Mon.Jun 20, 2022

Hartzbleed: A New Side-Channel Attack

Schneier on Security

Hartzbleed is a new side-channel attack that works against a variety of microprocressors. Deducing cryptographic keys by analyzing power consumption has long been an attack, but it’s not generally viable because measuring power consumption is often hard.

GUEST ESSAY: Threat hunters adapt personas, leverage AI to gather intel in the Dark Web

The Last Watchdog

The Deep & Dark Web is a mystery to most in the mainstream today: many have heard about it, but few understand just a fraction of what’s going on there. Related: ‘IABs’ spread ransomware. Planning your roadmap, executing your projects, and keeping an eye on the barrage of ransomware headlines, it’s understandable if you and your team are feeling some anxiety. Cyber anxiety can indeed be paralyzing, but new software solutions have the potential to become game-changers for IT departments.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Hertzbleed: A New Side-Channel Attack

Schneier on Security

Hertzbleed is a new side-channel attack that works against a variety of microprocressors. Deducing cryptographic keys by analyzing power consumption has long been an attack, but it’s not generally viable because measuring power consumption is often hard.

RSAC insights: How IABs — initial access brokers — help sustain, accelerate the ransomware plague

The Last Watchdog

Specialization continues to advance apace in the cybercriminal ecosystem. Related: How cybercriminals leverage digital transformation. Initial access brokers, or IABs , are the latest specialists on the scene. IABs flashed to prominence on the heels of gaping vulnerabilities getting discovered and widely exploited in Windows servers deployed globally in enterprise networks.

How Preparation and Strategy Can Be Used to Fight and Defeat Any Ransomware Attack

Speaker: Karl Camilleri, Cloud Services Product Manager at phoenixNAP

Through a detailed analysis of major attacks and their consequences, Karl Camilleri, Cloud Services Product Manager at phoenixNAP, will discuss the state of ransomware and future predictions, as well as provide best practices for attack prevention and recovery.

Feds Take Down Russian 'RSOCKS' Botnet

Dark Reading

RSOCKS commandeered millions of devices in order to offer proxy services used to mask malicious traffic

106
106

9 Cybersecurity Challenges Companies Must Tackle Now

Security Boulevard

Most attacks are intended toward the most crucial asset of businesses: data. The wave of cyberthreats forced organizations to set up cybersecurity to survive. The post 9 Cybersecurity Challenges Companies Must Tackle Now appeared first on Security Boulevard. Security Bloggers Network

More Trending

Interpol busts 2000 suspects in phone scamming takedown

Naked Security

Friends don't let friends get scammed. Not everyone knows how typical scams unfold, so here are some real-world examples. Law & order Privacy bust Interpol scamming Social Engineering

Scams 103

Over 4 million people hack neighbors Wi-Fi in the UK

CyberSecurity Insiders

In a survey conducted by broadband service provider Konnect, over 4 million people were found hacking neighbors’ Wi-Fi, if there was a down or to avoid paying a fat subscription fee.

The Cybersecurity Diversity Gap: Advice for Organizations Looking to Thrive

Dark Reading

Companies need to fill some of the 3.5 million empty cybersecurity seats with workers who bring different experiences, perspectives, and cultures to the table. Cut a few doors and windows into the security hiring box

Uvalde Shooting Investigation Reveals Major Privacy Violation

Security Boulevard

In Carpenter v.

Cover Your SaaS: How to Overcome Security Challenges and Risks For Your Organization

Speaker: Ronald Eddings, Cybersecurity Expert and Podcaster

In this webinar, Ronald Eddings, Cybersecurity Expert, will outline the relationship between SaaS apps and IT & security teams, along with several actionable solutions to overcome the new difficulties facing your organization.

Russian APT28 hacker accused of the NATO think tank hack in Germany

Security Affairs

The Attorney General has issued an arrest warrant for a hacker who targeted a NATO think tank in Germany for the Russia-linked APT28.

Crypto mixers: What are they and how are they used?

We Live Security

How crypto mixers, also known as crypto tumblers, are used to obscure the trail of digital money. The post Crypto mixers: What are they and how are they used? appeared first on WeLiveSecurity. Privacy

98

The Ghost of Internet Explorer Will Haunt the Web for Years

WIRED Threat Level

Microsoft's legacy browser may be dead—but its remnants are not going anywhere, and neither are its lingering security risks. Security Security / Cyberattacks and Hacks

Credential Sharing as a Service: The Hidden Risk of Low-Code/No-Code

Dark Reading

Low-code/no-code platforms allow users to embed their existing user identities within an application, increasing the risk of credentials leakage

Risk 97

How to Avoid the Pain and Cost of PCI Compliance While Optimizing Payments

Speaker: P. Andrew Sjogren, Sr. Product Marketing Manager at Very Good Security, Matt Doka, Co-Founder and CTO of Fivestars, and Steve Andrews, President & CEO of the Western Bankers Association 

In this webinar, we have a great set of panelists who will take you through how Zero Data strategies can be used as part of a well-rounded compliance and security approach, and get you to market much sooner by also allowing for payment optimization. They’ll share how to grow your business faster and minimize costs for both security and compliance

BlackCat Ransomware That Breached Over 60 Organizations

Security Boulevard

The BlackCat ransomware that caused headaches for over 60 organizations worldwide is now decryptable, thanks to the effort of security researchers. Yes, you read that correctly. The ransomware, first spotted in the wild in October 2019, can now be decrypted […].

