Tue.Jun 28, 2022

article thumbnail

The Cybersecurity Skills Gap is Another Instance of Late-stage Capitalism

Daniel Miessler

It’s common to hear that it’s hard to get into cybersecurity, and that this is a problem. That seems to be true, but it’s informative to ask a simple follow-up: The current cybersecurity jobs gap sits at around 2.7 million people. A problem for who? I think what we’re facing is an instance of the Two-Worlds Problem that’s now everywhere in US society.

article thumbnail

When Security Locks You Out of Everything

Schneier on Security

Thought experiment story of someone of someone who lost everything in a house fire, and now can’t log into anything: But to get into my cloud, I need my password and 2FA. And even if I could convince the cloud provider to bypass that and let me in, the backup is secured with a password which is stored in—you guessed it—my Password Manager.

Passwords 269
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

The Link Between AWM Proxy & the Glupteba Botnet

Krebs on Security

On December 7, 2021, Google announced it was suing two Russian men allegedly responsible for operating the Glupteba botnet, a global malware menace that has infected millions of computers over the past decade. That same day, AWM Proxy — a 14-year-old anonymity service that rents hacked PCs to cybercriminals — suddenly went offline. Security experts had long seen a link between Glupteba and AWM Proxy, but new research shows AWM Proxy’s founder is one of the men being sued by Goo

Passwords 225
article thumbnail

Fireside chat: The inevitable replacement of VPNs by ‘ZTNA’ — zero trust network access

The Last Watchdog

Virtual Private Networks – VPNs – remain widely used in enterprise settings. Don’t expect them to disappear anytime soon. This is so, despite the fact that the fundamental design of a VPN runs diametrically opposed to zero trust security principles. I had the chance to visit with David Holmes, network security analyst at Forrester, to learn more about how this dichotomy is playing out as companies accelerate their transition to cloud-centric networking.

VPN 190
article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

Pentagon finds concerning vulnerabilities on blockchain

Tech Republic Security

A new report reveals that blockchain is neither decentralized nor updated. The post Pentagon finds concerning vulnerabilities on blockchain appeared first on TechRepublic.

Big data 218
article thumbnail

City worker loses USB stick containing data on every resident after day of drinking

Malwarebytes

A person working in the city of Amagasaki, in Western Japan, has mislaid a USB stick which contained data on the city’s 460,000 residents. The USB drive was in a bag that went missing during a reported day of drinking and dining at a restaurant last Tuesday. The person reported it to the police the following day. Data on the USB drive included names, gender, birthdays, and addresses.

More Trending

article thumbnail

Over 900,000 Kubernetes instances found exposed online

Bleeping Computer

Over 900,000 misconfigured Kubernetes clusters were found exposed on the Internet to potentially malicious scans, some even vulnerable to data-exposing cyberattacks. [.].

Internet 136
article thumbnail

How to transfer data from LastPass to 1Password

Tech Republic Security

Transferring data between password managers is a serious undertaking. Learn how to safely transfer data from LastPass to 1Password. The post How to transfer data from LastPass to 1Password appeared first on TechRepublic.

article thumbnail

Cyber Insurance: The Good, the Bad, and the Ugly

IT Security Guru

The past decade has seen cybersecurity barge its way into the mainstream. A meteoric rise in attack rates during COVID-19 , major incidents such as the Colonial Pipeline attack, and an increasingly tense geopolitical landscape have all contributed to cybersecurity’s current position at the top of global news feeds. As cybercrime infects every facet of our daily lives, and technological advancements do little to stop the spread, many security professionals are turning to traditional solutions for

article thumbnail

New Bumblebee malware loader increasingly adopted by cyber threat groups

Tech Republic Security

Conti, Quantum and Mountlocker were all linked to having used the new piece of software to inject systems with ransomware. The post New Bumblebee malware loader increasingly adopted by cyber threat groups appeared first on TechRepublic.

article thumbnail

Beware of Pixels & Trackers on U.S. Healthcare Websites

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

article thumbnail

LGBTQ+ community targeted by extortionists who threaten to publish nudes

Malwarebytes

The FTC (Federal Trade Commission) has warned the LGBTQ+ community about extortionists posing as potential romantic partners on Grindr and Feeld. The scammers send their targets explicit photos and then ask for them to reciprocate. If they do, targets are then blackmailed into paying a ransom, usually in the form of gift cards, or risk having these photos leaked to family, friends, and employers.

