Troy Hunt
FEBRUARY 9, 2023
I think I've pretty much captured it all in the title of this post but as of about a day ago, Pwned Passwords now has full parity between the SHA-1 hashes that have been there since day 1 and NTLM hashes. We always had both as a downloadable corpus but as of just over a year ago with the introduction of the FBI data feed , we stopped maintaining downloadable behemoths of data.
Schneier on Security
FEBRUARY 9, 2023
This is a neat piece of historical research. The team of computer scientist George Lasry, pianist Norbert Biermann and astrophysicist Satoshi Tomokiyo—all keen cryptographers—initially thought the batch of encoded documents related to Italy, because that was how they were filed at the Bibliothèque Nationale de France. However, they quickly realised the letters were in French.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Krebs on Security
FEBRUARY 9, 2023
Authorities in the United States and United Kingdom today levied financial sanctions against seven men accused of operating “ Trickbot ,” a cybercrime-as-a-service platform based in Russia that has enabled countless ransomware attacks and bank account takeovers since its debut in 2016. The U.S. Department of the Treasury says the Trickbot group is associated with Russian intelligence services, and that this alliance led to the targeting of many U.S. companies and government entities.
Tech Republic Security
FEBRUARY 9, 2023
A new Kaspersky report sheds light on why some tech pros look for jobs on the dark web and how to spot suspicious and likely illegal positions from recruiters in that environment. The post How IT jobs and recruiting on the dark web might trick you appeared first on TechRepublic.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Security Boulevard
FEBRUARY 9, 2023
Implementing modern cryptography standards on tiny IoT devices is hard. They’re underpowered, need to sip battery charge and something like AES is often overkill. The post Amazing Fast Crypto for IoT — US NIST Fingers ASCON appeared first on Security Boulevard.
Tech Republic Security
FEBRUARY 9, 2023
There’s a new, more secure way to encrypt files in Windows 11, but it’s only an option for building secure applications, not a replacement for BitLocker. The post Personal data encryption in Windows 11 appeared first on TechRepublic.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Tech Republic Security
FEBRUARY 9, 2023
One of the web's biggest cybersecurity training resources, The Complete 2023 Cyber Security Developer & IT Skills Bundle, is now just $79. The post If your business needs cybersecurity, you should become the expert appeared first on TechRepublic.
The Hacker News
FEBRUARY 9, 2023
The OpenSSL Project has released fixes to address several security flaws, including a high-severity bug in the open source encryption toolkit that could potentially expose users to malicious attacks. Tracked as CVE-2023-0286, the issue relates to a case of type confusion that may permit an adversary to "read memory contents or enact a denial-of-service," the maintainers said in an advisory.
Tech Republic Security
FEBRUARY 9, 2023
The trend will carry from the past 12 months when more than a third of executives polled by Deloitte said that cyberattacks targeted their financial and accounting data. The post C-suite execs expect cyberattacks targeting financial data to increase this year appeared first on TechRepublic.
Security Boulevard
FEBRUARY 9, 2023
Gamification is a powerful thing. Applying elements of gaming—like rules, score-keeping and friendly competition—to other activities is a solid strategy for boosting engagement and motivation. Take Pokemon Go, for example, which inadvertently gamified the act of walking when the walk-as-you-game app exploded in popularity several years ago. Collectively, the Pokemon Go community has walked over.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Security Affairs
FEBRUARY 9, 2023
Researchers reported that the top-of-the-line Android mobile devices sold in China are shipped with malware. China is currently the country with the largest number of Android mobile devices, but a recent study conducted by researchers from the University of Edinburgh and the Trinity College of Dublin revealed that top-of-the-line Android devices sold in the country are shipped with spyware.
Security Boulevard
FEBRUARY 9, 2023
The Super Bowl–where football legends rise, and brands test their grit. A showcase of the fiercest competition and advertising muscle. We tune in for the NFL’s top talent and brands’ blockbuster ads, but what goes on behind the scenes? As advertisers, IT teams and CIOs prep for their own big plays, similarities can be drawn. The post Super Bowl Cybersecurity: Safeguarding Your Viral Moment appeared first on Security Boulevard.
The Hacker News
FEBRUARY 9, 2023
A set of 38 security vulnerabilities has been uncovered in wireless industrial internet of things (IIoT) devices from four different vendors that could pose a significant attack surface for threat actors looking to exploit operational technology (OT) environments.
Security Boulevard
FEBRUARY 9, 2023
Just came across this and I've decided to elaborate and offer actionable intelligence on the whereabouts of TrickBot's Bitzlato cryptocurrency exchange. Company name: Bitzlato Limited Company owner: Anatoly Legkodymov Company URLs: hxxp://bitzlato.com - 103.41.71.252; hxxp://bitzlato.net - 103.41.71.252; 104.21.64.203; 104.24.117.5; 172.67.136.54; 104.24.116.5; 154.92.19.56; 107.161.23.204; 192.161.187.200; 209.141.38.71 - hxxp://bitzla.to - hxxp://bitzlato.bz - hxxp://bitzlato.bz - hxxp://ch
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Dark Reading
FEBRUARY 9, 2023
From shadow data to misconfigurations, and overpermissioning to multicloud sprawl, Dark Reading's cloud security slideshow helps security pros understand the threat horizon.
