end I wanted for this blog post.

Data breaches 349

Data breaches Encryption Identity Theft InfoSec 349

Penetration Testing

OCTOBER 13, 2024

The Apache Software Foundation has released a security update for Apache Roller, a popular Java-based blogging platform.

Software 82

Software Cybersecurity 82

Heimadal Security

JANUARY 13, 2025

This partnership will help MSPs in France deal with todays growing cybersecurity challenges by simplifying how they manage security and offering reliable tools from a […] The post Heimdal and Watsoft Team Up to Strengthen MSP Cybersecurity in France appeared first on Heimdal Security Blog.

Cybersecurity 95

Cybersecurity 95

Heimadal Security

NOVEMBER 22, 2024

The same agencies issued a joint advisory in May that warned about BianLian’s shifting tactics, which […] The post CISA: BianLian Ransomware Focus Switches to Data Theft appeared first on Heimdal Security Blog.

Ransomware 88

Ransomware Cybersecurity 88

Malwarebytes

NOVEMBER 4, 2024

In this blog post, we take a look at how criminals are abusing Bing and stay under the radar at the same time while also bypassing advanced security features such as two-factor authentication. The idea is about creating content that looks real, like a blog, but with malicious intent (monetization or other). com info-blog-news[.]com

Engineering 123

Engineering Phishing Banking Authentication 123

Heimadal Security

NOVEMBER 1, 2024

The rules apply to key digital service providers, […] The post EU Adopts New Cybersecurity Rules for Critical Infrastructure Under NIS2 Directive appeared first on Heimdal Security Blog.

Cybersecurity 83

Cybersecurity 83

Troy Hunt

DECEMBER 7, 2023

I wrote up a blog post on the highlights earlier this week (it still feels like I've missed a million things)

Malware 293

Malware 293