Schneier on Security
MARCH 16, 2022
Basically, the SafeZone library doesn’t sufficiently randomize the two prime numbers it used to generate RSA keys. They’re too close to each other, which makes them vulnerable to recovery. There aren’t many weak keys out there, but there are some: So far, Böck has identified only a handful of keys in the wild that are vulnerable to the factorization attack.
Anton on Security
MARCH 16, 2022
As we discussed in “Achieving Autonomic Security Operations: Reducing toil” (or it’s early version “Kill SOC Toil, Do SOC Eng” ) and “Stealing More SRE Ideas for Your SOC” , your Security Operations Center (SOC) can learn a lot from what IT operations learned during the SRE revolution. In this post of the series, we plan to extract the lessons for your SOC centered on another SRE principle?
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Tech Republic Security
MARCH 16, 2022
Exposed data discovered by Check Point Research included chat messages in gaming apps, personal photos, token IDs in healthcare apps and data from cryptocurrency platforms. The post Sensitive mobile app data found unprotected in the cloud appeared first on TechRepublic.
CSO Magazine
MARCH 16, 2022
A new ransomware operation dubbed LokiLocker has slowly been gaining traction since August among cybercriminals, researchers warn. The malicious program uses a relatively rare code obfuscation technique and includes a file wiper component that attackers could use against non-compliant victims. "??LokiLocker is a relatively new ransomware family targeting English-speaking victims and Windows PCs.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Tech Republic Security
MARCH 16, 2022
Passwordless and MFA push-based security apps are becoming the norm in enterprises. We compare the features and costs of two of the biggest players in this space, Duo and Microsoft Authenticator, and pit them head-to-head. The post Duo vs. Microsoft Authenticator: Compare multifactor authentication software appeared first on TechRepublic.
Trend Micro
MARCH 16, 2022
This report discusses the technical capabilities of this Cyclops Blink malware variant that targets ASUS routers and includes a list of more than 150 current and historical command-and-control (C&C) servers of the Cyclops Blink botnet.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Bleeping Computer
MARCH 16, 2022
Windows admins were hit today by a wave of Microsoft Defender for Endpoint false positives where Office updates were tagged as malicious in alerts pointing to ransomware behavior detected on their systems. [.].
CyberSecurity Insiders
MARCH 16, 2022
The ongoing war of Russia on Ukraine is fetching many troubles to the financial sector, as most of the internationally recognized banks predict a severe cyber threat to SWIFT, the global payments messaging system in the coming weekend. As VTB and Promsvyazbank, the two biggest banks in Russia have withdrawn from the funding of the Russian war, Moscow is thinking to give a befitting reply to the west by launching sophisticated attacks on the SWIFT payments system that could lead to a financial di
CSO Magazine
MARCH 16, 2022
The Republic of Ireland's Data Protection Commission (DPC) has fined Facebook parent company Meta €17 million (US$18.6 million) for violating multiple articles of the GDPR (General Data Protection Regulation) related to a series of 12 data breach notifications that occurred in the latter half of 2018. The GDPR is an EU regulation that sets comparatively strict standards for the management, processing and protection of user data that went into effect in May 2018.
Bleeping Computer
MARCH 16, 2022
The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has added fifteen additional flaws to its list of actively exploited vulnerabilities known to be used in cyberattacks. [.].
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Security Boulevard
MARCH 16, 2022
It is important to raise children’s awareness about risky online behavior from a young age to keep them safe and maybe even inspire a new generation of fraud fighters. To help adults educate their children about a myriad of online fraud types and how to avoid bad people on the internet, Arkose Labs has launched […]. The post Educate Children About Cyber Fraud With ‘ABCs of Fraud’ appeared first on Security Boulevard.
Bleeping Computer
MARCH 16, 2022
The Emotet malware botnet is taking advantage of the 2022 U.S. tax season by sending out malicious emails pretending to be the Internal Revenue Service sending tax forms or federal returns. [.].
CSO Magazine
MARCH 16, 2022
Cloudflare is bolstering its suite of web infrastructure and security offerings with a free WAF (web application firewall) managed ruleset service, a new API management gateway, and — once it closes its recently announced acquisition of Area 1 Security — a set of email tools designed to thwart phishing and malware attacks. Cloudflare announced at the end of February that it would pay $162 million to acquire Area 1 , which has developed a cloud-native security platform designed to use machine lea
Heimadal Security
MARCH 16, 2022
Log4j 2 is a Java logging library that is open source and extensively used in a variety of software applications and services throughout the world. The Log4j vulnerability gives threat actors the potential to take control of any Java-based, internet-facing server and launch Remote Code Execution (RCE) attacks. What Happened? A newly found botnet that […].
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Bleeping Computer
MARCH 16, 2022
Hackers target poorly secured Microsoft SQL and MySQL database servers to deploy the Gh0stCringe remote access trojans on vulnerable devices. [.].