Do You Have Ransomware Insurance? Look at the Fine Print

The Hacker News

Insurance exists to protect the insured party against catastrophe, but the insurer needs protection so that its policies are not abused – and that's where the fine print comes in.

Google expert detailed a 5-Year-Old flaw in Apple Safari exploited in the wild

Security Affairs

Google Project Zero experts disclosed details of a 5-Year-Old Apple Safari flaw actively exploited in the wild. Researchers from the Google Project Zero team have disclosed details of a vulnerability in Apple Safari that was actively exploited in the wild.

Cyber Attack news headlines trending on Google

CyberSecurity Insiders

1) Indian Computer Emergency Response Team (CERT-In) has given an update that all those who are using Adobe products and services should be cautious, as hackers can easily hack their systems by exploiting multiple vulnerabilities in the software.

Back to the Office: Privacy and Security Solutions to Compliance Issues for 2021 and Beyond

Speaker: Mike Cramer, Director of HIPAA & Data Security at The Word & Brown Companies

Now that companies are slowly allowing employees to return to work at the office, it's time to re-evaluate your company’s posture towards privacy and security. Join Mike Cramer, Director of HIPAA & Data Security at The Word & Brown Companies, for a discussion that will focus on compliance and the types of privacy and security measures your company should be aware of, as well as tips and methods for implementing these measures.

DDoS Attacks Delay Putin Speech at Russian Economic Forum

Dark Reading

A Kremlin spokesman said that the St. Petersburg International Economic Forum accreditation and admissions systems were shut down by a DDoS attack

DDOS 89

RSAC insights: How IABs — initial access brokers — help sustain, accelerate the ransomware plague

Security Boulevard

Specialization continues to advance apace in the cybercriminal ecosystem. Related: How cybercriminals leverage digital transformation. Initial access brokers, or IABs , are the latest specialists on the scene.

Capital One Attacker Exploited Misconfigured AWS Databases

Dark Reading

After bragging in underground forums, the woman who stole 100 million credit applications from Capital One has been found guilty

89

BRATA Android Malware evolves and targets the UK, Spain, and Italy

Security Affairs

The developers behind the BRATA Android malware have implemented additional features to avoid detection. The operators behind the BRATA Android malware have implemented more features to make their attacks stealthy.

Q1 2022 Phishing Threat Trends and Intelligence Report

Security Boulevard

In 2022, phishing attacks have not only increased substantially, but they have also taken a new turn of events. According to the Agari and PhishLabs Quarterly Threat Trends & Intelligence report, phishing attacks are gradually being delivered through a wide range of online platforms.

Cisco will not address critical RCE in end-of-life Small Business RV routers

Security Affairs

Cisco announced that it will not release updates to fix the CVE-2022-20825 flaw in end-of-life Small Business RV routers. Cisco will not release updates to address the CVE-2022-20825 RCE flaw in end-of-life Small Business RV routers and encourage upgrading to newer models.

A Qubit of Solace: How QKD Systems Defend Against Future Cyberattacks

Security Boulevard

Every industry is on high alert when it comes to cyberattacks, and rightly so. A cyberattack can halt business, add unexpected costs to mitigate, damage a company’s reputation and more.

Recent Windows Server updates break VPN, RDP, RRAS connections

Bleeping Computer

This month's Windows Server updates are causing a wide range of issues for administrators, including VPN and RDP connectivity problems on servers with Routing and Remote Access Service (RRAS) enabled. [.]. Microsoft

VPN 109

Why Paper Receipts are Money at the Drive-Thru

Security Boulevard

Check out the handmade sign posted to the front door of a shuttered Jimmy John's sandwich chain shop in Missouri last week. See if you can tell from the store owner's message what happened. The post Why Paper Receipts are Money at the Drive-Thru appeared first on Security Boulevard.

82

Google Researchers Detail 5-Year-Old Apple Safari Vulnerability Exploited in the Wild

The Hacker News

A security flaw in Apple Safari that was exploited in the wild earlier this year was originally fixed in 2013 and reintroduced in December 2016, according to a new report from Google Project Zero.

76

Episode 239: Power shifts from Russia to China in the Cyber Underground

The Security Ledger

Naomi Yusupov, a Chinese Intelligence Analyst at the threat intelligence firm CyberSixGill talks to host Paul Roberts about that company’s new report: The Bear and the Dragon: Analyzing the Russian and Chinese Cybercriminal Communities.

Security Affairs newsletter Round 370 by Pierluigi Paganini

Security Affairs

A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs for free in your email box. If you want to also receive for free the newsletter with the international press subscribe here.

Flagstar Bank discloses data breach impacting 1.5 million customers

Bleeping Computer

Flagstar Bank is notifying 1.5 million customers of a data breach where hackers accessed personal data during a December cyberattack. [.]. Security

How to get Fortune 500 cybersecurity without the hefty price tag

Graham Cluley

Graham Cluley Security News is sponsored this week by the folks at SolCyber. Thanks to the great team there for their support! If the bad guys aren’t discriminating who they are attacking, how can your business settle for anything less than Fortune 500 level security?

Microsoft 365 credentials targeted in new fake voicemail campaign

Bleeping Computer

A new phishing campaign has been targeting U.S. organizations in the military, security software, manufacturing supply chain, healthcare and pharmaceutical sectors to steal Microsoft Office 365 and Outlook credentials. [.]. Security