Troy Hunt

JANUARY 23, 2022

I have been, and still remain, a massive proponent of "the cloud" I built Have I Been Pwned (HIBP) as a cloud-first service that took advantage of modern cloud paradigms such as Azure Table Storage to massively drive down costs at crazy levels of performance I never could have achieved before. I wrote many blog posts about doing big things for small dollars and did talks all over the world about the great success I'd had with these approaches.

Passwords 363

Passwords Accountability Firewall Risk 363

Lohrman on Security

JANUARY 23, 2022

Recent cyber attacks against Ukrainian websites have focused global attention on the potential for wider online conflict. So what are the new cyber threats and potential scenarios to be prepared for?

Cyber Attacks 266

Cyber Attacks Cyber threats 266

Bleeping Computer

JANUARY 23, 2022

The Federal Bureau of Investigation (FBI) warned Americans this week that cybercriminals are using maliciously crafted Quick Response (QR) codes to steal their credentials and financial info. [.].

145

145

Security Boulevard

JANUARY 23, 2022

via the Comic Noggins of Nitrozac and Snaggy at The Joy of Tech® ! Permalink. The post Joy Of Tech® ‘I See You Bought Activision Blizzard!’ appeared first on Security Boulevard.

135

135

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Bleeping Computer

JANUARY 23, 2022

Microsoft is testing a new hidden feature in the latest Windows 11 preview build that rejuvenates the user interface for Task Manager with a new design and modern appearance. [.].

124

124

Security Boulevard

JANUARY 23, 2022

Our thanks to Security BSides London for publishing their tremendous videos from the Security BSides London 2021 Conference on the organization’s YouTube channel. Enjoy! Permalink. The post Security BSides London 2021 – Glenn Pegden’s & Stephan Steglich’s ‘Pushing Left – How We’re All Doing It Wrong’ appeared first on Security Boulevard.

Education 132

Education InfoSec Information Security Cybersecurity 132

Security Boulevard

JANUARY 23, 2022

What are DDOS attack tools? DDOS attacks are cyber- attacks targeted at rendering certain computers, network systems and servers non-functional. The processes involved in its execution can be however complicated. Attackers have to carry out a long series of actions that involve social engineering, data breaches and sometimes even system testing. Due to the sophistication [.].

DDOS 119

DDOS Social Engineering Data breaches Cyber Attacks 119

CyberSecurity Insiders

JANUARY 23, 2022

To all those Windows 10 Operating System (OS) users, here’s a piece of advice that will help in protecting your PC from ransomware. Microsoft has offered a 2-layer protection by default on all the systems running on Win 10 OS to help keep the file encrypting malware at bay. First is the regular malware scanning feature that is turned on by default and keeps a regular tab of discrepancies that are taking place on a system and keeps the user informed.

Ransomware 111

Ransomware Encryption Backups Malware 111

Security Affairs

JANUARY 23, 2022

OpenSubtitles has suffered a data breach, the maintainers confirmed that the incident impacted 7 Million subscribers. OpenSubtitles is a popular subtitles websites, it suffered a data breach that affected 6,783,158 subscribers. Exposed data include email and IP addresses, usernames, the country of the user and passwords stored as unsalted MD5 hashes.

Data breaches 109

Data breaches Passwords Hacking Accountability 109

Security Boulevard

JANUARY 23, 2022

Researchers at The Citizen Lab at the University of Toronto dug into the MY2022 COVID-19 exposure tracing application mandated for use by attendees and participants in the Beijing Winter Olympic Games—and what they found wasn’t pretty. The app is required to be used by any member of the press, athlete and/or delegation attending the Olympic. The post China’s MY2022 App Could Do More Than Trace COVID-19 Exposure appeared first on Security Boulevard.

Data privacy 109

Data privacy Encryption Security Awareness Mobile 109

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

The Hacker News

JANUARY 23, 2022

The maintainers of the Rust programming language have released a security update for a high-severity vulnerability that could be abused by a malicious party to purge files and directories from a vulnerable system in an unauthorized manner.

105

105

Trend Micro

JANUARY 23, 2022

We investigated the most recent activities of APT36, also known as Earth Karkaddan, a politically motivated advanced persistent threat (APT) group, and discuss its use of CapraRAT, an Android RAT with clear similarities in design to the group’s favored Windows malware, Crimson RAT.

Malware 94

Malware 94

Security Affairs

JANUARY 23, 2022

The FBI warns that cybercriminals are using malicious QR codes to steal their credentials and financial info. The Federal Bureau of Investigation (FBI) published a public service announcement (PSA) to warn that cybercriminals are using QR codes to steal their credentials and financial info. QR codes are widely adopted by businesses to facilitate payment.

