Schneier on Security

JANUARY 3, 2023

A group of Chinese researchers have just published a paper claiming that they can—although they have not yet done so—break 2048-bit RSA. This is something to take seriously. It might not be correct, but it’s not obviously wrong. We have long known from Shor’s algorithm that factoring with a quantum computer is easy. But it takes a big quantum computer, on the orders of millions of qbits, to factor anything resembling the key sizes we use today.

Encryption 363

Encryption Government Information Security 363

The Last Watchdog

JANUARY 3, 2023

For the average user, the Internet is an increasingly dangerous place to navigate. Related: Third-party snooping is widespread. Consider that any given website experiences approximately 94 malicious attacks a day , and that an estimated 12.8 million websites are infected with malware. So, in response to these numbers, users are seeking ways to implement a more secure approach to web browsing.

Malware 188

Malware Advertising Engineering Authentication 188

Anton on Security

JANUARY 3, 2023

This is my completely informal, uncertified, unreviewed and otherwise completely unofficial blog inspired by my reading of our fifth Threat Horizons Report ( full version ) that we just released ( the official blog for #1 report , my unofficial blogs for #2 , #3 and #4 ). My favorite quotes from the report follow below: “ Identity and trust relationships in and between cloud environments will continue to get more complex, challenging visibility and enabling threat actors to have wider and deepe

Cybersecurity 185

Cybersecurity Backups DDOS Accountability 185

Graham Cluley

JANUARY 3, 2023

Do you use the LastPass password manager? Did you know they suffered a data breach, and that your passwords may be at risk? You do now. Here's what you need to know.

Password Management 145

Password Management Data breaches Passwords Hacking 145

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

We Live Security

JANUARY 3, 2023

With many children spending a little too much time playing video games, learn to spot the signs things may be spinning out of control. The post Gaming: How much is too much for our children? appeared first on WeLiveSecurity.

140

140

CyberSecurity Insiders

JANUARY 3, 2023

By Brad Liggett, Technical Director, Americas for Cybersixgill. Technology’s rapid and relentless progress promises to continue apace in 2023, to everyone’s benefit – including cybercriminals’. The year promises a “Spy vs. Spy”-type cyberspace race as both criminals and defenders vie to gain the upper hand using new and emerging technologies. Every technology that enables our cyber teams to pinpoint and resolve threats and prevent attacks more quickly and accurately also benefits cybercriminals.

Technology 135

Technology Cybercrime Artificial Intelligence Government 135

CSO Magazine

JANUARY 3, 2023

LockBit , a prominent ransomware-as-a-service (RaaS) operation, has apologized for an attack on the Toronto-based Hospital for Sick Children, also known as SickKids, and offered a free decryptor. SickKids, a major pediatric teaching hospital, announced on December 19 that it had called a Code Grey system failure, as it was responding to a cybersecurity incident that was affecting several network systems at the hospital.

Ransomware 125

Ransomware Cybersecurity 125

CyberSecurity Insiders

JANUARY 3, 2023

By Motti Elloul, VP Customer Success and Incident Response, Perception Point. Enterprise security teams are spending astonishing amounts of time and money remediating cybersecurity incidents. A successful email-based cyber-attack can take security staff an average of 86 hours to address, which can cost $6,452 per incident in time alone. Considering the current economic climate, and with the impact of phishing and other serious cyberthreats forecast to intensify, the price for effective cyber-pro

Artificial Intelligence 123

Artificial Intelligence Cybersecurity Phishing Technology 123

Security Boulevard

JANUARY 3, 2023

When people think about business, they often think in terms of products and services offered. When employees think about business, they tend to think of it more in terms of organizational culture and what the organization offers in exchange for joining the team. . The post 4 Ways to Build Cybersecurity Best Practices into Your Organizational Culture appeared first on Security Boulevard.

Cybersecurity 114

Cybersecurity Risk Government Ransomware 114

CyberSecurity Insiders

JANUARY 3, 2023

The ransomware attack that took place on British Daily Newspaper ‘The Guardian’ seems to have intensified deeply as the staff of the media group has been advised to work from home and have been handed over separate email ids for official communication. Guardian’s servers were hacked and a file encrypting malware was introduced into the daily computer network in the first week of December 2022.

Ransomware 121

Ransomware Media Malware Cyber Attacks 121

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Security Boulevard

JANUARY 3, 2023

A group of Chinese researchers have just published a paper claiming that they can—although they have not yet done so—break 2048-bit RSA. This is something to take seriously. It might not be correct, but it’s not obviously wrong. We have long known from Shor’s algorithm that factoring with a quantum computer is easy. But it takes a big quantum computer, on the orders of millions of qbits, to factor anything resembling the key sizes we use today.

110

110

CyberSecurity Insiders

JANUARY 3, 2023

Intel, the world-renowned silicon chipmaker, has extended its partnership with Check Point Software technologies to boost its chipsets defense line against ransomware attacks. So, as a part of this collaboration the Harmony Endpoint solution from Check Point will be integrated into Intel vPro’s AI and ML driven threat detection tech allowing CPUs manufactured by the silicon wafer making giant analyze pre-detect data encryption commands in the digital attack flow.

Software 120

Software Ransomware Encryption Manufacturing 120

Graham Cluley

JANUARY 3, 2023

Music-streaming service Deezer has owned up to a data breach, after hackers managed to steal the data of over 200 million of its users.

Data breaches 125

Data breaches Hacking 125

CyberSecurity Insiders

JANUARY 3, 2023

Adobe, the business owner of PhotoShop, has made it official that it will start accepting AI generated artwork on its Stock Photo platform, provided users follow its revised policies. Therefore, users can submit their finished artwork generated by the technology of Artificial Intelligence, provided they abide by the copyright infringement clauses to the core.

