Schneier on Security

APRIL 22, 2022

Interesting implementation mistake : The vulnerability, which Oracle patched on Tuesday , affects the company’s implementation of the Elliptic Curve Digital Signature Algorithm in Java versions 15 and above. ECDSA is an algorithm that uses the principles of elliptic curve cryptography to authenticate messages digitally. […]. ECDSA signatures rely on a pseudo-random number, typically notated as K, that’s used to derive two additional numbers, R and S.

Authentication 280

Authentication 280

Tech Republic Security

APRIL 22, 2022

The OAuth authentication framework provides users with a safe way to access online services without putting their credentials at risk. Here’s a quick rundown of what you should know about OAuth 2.0. The post OAuth 2.0: What is it and how does it work? appeared first on TechRepublic.

Authentication 148

Authentication Risk 148

eSecurity Planet

APRIL 22, 2022

Cyberattacks are not only a technological problem for companies, but they also represent a very real financial threat. That’s where cyber insurance may be able to help. According to the Ponemon Institute and IBM, the global average cost of a data breach is $4.24 million and climbing. And costs can be much higher for some industries and geographic locations (including the United States).

Cyber Insurance 119

Cyber Insurance Insurance Marketing Small Business 119

Hacker Combat

APRIL 22, 2022

There were 2690 reports of ransomware attacks in 2021, which was a 97.1% increase on 2020 levels. Ransomware is malicious software that infects a personal or organizational computer and then holds information for ransom until the affected party pays some money. Ransomware cost businesses and individuals $18 billion in 2020, with the average sum paid totaling $220,298 in the first quarter of 2021.

Ransomware 119

Ransomware Firewall Passwords Authentication 119

Speaker: Erroll Amacker

Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.

Risk

Security Boulevard

APRIL 22, 2022

Google and Facebook ban China’s candidate in Hong Kong’s upcoming elections. John Lee Ka-chiu (pictured) was sanctioned by the U.S. in 2020 for his actions supporting China’s suppression of regional autonomy. The post YouTube Bans Hong Kong Election Candidate Lee Ka-chiu appeared first on Security Boulevard.

Social Engineering 111

Social Engineering Engineering Cybersecurity 111

CyberSecurity Insiders

APRIL 22, 2022

Nigeria has announced a clampdown on 73 million mobile numbers as they failed to link their SIMS to the NIN database. And reports are in that nearly one-third of the entire mobile user’s database was blocked from making any outgoing calls because of privacy, security, and issues related to compliance. In July 2011, most of the South African countries agreed to employ SIM Registration laws in their regions, respectively, and those countries include Egypt, Ghana, Kenya, and Nigeria.

Mobile 111

Mobile Identity Theft Government Banking 111

Naked Security

APRIL 22, 2022

Here's what you need to know - plus some sensible advice for all the devices on your home or small biz network!

IoT 102

IoT 102

The Hacker News

APRIL 22, 2022

Network-attached storage (NAS) appliance maker QNAP on Thursday said it's investigating its lineup for potential impact arising from two security vulnerabilities that were addressed in the Apache HTTP server last month. The critical flaws, tracked as CVE-2022-22721 and CVE-2022-23943, are rated 9.8 for severity on the CVSS scoring system and impact Apache HTTP Server versions 2.4.

Firmware 102

Firmware 102

Security Affairs

APRIL 22, 2022

Conti ransomware gang claimed responsibility for a ransomware attack that hit the government infrastructure of Costa Rica. Last week a ransomware attack has crippled the government infrastructure of Costa Rica causing chaos. The Conti ransomware gang claimed responsibility for the attack, while the Costa Rican government refused to pay a ransom. “The Costa Rican state will not pay anything to these cybercriminals.” said Costa Rica President Carlos Alvarado.

Ransomware 100

Ransomware Government Hacking Risk 100

Thales Cloud Protection & Licensing

APRIL 22, 2022

So You Think You Are Protected With Cloud Native Encryption? divya. Fri, 04/22/2022 - 09:54. According to industry surveys, like the IBM 2021 Data Breach Investigations Report, a very high percentage of data breaches occur because attackers are abusing system privileges. It won’t be wrong to note that “criminals are not breaking in, they are logging in,” as Uri Rivner, Founder & CEO at Regutize highlighted in the Thales Security Sessions podcast.

