Troy Hunt
MAY 6, 2022
It's back to business as usual with more data breaches, more poor handling of them and more IoT pain. I think on all those fronts there's a part of me that just likes the challenge and the opportunity to fix a broken thing. Or maybe I'm just a sucker for punishment, I don't know, but either way it's kept me entertained and given me plenty of new material for this week's video 😊 References The book is almost ready to launch!
Tech Republic Security
MAY 6, 2022
Several businesses in critical infrastructure were forced to confront some hard truths in the wake of the 2021 ransomware attack. The post One year removed from the Colonial Pipeline attack, what have we learned? appeared first on TechRepublic.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
CyberSecurity Insiders
MAY 6, 2022
World Password Day is celebrated in May every year and is being done since 2013 as a group of Cybersecurity Professionals declared the first Thursday of May every year as the day to celebrate as the security day of our online lives. Like how we celebrate International’s Mother’s day every year on the second Sunday of May every year. Microsoft says that we need to ditch passwords forever to stay safe online as there are 921 password attacks taking place every second all over the world that have d
Tech Republic Security
MAY 6, 2022
Learn about the on-device and network security options available to you in order to supercharge your internet security when browsing the web and using apps on iOS. The post How to secure your internet activity on iOS devices appeared first on TechRepublic.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Security Boulevard
MAY 6, 2022
This week, the White House issued a memorandum and executive order that put a shedload of wood behind the quantum-computing arrow. The post Biden Revs Up US Quantum Plans (Because China) appeared first on Security Boulevard.
Tech Republic Security
MAY 6, 2022
A cyberespionage threat actor dubbed Mustang Panda hits Europe with a new attack campaign. Read more about it and how to protect yourself from it. The post Cyberespionage: New Mustang Panda campaign targets Europe appeared first on TechRepublic.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Tech Republic Security
MAY 6, 2022
SentinelOne and CrowdStrike are two of the most advanced endpoint detection and response tools. Which of these EDR tools are right for your business? The post SentinelOne vs CrowdStrike: Compare EDR software appeared first on TechRepublic.
Security Boulevard
MAY 6, 2022
On May 5, 2022, MITRE published CVE-2022-1388, an authentication bypass vulnerability in the BIG-IP modules affecting the iControl REST component. The vulnerability was assigned a CVSSv3 score of 9.8 The vulnerability was discovered internally by the F5 security team and there is no evidence of whether it’s exploited publicly. There is no publicly available proof [.].
Tech Republic Security
MAY 6, 2022
It turns out that security depends on knowing where you code comes from. The post How Microsoft will publish info to comply with executive order on software bill of materials appeared first on TechRepublic.
Security Boulevard
MAY 6, 2022
When COVID-19 forced the world into lockdown, the business world quickly pivoted to modernize operations and transition workloads to the cloud. Now that we are two years in, many companies are enjoying the benefits of the cloud-based future that allows for greater convenience and helps them be nimbler in a hybrid workspace. With the cloud, The post Why You Should Strengthen Your SaaS Data Protection appeared first on Security Boulevard.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Tech Republic Security
MAY 6, 2022
Microsoft Defender for Endpoint and VMware Carbon Black Endpoint are leading endpoint detection and and response security solutions. See how these EDR tools compare. The post Microsoft Defender vs Carbon Black: EDR software comparison appeared first on TechRepublic.
Security Boulevard
MAY 6, 2022
IDC MarketScape has named Contrast Security a ‘Major Player’ in the 2022 IDC MarketScape: Worldwide Application Security Testing, Code Analytics, and Software Composition Analysis 2022 Vendor Assessment – Coordinating Security and Quality for Resilience and DevSecOps (doc# US47097521). . The post Contrast Security named a ‘Major Player’ in the 2022 IDC MarketScape Report appeared first on Security Boulevard.
Digital Shadows
MAY 6, 2022
In late 2021, we observed a new ransomware operation named “ALPHV” (also known as BlackCat) emerge. The group operates as. The post ALPHV: The First Rust-Based Ransomware first appeared on Digital Shadows.
Security Boulevard
MAY 6, 2022
On any given day, Sonatype's security research team analyzes dozens to hundreds of suspicious packages published to open source registries including npm and PyPI. The post npm package downloads another package while exfiltrating your IP address and username appeared first on Security Boulevard.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
The Hacker News
MAY 6, 2022
Cybersecurity researchers have discovered a new Windows malware with worm-like capabilities and is propagated by means of removable USB devices. Attributing the malware to a cluster named "Raspberry Robin," Red Canary researchers noted that the worm "leverages Windows Installer to reach out to QNAP-associated domains and download a malicious DLL.
