January, 2022

article thumbnail

How I Got Pwned by My Cloud Costs

Troy Hunt

I have been, and still remain, a massive proponent of "the cloud" I built Have I Been Pwned (HIBP) as a cloud-first service that took advantage of modern cloud paradigms such as Azure Table Storage to massively drive down costs at crazy levels of performance I never could have achieved before. I wrote many blog posts about doing big things for small dollars and did talks all over the world about the great success I'd had with these approaches.

Passwords 363
article thumbnail

500M Avira Antivirus Users Introduced to Cryptomining

Krebs on Security

Many readers were surprised to learn recently that the popular Norton 360 antivirus suite now ships with a program which lets customers make money mining virtual currency. But Norton 360 isn’t alone in this dubious endeavor: Avira antivirus — which has built a base of 500 million users worldwide largely by making the product free — was recently bought by the same company that owns Norton 360 and is introducing its customers to a service called Avira Crypto.

Antivirus 344
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

New Paper: “Future Of The SOC: Process Consistency and Creativity: a Delicate Balance” (Paper 3 of…

Anton on Security

New Paper: “Future Of The SOC: Process Consistency and Creativity: a Delicate Balance” (Paper 3 of 4) Sorry, it took us a year (long story), but paper #3 in Deloitte/Google collaboration on SOC is finally out. Enjoy “Future Of The SOC: Process Consistency and Creativity: a Delicate Balance” [PDF]. If you missed them, the previous papers are: “Future of the SOC: Forces shaping modern security operations” [PDF] (Paper 1 of 4) “Future of the SOC: SOC People?

article thumbnail

Microsoft RDP vulnerability makes it a breeze for attackers to become men-in-the-middle

Tech Republic Security

The Microsoft RDP vulnerability is a serious problem, but with a few caveats: It's been patched, and experts say it may be less likely to happen than it seems at first glance.

218
218
article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

FBI warns of malicious QR codes used to steal your money

Bleeping Computer

The Federal Bureau of Investigation (FBI) warned Americans this week that cybercriminals are using maliciously crafted Quick Response (QR) codes to steal their credentials and financial info. [.].

145
145
article thumbnail

China’s Olympics App Is Horribly Insecure

Security Boulevard

China is mandating that athletes download and use a health and travel app when they attend the Winter Olympics next month. Citizen Lab examined the app and found it riddled with security holes. Key Findings: MY2022, an app mandated for use by all attendees of the 2022 Olympic Games in Beijing, has a simple but devastating flaw where encryption protecting users’ voice audio and file transfers can be trivially sidestepped.

More Trending

article thumbnail

New iPhone malware spies via camera when device appears off

Malwarebytes

When removing malware from an iOS device, it is said that users need to restart the device to clear the malware from memory. That is no longer the case. Security researchers from ZecOps have created a new proof-of-concept (PoC) iPhone Trojan capable of doing “fun” things. Not only can it fake a device shutting down, it can also let attackers snoop via the device’s built-in microphone and camera, and receive potentially sensitive data due to it still being connected to a live ne

Malware 145
article thumbnail

Hacking group accidentally infects itself with Remote Access Trojan horse

Graham Cluley

Patchwork, an Indian hacking group also known by such bizarre names as Hangover Group, Dropping Elephant, Chinastrats, and Monsoon, has proven the old adage that to err is human, but to really c**k things up you need to be a cybercriminal.

Hacking 145
article thumbnail

Google Drive accounted for the most malware downloads from cloud storage sites in 2021

Tech Republic Security

Google took over the top spot for malicious downloads from Microsoft OneDrive as attackers created free accounts, uploaded malware and shared documents with unsuspecting users, says Netskope.

article thumbnail

Linux malware sees 35% growth during 2021

Bleeping Computer

The number of malware infections on Linux-based IoT (internet of things) devices rose by 35% in 2021 compared to the previous year's numbers. The principal goal was recruiting devices to be part of DDoS (distributed denial of service) attacks. [.].

