Mon.Aug 22, 2022

article thumbnail

Hyundai Uses Example Keys for Encryption System

Schneier on Security

This is a dumb crypto mistake I had not previously encountered: A developer says it was possible to run their own software on the car infotainment hardware after discovering the vehicle’s manufacturer had secured its system using keys that were not only publicly known but had been lifted from programming examples. […]. “Turns out the [AES] encryption key in that script is the first AES 128-bit CBC example key listed in the NIST document SP800-38A [PDF]” […].

article thumbnail

Black Hat Fireside Chat: Deploying ‘AI’ as a weapon to win the ‘attack surface management’ war

The Last Watchdog

Short-handed cybersecurity teams face a daunting challenge. Related: ‘ASM’ is cybersecurity’s new centerpiece. In an intensely complex, highly dynamic operating environment, they must proactively mitigate myriad vulnerabilities and at the same time curtail the harm wrought by a relentless adversary: criminal hacking collectives. In short, attack surface management has become the main tent pole of cybersecurity.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

How to protect your organization from ransomware-as-a-service attacks

Tech Republic Security

RaaS kits are easy to find on the Dark Web, lowering the barrier of entry so that virtually any cybercriminal can launch successful ransomware attacks, says Microsoft. The post How to protect your organization from ransomware-as-a-service attacks appeared first on TechRepublic.

article thumbnail

Lloyd’s to end insurance coverage for state cyber attacks

Javvad Malik

Lloyds of London has told its members to exclude nation state cyber attacks from insurance policies beginning in 2023, saying they pose unacceptable levels or risk. Hmm so where do we begin to unpack this one? Attribution is never easy, even in the best of times. So who will decide whether an attack is a nation state or just little Timmy trying to impress his friends on the Discord channel?

Insurance 145
article thumbnail

How to Avoid Pitfalls In Automation: Keep Humans In the Loop

Speaker: Erroll Amacker

Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.

article thumbnail

Cookie theft threat: When Multi-Factor authentication is not enough

Tech Republic Security

A lot of companies have deployed multi-factor authentication, yet attackers have some ways to bypass it—the most used one being cookie theft. The post Cookie theft threat: When Multi-Factor authentication is not enough appeared first on TechRepublic.

article thumbnail

The Power of You & Becoming Known

Jane Frankland

At The Source, my brand new collaborative and co-creational platform for women in cyber, we’re known for saying, “Be you in the workplace.” But in order to do that, you need to understand and leverage off the power of you. That means getting clear on what you stand for, crafting a message, telling stories, and becoming known. In other words, actively building your personal brand.

CISO 130

LifeWorks

More Trending

article thumbnail

Security Training: Moving on from Nick Burns Through Better Communication

eSecurity Planet

Twenty years ago, Saturday Night Live nailed a tendency in IT to be overly absorbed in tech-speak and to do a poor job of educating users. The Nick Burns: Your Company Computer Guy skits showed rude IT guys belittling users as they fixed their “stupid” problems. A recent experience highlighted that security awareness training and most alerts to users about unsafe practices may be making the error of being too general.

article thumbnail

Over 80,000 exploitable Hikvision cameras exposed online

Bleeping Computer

Security researchers have discovered over 80,000 Hikvision cameras vulnerable to a critical command injection flaw that's easily exploitable via specially crafted messages sent to the vulnerable web server. [.].

119
119
article thumbnail

USB Pen Drives posing as a great cyber threat to IT Infrastructure

CyberSecurity Insiders

USB Pen Drives also called as Removable pen drives are posing as a great cyber threat to IT Infrastructure says research carried out by IBM X-Force and another research carried out by Honeywell Cybersecurity claims that 52% of cyber attacks are targeted at the removable media. In both cases, removable media or USB drives is seen acting as a common threat vector and the issue seems grave as it is posing as a big trouble to industrial control systems.

article thumbnail

Zero-day Vulnerability Abused by Cybercriminals to Steal Crypto from Bitcoin ATMs

