Troy Hunt
AUGUST 5, 2022
A very early weekly update this time after an especially hectic week. The process with the couple of data breaches in particular was a real time sap and it shouldn't be this hard. Seriously, the amount of effort that goes into trying to get organisations to own their breach (or if they feel strongly enough about it, help attribute it to another party) is just nuts.
Tech Republic Security
AUGUST 5, 2022
Learn how to set up and sync Authy on all your devices for easy two-factor authentication. The post How to use Authy: A guide for beginners appeared first on TechRepublic.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Bleeping Computer
AUGUST 5, 2022
Twitter has confirmed a recent data breach was caused by a now-patched zero-day vulnerability used to link email addresses and phone numbers to users' accounts, allowing a threat actor to compile a list of 5.4 million user account profiles. [.].
Security Boulevard
AUGUST 5, 2022
Cybersecurity is the number-one skills gap in 2022, surpassing cloud computing as the top-ranking area of focus for individuals and organizations, according to a Pluralsight survey of more than 700 tech professionals. Respondents with access to modern upskilling options demonstrated more confidence in their skills and trust in their organizations. These technologists had access to.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Bleeping Computer
AUGUST 5, 2022
Slack notified roughly 0.5% of its users that it reset their passwords after fixing a bug exposing salted password hashes when creating or revoking shared invitation links for workspaces. [.].
Security Affairs
AUGUST 5, 2022
A threat actor, tracked as TAC-040, exploited Atlassian Confluence flaw CVE-2022-26134 to deploy previously undetected Ljl Backdoor. Cybersecurity firm Deepwatch reported that a threat actor, tracked as TAC-040, has likely exploited the CVE-2022-26134 flaw in Atlassian Confluence servers to deploy a previously undetected backdoor dubbed Ljl Backdoor.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Graham Cluley
AUGUST 5, 2022
Did Russian security Kaspersky really choose to send an email to its customers addressing them as "dear and lovely"? Had Kaspersky suffered a data breach? Had a hacker found a way to send messages to Kaspersky's customer base?
Security Affairs
AUGUST 5, 2022
RapperBot is a new botnet employed in attacks since mid-June 2022 that targets Linux SSH servers with brute-force attacks. Researchers from FortiGuard Labs have discovered a new IoT botnet tracked as RapperBot which is active since mid-June 2022. The bot borrows a large portion of its code from the original Mirai botnet, but unlike other IoT malware families, it implements a built-in capability to brute force credentials and gain access to SSH servers instead of Telnet as implemented in Mirai.
Security Boulevard
AUGUST 5, 2022
It’s almost ingrained in our collective psyche that more of a good thing is an even better thing. If you have one of something that you really like, then there is nothing wrong with having two or three, or even more. After all, you can’t have too much of a good thing, right? Unfortunately, while. The post Suffering From a Surfeit of Security Tools appeared first on Security Boulevard.
Security Affairs
AUGUST 5, 2022
US Critical Infrastructure Security Agency (CISA) adds a recently disclosed flaw in the Zimbra email suite to its Known Exploited Vulnerabilities Catalog. The Cybersecurity & Infrastructure Security Agency (CISA) has added a recently disclosed flaw in the Zimbra email suite, tracked as CVE-2022-27924 , to its Known Exploited Vulnerabilities Catalog.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Security Boulevard
AUGUST 5, 2022
The Emergency Alert System run by FEMA and the FCC is vulnerable to hacking. This is NOT a test. All will be revealed next week at DEF?CON?30. The post US Emergency Alert System Has ‘Huge Flaw’ — Broadcasters Must Patch NOW appeared first on Security Boulevard.
Security Affairs
AUGUST 5, 2022
The U.S. DHS warns of critical security vulnerabilities in Emergency Alert System (EAS) encoder/decoder devices. The Department of Homeland Security (DHS) warned of critical security vulnerabilities in Emergency Alert System (EAS) encoder/decoder devices. Threat actors could exploit the flaws to send fake emergency alerts via TV, radio networks, and cable networks.
Security Boulevard
AUGUST 5, 2022
Cyber threats present themselves in a variety of ways. We constantly hear about cyberwarfare, supply chain attacks and breaches through security gaps. While these are all serious issues and something we should be seriously concerned about, they only represent a percentage of the threats enterprises face today. Take a look outside the security operations centers (SOC), and you’ll quickly see.
CyberSecurity Insiders
AUGUST 5, 2022
Facebook security researchers released their second quarter Adversarial Threat Report that confirms two APT groups using a new android malware dubbed Dracarys. Dubbed as ‘Bitter APT’ and ‘APT36’ the newly discovered groups are being used to populate Dracarys malware via Facebook(FB) platform mainly to collect personal information or befriend a person, without the knowledge of the actual profile owner.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Bleeping Computer
AUGUST 5, 2022
United Kingdom's National Health Service (NHS) 111 emergency services are affected by a major outage triggered by a cyberattack that hit the systems of managed service provider (MSP) Advanced. [.].
