Schneier on Security

FEBRUARY 28, 2023

CRYSTALS-Kyber is one of the public-key algorithms currently recommended by NIST as part of its post-quantum cryptography standardization process. Researchers have just published a side-channel attack—using power consumption—against an implementation of the algorithm that was supposed to be resistant against that sort of attack. The algorithm is not “broken” or “cracked”—despite headlines to the contrary—this is just a side-channel attack.

Encryption 211

Encryption 211

Tech Republic Security

FEBRUARY 28, 2023

With nearly 90% of companies reporting cyberattacks, pen testing budgets are on the rise, with cloud infrastructure and services a key focus area, according to a new report. The post Pen testing report: IT budgets should focus on entire security stack appeared first on TechRepublic.

Penetration Testing 192

Penetration Testing 192

CSO Magazine

FEBRUARY 28, 2023

Password management company LastPass, which was hit by two data breaches last year , has revealed that data exfiltrated during the first intrusion, discovered in August, was used to target the personal home computer of one of its devops engineers and launch a second successful cyberatttack, detected in November. The threat actor involved in the breaches infected the engineer's home computer with a keylogger , which recorded information that enabled a cyberattack that exfiltrated sensitive inform

Data breaches 133

Data breaches Engineering Password Management Hacking 133

CyberSecurity Insiders

FEBRUARY 28, 2023

No one likes to think their company might be hit by a cyber attack or breach, but the truth is cybercrime is one of the biggest threats your organization can face. If you suffer a breach, the loss of data is only the first of many issues you will be facing. You also have to navigate reputational damage, lost revenue, and the potential for fines and sanctions from regulatory agencies.

Architecture 132

Architecture Authentication Technology CISO 132

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Security Boulevard

FEBRUARY 28, 2023

The U.S. Marshals Service (USMS) has been hacked (again). Scrotes stole sensitive stuff (supposedly). The post US Marshals Ransomware Hack is ‘Major Incident’ appeared first on Security Boulevard.

Hacking 130

Hacking Ransomware Social Engineering Cyber Attacks 130

Bleeping Computer

FEBRUARY 28, 2023

Satellite broadcast provider and TV giant Dish Network has finally confirmed that a ransomware attack was the cause of a multi-day network and service outage that started on Friday. [.

Ransomware 127

Ransomware 127

CyberSecurity Insiders

FEBRUARY 28, 2023

Apple Inc has issued an update that it will soon release the fix to the two newly discovered vulnerabilities that are plaguing iPhone users for the past two weeks. According to an update released by privacy experts at VPNOverview, these two bugs have the potential of handing over fraudulent access to cyber criminals, thus allowing them to steal photos, messages and files.

Banking 123

Banking Accountability Cybersecurity 123

CSO Magazine

FEBRUARY 28, 2023

While phishing , business email compromise (BEC) , and ransomware still rank among the most popular cyberattack techniques, a mix of new-breed attacks is gaining steam, according to a new report from cybersecurity and compliance company Proofpoint. “While conventional phishing remains successful, many threat actors have shifted to newer techniques, such as telephone-oriented attack delivery (TOAD) and adversary in the middle (AitM) phishing proxies that bypass multi-factor authentication,” said

Ransomware 123

Ransomware Phishing Authentication Cybersecurity 123

Security Boulevard

FEBRUARY 28, 2023

SlashNext today launched a platform that makes use of generative artificial intelligence (AI) to thwart business email compromise (BEC), supply chain attacks, executive impersonation and financial fraud. SlashNext CEO Patrick Harr said the Generative HumanAI platform combines data augmentation and cloning technologies to assess a core threat and then employs a generative AI platform developed.

Artificial Intelligence 116

Artificial Intelligence Cybersecurity Technology Social Engineering 116

CSO Magazine

FEBRUARY 28, 2023

Multilayered, well-funded cybersecurity systems are unable to protect enterprises in the US and Europe from cyberattacks, according to a report by automated security validation firm Pentera. The report, which was based on a survey of 300 CIOs, CISOs and security executives to get insights on their current IT and security budgets and cybersecurity validation practices, noted that the financial slowdown has had a minimal impact on cybersecurity budgets.

CISO 122

CISO Marketing Cybersecurity 122

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Security Boulevard

FEBRUARY 28, 2023

Orca Security today added a data security posture management (DSPM) capability to its cloud security platform as part of an ongoing effort to streamline operations and reduce the total cost of cybersecurity. Orca Security CEO Avi Shua said this latest addition to the Orca Cloud Security platform, available as a public beta, adds a data. The post Orca Security Adds Data Security Capabilities to Cloud Platform appeared first on Security Boulevard.

Cybersecurity 112

Cybersecurity 112

IT Security Guru

FEBRUARY 28, 2023

Cyber insurers are losing money. Their loss ratios – total claims plus the insurer’s costs, divided by total premiums earned – are now consistently above 60%, which presents something of an existential threat to the insurance industry, making cyber risk a potentially uninsurable area due to falling profitability. The insurance sector is battling its losses by increasing premiums – which have gone up by some 94% between 2019 and 2022 – creating the artificial impression that the sector is growing

Cyber Insurance 111

Cyber Insurance Insurance Marketing Cyber Risk 111

Bleeping Computer

FEBRUARY 28, 2023

The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has added CVE-2022-36537 to its "Known Exploited Vulnerabilities Catalog" after threat actors began actively exploiting the remote code execution (RCE) flaw in attacks. [.

Cybersecurity 108

Cybersecurity 108

CSO Magazine

FEBRUARY 28, 2023

Companies rightly see much promise for future revenues and productivity by building and participating in emerging digital ecosystems — but most have not given enough consideration to the risks and threats inherent in such ecosystems. According to the TCS Risk & Cybersecurity Study , cyber threats within digital ecosystems may be an enterprise blind spot.

