Troy Hunt
DECEMBER 30, 2021
2021 Dumpster fire? Harsh, but fair and I shall keep this 3D-printed reminder handy and hope I don't end up needing to print a 2022 version! So many times throughout this week's video I came back to that theme. But hey, there was some positive stuff too, not least the bits about some of the wonderful organisations I've worked with this year, bought products from or otherwise just been a big part of my digital life in 2021.
Tech Republic Security
DECEMBER 30, 2021
If you're looking for a VPN server to host in-house, look no further than the AlmaLinux/Pritunl combination. See how easy it is to get this service up and running.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Bleeping Computer
DECEMBER 30, 2021
Korean researchers have developed a set of attacks against some solid-state drives (SSDs) that could allow planting malware in a location that's beyond the reach of the user and security solutions. [.].
We Live Security
DECEMBER 30, 2021
As we usher in the New Year, let’s take a look at some statistics that will help you stay up-to-date on recent cybersecurity trends. The post 22 cybersecurity statistics to know for 2022 appeared first on WeLiveSecurity.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Bleeping Computer
DECEMBER 30, 2021
The Have I Been Pwned data breach notification service now lets you check if your email and password are one of 441,000 accounts stolen in an information-stealing campaign using RedLine malware. [.].
The Hacker News
DECEMBER 30, 2021
A never-before-seen China-based targeted intrusion adversary dubbed Aquatic Panda has been observed leveraging critical flaws in the Apache Log4j logging library as an access vector to perform various post-exploitation operations, including reconnaissance and credential harvesting on targeted systems.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Security Boulevard
DECEMBER 30, 2021
The application security and the open source software communities rose to the challenge of the Java Log4j vulnerability, patching software, sharing information and providing mitigations and tools. We aren’t out of the woods yet, but their actions so far have been inspiring. What Happened? The new Log4j vulnerability, dubbed Log4Shell, has put the world on.
The Last Watchdog
DECEMBER 30, 2021
Workforce management software ( WFM ) is an essential tool companies across industries can use to organize their workforce, track employee work and performance, forecast labor demand, and create schedules for employees. Related: Turning workers into security security sensors. Most, if not all, WFM software is chock full of features that makes managing a workforce more efficient and effortless for top management.
Security Affairs
DECEMBER 30, 2021
A previously unknown rootkit, dubbed iLOBleed, was used in attacks aimed at HP Enterprise servers that wiped data off the infected systems. iLOBleed, is a previously undetected rootkit that was spotted targeting the HP Enterprise’s Integrated Lights-Out ( iLO ) server management technology to tamper with the firmware modules and wipe data off the infected systems.
The Hacker News
DECEMBER 30, 2021
A previously unknown rootkit has been found setting its sights on Hewlett-Packard Enterprise's Integrated Lights-Out (iLO) server management technology to carry out in-the-wild attacks that tamper with the firmware modules and completely wipe data off the infected systems.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Bleeping Computer
DECEMBER 30, 2021
The Kyoto University in Japan has lost about 77TB of research data due to an error in the backup system of its Hewlett-Packard supercomputer. [.].
CyberSecurity Insiders
DECEMBER 30, 2021
Cybersecurity Insiders has learnt that Clop ransomware gang operating from Russia accessed the servers of the City of Toronto to grab metadata of over 35k citizens. Their plan could be to later dump the data on the dark web and make money. However, for some reason or because of a strict online vigil from Ukraine’s law enforcement agency, they did not post the details or dropped the plan to do for reasons best known to them.
Javvad Malik
DECEMBER 30, 2021
It’s been another weird year for many. Most of the world had vaccines, came out of lockdown, only to be hit by another variant, and ending up in a weird limbo lockdown all over again. As someone who has predominantly worked from home for the last 8 years, I have welcomed the last couple of years. I no longer get the, “oh, so you’re working huh” nudge nudge wink wink from people.
Security Affairs
DECEMBER 30, 2021
Researchers found several vulnerabilities in third-party encryption software that is used by multiple storage devices from major vendors. Researcher Sylvain Pelissier has discovered that the DataVault encryption software made by ENC Security and used by multiple vendors is affected by a couple of key derivation function issues. An attacker can exploit the flaws to obtain user passwords.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
CSO Magazine
DECEMBER 30, 2021
What is IPsec? IPsec is a suite of protocols that are used to secure internet communications—in fact, the name itself is an abbreviation for Internet Protocol Security. IPsec was first codified in the '90s, spurred on by the dawning realization that internet traffic needed to be protected: the early internet mostly connected secured government and university buildings, and the internet protocol (IP) that defined how communications online worked sent information whizzing around unsecured and un
CyberSecurity Insiders
DECEMBER 30, 2021
If you follow a custom of saving passwords in your browser, you better change it, before it’s too late. Because security researchers from a South Korean cybersecurity firm, AhnLab discovered that a new malware named Redline was seen lurking in the browsers and stealing saved passwords only to be transmitted to remote servers. According to sources, RedLine Stealer was first discovered in May this year when most of the office work was going online.
