Krebs on Security
FEBRUARY 26, 2023
Web hosting giant GoDaddy made headlines this month when it disclosed that a multi-year breach allowed intruders to steal company source code, siphon customer and employee login credentials, and foist malware on customer websites. Media coverage understandably focused on GoDaddy’s admission that it suffered three different cyberattacks over as many years at the hands of the same hacking group.
Lohrman on Security
FEBRUARY 26, 2023
This past week was dominated with stories surrounding the one-year mark of Russia’s invasion into Ukraine. What have we learned on the global cybersecurity front in that time?
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Naked Security
FEBRUARY 26, 2023
Even in Apple's and Google's "walled gardens", there are plenty of 2FA apps that are either dangerously incompetent, or unrepentantly malicious. (Or perhaps both.
Graham Cluley
FEBRUARY 26, 2023
Graham Cluley Security News is sponsored this week by the folks at Sysdig. Thanks to the great team there for their support! The unmanageable number of vulnerabilities in the cloud is the worst-kept secret. The Sysdig 2023 Cloud-Native Security and Usage report found that 87% of container images have high or critical vulnerabilities! Surely not … Continue reading "The cloud’s worst kept secret?
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Bleeping Computer
FEBRUARY 26, 2023
Microsoft Edge's built-in VPN functionality could soon begin rolling out to users in the stable channel. Edge's VPN 'Edge Secure Network' uses Cloudflare and aims to protect your device and sensitive data as you browse, but remember it is not a proper replacement for your VPN. [.
Security Boulevard
FEBRUARY 26, 2023
Of the numerous security frameworks available to help companies protect against cyber-threats, many consider ISO 27001 to be the gold standard. Related: The demand for ‘digital trust’ Organizations rely on ISO 27001 to guide risk management and customer data protection … (more…) The post GUEST ESSAY: The case for complying with ISO 27001 — the gold standard of security frameworks appeared first on Security Boulevard.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Security Boulevard
FEBRUARY 26, 2023
At the Mobile World Congress event, Palo Alto Networks today launched a service for securing operation technology (OT) assets that is based on the same core technologies it relies on to secure IT environments. Xu Zou, vice president for network security as Palo Alto Networks, said the Zero Trust OT Security service will also make. The post Palo Alto Networks Unfurls OT Security Service appeared first on Security Boulevard.
Bleeping Computer
FEBRUARY 26, 2023
Security researchers have noticed that the operators of the ChromeLoader browser hijacking and adware campaign are now using VHD files named after popular games. Previously, such campaigns relied on ISO-based distribution. [.
Security Affairs
FEBRUARY 26, 2023
The producers of fruit and vegetables Dole Food Company disclosed a ransomware attack that impacted its operations. Dole Food Company is an Irish agricultural multinational corporation, it is one of the world’s largest producers of fruit and vegetables, operating with 38,500 full-time and seasonal employees who supply some 300 products in 75 countries.
The Hacker News
FEBRUARY 26, 2023
The Dutch police announced the arrest of three individuals in connection with a "large-scale" criminal operation involving data theft, extortion, and money laundering. The suspects include two 21-year-old men from Zandvoort and Rotterdam and an 18-year-old man without a permanent residence. The arrests were made on January 23, 2023.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Security Affairs
FEBRUARY 26, 2023
The investigation conducted by News Corporation (News Corp) revealed that attackers remained on its network for two years. In February 2022, the American media and publishing giant News Corp revealed it was the victim of a cyber attack from an advanced persistent threat actor that took place in January 2022. The attackers compromised one of the company systems and had access to the emails and documents of some employees.
Malwarebytes
FEBRUARY 26, 2023
Last week on Malwarebytes Labs: GoAnywhere zero-day opened door to Clop ransomware Chip company loses $250m after ransomware hits supply chain GoDaddy says it's a victim of multi-year cyberattack campaign Twitter and two-factor authentication: What's changing? How to set up two-factor authentication on Twitter using an app How to set up two-factor authentication on Twitter using a hardware key Multilingual skimmer fingerprints 'secret shoppers' via Cloudflare endpoint API HardBit ransomware tail
Security Affairs
FEBRUARY 26, 2023
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box. If you want to also receive for free the newsletter with the international press subscribe here. Clasiopa group targets materials research in Asia CERT of Ukraine says Russia-linked APT backdoored multiple govt sites UK won the Military Cyberwarfare exercise Defence Cyber Marvel 2 (DCM2) CISA warns of disruptive attacks amid the anniversar
Graham Cluley
FEBRUARY 26, 2023
Graham Cluley Security News is sponsored this week by the folks at Sysdig. Thanks to the great team there for their support! The unmanageable number of vulnerabilities in the cloud is the worst-kept secret. The Sysdig 2023 Cloud-Native Security and Usage report found that 87% of container images have high or critical vulnerabilities! Surely not … Continue reading "The cloud’s worst kept secret?
