Schneier on Security

AUGUST 4, 2022

SIKE is one of the new algorithms that NIST recently added to the post-quantum cryptography competition. It was just broken , really badly. We present an efficient key recovery attack on the Supersingular Isogeny Diffie­-Hellman protocol (SIDH), based on a “glue-and-split” theorem due to Kani. Our attack exploits the existence of a small non-scalar endomorphism on the starting curve, and it also relies on the auxiliary torsion point information that Alice and Bob share during the pro

Encryption 315

Encryption 315

Tech Republic Security

AUGUST 4, 2022

With more people using their mobile devices for work and personal use, hackers are exploiting the vulnerabilities these activities create. The post Verizon: Mobile attacks up double digits from 2021 appeared first on TechRepublic.

Mobile 212

Mobile Cybersecurity 212

Dark Reading

AUGUST 4, 2022

The CVE-2022-27535 local privilege-escalation security vulnerability in the security software threatens remote and work-from-home users.

VPN 145

VPN Software 145

Tech Republic Security

AUGUST 4, 2022

More than 40% of IT pros surveyed by Menlo Security said they worry about ransomware evolving beyond their knowledge and skills. The post One in three organizations now hit by weekly ransomware attacks appeared first on TechRepublic.

Ransomware 208

Ransomware Cybersecurity 208

Speaker: Erroll Amacker

Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.

Risk

Security Affairs

AUGUST 4, 2022

Cisco fixes critical remote code execution vulnerability, tracked as CVE-2022-20842, impacting Small Business VPN routers. Cisco addressed a critical security vulnerability, tracked as CVE-2022-20842, impacting Small Business VPN routers. The flaw resides in the web-based management interface of several Small Business VPN routers, including Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers.

Small Business 140

Small Business VPN Hacking Information Security 140

Tech Republic Security

AUGUST 4, 2022

Ensure your data receives maximum protection with the 13-in-1 Docking Station with Dual HDMI. The post Protect your data and work from anywhere with this docking station appeared first on TechRepublic.

Data breaches 167

Data breaches 167

Tech Republic Security

AUGUST 4, 2022

Erik Eckel walks you through the process of adjusting or adding Touch ID to your MacBook Pro. The post How to change Touch ID settings on a MacBook Pro appeared first on TechRepublic.

158

158

CSO Magazine

AUGUST 4, 2022

In the world of espionage and intrigue, China has always played the long game, planning far beyond the next quarter, looking over the horizon at the next generation. For this reason, it should come as no surprise that China and Chinese government-supported companies like Huawei will look at every avenue to advance the long-term goals of the Chinese Communist Party (CCP).

Government 136

Government 136

Tech Republic Security

AUGUST 4, 2022

Windows finally includes a tool to manage local admin passwords, but admins will still need to do some work to make it useful. The post Protect domain-joined computer passwords with Windows’ Local Administrator Password Solution appeared first on TechRepublic.

Passwords 148

Passwords Software Network Security 148

eSecurity Planet

AUGUST 4, 2022

It’s been a couple of decades since data tapes delivered by trucks made encryption a standard enterprise cybersecurity practice. Yet even as technology has changed, sending and receiving data remains a major vulnerability, ensuring encryption’s place as a foundational security practice. Attackers can intercept data transfers, and from there gain access to all manner of sensitive data.

Encryption 132

Encryption Software Computers and Electronics Technology 132

Advertisement

Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.

Cyber threats

Security Boulevard

AUGUST 4, 2022

Black Hat is set to return next week with two years of pent up cybersecurity research and discoveries. Here are the talks you don't want to miss. . The post Buckle up for Black Hat 2022: Sessions your security team should not miss appeared first on Security Boulevard.

Cybersecurity 130

Cybersecurity Software 130

CSO Magazine

AUGUST 4, 2022

Red teams are a necessary evil – literally – in today’s cyber threat landscape. Motivations for engaging in offensive testing activities can vary from regulatory requirements to certification aspirations. Truly proactive and progressive security programs incorporate offensive operations almost immediately as security is built and defined. Most organizations start with vulnerability scanning and then move into penetration testing (pentesting) , taking the vulnerability scan one step farther from

Penetration Testing 124

Penetration Testing Cyber threats 124

Bleeping Computer

AUGUST 4, 2022

A new botnet called 'RapperBot' has emerged in the wild since mid-June 2022, focusing on brute-forcing its way into Linux SSH servers and then establishing persistence. [.].

Malware 123

Malware 123

CyberSecurity Insiders

AUGUST 4, 2022

According to a security report published by Check Point Research (CPR), some nations are using cyber attacks as state level weapons to terrorize politicians and country populace. The midyear report highlighted two terms ‘Country Extortion’ and State affiliated ‘Hacktivism’ and stressed on the fact that these two terms will emerge as a major threat in near future that will inflict more damage than witnessed in military conflicts.

Cyber Attacks 121

Cyber Attacks Ransomware Malware Cybersecurity 121

Advertisement

The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.

Cybersecurity

Malwarebytes

AUGUST 4, 2022

We get a few questions about ransomware protection and how our Endpoint Detection and Response software can protect you from ransomware. In this post, our security experts answer some of your most frequently asked questions about ransomware and how our EDR can help—let’s get started. Q: When considering an EDR solution, what anti-ransomware features should I be looking for?

