Schneier on Security

JUNE 24, 2022

Earlier this month, I and others wrote a letter to Congress, basically saying that cryptocurrencies are an complete and total disaster, and urging them to regulate the space. Nothing in that letter is out of the ordinary, and is in line with what I wrote about blockchain in 2019. In response, Matthew Green has written —not really a rebuttal—but a “a general response to some of the more common spurious objections …people make to public blockchain systems.” In it, he

Cryptocurrency 364

Cryptocurrency Technology Scams Government 364

Troy Hunt

JUNE 24, 2022

First up, I'm really sorry about the audio quality on this one. It's the exact same setup I used last week (and carefully tested first) but it's obviously just super sensitive to the wind. If you look at the trees in the background you can see they're barely moving, but inevitably that was enough to really mess with the audio quality.

Data breaches 308

Data breaches Hacking 308

Tech Republic Security

JUNE 24, 2022

Solidify your skills as a cybersecurity professional by becoming certified. Here is a list of some of the best cybersecurity certifications available today. The post Best cybersecurity certifications in 2022 appeared first on TechRepublic.

Cybersecurity 213

Cybersecurity 213

Malwarebytes

JUNE 24, 2022

Microsoft’s PowerShell is a useful, flexible tool that is as popular with criminals as it is with admins. Cybercrooks like it becasue PowerShell is powerful, available almost everywhere, and doesn’t look out of place running on a company network. In most places it isn’t practical to block PowerShell completely, which raises the question: How do you stop the bad stuff without disrupting the good stuff?

Cybersecurity 142

Cybersecurity Malware Firewall System Administration 142

Speaker: Erroll Amacker

Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.

Risk

Tech Republic Security

JUNE 24, 2022

The group has targeted 50 businesses from English speaking countries since April 2022. The post Black Basta may be an all-star ransomware gang made up of former Conti and REvil members appeared first on TechRepublic.

Ransomware 195

Ransomware 195

The Hacker News

JUNE 24, 2022

Researchers have discovered a number of malicious Python packages in the official third-party software repository that are engineered to exfiltrate AWS credentials and environment variables to a publicly exposed endpoint. The list of packages includes loglib-modules, pyg-modules, pygrata, pygrata-utils, and hkg-sol-utils, according to Sonatype security researcher Ax Sharma.

Engineering 139

Engineering Software 139

Security Affairs

JUNE 24, 2022

The U.S. CISA and the Coast Guard Cyber Command (CGCYBER) warn of attacks exploiting the Log4Shell flaw in VMware Horizon servers. The U.S. Cybersecurity and Infrastructure Security Agency (CISA), along with the Coast Guard Cyber Command (CGCYBER), published a joint advisory to warn of hacking attempts exploiting the Log4Shell flaw in VMware Horizon servers to compromise target networks. “CISA and the United States Coast Guard Cyber Command (CGCYBER) have released a joint Cybersecurity Adv

Malware 138

Malware Hacking Cyber threats Government 138

Heimadal Security

JUNE 24, 2022

For many years, Google has been monitoring the activity of commercial spyware sellers and in conjunction with Google’s Project Zero, discovered the fact that RCS Labs, an Italian vendor, utilizes unusual drive-by downloads as first infection vectors to target iOS and Android mobile users. What Happened? Every campaign that TAG was made aware of began with […].

Spyware 137

Spyware Mobile Cybersecurity 137

Security Affairs

JUNE 24, 2022

Google’s Threat Analysis Group (TAG) revealed that the Italian spyware vendor RCS Labs was supported by ISPs to spy on users. Researchers from Google’s Threat Analysis Group (TAG) revealed that the Italian surveillance firm RCS Labs was helped by some Internet service providers (ISPs) in Italy and Kazakhstan to infect Android and iOS users with their spyware.

Surveillance 136

Surveillance Mobile Spyware Telecommunications 136

Security Boulevard

JUNE 24, 2022

A new cheatsheet from four infosec agencies tells us how to use PowerShell for good, rather than let scrotes misuse it to “live off the land.”. The post NSA Wants To Help you Lock Down MS Windows in PowerShell appeared first on Security Boulevard.

InfoSec 131

InfoSec Security Awareness Risk Government 131

Advertisement

Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.

Cyber threats

CSO Magazine

JUNE 24, 2022

Social engineering is involved in the vast majority of cyberattacks, but a new report from Proofpoint has revealed five common social engineering assumptions that are not only wrong but are repeatedly subverted by malicious actors in their attacks. Commenting on the report’s findings, Sherrod DeGrippo, Proofpoint’s vice president threat research and detection, stated that the vendor has attempted to debunk faulty assumptions made by organizations and security teams so they can better protect emp

Social Engineering 128

Social Engineering Engineering Cybercrime 128

eSecurity Planet

JUNE 24, 2022

PowerShell is one of the most common tools used by hackers in “living off the land” attacks, when malicious actors use an organization’s own tools against itself. This week, U.S. cybersecurity agencies joined their counterparts in the UK and New Zealand to offer guidance so organizations can use PowerShell safely. PowerShell is a command line tool and associated scripting language built on the.NET framework.

Cybersecurity 127

Cybersecurity Malware Phishing Authentication 127

CSO Magazine

JUNE 24, 2022

RCS Lab spyware uses known exploits to install harmful payloads and steal private user data, according to a Google report.

Spyware 125

Spyware Hacking 125

Security Boulevard

JUNE 24, 2022

There’s no question that state and local governments are getting pummeled by cyber attacks. While larger, high-profile cases like Colonial Pipeline and SolarWinds tend to dominate the news, it is important to acknowledge the impact of cyber crime on state and local governments. Ransomware attacks on state and local governments, for instance, increased in just a year by 485% in 2020.

