Schneier on Security
APRIL 27, 2022
Both Google and Mandiant are reporting a significant increase in the number of zero-day vulnerabilities reported in 2021. Google: 2021 included the detection and disclosure of 58 in-the-wild 0-days, the most ever recorded since Project Zero began tracking in mid-2014. That’s more than double the previous maximum of 28 detected in 2015 and especially stark when you consider that there were only 25 detected in 2020.
Tech Republic Security
APRIL 27, 2022
If malicious actors are already on your network, then typical cybersecurity measures aren’t enough. Learn how to further protect your organization’s data with these five facts about zero-trust security from Tom Merritt. The post Top 5 things about zero-trust security that you need to know appeared first on TechRepublic.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Identity IQ
APRIL 27, 2022
How to Dispose Outdated Electronics to Protect Your Identity. IdentityIQ. Your iPhone is ancient, your laptop is malfunctioning, and your tablet is due for an upgrade. Of course, there comes a time for everyone to toss their old tech and level up to the latest version. But before trashing your old tech, make sure you don’t leave your personal information out there for the taking.
Tech Republic Security
APRIL 27, 2022
The malicious software had been slowly returning since November 2021, and saw a large number of phishing emails sent out with Emotet attached in April 2022. The post Emotet malware launches new email campaign appeared first on TechRepublic.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
CyberSecurity Insiders
APRIL 27, 2022
In May 2021, Google announced it will launch a new data safety section on its play store to benefit customers. And now, the company has released a statement that it will roll out its new section to all its users by July 20th this year. To those who do not know what the Data Safety Section will include, here’s a summary: The new data safety section is dedicated to users and will make it mandatory for developers to provide all the app functioning information such as the type of data they collect,
Tech Republic Security
APRIL 27, 2022
If you've found the CockroachDB insecure mode too restricting, Jack Wallen is here to help you deploy the same cluster, only in secure mode, so you can better manage your databases. The post How to deploy a CockroachDB cluster in secure mode appeared first on TechRepublic.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Tech Republic Security
APRIL 27, 2022
NCC’s monthly cyber report shows that Hive has supplanted BlackCat as one of the most prominent ransomware groups. The post Hive emerges as a riser in ransomware attacks appeared first on TechRepublic.
WIRED Threat Level
APRIL 27, 2022
From “IT Army” DDoS attacks to custom malware, the country has become a target like never before.
Tech Republic Security
APRIL 27, 2022
Okta and Duo provide solutions for maintaining data security. Compare the features of Okta and Duo to help you choose the best option for your identity and access management needs. The post Okta vs Duo: IAM software product comparison appeared first on TechRepublic.
Appknox
APRIL 27, 2022
Phone manufacturers and mobile network operators often implement stringent software restrictions for security reasons. However, these constraints can be circumvented by rooting your Android phone.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Hacker Combat
APRIL 27, 2022
Ransomware is malicious software that encrypts your files and demands a fee in exchange for access. This type of malware is now the most profitable form of cybercrime since victims feel compelled to pay, even if there are no guarantees that their data will be recovered. Whether the victim is a one-person firm or a major multinational corporation, a ransomware assault can be crippling.
We Live Security
APRIL 27, 2022
ESET researchers reveal a detailed profile of TA410: we believe this cyberespionage umbrella group consists of three different teams using different toolsets, including a new version of the FlowCloud espionage backdoor discovered by ESET. The post A lookback under the TA410 umbrella: Its cyberespionage TTPs and activity appeared first on WeLiveSecurity.
Graham Cluley
APRIL 27, 2022
Graham Cluley Security News is sponsored this week by the folks at Specops. Thanks to the great team there for their support! With the help of live attack data from our own honeypots, Specops Software’s Breached Password Protection can now detect over 2 billion known breached passwords in your Active Directory. Using our database, you … Continue reading "Block over two billion known breached passwords from your AD with Specops Password Policy tools".
Security Boulevard
APRIL 27, 2022
Every client desires to have financial and software development time estimation early on. So, the client can decide the financial implication and time frame of completing an intended project. Likewise, how small or simple the software time estimation project could be is one of the critical aspects. Software project estimation often exceeds time estimation, [.].
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Bleeping Computer
APRIL 27, 2022
In partnership with the NSA and the FBI, cybersecurity authorities worldwide have released today a list of the top 15 vulnerabilities routinely exploited by threat actors during 2021. [.].
