Schneier on Security

JULY 14, 2022

Researchers have a new way to de-anonymize browser users, by correlating their behavior on one account with their behavior on another: The findings, which NJIT researchers will present at the Usenix Security Symposium in Boston next month, show how an attacker who tricks someone into loading a malicious website can determine whether that visitor controls a particular public identifier, like an email address or social media account, thus linking the visitor to a piece of potentially personal data

Accountability 271

Accountability Media Hacking 271

Tech Republic Security

JULY 14, 2022

Journalists have information that makes them particularly interesting for state-sponsored cyberespionage threat actors. Learn more about these threats now. The post State-sponsored cyberespionage campaigns continue targeting journalists and media appeared first on TechRepublic.

Media 206

Media 206

Schneier on Security

JULY 14, 2022

This is a current list of where and when I am scheduled to speak: I’m speaking as part of a Geneva Centre for Security Policy course on Cyber Security in the Context of International Security , online, on September 22, 2022. I’m speaking at IT-Security INSIDE 2022 in Zurich, Switzerland, on September 22, 2022. The list is maintained on this page.

177

177

Tech Republic Security

JULY 14, 2022

Given Chrome's frequent security issues, Jack Wallen strongly believes you shouldn't be saving your passwords to Google's browser. Here, Jack shows you how to delete and prevent them from re-syncing. The post How to remove your saved passwords in Chrome appeared first on TechRepublic.

Passwords 156

Passwords Software 156

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Dark Reading

JULY 14, 2022

Vulnerability will remain a "significant" threat for years to come and highlighted the need for more public and private sector support for open source software ecosystem, Cyber Safety Review Board says.

Cyber threats 143

Cyber threats Software 143

Tech Republic Security

JULY 14, 2022

As ransomware attacks increase, a number of difficulties have risen for cyberinsurers that will need to be addressed swiftly. The post Cyberinsurers looking for new risk assessment models appeared first on TechRepublic.

Risk 141

Risk Ransomware 141

Javvad Malik

JULY 14, 2022

In a paper titled Unintended consequences of smart thermostats in the transition to electrified heating , researchers discovered that most people don’t bother changing the default heating times on these thermostats. As a result at 6am, the strain on the electricity grid peaks as every thermostat clicks on. Akin to launching an inadvertent DDoS attack.

DDOS 113

DDOS Passwords Software Cybersecurity 113

CSO Magazine

JULY 14, 2022

As CISOs look to prepare their 2023 security budgets, some might be asking themselves, “where do I begin?” There are such varied and rapidly changing facets of defending organizations against cyber threats that the task of sorting out which risks need the most attention can seem overwhelming. Nevertheless, security leaders need to begin thinking about how much funding they will need and how they will allocate their budgets.

Cybersecurity 117

Cybersecurity CISO Cyber threats Risk 117

We Live Security

JULY 14, 2022

The heavyweights are now moving into API security, cementing it as “A Thing”. The post API security moves mainstream appeared first on WeLiveSecurity.

Cybersecurity 131

Cybersecurity 131

Dark Reading

JULY 14, 2022

Attackers use scam security checks to steal victims' government documents, photos, banking information, and email passwords, researchers warn.

Scams 131

Scams Phishing Banking Passwords 131

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Security Boulevard

JULY 14, 2022

As advances in technology continue to improve the efficiency of work environments, biometric technology has emerged as a crucial part of securing the workplace both logically and physically. The COVID-19 pandemic accelerated the adoption of remote work, forcing changes in the way organizations approached security. Biometric authentication provides a safe way to accommodate flexible workforces.

Authentication 113

Authentication Technology Cybersecurity 113

Appknox

JULY 14, 2022

“Static Application security testing(SAST), or static analysis is a methodology testing that examines source code to identify vulnerabilities that make the applications of your organization vulnerable to attack. SAST, also known as white-box testing, scans an application before code compilation takes place. It helps developers build efficient code without slowing them down.

Mobile 105

Mobile Cybersecurity 105

Security Boulevard

JULY 14, 2022

In the months since Russia invaded Ukraine, NATO has flexed its muscles and responded swiftly and with solidarity against the country’s show of military aggression. So, it seemed logical that the expanding alliance would aim to meet cyberattacks with a virtual rapid response cybersecurity capability, announced during its recent summit in Madrid. Underscoring its promise.

Cybersecurity 109

Cybersecurity Risk Government 109

Malwarebytes

JULY 14, 2022

If you’re one of the 50% of small and medium-sized businesses (SMBs) that use Mac devices today, chances are your IT and security teams have a ton of Mac endpoints to monitor. Securing that many endpoints can get really complex, really fast, especially when you consider that the common wisdom that Macs don’t get malware simply isn’t true: in fact, the number of malware detections on Mac jumped 200% year-on-year in 2021.

DNS 104

DNS Adware Malware Antivirus 104

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Graham Cluley

JULY 14, 2022

Turn on a PC running Microsoft Windows 8.1 and you're likely to be greeted with a full-screen message warning that the operating system will no longer be supported after 10 January 2023, and - critically - will no longer be receiving any security updates.

108

108

CyberSecurity Insiders

JULY 14, 2022

For the first time in history, China has openly criticized India for launching cyber attacks on Pakistan’s critical infrastructure using a Chinese code name. It also accused the Indian Subcontinent of terrorizing cyberspace by weaponizing IT for some objectives. India has counter-attacked its neighbor, saying it was falsely attempting to malign the image of the country, just to divert the attention of the world from its own malicious activities in cyberspace.