Heimadal Security

Malicious actors have taken advantage of a zero-day flaw in General Bytes Bitcoin ATM servers to steal cryptocurrency from clients. The way it works is that once a person deposits or buys bitcoin through the ATM, the money will instead be diverted to the threat actors. The hardware and software company General Bytes produces Bitcoin […]. The post Zero-day Vulnerability Abused by Cybercriminals to Steal Crypto from Bitcoin ATMs appeared first on Heimdal Security Blog.

article thumbnail

Why Giant Content Libraries Do Nothing for Your Employees’ Cyber Resilience

Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.

article thumbnail

Ransomware spreading Criminals demanding $10m from Paris Hospital

CyberSecurity Insiders

A noted ransomware spreading gang has put forward a $10m proposal before the management of a Paris hospital and is interested in freeing up the data from encryption only when they get the demanded ransom. The CHSF Hospital Centre in Corbeil-Essonne’s, Paris, is the victim that is in discussion and the computer attack is said to have taken place on Saturday night last week.

article thumbnail

3 Benefits of Using Consolidated Platforms in Cybersecurity

Heimadal Security

The need to optimize performance, leverage consistency, and reduce administrative costs has caused a significant percentage of the cybersecurity market to move toward consolidated platforms. Let’s explore what are consolidated platforms in cybersecurity and how they can help businesses have the upper hand in the fight against cybercrime! What Is a Consolidated Platform in Cybersecurity?

article thumbnail

How to be Ransomware Ready in Four Steps

Security Boulevard

2021 was a breakout year for ransomware, growing 105% and exceeding 623.3 million attacks, according to SonicWall’s 2022 Cyber Threat Report. Additional research from Sophos showed that ransom payments increased to an average of $812,360 in 2021, while the average cost to remediate an attack was $1.4 million. For nearly all (90%) organizations affected by.

article thumbnail

Hotel and Travel Businesses Attacked by Cybercriminals Using Bogus Reservations

Heimadal Security

The revitalization of the tourism and travel industry in 2022 prompted hackers to target hotel businesses, travel websites, and even tourists. The threat actor dubbed TA558 increased its activity this year, conducting phishing operations against numerous hotels and businesses in the hospitality and travel industry. How Did the Attack Happen? A collection of 15 distinct […].

Phishing 105
article thumbnail

Zero Trust Mandate: The Realities, Requirements and Roadmap

The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.

article thumbnail

Expiring Root Certificates Threaten IoT in the Enterprise

Dark Reading

What happens when businesses' smart devices break? CSOs have things to fix beyond security holes.

IoT 103
article thumbnail

8-year-old Linux Kernel flaw DirtyCred is nasty as Dirty Pipe

Security Affairs

Researchers shared details of an eight-year-old flaw dubbed DirtyCred , defined as nasty as Dirty Pipe, in the Linux kernel. Researchers from Northwestern University ( Zhenpeng Lin | PhD Student, Yuhang Wu | PhD Student, Xinyu Xing | Associate Professor) disclosed an eight-year-old security vulnerability in the Linux kernel, dubbed DirtyCred , which they defined “as nasty as Dirty Pipe.” The Dirty Pipe flaw, tracked as CVE-2022-0847, was discovered by the security expert M

article thumbnail

Identity Security Pain Points and What Can Be Done

Dark Reading

Replacing passwords is not as easy as people think, but there is hope.

article thumbnail

Fake Reservation Links Prey on Weary Travelers

Threatpost

Fake travel reservations are exacting more pain from the travel weary, already dealing with the misery of canceled flights and overbooked hotels.

Malware 98
article thumbnail

Next-Level Fraud Prevention: Strategies for Today’s Threat Landscape

Speaker: Sierre Lindgren

Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.

article thumbnail

New 'BianLian' Ransomware Variant on the Rise

Dark Reading

Novel ransomware was created with the Go open source programming language, demonstrating how malware authors increasingly are opting to employ the flexible coding language.

article thumbnail

Inside the World’s Biggest Hacker Rickroll

WIRED Threat Level

As a graduation prank, four high school students hijacked 500 screens across six school buildings to troll their classmates and teachers.

