Lohrman on Security

MARCH 20, 2022

What have we learned so far regarding cybersecurity from the Russia-Ukraine war and related cyber incidents around the world? Let’s explore.

Cybersecurity 277

Cybersecurity 277

Security Boulevard

MARCH 20, 2022

Learn what DDoS is and what it can do to your API endpoints, how to mitigate DDOS attacks, and build a security response. The post How to Mitigate DDoS Attacks on Your APIs appeared first on Traceable App & API Security. The post How to Mitigate DDoS Attacks on Your APIs appeared first on Security Boulevard.

DDOS 104

DDOS 104

Acunetix

MARCH 20, 2022

Weak passwords and password reuse are still some of the most serious concerns for cybersecurity. There are several ways to increase password security but they are often not adopted by users and administrators. Here’s how you can make sure that sensitive data in your web. Read more. The post Common password vulnerabilities and how to avoid them appeared first on Acunetix.

Passwords 98

Passwords Cybersecurity 98

Security Boulevard

MARCH 20, 2022

Thanks are in order to the Munich Security Conference) for the yearly publishing of their terrific videos covering the Munich Security Conference on the organization’s YouTube channel. This embedded compilation provides over 4 and 1/2 hours of cybersecurity & information security content from the Munich Cybersecurity Conference held earlier this year, and not previously published here.

Information Security 104

Information Security Cybersecurity 104

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Security Affairs

MARCH 20, 2022

Anonymous hacked Omega Company, the in-house R&D unit of Transneft, the Russian oil pipeline giant, and leaked stolen data. Anonymous collective claims it has hacked Omega Company, which is the in-house R&D unit of Transneft, the Russia-based state-controlled oil pipeline company. Transneft is the largest oil pipeline company in the world, the hacktivists have stolen 79GB of emails and published them on the leak site of the non-profit whistleblower organization Distributed Denial of Secr

Hacking 98

Hacking Cyber Attacks Government Accountability 98

Security Boulevard

MARCH 20, 2022

Russia, Belarus, and China have taken some definite steps towards breaking off their internet into a separate entity that is controlled by the state. Russia has had a history of conducting tests to disconnect itself from the internet. China has already its version of the WWW complete with an ecosystem of developers and government controls. […]. The post Splinternet will lead to the evolution of new and sophisticated malware appeared first on Security Boulevard.

Malware 98

Malware Internet Internet Government 98

Security Boulevard

MARCH 20, 2022

STEM summer camps can make summer learning fun and exciting by teaching kids about science, technology, engineering, and math. The camps can give children an opportunity to continue learning more about a concept they were introduced to during the school year or event explore different STEM concepts they may not learn about in their classrooms. The post Benefits of STEM Summer Camps first appeared on SecurityOrb.com.

Engineering 98

Engineering Technology Education 98

Heimadal Security

MARCH 20, 2022

Whether we use it mostly at home or at work, the Internet is not always a safe place – clearly. As cybersecurity professionals, we know – and try to draw everyone’s attention too – that there are dozens of threats we need to be aware of in order to protect our online security. In this […]. The post Riskware. Cybersecurity Threats You Must Be Aware Of appeared first on Heimdal Security Blog.

Cybersecurity 93

Cybersecurity Internet Internet Education 93

Bleeping Computer

MARCH 20, 2022

Western Digital's EdgeRover desktop app for both Windows and Mac are vulnerable to local privilege escalation and sandboxing escape bugs that could allow the disclosure of sensitive information or denial of service (DoS) attacks. [.].

83

83

Security Affairs

MARCH 20, 2022

This post provides a timeline of the events related to the Russia invasion of Ukraine from the cyber security perspective. Below is the timeline of the events related to the previous weeks: March 18 – China-linked threat actors are targeting the government of Ukraine. Google’s TAG team revealed that China-linked APT groups are targeting Ukraine ’s government for intelligence purposes.