Malware 145
article thumbnail

Beware of Pixels & Trackers on U.S. Healthcare Websites

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

article thumbnail

Cybercrime: Rising Concern to Cyber World

Security Boulevard

As per an article by The Hindu, 50,035 cases of cybercrime were reported in 2020, 11.8% more than in 2019 while 60.2% of cybercrimes were of fraud. Every organization or institution has some sort of information or data that needs to be protected. Organizations invest large sums of money to secure that information and data. […]. The post Cybercrime: Rising Concern to Cyber World appeared first on Kratikal Blogs.

article thumbnail

Social media in the workplace: Cybersecurity dos and don’ts for employees

We Live Security

Do you often take to social media to broadcast details about your job, employer or coworkers? Think before you share – less may be more. The post Social media in the workplace: Cybersecurity dos and don’ts for employees appeared first on WeLiveSecurity.

Media 145
article thumbnail

Hackers Planted Secret Backdoor in Dozens of WordPress Plugins and Themes

The Hacker News

In yet another instance of software supply chain attack, dozens of WordPress themes and plugins hosted on a developer's website were backdoored with malicious code in the first half of September 2021 with the goal of infecting further sites.

Software 144
article thumbnail

Top 7 BFSI Cybersecurity Trends for the Year 2022 that you Need to Know

Appknox

BFSI (Banking, Financial Service and Insurance) organizations have remained a primary target of cybercriminals over the last several years. Given the amount of sensitive data that the BFSI sector has to deal with, they become an obvious goldmine for hackers and that is why they have to prioritise cybersecurity above all else.

article thumbnail

Software Composition Analysis: The New Armor for Your Cybersecurity

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

article thumbnail

9 ways that cybersecurity may change in 2022

Tech Republic Security

As malicious bot activity increases and attacks surge against APIs, MFA will become more of a mandate and the CISO will take on a greater role, predicts Ping Identity CEO and founder Andre Durand.

CISO 218
article thumbnail

New Intel chips won't play Blu-ray disks due to SGX deprecation

Bleeping Computer

Intel has removed support for SGX (software guard extension) in 12th Generation Intel Core 11000 and 12000 processors, rendering modern PCs unable to playback Blu-ray disks in 4K resolution. [.].

Software 145
article thumbnail

How to Check If your JavaScript Security is Working

Security Boulevard

Knowing whether your JavaScript is secure is crucial to maintaining a safe user experience for your customers. Learn how to check! The post How to Check If your JavaScript Security is Working appeared first on Feroot. The post How to Check If your JavaScript Security is Working appeared first on Security Boulevard.

145
145
article thumbnail

5 ways hackers steal passwords (and how to stop them)

We Live Security

From social engineering to looking over your shoulder, here are some of the most common tricks that bad guys use to steal passwords. The post 5 ways hackers steal passwords (and how to stop them) appeared first on WeLiveSecurity.

Passwords 145
article thumbnail

From Complexity to Clarity: Strategies for Effective Compliance and Security Measures

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

article thumbnail

Hackers take over 1.1 million accounts by trying reused passwords

Malwarebytes

The New York State Office of the Attorney General has warned 17 companies that roughly 1.1 million customers have had their user accounts compromised in credential stuffing attacks. Credential stuffing is the automated injection of stolen username and password pairs in to website login forms, in order to fraudulently gain access to user accounts. Many users reuse the same password and username/email, so if those credentials are stolen from one site—say, in a data breach or phishing attack—attack

Passwords 141
article thumbnail

A Cybersecurity Role Has Topped List of Best Jobs

CyberSecurity Insiders

“Information security analyst” tops the U.S. News & World Report 2022 Best Jobs list. The list ranks the 100 best jobs across 17 sectors including business, healthcare and technology, taking into account factors such as growth potential, salary and work-life balance. Having a cybersecurity position at the top of the list is exciting for a young industry that has struggled with perception problems.

article thumbnail

URL parsing: A ticking time bomb of security exploits

Tech Republic Security

The modern world would grind to a halt without URLs, but years of inconsistent parsing specifications have created an environment ripe for exploitation that puts countless businesses at risk.