Risk 106

Risk Cyber threats Cybersecurity 106

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

CyberSecurity Insiders

FEBRUARY 28, 2023

It is a well-known fact that those spreading malware like ransomware strike the same victim twice, if/when the victim shows negligence in fixing up the vulnerability that previously led to a data breach. The same thing happened with LastPass, a company that offers password managing services. According to the details available to our Cybersecurity Insiders, threat actors used the previous credentials stolen from the previous cyber attack launched in August last year to infiltrate the same databas

Cyber Attacks 102

Cyber Attacks Passwords Password Management Backups 102

CSO Magazine

FEBRUARY 28, 2023

Over the weekend an attacker has been uploading thousands of malicious Python packages on the public PyPI (Python Package Index) software repository. If executed on a Windows system, these packages will download and install a Trojan program hosted on Dropbox. Flooding public package repositories with malicious packages is not entirely new. Last year researchers detected a group of 186 packages from the same account on the JavaScript npm repository that were designed to install cryptomining softw

Software 105

Software Accountability 105

Trend Micro

FEBRUARY 28, 2023

We detail the update that advanced persistent threat (APT) group Iron Tiger made on the custom malware family SysUpdate. In this version, we also found components that enable the malware to compromise Linux systems.

Malware 101

Malware Cyber threats 101

Dark Reading

FEBRUARY 28, 2023

The adversaries obtained a decryption key to a LastPass database containing multifactor authentication and federation information as well as customer vault data, company says.

Engineering 101

Engineering Authentication 101

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Bleeping Computer

FEBRUARY 28, 2023

Microsoft says the KB5022913 February 2023 non-security preview release is causing boot issues on Windows 11 22H2 systems due to incompatibility with some third-party UI customization apps. [.

99

99

Dark Reading

FEBRUARY 28, 2023

The biggest dilemmas in running a modern cybersecurity team are not all about software, said CISOs from HSBC, Citi, and Sepio.

CISO 121

CISO Cybersecurity Software 121

The Hacker News

FEBRUARY 28, 2023

Romanian cybersecurity company Bitdefender has released a free decryptor for a new ransomware strain known as MortalKombat. MortalKombat is a new ransomware strain that emerged in January 2023. It's based on commodity ransomware dubbed Xorist and has been observed in attacks targeting entities in the U.S., the Philippines, the U.K., and Turkey.

Ransomware 98

Ransomware Cybersecurity 98

Dark Reading

FEBRUARY 28, 2023

The framework-as-a-service signals an intensification of the cat-and-mouse game between defenders detecting lateral movement, and cybercriminals looking to go unnoticed.

101

101

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

Security Boulevard

FEBRUARY 28, 2023

The U.S. Dept. of Commerce National Institute of Standards and Technology (NIST) will open a comment period for stakeholders on proposed significant reform to its Cybersecurity Framework (CSF). In advance of the public comment period, the standards organization wrapped up the last stakeholder workshops last week. It is the first time in five years that.

Government 98

Government Technology Cybersecurity CISO 98

Identity IQ

FEBRUARY 28, 2023

IDIQ Makes Inc. 5000 List Of The Pacific Region’s Fastest-Growing Private Companies IdentityIQ —IDIQ earns its second spot on the prestigious Inc. Magazine’s Inc. 5000 Regionals List, ranking No. 69 with a three-year revenue growth of 283% — Temecula, California, Feb. 28, 2023 – IDIQ ® , an industry leader in identity theft protection and credit monitoring, has earned the rank of No. 69 on Inc.

Identity Theft 96

Identity Theft Education Technology 96

Security Boulevard

FEBRUARY 28, 2023

Simple question: Is a user ID and password similar to an identification card like a driver’s license or a key? If I use your user ID and password to log into your account, am I committing the crime of trespass, breaking and entering or false personation? What does it mean in the law to “use”. The post Supreme Court: Does BIlling Fraud Violate Federal ID Theft Statutes?

Passwords 98

Passwords Accountability Identity Theft Cybersecurity 98

Malwarebytes

FEBRUARY 28, 2023

Last August, LastPass suffered a well publicised breach: Developer systems were compromised and source code stolen. This resulted in a second breach in November, which was revealed by LastPass in December. The company has now revealed that the individual(s) responsible for the attack also compromised a remote employee's computer, in order to capture credentials used in the second attack.

VPN 95

VPN Media Backups Passwords 95

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Security Boulevard

FEBRUARY 28, 2023

A report published by CrowdStrike today highlighted how the cybersecurity threat landscape has shifted in the last year, with 71% of attacks detected not involving malware. In fact, the number of interactive intrusions involving hands-on-keyboard activity increased 50% in 2022, according to the report. There was also a 20% increase in the number of adversaries.

Cybersecurity 94

Cybersecurity Malware Social Engineering Engineering 94

The Hacker News

FEBRUARY 28, 2023

Cryptocurrency companies are being targeted as part of a new campaign that delivers a remote access trojan called Parallax RAT. The malware "uses injection techniques to hide within legitimate processes, making it difficult to detect," Uptycs said in a new report.

Cryptocurrency 92

Cryptocurrency Malware 92

WIRED Threat Level

FEBRUARY 28, 2023

New details reveal that Beijing-backed hackers targeted the Association of Southeast Asian Nations, adding to a string of attacks in the region.

Hacking 102

Hacking 102

The Hacker News

FEBRUARY 28, 2023

The threat actor known as Blind Eagle has been linked to a new campaign targeting various key industries in Colombia. The activity, which was detected by the BlackBerry Research and Intelligence Team on February 20, 2023, is also said to encompass Ecuador, Chile, and Spain, suggesting a slow expansion of the hacking group's victimology footprint.

Hacking 92

Hacking 92

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.