Artificial Intelligence 115

Artificial Intelligence Technology Media Software 115

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Naked Security

JANUARY 3, 2023

When someone calls you up to warn you that your bank account is under attack - it's true, because THAT VERY PERSON is the one attacking you!

Banking 120

Banking Accountability Cryptocurrency Scams 120

Dark Reading

JANUARY 3, 2023

Dark Reading's Kelly Jackson Higgins explains the enormous legacy left behind by Dan Kaminsky and his seminal "Great DNS Vulnerability" talk at Black Hat 2008.

DNS 112

DNS Internet Internet 112

Heimadal Security

JANUARY 3, 2023

RedZei (or RedThief) Chinese-speaking hackers are targeting U.K.-based Chinese international students, a wealthy victim group, with scam calls. The campaign is ongoing for more than a year and shows that threat actors have meticulously selected and researched their victims. Details About the Campaign To bypass security measures, like phone number-based blocking, RedZei group takes several […].

Scams 105

Scams Cybersecurity 105

Dark Reading

JANUARY 3, 2023

Researchers who discovered the backdoor Linux malware say it may have been around for more than three years — and it targets 30+ plug-in bugs.

Malware 118

Malware 118

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

CSO Magazine

JANUARY 3, 2023

Many businesses have made rapid advancements in their digital transformation strategy and adoption of cloud/hybrid cloud environments. Although every organization is unique and has its own starting point, successful transformation requires network and security team collaboration and compromise. A recent study by Omdia, “Assessing the Role of Packet Intelligence in Securing the Modern Enterprise Network Environment,” breaks down this journey based on a sample of more than 100 participants from bo

Digital transformation 100

Digital transformation 100

Heimadal Security

JANUARY 3, 2023

A cyberattack launched on December 27, 2022, caused the Canadian Copper Mountain Mining Corporation (CMMC) to shut down its operations. The IT team of the company from British Columbia quickly implemented the predefined risk management systems and protocols to contain the incident. What Happened? The incident was made public on the 29th of December via […].

Ransomware 100

Ransomware Risk Cybersecurity 100

Security Boulevard

JANUARY 3, 2023

In this new Cybersecurity Research Center series, we analyze the OWASP Top 10, which is a list of the most common vulnerabilities in web applications. The post Cybersecurity Research Center Developer Series: The OWASP Top 10 appeared first on Security Boulevard.

Cybersecurity 98

Cybersecurity Software 98

Bleeping Computer

JANUARY 3, 2023

More than 60,000 Microsoft Exchange servers exposed online are yet to be patched against the CVE-2022-41082 remote code execution (RCE) vulnerability, one of the two security flaws targeted by ProxyNotShell exploits. [.].

97

97

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

Security Boulevard

JANUARY 3, 2023

If your social media networks are anything like mine, you’ve noticed an uptick in people getting “hacked” lately. Maybe you’ve gotten a weird Facebook message from someone you hadn’t spoken with in a while. Maybe your least tech-y friend is suddenly talking about crypto on Instagram. Or maybe you’ve seen post after post on your timeline of someone saying something like, “Sorry everyone, I got hacked!

Hacking 98

Hacking Media 98

Bleeping Computer

JANUARY 3, 2023

A new phishing campaign is exploiting the increasing interest of security community members towards Flipper Zero to steal their personal information and cryptocurrency. [.].

Phishing 97

Phishing InfoSec Cryptocurrency 97

Security Boulevard

JANUARY 3, 2023

In this blog, we’ll take a look at Part One of the Securing The Software Supply Chain series released by the NSA, the CISA, and the ODNI. The post What does the Federal Guidance on Securing the Software Supply Chain Mean for Developers? appeared first on Security Boulevard.

Software 98

Software 98

Malwarebytes

JANUARY 3, 2023

The password management company LastPasss notified customers in late December about a recent security incident. The notice was posted as an update of the security incident previously reported in August of 2022, which also was updated and covered on November 30, 2022. According to LastPass, an unknown threat actor accessed a cloud-based storage environment leveraging information obtained from the August incident.

Password Management 96

Password Management Passwords Encryption Accountability 96

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Security Boulevard

JANUARY 3, 2023

This is my completely informal, uncertified, unreviewed and otherwise completely unofficial blog inspired by my reading of our fifth Threat Horizons Report ( full version ) that we just released ( the official blog for #1 report , my unofficial blogs for #2 , #3 and #4 ). My favorite quotes from the report follow below: “ Identity and trust relationships in and between cloud environments will continue to get more complex, challenging visibility and enabling threat actors to have wider and deepe

Cybersecurity 98

Cybersecurity Backups DDOS Accountability 98

The Hacker News

JANUARY 3, 2023

A new malware campaign has been observed using sensitive information stolen from a bank as a lure in phishing emails to drop a remote access trojan called BitRAT. The unknown adversary is believed to have hijacked the IT infrastructure of a Colombian cooperative bank, using the information to craft convincing decoy messages to lure victims into opening suspicious Excel attachments.

Banking 94

Banking Malware Phishing 94

Security Boulevard

JANUARY 3, 2023

Learn about DMARC security and how to effectively implement and manage it to protect your brand from email impersonation and phishing attacks. The post 4 Key Limitations of DMARC For Brand Protection appeared first on Security Boulevard.

Phishing 98

Phishing 98

The Hacker News

JANUARY 3, 2023

Synology has released security updates to address a critical flaw impacting VPN Plus Server that could be exploited to take over affected systems. Tracked as CVE-2022-43931, the vulnerability carries a maximum severity rating of 10 on the CVSS scale and has been described as an out-of-bounds write bug in the remote desktop functionality in Synology VPN Plus Server.

VPN 93

VPN 93

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.