Risk 216
article thumbnail

Safari bug leaks your Google account info, browsing history

Bleeping Computer

There's a problem with the implementation of the IndexedDB API in Safari's WebKit engine, which could result in leaking browsing histories and even user identities to anyone exploiting the flaw. [.].

article thumbnail

Successful Change Management with Enterprise Risk Management

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

article thumbnail

Does Your Cyberinsurance Policy Cover Cyberwar?

Security Boulevard

Despite your best efforts to prevent it, you get hit by a massive cyberattack. Maybe it’s a data breach; maybe a ransomware attack or maybe a supply chain disruption. You engage a forensics team, work with law enforcement entities and find out that the likely perpetrators were hackers in Russia; possibly working with the Russian. The post Does Your Cyberinsurance Policy Cover Cyberwar?

article thumbnail

Breaking the habit: Top 10 bad cybersecurity habits to shed in 2022

We Live Security

Be alert, be proactive and break these 10 bad habits to improve your cyber-hygiene in 2022. The post Breaking the habit: Top 10 bad cybersecurity habits to shed in 2022 appeared first on WeLiveSecurity.

article thumbnail

The Prometheus traffic direction system is a major player in malware distribution

CSO Magazine

Cybercrime is fueled by a complex ecosystem of criminal groups that specialize on different pieces of the final attack chains experienced by victims. There are the malware developers, the access brokers, the spammers, the private information sellers, the botnet operators, the malvertizers and more. One service that is often overlooked but still plays an important role in malware delivery are so-called traffic direction systems (TDS).

Malware 142
article thumbnail

Is Your Security Stack and Legacy Tech Keeping Pace With Your Business?

CyberSecurity Insiders

Knowing When to Move Threat Detection, Investigation and Response (TDIR) to the Cloud. By Tyler Farrar, CISO, Exabeam. The pandemic spurred digital transformation unlike anything we have ever seen since the dawn of the internet as we know it. While organizations faced an unknown road ahead, they were quick to adapt. Unfortunately, so were cyber adversaries.

article thumbnail

Cover Your SaaS: How to Overcome Security Challenges and Risks For Your Organization

Speaker: Ronald Eddings, Cybersecurity Expert and Podcaster

So, you’ve accomplished an organization-wide SaaS adoption. It started slow, and now just a few team members might be responsible for running Salesforce, Slack, and a few others applications that boost productivity, but it’s all finished. Or is it? Through all the benefits offered by SaaS applications, it’s still a necessity to onboard providers as quickly as possible.

article thumbnail

The rise of the CISO: The escalation in cyberattacks makes this role increasingly important

Tech Republic Security

As the digital landscape has grown, the organizational need for cybersecurity and data protection has risen. A new study takes a look at where CISOs stand in businesses.

CISO 216
article thumbnail

Researchers use GPU fingerprinting to track users online

Bleeping Computer

A team of researchers from French, Israeli, and Australian universities has explored the possibility of using people's GPUs to create unique fingerprints and use them for persistent web tracking. [.].

145
145
article thumbnail

5 Reasons Why You Shouldn’t Wait Any Longer to Deploy MFA

Security Boulevard

MFA, or multi-factor authentication, has the power to prevent the majority of data breaches. Yet many organizations are still lagging in implementation. The post 5 Reasons Why You Shouldn’t Wait Any Longer to Deploy MFA appeared first on Security Boulevard.

article thumbnail

CES 2022 – the “anyone can make an electric car” edition

We Live Security

But as we learned in mashing up other technologies, the security devil is in the details. The post CES 2022 – the “anyone can make an electric car” edition appeared first on WeLiveSecurity.

article thumbnail

How Preparation and Strategy Can Be Used to Fight and Defeat Any Ransomware Attack

Speaker: Karl Camilleri, Cloud Services Product Manager at phoenixNAP

Did you know that 2021 was a record-breaking year for ransomware? The days of a “once in a while” attack against businesses and organizations are over. Cyberthreats have become a serious issue. With 495.1 million attacks, the threat marked a 148% increase compared to 2020 and was the most expensive year on record! As a result, data protection needs to be a concern for most banks, businesses, and information technology specialists.