Schneier on Security
NOVEMBER 28, 2022
Laptop technicians routinely violate the privacy of the people whose computers they repair: Researchers at University of Guelph in Ontario, Canada, recovered logs from laptops after receiving overnight repairs from 12 commercial shops. The logs showed that technicians from six of the locations had accessed personal data and that two of those shops also copied data onto a personal device.
Krebs on Security
NOVEMBER 17, 2022
Peter is an IT manager for a technology manufacturer that got hit with a Russian ransomware strain called “ Zeppelin ” in May 2020. He’d been on the job less than six months, and because of the way his predecessor architected things, the company’s data backups also were encrypted by Zeppelin. After two weeks of stalling their extortionists, Peter’s bosses were ready to capitulate and pay the ransom demand.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Schneier on Security
NOVEMBER 17, 2022
Twitter is having intermittent problems with its two-factor authentication system: Not all users are having problems receiving SMS authentication codes, and those who rely on an authenticator app or physical authentication token to secure their Twitter account may not have reason to test the mechanism. But users have been self-reporting issues on Twitter since the weekend, and WIRED confirmed that on at least some accounts, authentication texts are hours delayed or not coming at all.
Troy Hunt
NOVEMBER 3, 2022
I've been investing a heap of time into Have I Been Pwned (HIBP) lately, ranging from all the usual stuff (namely trawling through masses of data breaches) to all new stuff, in particular expanding and enhancing the public API. The API is actually pretty simple: plug in an email address, get a result, and that's a very clearly documented process.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Tech Republic Security
NOVEMBER 7, 2022
As attackers target the ever-growing IoT attack surface, companies can reduce their risks with these six security best practices. The post 6 ways to reduce your IoT attack surface appeared first on TechRepublic.
Bleeping Computer
NOVEMBER 4, 2022
Internet domains for the popular Z-Library online eBook repository were seized early this morning by the U.S. Department of Justice, preventing easy access to the service. [.].
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
We Live Security
NOVEMBER 18, 2022
Both Tor and a VPN can greatly help you keep prying eyes away from your online life, but they’re also two very different beasts. Which is better for you? The post Tor vs. VPN: Which should you choose? appeared first on WeLiveSecurity.
Schneier on Security
NOVEMBER 1, 2022
It’s Iran’s turn to have its digital surveillance tools leaked : According to these internal documents, SIAM is a computer system that works behind the scenes of Iranian cellular networks, providing its operators a broad menu of remote commands to alter, disrupt, and monitor how customers use their phones. The tools can slow their data connections to a crawl, break the encryption of phone calls, track the movements of individuals or large groups, and produce detailed metadata summari
Graham Cluley
NOVEMBER 8, 2022
Mastodon is hot right now. After some years of only being used by geeks (yes, I've had an account for a while now) it's at the tipping point of becoming mainstream. If you're part of the exodus of users leaving Twitter for Mastodon, what are the security and privacy issues that you need to be aware of?
Tech Republic Security
NOVEMBER 23, 2022
Industrial IoT is gaining adoption, but this comes with some security risks. Check out the dangers and how you can avoid them. The post Top 6 security risks associated with industrial IoT appeared first on TechRepublic.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Bleeping Computer
NOVEMBER 4, 2022
The United Kingdom's National Cyber Security Centre (NCSC), the government agency that leads the country's cyber security mission, is now scanning all Internet-exposed devices hosted in the UK for vulnerabilities. [.].
Security Affairs
NOVEMBER 19, 2022
Cisco Talos spotted multiple updated versions of LodaRAT that were deployed alongside other malware families, including RedLine and Neshta. Researchers from Cisco Talos have monitored the LodaRAT malware over the course of 2022 and recently discovered multiple updated versions that have been deployed alongside other malware families, including RedLine and Neshta.
CyberSecurity Insiders
NOVEMBER 19, 2022
Researchers at Cyber Security Works, Ivanti, and Cyware identify new vulnerabilities, blindspots in popular network scanners, and emerging Advanced Persistent Threat (APT) groups in a joint ransomware report. By Aaron Sandeen, CEO and co-founder of Cyber Security Works. Since our last ransomware report earlier this year, both the severity and complexity of attacker tactics continue to grow as we head into the final quarter of 2022.
Cisco Security
NOVEMBER 29, 2022
Cisco supports the Open Cybersecurity Schema Framework and is a launch partner of AWS Security Lake. The Cisco Secure Technical Alliance supports the open ecosystem and AWS is a valued technology alliance partner, with integrations across the Cisco Secure portfolio, including SecureX, Secure Firewall, Secure Cloud Analytics, Duo, Umbrella, Web Security Appliance, Secure Workload, Secure Endpoint, Identity Services Engine, and more.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Digital Shadows
NOVEMBER 10, 2022
Sporting events, like the upcoming FIFA World Cup Qatar 2022 (Qatar 2022 World Cup), attract massive attention from every corner. The post Cyber Threats to the FIFA World Cup Qatar 2022 first appeared on Digital Shadows.
Tech Republic Security
NOVEMBER 14, 2022
Next year, cybercriminals will be as busy as ever. Are IT departments ready? The post Top cybersecurity threats for 2023 appeared first on TechRepublic.
Bleeping Computer
NOVEMBER 1, 2022
Dropbox disclosed a security breach after threat actors stole 130 code repositories after gaining access to one of its GitHub accounts using employee credentials stolen in a phishing attack. [.].
Security Affairs
NOVEMBER 28, 2022
Amazon Web Services (AWS) fixed a cross-tenant vulnerability that could have allowed attackers to gain unauthorized access to resources. Amazon Web Services (AWS) has addressed a cross-tenant confused deputy problem in its platform that could have allowed threat actors to gain unauthorized access to resources. The problem was reported to the company by researchers from Datadog on September 1, 2022, and the bug was solved on September 6.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
We Live Security
NOVEMBER 14, 2022
An overview of the activities of selected APT groups investigated and analyzed by ESET Research in T2 2022. The post ESET APT Activity Report T2 2022 appeared first on WeLiveSecurity.
CyberSecurity Insiders
NOVEMBER 28, 2022
Windows 11 is all set to get a VPN Status Indicator in its system tray, allowing users to connect or download files anonymously and without the revelation of their home or IP address. Therefore, all those using VPN services to browse websites, stream movies and download files can look at their network and proceed only when it shows a sign. According to a report that turned viral on Twitter, Windows 11 users will get an indicator as a shield icon to let us know whether their network is connected
Security Boulevard
NOVEMBER 3, 2022
Written by Christopher Hadnagy and Dr. Abbie Marono There is no denying the appeal of body-language focused blogs, particularly those […]. The post Dispelling Body Language Myths appeared first on Security Boulevard.
Tech Republic Security
NOVEMBER 2, 2022
Also including blockchain-related projects in the ban, SourceHut's creator said the technology is associated with fraudulent activities and high-risk investments. The post Open-source repository SourceHut to remove all cryptocurrency-related projects appeared first on TechRepublic.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Bleeping Computer
NOVEMBER 7, 2022
Mastodon, the free, open-source, decentralized micro-blogging social media platform, has surpassed a million monthly active users for the first time in its history. [.].
Security Affairs
NOVEMBER 10, 2022
A flaw in the ABB Totalflow system used in oil and gas organizations could be exploited by an attacker to inject and execute arbitrary code. Researchers from industrial security firm Claroty disclosed details of a vulnerability affecting ABB Totalflow flow computers and remote controllers. Flow computers are used to calculate volume and flow rates for oil and gas that are critical to electric power manufacturing and distribution.
SecureList
NOVEMBER 1, 2022
For more than five years, the Global Research and Analysis Team (GReAT) at Kaspersky has been publishing quarterly summaries of advanced persistent threat (APT) activity. These summaries are based on our threat intelligence research; and they provide a representative snapshot of what we have published and discussed in greater detail in our private APT reports.
CSO Magazine
NOVEMBER 22, 2022
As group leader for Cyber Adversary Engagement at MITRE Corp., Maretta Morovitz sees value in getting to know the enemy – she can use knowledge about cyber adversaries to distract, trick, and deflect them and develop strategies to help keep threat actors from getting whatever they’re after. That could mean placing decoys and lures that exploit their expectations for what an attacker will find when they first hack into an environment, she says.
Speaker: William Hord, Vice President of ERM Services
A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.
We Live Security
NOVEMBER 23, 2022
Malicious apps used in this active campaign exfiltrate contacts, SMS messages, recorded phone calls, and even chat messages from apps such as Signal, Viber, and Telegram. The post Bahamut cybermercenary group targets Android users with fake VPN apps appeared first on WeLiveSecurity.
Tech Republic Security
NOVEMBER 24, 2022
Looking for more information on PCI Compliance security? Read 14 security best practices for PCI (Payment Card Industry) Compliance with our guide. The post 14 PCI Compliance security best practices for your business appeared first on TechRepublic.
Bleeping Computer
NOVEMBER 1, 2022
The OpenSSL Project has patched two high-severity security flaws in its open-source cryptographic library used to encrypt communication channels and HTTPS connections. [.].
Security Affairs
NOVEMBER 23, 2022
Researchers discovered that analytics data associated with iPhone include Directory Services Identifier (DSID) that could allow identifying users. Researchers at software company Mysk discovered that analytics data collected by iPhone include the Directory Services Identifier (DSID), which could allow identifying users. Apple collects both DSID and Apple ID, which means that it can use the former to identify the user and retrieve associated personal information, including full name, phone number
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Expert insights. Personalized for you.
318 
Let's personalize your content