Schneier on Security
MAY 23, 2022
The New South Wales digital driver’s license has multiple implementation flaws that allow for easy forgeries. This file is encrypted using AES-256-CBC encryption combined with Base64 encoding. A 4-digit application PIN (which gets set during the initial onboarding when a user first instals the application) is the encryption password used to protect or encrypt the licence data.
The Last Watchdog
MAY 23, 2022
Modern digital systems simply could not exist without trusted operations, processes and connections. They require integrity, authentication, trusted identity and encryption. Related: Leveraging PKI to advance electronic signatures. It used to be that trusting the connection between a workstation and a mainframe computer was the main concern. Then the Internet took off and trusting the connection between a user’s device and a web server became of paramount importance.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Tech Republic Security
MAY 23, 2022
The study from NexusGuard also found that average attack size decreased, while maximum attack size increased threefold. The post DDoS attacks decreased in 2021, still above pre-pandemic levels appeared first on TechRepublic.
Security Affairs
MAY 23, 2022
Google’s Threat Analysis Group (TAG) uncovered campaigns targeting Android users with five zero-day vulnerabilities. Google’s Threat Analysis Group (TAG) researchers discovered three campaigns, between August and October 2021, targeting Android users with five zero-day vulnerabilities. More TAG research from @_clem1 & @0xbadcafe1 Campaigns targeting Android users with five 0-day vulnerabilities.
Speaker: Erroll Amacker
Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.
Tech Republic Security
MAY 23, 2022
Cybercriminals are finding new ways to trick users into providing their credit card data. A new technique makes use of a fake chatbot to build trust with victims. Learn more about this threat and how to protect yourself from it. The post New phishing technique lures users with fake chatbot appeared first on TechRepublic.
Malwarebytes
MAY 23, 2022
Multiple NVIDIA graphic card models have been found to have flaws in their GPU drivers, with six medium-and four high-severity ratings. Last Monday, the company released a software security update for NVIDIA GPU Display Driver to address the vulnerabilities. If exploited, they could lead to denial of service, code execution, privilege escalation, and data tampering.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
|
We Live Security
MAY 23, 2022
As NFTs exploded in popularity, scammers also jumped on the hype. Watch out for counterfeit NFTs, rug pulls, pump-and-dumps and other common scams plaguing the industry. The post Common NFT scams and how to avoid them appeared first on WeLiveSecurity.
Bleeping Computer
MAY 23, 2022
A threat actor targeted security researchers with fake Windows proof-of-concept exploits that infected devices with the Cobalt Strike backdoor. [.].
Security Affairs
MAY 23, 2022
Russia-linked APT group Turla was observed targeting the Austrian Economic Chamber, a NATO eLearning platform, and the Baltic Defense College. Researchers from SEKOIA.IO Threat & Detection Research (TDR) team have uncovered a reconnaissance and espionage campaign conducted by Russia-linked Turla APT aimed at the Baltic Defense College, the Austrian Economic Chamber (involved in government decision-making such as economic sanctions) and NATO’s eLearning platform JDAL (Joint Advanced Distribut
Threatpost
MAY 23, 2022
Microsoft Word also leveraged in the email campaign, which uses a 22-year-old Office RCE bug.
Advertisement
Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.
Bleeping Computer
MAY 23, 2022
In a new reconnaissance campaign, the Russian state-sponsored hacking group Turla was observed targeting the Austrian Economic Chamber, a NATO platform, and the Baltic Defense College. [.].
The Hacker News
MAY 23, 2022
Containers revolutionized the development process, acting as a cornerstone for DevOps initiatives, but containers bring complex security risks that are not always obvious. Organizations that don’t mitigate these risks are vulnerable to attack.
Security Affairs
MAY 23, 2022
Researchers warn that the Fronton botnet was used by Russia-linked threat actors for coordinated disinformation campaigns. Fronton is a distributed denial-of-service (DDoS) botnet that was used by Russia-linked threat actors for coordinated disinformation campaigns. In March 2020, the collective of hacktivists called “ Digital Revolution ” claimed to have hacked a subcontractor to the Russian FSB.
Heimadal Security
MAY 23, 2022
The spoofed BitVex crypto trading platform claims to be managed by Tesla CEO Elon Musk, who founded it to provide 30% returns on bitcoin deposits. What Happened? This phishing attempt started earlier this month with threat actors establishing new YouTube accounts or hacking into ones that already existed in order to broadcast deep fake films […].
Advertisement
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
Security Affairs
MAY 23, 2022
A security researcher announced the discovery of an unpatched flaw in PayPal that could allow attackers to steal money from users. TheHackerNews first reported that a security researcher (that goes online with the moniker h4x0r_dz) has discovered an unpatched flaw in PayPal that could allow attackers to trick users into completing transactions controlled by the attackers with a single click.