Cryptocurrency 92

Cryptocurrency Social Engineering Malware Scams 92

CyberSecurity Insiders

JANUARY 23, 2022

According to a research conducted by Avast, grandparents aged between in 55 to 64 are being targeted mainly by those spreading ransomware, tech support scams, spyware and botnets. Whereas, the younger generation was being hit by TikTok scams that mainly spread malware, spyware, adware and data, stealing Trojans to mobiles. The reason the older and younger generation is being targeted by two different online threats is simple- because they use a different type of computing devices to access onlin

Scams 90

Scams Ransomware Spyware Adware 90

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Security Affairs

JANUARY 23, 2022

Cybersecurity provider F5 released security patches to address 25 vulnerabilities affecting its BIG-IP, BIG-IQ, and NGINX products. Cybersecurity firm F5 announced security patches for 25 vulnerabilities affecting its BIG-IP, BIG-IQ, and NGINX products. Most of the vulnerabilities (23) addressed by the company affect the BIG-IP application delivery controller (ADC), 13 of them have been rated as high-severity issues (CVSS score 7.5).

DNS 91

DNS Cybersecurity Authentication Hacking 91

Security Boulevard

JANUARY 23, 2022

Our thanks to Security BSides London for publishing their tremendous videos from the Security BSides London 2021 Conference on the organization’s YouTube channel. Enjoy! Permalink. The post Security BSides London 2021 – Foo Meden’s ‘Securing Cloud Delivery Pipelines – Findings From A Blue/Red Team Security Simulation’ appeared first on Security Boulevard.

Education 91

Education InfoSec Information Security Cybersecurity 91

Security Affairs

JANUARY 23, 2022

US CISA added seventeen new actively exploited vulnerabilities to the ‘Known Exploited Vulnerabilities Catalog’ The ‘ Known Exploited Vulnerabilities Catalog ‘ is a list of known vulnerabilities that threat actors have abused in attacks and that are required to be addressed by Federal Civilian Executive Branch (FCEB) agencies.

Authentication 86

Authentication Hacking Government Cybersecurity 86

WIRED Threat Level

JANUARY 23, 2022

You know those “emergency” email addresses you can use to get into your email and other accounts in case you're locked out? Make sure they're up-to-date.

Accountability 83

Accountability 83

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Trend Micro

JANUARY 23, 2022

LockBit ransomware's operators announced the release of its first Linux and ESXi variant in October. With samples also spotted in the wild, we discuss the impact and analysis of this variant.

Ransomware 76

Ransomware 76

Security Affairs

JANUARY 23, 2022

A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. If you want to also receive for free the newsletter with the international press subscribe here. Pay attention to Log4j attacks, Dutch National Cybersecurity Centre (NCSC) warns Vulnerabilities in Control Web Panel potentially expose Linux Servers to hack US Treasury Department sanctions 4 Ukrainian officials for working with Russian intellige

VPN 73

VPN Ransomware Spyware DDOS 73

Security Boulevard

JANUARY 23, 2022

Kubernetes is the popular container orchestration platform developed by Google to manage large-scale containerized applications. Kubernetes manages microservices applications over a distributed cluster of nodes. It is very resilient and supports scaling, rollback, zero downtime, and self-healing containers. The primary aim of Kubernetes is to mask the complexity of overseeing a large fleet of containers. […]… Read More.

52

52

Malwarebytes

JANUARY 23, 2022

Not all data privacy rights are the same. There’s the flimsy, the firm, the enforceable, and the antiquated, and, unfortunately, much of what determines the quality of your own data privacy rights is little more than your home address. Those in Chile, for example, enjoy a globally rare constitutional right to data protection, and if any Chilean feels their rights have been disturbed or threatened, they can file a “Constitutional Protection Action.

Data privacy 110

Data privacy Internet Internet VPN 110

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

Security Boulevard

JANUARY 23, 2022

Canada’s federal government admitted to surveilling its population’s movements during the COVID-19 lock-down by tracking 33 million phones, the FBI warned that a hacker group has been sending malware-laden USB sticks to companies, and details on a new law in the United States which will install kill switches in new cars. ** Links mentioned on […]. The post Pandemic Surveillance in Canada, Malware-Filled USB Sticks are Back, Kill Switches in New Cars appeared first on The Shared Security Show.

Surveillance 109

Surveillance Malware Government Social Engineering 109

Security Affairs

JANUARY 23, 2022

Cyberespionage group Molerats has been observed abusing legitimate cloud services, like Google Drive and Dropbox as attack infrastructure. Zscaler ThreatLabz analyzed an active espionage campaign carried out by Molerats cyberespionage group (aka TA402, Gaza Hackers Team, Gaza Cybergang , and Extreme Jackal) that abuses legitimate cloud services like Google Drive and Dropbox as attack infrastructure.

Manufacturing 109

Manufacturing Banking Phishing Malware 109