Schneier on Security

DECEMBER 21, 2022

They’re using commercial phones, which go through the Ukrainian telecom network : “You still have a lot of soldiers bringing cellphones to the frontline who want to talk to their families and they are either being intercepted as they go through a Ukrainian telecommunications provider or intercepted over the air,” said Alperovitch. “That doesn’t pose too much difficulty for the Ukrainian security services.” […]. “Security has always been a mess, bot

Telecommunications 224

Telecommunications Mobile 224

Tech Republic Security

DECEMBER 21, 2022

Microsoft has open sourced its framework for managing open source in software development. The post What is Microsoft’s Secure Supply Chain Consumption Framework, and why should I use it? appeared first on TechRepublic.

Software 142

Software 142

CyberSecurity Insiders

DECEMBER 21, 2022

John Stock, Product Manager, Outpost24. With continued challenges from remote and hybrid working, increased economic unrest and geopolitical conflict, and a new gang of teenage hackers , 2022 has certainly thrown cybersecurity professionals some curveballs. While many of the same trends and threats remain, 2023 is likely to keep us on our toes as these threats mature and the landscape continues to shift.

Cybersecurity 135

Cybersecurity Education Scams Internet 135

Thales Cloud Protection & Licensing

DECEMBER 21, 2022

Thales collaborates with Hewlett Packard Enterprise to Enhance 5G Subscriber Privacy and Security. divya. Thu, 12/22/2022 - 05:40. Thales collaborates with Hewlett Packard Enterprise (HPE) to provide enhanced privacy and secure authentication for global 5G users, further extending its partner ecosystem. The Thales Luna 7 Hardware Security Module (HSM), a world-class HSM, will power a foundation of trust around HPE’s Subscriber Data Management (SDM) solutions, ensuring subscriber data, transactio

Architecture 126

Architecture Authentication Telecommunications IoT 126

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

CyberSecurity Insiders

DECEMBER 21, 2022

Darren James, Head of Internal IT, Specops Software. It’s that time of year again, when IT and security experts line up to reflect on the past year and share their industry predictions for what’s to come. With the cybersecurity landscape more unpredictable than ever, it can be difficult to predict what’s going to happen tomorrow, let alone in the next 12 months.

Social Engineering 134

Social Engineering Passwords Password Management Cybersecurity 134

Heimadal Security

DECEMBER 21, 2022

This year, many ransomware-as-a-service groups, including Agenda and Qilin, have developed versions of their ransomware in Rust. Like its Golang counterpart, the Rust variant of Agenda has targeted essential industries. In the past month, Trend Micro has observed that the Agenda ransomware has posted information about many businesses on its leaked website.

Ransomware 110

Ransomware Cybersecurity 110

Security Affairs

DECEMBER 21, 2022

Play ransomware attacks target Exchange servers with a new exploit that bypasses Microsoft’s ProxyNotShell mitigations. Play ransomware operators target Exchange servers using a new exploit chain, dubbed OWASSRF by Crowdstrike, that bypasses Microsoft’s mitigations for ProxyNotShell vulnerabilities. The ProxyNotShell flaws are: CVE-2022-41040 – Microsoft Exchange Server Elevation of Privilege Vulnerability.

Ransomware 105

Ransomware Authentication Hacking Cybercrime 105

CyberSecurity Insiders

DECEMBER 21, 2022

Scientists at Aston University are predicting a data deluge by the year 2025 that will pave the way to storage crisis later. The researchers are worried that there would be an increase of 300% in the generation of data that would cause a global data storage crisis, provided it is dealt scientifically now. Aston University data scientists argue that cloud platforms will become full in the next 2-3 years, leaving the humans find for ways to support the storage tech in coming years.

Media 119

Media Manufacturing Information Security Cybersecurity 119

Security Boulevard

DECEMBER 21, 2022

The writing on the wall has dried. For many people, working five days a week in an office is a thing of the past, a cadence shift propelled by the pandemic and widely embraced by global workers demanding greater flexibility. This is great news for workers who want more control over how, where and when. The post Who’s Keeping Computers Safe When Everybody’s Working From Home?

