Schneier on Security

JANUARY 3, 2023

A group of Chinese researchers have just published a paper claiming that they can—although they have not yet done so—break 2048-bit RSA. This is something to take seriously. It might not be correct, but it’s not obviously wrong. We have long known from Shor’s algorithm that factoring with a quantum computer is easy. But it takes a big quantum computer, on the orders of millions of qbits, to factor anything resembling the key sizes we use today.

Encryption 364

Encryption Government Information Security 364

The Last Watchdog

JANUARY 3, 2023

For the average user, the Internet is an increasingly dangerous place to navigate. Related: Third-party snooping is widespread. Consider that any given website experiences approximately 94 malicious attacks a day , and that an estimated 12.8 million websites are infected with malware. So, in response to these numbers, users are seeking ways to implement a more secure approach to web browsing.

Malware 214

Malware Advertising Engineering Authentication 214

Anton on Security

JANUARY 3, 2023

This is my completely informal, uncertified, unreviewed and otherwise completely unofficial blog inspired by my reading of our fifth Threat Horizons Report ( full version ) that we just released ( the official blog for #1 report , my unofficial blogs for #2 , #3 and #4 ). My favorite quotes from the report follow below: “ Identity and trust relationships in and between cloud environments will continue to get more complex, challenging visibility and enabling threat actors to have wider and deepe

Cybersecurity 185

Cybersecurity Backups DDOS Ransomware 185

The Last Watchdog

JANUARY 3, 2023

At the start of 2023, consumers remain out in the cold when it comes to online protection. Related: Leveraging employees as human sensors. Malicious online actors grow ever more sophisticated, making cybersecurity as big a concern for everyday consumers as it ever has been. These days, ordinary people are facing increasing —and more complex—threats than ever before.

Risk 203

Risk Cybersecurity Antivirus Phishing 203

Speaker: Erroll Amacker

Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.

Risk

Graham Cluley

JANUARY 3, 2023

Do you use the LastPass password manager? Did you know they suffered a data breach, and that your passwords may be at risk? You do now. Here's what you need to know.

Password Management 145

Password Management Data breaches Passwords Hacking 145

We Live Security

JANUARY 3, 2023

With many children spending a little too much time playing video games, learn to spot the signs things may be spinning out of control. The post Gaming: How much is too much for our children? appeared first on WeLiveSecurity.

143

143

Security Boulevard

JANUARY 3, 2023

TikTok’s days are numbered in the U.S.—if the GOP has its way. The post ‘We Must Ban TikTok!’ — Senate, House, FCC Agree appeared first on Security Boulevard.

Social Engineering 135

Social Engineering Media Security Awareness Engineering 135

Graham Cluley

JANUARY 3, 2023

Music-streaming service Deezer has owned up to a data breach, after hackers managed to steal the data of over 200 million of its users.

Data breaches 132

Data breaches Hacking 132

CSO Magazine

JANUARY 3, 2023

LockBit , a prominent ransomware-as-a-service (RaaS) operation, has apologized for an attack on the Toronto-based Hospital for Sick Children, also known as SickKids, and offered a free decryptor. SickKids, a major pediatric teaching hospital, announced on December 19 that it had called a Code Grey system failure, as it was responding to a cybersecurity incident that was affecting several network systems at the hospital.

Ransomware 125

Ransomware Cybersecurity 125

CyberSecurity Insiders

JANUARY 3, 2023

By Motti Elloul, VP Customer Success and Incident Response, Perception Point. Enterprise security teams are spending astonishing amounts of time and money remediating cybersecurity incidents. A successful email-based cyber-attack can take security staff an average of 86 hours to address, which can cost $6,452 per incident in time alone. Considering the current economic climate, and with the impact of phishing and other serious cyberthreats forecast to intensify, the price for effective cyber-pro

Artificial Intelligence 123

Artificial Intelligence Cybersecurity Phishing Ransomware 123

Advertisement

Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.

Cyber threats

Naked Security

JANUARY 3, 2023

When someone calls you up to warn you that your bank account is under attack - it's true, because THAT VERY PERSON is the one attacking you!