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Security Affairs
FEBRUARY 26, 2023
The group of hacktivists CH01 defaced at least 32 Russian websites to mark a protest over the one-year anniversary of the Russian invasion A group of hacktivists that goes online with the moniker CH01 defaced at least 32 Russian websites to mark a protest over the one-year anniversary of the Russian invasion. The news was also shared by the collective Anonymous through its accounts.
Trend Micro
FEBRUARY 26, 2023
This 3-part blog series takes an in-depth look at the evolution of ransomware business models, from the early stages to current trends.
Security Boulevard
FEBRUARY 26, 2023
PeoplActive is an ISO 27001:2013 certified leading tech hiring platform. By utilizing an exclusive network of 4000+ Silicon Valley caliber tech talent specialized in 100+ in-demand IT skills, it was pretty easy for businesses to hire game-changing engineers and developers in just 48 hours. So, if you want to accelerate your business, schedule a quick […] The post Public Cloud Adoption is Accelerating in the MENA Region appeared first on PeoplActive.
Penetration Testing
FEBRUARY 26, 2023
apk.sh apk.sh is a Bash script that makes reverse engineering Android apps easier, automating some repetitive tasks like pulling, decoding, rebuilding, and patching an APK. Features apk.sh basically uses apktool to disassemble, decode and rebuild resources... The post apk.sh v1.0.8 releases: makes reverse engineering Android apps easier appeared first on Penetration Testing.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Security Boulevard
FEBRUARY 26, 2023
Sonatype has been tracking an open source malware campaign developing over the weekend in which a threat actor is infiltrating the PyPI software registry with hundreds of malicious packages. These packages are being rapidly removed by the PyPI admins as they come up, but the behavior continues well into today. The post Attacker floods PyPI with 450+ malicious packages that drop Windows trojan via Dropbox appeared first on Security Boulevard.
The Last Watchdog
FEBRUARY 26, 2023
Of the numerous security frameworks available to help companies protect against cyber-threats, many consider ISO 27001 to be the gold standard. Related: The demand for ‘digital trust’ Organizations rely on ISO 27001 to guide risk management and customer data protection efforts against growing cyber threats that are inflicting record damage , with the average cyber incident now costing $266,000 and as much as $52 million for the top 5% of incidents.
Security Boulevard
FEBRUARY 26, 2023
Web hosting giant GoDaddy made headlines this month when it disclosed that a multi-year breach allowed intruders to steal company source code, siphon customer and employee login credentials, and foist malware on customer websites. Media coverage understandably focused on GoDaddy's admission that it suffered three different cyberattacks over as many years at the hands of the same hacking group.
Malwarebytes
FEBRUARY 26, 2023
The privacy protection authorities for Canada, Québec, British Columbia, and Alberta have announced they will start an investigation into TikTok's privacy practices, especially in relation to its younger users. The investigation will include whether the company obtained valid and meaningful consent from its users for the collection, use, and disclosure of their personal information.
Advertisement
The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.
Security Boulevard
FEBRUARY 26, 2023
Twitter is phasing out its free text message two-factor authentication (2FA) and putting the feature behind a paywall, prompting security experts to advise Twitter users to switch to other authentication methods. How data brokers are selling sensitive mental health data for a few hundred dollars with little attempt to hide identifying information such as names […] The post Twitter’s Paywall 2FA, Mental Health Data for Sale, Meta’s Verified Program appeared first on The Shared Security Show.
Security Boulevard
FEBRUARY 26, 2023
This past week was dominated with stories surrounding the one-year mark of Russia’s invasion into Ukraine. What have we learned on the global cybersecurity front in that time? The post One Year Later: Cyber Battles Still Rage in Ukraine appeared first on Security Boulevard.
Security Boulevard
FEBRUARY 26, 2023
Our thanks to USENIX for publishing their Presenter’s outstanding USENIX Security ’22 Conference content on the organization’s’ YouTube channel. Permalink The post USENIX Security ’22 – Kevin Burk, Fabio Pagani, Christopher Kruegel, Giovanni Vigna – ‘Decomperson: How Humans Decompile And What We Can Learn From It’ appeared first on Security Boulevard.
Expert insights. Personalized for you.
253 
Let's personalize your content