Hacking 98
article thumbnail

Metasploit Creator Renames His Startup and IT Discovery Tool Rumble to 'runZero'

Dark Reading

HD Moore's company has rebranded its IT, IoT, and OT asset discovery tool as the platform rapidly evolves.

IoT 98
article thumbnail

Escanor Malware delivered in Weaponized Microsoft Office Documents

Security Affairs

Researchers spotted a new RAT (Remote Administration Tool) advertised in Dark Web and Telegram called Escanor. Resecurity, a Los Angeles-based cybersecurity company protecting Fortune 500 worldwide, identified a new RAT (Remote Administration Tool) advertised in Dark Web and Telegram called Escanor. The threat actors offer Android-based and PC-based versions of RAT, along with HVNC module and exploit builder to weaponize Microsoft Office and Adobe PDF documents to deliver malicious code.

Malware 98
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Fake DDoS Protection Alerts Distribute Dangerous RAT

Dark Reading

Security vendor Sucuri says adversaries are injecting malicious JavaScript into numerous WordPress websites that triggers phony bot-related checks.

DDOS 98
article thumbnail

SpaceX Starlink 'train' of satellites illuminates Northwest skies

Bleeping Computer

Residents of Northwestern parts of the U.S. and Canada were baffled at seeing a bright trail of lights—almost like a train flying through the skies over the weekend. The mystery seems to have now been resolved. And, it's not the aliens. This moving cluster comprises SpaceX's 53 Starlink satellites launched from Florida this Friday. [.].

article thumbnail

Lockbit leak sites hit by mysterious DDoS attack after Entrust hack

Security Affairs

LockBit ransomware gang claims to have hacked the IT giant Entrust and started leaking the stolen files. Entrust Corp. , provides software and hardware used to issue financial cards, e-passport production, user authentication for those looking to access secure networks or conduct financial transactions, trust certificated for websites, mobile credentials, and connected devices.

DDOS 98
article thumbnail

4 Tips to Develop a Human-Layered Cybersecurity Defense

Security Boulevard

Evidence suggests that cybercriminals can infiltrate 93% of all networks, even though organizations plow billions of dollars on cybersecurity each year. This is because most organizational approaches to cybersecurity are still overly centered around beefing up technological controls instead of focusing on the weakest link—human beings. Per Verizon’s 2022 Data Breach Investigation Report, stolen credentials, The post 4 Tips to Develop a Human-Layered Cybersecurity Defense appeared first on Securi

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Group-IB CEO will remain in jail – complaint denied

Security Affairs

On August 18, a Russian judge decided that Ilya Sachkov, founder and CEO of the Russian-led Group-IB, will remain in jail. Ilya Sachkov , founder and CEO of the Russian-led Group-IB will remain in jail following the judge’s decision on August 18 th after his defense team filed a complaint according to TASS (Russian Media Agency). Starting September 2021, the Russian national has already spent roughly 1 year in prison.

Media 98
article thumbnail

Meet Borat RAT, a New Unique Triple Threat

The Hacker News

Atlanta-based cyber risk intelligence company, Cyble discovered a new Remote Access Trojan (RAT) malware. What makes this particular RAT malware distinct enough to be named after the comic creation of Sacha Baron Cohen?

article thumbnail

Smart Social Media: How to Stay Creative and Safe

SecureWorld News

Social media is allowing companies to show their creativity and personality to customers and the world like never before. Years ago, with a brick-and-mortar style business, marketing and communications were done through print and paid commercials on TV or the radio. Today, businesses have the ability to reach millions of people through social media—regularly and as creatively as they dare.

Media 98
article thumbnail

European Cybersecurity in Context: A Policy-Oriented Comparative Analysis

Security Affairs

I’m proud to have contributed to the “ European Cybersecurity in Context: A Policy-Oriented Comparative Analysis “ Worldwide connectivity has unleashed global digitalisation, creating cross-border social networks for communicating and spreading information. The use of digital identity for democratic procedures is becoming a reality and public services are shifting towards using digital tools to implement simplified procedures.

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!