Banking 120

Banking Accountability Cryptocurrency Scams 120

CyberSecurity Insiders

JANUARY 3, 2023

The ransomware attack that took place on British Daily Newspaper ‘The Guardian’ seems to have intensified deeply as the staff of the media group has been advised to work from home and have been handed over separate email ids for official communication. Guardian’s servers were hacked and a file encrypting malware was introduced into the daily computer network in the first week of December 2022.

Ransomware 121

Ransomware Media Malware Cyber Attacks 121

Heimadal Security

JANUARY 3, 2023

RedZei (or RedThief) Chinese-speaking hackers are targeting U.K.-based Chinese international students, a wealthy victim group, with scam calls. The campaign is ongoing for more than a year and shows that threat actors have meticulously selected and researched their victims. Details About the Campaign To bypass security measures, like phone number-based blocking, RedZei group takes several […].

Scams 119

Scams Cybersecurity 119

CyberSecurity Insiders

JANUARY 3, 2023

Intel, the world-renowned silicon chipmaker, has extended its partnership with Check Point Software technologies to boost its chipsets defense line against ransomware attacks. So, as a part of this collaboration the Harmony Endpoint solution from Check Point will be integrated into Intel vPro’s AI and ML driven threat detection tech allowing CPUs manufactured by the silicon wafer making giant analyze pre-detect data encryption commands in the digital attack flow.

Software 120

Software Ransomware Encryption Manufacturing 120

Advertisement

The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.

Cybersecurity

Heimadal Security

JANUARY 3, 2023

A cyberattack launched on December 27, 2022, caused the Canadian Copper Mountain Mining Corporation (CMMC) to shut down its operations. The IT team of the company from British Columbia quickly implemented the predefined risk management systems and protocols to contain the incident. What Happened? The incident was made public on the 29th of December via […].

Ransomware 119

Ransomware Risk Cybersecurity 119

Dark Reading

JANUARY 3, 2023

Researchers who discovered the backdoor Linux malware say it may have been around for more than three years — and it targets 30+ plug-in bugs.

Malware 118

Malware 118

CyberSecurity Insiders

JANUARY 3, 2023

Adobe, the business owner of PhotoShop, has made it official that it will start accepting AI generated artwork on its Stock Photo platform, provided users follow its revised policies. Therefore, users can submit their finished artwork generated by the technology of Artificial Intelligence, provided they abide by the copyright infringement clauses to the core.

Artificial Intelligence 115

Artificial Intelligence Technology Media Software 115

Security Boulevard

JANUARY 3, 2023

When people think about business, they often think in terms of products and services offered. When employees think about business, they tend to think of it more in terms of organizational culture and what the organization offers in exchange for joining the team. . The post 4 Ways to Build Cybersecurity Best Practices into Your Organizational Culture appeared first on Security Boulevard.

Cybersecurity 115

Cybersecurity Risk Government Ransomware 115

Speaker: Sierre Lindgren

Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.

Scams

Dark Reading

JANUARY 3, 2023

Dark Reading's Kelly Jackson Higgins explains the enormous legacy left behind by Dan Kaminsky and his seminal "Great DNS Vulnerability" talk at Black Hat 2008.

Internet 112

Internet Internet DNS 112

Security Boulevard

JANUARY 3, 2023

A group of Chinese researchers have just published a paper claiming that they can—although they have not yet done so—break 2048-bit RSA. This is something to take seriously. It might not be correct, but it’s not obviously wrong. We have long known from Shor’s algorithm that factoring with a quantum computer is easy. But it takes a big quantum computer, on the orders of millions of qbits, to factor anything resembling the key sizes we use today.

