Schneier on Security
FEBRUARY 10, 2023
The tax code isn’t software. It doesn’t run on a computer. But it’s still code. It’s a series of algorithms that takes an input—financial information for the year—and produces an output: the amount of tax owed. It’s incredibly complex code; there are a bazillion details and exceptions and special cases. It consists of government laws, rulings from the tax authorities, judicial decisions, and legal opinions.
Troy Hunt
FEBRUARY 10, 2023
Did I really need to get a connected BBQ? No more than I needed to connect most of the other things in the house which is to say "a bit useful but not entirely necessary" But it's a fascinating process when looked at through the lens of how accessible the technology is to your average person given it's embedded in a consumer-orientated product.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Schneier on Security
FEBRUARY 10, 2023
Tuesday was the official publication date of A Hacker’s Mind: How the Powerful Bend Society’s Rules, and How to Bend them Back. It broke into the 2000s on the Amazon best-seller list. Reviews in the New York Times , Cory Doctorow’s blog , Science , and the Associated Press. I wrote essays related to the book for CNN and John Scalzi’s blog.
Tech Republic Security
FEBRUARY 10, 2023
A new Linux version of Royal ransomware is targeting VMware ESXi virtual machines. Learn more about this security threat and how to protect from it. The post Royal ransomware spreads to Linux and VMware ESXi appeared first on TechRepublic.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
InfoWorld on Security
FEBRUARY 10, 2023
Repatriation seems to be a hot topic these days as some applications and data sets return to where they came from. I’ve even been tagged in some circles as an advocate for repatriation, mostly because of this recent post. Once again I will restate my position: The overall goal is to find the most optimized architecture to support your business. Sometimes it’s on a public cloud, and sometimes it’s not.
Tech Republic Security
FEBRUARY 10, 2023
As cybersecurity threats increase in complexity and volume, the Department of Defense is turning to new technologies for help. The post New virtual data fabric to support DoD cyber testing appeared first on TechRepublic.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Tech Republic Security
FEBRUARY 10, 2023
The 2023 Benchmark survey of security pros worldwide found that companies are taking action on customer privacy, but transparency is key. The post Cisco: Companies are spending on privacy protection, but do customers know it? appeared first on TechRepublic.
Security Boulevard
FEBRUARY 10, 2023
Reddit got hacked with a “sophisticated” spear phishing attack. The individual victim was an employee who clicked the wrong email link. The post Reddit Hacked — 2FA is no Phishing Phix appeared first on Security Boulevard.
Tech Republic Security
FEBRUARY 10, 2023
The How to Hack from Beginner to Ethical Hacking Certification will teach you how to protect your systems and earn the trust of top clients. The post This beginner-friendly ethical hacker training is 97% off appeared first on TechRepublic.
Graham Cluley
FEBRUARY 10, 2023
Want to sell some cocaine, ecstasy (MDMA), crystal meth, or magic mushrooms? Twitter could be the place for you. And the site isn't going to do anything to shut down your account.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Bleeping Computer
FEBRUARY 10, 2023
A new cybersecurity advisory from the U.S. Cybersecurity & Infrastructure Security Agency (CISA) describes recently observed tactics, techniques, and procedures (TTPs) observed with North Korean ransomware operations against public health and other critical infrastructure sectors. [.
Graham Cluley
FEBRUARY 10, 2023
A Dallas state agency has admitted to paying $170,000 to hackers after it suffered an attack from the Royal ransomware group. Read more in my article on the Hot for Security blog.
SecureWorld News
FEBRUARY 10, 2023
As the world becomes increasingly digitized, our personal privacy and even physical safety are under threat from a variety of sources. One technology that has raised particular concerns is personal Bluetooth Low Energy (BLE) trackers. On one hand, these tiny devices can be incredibly useful for locating lost items like keys, purses, or even pets. On the other hand, they can be exploited by stalkers, thieves, and other criminals to carry out their illegal activities with little to no risk of gett
Security Boulevard
FEBRUARY 10, 2023
SafeBreach coverage for US-CERT Alert (AA22-335A) - Cuba Ransomware The post SafeBreach Coverage for US-CERT Alert (AA23-040A) – DPRK Malicious Cyber Activities appeared first on SafeBreach. The post SafeBreach Coverage for US-CERT Alert (AA23-040A) – DPRK Malicious Cyber Activities appeared first on Security Boulevard.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Malwarebytes
FEBRUARY 10, 2023
Facebook users need to be on their guard for bogus emails claiming to be from Facebook , that tell users their account has been disabled. The emails make use of the classic “apply some pressure” tactics so beloved of scammers everywhere. A missive that makes you shrug won’t get you clicking bogus links, but mails that say you've done something wrong, violated a rule, or at imminent risk of financial peril, are more likely to work.
