Daniel Miessler

MARCH 10, 2022

People are starting to get the fact that texts (SMS) are a weak form of multi-factor authentication (MFA). Fewer people know that there’s a big gap between the post-SMS MFA options as well. As I talked about in the original CASSM post , there are levels to this game. In that post we talked about 8 levels of password security, starting from using shared and weak passwords and going all the way up to passwordless.

Authentication 364

Authentication Phishing Passwords Accountability 364

Troy Hunt

MARCH 28, 2022

Data breaches impact us all as individuals, companies and as governments. Over the last 4 years, I've been providing additional access to data breach information in Have I Been Pwned for government agencies responsible for protecting their citizens. The access is totally free and amounts to APIs designed to search and monitor government owned domains and TLDs.

Government 362

Government Data breaches 362

Joseph Steinberg

MARCH 8, 2022

Russian President, Vladimir Putin, is unlikely to publicly thank the tens of thousands of pro-Ukraine hacker activists whose highly visible hacking efforts have likely helped Russia far more than they have Ukraine, but if he were to issue a thank you letter, it might read something like this: Dear “Pro-Ukraine Hackers,” I wish to thank you for all of your valiant efforts over the past few weeks.

Artificial Intelligence 335

Artificial Intelligence Hacking Penetration Testing Government 335

Schneier on Security

MARCH 7, 2022

An Alexa can respond to voice commands it issues. This can be exploited : The attack works by using the device’s speaker to issue voice commands. As long as the speech contains the device wake word (usually “Alexa” or “Echo”) followed by a permissible command, the Echo will carry it out, researchers from Royal Holloway University in London and Italy’s University of Catania found.

Hacking 315

Hacking 315

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Tech Republic Security

MARCH 18, 2022

If you are interested in pursuing a career in cybersecurity and don't know where to start, here's your go-to guide about salaries, job markets, skills and common interview questions in the field, as well as the top security software. The post How to become a cybersecurity pro: A cheat sheet appeared first on TechRepublic.

Cybersecurity 218

Cybersecurity Marketing Software 218

Veracode Security

MARCH 31, 2022

Details of a zero-day vulnerability in Spring Framework were leaked on March 29, 2022 but promptly taken down by the original source. Although much of the initial speculation about the nature of the vulnerability was incorrect, we now know that the vulnerability has the potential to be quite serious depending on your organization’s use of Spring Framework.

145

145

Bleeping Computer

MARCH 25, 2022

A set of flaws affecting the world's leading messaging and email platforms, including Instagram, iMessage, WhatsApp, Signal, and Facebook Messenger, has allowed threat actors to create legitimate-looking phishing URLs for the past three years. [.].

Phishing 145

Phishing 145

Malwarebytes

MARCH 24, 2022

In two security advisories, HP has alerted users to the existence of security vulnerabilities in several of its printer models. In total, four vulnerabilities were patched, but three of those vulnerabilities are rated critical, and all of them can lead to remote code execution (RCE) when exploited. Link-Local Multicast Name Resolution. CVE-2022-3942 is a vulnerability rated with a CVSS score of 8.4 out of 10.

Firmware 145

Firmware DNS Software 145

Schneier on Security

MARCH 24, 2022

In kernel version 5.17, both /dev/random and /dev/urandom have been replaced with a new — identical — algorithm based on the BLAKE2 hash function, which is an excellent security improvement.

303

303

Tech Republic Security

MARCH 15, 2022

NCC Group’s study outlines the use cases for BCIs as well as the security risks associated with using them. The post Brain Computer Interfaces may be the future, but will they be secure? appeared first on TechRepublic.

Risk 216

Risk 216

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Security Boulevard

MARCH 17, 2022

Russian hackers are known as some of the world’s best, and the increase in tensions between the United States and Russia since the invasion of Ukraine has raised the prospect that Russian hackers may target U.S. citizens and organizations with cyberattacks. Our company, INKY Technology, provides cloud-based anti-phishing defense-in-depth to protect against email attacks.

Phishing 145

Phishing Technology Social Engineering Engineering 145

Digital Shadows

MARCH 29, 2022

Since Russia’s invasion of Ukraine in February, the Digital Shadows Photon team has been following multiple aspects of the tragic. The post “Your rubles will only be good for lighting a fire”: Cybercriminals reel from impact of sanctions first appeared on Digital Shadows.

Cybercrime 143

Cybercrime 143

Bleeping Computer

MARCH 15, 2022

Russia faces a critical IT storage crisis after Western cloud providers pulled out of the country, leaving Russia with only two more months before they run out of data storage. [.].

Technology 145

Technology Government 145

CSO Magazine

MARCH 16, 2022

A new ransomware operation dubbed LokiLocker has slowly been gaining traction since August among cybercriminals, researchers warn. The malicious program uses a relatively rare code obfuscation technique and includes a file wiper component that attackers could use against non-compliant victims. "??LokiLocker is a relatively new ransomware family targeting English-speaking victims and Windows PCs.

Ransomware 142

Ransomware 142

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Security Affairs

MARCH 5, 2022

Anonymous and its affiliates continue to target Russia and Belarus, it is also targeting the Russian disinformation machine. Anonymous announced to have hacked more than 2,500 websites linked to the Russian and Belarusian governments, state-owned media outlets spreading disinformation, Russian private organizations, banks, hospitals, airports. The attacks were conducted as part of the #OpRussia launched by the collective after the violent and illegitimate invasion of Ukraine.

Hacking 142

Hacking Government Banking Media 142

Tech Republic Security

MARCH 15, 2022

Don’t let mobile malware ruin your day or your device. Be aware of how this threat happens and take good precautions to avoid it. The post Mobile malware is on the rise: Know how to protect yourself from a virus or stolen data appeared first on TechRepublic.

