Tech Republic Security
MAY 27, 2022
The world of cybersecurity is constantly changing. Improve your DevSecOps knowledge with these critical concepts. The post DevSecOps glossary: 24 terms security professionals need to know appeared first on TechRepublic.
Security Affairs
MAY 27, 2022
Security researchers devised a technique, dubbed GhostTouch, to remotely control touchscreens using electromagnetic signals. A team of researchers from Zhejiang University and Technical University of Darmstadt devised a technique, dubbed GhostTouch, to remotely control capacitive touchscreens using electromagnetic signals. According to the experts, GhostTouch is the first active contactless attack against capacitive touchscreens.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Tech Republic Security
MAY 27, 2022
Only 104 critical vulnerabilities were reported in 2021, an all-time low for the world’s largest software company. The post Critical Microsoft vulnerabilities decreased 47% in 2021 appeared first on TechRepublic.
Bleeping Computer
MAY 27, 2022
GitHub revealed today that an attacker stole the login details of roughly 100,000 npm accounts during a mid-April security breach with the help of stolen OAuth app tokens issued to Heroku and Travis-CI. [.].
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Tech Republic Security
MAY 27, 2022
Cryptocurrency exchanges allow the transfer of crypto between buyers and sellers. Learn about the top crypto exchange options. The post Best cryptocurrency exchanges of 2022 appeared first on TechRepublic.
Security Affairs
MAY 27, 2022
Microsoft found several high-severity vulnerabilities in a mobile framework used in pre-installed Android System apps. The Microsoft 365 Defender Research Team discovered four vulnerabilities ( CVE-2021-42598 , CVE-2021-42599 , CVE-2021-42600 , and CVE-2021-42601 ) in a mobile framework, owned by mce Systems , that is used by several mobile carriers in pre-installed Android System apps.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
The Hacker News
MAY 27, 2022
Researchers have demonstrated what they call the "first active contactless attack against capacitive touchscreens." GhostTouch, as it's called, "uses electromagnetic interference (EMI) to inject fake touch points into a touchscreen without the need to physically touch it," a group of academics from Zhejiang University and Technical University of Darmstadt said in a new research paper.
Security Affairs
MAY 27, 2022
A new version of the ERMAC Android banking trojan is able to target an increased number of apps. The ERMAC Android banking trojan version 2.0 can target an increasing number of applications, passing from 378 to 467 target applications to steal account credentials and crypto-wallets. ERMAC was first spotted by researchers from Threatfabric in July 2021, it is based on the popular banking trojan Cerberus.
Bleeping Computer
MAY 27, 2022
Microsoft has announced that it will force enable stricter secure default settings known as 'security defaults' on all existing Azure Active Directory (Azure AD) tenants starting in late June 2022. [.].
We Live Security
MAY 27, 2022
New and exacerbated cyber-risks following Russia’s invasion of Ukraine are fueling a new urgency towards enhancing resilience. The post Cybersecurity: A global problem that requires a global answer appeared first on WeLiveSecurity.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Dark Reading
MAY 27, 2022
The malware’s abuse of PowerShell makes it more dangerous, allowing for more advanced attacks such as ransomware, fileless malware, and malicious code memory injections.
Security Boulevard
MAY 27, 2022
We all know that cyberthreats have become more frequent, stealthier and more sophisticated. What’s more, the traditional, reactive approach to detecting threats by hunting indicators of compromise (IoCs) using markers like IP addresses, domains and file hashes is quickly becoming outdated—threats are only detected once a compromise is achieved and attackers are readily able to.
Dark Reading
MAY 27, 2022
The Chaos ransomware-builder was known for creating destructor malware that overwrote files and made them unrecoverable -- but the new Yashma version finally generates binaries that can encrypt files of all sizes.
The Hacker News
MAY 27, 2022
Cloud-based repository hosting service GitHub on Friday shared additional details into the theft of GitHub integration OAuth tokens last month, noting that the attacker was able to access internal NPM data and its customer information.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Bleeping Computer
MAY 27, 2022
Austrian federal state Carinthia has been hit by the BlackCat ransomware gang, also known as ALPHV, who demanded a $5 million to unlock the encrypted computer systems. [.].
