Troy Hunt

JANUARY 5, 2023

Strap yourself in, this is a big one! Big video, big breach (scrape?), and a big audience today. The Twitter incident consumed a heap of my time before, during and after this live stream, but then I go and get a sudden itch to do stuff like the number plate capturing and, well, there goes even more hours I don't have. But hey, I love what I do and I have no regrets, I hope you enjoy watching this week's vid 😊 Oh - one more thing: today I set up an official Mastodon account for

Password Management 227

Password Management Accountability Passwords 227

Tech Republic Security

JANUARY 5, 2023

Google, Microsoft and Proton launched new end-to-end encryption products to confront the 50% increase in ransomware, phishing and other email-vector attacks from the first half of 2022. The post Cloud email services bolster encryption against hackers appeared first on TechRepublic.

Encryption 185

Encryption Phishing Ransomware VPN 185

eSecurity Planet

JANUARY 5, 2023

After a year that saw massive ransomware attacks and open cyber warfare, the biggest question in cybersecurity for 2023 will likely be how much of those attack techniques get commoditized and weaponized. “In 2022, governments fought wars online, businesses were affected by multiple ransomware gangs, and regular users’ data was constantly on hackers’ radars,” said NordVPN CTO Marijus Briedis. 2023, he predicted, “will not be any easier when it comes to keeping users’

Ransomware 141

Ransomware CISO Software Cybercrime 141

Tech Republic Security

JANUARY 5, 2023

With the self-hosted Passbolt password manager, you must configure an SMTP server to use the collaboration features. Learn how to do it. The post How to configure an SMTP server in a self-hosted instance Passbolt appeared first on TechRepublic.

Password Management 145

Password Management Passwords Software 145

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

CSO Magazine

JANUARY 5, 2023

Autonomous intelligence, artificial intelligence (AI) that can act without human intervention, can help identify critical infrastructure cyberattack patterns and network activity, and detect malware to enable enhanced decision-making about defensive responses. That’s according to the preliminary findings of an international experiment of AI’s ability to secure and defend systems, power grids and other critical assets by cyber experts at the North Atlantic Treaty Organization’s (NATO) Cyber Coali

Artificial Intelligence 126

Artificial Intelligence Malware 126

Dark Reading

JANUARY 5, 2023

A data dump of Twitter user details on an underground forum appears to stem from an API endpoint compromise and large-scale data scraping.

141

141

Bleeping Computer

JANUARY 5, 2023

Slack suffered a security incident over the holidays affecting some of its private GitHub code repositories. [.].

145

145

Security Boulevard

JANUARY 5, 2023

Ransomware continues to be a growing and increasingly dangerous threat to businesses. The numbers are ominous: Every 11 seconds a business experiences a ransomware attack, according to current research from Veeam. Most organizations recognize the urgency of protecting their networks, but they may not realize that’s only half the battle. Experience shows that virtually all attackers.

Backups 112

Backups Ransomware Security Awareness Malware 112

CyberSecurity Insiders

JANUARY 5, 2023

All the ministers and government employees working in the UK were issued a warning when their official contact details were publicly available online until March 2020. The Government Communication Service website was publicly displaying information of about 45k Govt employees and details include email address, phone numbers and job titles, along with the social media account handles of some ministers and civil servants, including their Twitter and LinkedIn profiles.

Government 109

Government Social Engineering Advertising Media 109

Security Boulevard

JANUARY 5, 2023

In this latest attack on software development environments, the CircleCI platform may have exposed secrets used by millions of software developers. A security breach of the CircleCI development platform has exposed security tokens and other secrets used by more than a million developers, the company said in a statement on Wednesday. . The post After hack, CircleCI tells devs to update secrets now appeared first on Security Boulevard.

Hacking 104

Hacking Software Threat Detection 104

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Heimadal Security

JANUARY 5, 2023

Over 100k user entries and administrative credentials were leaked from a cricket community social network. Cybernews researchers discovered that cricketsocial[.]com left an open database containing emails, phone numbers, names, hashed user passwords, dates of birth, and addresses. Most of the entries appear to be test data, but the team’s study suggests that some are personally […].

