Thu.Jun 30, 2022

ZuoRAT Malware Is Targeting Routers

Schneier on Security

Wired is reporting on a new remote-access Trojan that is able to infect at least eighty different targets: So far, researchers from Lumen Technologies’ Black Lotus Labs say they’ve identified at least 80 targets infected by the stealthy malware, including routers made by Cisco, Netgear, Asus, and DrayTek.

Brilliant Advice From Abraham Lincoln About Internet News Reports

Joseph Steinberg

Nearly a decade ago, well before most people had first heard the term “fake news,” I wrote a piece for Forbes unlike any other piece I had ever written before. Since then, I have seen many Internet memes circulate that appear to convey a similar message.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Top of Mind Security Insights from In-Person Interactions

Cisco CSR

The past few months have been chockfull of conversations with security customers, partners, and industry leaders. After two years of virtual engagements, in-person events like our CISO Forum and Cisco Live as well as the industry’s RSA Conference underscore the power of face-to-face interactions.

Retail 112

18 Zero-Days Exploited So Far in 2022

Dark Reading

It didn't have to be this way: So far 2022's tranche of zero-days shows too many variants of previously patched security bugs, according Google Project Zero

103
103

Successful Change Management with Enterprise Risk Management

Speaker: William Hord, Vice President of ERM Services

Join us as we discuss the various tangents of data and the change management process that will help you make better risk-based business decisions to save time and money for your organization.

Korean cybersecurity agency released a free decryptor for Hive ransomware

Security Affairs

Good news for the victims of the Hive ransomware, Korean security researchers have released a free decryptor for some versions. Good news for the victims of the Hive ransomware , the South Korean cybersecurity agency KISA has released a free decryptor for versions from v1 till v4.

A Fintech Horror Story: How One Company Prioritizes Cybersecurity

Dark Reading

A password link that didn't expire leads to the discovery of exposed personal information at a payments service

More Trending

API Security Losses Total Billions, But It's Complicated

Dark Reading

A recent analysis of breaches involving application programming interfaces (APIs) arrives at some eye-popping damage figures, but which companies are most affected, and in what ways

97

ESG’s Report on the Role of XDR in SOC Modernization

Cisco CSR

Extended Detection and Response, or XDR, the cybersecurity topic that dominated the RSA conference 2022 show floor with multiple vendors, has been getting a lot of attention lately, and for good reason.

Hacking Linux is Easy with PwnKit

eSecurity Planet

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added PwnKit as a high-severity Linux vulnerability to its list of actively exploited bugs.

How traditional security tools fail to protect companies against ransomware

Tech Republic Security

Most organizations surveyed by Titaniam have existing security prevention and backup tools, but almost 40% have still been hit by ransomware attacks in the last year. The post How traditional security tools fail to protect companies against ransomware appeared first on TechRepublic.

Cover Your SaaS: How to Overcome Security Challenges and Risks For Your Organization

Speaker: Ronald Eddings, Cybersecurity Expert and Podcaster

In this webinar, Ronald Eddings, Cybersecurity Expert, will outline the relationship between SaaS apps and IT & security teams, along with several actionable solutions to overcome the new difficulties facing your organization.

S3 Ep89: Sextortion, blockchain blunder, and an OpenSSL bugfix [Podcast + Transcript]

Naked Security

Latest episode - listen and read now! Use our advice to advise your own friends and family. let's all do our bit to stand up to scammers! Cryptocurrency Cryptography Law & order Podcast Vulnerability crypto cryptocurrency extortion Naked Security Podcast openssl scammers

Protect your browsing for life with this innovative hardware

Tech Republic Security

The Deeper Connect Mini Decentralized VPN & Firewall Hardware provides reliable and secure network connectivity worldwide. The post Protect your browsing for life with this innovative hardware appeared first on TechRepublic. Hardware Security deeper connect mini VPN vpn and firewall hardware

VPN 124

Critical ManageEngine ADAudit Plus Vulnerability Allows Network Takeover, Mass Data Exfiltration

Dark Reading

An unauthenticated remote code execution vulnerability found in Zoho’s compliance tool could leave organizations exposed to an information disclosure catastrophe, new analysis shows

83

Get 15 hours of basic cybersecurity education online for just $29

Tech Republic Security

This bundle provides a strong overview of the cybersecurity field. The post Get 15 hours of basic cybersecurity education online for just $29 appeared first on TechRepublic. Security

How Preparation and Strategy Can Be Used to Fight and Defeat Any Ransomware Attack

Speaker: Karl Camilleri, Cloud Services Product Manager at phoenixNAP

Through a detailed analysis of major attacks and their consequences, Karl Camilleri, Cloud Services Product Manager at phoenixNAP, will discuss the state of ransomware and future predictions, as well as provide best practices for attack prevention and recovery.

Cybersecurity Awareness: Definition, Importance, Purpose and Challenges

Security Boulevard

Cybersecurity awareness is an ongoing process of educating employees about the threats that lurk in cyberspace and how to act responsibly. Learn more. The post Cybersecurity Awareness: Definition, Importance, Purpose and Challenges appeared first on Security Boulevard.