Security Boulevard
MAY 23, 2022
The concept of cloud computing has offered endless possibilities to businesses since enterprises can avoid several upfront costs and can quickly rent access to any application or storage from a cloud provider. This post uncovers the role of cloud computing in shaping the future of a digitally-advanced modern world. The post What is Cloud Computing? appeared first on Security Boulevard.
Malwarebytes
MAY 23, 2022
Last week on Malwarebytes Labs: Fake reCAPTCHA forms dupe users via compromised WordPress sites How COVID-19 fuelled a surge in malware Why MRG-Effitas matters to SMBs “Look what I found here” phish targets Facebook users AirTag stalking: What is it, and how can I avoid it? Long lost @ symbol gets new life obscuring malicious URLs Gmail-linked Facebook accounts vulnerable to attack using a chain of bugs—now fixed Update now!
Dark Reading
MAY 23, 2022
Analysts have seen a massive spike in malicious activity by the XorDdos trojan in the last six months, against Linux cloud and IoT infrastructures.
Speaker: Sierre Lindgren
Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.
Bleeping Computer
MAY 23, 2022
Security researchers have revealed that hackers can hijack your online accounts before you even register them by exploiting flaws that have been already been fixed on popular websites, including Instagram, LinkedIn, Zoom, WordPress, and Dropbox. [.].
Thales Cloud Protection & Licensing
MAY 23, 2022
Access Management is Essential for Strengthening OT Security. madhav. Tue, 05/24/2022 - 06:11. We have reached the point where highly connected cyber-physical systems are the norm, and the lines between information technology (IT) and operational technology (OT) are blurred. These systems are connected to and managed from the cloud to fine-tune performance, provide data analytics, and ensure the integrity of critical infrastructure across all sectors.
Naked Security
MAY 23, 2022
The fine has finally gone through. but it's less than 45% of what was originally proposed.
CSO Magazine
MAY 23, 2022
The U.S. Department of Justice (DOJ) has revised its policy regarding charging violations of the Computer Fraud and Abuse Act (CFAA), stating that good faith security research does not warrant federal criminal action. Effective immediately, all federal prosecutors who wish to charge cases under CFAA are required to follow the new policy and consult with Criminal Division’s Computer Crime and Intellectual Property Section (CCIPS) before bringing any charges, the DOJ said.
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
CyberSecurity Insiders
MAY 23, 2022
A ransomware attack has led to the leak of personal information of students and staff at the Chicago Public Schools(CPS) and information is out that the incident which took place in December last year was revealed to the public on April 25th this year. Investigations later launched revealed that hackers accessed data stored from the past 4 years and in the incident and that included information such as names, schools, DoBs, CPS Identification Numbers, and state student identification numbers alo
Security Boulevard
MAY 23, 2022
The ongoing crisis in Ukraine has been headline news for the past few months. From a cybersecurity point of view, it is painfully clear that current conditions favor cybercriminals; legitimate organizations are at a serious disadvantage. It is common knowledge that Russia accommodates numerous cyberthreat groups, any of which is more than capable of taking.
Dark Reading
MAY 23, 2022
A culture of trust, combined with tools designed around employee experience, can work in tandem to help organizations become more resilient and secure.
CSO Magazine
MAY 23, 2022
It is often said that identity is the new perimeter in the world of cloud-native ecosystems and zero trust. Identity is inarguably at the center of everything we do in modern systems and it is key to facilitating zero trust architectures and proper access control. That said, running identity and access management (IAM) at scale can be a daunting task, which is why more organizations are adopting identity-as-a-service (IDaaS) solutions.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Trend Micro
MAY 23, 2022
While researching cloud-native tools, our Shodan scan revealed over 200,000 publicly exposed Kubernetes clusters and kubelet ports that can be abused by criminals.
Security Boulevard
MAY 23, 2022
If I were to ask you to imagine someone hacking a car, what’s the first thing that comes to mind? Let me guess: You’re picturing someone wearing a black hoodie and a Guy Fawkes mask. They’re sitting in front of a state-of-the-art computer rig in an otherwise unkempt basement, a 1990s-era techno soundtrack bumping with. The post Cars in the Crosshairs: Automakers, Regulators Take on Cybersecurity appeared first on Security Boulevard.
WIRED Threat Level
MAY 23, 2022
The world-leading data law changed how companies work. But four years on, there’s a lag on cleaning up Big Tech.
Dark Reading
MAY 23, 2022
NIST may be on the brink of revealing which post-quantum computing encryption algorithms it is endorsing, solidifying commercial developments like QuProtect.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Expert insights. Personalized for you.
321 
Let's personalize your content