Mobile 214

Mobile Malware 214

Security Boulevard

MARCH 18, 2022

Cloud security management issues are increasing the flood of false positive alerts and missed critical issues and contributing to higher burnout rates for IT teams. These were among the findings of an Orca Security survey of 800 IT professionals across five countries and 10 industries, which revealed more than half (55%) of respondents use three. The post Cloud Security Tool Sprawl Draining IT Teams appeared first on Security Boulevard.

Cybersecurity 144

Cybersecurity Network Security 144

CyberSecurity Insiders

MARCH 31, 2022

By Chester Avey. The Covid-19 pandemic has caused seismic change for business. Not only have markets and industries had to find ways to adapt, but companies of all sizes have faced an unprecedented scenario. It can be easy to understand then, that cybersecurity may not have been a huge priority for businesses . However, it has now been well established that over the period of the pandemic there has been an enormous rise in cybercrime.

Cybersecurity 141

Cybersecurity Cybercrime eCommerce Software 141

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Bleeping Computer

MARCH 11, 2022

Video game developer Ubisoft has confirmed that it suffered a 'cyber security incident' that caused disruption to some of its services. Data extortion group LAPSUS$, who has claimed responsibility for hacking Samsung, NVIDIA, and Mercado Libre thus far, also appears to be behind Ubisoft incident. [.].

Passwords 145

Passwords Hacking 145

CSO Magazine

MARCH 29, 2022

If you don’t currently have your own security operations center (SOC), you have two ways to get one: Build your own or use some managed collection of services. In past years the two paths were distinct, and it was relatively easy to make the call based on staffing costs and skills. Now, the SOC-as-a-service (SOCaaS) industry has matured to the point now where the term is falling into disfavor as managed services vendors have become more integral to the practice.

141

141

Security Affairs

MARCH 17, 2022

The collective Anonymous and its affiliated groups continue to target the Russian government and private organizations. The collective Anonymous, and other groups in its ecosystem, continue to target the Russian government and private organizations. Let’s summarize the most interesting attacks observed in the last few days. Yesterday Anonymous announced the hack of the website of the Ministry of Emergencies of Russia, the hackers defaced them and published the message: “Don’t t

Government 140

Government Hacking Media Information Security 140

Tech Republic Security

MARCH 11, 2022

Developers are exploring new tools and methodologies to ensure the next log4j doesn’t happen. Will it work? The post Log4j postmortem: Developers are taking a hard look at software supply-chain security gaps appeared first on TechRepublic.

Software 213

Software 213

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

Security Boulevard

MARCH 24, 2022

Cloud adoption continues to accelerate and exceed expectations year after year. Gartner expects public cloud services to grow another 21.7% in 2022, and while this is a positive direction for the industry as a whole, it creates a dramatic shift in cybersecurity risks. It also prompts a reevaluation of the solutions required to address those. The post Are You Prepared for Your Next Cloud Incident?

Risk 143

Risk Cybersecurity Data breaches 143

Malwarebytes

MARCH 17, 2022

Some don’t mind putting extra effort into making their crime appear as legitimate as possible by perpetuating more lies as long as they are guaranteed money in the end. Osondu Victor Igwilo is one such Nigerian scammer. The “catchers” 52-year-old Igwilo has been on the Federal Bureau of Investigation’s watch list since 2018. According to court documents, Igwilo was charged in 2016 in the US District Court, Southern District of Texas, Houston, Texas for “one count of

Identity Theft 139

Identity Theft Banking Government Accountability 139

Bleeping Computer

MARCH 24, 2022

Morgan Stanley Wealth Management, the wealth and asset management division of Morgan Stanley, says some of its customers had their accounts compromised following vishing attacks. [.].

Social Engineering 145

Social Engineering Accountability Engineering 145

The Hacker News

MARCH 24, 2022

Before hunting malware, every researcher needs to find a system where to analyze it. There are several ways to do it: build your own environment or use third-party solutions. Today we will walk through all the steps of creating a custom malware sandbox where you can perform a proper analysis without infecting your computer. And then compare it with a ready-made service.

Malware 139

Malware 139

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

Risk

Graham Cluley

MARCH 15, 2022

Last month, the LAPSUS$ hacking group stole up to one terabyte of internal data, including hashed passwords, from graphics card maker NVIDIA. Of course, you would hope that any sensible NVIDIA employee would have chosen a sensible hard-to-crack password, and ensured that they weren’t using the same password anywhere else on the internet.

Passwords 139

Passwords Internet Internet Hacking 139

Tech Republic Security

MARCH 1, 2022

The vulnerability lies in how Samsung implemented a portion of the Android Trusted Execution Environment, leading to devices as new as the S21 being vulnerable to initialization vector reuse attacks. The post 100 million Samsung phones affected by encryption weakness appeared first on TechRepublic.

Encryption 212

Encryption Mobile 212

Security Boulevard

MARCH 24, 2022

It was the third week of January 2022 and the offer letter was signed and accepted; Guarav Kathuria was on his way out the door to start the next chapter in his career and closing out his 12-plus years at Qualcomm. Nothing to see here—this scenario happens to thousands of engineers each month. Except, well, The post Qualcomm: ‘We’d Like Our IP Back, Please’ appeared first on Security Boulevard.

Engineering 143

Engineering Data breaches Cybersecurity 143

CSO Magazine

MARCH 10, 2022

The world is watching closely as Russia’s invasion of Ukraine evolves with each passing day. The conflict, combined with geopolitical tensions prompted by the disapproving responses from NATO, the US and many other countries, have made organizations within those countries high targets of offensive Russian and associated nation state cybersecurity attacks.

Cyber Attacks 139

Cyber Attacks Cybersecurity 139

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity