Schneier on Security
MAY 23, 2022
The New South Wales digital driver’s license has multiple implementation flaws that allow for easy forgeries. This file is encrypted using AES-256-CBC encryption combined with Base64 encoding. A 4-digit application PIN (which gets set during the initial onboarding when a user first instals the application) is the encryption password used to protect or encrypt the licence data.
The Last Watchdog
MAY 23, 2022
Modern digital systems simply could not exist without trusted operations, processes and connections. They require integrity, authentication, trusted identity and encryption. Related: Leveraging PKI to advance electronic signatures. It used to be that trusting the connection between a workstation and a mainframe computer was the main concern. Then the Internet took off and trusting the connection between a user’s device and a web server became of paramount importance.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Tech Republic Security
MAY 23, 2022
The study from NexusGuard also found that average attack size decreased, while maximum attack size increased threefold. The post DDoS attacks decreased in 2021, still above pre-pandemic levels appeared first on TechRepublic.
Malwarebytes
MAY 23, 2022
Multiple NVIDIA graphic card models have been found to have flaws in their GPU drivers, with six medium-and four high-severity ratings. Last Monday, the company released a software security update for NVIDIA GPU Display Driver to address the vulnerabilities. If exploited, they could lead to denial of service, code execution, privilege escalation, and data tampering.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Tech Republic Security
MAY 23, 2022
Cybercriminals are finding new ways to trick users into providing their credit card data. A new technique makes use of a fake chatbot to build trust with victims. Learn more about this threat and how to protect yourself from it. The post New phishing technique lures users with fake chatbot appeared first on TechRepublic.
We Live Security
MAY 23, 2022
As NFTs exploded in popularity, scammers also jumped on the hype. Watch out for counterfeit NFTs, rug pulls, pump-and-dumps and other common scams plaguing the industry. The post Common NFT scams and how to avoid them appeared first on WeLiveSecurity.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Bleeping Computer
MAY 23, 2022
In a new reconnaissance campaign, the Russian state-sponsored hacking group Turla was observed targeting the Austrian Economic Chamber, a NATO platform, and the Baltic Defense College. [.].
Thales Cloud Protection & Licensing
MAY 23, 2022
Access Management is Essential for Strengthening OT Security. madhav. Tue, 05/24/2022 - 06:11. We have reached the point where highly connected cyber-physical systems are the norm, and the lines between information technology (IT) and operational technology (OT) are blurred. These systems are connected to and managed from the cloud to fine-tune performance, provide data analytics, and ensure the integrity of critical infrastructure across all sectors.
Bleeping Computer
MAY 23, 2022
A threat actor targeted security researchers with fake Windows proof-of-concept exploits that infected devices with the Cobalt Strike backdoor. [.].
Security Boulevard
MAY 23, 2022
The concept of cloud computing has offered endless possibilities to businesses since enterprises can avoid several upfront costs and can quickly rent access to any application or storage from a cloud provider. This post uncovers the role of cloud computing in shaping the future of a digitally-advanced modern world. The post What is Cloud Computing? appeared first on Security Boulevard.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Bleeping Computer
MAY 23, 2022
Security researchers have revealed that hackers can hijack your online accounts before you even register them by exploiting flaws that have been already been fixed on popular websites, including Instagram, LinkedIn, Zoom, WordPress, and Dropbox. [.].
CSO Magazine
MAY 23, 2022
The U.S. Department of Justice (DOJ) has revised its policy regarding charging violations of the Computer Fraud and Abuse Act (CFAA), stating that good faith security research does not warrant federal criminal action. Effective immediately, all federal prosecutors who wish to charge cases under CFAA are required to follow the new policy and consult with Criminal Division’s Computer Crime and Intellectual Property Section (CCIPS) before bringing any charges, the DOJ said.
CyberSecurity Insiders
MAY 23, 2022
A ransomware attack has led to the leak of personal information of students and staff at the Chicago Public Schools(CPS) and information is out that the incident which took place in December last year was revealed to the public on April 25th this year. Investigations later launched revealed that hackers accessed data stored from the past 4 years and in the incident and that included information such as names, schools, DoBs, CPS Identification Numbers, and state student identification numbers alo
Bleeping Computer
MAY 23, 2022
Yet another data-extortion cybercrime operation has appeared on the darknet named 'RansomHouse' where threat actors publish evidence of stolen files and leak data of organizations that refuse to make a ransom payment. [.].
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
The Hacker News
MAY 23, 2022
Containers revolutionized the development process, acting as a cornerstone for DevOps initiatives, but containers bring complex security risks that are not always obvious. Organizations that don’t mitigate these risks are vulnerable to attack.
CSO Magazine
MAY 23, 2022
It is often said that identity is the new perimeter in the world of cloud-native ecosystems and zero trust. Identity is inarguably at the center of everything we do in modern systems and it is key to facilitating zero trust architectures and proper access control. That said, running identity and access management (IAM) at scale can be a daunting task, which is why more organizations are adopting identity-as-a-service (IDaaS) solutions.