Media 110
article thumbnail

Cisco partnering with GDIT to provide private 5G to government agencies

Tech Republic Security

The two companies announced their intention to bring Cisco’s private 5G solution to the public sector. The post Cisco partnering with GDIT to provide private 5G to government agencies appeared first on TechRepublic.

article thumbnail

Latest OpenSSL version is affected by a remote memory corruption flaw

Security Affairs

Expert discovered a remote memory-corruption vulnerability affecting the latest version of the OpenSSL library. Security expert Guido Vranken discovered a remote memory-corruption vulnerability in the recently released OpenSSL version 3.0.4. The library was released on June 21, 2022, and affects x64 systems with the AVX-512 instruction set. “OpenSSL version 3.0.4, released on June 21th 2022, is susceptible to remote memory corruption which can be triggered trivially by an attacker.

Hacking 117
article thumbnail

Russian DDoS attack on Lithuania was planned on Telegram, Flashpoint says

CSO Magazine

Cyberattacks on the Lithuanian government and private institutions conducted by the Russian cybercollective Killnet, and the group's possible collaboration with the Conti hacking gang, were shared on the Telegram messaging service ahead of a major DDoS attack Monday, according to cybersecurity company Flashpoint. Multiple attacks on Lithuanian entities have been claimed by Killnet on its Telegram channel "WE ARE KILLNET," in response to Lithuania's June 18 restrictions of trade routes with Russ

DDOS 118
article thumbnail

Software Composition Analysis: The New Armor for Your Cybersecurity

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

article thumbnail

Smash-and-grab: AstraLocker 2.0 pushes ransomware direct from Office docs

Security Boulevard

ReversingLabs recently discovered instances of the AstraLocker 2.0 malware distributed directly from Microsoft Word files used in phishing attacks. Executive Summary. ReversingLabs recently discovered of a new version of the AstraLocker ransomware (AstraLocker 2.0) that was being distributed directly from Microsoft Office files used as bait in phishing attacks.

article thumbnail

California State Privacy Law Leads Protection of Children in the US

TrustArc

The CCPA 2018 has the strongest protections for children among US privacy regulations, building on the previous California State Privacy Laws.

131
131
article thumbnail

Cloud security risks remain very human

InfoWorld on Security

Talk about cloud security and you’re likely to discuss provider-focused issues: not enough security, not enough auditing, not enough planning. However, the biggest cloud security risks continue to be the people who walk beside you in the hallways. According to the latest “Top Threats to Cloud Computing” report by the Cloud Security Alliance on the HealthITSecurity website, the scary calls are coming from inside the house.

Risk 115
article thumbnail

Russian Hackers Declare War on Lithuania — Killnet DDoS Panic

Security Boulevard

NATO member Lithuania is under attack from Russian hacking group Killnet. It raises serious concerns over Russia’s use of cyber warfare against NATO states. The post Russian Hackers Declare War on Lithuania — Killnet DDoS Panic appeared first on Security Boulevard.

DDOS 116
article thumbnail

From Complexity to Clarity: Strategies for Effective Compliance and Security Measures

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

article thumbnail

New Firefox privacy feature strips URLs of tracking parameters

Bleeping Computer

Mozilla Firefox 102 was released today with a new privacy feature that strips parameters from URLs that are used to track you around the web. [.].

Software 130
article thumbnail

Man in the Middle Attacks: What are they anyway, and how to prevent them.

Security Boulevard

Man in the Middle (MitM) is a term used to describe a cyber-attack where the cybercriminal comes between with user and their application. In these attacks, a hacker will inject code to hijack the application to steal credentials or open a backdoor to their network. These attacks are very dangerous because often, the victim does […]. The post Man in the Middle Attacks: What are they anyway, and how to prevent them. first appeared on SlashNext.

article thumbnail

ShadowPad malware on Industrial Control Systems of Asia

CyberSecurity Insiders

Kaspersky, the Russian originated Cybersecurity firm has discovered in its latest studies that cyber crooks are targeting Industrial Control Systems (ICS) operating in Asia and targeting companies operating in logistics, transportation, telecom and airlines sectors operating in Afghanistan, India, Pakistan and Malaysian regions. Researchers from the security firm state they detected the said cyber threat in Oct’21 and found that the hackers were infiltrating the industrial control systems throug

Malware 111
article thumbnail

Privacy in the Metaverse

Security Boulevard

As AR, VR, and AI advance and the Metaverse is assembled, here are some. considerations for your company’s privacy compliance. The post Privacy in the Metaverse appeared first on Security Boulevard.

