Daniel Miessler
FEBRUARY 2, 2022
There’s something strange about how our InfoSec community is reacting to cryptocurrency, NFTs, and Web3. Mostly, it’s horribly negative. And not dispassionate negative either—but a negativity soaked in ridicule and hate. This is very curious coming from a community that includes so many hackers. I think this comes from the dual nature of hackers themselves.
Joseph Steinberg
FEBRUARY 2, 2022
As I discussed last month, unless we take actions soon, a tremendous amount of data that is today protected through the use of encryption will become vulnerable to exposure. The reason that such a major threat exists is simple – much of today’s data relies on the security of what are known as asymmetric encryption algorithms, and such algorithms rely for their security on the fact that the mathematics that they use to encrypt cannot easily be reversed in order to decrypt.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Schneier on Security
FEBRUARY 2, 2022
The Open Source Security Foundation announced $10 million in funding from a pool of tech and financial companies, including $5 million from Microsoft and Google, to find vulnerabilities in open source projects: The “Alpha” side will emphasize vulnerability testing by hand in the most popular open-source projects, developing close working relationships with a handful of the top 200 projects for testing each year. “Omega” will look more at the broader landscape of open sour
Acunetix
FEBRUARY 2, 2022
Server-side request forgery (SSRF) is the only type of vulnerability that has its own category in the OWASP Top 10 2021 list. Several major cybersecurity breaches in recent years, including Capital One and MS Exchange attacks, involved the use of SSRF as one of the break-in techniques. SSRF. Read more. The post What is server-side request forgery (SSRF)?
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
WIRED Threat Level
FEBRUARY 2, 2022
Disappointed with the lack of US response to the Hermit Kingdom's attacks against US security researchers, one hacker took matters into his own hands.
CyberSecurity Insiders
FEBRUARY 2, 2022
The first news that is related to malicious software and is trending heavily on Google is related to SolarMarker malware that can steal credentials and act as a backdoor for other cyber attacks. Security researchers from Sophos have found that the malware tricks the Windows Registry system and dodges the regular defense-line to enter the victim’s computer and then the network.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Security Boulevard
FEBRUARY 2, 2022
The last 18 months have seen an unprecedented digital transformation in many verticals. The health care sector is no exception, with a dramatic increase in the use of telehealth for the delivery of vital care. While this has improved efficiencies, it has also introduced risks. Confidential patient data is worth a lot of money to. The post Cyberinsurance Tips for Health Care appeared first on Security Boulevard.
Appknox
FEBRUARY 2, 2022
The frequency and severity of cybersecurity attacks are increasing with each passing year. That's why many organizations are now putting greater focus on different ways to withstand online attacks.
Identity IQ
FEBRUARY 2, 2022
Can “Buy Now, Pay Later” Apps Be Trusted with My Personal Data? IdentityIQ. It may be tempting to look for new ways to manage personal finances. For example, one of the latest credit options is to use a so-called “buy-now, pay-later” app, which can fund your purchase today and act as a digital layaway platform until you can fully repay the debt. . Considering this type of app is a new concept, it’s not fully regulated like banks or mortgages, at least, not yet.
Heimadal Security
FEBRUARY 2, 2022
Founded in London in 1951, the British Council is a British organization that promotes worldwide cultural and educational opportunities. It works in over 100 countries encouraging cultural, scientific, technological, and educational cooperation with the United Kingdom and promoting a greater understanding of the United Kingdom and the English language.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Bleeping Computer
FEBRUARY 2, 2022
Hackers have exploited a vulnerability in the Wormhole cross-chain crypto platform to steal approximately $326 million in cryptocurrency. [.].
eSecurity Planet
FEBRUARY 2, 2022
Tens of thousands of applications that are critical to the operations of data centers around the globe are exposed to the internet, with many secured with default factory passwords, posing a significant cyber risk to enterprises worldwide. Researchers with cybersecurity firm Cyble this week said that along with the public-facing data center infrastructure management (DCIM) software, they also found intelligent monitoring devices, thermal cooling management and power monitors for racks vulnerable
Webroot
FEBRUARY 2, 2022
Threat actors are becoming more sophisticated, agile and relentless in their pursuit of stealing personal information for financial gain. Rapid and evolving shifts in the threat landscape require the knowledge and solutions to prepare and prevent threats that could spell disaster for organizations’ reputations and operations. Organizations of all sizes remain at risk.
Bleeping Computer
FEBRUARY 2, 2022
A new SEO poisoning campaign is underway, dropping the Batloader and Atera Agent malware onto the systems of targeted professionals searching for productivity tool downloads, such as Zoom, TeamViewer, and Visual Studio. [.].
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
CyberSecurity Insiders
FEBRUARY 2, 2022
Apple Inc, the American tech giant that produces iPhone, has paid $100,500 to a hacker for hacking MacBook Webcam. Ryan Pickren is the hacker who was rewarded well by the iOS giant as he brought to their issue a severe vulnerability that could have allowed criminals to sneak into the computing activities of Mac users. Ryan said to have picked up the vulnerability from the safari browser of the MacOS allowing him/or the hacker to gain full access to a device through the multimedia permission appl
Security Through Education
FEBRUARY 2, 2022
Rapport. What is it? It is defined as “A relationship characterized by agreement, mutual understanding, or empathy that makes communication possible.” Building rapport is a powerful tool that not only aids in forging relationships, but also in furthering one’s career. It can shift the tides in everything from negotiating small business transactions, to sealing a major corporate deal.