Have you ever found phishing emails confusing? You aren’t alone

Tech Republic Security

Kaspersky explores the ways hackers are able to confuse users through seemingly legitimate email templates. The post Have you ever found phishing emails confusing? You aren’t alone appeared first on TechRepublic. Security

Ransomware attack suspected on Macmillan Publications

CyberSecurity Insiders

Macmillan, that is into the publishing business of educational content, was hit by a cyber attack that is suspected to be of ransomware variant. The company is yet to confirm the incident.

SYN Ventures and the Specialization of Cybersecurity Venture Capital

Security Boulevard

A deep dive into SYN Ventures and the rise of specialist venture capital funds within the cybersecurity ecosystem. The post SYN Ventures and the Specialization of Cybersecurity Venture Capital appeared first on Security Boulevard. Security Bloggers Network venture-capital

How to Avoid the Pain and Cost of PCI Compliance While Optimizing Payments

Speaker: P. Andrew Sjogren, Sr. Product Marketing Manager at Very Good Security, Matt Doka, Co-Founder and CTO of Fivestars, and Steve Andrews, President & CEO of the Western Bankers Association 

In this webinar, we have a great set of panelists who will take you through how Zero Data strategies can be used as part of a well-rounded compliance and security approach, and get you to market much sooner by also allowing for payment optimization. They’ll share how to grow your business faster and minimize costs for both security and compliance

Amazon Photos exhibit high severity vulnerability

CyberSecurity Insiders

All you Amazon Photos users out there, please be aware of a high-severity vulnerability in the app that you are using to store photos and videos in original quality.

The Week in Cybersecurity: NATO creates cyber rapid response

Security Boulevard

Welcome to the The Week in Cybersecurity, which brings you the latest headlines from both the world and our team at ReversingLabs about the most pressing topics in cybersecurity.

U.S. FCC Commissioner Asks Apple and Google to Remove TikTok from App Stores

The Hacker News

One of the commissioners of the U.S. Federal Communications Commission (FCC) has renewed calls asking for Apple and Google to boot the popular video-sharing platform TikTok from their app stores citing "its pattern of surreptitious data practices." "It

Risk 82

Google Launches Advanced API Security to Combat API Threats 

Security Boulevard

Google launched a preview version of a service called Advanced API Security aimed at helping organizations combat growing threats targeting application programming interfaces (APIs).

82

Back to the Office: Privacy and Security Solutions to Compliance Issues for 2021 and Beyond

Speaker: Mike Cramer, Director of HIPAA & Data Security at The Word & Brown Companies

Now that companies are slowly allowing employees to return to work at the office, it's time to re-evaluate your company’s posture towards privacy and security. Join Mike Cramer, Director of HIPAA & Data Security at The Word & Brown Companies, for a discussion that will focus on compliance and the types of privacy and security measures your company should be aware of, as well as tips and methods for implementing these measures.

4 Reasons Why Internal Network Penetration Testing Is Vital to Your Business

Mitnick Security

Although vulnerability scans and assessments are crucial for maintaining a strong cybersecurity posture, penetration testing goes beyond the routine to thoroughly test your organization against potential security threats.

CAPTCHA 4WP 7.1.0: Support for Gravity Forms and WPForms

Security Boulevard

We are thrilled to announce the release of CAPTCHA 4WP version 7.1.0. This release features some highly-requested new features alongside a number of improvements to help administrators and website owners ensure the success of CAPTCHA deployments on WordPress websites when using CAPTCHA 4WP.

82

SOHO routers used as initial point of compromise in stealth attack campaign

Tech Republic Security

The attack campaign, possibly state-sponsored, went undetected for nearly two years while targeting SOHO routers to compromise remote workers. The post SOHO routers used as initial point of compromise in stealth attack campaign appeared first on TechRepublic. Security

116
116

Black Basta ransomware – what you need to know

Security Boulevard

What is Black Basta? Black Basta is a relatively new family of ransomware, first discovered in April 2022.

Great Tools To Help Protect Yourself And Your Devices

SecureBlitz

This post will show you great tools to help protect yourself and your devices. Protecting yourself from the dangers of. Read more. The post Great Tools To Help Protect Yourself And Your Devices appeared first on SecureBlitz Cybersecurity. Resources home security

Understanding Have I Been Pwned's Use of SHA-1 and k-Anonymity

Troy Hunt

Four and a half years ago now, I rolled out version 2 of HIBP's Pwned Passwords that implemented a really cool k-anonymity model courtesy of the brains at Cloudflare.

Passive Vs Active Investing: Which Should I Go For?

SecureBlitz

Read on for the Passive vs Active Investing comparison. For the casual investor, passive investing is appealing because of its. Read more. The post Passive Vs Active Investing: Which Should I Go For? appeared first on SecureBlitz Cybersecurity. Tutorials Enterprise

A New, Remarkably Sophisticated Malware Is Attacking Routers

WIRED Threat Level

Researchers say the remote-access Trojan ZuoRAT is likely the work of a nation-state and has infected at least 80 different targets. Security Security / Cyberattacks and Hacks

Pro-Russian hackers launched a massive DDoS attack against Norway

Security Affairs

Norway’s National Security Authority (NSM) confirmed that a DDoS attack took down some of the country’s most important websites.

DDOS 76

LockBit ransomware gang promises bounty payment for personal data

Tech Republic Security

The infamous ransomware-as-a-service group is offering money to researchers and hackers willing to share personal data for exploitation. The post LockBit ransomware gang promises bounty payment for personal data appeared first on TechRepublic. Security