Encryption 100

Encryption Data breaches Backups Accountability 100

Advertisement

Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.

Cyber threats

Security Affairs

APRIL 22, 2022

When security fails, cyber insurance can become crucial for ensuring continuity. Cyber has changed everything around us – even the way we tackle geopolitical crisis and conflicts. When Einstein was asked what a war will look like in the future, he couldn’t have predicted the importance of digital technology for modern societies. According to a report by IDC , by the end of 2022, nearly 65% of the global GDP will be digitized — reliant on a digital system of some kind.

Cyber Insurance 100

Cyber Insurance Insurance Risk Technology 100

CSO Magazine

APRIL 22, 2022

LemonDuck, a well-known cryptomining botnet , is targeting Docker on Linux systems to coin digital money, CloudStrike reported Thursday. The company's threat research team revealed in a blog written by Manoj Ahuje that the botnet is leveraging Docker APIs exposed to the internet to run malicious containers on Linux systems. Docker is used to build, run, and mange containerized workloads.

Internet 99

Internet Internet 99

Bleeping Computer

APRIL 22, 2022

Threat analysts report that zero-day vulnerability exploitation is on the rise with Chinese hackers using most of them in attacks last year. [.].

98

98

WIRED Threat Level

APRIL 22, 2022

In a twist, a massive trove of stolen bitcoins will repay the dark web market creator's $183 million restitution.

Marketing 98

Marketing 98

Advertisement

The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.

Cybersecurity

Security Affairs

APRIL 22, 2022

Taiwanese vendor QNAP warns users to update their NAS Firmware to fix Apache HTTP flaws addressed in the Apache HTTP server last month. Taiwanese vendor QNAP warns users to update their NAS Firmware to address Apache HTTP vulnerabilities, tracked as CVE-2022-22721 and CVE-2022-23943 , addressed in the Apache HTTP server in March. “While CVE-2022-22719 and CVE-2022-22720 do not affect QNAP products, CVE-2022-22721 affects 32-bit QNAP NAS models, and CVE-2022-23943 affects users who have en

Firmware 98

Firmware Hacking Cybersecurity Internet 98

The Hacker News

APRIL 22, 2022

A proof-of-concept (PoC) code demonstrating a newly disclosed digital signature bypass vulnerability in Java has been shared online. The high-severity flaw in question, CVE-2022-21449 (CVSS score: 7.5), impacts the following version of Java SE and Oracle GraalVM Enterprise Edition - Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18 Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1, 22.0.0.

98

98

Security Affairs

APRIL 22, 2022

The Lemon_Duck cryptomining botnet is targeting Docker servers to mine cryptocurrency on Linux systems. Crowdstrikes researchers reported that the Lemon_Duck cryptomining botnet is targeting Docker to mine cryptocurrency on Linux systems. The Lemon_Duck cryptomining malware was first spotted in June 2019 by researchers from Trend Micro while targeting enterprise networks.

Cryptocurrency 98

Cryptocurrency Malware Internet Internet 98

Security Boulevard

APRIL 22, 2022

In April 2022, Adobe released security update APSB22-16. This update fixed five product bugs that Zscaler’s ThreatLabz reported in Adobe Acrobat that are related to EMF (Enhanced Metafile Format) parsing. Adobe determined that Acrobat is secure by default for converting EMF to PDF. Specifically, abuse requires administrative privileges to modify the registry and add HKLM keys in order to enable the feature of the conversion from EMF to PDF.

Software 98

Software 98

Speaker: Sierre Lindgren

Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.

Scams

Security Affairs

APRIL 22, 2022

Experts disclose an unpatched vulnerability in the RainLoop webmail client, tracked as CVE-2022-29360, that can be exploited to steal users’ emails. RainLoop is an open-source web-based email client used by thousands of organizations, which is affected by a vulnerability, tracked as CVE-2022-29360, that can be exploited to steal users’ emails.