Security Boulevard
MAY 23, 2022
The ongoing crisis in Ukraine has been headline news for the past few months. From a cybersecurity point of view, it is painfully clear that current conditions favor cybercriminals; legitimate organizations are at a serious disadvantage. It is common knowledge that Russia accommodates numerous cyberthreat groups, any of which is more than capable of taking.
Security Affairs
MAY 23, 2022
Russia-linked APT group Turla was observed targeting the Austrian Economic Chamber, a NATO eLearning platform, and the Baltic Defense College. Researchers from SEKOIA.IO Threat & Detection Research (TDR) team have uncovered a reconnaissance and espionage campaign conducted by Russia-linked Turla APT aimed at the Baltic Defense College, the Austrian Economic Chamber (involved in government decision-making such as economic sanctions) and NATO’s eLearning platform JDAL (Joint Advanced Distribut
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
CSO Magazine
MAY 23, 2022
The U.S. Supreme Court will almost certainly stick to its leaked draft decision to overturn the landmark Roe v. Wade decision that legalized abortion 50 years ago. According to some tallies , abortion may be banned or tightly restricted in as many as 28 states in the weeks after the Court formally hands down its decision next month. As the American Civil Liberties Union (ACLU) has noted , "The lack of strong digital privacy protections has profound implications in the face of expanded criminaliz
Dark Reading
MAY 23, 2022
Analysts have seen a massive spike in malicious activity by the XorDdos trojan in the last six months, against Linux cloud and IoT infrastructures.
Security Boulevard
MAY 23, 2022
If I were to ask you to imagine someone hacking a car, what’s the first thing that comes to mind? Let me guess: You’re picturing someone wearing a black hoodie and a Guy Fawkes mask. They’re sitting in front of a state-of-the-art computer rig in an otherwise unkempt basement, a 1990s-era techno soundtrack bumping with. The post Cars in the Crosshairs: Automakers, Regulators Take on Cybersecurity appeared first on Security Boulevard.
Security Affairs
MAY 23, 2022
Researchers warn that the Fronton botnet was used by Russia-linked threat actors for coordinated disinformation campaigns. Fronton is a distributed denial-of-service (DDoS) botnet that was used by Russia-linked threat actors for coordinated disinformation campaigns. In March 2020, the collective of hacktivists called “ Digital Revolution ” claimed to have hacked a subcontractor to the Russian FSB.
Advertisement
The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.
CyberSecurity Insiders
MAY 23, 2022
In 2021, the Fortune Global 500 reported an all-time high of 23 women CEOs. However, the cybersecurity startup space is far behind meeting a similar ratio. A new report by risk-based vulnerability management platform NopSec found that of 654 cybersecurity startups that received more than $1 million in funding in 2020 and 2021, only 22 (or 3%) were led by female CEOs.
Security Boulevard
MAY 23, 2022
While the terms might be more familiar to fans of old-fashioned cowboy films, “white hat” and “black hat” have found modern relevance in the world of computer hacking. In the black-and-white cowboy films of yesteryear, the concept of the white hat vs. the black hat was originally developed to help audiences easily identify the hero and the villain. Today, these terms are now used to identify two types of hackers : white hat hackers and black hat hackers. .
Dark Reading
MAY 23, 2022
A culture of trust, combined with tools designed around employee experience, can work in tandem to help organizations become more resilient and secure.
Heimadal Security
MAY 23, 2022
The spoofed BitVex crypto trading platform claims to be managed by Tesla CEO Elon Musk, who founded it to provide 30% returns on bitcoin deposits. What Happened? This phishing attempt started earlier this month with threat actors establishing new YouTube accounts or hacking into ones that already existed in order to broadcast deep fake films […].
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Dark Reading
MAY 23, 2022
NIST may be on the brink of revealing which post-quantum computing encryption algorithms it is endorsing, solidifying commercial developments like QuProtect.
Malwarebytes
MAY 23, 2022
Last week on Malwarebytes Labs: Fake reCAPTCHA forms dupe users via compromised WordPress sites How COVID-19 fuelled a surge in malware Why MRG-Effitas matters to SMBs “Look what I found here” phish targets Facebook users AirTag stalking: What is it, and how can I avoid it? Long lost @ symbol gets new life obscuring malicious URLs Gmail-linked Facebook accounts vulnerable to attack using a chain of bugs—now fixed Update now!
Security Boulevard
MAY 23, 2022
Our experts discuss the prevalence of supply chain attacks and how organizations can manage their software supply chain risks. The post AppSec Decoded: Managing software supply chain risks appeared first on Application Security Blog. The post AppSec Decoded: Managing software supply chain risks appeared first on Security Boulevard.
Bleeping Computer
MAY 23, 2022
US car manufacturer GM disclosed that it was the victim of a credential stuffing attack last month that exposed customer information and allowed hackers to redeem rewards points for gift cards. [.].
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Expert insights. Personalized for you.
258 
Let's personalize your content