Security Boulevard
FEBRUARY 10, 2023
In almost any type of warfare, reconnaissance is a much-needed first step. This certainly holds true for cyberwarfare. The steps are frequently portrayed as progressing from left to right. Two examples that describe the tactics attackers employ in a campaign are the MITRE ATT&CK framework and the Lockheed Martin Kill Chain. Pre-attack tactics like reconnaissance, The post The Dark Detectives: How to Defeat Reconnaissance-as-a-Service appeared first on Security Boulevard.
Malwarebytes
FEBRUARY 10, 2023
On Thursday, February 9, 2023, Reddit reported that it had experienced a security incident as a result of an employee being phished. What happened? According to Reddit, it "became aware of a sophisticated phishing campaign" late on February 5, 2023, that attempted to steal credentials and two-factor authentication tokens. One of its employees fell for the phish, and then self-reported, alerting Reddit to what had happened.
Bleeping Computer
FEBRUARY 10, 2023
Microsoft announced that it will retire Microsoft Support Diagnostic Tool (MSDT) troubleshooters in future versions of Windows, with MSDT ultimately being removed in 2025. [.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Heimadal Security
FEBRUARY 10, 2023
Are you on the lookout for threat-hunting tools? If so, you’ve come to the right place. Compared to network security systems that include appliances such as firewalls that monitor traffic as it flows through a scenario, threat hunting is a different approach to dealing with cyber-attacks. While traditional defense methods generally investigate threats after they […] The post 10 Free & Open Source Threat-Hunting Tools for 2023 appeared first on Heimdal Security Blog.
Security Boulevard
FEBRUARY 10, 2023
If you’re in the enterprise tech world, you know that prediction season is in full swing. The time is now for taking stock of the year past and looking ahead to what will impact business, innovation and how we work for the next 365 days. Is it an exact science? No. Are we always right? The post A Look Ahead to 2023: 4 Identity Security Predictions appeared first on Security Boulevard.
The Hacker News
FEBRUARY 10, 2023
Four different rogue packages in the Python Package Index (PyPI) have been found to carry out a number of malicious actions, including dropping malware, deleting the netstat utility, and manipulating the SSH authorized_keys file. The packages in question are aptx, bingchilling2, httops, and tkint3rs, all of which were collectively downloaded about 450 times before they were taken down.
Digital Guardian
FEBRUARY 10, 2023
This week saw the takedown of a cybercrime messaging platform, sanctions imposed on TrickBot members, the release of a recovery script for ransomware victims, and more. Catch up on the latest news in this week's Friday Five!
Advertisement
The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.
Malwarebytes
FEBRUARY 10, 2023
We continue to see the damaging repercussions of business email compromise (BEC) impacting organisations across the US and elsewhere. The Houston Chronicle reports that law enforcement seized $800,000 from a bank account used for pillaging funds from a construction management company. The attack BEC attacks revolve around an approach by a criminal who has compromised or spoofed an executive-level email account.
Bleeping Computer
FEBRUARY 10, 2023
The California-based networking hardware manufacturer 'A10 Networks' has confirmed to BleepingComputer that the Play ransomware gang briefly gained access to its IT infrastructure and compromised data. [.
CompTIA on Cybersecurity
FEBRUARY 10, 2023
Earning CompTIA Security+ helped cybersecurity specialist Vina Ta squash imposter syndrome, deepen her knowledge of IT security and reinforce her passion for working with people.
Bleeping Computer
FEBRUARY 10, 2023
The City of Oakland was hit by a ransomware attack on Wednesday night that forced it to take all systems offline until the network is secured and affected services are brought back online. [.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
The Hacker News
FEBRUARY 10, 2023
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added three flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active abuse in the wild. Included among the three is CVE-2022-24990, a bug affecting TerraMaster network-attached storage (TNAS) devices that could lead to unauthenticated remote code execution with the highest privileges.
Bleeping Computer
FEBRUARY 10, 2023
Microsoft says apps using DirectX are crashing on Windows systems with outdated Intel drivers after installing November 2022 cumulative updates. [.
Security Affairs
FEBRUARY 10, 2023
A ransomware attack hit the City of Oakland this week, forcing it to take all systems offline in response to the incident. The City of Oakland disclosed a ransomware attack, the security breach began on Wednesday night. In an abundance of caution, the City of Oakland has taken impacted systems offline, while they work to secure the impacted infrastructure. “The City of Oakland has learned that it was recently subject to a ransomware attack that began on Wednesday night.
Bleeping Computer
FEBRUARY 10, 2023
Multiple medical groups in the Heritage Provider Network in California have suffered a ransomware attack, exposing sensitive patient information to cybercriminals. [.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Expert insights. Personalized for you.
216 
Let's personalize your content