Schneier on Security
NOVEMBER 11, 2022
Here in 2022, we have a newly declassified 2016 Inspector General report—”Misuse of Sigint Systems”—about a 2013 NSA program that resulted in the unauthorized (that is, illegal) targeting of Americans. Given all we learned from Edward Snowden, this feels like a minor coda. There’s nothing really interesting in the IG document, which is heavily redacted.
Anton on Security
NOVEMBER 11, 2022
An influential Gartner paper stated many years ago that “Clouds Are Secure: Are You Using Them Securely?” So began the legend of cloud security vs secure clouds. When I was an analyst, we sometimes had to discuss with clients whether various providers of public cloud services are “secure.” Over time, these discussions dwindled to a small trickle as clients ultimately saw enough evidence that cloud infrastructure is indeed radically more secure than most data centers.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Schneier on Security
NOVEMBER 11, 2022
I have a new book coming out in February. It’s about hacking. A Hacker’s Mind: How the Powerful Bend Society’s Rules, and How to Bend them Back isn’t about hacking computer systems; it’s about hacking more general economic, political, and social systems. It generalizes the term hack as a means of subverting a system’s rules in unintended ways.
Security Boulevard
NOVEMBER 11, 2022
The C and C++ languages are unsafe. Instead, the NSA would like devs to use memory-safe languages—such as Rust. The post NSA’s Plea: Stop Using C and C++ (Because You’re Idiots) appeared first on Security Boulevard.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
CSO Magazine
NOVEMBER 11, 2022
The problems cybersecurity startups attempt to solve are often a bit ahead of the mainstream. They can move faster than most established companies to fill gaps or emerging needs. Startups can often innovative faster because they are unfettered by an installed base. The downside, of course, is that startups often lack resources and maturity. It’s a risk for a company to commit to a startup’s product or platform, and it requires a different kind of customer/vendor relationship.
Dark Reading
NOVEMBER 11, 2022
Chinese government employs spyware to detect so-called "pre-crimes" including using a VPN, religious apps, or WhatsApp, new analysis reveals.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
InfoWorld on Security
NOVEMBER 11, 2022
Observability is one of those concepts being tossed about these days in the tech press and at cloud computing conferences. Everyone has a definition of what it is and how it’s used. No two are the same. Observability seems to be mostly defined as the ability to determine key insights from a great deal of data. Observability as related to cloud operations (cloudops) normally uses data that’s being extracted from running systems.
Quick Heal Antivirus
NOVEMBER 11, 2022
QBot, also known as Qakbot, QuackBot, and Pinkslipbot, is a Banking Trojan that was first observed in 2007. The post QBOT – A HTML Smuggling technique to target victims appeared first on Quick Heal Blog | Latest computer security news, tips, and advice.
Security Boulevard
NOVEMBER 11, 2022
Have you received an email from a Nigerian prince asking for your help? Were you recently notified you won a lottery that you never participated in? If so, you’re in good company. Virtually everyone with an email address knows about phishing scams. If you’ve not received a phishing email, you might not know what they. The post Why Do Phishing Emails Have Such Obvious Typos?
eSecurity Planet
NOVEMBER 11, 2022
Check Point security researchers recently described the Azov ransomware as an “effective, fast, and unfortunately unrecoverable data wiper,” noting that the malware seems far more focused on destroying data than on any effort to demand a ransom. As Check Point’s Ji?í Vinopal put it , “Be careful about this one… If you get infected -> System is basically dead.” BleepingComputer’s Lawrence Abrams noted that the malware’s ransom note falsely claims it
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
We Live Security
NOVEMBER 11, 2022
When in doubt, kick it out, plus other tips for hardening your cyber-defenses against World Cup-themed phishing and other scams. The post FIFA World Cup 2022 scams: Beware of fake lotteries, ticket fraud and other cons appeared first on WeLiveSecurity.
Bleeping Computer
NOVEMBER 11, 2022
Microsoft announced that the Mobile Network Protection feature is generally available to help organizations detect network weaknesses affecting Android and iOS devices running Microsoft's Defender for Endpoint (MDE) enterprise endpoint security platform. [.].
Security Boulevard
NOVEMBER 11, 2022
Understanding the differences between an open source audit and an open source scan will help you determine which approach is best for your organization. The post The top three differences between an open source audit and an open source scan appeared first on Application Security Blog. The post The top three differences between an open source audit and an open source scan appeared first on Security Boulevard.
Heimadal Security
NOVEMBER 11, 2022
The topic of women in cybersecurity has received more media attention in recent years than ever before, so, naturally, we wanted to take a look at the current situation in the field. Lately, the press has tended to emphasize the negative aspects of this subject, such as lack of representation, gender pay gap, and challenges […]. The post Future of Women in Cybersecurity appeared first on Heimdal Security Blog.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Security Boulevard
NOVEMBER 11, 2022
On October 18th, 2022, Sonatype published the 8th Annual State of the Software Supply Chain. The report is our ongoing contribution to a growing body of knowledge and software development using third-party open source software. One of the report’s primary authors and VP of Product Innovation Dr. Stephen Magill presented a talk summarizing the report with additional context, background, and data.
