Schneier on Security

AUGUST 22, 2022

This is a dumb crypto mistake I had not previously encountered: A developer says it was possible to run their own software on the car infotainment hardware after discovering the vehicle’s manufacturer had secured its system using keys that were not only publicly known but had been lifted from programming examples. […]. “Turns out the [AES] encryption key in that script is the first AES 128-bit CBC example key listed in the NIST document SP800-38A [PDF]” […].

Encryption 350

Encryption Firmware Manufacturing Software 350

The Last Watchdog

AUGUST 22, 2022

Short-handed cybersecurity teams face a daunting challenge. Related: ‘ASM’ is cybersecurity’s new centerpiece. In an intensely complex, highly dynamic operating environment, they must proactively mitigate myriad vulnerabilities and at the same time curtail the harm wrought by a relentless adversary: criminal hacking collectives. In short, attack surface management has become the main tent pole of cybersecurity.

Artificial Intelligence 247

Artificial Intelligence Risk Cybersecurity Internet 247

Tech Republic Security

AUGUST 22, 2022

RaaS kits are easy to find on the Dark Web, lowering the barrier of entry so that virtually any cybercriminal can launch successful ransomware attacks, says Microsoft. The post How to protect your organization from ransomware-as-a-service attacks appeared first on TechRepublic.

Ransomware 180

Ransomware 180

Javvad Malik

AUGUST 22, 2022

Lloyds of London has told its members to exclude nation state cyber attacks from insurance policies beginning in 2023, saying they pose unacceptable levels or risk. Hmm so where do we begin to unpack this one? Attribution is never easy, even in the best of times. So who will decide whether an attack is a nation state or just little Timmy trying to impress his friends on the Discord channel?

Insurance 145

Insurance Cyber Attacks Social Engineering Cyber Insurance 145

Speaker: Erroll Amacker

Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.

Risk

Tech Republic Security

AUGUST 22, 2022

A lot of companies have deployed multi-factor authentication, yet attackers have some ways to bypass it—the most used one being cookie theft. The post Cookie theft threat: When Multi-Factor authentication is not enough appeared first on TechRepublic.

Authentication 157

Authentication Malware Cybersecurity 157

Jane Frankland

AUGUST 22, 2022

At The Source, my brand new collaborative and co-creational platform for women in cyber, we’re known for saying, “Be you in the workplace.” But in order to do that, you need to understand and leverage off the power of you. That means getting clear on what you stand for, crafting a message, telling stories, and becoming known. In other words, actively building your personal brand.

CISO 130

CISO Marketing Media Cybersecurity 130

eSecurity Planet

AUGUST 22, 2022

Twenty years ago, Saturday Night Live nailed a tendency in IT to be overly absorbed in tech-speak and to do a poor job of educating users. The Nick Burns: Your Company Computer Guy skits showed rude IT guys belittling users as they fixed their “stupid” problems. A recent experience highlighted that security awareness training and most alerts to users about unsafe practices may be making the error of being too general.

Security Awareness 120

Security Awareness Social Engineering Education Malware 120

Bleeping Computer

AUGUST 22, 2022

Security researchers have discovered over 80,000 Hikvision cameras vulnerable to a critical command injection flaw that's easily exploitable via specially crafted messages sent to the vulnerable web server. [.].

119

119

CyberSecurity Insiders

AUGUST 22, 2022

USB Pen Drives also called as Removable pen drives are posing as a great cyber threat to IT Infrastructure says research carried out by IBM X-Force and another research carried out by Honeywell Cybersecurity claims that 52% of cyber attacks are targeted at the removable media. In both cases, removable media or USB drives is seen acting as a common threat vector and the issue seems grave as it is posing as a big trouble to industrial control systems.

