Anton on Security
JUNE 3, 2022
One of the well-advertised reasons for being in the office is about those “magical hallway conversations” (Google it). One happened to me a few days ago and led to a somewhat heated debate on the nature of modern threat detection. It also resulted in this half-shallow / half-profound blog that relates detection to cooking and farming! Well, the magical discussion was over lunch, so this is perhaps logical.
Krebs on Security
JUNE 3, 2022
The U.S. Department of Justice (DOJ) recently revised its policy on charging violations of the Computer Fraud and Abuse Act (CFAA), a 1986 law that remains the primary statute by which federal prosecutors pursue cybercrime cases. The new guidelines state that prosecutors should avoid charging security researchers who operate in “good faith” when finding and reporting vulnerabilities.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
The Last Watchdog
JUNE 3, 2022
The zero trust approach to enterprise security is well on its way to mainstream adoption. This is a very good thing. Related: Covid 19 ruses used in email attacks. At RSA Conference 2022 , which takes place next week in San Francisco, advanced technologies to help companies implement zero trust principals will be in the spotlight. Lots of innovation has come down the pike with respect to imbuing zero trust into two pillars of security operations: connectivity and authentication.
Schneier on Security
JUNE 3, 2022
Octopus and squid genes are weird. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
The Last Watchdog
JUNE 3, 2022
It’s not difficult to visualize how companies interconnecting to cloud resources at a breakneck pace contribute to the outward expansion of their networks’ attack surface. Related: Why ‘SBOM’ is gaining traction. If that wasn’t bad enough, the attack surface companies must defend is expanding inwardly, as well – as software tampering at a deep level escalates.
Schneier on Security
JUNE 3, 2022
Back in November 2020, in the middle of the COVID-19 pandemic, I gave a virtual talk at the International Symposium on Technology and Society: “ The Story of the Internet and How it Broke Bad: A Call for Public-Interest Technologists.” It was something I was really proud of, and it’s finally up on the net.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Security Boulevard
JUNE 3, 2022
Learn about today’s DevOps challenges and what organizations can do to improve security in their processes without compromising speed. The post AppSec Decoded: Security at the speed of DevOps appeared first on Application Security Blog. The post AppSec Decoded: Security at the speed of DevOps appeared first on Security Boulevard.
Tech Republic Security
JUNE 3, 2022
Digital twins, popular in manufacturing for decades, are gaining traction across verticals. The post Digital twins are moving into the mainstream appeared first on TechRepublic.
Bleeping Computer
JUNE 3, 2022
Atlassian has released security updates to address a critical zero-day vulnerability in Confluence Server and Data Center actively exploited in the wild to backdoor Internet-exposed servers. [.].
Tech Republic Security
JUNE 3, 2022
Karakurt Team attacks are hitting indiscriminate targets in North America and Europe with data theft, requesting a ransom to delete stolen data. Learn more about their methods and how to protect from it. The post Karakurt Team hits North America and Europe with data theft and extortion appeared first on TechRepublic.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Security Affairs
JUNE 3, 2022
Atlassian warned of an actively exploited critical unpatched remote code execution flaw (CVE-2022-26134) in Confluence Server and Data Center products. Atlassian is warning of a critical unpatched remote code execution vulnerability affecting all Confluence Server and Data Center supported versions, tracked as CVE-2022-26134, that is being actively exploited in attacks in the wild. “Atlassian has been made aware of current active exploitation of a critical severity unauthenticated remote c
Tech Republic Security
JUNE 3, 2022
The cybercrime group has disbanded, but still may pose a severe threat to a number of businesses in a different way. The post Conti reforms into several smaller groups, are they now more dangerous than ever? appeared first on TechRepublic.
Bleeping Computer
JUNE 3, 2022
The Microsoft Digital Crimes Unit (DCU) has disrupted a spear-phishing operation linked to an Iranian threat actor tracked as Bohrium that targeted customers in the U.S., Middle East, and India. [.].
Tech Republic Security
JUNE 3, 2022
If you've been researching antivirus software, then Malwarebytes and Norton are likely two products you're considering. Get a feature comparison of the antivirus software to help you make your selection. The post Malwarebyes vs Norton: Compare top antivirus software solutions appeared first on TechRepublic.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Security Affairs
JUNE 3, 2022
The Clipminer botnet allowed operators to earn at least $1.7 million, according to a report published by security researchers at Symantec. Researchers at Symantec’s Threat Hunter Team uncovered a cryptomining operation that has potentially made the actors behind it at least $1.7 million in illicit gains. The bot focuses on cryptocurrency mining and cryptocurrency theft via clipboard hijacking.