The Hacker News
NOVEMBER 11, 2022
Multiple high-severity flaws have been uncovered in the open source OpenLiteSpeed Web Server as well as its enterprise variant that could be weaponized to achieve remote code execution. "By chaining and exploiting the vulnerabilities, adversaries could compromise the web server and gain fully privileged remote code execution," Palo Alto Networks Unit 42 said in a Thursday report.
Security Boulevard
NOVEMBER 11, 2022
As the conflict with Russia intensified into war earlier this year, the cyberattacks on Ukrainian interests didn’t come as a surprise to Victor Zhora, who recently spoke via video link with BlackBerry CEO John Chen at BlackBerry’s recent Summit 2022. Zhora, Ukraine’s deputy cyber leader, explained that the Ukrainian government expected attacks on government agencies, The post Ukraine Deputy Cyber Leader on Lessons From Russia-Ukraine Cyberwar appeared first on Security Boulevard.
Security Affairs
NOVEMBER 11, 2022
An initial access broker claims to have hacked Deutsche Bank and is offering access to its systems for sale on Telegram. A threat actor ( 0x_dump ) claims to have hacked the multinational investment bank Deutsche Bank and is offering access to its network for sale online. The security researcher Dominic Alvieri was one of the first experts to report the announcement published by the initial access broker on Telegram.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Security Boulevard
NOVEMBER 11, 2022
Insight #1. ". DeimosC2 will replace Cobalt Strike as the dominant C2 framework. Find it before it finds you.". . Insight #2. "The SEC will require that all boards or directors add a cybersecurity expert. Begin monthly briefs for your board on the results of threat-hunting exercises and App Sec testing.". Insight #3. "As tensions increase over Taiwan be vigilant to the TTPs or APT 31 and 41.".
Bleeping Computer
NOVEMBER 11, 2022
This 'Week in Ransomware' covers the last two weeks of ransomware news, with new information on attacks, arrests, data wipers, and reports shared by cybersecurity firms and researchers. [.].
Security Boulevard
NOVEMBER 11, 2022
Looking ahead at the next five to ten years, how will the future of cybersecurity shape up? Talking to Invicti CTO Frank Catucci, we unpack current trends that point toward more capable scanners, deeper supply chain insights, and a focus on securing the cloud. The post The future of cybersecurity: DAST solutions, SBOMs, and APIs to take center stage appeared first on Invicti.
eSecurity Planet
NOVEMBER 11, 2022
GitHub has announced new features that could improve both developers’ experience and supply chain security. The “private vulnerability” reports announced at GitHub Universe 2022 will allow open-source maintainers to receive private issues from the community. Maintainers will be able to receive reports and collaborate with security professionals and all other issuers to patch vulnerabilities.
Advertisement
The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.
Security Boulevard
NOVEMBER 11, 2022
A survey found that while cyberinsurance is still readily accessible, 75% of respondents said premiums have increased. Nearly two-thirds of respondents (65%) said premiums increased anywhere from 50 to 100%, the survey finds. The survey polled 300 IT decision-makers in the U.S. and was conducted by Censuswide on behalf of Delinea, a provider of a. The post Cyberinsurance Requirements Get Tougher, Premiums Skyrocket appeared first on Security Boulevard.
Security Affairs
NOVEMBER 11, 2022
Lookout researchers discovered two long-running surveillance campaigns targeting the ethnic minority Uyghurs. Researchers from mobile security firm Lookout uncovered two long-running surveillance campaigns targeting the Uyghurs minority. The threat actors behind the campaigns used two Android spyware to spy on the victims and steal sensitive information.
Bleeping Computer
NOVEMBER 11, 2022
Grocery stores and pharmacies belonging to Canadian food retail giant Sobeys have been experiencing IT systems issues since last weekend. [.].
Security Affairs
NOVEMBER 11, 2022
Google fixed a high-severity security bug affecting all Pixel smartphones that can allow attackers to unlock the devices. Google has addressed a high-severity security bug, tracked as CVE-2022-20465, affecting all Pixel smartphones that could be exploited to unlock the devices. The Google Pixel Lock Screen Bypass was reported by security researcher David Schütz that was awarded $70,000 for this flaw. “The issue allowed an attacker with physical access to bypass the lock screen protections
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Bleeping Computer
NOVEMBER 11, 2022
Microsoft is working on a fix for a new known issue behind lower-than-expected performance or stuttering in some games on systems running Windows 11 22H2. [.].
Heimadal Security
NOVEMBER 11, 2022
Worok threat group is hiding information-stealing malware in PNG images. Using this technique, the hackers manage to infect devices without being detected. The group was first spotted in September 2022 targeting high-profile victims from the Middle East, Southeast Asia, and South Africa. How the Malware Works Based on the evidence gathered about the Worok threat […].
Bleeping Computer
NOVEMBER 11, 2022
A previously undocumented Android spyware tool named 'BadBazaar' has been discovered targeting ethnic and religious minorities in China, most notably the Uyghurs in Xinjiang. [.].
Dark Reading
NOVEMBER 11, 2022
Multifactor authentication has gained adoption among organizations as a way of improving security over passwords alone, but increasing theft of browser cookies undermines that security.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Expert insights. Personalized for you.
200 
Let's personalize your content