Troy Hunt
MARCH 28, 2022
Data breaches impact us all as individuals, companies and as governments. Over the last 4 years, I've been providing additional access to data breach information in Have I Been Pwned for government agencies responsible for protecting their citizens. The access is totally free and amounts to APIs designed to search and monitor government owned domains and TLDs.
Daniel Miessler
MARCH 10, 2022
People are starting to get the fact that texts (SMS) are a weak form of multi-factor authentication (MFA). Fewer people know that there’s a big gap between the post-SMS MFA options as well. As I talked about in the original CASSM post , there are levels to this game. In that post we talked about 8 levels of password security, starting from using shared and weak passwords and going all the way up to passwordless.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Joseph Steinberg
MARCH 14, 2022
The cybersecurity term “secure workloads” seems to be gaining a lot of traction in marketing materials lately. Yet, it has become a ubiquitous catchphrase that is often misused. So, let’s cut through the fluff, and understand what “secure workloads” really are…. When it comes to cybersecurity, securing workloads means protecting all of the various components that make up an application (such as its database functionality).
Krebs on Security
MARCH 17, 2022
Researchers are tracking a number of open-source “ protestware ” projects on GitHub that have recently altered their code to display “Stand with Ukraine” messages for users, or basic facts about the carnage in Ukraine. The group also is tracking several code packages that were recently modified to erase files on computers that appear to be coming from Russian or Belarusian Internet addresses.
Speaker: Erroll Amacker
Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.
Schneier on Security
MARCH 7, 2022
An Alexa can respond to voice commands it issues. This can be exploited : The attack works by using the device’s speaker to issue voice commands. As long as the speech contains the device wake word (usually “Alexa” or “Echo”) followed by a permissible command, the Echo will carry it out, researchers from Royal Holloway University in London and Italy’s University of Catania found.
Lohrman on Security
MARCH 13, 2022
Cyber insurance is only getting more expensive, and the market is changing dramatically, with more changes to come. So what trends will drive adoption, rates and the wider future of cyber insurance?
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
|
Adam Levin
MARCH 31, 2022
When it comes to backing up your data, IT and cybersecurity experts alike consistently advise what’s known as the “3-2-1” rules, which are: Keep at least three copies of your data: The emphasis here is on at least. Backups are inherently fallible, and can fall prey to malware, ransomware, power surges, and hardware failure. The only way to make sure your data is truly secured is by having backups of your backups.
Joseph Steinberg
MARCH 8, 2022
Russian President, Vladimir Putin, is unlikely to publicly thank the tens of thousands of pro-Ukraine hacker activists whose highly visible hacking efforts have likely helped Russia far more than they have Ukraine, but if he were to issue a thank you letter, it might read something like this: Dear “Pro-Ukraine Hackers,” I wish to thank you for all of your valiant efforts over the past few weeks.
Krebs on Security
MARCH 11, 2022
As their cities suffered more intense bombardment by Russian military forces this week, Ukrainian Internet users came under renewed cyberattacks, with one Internet company providing service there saying they blocked ten times the normal number of phishing and malware attacks targeting Ukrainians. John Todd is general manager of Quad9 , a free “anycast” DNS platform.
Schneier on Security
MARCH 24, 2022
In kernel version 5.17, both /dev/random and /dev/urandom have been replaced with a new — identical — algorithm based on the BLAKE2 hash function, which is an excellent security improvement.
Advertisement
Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.
Lohrman on Security
MARCH 6, 2022
New mandated reporting of major cyber incidents for all owners and operators of U.S. critical infrastructure seems closer than ever, thanks to new bills that are supported by the White House.
Troy Hunt
MARCH 19, 2022
So the plan was to schedule this week's session in advance then right on 17:30 at my end, go live. It mostly worked, I just forgot to press the "go live" button having worked on the (obviously incorrect) assumption that would happen automatically. Lesson learned, session restarted, we'll be all good next week 😊 References Asking about IoT'ing the kids' showers led to lots of wrong answers (maybe I'm just scarred now knowing how much work is involved as so
The Last Watchdog
MARCH 17, 2022
Cybersecurity tools evolve towards leveraging machine learning (ML) and artificial intelligence (AI) at ever deeper levels, and that’s of course a good thing. However, we often see results that feel cookie cutter and counter-productive, raising the question: can AI really do as good of a job as a human? Related: Business logic hacks plague websites.
Adam Levin
MARCH 17, 2022
The NCAA Men’s Basketball tournament is underway, and with it the annual prediction brackets. Guessing the brackets right usually means a nice chunk of change. The outcome of over 60 games is wagered on through shared files or online services. . Unfortunately, brackets create opportunities for a wide array of phishing and hacking campaigns, particularly in workplaces where a lot of brackets are distributed.
Advertisement
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
Krebs on Security
MARCH 8, 2022
Lumen Technologies , an American company that operates one of the largest Internet backbones and carries a significant percentage of the world’s Internet traffic, said today it will stop routing traffic for organizations based in Russia. Lumen’s decision comes just days after a similar exit by backbone provider Cogent , and amid a news media crackdown in Russia that has already left millions of Russians in the dark about what is really going on with their president’s war in Ukr
Schneier on Security
MARCH 8, 2022
Yet another method of surveillance : Radar can detect you moving closer to a computer and entering its personal space. This might mean the computer can then choose to perform certain actions, like booting up the screen without requiring you to press a button. This kind of interaction already exists in current Google Nest smart displays , though instead of radar, Google employs ultrasonic sound waves to measure a person’s distance from the device.