Tech Republic Security
JUNE 3, 2022
Compare key features of password managers Keeper and LastPass, including zero trust and user authentication capabilities. The post Keeper vs LastPass: Which password manager is better for your business? appeared first on TechRepublic.
Google Security
JUNE 3, 2022
Posted by Harshvardhan Sharma, Information Security Engineer, Google 2021 was another record-breaking year for our Vulnerability Rewards Program (VRP). We paid a total of $8.7 million in rewards, our highest amount yet. 2021 saw some amazing work from the security research community. It is worth noting that a significant portion of the reports we received were for findings in Google Cloud Platform (GCP) products.
Tech Republic Security
JUNE 3, 2022
Illumio found that zero trust architecture has become the standard in cybersecurity. How can your organization best adopt this architecture? The post Zero trust leaders avert 5 cyber disasters per year on average appeared first on TechRepublic.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Security Affairs
JUNE 3, 2022
Chinese LuoYu Hackers Using Man-on-the-Side Attacks to Deploy WinDealer Backdoor. An “extremely sophisticated” China-linked APT tracked as LuoYu was delivering malware called WinDealer via man-on-the-side attacks. Researchers from Kaspersky have uncovered an “extremely sophisticated” China-linked APT group, tracked as LuoYu, that has been observed using a malicious Windows tool called WinDealer.
Bleeping Computer
JUNE 3, 2022
?The WatchDog hacking group is conducting a new cryptojacking campaign with advanced techniques for intrusion, worm-like propagation, and evasion of security software. [.].
Malwarebytes
JUNE 3, 2022
Welcome to Internet Safety Month, a once-a-year event in which you, the public, are told that anywhere between three and 30 different best practices will simplify your approach to staying safe online. Unfortunately, much of the well-intentioned advice surrounding Internet Safety Month ignores one basic fact about how people change their habits: We typically only correct our behavior after first making a mistake.
Bleeping Computer
JUNE 3, 2022
GitLab has released a critical security update for multiple versions of its Community and Enterprise Edition products to address eight vulnerabilities, one of which allows account takeover. [.].
Advertisement
The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.
CyberSecurity Insiders
JUNE 3, 2022
Healthcare providers are opting to pay a ransom in the event of ransomware attacks, instead of recovering it from data backups. The reason is as it is easy and guarantees 100% encrypted data return- Of course, as per their perspective! According to the data released by Sophos that was also commissioned by global market research company Vanson Bourne, up to two third’s of ransomware victims from Global Healthcare Organizations (HCOs) were bent to pay their attackers as the cost of remediation and
Bleeping Computer
JUNE 3, 2022
The U.S. Federal Trade Commission (FTC) says over 46,000 people Americans have reported losing more than $1 billion worth of cryptocurrency to scams between January 2021 and March 2022. [.].
We Live Security
JUNE 3, 2022
It’s been 100 days since Russia invaded Ukraine, and we look back at various cyberattacks connected to the conflict. The post 100 days of war in Ukraine: How the conflict is playing out in cyberspace appeared first on WeLiveSecurity.
Dark Reading
JUNE 3, 2022
Someone interested in putting together a ransomware campaign has to consider several factors. The LockBit group touts its speed over competing families to attract potential buyers for its ransowmare-as-a-service.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Bleeping Computer
JUNE 3, 2022
Pharmaceutical giant Novartis says no sensitive data was compromised in a recent cyberattack by the Industrial Spy data-extortion gang. [.].
Security Boulevard
JUNE 3, 2022
It's two years in, and COVID is still threatening to steal RSA Conference's mojo. But for those willing to brave Moscone in San Francisco (and those attending virtually), you won’t be disappointed. Here are our picks for must-see talks. The post What’s hot at #RSAC? Here’s our picks for the big show appeared first on Security Boulevard.
Dark Reading
JUNE 3, 2022
The latest iteration of CMD-based ransomware is sophisticated and tricky to detect – and integrates token theft and worming capabilities into its feature set.
Security Boulevard
JUNE 3, 2022
Insight #1. ". The most recent malicious takeover of the ctx and phpass packages unearthed yet another gap in supply chain security. I say anything not maintained or changed within the last year should be scrutinized by security teams, and anything beyond 2 years should not be allowed to be used in production environments.". . Insight #2. ". How can customers or third parties quickly get ahold of your security or incident response teams?
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Expert insights. Personalized for you.
299 
Let's personalize your content