Tue.May 17, 2022

When Your Smart ID Card Reader Comes With Malware

Krebs on Security

Millions of U.S. government employees and contractors have been issued a secure smart ID card that enables physical access to buildings and controlled spaces, and provides access to government computer networks and systems at the cardholder’s appropriate security level.

Attacks on Managed Service Providers Expected to Increase

Schneier on Security

CISA, NSA, FBI, and similar organizations in the other Five Eyes countries are warning that attacks on MSPs — as a vector to their customers — are likely to increase. No details about what this prediction is based on. Makes sense, though.


Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

NEW TECH SNAPHOT: Can ‘CAASM’ help slow, perhaps reverse, attack surface expansion?

The Last Watchdog

Defending companies as they transition to cloud-first infrastructures has become a very big problem – but it’s certainly not an unsolvable one. Coming Wed., May 18: How security teams can help drive business growth — by embracing complexity. . The good news is that a long-overdue transition to a new attack surface and security paradigm is well underway, one built on a fresh set of cloud-native security frameworks and buttressed by software-defined security technologies.

Securing Your Migration to the Cloud

Cisco CSR

Cisco Secure Access by Duo and Cisco Umbrella expands availability on AWS Marketplace. Cisco Secure powers security resilience enabling you to protect the integrity of your business amidst unpredictable threats and major change, such as migrating to the cloud.

Retail 114

How Preparation and Strategy Can Be Used to Fight and Defeat Any Ransomware Attack

Speaker: Karl Camilleri, Cloud Services Product Manager at phoenixNAP

Through a detailed analysis of major attacks and their consequences, Karl Camilleri, Cloud Services Product Manager at phoenixNAP, will discuss the state of ransomware and future predictions, as well as provide best practices for attack prevention and recovery.

5 Ways K8s Apps Are Vulnerable to Supply Chain Attacks

Security Boulevard

What’s the correlation between Kubernetes and software supply chains? To answer that question, let’s start by exploring the latter. Simply put, software supply chains are the lifeblood of building, delivering, maintaining and scaling cloud-native applications.

Vulnerabilities found in Bluetooth Low Energy gives hackers access to numerous devices

Tech Republic Security

NCC Group has found proof of concept that BLE devices can be exploited from anywhere on the planet. The post Vulnerabilities found in Bluetooth Low Energy gives hackers access to numerous devices appeared first on TechRepublic. Security


More Trending

How to Secure Mobile Apps: A Complete Checklist for 2022


Full-fledged security is what every one needs! Due to the significant rise in cyber and malware attacks on the different apps, mobile app security is considered a critical component of app development. Therefore, having a highly secured mobile app ensures a hassle-free business operation!

HotBot VPN Review 2022: Fast And Secure VPN Service


In this HotBot VPN review, we will examine its features, apps, pricing, etc. Read on… HotBot is a VPN service that’s marketed as a fast, easy way to unblock websites and protect your privacy online.

VPN 95

Google Cloud Aims to Share Its Vetted Open Source Ecosystem

Dark Reading

The online giant analyzes, patches, and maintains its own versions of open source software, and now the company plans to give others access to its libraries and components as a subscription

US Government warns against recruiting Information Technology workers from China, North Korea and Russia

CyberSecurity Insiders

United States government has issued a warning against recruitment of IT workers from countries like China, North Korea and Russia. The reason is that the Biden led government suspects such recruitments might turn dangerous to the national infrastructure.

Cover Your SaaS: How to Overcome Security Challenges and Risks For Your Organization

Speaker: Ronald Eddings, Cybersecurity Expert and Podcaster

In this webinar, Ronald Eddings, Cybersecurity Expert, will outline the relationship between SaaS apps and IT & security teams, along with several actionable solutions to overcome the new difficulties facing your organization.

Role Of The Internet During The Times Of Pandemic


Here, you will identify the role of the Internet during the pandemic times. The Internet is a crown jewel of the modern technological world. Due to its immense amounts of benefits to mankind, it is considered the greatest invention of human history after the wheel.

Ransomware Attack on Omnicell

CyberSecurity Insiders

Omnicell, an American healthcare technology provider has released a press statement that its IT Infrastructure was targeted by ransomware early this month, affecting its internal systems severely.

Over 200 Apps on Play Store Caught Spying on Android Users Using Facestealer

The Hacker News

More than 200 Android apps masquerading as fitness, photo editing, and puzzle apps have been observed distributing spyware called Facestealer to siphon user credentials and other valuable information.

The Ultimate Antivirus Software Guide: What Is An Antivirus?


Have you been hearing about Antivirus lately but you don’t know what it means and what it does? Don’t worry this article will serve as an Antivirus software guide that you can always refer to.

How to Avoid the Pain and Cost of PCI Compliance While Optimizing Payments

Speaker: P. Andrew Sjogren, Sr. Product Marketing Manager at Very Good Security, Matt Doka, Co-Founder and CTO of Fivestars, and Steve Andrews, President & CEO of the Western Bankers Association 

In this webinar, we have a great set of panelists who will take you through how Zero Data strategies can be used as part of a well-rounded compliance and security approach, and get you to market much sooner by also allowing for payment optimization. They’ll share how to grow your business faster and minimize costs for both security and compliance

FBI: E-Tailers, Beware Web Injections for Scraping Credit-Card Data, Backdoors

Dark Reading

Law enforcement is warning about a wave of Web injection attacks on US online retailers that are successfully stealing credit-card information from online checkout pages

NordLayer Review 2022: Affordable Business VPN Solution


Here is the NordLayer review. A secure and affordable business VPN solution. Read on… This review focuses on the advantage of the NordLayer enterprise VPN solution for remote work, businesses, and corporations over the conventional VPN solutions for individuals. What Is NordLayer VPN?