Government 80

Government Antivirus Hacking Software 80

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

WIRED Threat Level

MARCH 20, 2022

A brief history and the ramifications of cluster bombs, history’s most indiscriminate weapon.

98

98

Security Boulevard

MARCH 20, 2022

Endpoint devices played a big part in malware and ransomware attacks in 2021. According to a study covered by Help Net Security, security researchers detected more malware and ransomware endpoint infections in the first nine months of the year than they did for all of 2020. Attack scripts leveraging PowerSploit, Cobalt Strike, and other tools […]… Read More.

Ransomware 52

Ransomware Malware 52

WIRED Threat Level

MARCH 20, 2022

Lock down your account to tweet in peace or take the guardrails off to court controversy.

Accountability 70

Accountability 70

Security Boulevard

MARCH 20, 2022

This week we discuss the top 3 location tracking apps in the Apple App Store and Google Play and which ones sell your data. Plus, details about recent fake Chick-fil-A and Olive Garden vouchers on Facebook. ** Links mentioned on the show ** #1 Phone Tracker by Number [link] [link] – Android [link] – iOS […]. The post Top 3 Location Tracking Apps: Do They Sell Your Data?

Social Engineering 52

Social Engineering Engineering Scams Technology 52

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Daniel Miessler

MARCH 20, 2022

I’m starting a new series with this 2022 edition where I think about what Information Security could or should look like in the distant future—say in 2050. The ideas will cover multiple aspects of InfoSec, from organizational structure to technology. I’m doing this for fun—basically to see how dumb I look later—but I also hope it’ll drive interesting discussions on where things should go.

InfoSec 180

InfoSec Insurance Engineering Technology 180

Security Boulevard

MARCH 20, 2022

Our thanks to Purdue University’s The Center for Education and Research in Information Assurance and Security (CERIAS) for publishing their illuminating security symposiums, seminars, talks, and presentations on the Schools’ YouTube channel. Permalink. The post Purdue University’s CERIAS 2021 Security Symposium – Ida Ngambeki, PhD’s ‘Industrial Control Systems Security: An Educational Challenge’ appeared first on Security Boulevard.

Education 52

Education 52

Security Affairs

MARCH 20, 2022

FBI, CISA, and the European Union Aviation Safety Agency (EASA) warn of possible threats to international satellite communication (SATCOM) networks. Satellite communication (SATCOM) networks are critical infrastructure for modern society, US and EU agencies warn of possible threats to them. Victor Zhora, Chief Digital Transformation Officer at the State Service of Special Communication and Information Protection (SSSCIP) of Ukraine, speaking about the VIASAT attack , said “it was a really

Cyber Attacks 81

Cyber Attacks Digital transformation Firmware Internet 81

Security Boulevard

MARCH 20, 2022

Ermetic is launching a new open-source tool: Access Undenied on AWS. The tool parses AWS AccessDenied CloudTrail events, explains the reasons for them and offers actionable fixes. The post Access Undenied on AWS appeared first on Ermetic. The post Access Undenied on AWS appeared first on Security Boulevard.

52

52

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Security Affairs

MARCH 20, 2022

A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. If you want to also receive for free the newsletter with the international press subscribe here. EU and US agencies warn that Russia could attack satellite communications networks Avoslocker ransomware gang targets US critical infrastructure Crooks claims to have stolen 4TB of data from TransUnion South Africa Exotic Lily initial access broker

DNS 84

DNS Antivirus DDOS Hacking 84

Security Boulevard

MARCH 20, 2022

via the comic artistry and dry wit of Randall Munroe , resident at XKCD ! Permalink. The post XKCD ‘Advanced Techniques’ appeared first on Security Boulevard.

52

52

Security Boulevard

MARCH 20, 2022

One of the main challenges of OT security is the problem of compatibility. OT components often differ significantly from each other in terms of age and sophistication as well as software and communication protocols. This complicates asset discovery and makes it difficult to establish a consistent cybersecurity governance approach. Combating asset blindness in OT security […]… Read More.

Government 52

Government Software Cybersecurity Technology 52