Schneier on Security
NOVEMBER 7, 2022
I have been meaning to write about Joe Sullivan, Uber’s former Chief Security Officer. He was convicted of crimes related to covering up a cyberattack against Uber. It’s a complicated case, and I’m not convinced that he deserved a guilty ruling or that it’s a good thing for the industry. I may still write something, but until then, this essay on the topic is worth reading.
Anton on Security
NOVEMBER 7, 2022
Great blog posts are sometimes hard to find (especially on Medium ), so I decided to do a periodic list blog with my favorite posts of the past quarter or so. Here is the next one. The posts below are ranked by lifetime views. This covers both Anton on Security and my posts from Google Cloud blog , and our Cloud Security Podcast too ( subscribe ). Top 5 most popular posts of all times (these ended up being the same as last quarter) : “Security Correlation Then and Now: A Sad Truth About SIEM” “C
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Tech Republic Security
NOVEMBER 7, 2022
As attackers target the ever-growing IoT attack surface, companies can reduce their risks with these six security best practices. The post 6 ways to reduce your IoT attack surface appeared first on TechRepublic.
The Last Watchdog
NOVEMBER 7, 2022
Cybercriminals are becoming more creative as cybersecurity analysts adapt quickly to new ransomware strategies. Related: How training can mitigate targeted attacks. Ransomware has evolved from classic attacks to more innovative approaches to navigate reinforced security infrastructure. Here’s how hackers crafting new ransomware extortion tactics to keep analysts on their toes: Data exfiltration is no more.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Bleeping Computer
NOVEMBER 7, 2022
Mastodon, the free, open-source, decentralized micro-blogging social media platform, has surpassed a million monthly active users for the first time in its history. [.].
Security Boulevard
NOVEMBER 7, 2022
What’s the best way for a company to test its malware defenses in real-life scenarios? The past few years have seen both an uptick in cyberattacks and a dire shortage of security talent. In fact, a 2017 report predicted that by 2020 businesses will be hit by a threat actor every eleven seconds. Not to. The post Safely Test Your Malware, Ransomware and Virus Defenses appeared first on Security Boulevard.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
eSecurity Planet
NOVEMBER 7, 2022
REMnux is a free community distribution that ethical hackers, security researchers, and many other security pros can leverage to build their own labs and speed up malware analysis. Whether you’re new to these specialties or an experienced investigator, REMnux contains many helpful Debian packages and configurations to perform advanced tasks, such as: Extracting IoCs (Indicators of Compromise) Disassembling/decompiling binaries or windows executables (such as PE files) Decoding, deobfuscating, de
Bleeping Computer
NOVEMBER 7, 2022
Microsoft's WinGet package manager is currently having problems installing or upgrading packages due to the Azure Content Delivery Network (CDN) returning a 0-byte database file. [.].
Heimadal Security
NOVEMBER 7, 2022
The cybercriminals behind Robin Bank have relocated the phishing-as-a-service (PhaaS) platform to a Russian hosting service. DDoS-Guard takes over from Cloudflare after the latest caused a multi-day disruption of Robin Bank operations by distancing its services from the phishing infrastructure. The Russian rock-solid hosting provider previously hosted the alt-tech social network Parler as well as […].
CyberSecurity Insiders
NOVEMBER 7, 2022
Microsoft released its Digital Defense Report of 2022, in which it clearly specified that China was targeting smaller nations with intense digital attacks to gather intelligence via cyber espionage. Its actual aim behind this activity is to internationally strengthen the nation’s stand both economically and to attain an utmost position in military influence.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Security Boulevard
NOVEMBER 7, 2022
Learn from Zscaler how zero trust, MITRE ATT&CK, and BAS can work together to optimize security posture across complex environments. The post Voices from Validate – Simplifying Posture Management appeared first on SafeBreach. The post Voices from Validate – Simplifying Posture Management appeared first on Security Boulevard.
CyberSecurity Insiders
NOVEMBER 7, 2022
By Michael DeCesare, CEO & President, Exabeam. As the digital economy grows, organizations have become increasingly susceptible to cyberattacks. Adversaries actively seek opportunities to exploit gaps within IT systems, applications, or hardware, causing trillions of dollars worth of damage annually. As a result, security teams are leveraging security capabilities in the form of Security Information and Event Management (SIEM) software to help identify and respond to security threats in real
We Live Security
NOVEMBER 7, 2022
Make sure that the device that’s supposed to help you keep tabs on your little one isn’t itself a privacy and security risk. The post Hacking baby monitors can be child’s play: Here’s how to stay safe appeared first on WeLiveSecurity.
Security Boulevard
NOVEMBER 7, 2022
With the disruption, loss of life and heartbreaking images that the Russia-Ukraine conflict has produced, it is easy to overlook what it has meant to the cyber threat landscape. Even threat actors have taken sides. The post Ukraine’s Response to Cyber Threats a Model in DDoS Prevention appeared first on Radware Blog. The post Ukraine’s Response to Cyber Threats a Model in DDoS Prevention appeared first on Security Boulevard.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
eSecurity Planet
NOVEMBER 7, 2022
Kaspersky researchers recently found evidence of an advanced threat group continuously updating its malware to evade security products, similar to a release cycle for developers. Kaspersky revealed that APT10, also known as the Cicada hacking group, has successfully deployed the LODEINFO malware in government, media, public sector, and diplomatic organizations in Japan.
CSO Magazine
NOVEMBER 7, 2022
The skills gap facing cybersecurity is an ongoing issue that has plagued the industry for years. Recent research from (ISC)2 finds the global cybersecurity workforce needs to grow 65% to effectively defend organizations’ critical assets, requiring a massive influx of 2.7 million professionals to meet demand. The (ISC)2’s Cybersecurity Workforce Study also found the workforce gap remains the #1 barrier to meeting security needs, and 60% of participants feel that a cybersecurity staffing shortag
Security Boulevard
NOVEMBER 7, 2022
Nearly a third of CISOs or IT security leaders in the United States and the United Kingdom are considering leaving their current role, according to research by BlackFog. Of those considering leaving their current role, a third of those would do so within the next six months, according to the survey, which polled more than 500 IT. The post CISOs, Security Leaders Eyeing Other Job Options appeared first on Security Boulevard.
Heimadal Security
NOVEMBER 7, 2022
The United Kingdom’s National Cyber Security Centre (NCSC), the government agency leading UK’s cybersecurity mission, will start scanning all the Internet-exposed devices hosted in the UK. In a statement posted on its official website, the NCSC declared that this operation will help them better understand the country’s vulnerability and security.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Security Boulevard
NOVEMBER 7, 2022
Many significant concerns arise while developing modern-day applications in the cloud, including uptime, geographic distribution and scalability. Adopting application architectures based on event-driven microservices helps resolve these concerns and enables us to scale different services independently. However, event-based microservices present significant challenges, including communication between these services.
Heimadal Security
NOVEMBER 7, 2022
It comes as no surprise that cybersecurity is one of the most important topics in this hacker-prone Internet era. A large number of cyber attacks occur every day and they have no regard for large corporations or individuals. Ransomware inflicts significant financial harm. Businesses are now hiring certified cybersecurity experts to aid them in identifying flaws […].
Security Boulevard
NOVEMBER 7, 2022
The world of information technology is constantly advancing. As time passes, technological tools, trends, and usage behavior change. Integration of DevOps within development infrastructure is one of today’s most popular ideas, which the majority of IT firms are embracing. DevOps, to put it simply, is the integration of services offered by development and operations teams. […].
CyberSecurity Insiders
NOVEMBER 7, 2022
Scientists from the University of Texas have developed a new AI model that can scan brains and read minds. It was developed with a hardship of over 7-years with an aim to help read the minds of people who cannot speak. The technology behind this new mode of communication decoding is called Functional Magnetic Resonance Imaging (fMRI) that conceptualizes arbitrary stimuli that a person’s brain is grasping or analyzing as a natural language in real-time.
Advertisement
The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.
Heimadal Security
NOVEMBER 7, 2022
LockBit, one of the most notorious ransomware gangs around, is claiming responsibility for a cyberattack that hit the German auto parts giant Continental. The ransomware gang allegedly stole some data from the company’s systems and is now threatening to make the data publicly available if their demands are not met by Continental. LockBit has yet […].
Security Boulevard
NOVEMBER 7, 2022
One of the least technologically sophisticated cyberattacks, business email compromise (BEC), is also one of the most damaging. According to the FBI’s Internet Crime Complaint Center (IC3), there were 241,206 business email compromise incidents between 2016 and 2021, with combined global business losses of $43,312,749,946. In its 2021 internet crime report, the FBI cited BEC.
Bleeping Computer
NOVEMBER 7, 2022
A ransomware gang that some believe is a relaunch of REvil and others track as BlogXX has claimed responsibility for last month's ransomware attack against Australian health insurance provider Medibank Private Limited. [.].
Heimadal Security
NOVEMBER 7, 2022
As Elon Musk took charge of Twitter`s management, there have been some controversial changes implemented, one of them being the $8 a month fee for Twitter Blue and account verification. Other than receiving the famous blue tick, paid users will get priority in replies, mentions & search, fewer ads, and the ability to post longer content. However, […].
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
The Hacker News
NOVEMBER 7, 2022
Facebook appears to have silently rolled out a tool that allows users to remove their contact information, such as phone numbers and email addresses, uploaded by others. The existence of the tool, which is buried inside a Help Center page about "Friending," was first reported by Business Insider last week. It's offered as a way for "Non-users" to "exercise their rights under applicable laws."
Security Boulevard
NOVEMBER 7, 2022
Here's why your organization should consider a SaaSBOM — and some of the challenges facing their success. The post SBOMs in the SaaS era: 5 reasons why you should consider a SaaSBOM appeared first on Security Boulevard.
Security Affairs
NOVEMBER 7, 2022
Threats actors calling themselves “Justice Blade” published leaked data from an outsourcing IT vendor. The group of threat actors calling themselves ‘Justice Blade’ published leaked data from Smart Link BPO Solutions, an outsourcing IT vendor working with major enterprises and government agencies in the Kingdom of Saudi Arabia and other countries in the GCC.
Security Boulevard
NOVEMBER 7, 2022
Self-Signed Certificates: Cybercriminals Are Turning This Strength into a Vulnerability. Scott Carter. Mon, 11/07/2022 - 17:00. 29623 views. The risk of self-signed certificates . When compared with certificates signed by CAs, self-signed certificates are often viewed as less trustworthy because they have not been vetted through official channels. With signed certificates, a trusted Certificate Authority must verify the certificate applicant's domain ownership and identity information, whereas a
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Expert insights. Personalized for you.
214 
Let's personalize your content