CyberSecurity Insiders
AUGUST 5, 2022
Team Cymru recently surveyed 440 security practitioners in the US and Europe. Each survey participant works for a company that currently uses an ASM platform. These professionals were able to provide first-hand knowledge about the benefits and drawbacks of ASM tools today. They shared what they liked and disliked about the tools they use. The Team Cymru State of Attack Surface Management Report covers a broad spectrum of topics.
Bleeping Computer
AUGUST 5, 2022
Meta (Facebook) has released its Q2 2022 adversarial threat report, and among the highlights is the discovery of two cyber-espionage clusters connected to hacker groups known as 'Bitter APT' and APT36 (aka 'Transparent Tribe') using new Android malware. [.].
Security Boulevard
AUGUST 5, 2022
We have researched all cookie consent plugins available on WordPress's marketplace and compiled a list of the top 10 plugins for cookie consent. The post Top 10 Cookie Consent plugins for WordPress appeared first on Security Boulevard.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Dark Reading
AUGUST 5, 2022
For the right price, threat actors can get just about anything they want to launch a ransomware attack — even without technical skills or any previous experience.
Security Affairs
AUGUST 5, 2022
Twitter confirmed that the recent data breach that exposed data of 5.4 million accounts was caused by the exploitation of a zero-day flaw. At the end of July, a threat actor leaked data of 5.4 million Twitter accounts that were obtained by exploiting a now-fixed vulnerability in the popular social media platform. The threat actor offered for sale the stolen data on the popular hacking forum Breached Forums.
Naked Security
AUGUST 5, 2022
Traffic lights make a handy global metaphor for denoting the sensitivity of cybersecurity threat data - three colours that everyone knows.
CompTIA on Cybersecurity
AUGUST 5, 2022
Want to learn ethical hacking skills? Our experts have shared some of the best training courses that can help you kickstart your career as an ethical hacker.
Advertisement
The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.
The Hacker News
AUGUST 5, 2022
A nascent service called Dark Utilities has already attracted 3,000 users for its ability to provide command-and-control (C2) services with the goal of commandeering compromised systems.
Security Boulevard
AUGUST 5, 2022
by Rich Mogull As bad of an issue ransomware is within data centers, I was a bit skeptical that it was much of a problem in cloud. I, personally, hadn’t run into any incidents and I started to think it was more theoretical than anything else. It turns out, I was a little wrong. Okay, …. What You Need to Know About Ransomware in AWS Read More ». The post What You Need to Know About Ransomware in AWS appeared first on FireMon.
Security Affairs
AUGUST 5, 2022
Dark Utilities “C2-as-a-Service” is attracting a growing number of customers searching for a command-and-control for their campaigns. The popularity of the Dark Utilities “C2-as-a-Service” is rapidly increasing, over 3,000 users are already using it as command-and-control for their campaigns. Dark Utilities was launched in early 2022, the platform that provides full-featured C2 capabilities to its users.
Security Boulevard
AUGUST 5, 2022
Log4j is a popular Java logging tool with a critical cybersecurity vulnerability that gained global attention in December 2021. The U.S. Dept. of Homeland Security’s Cyber Safety Review Board stated in a recent report that it is one of the most serious vulnerabilities seen in years. Because of the popularity of the Log4j tool with Java developers, the problem is an “endemic vulnerability” for the software industry, according to the board.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
The Hacker News
AUGUST 5, 2022
A threat actor working to further Iranian goals is said to have been behind a set of disruptive cyberattacks against Albanian government services in mid-July 2022. Cybersecurity firm Mandiant said the malicious activity against a NATO state represented a "geographic expansion of Iranian disruptive cyber operations.
Digital Guardian
AUGUST 5, 2022
New and dangerous scams are on the rise, your sensitive information may be at risk due to an unlikely party, and tensions between Taiwan and China look to be escalating. Read all about these stories and more in this week’s Friday Five.
The Hacker News
AUGUST 5, 2022
Conflicting business requirements is a common problem – and you find it in every corner of an organization, including in information technology. Resolving these conflicts is a must, but it isn’t always easy – though sometimes there is a novel solution that helps. In IT management there is a constant struggle between security and operations teams.
Bleeping Computer
AUGUST 5, 2022
DuckDuckGo announced today that they will now be blocking all third-party Microsoft tracking scripts in their privacy browser after failing to block them in the past. [.].
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Expert insights. Personalized for you.
218 
Let's personalize your content