Sat.May 14, 2022

article thumbnail

Weekly Update 295

Troy Hunt

A short one this week as the previous 7 days disappeared with AusCERT and other commitments. Geez it was nice to not only be back at an event, but out there socialising and attending all the related things that tend to go along with it. I'll leave you with this tweet which was a bit of a highlight for me, having Ari alongside me at the event and watching his enthusiasm being part of the industry I love 😊 At #AusCERT with Ari for “take your son to work” day 🙂 I&

Passwords 214
article thumbnail

Upcoming Speaking Engagements

Schneier on Security

This is a current list of where and when I am scheduled to speak: I’m speaking on “Securing a World of Physically Capable Computers” at OWASP Belgium’s chapter meeting in Antwerp, Belgium, on May 17, 2022. I’m speaking at Future Summits in Antwerp, Belgium, on May 18, 2022. I’m speaking at IT-S Now 2022 in Vienna, Austria, on June 2, 2022. I’m speaking at the 14th International Conference on Cyber Conflict, CyCon 2022, in Tallinn, Estonia, on June 3, 2022.

194
194
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Angry IT admin wipes employer’s databases, gets 7 years in prison

Bleeping Computer

Han Bing, a former database administrator for Lianjia, a Chinese real-estate brokerage giant, has been sentenced to 7 years in prison for logging into corporate systems and deleting the company's data. [.].

145
145
article thumbnail

Ransomware is Indiscriminatory – Prepare for Everything to Fail

Security Boulevard

Ransomware attacks continue to grow in frequency. In the past 12 months, 76% of organizations have been affected by ransomware attacks, constituting a 15% YoY rise according to Veeam’s Data Protection Trends Report 2022. As well as being more common, ransomware is also getting more potent. When businesses are struck by ransomware, they are unable [.].

article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

The LEGION collective calls to action to attack the final of the Eurovision song contest

Security Affairs

The Pro-Russian volunteer movement known as LEGION is calling to launch DDoS attacks against the final of the Eurovision song contest. The LEGION is a Pro-Russian volunteer movement that focuses on DDOS attacks. The group made the headlines for attacks against Western organizations and governments, including NATO countries and Ukraine. This week the Pro-Russian hacker group Killnet and Legion targeted the websites of several Italian institutions , including the senate and the National Institute

DDOS 115
article thumbnail

This Week in Malware—Malicious Rust crate, ‘colors’ typosquats

Security Boulevard

This Week in Malware digest was delayed by a day in light of a significant announcement on Friday from Sonatype's CTO Brian Fox. The announcement details Sonatype's participation in an ongoing conversation led by the Open Source Security Foundation (OpenSSF) that unites the industry, open source communities, and government officials in solving the big OSS security problem.

Malware 122

More Trending

article thumbnail

How to Turn a Coke Can Into an Eavesdropping Device

Dark Reading

Cyber-researchers are testing the bounds of optical attacks with a technique that allows attackers to recover voice audio from meetings if there are shiny, lightweight objects nearby.

143
143
article thumbnail

Pro-Russian hacktivists target Italy government websites

Security Affairs

Pro-Russian hacker group Killnet targeted the websites of several Italian institutions, including the senate and the National Institute of Health. A group of Pro-Russian hackers known as “ Killnet ” launched an attack against multiple websites of several Italian institutions, including the senate, the National Institute of Health, and the Automobile Club d’Italia (ACI), the national drivers’ association.

article thumbnail

Get Lifetime Access to 2022 Cybersecurity Certification Prep Courses @ 95% Off

The Hacker News

Ever thought about working full-time in cybersecurity? With millions of unfilled jobs around, now is a great time to get into the industry. Of course, there are many different roles in this field. But all of them require the same handful of professional certifications.

article thumbnail

OWASP® Global AppSec US 2021 Virtual – Ronen Slavin’s ‘Analyzing Google’s SLSA Framework For Securing Software Supply Chains’