CyberSecurity Insiders
FEBRUARY 9, 2023
Australian Defense Ministry has issued a ban on the use of Chinese surveillance cameras and products inside all government buildings from now on. Meaning, all new purchases will be halted and the existing hardware and related software will be replaced in a phased manner. The issue resumed significance when certain fears were raised in Britain regarding surveillance software and hardware being discovered inside the cars used by UK Government officials and elected members.
SecureBlitz
FEBRUARY 9, 2023
Hosting a live event of any size can be very stressful. There are so many things to consider if you want the day to be perfect. Many business professionals, advertisers, and vendors are looking for live niche events. Such occasions provide a great chance for networking and interacting with people from the same industry. It […] The post 5 Amazing Ways To Host The Perfect Live Event appeared first on SecureBlitz Cybersecurity.
Graham Cluley
FEBRUARY 9, 2023
Perhaps the biggest punishment of all will be Dennis Su's name being forever associated with an extraordinarily inept and cack-handed attempt to frighten people out of money.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
The Hacker News
FEBRUARY 9, 2023
Popular social news aggregation platform Reddit has disclosed that it was the victim of a security incident that enabled unidentified threat actors to gain unauthorized access to internal documents, code, and some unspecified business systems. The company blamed it on a "sophisticated and highly-targeted phishing attack" that took place on February 5, 2023, targeting its employees.
Security Affairs
FEBRUARY 9, 2023
Experts warn of new ESXiArgs ransomware attacks using an upgraded version that makes it harder to recover VMware ESXi virtual machines. Experts spotted a new variant of ESXiArgs ransomware targeting VMware ESXi servers, authors have improved the encryption process, making it much harder to recover the encrypted virtual machines. The new variant was spotted less than a week after the first alert was launched by CERT-FR warning of an ESXi ransomware targeting thousands of VMware servers in a globa
Tech Republic Security
FEBRUARY 9, 2023
Internet use in the course of conducting business is a foregone conclusion. For most industries, lacking access is an encumbrance, at best, to getting things done. However, significant risk accompanies internet access, such as viruses, ransomware and data theft, all of which result from unsafe practices. In other words, infections can occur just from connecting.
CSO Magazine
FEBRUARY 9, 2023
The FBI and CISA have released a recovery script for the global ESXiArgs ransomware campaign targeting VMware ESXi servers, but the ransomware has since been updated to elude former attempts at remediation.
Advertisement
The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.
Bleeping Computer
FEBRUARY 9, 2023
A new threat actor tracked as TA886 targets organizations in the United States and Germany with new custom malware to perform surveillance and data theft on infected systems. [.
Dark Reading
FEBRUARY 9, 2023
A sophisticated cyber-espionage attack against high-value targets attending a maritime technology conference in Pakistan this weekend has been in the works since last year.
SecureBlitz
FEBRUARY 9, 2023
When selecting server hosting, you have a wide range of solutions. Bare metal servers and virtual server hosting are two of the most popular types but since each of these options has distinct benefits and drawbacks, figuring out which one is best for your organization can be a challenge. While a virtual server has unmatched […] The post Comparing Bare Metal vs Virtual Server Hosting: Everything You Need to Know appeared first on SecureBlitz Cybersecurity.
CSO Magazine
FEBRUARY 9, 2023
Security teams are comprised primarily of operations, compliance, and policy-related roles. Security engineering teams, on the other hand, are builders. They build services, automate processes, and streamline deployments to support the core security team and its stakeholders. Security engineering teams are typically made up of software and infrastructure engineers, architects, and product managers.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Heimadal Security
FEBRUARY 9, 2023
Four malicious Dota 2 game mods that were used by a threat actor to backdoor the players’ systems have been found by security experts. To target players, the threat actors published the mods for the wildly popular MOBA game on Steam. Details on the Attack The game mods in question were the following: Overdog no […] The post Dota 2 Game Mods Use Backdoor to Infect Players with Malware appeared first on Heimdal Security Blog.
Bleeping Computer
FEBRUARY 9, 2023
A new phishing campaign targeting Amazon Web Services (AWS) logins is abusing Google ads to sneak phishing sites into Google Search to steal your login credentials. [.
Security Affairs
FEBRUARY 9, 2023
The US and the UK have sanctioned seven Russian individuals for their involvement in the TrickBot operations. The US and the UK authorities have sanctioned seven Russian individuals for their involvement in the TrickBot operations. The US Treasury has frozen the assets belonging to the individuals and imposed travel bans against them. The US Treasury points out that persons that engage in certain transactions with the sanctioned individuals may themselves be exposed to designation. “Today,
CSO Magazine
FEBRUARY 9, 2023
The recent kerfuffle surrounding the Chinese surveillance balloon that sailed above Canada and the United States before meeting its demise off the southeastern coast of the United States has tongues wagging and heads scratching in equal measure. While some may write this off as geopolitical shenanigans by China and nothing to fret about, I submit that it is emblematic of a nation-state using all resources available to acquire pieces of information and fill in the blanks on the mosaic they are bu
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Expert insights. Personalized for you.
287 
Let's personalize your content