115
115
article thumbnail

Successful Change Management with Enterprise Risk Management

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

article thumbnail

CafePress Was Fined $500,000 Following Major Data Breach

Heimadal Security

CafePress, Inc. is an American company that operates as an online retailer of both stock and on-demand goods that have been personalized by customers. Although the business was started in San Mateo, California, the company’s current headquarters and manufacturing plant are both located in Louisville, Kentucky. CafePress.com was honored with the People’s Voice Webby Award […].

article thumbnail

Russia-China cybercriminal collaboration could “destabilize” international order

CSO Magazine

In a riff on the “Field of Dreams” theme, Russian cybercriminals continue to court their Chinese counterparts in hopes of forming mutually beneficial avenues of collaboration and are finding the Chinese to be a tough date. The latest peek into this engagement of Russia-China “frenemies” comes to us from Cybersixgill and its The Bear and The Dragon analysis of the two communities.

108
108
article thumbnail

ANAF Spearphishing Campaign Zeroes in on Romanian Businesses

Heimadal Security

A new spearphishing campaign has been detected in the wild, specifically targeting Romanian businesses under the guise of ANAF, the Romanian counterpart of the IRS. Business owners are being informed via email that they have outstanding taxes and, therefore, are solicited to make the payment as soon as possible. Local Romanian authorities are advising business […].

article thumbnail

Protecting Organizations From 5G Threats

Security Boulevard

The industry is buzzing about 5G technology and its potential. For example, almost every new smartphone is advertised as “5G compatible,” with the majority of mobile subscriptions switching to 5G over the next five years. With its promise of improved speed, reliability and connectivity, 5G offers a wealth of benefits. The excitement globally connected communities.

Mobile 109
article thumbnail

ERM Program Fundamentals for Success in the Banking Industry

Speaker: William Hord, Senior VP of Risk & Professional Services

Enterprise Risk Management (ERM) is critical for industry growth in today’s fast-paced and ever-changing risk landscape. When building your ERM program foundation, you need to answer questions like: Do we have robust board and management support? Do we understand and articulate our bank’s risk appetite and how that impacts our business units? How are we measuring and rating our risk impact, likelihood, and controls to mitigate our risk?

article thumbnail

CISA Warns of Active Exploitation of 'PwnKit' Linux Vulnerability in the Wild

The Hacker News

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) this week moved to add a Linux vulnerability dubbed PwnKit to its Known Exploited Vulnerabilities Catalog, citing evidence of active exploitation. The issue, tracked as CVE-2021-4034 (CVSS score: 7.

article thumbnail

NATO Leaders are Meeting at the Madrid Summit 2022: What is going to happen?

Digital Shadows

Today, the leaders of the North Atlantic Treaty Organization (NATO) are gathering in Madrid, Spain for their annual Summit, where. The post NATO Leaders are Meeting at the Madrid Summit 2022: What is going to happen? first appeared on Digital Shadows.

104
104
article thumbnail

Raccoon Stealer is back with a new version to steal your passwords

Bleeping Computer

The Raccoon Stealer malware is back with a second major version circulating on cybercrime forums, offering hackers elevated password-stealing functionality and upgraded operational capacity. [.].

Passwords 116
article thumbnail

Facebook Business Pages Targeted via Chatbot in Data-Harvesting Campaign

Dark Reading

The clever, interactive phishing campaign is a sign of increasingly complex social-engineering attacks, researchers warn.

article thumbnail

Cover Your SaaS: How to Overcome Security Challenges and Risks For Your Organization

Speaker: Ronald Eddings, Cybersecurity Expert and Podcaster

So, you’ve accomplished an organization-wide SaaS adoption. It started slow, and now just a few team members might be responsible for running Salesforce, Slack, and a few others applications that boost productivity, but it’s all finished. Or is it? Through all the benefits offered by SaaS applications, it’s still a necessity to onboard providers as quickly as possible.