Cyber threats 118

Cyber threats Media Cyber Attacks Threat Reports 118

Heimadal Security

AUGUST 22, 2022

Malicious actors have taken advantage of a zero-day flaw in General Bytes Bitcoin ATM servers to steal cryptocurrency from clients. The way it works is that once a person deposits or buys bitcoin through the ATM, the money will instead be diverted to the threat actors. The hardware and software company General Bytes produces Bitcoin […]. The post Zero-day Vulnerability Abused by Cybercriminals to Steal Crypto from Bitcoin ATMs appeared first on Heimdal Security Blog.

Cryptocurrency 118

Cryptocurrency Software Cybersecurity 118

Advertisement

Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.

Cyber threats

CyberSecurity Insiders

AUGUST 22, 2022

A noted ransomware spreading gang has put forward a $10m proposal before the management of a Paris hospital and is interested in freeing up the data from encryption only when they get the demanded ransom. The CHSF Hospital Centre in Corbeil-Essonne’s, Paris, is the victim that is in discussion and the computer attack is said to have taken place on Saturday night last week.

Ransomware 106

Ransomware Healthcare Cryptocurrency Cyber Attacks 106

Heimadal Security

AUGUST 22, 2022

The need to optimize performance, leverage consistency, and reduce administrative costs has caused a significant percentage of the cybersecurity market to move toward consolidated platforms. Let’s explore what are consolidated platforms in cybersecurity and how they can help businesses have the upper hand in the fight against cybercrime! What Is a Consolidated Platform in Cybersecurity?

Cybersecurity 116

Cybersecurity Cybercrime Marketing 116

Security Boulevard

AUGUST 22, 2022

2021 was a breakout year for ransomware, growing 105% and exceeding 623.3 million attacks, according to SonicWall’s 2022 Cyber Threat Report. Additional research from Sophos showed that ransom payments increased to an average of $812,360 in 2021, while the average cost to remediate an attack was $1.4 million. For nearly all (90%) organizations affected by.

Ransomware 103

Ransomware Cyber threats Threat Reports Security Awareness 103

Heimadal Security

AUGUST 22, 2022

The revitalization of the tourism and travel industry in 2022 prompted hackers to target hotel businesses, travel websites, and even tourists. The threat actor dubbed TA558 increased its activity this year, conducting phishing operations against numerous hotels and businesses in the hospitality and travel industry. How Did the Attack Happen? A collection of 15 distinct […].

Phishing 105

Phishing Cybersecurity 105

Advertisement

The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.

Cybersecurity

Dark Reading

AUGUST 22, 2022

What happens when businesses' smart devices break? CSOs have things to fix beyond security holes.

IoT 103

IoT 103

Security Affairs

AUGUST 22, 2022

Researchers shared details of an eight-year-old flaw dubbed DirtyCred , defined as nasty as Dirty Pipe, in the Linux kernel. Researchers from Northwestern University ( Zhenpeng Lin | PhD Student, Yuhang Wu | PhD Student, Xinyu Xing | Associate Professor) disclosed an eight-year-old security vulnerability in the Linux kernel, dubbed DirtyCred , which they defined “as nasty as Dirty Pipe.” The Dirty Pipe flaw, tracked as CVE-2022-0847, was discovered by the security expert M

Architecture 100

Architecture Hacking Information Security 100

Dark Reading

AUGUST 22, 2022

Replacing passwords is not as easy as people think, but there is hope.

Passwords 99

Passwords 99

Threatpost

AUGUST 22, 2022

Fake travel reservations are exacting more pain from the travel weary, already dealing with the misery of canceled flights and overbooked hotels.

Malware 98

Malware 98

Speaker: Sierre Lindgren

Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.

Scams

Dark Reading

AUGUST 22, 2022

Novel ransomware was created with the Go open source programming language, demonstrating how malware authors increasingly are opting to employ the flexible coding language.

