Troy Hunt
MAY 29, 2024
Today we loaded 16.5M email addresses and 13.5M unique passwords provided by law enforcement agencies into Have I Been Pwned (HIBP) following botnet takedowns in a campaign they've coined Operation Endgame. That link provides an excellent over so start there then come back to this blog post which adds some insight into the data and explains how HIBP fits into the picture.
Krebs on Security
MAY 29, 2024
The U.S. Department of Justice (DOJ) today said they arrested the alleged operator of 911 S5 , a ten-year-old online anonymity service that was powered by what the director of the FBI called “likely the world’s largest botnet ever.” The arrest coincided with the seizure of the 911 S5 website and supporting infrastructure, which the government says turned computers running various “free VPN” products into Internet traffic relays that facilitated billions of dollars i
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Schneier on Security
MAY 28, 2024
Quantum computers are probably coming, though we don’t know when—and when they arrive, they will, most likely, be able to break our standard public-key cryptography algorithms. In anticipation of this possibility, cryptographers have been working on quantum-resistant public-key algorithms. The National Institute for Standards and Technology (NIST) has been hosting a competition since 2017, and there already are several proposed standards.
The Last Watchdog
MAY 21, 2024
There was a lot of buzz at RSAC 2024 about how GenAI and Large Language Models (LLM) are getting leveraged — by both attackers and defenders. Related: Is your company moving too slow or too fast on GenAI? One promising example of the latter comes from messaging security vendor IRONSCALES. I had the chance to sit down with Eyal Benishti , IRONSCALES founder and CEO, to get a breakdown of how their new Generative Adversarial Network (GAN) technology utilizes a specialized LLM to reinforce an
Speaker: Erroll Amacker
Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.
Lohrman on Security
MAY 12, 2024
As another RSA Conference in San Francisco ended on May 10, 2024, the global impact that cybersecurity and artificial intelligence bring to every area of life has become much more apparent.
Joseph Steinberg
MAY 23, 2024
Despite both a decades-long barrage of media reports of cyberattacks wreaking havoc on the public sector and private sector alike, and despite clear indications from the United States Securities and Exchange Commission (SEC) that corporate boards must be able to oversee the management of cyber-risk by their respective organizations, when to comes to actually delivering on their fiduciary duty as related to cybersecurity, today’s corporate boards often fail to perform as needed and as intended.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
|
Krebs on Security
MAY 23, 2024
The homepage of Stark Industries Solutions. Two weeks before Russia invaded Ukraine in February 2022, a large, mysterious new Internet hosting firm called Stark Industries Solutions materialized and quickly became the epicenter of massive distributed denial-of-service (DDoS) attacks on government and commercial targets in Ukraine and Europe. An investigation into Stark Industries reveals it is being used as a global proxy network that conceals the true source of cyberattacks and disinformation c
Schneier on Security
MAY 7, 2024
This attack has been feasible for over two decades: Researchers have devised an attack against nearly all virtual private network applications that forces them to send and receive some or all traffic outside of the encrypted tunnel designed to protect it from snooping or tampering. TunnelVision, as the researchers have named their attack, largely negates the entire purpose and selling point of VPNs, which is to encapsulate incoming and outgoing Internet traffic in an encrypted tunnel and to cloa
The Last Watchdog
MAY 23, 2024
AppSec has never been more challenging. By the same token, AppSec technology is advancing apace to help companies meet this challenge. Related: AppSec market trajectory At RSAC 2024 , I sat down with Bruce Snell , cybersecurity strategist at Qwiet.ai , to hear a break down about how Qwiet has infused it’s preZero platform, with graph-database capabilities to deliver SAST, SCA, container scanning and secrets detection in a single solution.
Lohrman on Security
MAY 19, 2024
The dramatic growth in GenAI and AI adoption is bringing increased demand for energy to power data centers. Where is this heading? How can we navigate a sustainable energy future with exploding technology usage?
Advertisement
Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.
Tech Republic Security
MAY 31, 2024
‘Operation Endgame’ is an ongoing, law enforcement effort to disrupt botnets, malware droppers and malware-as-a-service.
Troy Hunt
MAY 2, 2024
How many different angles can you have on one data breach? Facial recognition (which probably isn't actual biometrics), gambling, offshore developers, unpaid bills, extortion, sloppy password practices and now, an arrest. On pondering it more after today's livestream, it's the unfathomable stupidity of publishing this data publicly that really strikes me.
Krebs on Security
MAY 6, 2024
Virtual private networking (VPN) companies market their services as a way to prevent anyone from snooping on your Internet usage. But new research suggests this is a dangerous assumption when connecting to a VPN via an untrusted network, because attackers on the same network could force a target’s traffic off of the protection provided by their VPN without triggering any alerts to the user.