The Hacker News
FEBRUARY 2, 2022
The threat actor behind the supply chain compromise of SolarWinds has continued to expand its malware arsenal with new tools and techniques that were deployed in attacks as early as 2019, once indicative of the elusive nature of the campaigns and the adversary's ability to maintain persistent access for years.
CSO Magazine
FEBRUARY 2, 2022
Cybersecurity champions programs nurture and encourage cybersecurity awareness within a business, combining education with peer-to-peer collaboration to embed a culture of security understanding, support, and positive behavior among a workforce. A typical program consists of individuals from different departments who act as security advocates for their function and help to shape an organization’s cybersecurity approach internally.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Dark Reading
FEBRUARY 2, 2022
Enterprises interested in managed detection and response (MDR) services to monitor endpoints and workloads should make sure the providers have rock-solid expertise in detecting and responding to threats.
We Live Security
FEBRUARY 2, 2022
Some fraudsters may use low-tech tactics to steal your sensitive information – peering over your shoulder as you enter that data is one of them. The post Shoulder surfing: Watch out for eagle‑eyed snoopers peeking at your phone appeared first on WeLiveSecurity.
CyberSecurity Insiders
FEBRUARY 2, 2022
This blog was written by an independent guest blogger. Ambitious information security experts serve as a critical part of cyber risk management. The corporation is responsible for structuring IT and information security activities to protect its data resources, such as hardware, software, and procedures. To stay competitive, enterprises must design and establish secure environments that retain confidentiality and privacy while also ensuring the integrity of corporate information.
Security Affairs
FEBRUARY 2, 2022
Cyber security team at retail giant Walmart dissected a new ransomware family dubbed Sugar, which implements a ransomware-as-a-service model. The cyber threat team at retail giant Walmart has analyzed a new ransomware family dubbed Sugar, which is offered through a ransomware-as-a-service (RaaS) model. Unlike other ransomware operations, Sugar ransomware appears to primarily focus on individual computers instead of entire enterprises.
Advertisement
The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.
Bleeping Computer
FEBRUARY 2, 2022
Slovak internet security firm ESET released security fixes to address a high severity local privilege escalation vulnerability affecting multiple products on systems running Windows 10 and later or Windows Server 2016 and above. [.].
Security Boulevard
FEBRUARY 2, 2022
The post New OT/IoT Security Report: Trends and Countermeasures for Critical Infrastructure Attacks appeared first on Nozomi Networks. The post New OT/IoT Security Report: Trends and Countermeasures for Critical Infrastructure Attacks appeared first on Security Boulevard.
CyberSecurity Insiders
FEBRUARY 2, 2022
According to a recent survey conducted by email security providing firm Tessian, nearly one third of employees take data while leaving their job. And there is a high probability that the information can be used for various malevolent purposes. With COVID-19 pandemic ruining careers of many in 2021, workers are seen taking data with them (without the permission of their superiors) while leaving their job, respectively.
Security Boulevard
FEBRUARY 2, 2022
As a foundational security technology that’s been implemented for decades, public key infrastructure (PKI) is already deployed in most enterprise IT infrastructures to protect network devices, workforce and internet of things (IoT) devices for a variety of use cases such as passwordless authentication, data encryption and digital signing. However, the ongoing management and maintenance of an.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Malwarebytes
FEBRUARY 2, 2022
A cyberattack has disrupted the activities in Germany of fuel supplier Oiltanking Deutschland GmbH & Co. KG. The supplier is, among others, responsible for deliveries to the thousands of Shell and Aral gas stations in Germany. . The Oiltanking division of Hamburg-based Marquard & Bahls owns and operates 45 terminals in 20 countries. As far as we know only German branches of the firm are affected by the attack.
Security Boulevard
FEBRUARY 2, 2022
With aggressive changes in the digital and technical risk landscape, making decisions around cybersecurity spending has become one of the biggest challenges to business leaders. Most executives know that their organization should be taking proper cybersecurity measures but have trouble determining what specific cybersecurity measures are critical to their organization.
Malwarebytes
FEBRUARY 2, 2022
Why do machines always throw a tantrum when you are in a hurry? It’s called Murphy’s Law which some people may know as the butter side down rule. Anything that can go wrong will go wrong. And usually at a time when it is most inconvenient. That being said, there are ways to speed things up. Let’s have a look at some options to fix slow computers. Why is my PC so slow all of a sudden?
Security Boulevard
FEBRUARY 2, 2022
Historically, account takeover (ATO) has been recognized as an attack in which cybercriminals take ownership of online accounts using stolen passwords and usernames. Cybercriminals purchase a list of account credentials from the dark web that are usually compiled by hackers through social engineering, data breaches, and phishing attacks. They use these credentials to deploy bots […].
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Expert insights. Personalized for you.
352 
Let's personalize your content