Cybersecurity 122

Cybersecurity Government Cyber Attacks Ransomware 122

Advertisement

The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.

Cybersecurity

Naked Security

JUNE 24, 2022

Fortunately, it's not a major bugfix, which means it's easy to patch and can teach us all some useful lessons.

120

120

The Hacker News

JUNE 24, 2022

A China-based advanced persistent threat (APT) group is possibly deploying short-lived ransomware families as a decoy to cover up the true operational and tactical objectives behind its campaigns.

Ransomware 117

Ransomware Hacking 117

Security Affairs

JUNE 24, 2022

Researchers discovered multiple vulnerabilities in Jacuzzi SmartTub app web interface that can expose private data. Multiple vulnerabilities in Jacuzzi SmartTub app web interface could have disclosed private data to attackers, security researcher Eaton Zveare warns. The experts attempted to notify the company without success, meantime the flaws have been addressed.

Password Management 117

Password Management Passwords Accountability Mobile 117

Dark Reading

JUNE 24, 2022

A new study says 97% of open source vulnerabilities linked to software supply chain risks are not attackable — but is "attackability" the best method for prioritizing bugs?

Software 116

Software Risk 116

Speaker: Sierre Lindgren

Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.

Scams

Security Boulevard

JUNE 24, 2022

Various browser vendors (Apple, Google, Mozilla) recently announced support for the private access token (PAT), a new standard being drafted by the IETF. The privacy pass is designed to bring more privacy to web users, and reduce data collection or the need to interrupt the user experience with a CAPTCHA challenge commonly used by website […]. The post Privacy Access Token appeared first on Security Boulevard.

Data collection 115

Data collection 115

CSO Magazine

JUNE 24, 2022

A new easy-to-deploy identity platform was announced this week to help address growing concerns about identity theft. The Mitek Verified Identity Platform (MiVIP) melds the company's mobile technologies with those of its recent acquisitions to give its customers flexible control over their consumers' experiences. With MiVIP, customers have the ability to orchestrate the full range of authentication technologies offered by Mitek, including biometrics, geolocation, politically exposed persons (PEP

Identity Theft 109

Identity Theft Technology Mobile Authentication 109

Bleeping Computer

JUNE 24, 2022

The Conti ransomware operation has finally shut down its last public-facing infrastructure, consisting of two Tor servers used to leak data and negotiate with victims, closing the final chapter of the notorious cybercrime brand. [.].

Ransomware 108

Ransomware Cybercrime 108

We Live Security

JUNE 24, 2022

As Instagram tests a new age verification tool, what are some of the concerns when it comes to confirming someone's age on the internet? The post Instagram’s new age verification tool – Week in security with Tony Anscombe appeared first on WeLiveSecurity.

Internet 106

Internet Internet 106

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

Bleeping Computer

JUNE 24, 2022

Roskomnadzor, Russia's telecommunications watchdog, has fined Google 68 million rubles (roughly $1.2 million) for helping spread what it called "unreliable" information on the war in Ukraine and the failure to remove it from its platforms. [.].

Telecommunications 106

Telecommunications 106

Heimadal Security

JUNE 24, 2022

The technology that Threat Intelligence Platforms (TIP) employ allows companies to gather, aggregate, and manage threat intelligence data from a variety of sources and formats. The information on already known malware and other security threats enables security teams to identify, investigate, and respond to risks rapidly and effectively. Automation and simplification of the entire threat […].

Technology 105

Technology Malware Risk 105

The Hacker News

JUNE 24, 2022

A week after it emerged that a sophisticated mobile spyware dubbed Hermit was used by the government of Kazakhstan within its borders, Google said it has notified Android users of infected devices.

Spyware 105

Spyware Mobile Government Malware 105

Heimadal Security

JUNE 24, 2022

Welcome back to the wondrous world of patch management. Today we’re going to clear the air a bit by deliberating about hotfixes (not hot flashes). So, what is a hotfix? A hotfix can be regarded as a patch, but a patch is not a hotfix – makes a whole lot of sense, doesn’t it? Not […]. The post What is a Hotfix? Definition, Challenges, and Best Practices appeared first on Heimdal Security Blog.

105

105

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

The Hacker News

JUNE 24, 2022

A suspected ransomware intrusion against an unnamed target leveraged a Mitel VoIP appliance as an entry point to achieve remote code execution and gain initial access to the environment.

Ransomware 104

Ransomware Cybersecurity 104

Heimadal Security

JUNE 24, 2022

SAML, which stands for Security Assertion Markup Language, is an open federation standard that enables users to be authenticated by an identity provider (IdP), who may then provide an authentication token to another application, which is known as a service provider (SP). SAML makes it possible for the SP to function without having to do […]. The post A Comprehensive Guide to Security Assertion Markup Language (SAML) appeared first on Heimdal Security Blog.

Authentication 105

Authentication 105

Dark Reading

JUNE 24, 2022

Analysts say an 18% drop in ransomware attacks seen in May is likely fleeting, as Conti actors regroup.

Ransomware 103

Ransomware 103

Heimadal Security

JUNE 24, 2022

Nowadays, the majority of chief information security officers (CISOs) are most concerned about ransomware, which has emerged as one of the biggest security threats. Ransomware attacks not only affect large organizations and critical infrastructure, but they can also have a negative impact on local communities and disrupt many people’s daily lives.

Ransomware 105

Ransomware CISO Information Security Cybersecurity 105

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!