CSO Magazine
MARCH 16, 2022
If you run a WordPress website, you need to get serious about keeping it as secure as possible. WordPress continues to be a widespread target for hackers. Last November, more than a million GoDaddy-managed WordPress customers were part of a breach that could have exposed their email addresses, private SSL keys, and admin passwords. The attacker was apparently able to operate undetected inside the company’s networks for two months.
Bleeping Computer
MARCH 16, 2022
SolarWinds warned customers of attacks targeting Internet-exposed Web Help Desk (WHD) instances and advised removing them from publicly accessible infrastructure (likely to prevent the exploitation of a potential security flaw). [.].
CSO Magazine
MARCH 16, 2022
Security information and event management (SIEM) tools collect and aggregate log and event data to help identify and track breaches. They are powerful systems that give enterprise security professionals both insight into what's happening in their IT environment right now and a track record of relevant events that have happened in the past. SIEM software (pronounced ‘sim’; the ‘e’ is silent) collects and aggregates log and event data generated throughout the organization’s technology infrastructu
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Security Affairs
MARCH 16, 2022
In mere seconds, a hacker remotely accessed a computer belonging to a regional Russian Ministry of Health, taking advantage of sloppy cybersecurity practices to expose its entire network. Original post at [link]. Spielerkid89, who wished to remain anonymous, did not intend to harm the organization and left its systems intact. However, his experiment is a perfect example of how poor cyber hygiene can leave organizations vulnerable to cyber attacks.
Security Boulevard
MARCH 16, 2022
Our favorite time of the year is upon us again, tax season. This magical time brings stress and anxiety for […]. The post Tax Season Scams appeared first on Security Boulevard.
Malwarebytes
MARCH 16, 2022
Royal Mail scams are always popular techniques for people up to no good. We’ve covered them several times over the last year or so. A quick reminder: Your parcel is waiting for delivery. This is the go-to tactic for fake Royal Mail phishing attacks. You receive a text claiming there’s a parcel in your name, waiting for collection. The SMS contains a link to a fake Royal Mail website.
Bleeping Computer
MARCH 16, 2022
Facebook has removed a deepfake video of Ukrainian President Volodymyr Zelenskyy spreading across the social network and asking Ukrainian troops lay down their arms and surrender. [.].
Advertisement
The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.
Malwarebytes
MARCH 16, 2022
The US Federal Trade Commission (FTC) has announced that it took action against online customized merchandise platform CafePress over allegations that it failed to secure consumers’ sensitive personal data and covered up a major breach. CafePress is a popular online custom T-shirt and merchandise retailer. According to Samuel Levine, Director of the FTC’s Bureau of Consumer Protection: “CafePress employed careless security practices and concealed multiple breaches from consumers.”.
The State of Security
MARCH 16, 2022
How often have you heard someone say “Cybersecurity is complicated!”? If you’re a practitioner in the cybersecurity industry you’ll have heard these words often, probably along with “…and it’s really boring too!” Complex, not complicated Let’s start with the first statement. In truth, cybersecurity is a complex topic, but that doesn’t mean it has to […]… Read More.
Tech Republic Security
MARCH 16, 2022
If you're looking to get notified when someone logs into your Linux servers via SSH, Jack Wallen is here to show you how to set this up. The post Easily create an email alert for all SSH logins appeared first on TechRepublic.
Security Boulevard
MARCH 16, 2022
Section 230 of the Communications Decency Act, 47 U. S. C. §230(c)(1), is generally considered to provide that entities that merely act as conduits for communication (like social media companies) are not considered “publishers” of third-party content, and therefore have no direct liability for what other people say on their site. That section states, “No.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
CSO Magazine
MARCH 16, 2022
For more than a decade, there has been a trend towards a more distributed enterprise network edge. It started with the introduction of cloud computing and the increase in employees using personal devices to connect to the network, aka bring your own device (BYOD). The rapid move to a work-from-anywhere model that began last year accelerated the trend.
The Hacker News
MARCH 16, 2022
The maintainers of OpenSSL have shipped patches to resolve a high-severity security flaw in its software library that could lead to a denial-of-service (DoS) condition when parsing certificates. Tracked as CVE-2022-0778 (CVSS score: 7.5), the issue stems from parsing a malformed certificate with invalid explicit elliptic-curve parameters, resulting in what's called an "infinite loop.
Trend Micro
MARCH 16, 2022
The digital transformations that had enabled many enterprises to stay afloat amid the Covid-19 health crisis also brought about major upheavals in cybersecurity, the impact of which was still widely felt in 2021. In our annual cybersecurity report, we look back at 2021 in terms of the most significant security issues and trends that shaped the year’s threat landscape.
Graham Cluley
MARCH 16, 2022
Germany tells consumers to stop using Kaspersky anti-virus products, OSINT reveals a secret government department (with help from an Apple AirTag), and the UK says it's taking a hard line on dick pics. All this and much more is discussed in the latest edition of the award-winning "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Chris Kirsch.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Expert insights. Personalized for you.
261 
Let's personalize your content