Fri.Jan 27, 2023

article thumbnail

Kevin Mitnick Hacked California Law in 1983

Schneier on Security

Early in his career, Kevin Mitnick successfully hacked California law. He told me the story when he heard about my new book , which he partially recounts his 2012 book, Ghost in the Wires. The setup is that he just discovered that there’s warrant for his arrest by the California Youth Authority, and he’s trying to figure out if there’s any way out of it.

Hacking 320
article thumbnail

Weekly Update 332

Troy Hunt

Breaches all over the place today! Well, this past week, and there's some debate as to whether one of them is a breach, a scrape or if the term just doesn't matter anyway. Plus, we've been kitchen shopping, I'm helping friends out with connected doorbells and other random but somehow related things this week. Enjoy 😊 References I'll be "at" GOTO Aarhus in May (there online, but definitely speaking at the show) Following all the awesome input, we decided t

213
213
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

A Guide to Phishing Attacks

Schneier on Security

This is a good list of modern phishing techniques.

Phishing 297
article thumbnail

FBI takes down Hive ransomware group

Tech Republic Security

Working with international law enforcement, the FBI said it has seized control of the servers the Hive group uses to communicate with members. The post FBI takes down Hive ransomware group appeared first on TechRepublic.

article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Massive Microsoft 365 outage caused by WAN router IP change

Bleeping Computer

Microsoft says this week's five-hour-long Microsoft 365 worldwide outage was caused by a router IP address change that led to packet forwarding issues between all other routers in its Wide Area Network (WAN). [.

145
145
article thumbnail

Here’s how IT budgets should fill cybersecurity moats in 2023

Tech Republic Security

TechRepublic speaks with Carlos Morales of Neustar Security Services on the best ways for companies to spend on cybersecurity — even if their budgets are tighter. The post Here’s how IT budgets should fill cybersecurity moats in 2023 appeared first on TechRepublic.

More Trending

article thumbnail

‘Hive’ Russian Ransomware Gang Shut Down by FBI, DoJ, Europol, Bundeskriminalamt, et al

Security Boulevard

Law enforcement agencies from several countries got together and took down the site. They also worked to decrypt victims’ data. The post ‘Hive’ Russian Ransomware Gang Shut Down by FBI, DoJ, Europol, Bundeskriminalamt, et al appeared first on Security Boulevard.

article thumbnail

SwiftSlicer: New destructive wiper malware strikes Ukraine

We Live Security

Sandworm continues to conduct attacks against carefully chosen targets in the war-torn country The post SwiftSlicer: New destructive wiper malware strikes Ukraine appeared first on WeLiveSecurity

Malware 145
article thumbnail

FTC Proposes Eliminating Non-Compete Clauses

Security Boulevard

The Federal Trade Commission (FTC) chair, Lina M. Khan, recently announced the commission’s intent to adjust a rule that would prohibit non-compete agreements by workers or independent contractors. Their rationale? Unfair competition—which, therefore, falls under the purview of the FTC. This could have a huge impact on the cybersecurity and IT industries, and open up.

article thumbnail

Russia starts cyber attacks on the West with Germany for supporting Ukraine

CyberSecurity Insiders

Russia launched a war on Ukraine, its neighboring country, on February 24th of the year 2022. And still the Zelenskyy led nation hasn’t surrendered to Moscow, all because of the extreme support from the west, regarding arms & ammunition, essentials and, of course, funds. As the war is fast approaching the one year long milestone, Putin intensified the war by attacking the civilian populace from December last year.

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Chainguard Unveils Memory-Safe Linux Distribution

Security Boulevard

Chainguard this week made available a memory-safe distribution of Linux, dubbed Wolfi, that promises to eliminate the root cause of the bulk of known software vulnerabilities. In addition, Chainguard has partnered with the Internet Security Research Group (ISRG) to create a Rustls TLS library for Wolfi available as the default backend in libcurl. All curl.

Internet 137
article thumbnail

PlugX malware hides on USB devices to infect new Windows hosts

Bleeping Computer

Security researchers have analyzed a variant of the PlugX malware that can hide malicious files on removable USB devices and then infect the Windows hosts they connect to. [.

Malware 134
article thumbnail

AI in cybersecurity: The good, the bad, and the ugly

Security Boulevard

Artificial intelligence (AI) is rapidly becoming a powerful tool in the cybersecurity landscape, with the potential to revolutionize the way we detect and respond to cyber threats. However, as with any technology, there are also risks associated with the use of AI in cybersecurity. In this blog post, we will explore both the advantages and dangers of AI in cybersecurity, including examples of how cybercriminals could use AI to improve social engineering attacks and how cybersecurity companies ca

article thumbnail

How to use Microsoft KQL for SIEM insight

Tech Republic Security

Microsoft’s cloud-hosted SIEM software comes with a suite of powerful analytics tools designed to read logs and find anomalies in the data haystack. The post How to use Microsoft KQL for SIEM insight appeared first on TechRepublic.

Software 134
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Critical RCE Lexmark Printer Bug Has Public Exploit

Dark Reading

A nasty SSRF bug in Web Services plagues a laundry list of enterprise printers.

