Schneier on Security
JANUARY 27, 2023
Early in his career, Kevin Mitnick successfully hacked California law. He told me the story when he heard about my new book , which he partially recounts his 2012 book, Ghost in the Wires. The setup is that he just discovered that there’s warrant for his arrest by the California Youth Authority, and he’s trying to figure out if there’s any way out of it.
Troy Hunt
JANUARY 27, 2023
Breaches all over the place today! Well, this past week, and there's some debate as to whether one of them is a breach, a scrape or if the term just doesn't matter anyway. Plus, we've been kitchen shopping, I'm helping friends out with connected doorbells and other random but somehow related things this week. Enjoy 😊 References I'll be "at" GOTO Aarhus in May (there online, but definitely speaking at the show) Following all the awesome input, we decided t
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Schneier on Security
JANUARY 27, 2023
Scientists have created a hydrogel “using squid mantle and creative chemistry.” As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here.
Tech Republic Security
JANUARY 27, 2023
Working with international law enforcement, the FBI said it has seized control of the servers the Hive group uses to communicate with members. The post FBI takes down Hive ransomware group appeared first on TechRepublic.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Schneier on Security
JANUARY 27, 2023
This is a good list of modern phishing techniques.
Tech Republic Security
JANUARY 27, 2023
TechRepublic speaks with Carlos Morales of Neustar Security Services on the best ways for companies to spend on cybersecurity — even if their budgets are tighter. The post Here’s how IT budgets should fill cybersecurity moats in 2023 appeared first on TechRepublic.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Tech Republic Security
JANUARY 27, 2023
Microsoft’s cloud-hosted SIEM software comes with a suite of powerful analytics tools designed to read logs and find anomalies in the data haystack. The post How to use Microsoft KQL for SIEM insight appeared first on TechRepublic.
Security Boulevard
JANUARY 27, 2023
Law enforcement agencies from several countries got together and took down the site. They also worked to decrypt victims’ data. The post ‘Hive’ Russian Ransomware Gang Shut Down by FBI, DoJ, Europol, Bundeskriminalamt, et al appeared first on Security Boulevard.
We Live Security
JANUARY 27, 2023
Sandworm continues to conduct attacks against carefully chosen targets in the war-torn country The post SwiftSlicer: New destructive wiper malware strikes Ukraine appeared first on WeLiveSecurity
Security Boulevard
JANUARY 27, 2023
The Federal Trade Commission (FTC) chair, Lina M. Khan, recently announced the commission’s intent to adjust a rule that would prohibit non-compete agreements by workers or independent contractors. Their rationale? Unfair competition—which, therefore, falls under the purview of the FTC. This could have a huge impact on the cybersecurity and IT industries, and open up.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Bleeping Computer
JANUARY 27, 2023
Security researchers have analyzed a variant of the PlugX malware that can hide malicious files on removable USB devices and then infect the Windows hosts they connect to. [.
Security Boulevard
JANUARY 27, 2023
Chainguard this week made available a memory-safe distribution of Linux, dubbed Wolfi, that promises to eliminate the root cause of the bulk of known software vulnerabilities. In addition, Chainguard has partnered with the Internet Security Research Group (ISRG) to create a Rustls TLS library for Wolfi available as the default backend in libcurl. All curl.
CyberSecurity Insiders
JANUARY 27, 2023
Russia launched a war on Ukraine, its neighboring country, on February 24th of the year 2022. And still the Zelenskyy led nation hasn’t surrendered to Moscow, all because of the extreme support from the west, regarding arms & ammunition, essentials and, of course, funds. As the war is fast approaching the one year long milestone, Putin intensified the war by attacking the civilian populace from December last year.
Security Boulevard
JANUARY 27, 2023
Artificial intelligence (AI) is rapidly becoming a powerful tool in the cybersecurity landscape, with the potential to revolutionize the way we detect and respond to cyber threats. However, as with any technology, there are also risks associated with the use of AI in cybersecurity. In this blog post, we will explore both the advantages and dangers of AI in cybersecurity, including examples of how cybercriminals could use AI to improve social engineering attacks and how cybersecurity companies ca
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Bleeping Computer
JANUARY 27, 2023
For the most part, this week has been relatively quiet regarding ransomware attacks and researcher — that is, until the FBI announced the disruption of the Hive ransomware operation. [.