Passwords 98

Passwords Hacking Software Cybersecurity 98

Security Boulevard

APRIL 22, 2022

The FBI has released FBI Flash CU-000167-MW warning that BlackCat/ALPHV ransomware-as-a-service (RaaS) group has compromised at least 60 entities globally. As with the majority of cyberattacks, BlackCat/ALPHV’s end game is an Active Directory attack. Top on the FBI’s list of recommended mitigations is reviewing your Active Directory environment for unrecognized user accounts and other indicators.

Ransomware 98

Ransomware Accountability 98

The Hacker News

APRIL 22, 2022

Atlassian has published a security advisory warning of a critical vulnerability in its Jira software that could be abused by a remote, unauthenticated attacker to circumvent authentication protections. Tracked as CVE-2022-0540, the flaw is rated 9.9 out of 10 on the CVSS scoring system and resides in Jira's authentication framework, Jira Seraph.

Authentication 98

Authentication Software 98

Security Boulevard

APRIL 22, 2022

Creating and maintaining an effective security culture is the holy grail for many, if not all, organizations in this era of security breaches and heightened privacy concerns among employees, customers and other key stakeholders. But despite their best efforts, many struggle to create a strong security culture. Even those that do often fail in their.

Data breaches 98

Data breaches Security Awareness Cybersecurity 98

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

We Live Security

APRIL 22, 2022

As the Five Eyes nations warn of attacks against critical infrastructure, we look at the potentially cascading effects of such attacks and how essential systems and services can ramp up their defense. The post Cybersecurity threats to critical infrastructure – Week in security with Tony Anscombe appeared first on WeLiveSecurity.

Cybersecurity 98

Cybersecurity 98

Bleeping Computer

APRIL 22, 2022

T-Mobile has confirmed that the Lapsus$ extortion gang breached its network "several weeks ago" using stolen credentials and gained access to internal systems. [.].

Mobile 98

Mobile 98

Digital Guardian

APRIL 22, 2022

The thwarting of an underwater cyber attack, a growing cyber threat to critical infrastructure, and phishing attacks leveraging… LinkedIn? Catch up on these stories and more with this week’s Friday Five!

Cyber threats 98

Cyber threats Cyber Attacks Phishing 98

Security Boulevard

APRIL 22, 2022

Billions of malicious emails are lobbed at UK government employees every year, more than 100 different Lenovo consumer laptop computers are vulnerable to ransomware, the FBI is warning farming co-ops of possible attacks. The post Cybersecurity News Round-Up: Week of April 18, 2022 appeared first on Security Boulevard.

Cybersecurity 97

Cybersecurity Government Ransomware 97

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

The Hacker News

APRIL 22, 2022

LemonDuck, a cross-platform cryptocurrency mining botnet, is targeting Docker to mine cryptocurrency on Linux systems as part of an active malware campaign. "It runs an anonymous mining operation by the use of proxy pools, which hide the wallet addresses," CrowdStrike said in a new report. "It evades detection by targeting Alibaba Cloud's monitoring service and disabling it.

Cryptocurrency 97

Cryptocurrency Malware 97

Security Boulevard

APRIL 22, 2022

In our new threat briefing report, Forescout’s Vedere Labs describes how it analyzed files and tools used by an affiliate of the ALPHV ransomware group during an attack. ALPHV, also known as Black Cat, is a Ransomware-as-a-Service gang that was first discovered in November 2021. This gang has hit more than 60 organizations and large […]. The post ALPHV: Breaking Down the Complexity of the Most Sophisticated Ransomware appeared first on Forescout.

Ransomware 97

Ransomware 97

InfoWorld on Security

APRIL 22, 2022

The new CEO of the enterprise search software company Elastic has one priority: cloud. “Cloud is front and center,” he told InfoWorld during a recent interview. “That is really where you should continue to see me double down.” Elastic.

Software 97

Software 97

Security Boulevard

APRIL 22, 2022

Not Kidding Around While chalkboards have long seemed artifacts from classrooms of the past, you might be surprised just how dramatically classrooms have changed just within the last ten years. Tablets and Chromebooks have replaced many textbooks and paper hand-in systems, plagiarism and cheating are detected in new ways, and sometimes, the classroom is no longer a physical space–e-learning and.

Cybersecurity 97

Cybersecurity 97

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!