Security Boulevard
DECEMBER 30, 2021
Healthcare is a highly sensitive and heavily regulated industry. Recently, the healthcare and life science industry is being overwhelmed by […]. The post Worst Healthcare Data Breaches of 2021 appeared first on Sonrai Security. The post Worst Healthcare Data Breaches of 2021 appeared first on Security Boulevard.
Bleeping Computer
DECEMBER 30, 2021
The Twitter account previously associated with the ANOM chat app is posting frivolous tweets this week. ANOM was a fake encrypted messaging platform created as part of a global sting operation led by the U.S. FBI, Australian Federal Police (AFP), and other law enforcement agencies to catch criminals. [.].
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Security Affairs
DECEMBER 30, 2021
The AvosLocker ransomware operators released a free decryptor after they accidentally encrypted the system of US Government entity. The AvosLocker ransomware operation provided a free decryptor after they encrypted the systems of a US government agency. AvosLocker RaaS operators trying to avoid heat after hitting a US government entity by providing them the decryptor for free. pic.twitter.com/zFg7Idj9Zs — ???????
Tech Republic Security
DECEMBER 30, 2021
Even if you have no tech experience, you can develop valuable skills with the online training offered by The Super-Sized Ethical Hacking Bundle.
Security Boulevard
DECEMBER 30, 2021
d in the media and even by people outside of the technology bubble. It has graduated into a more common vernacular. It's common enough that many don't really know what “the cloud” is really. It’s these moments of realisation that a technology and its terminology have gone mainstream that have been the genesis of these blogs and podcast episodes in the past.
Naked Security
DECEMBER 30, 2021
We deconstructed a copyright phish so you don't have to. Be warned: the crooks are getting better at these scams.
Advertisement
The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.
Threatpost
DECEMBER 30, 2021
Expect many more zero-day exploits in 2022, and cyberattacks using them being launched at a significantly higher rate, warns Aamir Lakhani, researcher at FortiGuard Labs.
Security Boulevard
DECEMBER 30, 2021
Picus Labs has updated the Picus Threat Library with new attack methods for Krachulka, Lokorrito, Zumanek Trojans that are targeting banks in Brazil, Mexico, and Spain. In this blog, techniques used by these malware families will be explored. Banking trojans have a significant role in the cybercrime scene in Latin America. According to Eset , 11 different malware families that target banks in Spanish and Portuguese-speaking countries share TTPs, indicating that threat actors are cooperating on s
Heimadal Security
DECEMBER 30, 2021
A cyberattack has recently impacted ONUS, one of the biggest Vietnamese crypto trading platforms. Hackers targeted the company’s payment system where a vulnerable version of Log4j was running. After the cyberattack happened, extortion followed, as hackers reportedly started to blackmail the firm to pay a ransom amounting to $5 million, otherwise, customer data would become […].
Security Boulevard
DECEMBER 30, 2021
A few years ago, Gartner made a prediction that by 2022, API attacks would become the most-frequent attack vector, causing data breaches for enterprise business applications. As we approach that timeframe, it turns out that this is one prediction that ended up to be true. Enterprises are more dependent on APIs than ever before and even though many enterprises are now focusing on API security, there are still significant API security gaps.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Malwarebytes
DECEMBER 30, 2021
IP sniffers, also known as packet sniffers, network analyzers, or protocol analyzers, are tools which play an essential role in the monitoring of networks, and in troubleshooting network-related issues. In essence, IP sniffing is monitoring traffic over a TCP/IP network. IP sniffers intercept the traffic flowing in a digital network and log the data, which is then presented in a human-readable form for analysis.
Security Boulevard
DECEMBER 30, 2021
Today, everyone is talking about CVE-2021-44228, and with good reason. But before that, here were five of the issues that dominated virtual “water cooler talk” in 2021: 5. Data security in the cloud Champion heavyweight boxer Mike Tyson said, “Everyone has a plan until they get punched in the face.” For many security practitioners, their […]. The post 2021 in Review, Part 3: 5 Things Security Professionals Were Discussing this Year appeared first on Blog.
Dark Reading
DECEMBER 30, 2021
Security leaders need to examine their business model, document risks, and develop a strategic plan to address those risks.
Threatpost
DECEMBER 30, 2021
Researchers from CrowdStrike disrupted an attempt by the threat group to steal industrial intelligence and military secrets from an academic institution.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Expert insights. Personalized for you.
231 
Let's personalize your content