Passwords 102

Passwords Cybersecurity 102

Graham Cluley

JANUARY 5, 2023

Do ransomware gangs actually have a heart? Perhaps. Read more in my article on the Tripwire State of Security blog.

Ransomware 125

Ransomware Malware 125

Heimadal Security

JANUARY 5, 2023

Identity theft is a growing problem in today’s digital world. With more of our personal information available online, it can be difficult to protect ourselves from malicious actors who may use our data for malicious purposes. While it might seem like an intimidating issue to tackle, this 20 steps guide on how to prevent identity […]. The post How to Prevent Identity Theft With 20 Essential Steps [Updated 2023] appeared first on Heimdal Security Blog.

Identity Theft 98

Identity Theft 98

Security Boulevard

JANUARY 5, 2023

On December 29, 2022, Slack was alerted to suspicious activity on their GitHub account. Upon investigation, the company discovered that a limited number of employee tokens had been stolen and misused to gain access to an externally hosted repository. The threat actor had also downloaded private code repositories on December 27, but neither Slack’s primary [.].

Accountability 98

Accountability Hacking Data breaches 98

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Malwarebytes

JANUARY 5, 2023

Google has published its first security bulletin of 2023 with details of security vulnerabilities affecting Android devices. Patch level 2023-01-01 includes 20 issues and patch level 2023-01-05 includes fixes for another 40 issues. The Android security patch level refers to a monthly manifest of security patches rolled out by Google in an effort to close up security holes and malicious code exploits in the Android OS.

Wireless 98

Wireless Software Risk Cybersecurity 98

Security Boulevard

JANUARY 5, 2023

Deloitte's “CFO Signals” Q4 2022 survey of chief financial officers found 41% feeling pessimistic about their companies’ financial outlook. Survey participants named “cost management” their number one priority for 2023. On the other hand, 79% said they intend to make new investments in the new year in “digital transformation.”. The post 3 Ways to Defend a Cybersecurity Budget with Cyber Risk Quantification appeared first on Security Boulevard.

Cyber Risk 98

Cyber Risk Digital transformation Risk Cybersecurity 98

Malwarebytes

JANUARY 5, 2023

The FBI has issued a public notice which includes advice to block adverts. Why? Let’s take a look. The bogus advert tightrope. It’s no secret that rogue ads have been a particular plague on the Internet for as far back as we can remember. From irritating pop ups and spinning “You’ve won a prize” banners to adverts pushing malicious redirects and malvertising, you never quite know what’s waiting in your browser when the page you request loads up.

Advertising 98

Advertising Engineering Internet Internet 98

Security Boulevard

JANUARY 5, 2023

The use of 3rd parties to test the cyber hygiene of business partners and vendors has become increasingly common. The post Predictor or Pitfall? Third Party Security Evaluators appeared first on Radware Blog. The post Predictor or Pitfall? Third Party Security Evaluators appeared first on Security Boulevard.

98

98

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Malwarebytes

JANUARY 5, 2023

If you make use of plugins on your WordPress site (and you probably do), it’s time to take a good look at what’s running under the hood. Ars Technica reports that unpatched vulnerabilities being exploited across no fewer than 30 plugins. A long list of plugin problems. If you own or operate a website there is a very good chance it uses WordPress.

Malware 96

Malware Risk Authentication Software 96

Security Boulevard

JANUARY 5, 2023

As the new year begins, we wanted to highlight a few trends and predictions we believe will be relevant for organizations when it comes to cloud security initiatives, attacks, and compliance in 2023. 2023 CLOUD SECURITY PREDICTIONS First, let’s cover. The post Looking Ahead: Cloud Security and Compliance Trends in 2023 appeared first on Deepfence. The post Looking Ahead: Cloud Security and Compliance Trends in 2023 appeared first on Security Boulevard.