Ransomware 98

Ransomware Malware 98

Security Affairs

AUGUST 22, 2022

Researchers spotted a new RAT (Remote Administration Tool) advertised in Dark Web and Telegram called Escanor. Resecurity, a Los Angeles-based cybersecurity company protecting Fortune 500 worldwide, identified a new RAT (Remote Administration Tool) advertised in Dark Web and Telegram called Escanor. The threat actors offer Android-based and PC-based versions of RAT, along with HVNC module and exploit builder to weaponize Microsoft Office and Adobe PDF documents to deliver malicious code.

Malware 98

Malware Banking Mobile Advertising 98

Dark Reading

AUGUST 22, 2022

HD Moore's company has rebranded its IT, IoT, and OT asset discovery tool as the platform rapidly evolves.

IoT 98

IoT 98

Bleeping Computer

AUGUST 22, 2022

Residents of Northwestern parts of the U.S. and Canada were baffled at seeing a bright trail of lights—almost like a train flying through the skies over the weekend. The mystery seems to have now been resolved. And, it's not the aliens. This moving cluster comprises SpaceX's 53 Starlink satellites launched from Florida this Friday. [.].

Technology 98

Technology 98

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

Dark Reading

AUGUST 22, 2022

Security vendor Sucuri says adversaries are injecting malicious JavaScript into numerous WordPress websites that triggers phony bot-related checks.

DDOS 98

DDOS 98

Security Affairs

AUGUST 22, 2022

LockBit ransomware gang claims to have hacked the IT giant Entrust and started leaking the stolen files. Entrust Corp. , provides software and hardware used to issue financial cards, e-passport production, user authentication for those looking to access secure networks or conduct financial transactions, trust certificated for websites, mobile credentials, and connected devices.

DDOS 98

DDOS Hacking InfoSec Ransomware 98

The Hacker News

AUGUST 22, 2022

Atlanta-based cyber risk intelligence company, Cyble discovered a new Remote Access Trojan (RAT) malware. What makes this particular RAT malware distinct enough to be named after the comic creation of Sacha Baron Cohen?

Cyber Risk 98

Cyber Risk Malware Risk 98

Security Affairs

AUGUST 22, 2022

On August 18, a Russian judge decided that Ilya Sachkov, founder and CEO of the Russian-led Group-IB, will remain in jail. Ilya Sachkov , founder and CEO of the Russian-led Group-IB will remain in jail following the judge’s decision on August 18 th after his defense team filed a complaint according to TASS (Russian Media Agency). Starting September 2021, the Russian national has already spent roughly 1 year in prison.

Media 98

Media Hacking Cybersecurity Information Security 98

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

WIRED Threat Level

AUGUST 22, 2022

As a graduation prank, four high school students hijacked 500 screens across six school buildings to troll their classmates and teachers.

Hacking 98

Hacking 98

Security Boulevard

AUGUST 22, 2022

Evidence suggests that cybercriminals can infiltrate 93% of all networks, even though organizations plow billions of dollars on cybersecurity each year. This is because most organizational approaches to cybersecurity are still overly centered around beefing up technological controls instead of focusing on the weakest link—human beings. Per Verizon’s 2022 Data Breach Investigation Report, stolen credentials, The post 4 Tips to Develop a Human-Layered Cybersecurity Defense appeared first on Securi

Cybersecurity 98

Cybersecurity Data breaches Technology Security Awareness 98

The Hacker News

AUGUST 22, 2022

A novel data exfiltration technique has been found to leverage a covert ultrasonic channel to leak sensitive information from isolated, air-gapped computers to a nearby smartphone that doesn't even require a microphone to pick up the sound waves.

98

98

Security Affairs

AUGUST 22, 2022

I’m proud to have contributed to the “ European Cybersecurity in Context: A Policy-Oriented Comparative Analysis “ Worldwide connectivity has unleashed global digitalisation, creating cross-border social networks for communicating and spreading information. The use of digital identity for democratic procedures is becoming a reality and public services are shifting towards using digital tools to implement simplified procedures.

Cybersecurity 98

Cybersecurity Computers and Electronics Cybercrime Artificial Intelligence 98

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!