Security Awareness 104

Security Awareness Risk Mobile Government 104

CyberSecurity Insiders

DECEMBER 21, 2022

All these days we have seen a lot of tweets from technologists like Elon Musk predicting robots propelled by Artificial Intelligence going against humanity. But if you want to see it practically on the silver screen, then you can watch the latest sci-fi thriller ‘Subservience’ that is being canned. Megan Fox will play an AI robot mother going rogue in the movie, alongside Michele Morrone.

Artificial Intelligence 110

Artificial Intelligence Media Cybersecurity 110

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

We Live Security

DECEMBER 21, 2022

It’s all fun and games over the holidays, but is your young gamer safe from the darker side of the action? The post ‘Tis the season for gaming: Keeping children safe (and parents sane) appeared first on WeLiveSecurity.

102

102

Bleeping Computer

DECEMBER 21, 2022

The FBI warns that threat actors are using search engine advertisements to promote websites distributing ransomware or stealing login credentials for financial institutions and crypto exchanges. [.].

Engineering 99

Engineering Phishing Malware Advertising 99

Security Boulevard

DECEMBER 21, 2022

A survey of more than 6,550 security professionals finds that while organizations continue to invest heavily in cybersecurity there’s still not a lot of confidence when it comes to actually being able to thwart attacks. Conducted by Ravn Research on behalf of Ivanti, an IT service management platform provider, the survey found 71% of respondents. The post 2023 Cybersecurity Spending Increases to Combat Evolving Threats appeared first on Security Boulevard.

Cybersecurity 98

Cybersecurity Security Awareness Network Security 98

Bleeping Computer

DECEMBER 21, 2022

The U.S. Federal Communications Commission proposed today a record-breaking $300 million fine against an auto warranty robocall operation that made billions of calls to more than 550 million phones across the United States. [.].

Government 98

Government 98

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Security Boulevard

DECEMBER 21, 2022

Threat actors have uploaded 144k malicious packages to NuGet, PyPI, and NPM, containing links to phishing and scam sites as part of a BlackHat SEO campaign to manipulate search engine results and promote scam pages through backlinks from trusted websites. The post SEO Poisoning Attack Linked to 144,000 Phishing Packages appeared first on Security Boulevard.

Phishing 98

Phishing Scams Engineering 98

The Hacker News

DECEMBER 21, 2022

Okta, a company that provides identity and access management services, disclosed on Wednesday that some of its source code repositories were accessed in an unauthorized manner earlier this month. "There is no impact to any customers, including any HIPAA, FedRAMP or DoD customers," the company said in a public statement. "No action is required by customers.

97

97

Security Boulevard

DECEMBER 21, 2022

Cymulate, a cybersecurity posture assessment platform provider, shared a technique, dubbed Blindside, that enables malware to evade some endpoint detection and response (EDR) platforms and other monitoring/control systems. Mike DeNapoli, director of technical messaging at Cymulate, said company researchers discovered that by using breakpoints to inject commands to perform unexpected, unwanted or malicious operations, it.

Malware 98

Malware Cybersecurity Network Security 98

Security Affairs

DECEMBER 21, 2022

American identity and access management giant Okta revealed that that its private GitHub repositories were hacked this month. Okta revealed that its private GitHub repositories were hacked this month, the news was first reported by BleepingComputer which had access to ‘confidential’ email notification sent by Okta. According to the notification threat actors have stolen the Okta’s source code. “As soon as Okta learned of the possible suspicious access, we promptly placed

Hacking 97

Hacking CSO Data breaches Engineering 97

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Security Boulevard

DECEMBER 21, 2022

Next-gen applications, architectures and networks require a next-gen approach to security. Today’s organizations, as they continue executing their digital transformation initiatives, are in a constant battle to one-up potential hackers, attackers and bad actors—and for good reason. The security perimeter has disappeared, the attack surface keeps growing and new attack vectors continue to emerge.

Network Security 98

Network Security Digital transformation Architecture Cybersecurity 98

Bleeping Computer

DECEMBER 21, 2022

An Android banking malware named 'Godfather' has been targeting users in 16 countries, attempting to steal account credentials for over 400 online banking sites and cryptocurrency exchanges. [.].

