April, 2022

You Can Now Ask Google to Remove Your Phone Number, Email or Address from Search Results

Krebs on Security

Google said this week it is expanding the types of data people can ask to have removed from search results, to include personal contact information like your phone number, email address or physical address.

Undetectable Backdoors in Machine-Learning Models

Schneier on Security

New paper: “ Planting Undetectable Backdoors in Machine Learning Models : Abstract : Given the computational cost and technical expertise required to train machine learning models, users may delegate the task of learning to a service provider.

283
283
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Welcoming the North Macedonian Government to Have I Been Pwned

Troy Hunt

In my ongoing bid to make more useful information on data breaches available to impacted national governments , today I'm very happy to welcome the 32nd national CERT to Have I Been Pwned, the Republic of North Macedonia!

Don’t Let Encryption Become A Double-Edged Sword That Undermines Zero Trust CyberSecurity

Joseph Steinberg

It is no secret that cybersecurity professionals universally recommend that people, businesses, and governments employ strong encryption as one of several methods of protecting sensitive information.

How Preparation and Strategy Can Be Used to Fight and Defeat Any Ransomware Attack

Speaker: Karl Camilleri, Cloud Services Product Manager at phoenixNAP

Through a detailed analysis of major attacks and their consequences, Karl Camilleri, Cloud Services Product Manager at phoenixNAP, will discuss the state of ransomware and future predictions, as well as provide best practices for attack prevention and recovery.

Will Supply Chain Delays Impact Your Next Project?

Lohrman on Security

Where next for supply chain disruptions? How will this impact technology projects and plans? Let’s explore

BEST PRACTICES: Blunting ‘BEC’ capers that continue to target, devastate SMBs and enterprises

The Last Watchdog

It’s no secret that cyberattacks can happen to any business, and we should all be suspicious of messages from unfamiliar senders appearing in our email inboxes. Related: Deploying human sensors. But surely, we can feel confident in email communications and requests from our organization’s executives and fellow coworkers, right? The short answer: Not always. The reason is the rise in business email compromise (BEC) schemes.

Scams 175

More Trending

Clever Cryptocurrency Theft

Schneier on Security

Beanstalk Farms is a decentralized finance project that has a majority stake governance system: basically people have proportiona votes based on the amount of currency they own.

Breach Disclosure Blow-by-Blow: Here's Why It's so Hard

Troy Hunt

For many years now, I've lamented about how much of my time is spent attempting to disclose data breaches to impacted companies.

20 Years of SIEM Webinar Q&A

Anton on Security

I recently did this fun SANS webinar titled “Anton Chuvakin Discusses “20 Years of SIEM?—?What’s What’s Next?”” (the seemingly self-centered title was suggested by CardinalOps who organized the webinar). As it is common for SANS webinars , we got a lot of great questions that I feel like re-answering here for posterity. Q: When do you think the industry will understand what XDR entails?

Why Your Enterprise Needs FIDO Authentication Technology

Lohrman on Security

The Fast Identity Online Alliance (FIDO) offers a growing list of ways to authenticate users with a goal of reducing passwords. But why is it needed? How does it work? Where is this technology heading

Cover Your SaaS: How to Overcome Security Challenges and Risks For Your Organization

Speaker: Ronald Eddings, Cybersecurity Expert and Podcaster

In this webinar, Ronald Eddings, Cybersecurity Expert, will outline the relationship between SaaS apps and IT & security teams, along with several actionable solutions to overcome the new difficulties facing your organization.

GUEST ESSAY: The wisdom of taking a risk-based approach to security compliance

The Last Watchdog

Today, all organizations are required or encouraged to meet certain standards and regulations to protect their data against cybersecurity threats. The regulations vary across countries and industries, but they are designed to protect customers from the threat of posed data breaches. . Related: The value of sharing third-party risk assessments.

Risk 158

Microsoft Patch Tuesday, April 2022 Edition

Krebs on Security

Microsoft on Tuesday released updates to fix roughly 120 security vulnerabilities in its Windows operating systems and other software. Two of the flaws have been publicly detailed prior to this week, and one is already seeing active exploitation, according to a report from the U.S.

DNS 213

Bypassing Two-Factor Authentication

Schneier on Security

These techniques are not new, but they’re increasingly popular : …some forms of MFA are stronger than others, and recent events show that these weaker forms aren’t much of a hurdle for some hackers to clear.

Welcoming the Serbian Government to Have I Been Pwned

Troy Hunt

Supporting national governments has been a major cornerstone of Have I Been Pwned for the last 4 years. Today, I'm very happy to welcome the 31st government on board, Serbia!

How to Avoid the Pain and Cost of PCI Compliance While Optimizing Payments

Speaker: P. Andrew Sjogren, Sr. Product Marketing Manager at Very Good Security, Matt Doka, Co-Founder and CTO of Fivestars, and Steve Andrews, President & CEO of the Western Bankers Association 

In this webinar, we have a great set of panelists who will take you through how Zero Data strategies can be used as part of a well-rounded compliance and security approach, and get you to market much sooner by also allowing for payment optimization. They’ll share how to grow your business faster and minimize costs for both security and compliance

Protecting your Customers and Brand in 2022: Are you doing enough?

Jane Frankland

No matter who you are, what you do, or where you reside, one thing is certain. In today’s digital economy, everyone is experiencing record evolution. Customers want more, and so do their stakeholders.

CISO 130

What’s the Best Movie About Hackers? (Book Review)

Lohrman on Security

What do hackers really do? How do they do it? To answer these questions, many people turn to movies to learn and be entertained. Hacker’ s Movie Guide by Steve Morgan and Connor Morgan can help explore your options

147
147

GUEST ESSAY: NewsCorp hack shows cyber espionage, squelching of press freedom on the rise

The Last Watchdog

As the dust settles following the recently disclosed hack of NewsCorp , important lessons are emerging for the cybersecurity and journalism communities. Related: How China challenged Google in Operation Aurora. The Chinese government is well known for its censorship– and frequent harassment and intimidation of foreign journalists. These are the foremost reasons China is ranked fourth worst globally regarding press freedoms.

Actions Target Russian Govt. Botnet, Hydra Dark Market

Krebs on Security

The U.S. Federal Bureau of Investigation (FBI) says it has disrupted a giant botnet built and operated by a Russian government intelligence unit known for launching destructive cyberattacks against energy infrastructure in the United States and Ukraine.

Back to the Office: Privacy and Security Solutions to Compliance Issues for 2021 and Beyond

Speaker: Mike Cramer, Director of HIPAA & Data Security at The Word & Brown Companies

Now that companies are slowly allowing employees to return to work at the office, it's time to re-evaluate your company’s posture towards privacy and security. Join Mike Cramer, Director of HIPAA & Data Security at The Word & Brown Companies, for a discussion that will focus on compliance and the types of privacy and security measures your company should be aware of, as well as tips and methods for implementing these measures.

AirTags Are Used for Stalking Far More than Previously Reported

Schneier on Security

Ever since Apple introduced AirTags, security people have warned that they could be used for stalking.

270
270

Weekly Update 289

Troy Hunt

Everyone just came for the Ubiquiti discussion, right? This is such a tricky one; if their products sucked we could all just forget about them and go on with our day.

SOC is Not Dead Yet It May Be Reborn As Security Operations Center of Excellence

Anton on Security

For many years, security practitioners imagined a security operations center (SOC) as a big room, full of expensive monitors and chairs. In these minds, rows of analysts sitting in those chairs and watching those monitors for blinking alerts made SOC, well, a SOC. This vision of the security operations center is derived from the original vision of the network operation center (NOC) that predates SOC by perhaps another decade or two.

7 Budgeting Tips for Government IT Security Leaders

Lohrman on Security

How can public-sector CISOs navigate the complicated issues surrounding budgets? Through good times and bad, these ideas can help

CISO 127

GUEST ESSAY: Defending ransomware boils down to this: make it very costly for cybercriminals

The Last Watchdog

From financial institutions to meat producers, it seems every industry has been impacted by ransomware in the past year — maybe even the past week. The world’s largest enterprises to the smallest mom-and-pop shops have been devastated by cybercriminals who are looking to hold assets hostage for a big pay day. Related: Tech solutions alone can’t stop ransomware. Why the stark increase? Put simply, ransomware attacks are on the rise because of profits.

The Original APT: Advanced Persistent Teenagers

Krebs on Security

Many organizations are already struggling to combat cybersecurity threats from ransomware purveyors and state-sponsored hacking groups, both of which tend to take days or weeks to pivot from an opportunistic malware infection to a full blown data breach.

Russian Cyberattack against Ukrainian Power Grid Prevented

Schneier on Security

A Russian cyberweapon, similar to the one used in 2016, was detected and removed before it could be used.

Weekly Update 291

Troy Hunt

Bit of a long one this week, just due to a bunch of stuff all coinciding at the same time. The drone is obviously the coolest one and it was interesting to hear other people's experiences with theirs.

Cloud Security Podcast by Google?—?Popular Episodes by Topic

Anton on Security

Cloud Security Podcast by Google?—?Popular Popular Episodes by Topic This is simply a post that categorizes our podcast episodes by topic and then by download/listen count.

Russia Is Being Hacked at an Unprecedented Scale

WIRED Threat Level

From “IT Army” DDoS attacks to custom malware, the country has become a target like never before. Security Security / Cyberattacks and Hacks

DDOS 114

SHARED INTEL: How Russia’s war mongering compromises those holding security clearances

The Last Watchdog

While global commerce is an important aspect of the world economy, individuals who hold national security clearances need to be aware that some of the activities they engage in could pose a security risk and may negatively impact their security clearances. Related: Russia takes steps to radicalize U.S. youth.

Risk 148

RaidForums Gets Raided, Alleged Admin Arrested

Krebs on Security

The U.S. Department of Justice (DOJ) said today it seized the website and user database for RaidForums , an extremely popular English-language cybercrime forum that sold access to more than 10 billion consumer records stolen in some of the world’s largest data breaches since 2015.

SMS Phishing Attacks are on the Rise

Schneier on Security

SMS phishing attacks — annoyingly called “smishing” — are becoming more common. I know that I have been receiving a lot of phishing SMS messages over the past few months. I am not getting the “Fedex package delivered” messages the article talks about.

Weekly Update 293

Troy Hunt

Didn't get a lot done this week, unless you count scuba diving, snorkelling, spear fishing and laying around on tropical sand cays 😎 This week is predominantly about the time we just spent up on the Great Barrier Reef which has very little relevance to infosec, IoT, 3D printing and the other usual topics.

Improvise, Adapt, Overcome: Building Security Resilience in a World of Uncertainty

Cisco CSR

For my very first interview for the Security Stories podcast , I met a wonderful person called Mick Jenkins, MBE. Mick is sadly no longer with us, but his story will stay with me forever. One of Mick’s philosophies was centred around the importance of cyber resilience.

Retail 114