Cyber Attacks 104

Cyber Attacks Surveillance Cybersecurity 104

Security Affairs

JULY 14, 2022

Microsoft published the exploit code for a vulnerability in macOS that can allow an attacker to escape the sandbox. Microsoft publicly disclosed technical details for an access issue vulnerability, tracked as CVE-2022-26706 , that resides in the macOS App Sandbox. “Microsoft uncovered a vulnerability in macOS that could allow specially crafted codes to escape the App Sandbox and run unrestricted on the system.” reads the post published by Microsoft.

Hacking 103

Hacking Information Security 103

Bleeping Computer

JULY 14, 2022

For more than a year, North Korean hackers have been running a ransomware operation called HolyGhost, attacking small businesses in various countries. [.].

Small Business 112

Small Business Ransomware 112

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Security Affairs

JULY 14, 2022

Former CIA programmer, Joshua Schulte, was convicted in a US federal court of the 2017 leak of a massive leak to WikiLeaks. The former CIA programmer Joshua Schulte (33) was found guilty in New York federal court of stealing the agency’s hacking tools and leaking them to WikiLeaks in 2017. The huge trove of data, called “ Vault 7 ,” exposed the hacking capabilities of the US Intelligence Agency and its internal infrastructure.

Engineering 99

Engineering Hacking Mobile IoT 99

Bleeping Computer

JULY 14, 2022

Security researchers have discovered a new speculative execution attack called Retbleed that affects processors from both Intel and AMD and could be used to extract sensitive information. [.].

100

100

Security Boulevard

JULY 14, 2022

In this episode we discuss the importance of audit services in the M&A world and how to reap the benefits of your open source software. The post AppSec Decoded: Get the most out of your open source software appeared first on Application Security Blog. The post AppSec Decoded: Get the most out of your open source software appeared first on Security Boulevard.

Software 98

Software Risk 98

Security Affairs

JULY 14, 2022

Researchers warn of a new vulnerability, dubbed Retbleed, that impacts multiple older AMD and Intel microprocessors. ETH Zurich researchers Johannes Wikner and Kaveh Razavi discovered a new vulnerability, dubbed Retbleed, that affects multiple older AMD and Intel microprocessors. An attacker can exploit the flaw to bypass current defenses and perform in Spectre -based attacks.

Hacking 97

Hacking Software Information Security 97

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

Security Boulevard

JULY 14, 2022

A survey of 400 global insurers finds the cyber insurance business “isn’t working for insurers, brokers or their customers.” According to the survey report, insurers are raising cyber insurance premiums, reducing coverage limits, requiring increasingly burdensome technical questionnaires from customers -- and in the end, over half of the firms surveyed still reported being only “somewhat confident’ or “not at all confident” in their underwriting process.

Cyber Insurance 98

Cyber Insurance Insurance Risk 98

The Hacker News

JULY 14, 2022

Joshua Schulte, a former programmer with the U.S. Central Intelligence Agency (CIA), has been found guilty of leaking a trove of classified hacking tools and exploits dubbed Vault 7 to WikiLeaks. The 33-year-old engineer had been charged in June 2018 with unauthorized disclosure of classified information and theft of classified material.

Engineering 97

Engineering Hacking 97

Security Boulevard

JULY 14, 2022

On August 10, Trustero will present an eye-opening, informative webinar, “Improve Your Cybersecurity with Continuous SOC 2 Compliance.” The featured speaker will be renown cybersecurity industry analyst Richard Stiennon. The post SOC 2 Compliance and Your Cybersecurity: An Everything Compliance Webinar appeared first on Trustero. The post SOC 2 Compliance and Your Cybersecurity: An Everything Compliance Webinar appeared first on Security Boulevard.

Cybersecurity 98

Cybersecurity 98

Bleeping Computer

JULY 14, 2022

Global crypto payments gateway, CoinPayments.net is ceasing operations in the United States soon and has advised users to withdraw their assets before July 19th, 2022. The short notice given by the exchange via a private email left some customers suspecting if this was an "exit scam" or another mysterious incident. [.].

Scams 95

Scams Cryptocurrency Technology 95

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Security Boulevard

JULY 14, 2022

As the threat landscape continues to become increasingly complex, fraud and security teams find it significantly harder to deal with the problem efficiently. Partnering with the right security vendor and consuming the insight they provide in the most efficient way is key for making accurate, real-time risk decisions. The current threat landscape I often see […].

Risk 95

Risk 95

Naked Security

JULY 14, 2022

Latest episode - listen now! Great discussion, technical content, solid advice. all covered in plain English.

Ransomware 123

Ransomware Malware 123

Security Boulevard

JULY 14, 2022

The Russia-Ukraine war has put the world on high alert not just to the threat of physical attacks but the potential for highly-funded, sophisticated nation-state cyberattacks, as well. The worry is not only permeating government agencies but also businesses around the globe, and are not without merit. In light of recent geopolitical shifts, U.S. intelligence.

Government 94

Government Security Awareness Cybersecurity 94

The Hacker News

JULY 14, 2022

The botnet behind the largest HTTPS distributed denial-of-service (DDoS) attack in June 2022 has been linked to a spate of attacks aimed at nearly 1,000 Cloudflare customers. Calling the powerful botnet Mantis, the web performance and security company attributed it to more than 3,000 HTTP DDoS attacks against its users.

DDOS 96

DDOS Media Internet Internet 96

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.