111

111

CSO Magazine

JANUARY 3, 2023

Many businesses have made rapid advancements in their digital transformation strategy and adoption of cloud/hybrid cloud environments. Although every organization is unique and has its own starting point, successful transformation requires network and security team collaboration and compromise. A recent study by Omdia, “Assessing the Role of Packet Intelligence in Securing the Modern Enterprise Network Environment,” breaks down this journey based on a sample of more than 100 participants from bo

Digital transformation 100

Digital transformation 100

The Hacker News

JANUARY 3, 2023

A new malware campaign has been observed using sensitive information stolen from a bank as a lure in phishing emails to drop a remote access trojan called BitRAT. The unknown adversary is believed to have hijacked the IT infrastructure of a Colombian cooperative bank, using the information to craft convincing decoy messages to lure victims into opening suspicious Excel attachments.

Banking 99

Banking Malware Phishing 99

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

Malwarebytes

JANUARY 3, 2023

Some of Okta’s source code fell into the hands of an unauthorized party. The code was stolen from GitHub in the first part of December, according to a statement issued by the company. In the same statement the company reassured users that there was no impact to any customers. Okta. Okta is an access management company based in San Francisco. According to its own website, Okta serves over 15,000 organizations.

Software 98

Software Risk Cybersecurity 98

The Hacker News

JANUARY 3, 2023

Financial and insurance sectors in Europe have been targeted by the Raspberry Robin worm, as the malware continues to evolve its post-exploitation capabilities while remaining under the radar. "What is unique about the malware is that it is heavily obfuscated and highly complex to statically disassemble," Security Joes said in a new report published Monday.

Insurance 98

Insurance Malware 98

Security Affairs

JANUARY 3, 2023

Synology fixed several critical flaws in its routers, including flaws likely demonstrated at the Pwn2Own 2022 hacking contest. Taiwanese NAS maker Synology published two new critical advisories in December. The first advisory is related to the most severe vulnerability addressed by the company, which is a critical out-of-bounds write issue, tracked as CVE-2022-43931 (CVSS3 Base Score10).

VPN 98

VPN Hacking Internet Internet 98

Security Boulevard

JANUARY 3, 2023

In this new Cybersecurity Research Center series, we analyze the OWASP Top 10, which is a list of the most common vulnerabilities in web applications. The post Cybersecurity Research Center Developer Series: The OWASP Top 10 appeared first on Security Boulevard.

Cybersecurity 98

Cybersecurity Software 98

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Security Affairs

JANUARY 3, 2023

Experts warn of a new malware campaign using sensitive information stolen from a bank as a lure to spread the remote access trojan BitRAT. Qualys experts spotted a new malware campaign spreading a remote access trojan called BitRAT using sensitive information stolen from a bank as a lure in phishing messages. BitRAT is a relatively new threat advertised on underground marketplaces and forums since Feb 2021, it is offered for $20.

Banking 98

Banking Malware Phishing DDOS 98

Malwarebytes

JANUARY 3, 2023

The password management company LastPasss notified customers in late December about a recent security incident. The notice was posted as an update of the security incident previously reported in August of 2022, which also was updated and covered on November 30, 2022. According to LastPass, an unknown threat actor accessed a cloud-based storage environment leveraging information obtained from the August incident.

Password Management 98

Password Management Passwords Encryption Accountability 98

Security Affairs

JANUARY 3, 2023

A post published on a popular hacking forum claims Volvo Cars has suffered a new data breach, alleging stolen data available for sale. French cybersecurity Anis Haboubi yesterday first noticed that a threat actor was attempting to sell data allegedly stolen from Volvo Cars on a popular hacking forum. VOLVO CARS aurait été la victime du #ransomware endurance ; 200gb de données sensibles sont en vente ; pic.twitter.com/VFMdv7IBmr — Anis Haboubi |₿| (@HaboubiAnis) January 2, 2023.

Data breaches 98

Data breaches Hacking Ransomware Manufacturing 98

Security Boulevard

JANUARY 3, 2023

If your social media networks are anything like mine, you’ve noticed an uptick in people getting “hacked” lately. Maybe you’ve gotten a weird Facebook message from someone you hadn’t spoken with in a while. Maybe your least tech-y friend is suddenly talking about crypto on Instagram. Or maybe you’ve seen post after post on your timeline of someone saying something like, “Sorry everyone, I got hacked!

Hacking 98

Hacking Media 98

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!