November, 2022

article thumbnail

Take The Stress Out of Securing Your Workforce

Jane Frankland

Sir Isaac Newton first presented his three laws of motion in 1686. His third law, is widely known and states that, “for every action there is an equal and opposing reaction.” We see this in business. As technology advances at speed, it enables just as many opportunities as it introduces threats.

article thumbnail

Computer Repair Technicians Are Stealing Your Data

Schneier on Security

Laptop technicians routinely violate the privacy of the people whose computers they repair: Researchers at University of Guelph in Ontario, Canada, recovered logs from laptops after receiving overnight repairs from 12 commercial shops.

Antivirus 267
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Researchers Quietly Cracked Zeppelin Ransomware Keys

Krebs on Security

Peter is an IT manager for a technology manufacturer that got hit with a Russian ransomware strain called “ Zeppelin ” in May 2020.

article thumbnail

Holiday Shopping Online: Safety on Black Friday, Cyber Monday

Lohrman on Security

What are the latest online security tips as we head into another holiday season? What’s the best cyber advice, and what shopping trends should you watch out for

192
192
article thumbnail

Successful Change Management with Enterprise Risk Management

Speaker: William Hord, Vice President of ERM Services

Join us as we discuss the various tangents of data and the change management process that will help you make better risk-based business decisions to save time and money for your organization.

article thumbnail

Failures in Twitter’s Two-Factor Authentication System

Schneier on Security

Twitter is having intermittent problems with its two-factor authentication system: Not all users are having problems receiving SMS authentication codes, and those who rely on an authenticator app or physical authentication token to secure their Twitter account may not have reason to test the mechanism.

article thumbnail

Top cybersecurity threats for 2023

Tech Republic Security

Next year, cybercriminals will be as busy as ever. Are IT departments ready? The post Top cybersecurity threats for 2023 appeared first on TechRepublic. Security malware phishing ransomware

More Trending

article thumbnail

Zero Trust Strategies for 2023: A Webinar With Renowned CyberSecurity Expert Joseph Steinberg

Joseph Steinberg

Zero Trust is becoming the new norm for securing corporate networks. The growing adoption of hybrid work models and the shift to the cloud have transformed the modern business network.

article thumbnail

Disneyland Malware Team: It’s a Puny World After All

Krebs on Security

A financial cybercrime group calling itself the Disneyland Team has been making liberal use of visually confusing phishing domains that spoof popular bank brands using Punycode , an Internet standard that allows web browsers to render domain names with non-Latin alphabets like Cyrillic.

Banking 215
article thumbnail

Will EV Charging Infrastructure Be Ready for Cyber Attacks?

Lohrman on Security

A Sandia National Laboratories study determined that electric vehicle charging stations are vulnerable to cyber attacks. What might happen next — and how hard will this be to fix

article thumbnail

Iran’s Digital Surveillance Tools Leaked

Schneier on Security

It’s Iran’s turn to have its digital surveillance tools leaked : According to these internal documents, SIAM is a computer system that works behind the scenes of Iranian cellular networks, providing its operators a broad menu of remote commands to alter, disrupt, and monitor how customers use their phones.

article thumbnail

Cover Your SaaS: How to Overcome Security Challenges and Risks For Your Organization

Speaker: Ronald Eddings, Cybersecurity Expert and Podcaster

In this webinar, Ronald Eddings, Cybersecurity Expert, will outline the relationship between SaaS apps and IT & security teams, along with several actionable solutions to overcome the new difficulties facing your organization.

article thumbnail

6 ways to reduce your IoT attack surface

Tech Republic Security

As attackers target the ever-growing IoT attack surface, companies can reduce their risks with these six security best practices. The post 6 ways to reduce your IoT attack surface appeared first on TechRepublic. CXO Internet of Things Security best practices iot security

IoT 165
article thumbnail

The Have I Been Pwned API Now Has Different Rate Limits and Annual Billing

Troy Hunt

A couple of weeks ago I wrote about some big changes afoot for Have I Been Pwned (HIBP), namely the introduction of annual billing and new rate limits. Today, it's finally here!

article thumbnail

GUEST ESSAY: ‘Nag attacks’ — this new phishing variant takes full advantage of notification fatigue

The Last Watchdog

One must admire the ingenuity of cybercriminals. Related: Thwarting email attacks. A new development in phishing is the “nag attack.” The fraudster commences the social engineering by irritating the targeted victim, and then follows up with an an offer to alleviate the annoyance. The end game, of course, is to trick an intended victim into revealing sensitive information or it could be to install malicious code.

Phishing 148
article thumbnail

Top Zeus Botnet Suspect “Tank” Arrested in Geneva

Krebs on Security

Vyacheslav “Tank” Penchukov , the accused 40-year-old Ukrainian leader of a prolific cybercriminal group that stole tens of millions of dollars from small to mid-sized businesses in the United States and Europe, has been arrested in Switzerland, according to multiple sources.

Banking 211
article thumbnail

How Preparation and Strategy Can Be Used to Fight and Defeat Any Ransomware Attack

Speaker: Karl Camilleri, Cloud Services Product Manager at phoenixNAP

Through a detailed analysis of major attacks and their consequences, Karl Camilleri, Cloud Services Product Manager at phoenixNAP, will discuss the state of ransomware and future predictions, as well as provide best practices for attack prevention and recovery.

article thumbnail

2022 Midterm Election Cybersecurity: Are We Ready?

Lohrman on Security

As we head into the pivotal 2022 midterm elections this week, how prepared are states to ensure votes are properly counted and protected from cyber attacks? Here’s a roundup of recent developments

article thumbnail

Another Event-Related Spyware App

Schneier on Security

Last month, we were warned not to install Qatar’s World Cup app because it was spyware. This month, it’s Egypt’s COP27 Summit app : The app is being promoted as a tool to help attendees navigate the event.

Spyware 238
article thumbnail

Microsoft Defender protects Mac and Linux from malicious websites

Tech Republic Security

Now that attackers can phish employees on any device and try to extract credentials, endpoint protection has to cover more than just Windows. The post Microsoft Defender protects Mac and Linux from malicious websites appeared first on TechRepublic. Microsoft Security Software security software

Phishing 162
article thumbnail

Data Breach Misattribution, Acxiom & Live Ramp

Troy Hunt

If you find your name and home address posted online, how do you know where it came from? Let's assume there's no further context given, it's just your legitimate personal data and it also includes your phone number, email address. and over 400 other fields of data.

article thumbnail

How to Avoid the Pain and Cost of PCI Compliance While Optimizing Payments

Speaker: P. Andrew Sjogren, Sr. Product Marketing Manager at Very Good Security, Matt Doka, Co-Founder and CTO of Fivestars, and Steve Andrews, President & CEO of the Western Bankers Association 

In this webinar, we have a great set of panelists who will take you through how Zero Data strategies can be used as part of a well-rounded compliance and security approach, and get you to market much sooner by also allowing for payment optimization. They’ll share how to grow your business faster and minimize costs for both security and compliance

article thumbnail

FIRESIDE CHAT: Anchoring security on granular visibility, proactive management of all endpoints

The Last Watchdog

Endpoints are where all are the connectivity action is. Related: Ransomware bombardments. And securing endpoints has once more become mission critical. This was the focal point of presentations at Tanium’s Converge 2022 conference which I had the privilege to attend last week at the Fairmont Austin in the Texas capital. I had the chance to visit with Peter Constantine, Tanium’s Senior Vice President Product Management.

Internet 140
article thumbnail

U.S. Govt. Apps Bundled Russian Code With Ties to Mobile Malware Developer

Krebs on Security

A recent scoop by Reuters revealed that mobile apps for the U.S. Army and the Centers for Disease Control and Prevention (CDC) were integrating software that sends visitor data to a Russian company called Pushwoosh , which claims to be based in the United States.

Mobile 193
article thumbnail

Where Next for Blockchain Technology After FTX Collapse?

Lohrman on Security

The bankruptcy filing by crypto giant FTX, along with the dramatic drop in the value of most cryptocurrencies in 2022, has raised new questions regarding the future of blockchain technology.

article thumbnail

An Untrustworthy TLS Certificate in Browsers

Schneier on Security

Spyware 239
article thumbnail

Back to the Office: Privacy and Security Solutions to Compliance Issues for 2021 and Beyond

Speaker: Mike Cramer, Director of HIPAA & Data Security at The Word & Brown Companies

Now that companies are slowly allowing employees to return to work at the office, it's time to re-evaluate your company’s posture towards privacy and security. Join Mike Cramer, Director of HIPAA & Data Security at The Word & Brown Companies, for a discussion that will focus on compliance and the types of privacy and security measures your company should be aware of, as well as tips and methods for implementing these measures.

article thumbnail

Top 6 security risks associated with industrial IoT

Tech Republic Security

Industrial IoT is gaining adoption, but this comes with some security risks. Check out the dangers and how you can avoid them. The post Top 6 security risks associated with industrial IoT appeared first on TechRepublic.

IoT 159
article thumbnail

Weekly Update 320

Troy Hunt

I feel like life is finally complete: I have beaches, sunshine and fast internet!

Internet 199
article thumbnail

MY TAKE: Can Matter 1.0 springboard us from truly smart homes to the Internet of Everything?

The Last Watchdog

Ever feel like your smart home has dyslexia? Siri and Alexa are terrific at gaining intelligence with each additional voice command. And yet what these virtual assistants are starkly missing is interoperability. Related: Why standards are so vital. Matter 1.0 is about to change that. This new home automation connectivity standard rolls out this holiday season with sky high expectations. The technology industry hopes that Matter arises as the lingua franca for the Internet of Things.

Internet 141
article thumbnail

LinkedIn Adds Verified Emails, Profile Creation Dates

Krebs on Security

Responding to a recent surge in AI-generated bot accounts, LinkedIn is rolling out new features that it hopes will help users make more informed decisions about with whom they choose to connect.

Scams 188
article thumbnail

Cisco Joins the Launch of Amazon Security Lake

Cisco CSR

Cisco supports the Open Cybersecurity Schema Framework and is a launch partner of AWS Security Lake.

Firewall 114
article thumbnail

Russian Software Company Pretending to Be American

Schneier on Security

Computer code developed by a company called Pushwoosh is in about 8,000 Apple and Google smartphone apps. The company pretends to be American when it is actually Russian.

Software 235
article thumbnail

Open-source repository SourceHut to remove all cryptocurrency-related projects

Tech Republic Security

Also including blockchain-related projects in the ban, SourceHut's creator said the technology is associated with fraudulent activities and high-risk investments. The post Open-source repository SourceHut to remove all cryptocurrency-related projects appeared first on TechRepublic.

article thumbnail

Get Pwned, for 30% Less!

Troy Hunt

We've had great feedback from people who have gotten Pwned. Loads of people had told us how much they've enjoyed it and would like to get their friends Pwned too. Personally, I think everyone should get Pwned!

193
193
article thumbnail

GUEST ESSAY: What ‘self-sovereign-identities’ are all about — and how SSIs can foster public good

The Last Watchdog

Government assistance can be essential to individual wellbeing and economic stability. This was clear during the COVID-19 pandemic, when governments issued trillions of dollars in economic relief. Related: Fido champions passwordless authentication. Applying for benefits can be arduous, not least because agencies need to validate applicant identity and personal identifiable information (PII).

article thumbnail

Lawsuit Seeks Food Benefits Stolen By Skimmers

Krebs on Security

A nonprofit organization is suing the state of Massachusetts on behalf of thousands of low-income families who were collectively robbed of more than a $1 million in food assistance benefits by card skimming devices secretly installed at cash machines and grocery store checkout lanes across the state.