Krebs on Security

JUNE 14, 2022

Cybercrime groups that specialize in stealing corporate data and demanding a ransom not to publish it have tried countless approaches to shaming their victims into paying. The latest innovation in ratcheting up the heat comes from the ALPHV/BlackCat ransomware group, which has traditionally published any stolen victim data on the Dark Web. Today, however, the group began publishing individual victim websites on the public Internet, with the leaked data made available in an easily searchable form

Ransomware 314

Ransomware Internet Internet Cybercrime 314

Schneier on Security

JUNE 14, 2022

Interesting vulnerability in Tesla’s NFC key cards: Martin Herfurt, a security researcher in Austria, quickly noticed something odd about the new feature: Not only did it allow the car to automatically start within 130 seconds of being unlocked with the NFC card, but it also put the car in a state to accept entirely new keys­with no authentication required and zero indication given by the in-car display. “The authorization given in the 130-second interval is too general… [it

Hacking 256

Hacking Authentication 256

Krebs on Security

JUNE 14, 2022

A 33-year-old Illinois man was sentenced to two years in prison today following his conviction last year for operating services that allowed paying customers to launch powerful distributed denial-of-service (DDoS) attacks against hundreds of thousands of Internet users and websites. The user interface for Downthem[.]org. Matthew Gatrel of St. Charles, Ill. was found guilty for violations of the Computer Fraud and Abuse Act (CFAA) related to his operation of downthem[.]org and ampnode[.]com , two

DDOS 189

DDOS DNS Internet Internet 189

Schneier on Security

JUNE 14, 2022

This is a current list of where and when I am scheduled to speak: I’m speaking at the Dublin Tech Summit in Dublin, Ireland, June 15-16, 2022. The list is maintained on this page.

225

225

Speaker: Erroll Amacker

Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.

Risk

Tech Republic Security

JUNE 14, 2022

Most IT leaders are worried about passwords being stolen at their organization, according to a survey from Ping Identity. The post Half of IT leaders say passwords too weak for security purposes appeared first on TechRepublic.

Passwords 158

Passwords 158

Appknox

JUNE 14, 2022

If you are not taking enterprise mobile security seriously, look at these stats:

Mobile 140

Mobile Engineering Risk 140

eSecurity Planet

JUNE 14, 2022

With the plunge in tech stocks and the freeze in the IPO market, the funding environment for cybersecurity startups has come under pressure. According to Pitchbook, the amount of venture capital investment in the first quarter was off by 35.8% to $5.1 billion on a quarter-over-quarter basis. The median late-stage valuation fell by 26.1%. VCs are certainly getting pickier with their investments.

Cybersecurity 125

Cybersecurity Marketing Technology Digital transformation 125

Heimadal Security

JUNE 14, 2022

A software-defined perimeter, also known as SDP, is a security framework that restricts access to resources on the basis of an individual’s identification. The SDP is created to hide an organization’s infrastructure from outsiders while still allowing authorized users access to the infrastructure. Through the implementation of the SDP approach, the goal of establishing the […].

Software 122

Software Cybersecurity 122

Digital Guardian

JUNE 14, 2022

Google has yet again updated Chrome to resolve multiple vulnerabilities in the browser, including four marked high severity.

Risk 119

Risk 119

eSecurity Planet

JUNE 14, 2022

The Metasploit project contains some of the best security tools available, including the open source Metasploit Framework. Both pen testers and hackers use it to find and exploit vulnerabilities as well as to set up reverse shells, develop malicious payloads , or generate reports. The tool, maintained by Rapid7 , even offers comprehensive documentation , where you can learn the basics to start using it.

Penetration Testing 117

Penetration Testing Antivirus Firewall Software 117

Advertisement

Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.

Cyber threats

Naked Security

JUNE 14, 2022

O! What a tangled web we weave, when first we practise to deceive.

Surveillance 116

Surveillance 116

CSO Magazine

JUNE 14, 2022

Multiple breaches, including the massive 2017 data breach at the credit reporting agency Equifax , have been traced back to unpatched vulnerabilities—a 2019 Tripwire study found that 27% of all breaches were caused by unpatched vulnerabilities, while a 2018 Ponemon study put the number at a jaw-dropping 60%.

CISO 116

CISO Data breaches 116

Heimadal Security

JUNE 14, 2022

Since 2020, the Covid-19 pandemic has re-shaped the way in which we all live and work. In February 2022 another context came forth to drive change, especially in the (cyber)security market – the Russia-Ukraine conflict. This war, like the pandemic, is clearly driving the growth of the cybersecurity market, which is already expected to reach […].

Cybersecurity 116

Cybersecurity Marketing 116

Bleeping Computer

JUNE 14, 2022

The ALPHV ransomware gang, aka BlackCat, has brought extortion to a new level by creating a dedicated website that allows the customers and employees of their victim to check if their data was stolen in an attack [.].

Ransomware 114

Ransomware 114

Advertisement

The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.

Cybersecurity

CSO Magazine

JUNE 14, 2022

Congressional hearings on artificial intelligence and machine learning in cyberspace quietly took place in the U.S. Senate Armed Forces Committee’s Subcommittee on Cyber in early May 2022. The committee discussed the topic with representatives from Google, Microsoft and the Center for Security and Emerging Technology at Georgetown University. While work has begun in earnest within industry and government, it is clear that much still needs to be done.