Security Boulevard
JANUARY 27, 2023
A breach at LastPass is the gift that keeps on giving—or taking, depending on your perspective. LastPass parent company GoTo raised the alarm this week that, in addition to stealing encrypted backups containing customer data, hackers nicked an encryption key last November. “An unauthorized party gained access to a third-party cloud-based storage service, which LastPass.
Bleeping Computer
JANUARY 27, 2023
The Ukrainian Computer Emergency Response Team (CERT-UA) found a cocktail of five different data-wiping malware strains deployed on the network of the country's national news agency (Ukrinform) on January 17th. [.
CSO Magazine
JANUARY 27, 2023
Security researchers warn that an increasing number of attackers are using legitimate remote monitoring and management (RMM) tools in their attacks to achieve remote access and control over systems. These tools are commonly used by managed service providers (MSPs) and IT help desks so their presence on an organization's network and systems might not raise suspicion.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
We Live Security
JANUARY 27, 2023
Data Privacy Week is a reminder to protect your data – all year round. Here are three privacy-boosting habits you can start today. The post Are you in control of your personal data?
CSO Magazine
JANUARY 27, 2023
The US Department of Justice (DOJ) along with international partners have taken down the Hive ransomware group. The operation that began in July 2022 resulted in the FBI penetrating Hive’s computer networks, capturing its decryption keys, and offering them to victims worldwide, preventing victims from having to pay the $130 million in ransom demanded, DOJ said in a release on Thursday.
Security Boulevard
JANUARY 27, 2023
Anyone who has been in IT for the last decade knows the risks posed by ransomware and cyberattacks. They have been on our radar as a top concern for many years. But there have been changes. Most notably, the prevalence of attacks, specifically on large global companies, and the growing focus on a new target, The post Securing Against Supply Chain Attacks appeared first on Security Boulevard.
Dark Reading
JANUARY 27, 2023
An academic analysis of website defacement behavior by 241 new hackers shows there are four clear trajectories they can take in future, researchers say.
Advertisement
The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.
Security Boulevard
JANUARY 27, 2023
Insight #1 " It really is time for LastPass users to stop using it. They have had many breaches over the past few years, but this latest is the worst of them all." Insight #2 " The shift left movement is dead. It’s time to re-evaluate your application security practices and instead, Shift Smart. Use the right tools at the right point in the process to provide the most effective and least noisy results.
Dark Reading
JANUARY 27, 2023
OpenAI's chatbot has the promise to revolutionize how security practitioners work.
Digital Guardian
JANUARY 27, 2023
A ransomware giant was taken down this past week, but vulnerabilities, poor cybersecurity implementation, and new hacking methods remain. Catch up on all of the latest stories in this week’s Friday Five!
The Hacker News
JANUARY 27, 2023
Orcus is a Remote Access Trojan with some distinctive characteristics. The RAT allows attackers to create plugins and offers a robust core feature set that makes it quite a dangerous malicious program in its class. RAT is quite a stable type that always makes it to the top. ANY.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Heimadal Security
JANUARY 27, 2023
One of the most recent finds exposed the Aurora Stealer malware imitating popular applications to infect as many users as possible. Cyble researchers were able to determine that, in order to target a variety of well-known applications, the threat actors are actively changing and customizing their phishing websites. Aurora targets data from web browsers and crypto […] The post Aurora Infostealer Malware Deploys Shapeshifting Tactics appeared first on Heimdal Security Blog.
Security Affairs
JANUARY 27, 2023
Microsoft warns customers to patch their Exchange servers because attackers always look to exploit unpatched installs. Microsoft published a post to urge its customers to protect their Exchange servers because threat actors actively attempt to exploit vulnerabilities in unpatched installs. The IT giant recommends installing the latest available Cumulative Update (CU) and Security Update (SU) on Exchange servers “There are too many aspects of unpatched on-premises Exchange environments that
The Hacker News
JANUARY 27, 2023
Cybersecurity researchers have uncovered a PlugX sample that employs sneaky methods to infect attached removable USB media devices in order to propagate the malware to additional systems.
IT Security Guru
JANUARY 27, 2023
This year’s annual Data Privacy Day falls on January 28 th. Each year, the day provides an opportunity to educate consumers and organisations alike on the importance of privacy and staying safe online. Since the awareness around data privacy is still somewhat lacking, we’ve come up with a piece that you can share with your less tech-savvy friends and family members.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Expert insights. Personalized for you.
288 
Let's personalize your content