Schneier on Security
MAY 2, 2024
The UK is the first country to ban default passwords on IoT devices. On Monday, the United Kingdom became the first country in the world to ban default guessable usernames and passwords from these IoT devices. Unique passwords installed by default are still permitted. The Product Security and Telecommunications Infrastructure Act 2022 (PSTI) introduces new minimum-security standards for manufacturers, and demands that these companies are open with consumers about how long their products will rec
Advertisement
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
The Last Watchdog
MAY 13, 2024
KINGSTON, Wash. — U.S. Secretary of State Antony Blinken opened RSA Conference 2024 last week issuing a clarion call for the cybersecurity community to defend national security, nurture economic prosperity and reinforce democratic values. Related: The power of everyman conversing with AI Blinken That’s a tall order. My big takeaway from RSAC 2024 is this: the advanced technology and best practices know-how needed to accomplish the high ideals Secretary Blinken laid out are readily at hand
Lohrman on Security
MAY 26, 2024
Artificial intelligence is yielding unprecedented benefits, battles, opportunities and fears — and advancing faster than ever. What is the latest on the global AI landscape?
Tech Republic Security
MAY 30, 2024
The ShrinkLocker ransomware exploits the BitLocker feature on enterprise PCs to encrypt the entire local drive and remove recovery options.
Troy Hunt
MAY 19, 2024
This is the 400th time I've sat down in front of the camera and done one of these videos. Every single week since the 23rd of September in 2016 regardless of location, health, stress and all sorts of other crazy things that have gone on in my life for nearly the last 8 years now, I've done a video. As with so many of the things I create, these are as much for me as they are for you; doing these videos every week has given me a regular cadence amidst some pretty crazy times.
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
Krebs on Security
MAY 30, 2024
Law enforcement agencies in the United States and Europe today announced Operation Endgame, a coordinated action against some of the most popular cybercrime platforms for delivering ransomware and data-stealing malware.
Schneier on Security
MAY 30, 2024
No word on how this backdoor was installed: A software maker serving more than 10,000 courtrooms throughout the world hosted an application update containing a hidden backdoor that maintained persistent communication with a malicious website, researchers reported Thursday, in the latest episode of a supply-chain attack. The software, known as the JAVS Viewer 8, is a component of the JAVS Suite 8 , an application package courtrooms use to record, play back, and manage audio and video from proceed
The Last Watchdog
MAY 7, 2024
SAN FRANCISCO — Cloud security is stirring buzz as RSA Conference 2024 ramps up at Moscone Convention Center here. Related: The fallacy of ‘security-as-a-cost-center’ Companies are clambering to mitigate unprecedented exposures spinning out of their increasing reliance on cloud hosted resources. The unfolding disruption of Generative AI — and rising compliance requirements — add to the mix.
Security Affairs
MAY 27, 2024
Experts warn of a new ATM malware family that is advertised in the cybercrime underground, it was developed to target Europe. A threat actor is advertising a new ATM malware family that claims to be able of compromised 99% of devices in Europe. The threat actor is offering the malware for $30,000, he claims that the “EU ATM Malware” is designed from scratch and that can also target approximately 60% of ATMs worldwide.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Tech Republic Security
MAY 3, 2024
According to the M-Trends report, the average time it takes for an organisation to detect an attacker in their environment has decreased from 16 days in 2022 to 10 days in 2023.
Troy Hunt
MAY 27, 2024
Ah, episode 401, the unauthorised one! Ok, that was terrible, but what's not terrible is finally getting some serious dev resources behind HIBP. I touch on it in the blog post but imagine all the different stuff I have to spread myself across to run this thing, and how much time is left for actual coding. By welcoming Stefan to the team we're not doubling or tripling or even quadrupling the potential dev hours, it's genuinely getting close to 10x.
Krebs on Security
MAY 13, 2024
Last week, the United States joined the U.K. and Australia in sanctioning and charging a Russian man named Dmitry Yuryevich Khoroshev as the leader of the infamous LockBit ransomware group. LockBit’s leader “ LockBitSupp ” claims the feds named the wrong guy, saying the charges don’t explain how they connected him to Khoroshev.
Schneier on Security
MAY 3, 2024
The Polish Embassy has posted a series of short interview segments with Marian Rejewski, the first person to crack the Enigma. Details from his biography.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
The Last Watchdog
MAY 3, 2024
Businesses today need protection from increasingly frequent and sophisticated DDoS attacks. Service providers, data center operators, and enterprises delivering critical infrastructure all face risks from attacks. Related: The care and feeding of DDoS defenses But to protect their networks, they’ll need to enable accurate attack detection while keeping operations manageable and efficient.
Penetration Testing
MAY 27, 2024
In the cybersecurity field, web application firewalls (WAFs) are pivotal in defending web applications from malicious attacks. However, recent insights from Shubham Shah, a seasoned security researcher and co-founder of Assetnote, reveal significant limitations... The post Researcher Releases Techniques & Burp Extension to Help Bypass WAFs appeared first on Penetration Testing.
Tech Republic Security
MAY 17, 2024
Read about Black Basta ransomware’s impact and how to mitigate it. Plus, learn about recent ransomware trends.
Troy Hunt
MAY 11, 2024
The Post Millennial breach in this week's video is an interesting one, most notably because of the presence of the mailing lists. Now, as I've said in every piece of communication I've put out on this incident, the lists are what whoever defaced the site said TPM had and they certainly posted that data in the defacement message, but we're yet to hear a statement from the company itself.
Speaker: Sierre Lindgren
Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.
Expert insights. Personalized for you.
360 
Let's personalize your content