Artificial Intelligence 107

Artificial Intelligence Cybersecurity Government Technology 107

Identity IQ

JUNE 14, 2022

IDIQ Names 3 Industry Veterans to Grow Resident-Link Product Offering. IdentityIQ. — Company adds new executive and sales leadership for product focused on credit reporting of rental payments —. Temecula, California, June 14, 2022 – IDIQ , an industry leader in identity theft protection and credit monitoring, announces three veterans in the multi-family and credit industries have joined the company to help lead the company’s newly-acquired Resident-Link product and brand.

Identity Theft 105

Identity Theft Education Marketing Technology 105

Heimadal Security

JUNE 14, 2022

This month’s Patch Tuesday has brought us some improvements and fixes for issues associated with Microsoft Edge Stable Channel (Version 102.0.1245.39), which incorporates the latest Security Updates of the Chromium project for CVE-2022-2011, CVE-2022-2010, CVE-2022-2008, and CVE-2022-2007. The Follina Vulnerability Remains Unpatched The most important vulnerability to be addressed, remains CVE-2022-30190, as it was discovered that hosts […].

105

105

Security Affairs

JUNE 14, 2022

Experts spotted a new Linux rootkit, dubbed ‘Syslogk,’ that uses specially crafted “magic packets” to activate a dormant backdoor on the device. Researchers from antivirus firm Avast spotted a new Linux rootkit, dubbed ‘Syslogk,’ that uses specially crafted “magic packets” to activate a dormant backdoor on the device. The experts reported that the Syslogk rootkit is heavily based on an open-source, well-known kernel rootkit for Linux, dubbed Adore-Ng.

Malware 100

Malware System Administration Antivirus Architecture 100

Speaker: Sierre Lindgren

Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.

Scams

Dark Reading

JUNE 14, 2022

SSO's one-to-many architecture is both a big advantage and a weakness.

Architecture 99

Architecture Risk 99

The Hacker News

JUNE 14, 2022

A new covert Linux kernel rootkit named Syslogk has been spotted under development in the wild and cloaking a malicious payload that can be remotely commandeered by an adversary using a magic network traffic packet.

99

99

Bleeping Computer

JUNE 14, 2022

Internet infrastructure firm Cloudflare said today that it mitigated a 26 million request per second distributed denial-of-service (DDoS) attack, the largest HTTPS DDoS attack detected to date. [.].

DDOS 99

DDOS Internet Internet 99

Dark Reading

JUNE 14, 2022

SBOMs should be connected with vulnerability databases to fulfill their promise of reducing risk, Google security team says.

Risk 98

Risk 98

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

Security Boulevard

JUNE 14, 2022

Clear Majority of Cybersecurity Professionals Believe They are in a Perpetual State of Cyberwar: Venafi Survey. brooke.crothers. Tue, 06/14/2022 - 16:02. 2 views. Current geo-political conflict has profound change on perception of cyberwar. The Ukraine-Russia war has caused a pronounced shift in the way Cybersecurity professionals view the cyberwar.

Cybersecurity 98

Cybersecurity InfoSec Risk Encryption 98

Dark Reading

JUNE 14, 2022

Here are which Microsoft patches to prioritize among the June Patch Tuesday batch.

98

98

The Hacker News

JUNE 14, 2022

Cloudflare on Tuesday disclosed that it had acted to prevent a record-setting 26 million request per second (RPS) distributed denial-of-service (DDoS) attack last week, making it the largest HTTPS DDoS attack detected to date.

DDOS 98

DDOS 98

Security Affairs

JUNE 14, 2022

A high-severity vulnerability in the Zimbra email suite could be exploited by an unauthenticated attacker to steal login credentials of users. Researchers from Sonarsource have discovered a high-severity vulnerability impacting the Zimbra email suite, tracked as CVE-2022-27924 (CVSS score: 7.5), that can be exploited by an unauthenticated attacker to steal login credentials of users without user interaction. “Zimbra Collaboration (aka ZCS) 8.8.15 and 9.0 allows an unauthenticated attacker

Passwords 98

Passwords Hacking Cybersecurity Information Security 98

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Bleeping Computer

JUNE 14, 2022

Mozilla says that starting today, all Firefox users will now be protected by default against cross-site tracking while browsing the Internet. [.].

Internet 98

Internet Internet 98

Security Affairs

JUNE 14, 2022

Organizations face the constant need to protect these APIs from attacks so they can protect organizational data. Organizations are rapidly opening their ecosystem through Application Programming Interfaces (API) by ensuring seamless access to data and interaction with external software components and services. APIs are the gateway to providing the high security of data in an organization.

Authentication 98

Authentication Encryption Software Hacking 98

Bleeping Computer

JUNE 14, 2022

Today is Microsoft's June 2022 Patch Tuesday, and with it comes fixes for 55 vulnerabilities, including fixes for the Windows MSDT 'Follina' zero-day vulnerability and new Intel MMIO flaws. [.].

98

98

Security Affairs

JUNE 14, 2022

Chinese cybercriminals are using SeaFlower backdoored versions of iOS and Android Web3 wallets to steal users’ seed phrase. Researchers from Confiant have uncovered a sophisticated malware campaign, tracked as SeaFlower, targeting Web3 wallet users. Chinese crooks are spreading backdoored versions of iOS and Android Web3 wallets to steal users’ seed phrase.

Engineering 98

Engineering Malware Hacking Cybersecurity 98

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!