Security Boulevard
APRIL 27, 2022
The recent global pandemic forever changed the way people work. These days, more and more people are working remotely, but much of that remote access technology is exposed to external threats. The move to online working has provided tons of new opportunities for cybercriminals looking to exploit unsecured technology systems. This, in turn, has resulted.
Bleeping Computer
APRIL 27, 2022
Microsoft has revealed the true scale of Russian-backed cyberattacks against Ukraine since the invasion, with hundreds of attempts from multiple Russian hacking groups targeting the country's infrastructure and Ukrainian citizens. [.].
Security Boulevard
APRIL 27, 2022
The Zscaler ThreatLabz research team has recently discovered a malware campaign targeting users applying for Thailand travel passes. The end payload of many of these attacks is AsyncRAT, a Remote Access Trojan that can be used to monitor, control, and steal sensitive data from victims' machines. Thailand Pass is an online travel agency that brokers airline tickets to travelers who want to visit Thailand or other foreign countries.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Bleeping Computer
APRIL 27, 2022
Taiwanese corporation QNAP has asked customers this week to disable the AFP file service protocol on their network-attached storage (NAS) appliances until it fixes multiple critical Netatalk vulnerabilities. [.].
Security Boulevard
APRIL 27, 2022
Synopsys has signed a definitive agreement to acquire WhiteHat Security, a market-segment leading provider of dynamic application security testing (DAST) solutions. The post Synopsys to expand portfolio, SaaS offerings with WhiteHat Security acquisition appeared first on Application Security Blog. The post Synopsys to expand portfolio, SaaS offerings with WhiteHat Security acquisition appeared first on Security Boulevard.
Digital Guardian
APRIL 27, 2022
Learn about digital rights management and why it is important in Data Protection 101, our series on the fundamentals of information security.
Malwarebytes
APRIL 27, 2022
Google will soon be giving European countries a “Reject All” button in the Search and YouTube cookie consent banner. This change, which was revealed by Google’s Product Manager for Privacy, Safety & Security Sammit Adhya in a blog post , has already been rolled out in France and will be cascaded to the rest of the European Economic Area , the UK, and Switzerland.
Advertisement
The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.
The Hacker News
APRIL 27, 2022
A China-linked government-sponsored threat actor has been observed targeting Russian speakers with an updated version of a remote access trojan called PlugX. Secureworks attributed the attempted intrusions to a threat actor it tracks as Bronze President, and by the wider cybersecurity community under the monikers Mustang Panda, TA416, HoneyMyte, RedDelta, and PKPLUG.
Dark Reading
APRIL 27, 2022
The Stormous ransomware group is offering purportedly stolen Coca-Cola data for sale on its leak site, but the soda giant hasn't confirmed that the heist happened.
The Hacker News
APRIL 27, 2022
The U.S. government on Tuesday announced up to $10 million in rewards for information on six hackers associated with the Russian military intelligence service. "These individuals participated in malicious cyber activities on behalf of the Russian government against U.S.
Security Affairs
APRIL 27, 2022
Microsoft disclosed two Linux privilege escalation flaws, collectively named Nimbuspwn, that could allow conducting various malicious activities. The Microsoft 365 Defender Research Team has discovered two Linux privilege escalation flaws (tracked as CVE-2022-29799 and CVE-2022-29800) called “Nimbuspwn,” which can be exploited by attackers to conduct various malicious activities, including the deployment of malware. “The vulnerabilities can be chained together to gain root priv
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Bleeping Computer
APRIL 27, 2022
A new ransomware gang known as Black Basta has quickly catapulted into operation this month, claiming to have breached over twelve companies in just a few weeks. [.].
Tech Republic Security
APRIL 27, 2022
Ransomware is a clear and present danger to organizations of all sizes. This emergency kit tells you what you need to know to understand the threat, how to harden your business against it, and what to do if your organizations is attacked. Read more to learn about: Understanding the threat Anatomy of a ransomware attack. The post Ransomware Emergency Kit appeared first on TechRepublic.
Bleeping Computer
APRIL 27, 2022
A previously unknown and financially motivated hacking group is impersonating a Russian agency in a phishing campaign targeting entities in Eastern European countries. [.].
CSO Magazine
APRIL 27, 2022
We are still in an on-premises world, as Microsoft has recently acknowledged. The company announced an increase in its security bug bounty for on-premises Exchange, SharePoint, and other Office servers. Some of the most concerning recent attacks to on-premises servers have not been against Windows or web servers but rather SharePoint and especially Exchange servers.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Expert insights. Personalized for you.
199 
Let's personalize your content