Banking 97

Banking Malware Cryptocurrency Accountability 97

Security Boulevard

DECEMBER 21, 2022

Would you let misconceptions keep you from adopting a tool that can help your security team do its best work? In my ten years of building security monitoring solutions, I learned that security teams need a strategic overall approach to detection in order to protect their organization. Yet I’ve found that many are hesitant to. The post Debunking 5 Myths About Detection-as-Code appeared first on Security Boulevard.

Security Awareness 98

Security Awareness Cybersecurity 98

Bleeping Computer

DECEMBER 21, 2022

Corsair has confirmed that a bug in the firmware of K100 keyboards, and not malware, is behind previously entered text being auto-typed into applications days later. [.].

Malware 98

Malware Firmware 98

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

Security Boulevard

DECEMBER 21, 2022

What happened in the Okta source code breach? Okta, a leading provider of authentication services and Identity and Access Management (IAM) solutions, confirmed that its private GitHub repositories were hacked this month. According to an email notification reported by BleepingComputer, and later confirmed by Okta security post, the incident involves threat actors stealing Okta's source code.

Accountability 98

Accountability Architecture Authentication Internet 98

Malwarebytes

DECEMBER 21, 2022

Researchers at Cyble Research & Intelligence Labs (CRIL) have found a new version of the Android banking Trojan called Godfather. The new version of Godfather uses an icon and name similar to a legitimate application named MYT Music, which is hosted on the Google Play Store with over 10 million downloads. History. Group-IB researchers established that Godfather is a successor of Anubis.

Banking 96

Banking Malware Mobile Financial Services 96

Security Boulevard

DECEMBER 21, 2022

In 2022, we continued to share valuable posts that uphold our mission to help companies manage and secure customer identities. We’re wrapping up the year by compiling a list of our top-performing blogs of 2022. The post A Look Back At Our 20 Top Performing Blogs in 2022 appeared first on Security Boulevard.

97

97

Security Affairs

DECEMBER 21, 2022

CyberNews researchers reported that Ecco, a global shoe manufacturer and retailer, exposed millions of documents. Original post @ [link]. Ecco, a global shoe manufacturer and retailer, exposed millions of documents. Not only could anyone have modified the data, but the server misconfiguration’s severity likely left the company open to an attack that could have affected customers all over the world.

Retail 95

Retail Manufacturing Phishing Authentication 95

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Security Boulevard

DECEMBER 21, 2022

Okta’s source code was stolen in a breach of their GitHub repos, marking the 2nd significant attack on this critical IAM provider. Read how to secure your Okta with ITDR. The post Okta’s Source Code Stolen in GitHub Breach appeared first on Authomize. The post Okta’s Source Code Stolen in GitHub Breach appeared first on Security Boulevard.

96

96

SecureBlitz

DECEMBER 21, 2022

There’s no denying that cybersecurity is an issue for anyone who uses a device. It doesn’t matter if it’s a person, a business, or an institution. Since most people use some form of technology and are always connected online, this is an ideal target for cyberattacks. Many different types of security risks have come and […]. The post Today’s Most Common Threats Against Cybersecurity appeared first on SecureBlitz Cybersecurity.

Cybersecurity 95

Cybersecurity Technology Risk Hacking 95

Heimadal Security

DECEMBER 21, 2022

RisePro, a new information-stealing malware, was recently observed on a dark web forum run by Russian cybercriminals. Since December 13, the virus has been offered for sale as a log credential stealer on underground forums, leading many to believe it is a clone of the Vidar Stealer. RisePro’s appearance on the Russian market is evidence […].

Malware 94

Malware Marketing Cybersecurity 94

Malwarebytes

DECEMBER 21, 2022

The Intellectual Property Office (IPO) , the UK government body overseeing intellectual property rights in the UK, has quietly released new guidance on piracy and online counterfeit goods. This campaign is a joint effort between IPO and Meta, Facebook’s parent company. The general issue on piracy is about the use of illegal streaming boxes and apps and how these not only expose children to age-inappropriate content due to lack of parental control but also risk putting sensitive personal in

Passwords 93

Passwords Accountability Government Technology 93

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.