VPN 83

Widespread Attack on WordPress Sites Targets Tatsu Builder Plug-in

Dark Reading

A widespread attack is underway to exploit known RCE flaw in Tatsu Builder WordPress plug-in, according to a new report


5 Things to know about the UK’s National Cyber Security Centre (NCSC)

Security Boulevard

#1 The history of the National Cyber Security Centre The UK’s first cybersecurity strategy was launched in 2009 and outlined that whatever the shape of the cybersecurity mission, it made no sense to silo it away from other aspects of national security.

Back to the Office: Privacy and Security Solutions to Compliance Issues for 2021 and Beyond

Speaker: Mike Cramer, Director of HIPAA & Data Security at The Word & Brown Companies

Now that companies are slowly allowing employees to return to work at the office, it's time to re-evaluate your company’s posture towards privacy and security. Join Mike Cramer, Director of HIPAA & Data Security at The Word & Brown Companies, for a discussion that will focus on compliance and the types of privacy and security measures your company should be aware of, as well as tips and methods for implementing these measures.

Challenges that impact the Cybersecurity talent pipeline

CyberSecurity Insiders

Cyberattacks are alarming, and establishments must increase protections, embrace a layered attitude, and cultivate security-conscious users to combat growing concerns.


4 Reasons Why CISOs Cannot Protect Executives’ Personal Digital Lives

Security Boulevard

It’s a common misconception that it’s the responsibility of the CISO to ensure business leaders are protected in every aspect of their digital lives, including the personal. After all, a cyber attack on an executive can be an attack on the company.


How Mobile Networks Have Become a Front in the Battle for Ukraine

Dark Reading

Since 2014's annexation of Crimea, Ukrainian mobile operators have taken multiple, proactive steps to defend networks in the country and ensure their resilience

OT and IoT cybersecurity: are you tracking the wrong KPIs?

Security Boulevard

Tracking the wrong KPIs is as good as not tracking the effectiveness of your cybersecurity measures at all.

IoT 83

VPN Proxy Master Review 2022


This review focuses on VPN Proxy Master, a Singapore-based VPN service. A Virtual Private Network, or VPN, is a virtual tunnel that connects your computer to a server owned by a VPN provider. This way, nobody can see your connection or your devices. There are several benefits of connecting to a VPN.

VPN 80

The importance of cybersecurity training programs for strengthening your security posture (Part 2)

Security Boulevard

In part one of this two-part blog series, we explained why training the individual is critical. An organization’s people are its first line of defense against cyber attacks, and therefore must be trained on behaviors and skills to keep the organization secure.

Critical VMware Bug Exploits Continue, as Botnet Operators Jump In

Dark Reading

A critical VMware bug tracked as CVE-2022-22954 continues to draw cybercriminal moths to its remote code-execution flame, with recent attacks focused on botnets and Log4Shell


Building security into existing source code management workflows

Security Boulevard

Shifting visibility downstream in the SDLC with an AppSec tool like Code Dx enables companies to build high-quality software, faster. The post Building security into existing source code management workflows appeared first on Application Security Blog.

How To Organize Your Digital Life With Desktop.com


Read on as I show you how to organize your digital life with Desktop.com, an intuitive virtual desktop software. Basically, virtual desktop software empowers employees to work from anywhere by providing them with a virtual desktop that they can access from any device.

Hackers can steal your Tesla Model 3, Y using new Bluetooth attack

Bleeping Computer

Security researchers at the NCC Group have developed a tool to carry out a Bluetooth Low Energy (BLE) relay attack that bypasses all existing protections to authenticate on target devices. [.]. Security

Gmail-linked Facebook accounts vulnerable to attack using a chain of bugs—now fixed


A security researcher has disclosed how he chained together multiple bugs in order to take over Facebook accounts that were linked to a Gmail account.

ProtonMail Review: Safe And Secure Email Service Provider


This article is a comprehensive ProtonMail review, an email service with end-to-end encryption.

Your iPhone Is Vulnerable to a Malware Attack Even When It’s Off

WIRED Threat Level

Researchers found a way to exploit the tech that enables Apple’s Find My feature, which could allow attackers to track location when a device is powered down. Security Security / Cyberattacks and Hacks

Security in Milliseconds: Visa Invests in Payment Security as E-Commerce Surges

eSecurity Planet

The COVID-19 pandemic has driven a massive increase in e-commerce spending, doubling to an expected $1 trillion this year, according to Adobe. But that spending surge has brought with it a corresponding rise in payment security challenges.

Risk 77

TotalAV Antivirus Review: Is TotalAV Safe And Legit?


Is the award-winning TotalAV really worth your buck? No worries, you will find out in this detailed TotalAV review. TotalAV is an antivirus software that offers users complete protection from malware, viruses, and spyware.