Security Affairs
MAY 27, 2022
The FBI warns organizations in the higher education sector of credentials sold on cybercrime forums that can allow threat actors to access their networks. The FBI issued an alert to inform the higher education sector about the availability of login credentials on dark web forums that can be used by threat actors to launch attacks against individuals and organizations in the industry.
The Hacker News
MAY 27, 2022
Today's modern companies are built on data, which now resides across countless cloud apps. Therefore preventing data loss is essential to your success. This is especially critical for mitigating against rising ransomware attacks — a threat that 57% of security leaders expect to be compromised by within the next year. As organizations continue to evolve, in turn so does ransomware.
CyberSecurity Insiders
MAY 27, 2022
UK populace should know about a phishing scam that is taking place in the name of the Office of Gas and Electronics Markets, aka Ofgem. As hackers are sending Ofgem emails claiming to give rebates on the monthly bill and diverting them to a fake website that asks for bank account details for a reimbursement to be disbursed later. In reality, Ofgem is not sending such emails to any of the populace and has termed such scams as minting platforms to steal sensitive information.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
CSO Magazine
MAY 27, 2022
It is a common refrain among senior folks in enterprise cybersecurity: “We have to learn to align with the business.” Unfortunately, it seems like we spend most of our time trying to get the business to “align with cybersecurity” and become frustrated when they don’t or can’t. Part of the reason is that we often don’t want to (or can’t) speak like the business.
eSecurity Planet
MAY 27, 2022
Open source software libraries are frequent targets of hackers, who see them as an attractive path for stealing credentials and distributing malware. Hundreds of thousands of software projects depend on these open source packages – and each of these dependencies has its own dependencies, a complex web that some call “ dependency hell ” – so hackers know that any new version they successfully compromise will be downloaded by countless developers when they run npm, composer
We Live Security
MAY 27, 2022
As with everything digital, there's someone, somewhere devising a method to steal the assets away from their rightful owners. The post Scams targeting NFT investors – Week in security with Tony Anscombe appeared first on WeLiveSecurity.
Security Boulevard
MAY 27, 2022
Unlike any other time in history, the past decade has shown us the power of technology to transform our working and personal lives. Technology-enabled shopping, banking and working from any location made the restrictions from COVID-19 more manageable. We are also getting a hint of the power that big data, AI and machine learning will. The post Making the Metaverse Safe For Everyone appeared first on Security Boulevard.
Advertisement
The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.
Dark Reading
MAY 27, 2022
Organizations must ensure their kubelets and related APIs aren’t inadvertently exposed or lack proper access control, offering an easy access point for malicious actors.
Bleeping Computer
MAY 27, 2022
Cybercriminals are offering to sell for thousands of U.S. dollars network access credentials for higher education institutions based in the United States. [.].
Security Boulevard
MAY 27, 2022
The cloud represents a gamechanger in the way businesses access and use technology, but it’s also brought with it major implementation challenges. The most fundamental of these is simply that the cloud comprises multiple services and platforms, which has made integration a critical piece in the cloud strategy puzzle. According to Radware’s The State of […].
Bleeping Computer
MAY 27, 2022
Microsoft security researchers have found high severity vulnerabilities in a framework used by Android apps from multiple large international mobile service providers. [.].
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
The Hacker News
MAY 27, 2022
Details have emerged about a recently patched critical remote code execution vulnerability in the V8 JavaScript and WebAssembly engine used in Google Chrome and Chromium-based browsers. The issue relates to a case of use-after-free in the instruction optimization component, successful exploitation of which could "allow an attacker to execute arbitrary code in the context of the browser.
Heimadal Security
MAY 27, 2022
Zyxel is a trademark name that is used by both Zyxel Communications Corp. and Zyxel Networks, two companies that are involved in the production of networking equipment as well as the provision of services to communications service providers. Zyxel firms have their headquarters in Hsinchu, Taiwan, with branch offices all around the world, including in […].
Dark Reading
MAY 27, 2022
The 14th defendant behind The Infraud Organization contraband marketplace has been sentenced, this time for one count of racketeering.
The Hacker News
MAY 27, 2022
Zyxel has released patches to address four security flaws affecting its firewall, AP Controller, and AP products to execute arbitrary operating system commands and steal select information.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Expert insights. Personalized for you.
213 
Let's personalize your content