98

98

Heimadal Security

JANUARY 5, 2023

In what might be a severe blow to its ad-fueled business model, the Irish Data Protection Commission (DPC) has fined Facebook’s parent company Meta $414 million for its management of user data for distributing personalized ads. Privacy regulators ordered Meta Ireland to pay two fines, one over violations of the E.U. General Data Protection Regulation […].

Advertising 96

Advertising Cybersecurity 96

Security Boulevard

JANUARY 5, 2023

Most IT security functions have accrued multiple point products over the years. Some were acquired through M&A activity. Others may have been brought in by successive CISOs. The idea is not in itself a bad one – find a product that does one thing really well and integrate it with the rest to deliver “best-of-breed” security. For many years that’s what enterprises aimed for.

Technology 98

Technology Cybersecurity CISO 98

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

Bleeping Computer

JANUARY 5, 2023

South African threat actors known as 'Automated Libra' has been improving its techniques to make a profit by using cloud platform resources for cryptocurrency mining. [.].

Accountability 97

Accountability Cryptocurrency 97

Security Boulevard

JANUARY 5, 2023

Today, Cyber Resilience May Be More Important Than Traditional Cyber Protections . Traditionally, when it comes to cybersecurity and compliance, many organizations approach them from a checklist perspective—doing the minimum to meet requirements and putting it all away until the next audit, certification, or incident highlight. . The post It’s No Longer About Just Defending Your Kingdom, You Must Withstand the Storms appeared first on Security Boulevard.

Cybersecurity 97

Cybersecurity Risk Government Ransomware 97

CyberSecurity Insiders

JANUARY 5, 2023

Volvo, the Swedish carmaker, has hit the Google headlines for an alleged data leak caused by a ransomware incident. The luxury car maker is yet to disclose whether the hack is true and if the leaked information genuinely belongs to the company. Cybersecurity Insiders learnt that the attack took place on December 31st last year and was accessed by the threat actors via a 3rd party servers and as Volvo’s staff failed or denied to pay a ransom, the stolen data was made public on a hacking forum.

Ransomware 95

Ransomware Hacking Government Cybersecurity 95

Security Boulevard

JANUARY 5, 2023

Learn how to choose React Native libraries that abide by application security principles in order to build secure mobile applications. The post How to choose React Native libraries for secure mobile application development appeared first on Security Boulevard.

Mobile 97

Mobile Software 97

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

The Security Ledger

JANUARY 5, 2023

In this episode of the Security Ledger Podcast, Paul speaks with Jill Moné-Corallo, the Director of Product Security Engineering Response at GitHub. Jill talks about her journey from a college stint working at Apple’s Genius bar, to the information security space - first at product security at Apple and now at GitHub, a massive development. Read the whole entry. » Click the icon below to listen.

Engineering 95

Engineering Software Information Security Cybersecurity 95

Security Affairs

JANUARY 5, 2023

The popular AI chatbot ChatGPT might be used by threat actors to hack easily hack into target networks. Original post at [link]. Cybernews research team discovered that the AI-based chatbot ChatGPT – a recently launched platform that caught the online community’s attention – could provide hackers with step-by-step instructions on how to hack websites.

Penetration Testing 91

Penetration Testing Artificial Intelligence Hacking Media 91

Bleeping Computer

JANUARY 5, 2023

The NYC Department of Education has banned the use of ChatGPT by students and teachers in New York City schools as there are serious concerns about its use hampering learning and leading to misinformation. [.].

Education 92

Education Technology 92

Malwarebytes

JANUARY 5, 2023

The Supreme Court of Ohio issued a ruling days before the New Year that a software and service provider shouldn't be covered by insurance against a ransomware attack as it didn't cause direct or physical harm to tangible components of software, as it doesn’t have any. "When insurance policy covers 'physical damage', there must be direct physical loss or physical damage of the covered media containing the computer software in order for the software to be covered under the policy," the opini

Insurance 90

Insurance Software Ransomware Media 90

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.