129
129
article thumbnail

More Details of LastPass Breach: Hackers Used Stolen Encryption Key

Security Boulevard

A breach at LastPass is the gift that keeps on giving—or taking, depending on your perspective. LastPass parent company GoTo raised the alarm this week that, in addition to stealing encrypted backups containing customer data, hackers nicked an encryption key last November. “An unauthorized party gained access to a third-party cloud-based storage service, which LastPass.

article thumbnail

Hive ransomware servers shut down at last, says FBI

Naked Security

Unfortunately, you've probably already heard the cliche that "cybercrime abhors a vacuum".

article thumbnail

Hackers abuse legitimate remote monitoring and management tools in attacks

CSO Magazine

Security researchers warn that an increasing number of attackers are using legitimate remote monitoring and management (RMM) tools in their attacks to achieve remote access and control over systems. These tools are commonly used by managed service providers (MSPs) and IT help desks so their presence on an organization's network and systems might not raise suspicion.

120
120
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

How Noob Website Hackers Can Become Persistent Threats

Dark Reading

An academic analysis of website defacement behavior by 241 new hackers shows there are four clear trajectories they can take in future, researchers say.

118
118
article thumbnail

FBI takes down Hive ransomware group in an undercover operation

CSO Magazine

The US Department of Justice (DOJ) along with international partners have taken down the Hive ransomware group. The operation that began in July 2022 resulted in the FBI penetrating Hive’s computer networks, capturing its decryption keys, and offering them to victims worldwide, preventing victims from having to pay the $130 million in ransom demanded, DOJ said in a release on Thursday.

article thumbnail

The Week in Ransomware - January 27th 2023 - 'We hacked the hackers'

Bleeping Computer

For the most part, this week has been relatively quiet regarding ransomware attacks and researcher — that is, until the FBI announced the disruption of the Hive ransomware operation. [.

article thumbnail

3 Lifehacks While Analyzing Orcus RAT in a Malware Sandbox

The Hacker News

Orcus is a Remote Access Trojan with some distinctive characteristics. The RAT allows attackers to create plugins and offers a robust core feature set that makes it quite a dangerous malicious program in its class. RAT is quite a stable type that always makes it to the top. ANY.

Malware 113
article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

article thumbnail

Ukraine: Sandworm hackers hit news agency with 5 data wipers

Bleeping Computer

The Ukrainian Computer Emergency Response Team (CERT-UA) found a cocktail of five different data-wiping malware strains deployed on the network of the country's national news agency (Ukrinform) on January 17th. [.

Malware 113
article thumbnail

Securing Against Supply Chain Attacks

Security Boulevard

Anyone who has been in IT for the last decade knows the risks posed by ransomware and cyberattacks. They have been on our radar as a top concern for many years. But there have been changes. Most notably, the prevalence of attacks, specifically on large global companies, and the growing focus on a new target, The post Securing Against Supply Chain Attacks appeared first on Security Boulevard.

article thumbnail

Researchers Discover New PlugX Malware Variant Spreading via Removable USB Devices

The Hacker News

Cybersecurity researchers have uncovered a PlugX sample that employs sneaky methods to infect attached removable USB media devices in order to propagate the malware to additional systems.

Malware 110
article thumbnail

Data Privacy Day: Securing your data with a password manager

IT Security Guru

This year’s annual Data Privacy Day falls on January 28 th. Each year, the day provides an opportunity to educate consumers and organisations alike on the importance of privacy and staying safe online. Since the awareness around data privacy is still somewhat lacking, we’ve come up with a piece that you can share with your less tech-savvy friends and family members.

article thumbnail

Introducing CDEs to Your Enterprise

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

article thumbnail

ISC Releases Security Patches for New BIND DNS Software Vulnerabilities

The Hacker News

The Internet Systems Consortium (ISC) has released patches to address multiple security vulnerabilities in the Berkeley Internet Name Domain (BIND) 9 Domain Name System (DNS) software suite that could lead to a denial-of-service (DoS) condition. "A remote attacker could exploit these vulnerabilities to potentially cause denial-of-service conditions and system failures," the U.S.

DNS 109
article thumbnail

Are you in control of your personal data? – Week in security with Tony Anscombe

We Live Security

Data Privacy Week is a reminder to protect your data – all year round. Here are three privacy-boosting habits you can start today. The post Are you in control of your personal data?

article thumbnail

Hackers Use RMM Software to Breach Federal Agencies

eSecurity Planet

Cybercriminals recently breached U.S. federal agencies using remote monitoring and management (RMM) software as part of a widespread campaign. The malicious campaign began in June 2022 or earlier and was detected a few months later, according to an advisory from the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), and the Multi-State Information Sharing and Analysis Center (MS-ISAC).

Software 106
article thumbnail

Ukraine Hit with New Golang-based 'SwiftSlicer' Wiper Malware in Latest Cyber Attack

The Hacker News

Ukraine has come under a fresh cyber onslaught from Russia that involved the deployment of a previously undocumented Golang-based data wiper dubbed SwiftSlicer. ESET attributed the attack to Sandworm, a nation-state group linked to Military Unit 74455 of the Main Intelligence Directorate of the General Staff of the Armed Forces of the Russian Federation (GRU).

article thumbnail

IT Leadership Agrees AI is Here, but Now What?

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.