Security Boulevard

Our thanks to both the OWASP® Foundation and the OWASP Global AppSec US 2021 Virtual Conference Presenters for publishing their well-crafted application security videos on the organization’s’ YouTube channel. Permalink. The post OWASP® Global AppSec US 2021 Virtual – Ronen Slavin’s ‘Analyzing Google’s SLSA Framework For Securing Software Supply Chains’ appeared first on Security Boulevard.

article thumbnail

Beware of Pixels & Trackers on U.S. Healthcare Websites

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

article thumbnail

Microsoft fixes new PetitPotam Windows NTLM Relay attack vector

Bleeping Computer

A recent security update for a Windows NTLM Relay Attack has been confirmed to be a previously unfixed vector for the PetitPotam attack. [.].

100
100
article thumbnail

How To Start An Insurance Business In 2022

SecureBlitz

Learn how to start an insurance business in 2022 in this post. If you are looking for a recession-proof business, entering the insurance industry is the right choice. Insurance is an essential part of life for the majority of Americans. They need insurance for their businesses, have sufficient finances to look after their family’s unforeseen. The post How To Start An Insurance Business In 2022 appeared first on SecureBlitz Cybersecurity.

article thumbnail

The NSA Swears It Has ‘No Backdoors’ in Next-Gen Encryption

WIRED Threat Level

Plus: New details of ICE’s dragnet surveillance in the US, Clearview AI agrees to limit sales of its faceprint database, and more.

article thumbnail

Crypto robber who lured victims via Snapchat and stole £34,000 jailed

Bleeping Computer

Online crypto scams and ponzi schemes leveraging social media platforms are hardly anything new. But, this gruesome case of a London-based crypto robber transcends the virtual realm and tells a shocking tale of real-life victims from whom the perpetrator successfully stole £34,000. [.].

Scams 63
article thumbnail

Software Composition Analysis: The New Armor for Your Cybersecurity

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

article thumbnail

XKCD ‘Crêpe’

Security Boulevard

via the comic artistry and dry wit of Randall Munroe , resident at XKCD ! Permalink. The post XKCD ‘Crêpe’ appeared first on Security Boulevard.

72
article thumbnail

OpRussia update: Anonymous breached other organizations

Security Affairs

Another week has passed and Anonymous has hacked other Russian companies and leaked their data via DDoSecrets. The #OpRussia launched by Anonymous on Russia after the criminal invasion of Ukraine continues, the collective claims to have hacked multiple organizations and government entities. The hacktivists leaked the stolen data via DDoSecrets. Below is the list of organizations breached this week by Anonymous: SOCAR Energoresource operates the Antipinsky Refinery and several oilfields.

article thumbnail

Security BSides Sofia 2022 – Bozhidar Bozhanov, Minister Of e-Government, Republic Of Bulgaria ‘ Keynote’

Security Boulevard

Our thanks to Security BSides Sofia for publishing their Presenter’s Security BSides Sofia 2022 superb security videos on the organization’s’ YouTube channel. Permalink. The post Security BSides Sofia 2022 – Bozhidar Bozhanov, Minister Of e-Government, Republic Of Bulgaria ‘ Keynote’ appeared first on Security Boulevard.

article thumbnail

What actually drives information security?

Notice Bored

The 'obvious' driver for information security is information risk: valuable yet vulnerable information must be secured/protected against anything that might compromise its confidentiality, integrity or availability, right? Given an infinite array of possible risks and finite resources to address them, information risk analysis and management techniques help us scan the risk landscape for things that stand out - the peaks - and so we play whack-a-mole, attempting to level the field through mitiga

article thumbnail

From Complexity to Clarity: Strategies for Effective Compliance and Security Measures

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

article thumbnail

LDAPSearch Reference

Security Boulevard

ldapsearch is a extremely powerful tool, especially for Windows Active Directory enumeration. It’s one of my primary tools when performing pentesting or red teaming against an environment with Active Directory, but also comes in quiet handy to know as many times it can come default installed or part of a base image, so its a bit Living-Off-The-Land-esq.