Security Boulevard
MAY 6, 2022
The Log4Shell vulnerability affecting Apache’s Log4j library and the ProxyLogon and ProxyShell vulnerabilities affecting Microsoft Exchange email servers topped the list of the most routinely exploited vulnerabilities in 2021. These threats were outlined in a joint Cybersecurity Advisory (CSA) coauthored by the cybersecurity authorities of the United States, Australia, Canada, New Zealand and the United.
Bleeping Computer
MAY 6, 2022
The US Department of Treasury today sanctioned cryptocurrency mixer Blender.io used last month by the North Korean-backed Lazarus hacking group to launder funds stolen from Axie Infinity's Ronin bridge. [.].
Security Boulevard
MAY 6, 2022
This Week In Malware we pull apart a typosquat impersonating an Apache Kafka project and an interesting npm package that downloads another empty npm package—but turns out that's merely a distraction technique. The post This Week in Malware—Apache Kafka typosquats, shorthand data exfiltration appeared first on Security Boulevard.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
The Hacker News
MAY 6, 2022
A pay-per-install (PPI) malware service known as PrivateLoader has been spotted distributing a "fairly sophisticated" framework called NetDooka, granting attackers complete control over the infected devices.
Security Boulevard
MAY 6, 2022
In the cybersecurity industry, ransomware has been the story of the past few years. Despite being around for over a decade or more, attacks leveraging the malware really spiked during the pandemic. It continues to run wild thanks to a perfect storm of sub-par corporate security, highly accessible ransomware-as-a-service (RaaS) offerings on the dark web, and hostile nations prepared to shield criminal actors.
Bleeping Computer
MAY 6, 2022
One of Ferrari's subdomains was hijacked yesterday to host a scam promoting fake Ferrari NFT collection, according to researchers. The Ethereum wallet associated with the cryptocurrency scam appears to have collected a few hundred dollars before the hacked subdomain was shut down. [.].
The Hacker News
MAY 6, 2022
The China-based threat actor known as Mustang Panda has been observed refining and retooling its tactics and malware to strike entities located in Asia, the European Union, Russia, and the U.S.
Advertisement
The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.
Malwarebytes
MAY 6, 2022
If you’ve dealt with a scammer, you’ll know that making up stories is their bread and butter. Think about it: Just when you thought you’d heard all the infamous 419 scam backstories, scammers surprise you with a “stuck astronaut” scam, something so utterly hilarious, nonsensical, and otherworldly that you’ve just got to tell your friends and families about it.
Bleeping Computer
MAY 6, 2022
The U.S. Securities and Exchange Commission (SEC) announced Friday that it settled charges against multinational tech firm NVIDIA for "inadequate disclosures" of cryptomining's impact on its gaming business. [.].
CyberSecurity Insiders
MAY 6, 2022
Wipro has proudly announced that it has earned Microsoft (MS) Cloud Security specialization that has been added to its portfolio of end to end solutions. Microsoft doesn’t give specialization certificates to companies that easily and Wipro might have proved its capabilities in identity and access management, threat protection, information protection and governance, and cloud security to earn such appreciation that is now world renowned.
Bleeping Computer
MAY 6, 2022
Microsoft says the Xbox Live services are currently down in a major outage, impacting customers worldwide and preventing them from launching or buying games. [.].
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Malwarebytes
MAY 6, 2022
I don’t know about you, but I open Instagram to look at cool photos of pets, not to make a fortune via suspicious claims of riches by strangers. Despite this, following someone whose photos I liked resulted in a very peculiar message. It’s possible I waved goodbye to a path to untold riches. Maybe if I’d stayed the course I’d now have my own “Become a millionaire in six months or less” e-book.
Dark Reading
MAY 6, 2022
An operational slip-up led security researchers to an attacker associated with Nigerian letter scams and malware distribution, after he infected himself with Agent Tesla.
Malwarebytes
MAY 6, 2022
OpenSea, the primary marketplace for buyers and sellers of non-fungible tokens ( NFTs ), has reported major problems with its Discord support channel. How major? Well, there’s a “potential vulnerability” which allowed spambots to post phishing links to other users. A problem that lead OpenSea Support to declare “please do not click any links in the Discord.” We are currently investigating a potential vulnerability in our Discord, please do not click on any links in
Bleeping Computer
MAY 6, 2022
AGCO, a leading US-based agricultural machinery producer, has announced it was hit by a ransomware attack impacting some of its production facilities. [.].
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Expert insights. Personalized for you.
269 
Let's personalize your content