Lohrman on Security
MARCH 20, 2022
What have we learned so far regarding cybersecurity from the Russia-Ukraine war and related cyber incidents around the world? Let’s explore.
Troy Hunt
MARCH 10, 2022
Somehow this week ended up being all about Russia and Cloudflare. Mostly as 2 completely separate topics, but also a little bit around Cloudflare's ongoing presence in Russia (with a very neutral view on that, TBH). Looking back on this video a few hours later, the thing that strikes me is the discussion around what appears to be a phishing page seeking donations for Ukraine.
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
The Last Watchdog
MARCH 31, 2022
Cybersecurity has never felt more porous. You are no doubt aware of the grim statistics: •The average cost of a data breach rose year-over-year from $3.86 million to $4.24 million in 2021, according to IBM. •The majority of cyberattacks result in damages of $500,000 or more, Cisco says. •A sobering analysis by Cybersecurity Ventures forecasts that the global cost of ransomware attacks will reach $265 billion in 2031. • The FBI reports that 3,000-4,000 cyberattacks are counted each day.
Tech Republic Security
MARCH 18, 2022
If you are interested in pursuing a career in cybersecurity and don't know where to start, here's your go-to guide about salaries, job markets, skills and common interview questions in the field, as well as the top security software. The post How to become a cybersecurity pro: A cheat sheet appeared first on TechRepublic.
Krebs on Security
MARCH 1, 2022
A Ukrainian security researcher this week leaked several years of internal chat logs and other sensitive data tied to Conti , an aggressive and ruthless Russian cybercrime group that focuses on deploying its ransomware to companies with more than $100 million in annual revenue. The chat logs offer a fascinating glimpse into the challenges of running a sprawling criminal enterprise with more than 100 salaried employees.
Schneier on Security
MARCH 4, 2022
Researchers have found a major encryption flaw in 100 million Samsung Galaxy phones. From the abstract: In this work, we expose the cryptographic design and implementation of Android’s Hardware-Backed Keystore in Samsung’s Galaxy S8, S9, S10, S20, and S21 flagship devices. We reversed-engineered and provide a detailed description of the cryptographic design and code structure, and we unveil severe design flaws.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Lohrman on Security
MARCH 27, 2022
How bad was cyber crime in 2021? What are the projections for the next few years? More important, what can you do about it?
Troy Hunt
MARCH 25, 2022
Wow, what a day yesterday! I mentioned at the start of this week's update that Charlotte and I jumped on a chopper with our parents to check out our wedding venue, here's the pics and I just added a video to the thread too: Well that was amazing; chopper ride to our wedding venue for lunch with our parents. So happy to live here and have access to such a wonderful place.
The Last Watchdog
MARCH 7, 2022
As companies accelerate their reliance on agile software development, cloud-hosted IT infrastructure and mobile applications, vulnerability management (VM) has an increasingly vital security role to play. Related: Log4j vulnerability translates into vast exposures. Not only does VM contribute to the safety and security of an organization’s network and infrastructure, it also helps ensure infrastructure performance is optimized.
Tech Republic Security
MARCH 15, 2022
NCC Group’s study outlines the use cases for BCIs as well as the security risks associated with using them. The post Brain Computer Interfaces may be the future, but will they be secure? appeared first on TechRepublic.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Krebs on Security
MARCH 7, 2022
Three stories here last week pored over several years’ worth of internal chat records stolen from the Conti ransomware group, the most profitable ransomware gang in operation today. The candid messages revealed how Conti evaded law enforcement and intelligence agencies , what it was like on a typical day at the Conti office , and how Conti secured the digital weaponry used in their attacks.
Schneier on Security
MARCH 18, 2022
My proof of COVID-19 vaccination is recorded on an easy-to-forge paper card. With little trouble, I could print a blank form, fill it out, and snap a photo. Small imperfections wouldn’t pose any problem; you can’t see whether the paper’s weight is right in a digital image. When I fly internationally, I have to show a negative COVID-19 test result. That, too, would be easy to fake.
Anton on Security
MARCH 16, 2022
As we discussed in “Achieving Autonomic Security Operations: Reducing toil” (or it’s early version “Kill SOC Toil, Do SOC Eng” ) and “Stealing More SRE Ideas for Your SOC” , your Security Operations Center (SOC) can learn a lot from what IT operations learned during the SRE revolution. In this post of the series, we plan to extract the lessons for your SOC centered on another SRE principle?
Troy Hunt
MARCH 21, 2022
For the last 4 years, I've been providing API-level access to national government agencies so that they can search and monitor their government domains on Have I Been Pwned. Today, I'm very happy to welcome the 29th government to join the service, Italy! Via CSIRT-Italia within their National Cybersecurity Agency (ACN), they now have free access to breach data I hope will further empower them to protect their people in the wake of data breaches.
Speaker: Sierre Lindgren
Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.
Expert insights. Personalized for you.
363 
Let's personalize your content