Ransomware 121

Ransomware Engineering Backups Encryption 121

CSO Magazine

AUGUST 4, 2022

The U.S. Secret Service (USSS) has been under intense political fire since mid-July when the Department of Homeland Security (DHS) Inspector General's office told Congress that the text messages surrounding the important events of January 6 had been permanently deleted for twenty-four key agents. The USSS currently operates under DHS. The facts of this high-stakes national drama are unclear, and conflicts between lawmakers and DHS and DHS and the Secret Service further muddy the waters.

Mobile 119

Mobile 119

The Hacker News

AUGUST 4, 2022

As many as 29 different router models from DrayTek have been identified as affected by a new critical, unauthenticated, remote code execution vulnerability that, if successfully exploited, could lead to full compromise of the device and unauthorized access to the broader network.

117

117

CSO Magazine

AUGUST 4, 2022

Palo Alto Networks this week announced the immediate availability of Unit 42 Managed Detection and Response ( MDR ), a service providing on-call cybersecurity specialists to track and respond to security threats in real time. The idea is to back Palo Alto’s existing automated Cortex extended detection and response ( XDR ) platform with human expertise, dedicating members of the company’s threat response team and others to minimizing unnecessary alerts and prioritizing those from serious threats.

Cybersecurity 117

Cybersecurity 117

Speaker: Sierre Lindgren

Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.

Scams

Naked Security

AUGUST 4, 2022

Lastest episode - listen now! (Or read if that's what you prefer.).

Cryptocurrency 116

Cryptocurrency Cybercrime 116

InfoWorld on Security

AUGUST 4, 2022

A zero-knowledge proof, also known as ZKP protocol, attempts to establish a fact between parties with a minimum amount of information exchange. In cryptography, it is intended to limit the transfer of information during authentication activities. ZKP's originators explicitly studied the movement of information, or knowledge, in computer proofs. The zero-knowledge proof was a significant advancement in introducing a new area of study at the time.

Authentication 115

Authentication 115

Bleeping Computer

AUGUST 4, 2022

The Association of German Chambers of Industry and Commerce (DIHK) was forced to shut down all of its IT systems and switch off digital services, telephones, and email servers, in response to a cyberattack. [.].

115

115

We Live Security

AUGUST 4, 2022

Are you on Tinder? With 75 million monthly active users, you might be able to find the right one. However there are also traps you need to look out for. Read more about catfishing, sextortion, phishing and other practices used by scammers. The post Don’t get singed by scammers while you’re carrying the torch for Tinder appeared first on WeLiveSecurity.

Phishing 115

Phishing Scams 115

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

Security Affairs

AUGUST 4, 2022

An unknown threat actor is targeting Russian organizations with a new remote access trojan called Woody RAT. Malwarebytes researchers observed an unknown threat actor targeting Russian organizations with a new remote access trojan called Woody RAT. The attackers were delivering the malware using archive files and Microsoft Office documents exploiting the Follina Windows flaw ( CVE-2022-30190 ).

Malware 113

Malware Information Security Encryption Phishing 113

The State of Security

AUGUST 4, 2022

The rising number of cyber attacks against software applications has emphasized how security must serve as an important factor in software development. More than the traditional Software Development Lifecycle (SDLC) procedures, now security-integrated development lifecycles are being widely adapted. These aren’t the typical security assessments that are performed at the very end of development of […]… Read More.

Cyber Attacks 110

Cyber Attacks Software 110

Security Affairs

AUGUST 4, 2022

The cryptocurrency bridge Nomad is the last victim of a cyber heist, threat actors stole almost $200 million of its funds. Another crypto heist made the headlines, threat actors stole nearly $200 million worth of cryptocurrency from the bridge Nomad. Nomad Bridge is a cross-chain bridge between Ethereum, Moonbeam, Avalanche, Evmos and Milkomeda. The project confirmed the incident and is investigating the case after it has notified law enforcement.

Cryptocurrency 107

Cryptocurrency Hacking Cybercrime Information Security 107

The Hacker News

AUGUST 4, 2022

A threat actor is said to have "highly likely" exploited a security flaw in an outdated Atlassian Confluence server to deploy a never-before-seen backdoor against an unnamed organization in the research and technical services sector.

Cybersecurity 107

Cybersecurity 107

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Security Boulevard

AUGUST 4, 2022

Now that students are back to in-person learning, school administrators should be on the lookout for an uptick in bullying behavior when the school year begins. Why? Because it happened before, and it can happen again. According to research from Boston University and shared by Edweek, search activity around bullying decreased during the pandemic. But […].

Education 105

Education 105

SecureBlitz

AUGUST 4, 2022

This post will talk about the best Magento extension to boost sales. Many large corporations, like Ford, Nike, and Coca-Cola, Read more. The post What Is The Best Magento Extension To Boost Sales? appeared first on SecureBlitz Cybersecurity.

Cybersecurity 105

Cybersecurity 105

The Hacker News

AUGUST 4, 2022

Imagine this: a company-wide lockout to the company CRM, like Salesforce, because the organization's external admin attempts to disable MFA for themselves. They don't think to consult with the security team and don't consider the security implications, only the ease which they need for their team to use their login.

103

103

Security Affairs

AUGUST 4, 2022

A critical flaw in multiple models of DrayTek Vigor routers can allow unauthenticated, remote attackers to fully compromise affected devices. Tens of router models from Taiwanese SOHO manufacturer DrayTek are affected by a critical, unauthenticated, remote code execution vulnerability, tracked as CVE-2022-32548, that can be exploited to fully compromise a vulnerable device and gain unauthorized access to the broader network.

Hacking 100

Hacking Internet Internet Passwords 100

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!