Schneier on Security
MARCH 24, 2022
In kernel version 5.17, both /dev/random and /dev/urandom have been replaced with a new — identical — algorithm based on the BLAKE2 hash function, which is an excellent security improvement.
Troy Hunt
MARCH 19, 2022
So the plan was to schedule this week's session in advance then right on 17:30 at my end, go live. It mostly worked, I just forgot to press the "go live" button having worked on the (obviously incorrect) assumption that would happen automatically. Lesson learned, session restarted, we'll be all good next week 😊 References Asking about IoT'ing the kids' showers led to lots of wrong answers (maybe I'm just scarred now knowing how much work is involved as so
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Lohrman on Security
MARCH 20, 2022
What have we learned so far regarding cybersecurity from the Russia-Ukraine war and related cyber incidents around the world? Let’s explore.
Krebs on Security
MARCH 22, 2022
Pavel Vrublevsky , founder of the Russian payment technology firm ChronoPay and the antagonist in my 2014 book “ Spam Nation ,” was arrested in Moscow this month and charged with fraud. Russian authorities allege Vrublevsky operated several fraudulent SMS-based payment schemes, and facilitated money laundering for Hydra , the largest Russian darknet market.
Speaker: Erroll Amacker
Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.
Schneier on Security
MARCH 23, 2022
The Office of Inspector General has audited NASA’s insider threat program: While NASA has a fully operational insider threat program for its classified systems, the vast majority of the Agency’s information technology (IT) systems — including many containing high-value assets or critical infrastructure — are unclassified and are therefore not covered by its current insider threat program.
Troy Hunt
MARCH 25, 2022
Wow, what a day yesterday! I mentioned at the start of this week's update that Charlotte and I jumped on a chopper with our parents to check out our wedding venue, here's the pics and I just added a video to the thread too: Well that was amazing; chopper ride to our wedding venue for lunch with our parents. So happy to live here and have access to such a wonderful place.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
|
The Last Watchdog
MARCH 21, 2022
It’s an irony often noted about wealth: The more money you have, the more you have to worry about money – managing it, protecting it, nurturing it for further growth. Related: Using employees as human sensors. For businesses, the same is now true about information. Data has become critical to your organization’s success. At the same time – in fact, as a direct result of data’s central importance – more adversaries are working harder and finding more nefarious ways to steal or otherwise compromis
Schneier on Security
MARCH 25, 2022
Gus Simmons is an early pioneer in cryptography and computer security. I know him best for his work on authentication and covert channels, specifically as related to nuclear treaty verification. His work is cited extensively in Applied Cryptography. He has written a memoir of growing up dirt-poor in 1930s rural West Virginia. I’m in the middle of reading it, and it’s fascinating.
Troy Hunt
MARCH 21, 2022
For the last 4 years, I've been providing API-level access to national government agencies so that they can search and monitor their government domains on Have I Been Pwned. Today, I'm very happy to welcome the 29th government to join the service, Italy! Via CSIRT-Italia within their National Cybersecurity Agency (ACN), they now have free access to breach data I hope will further empower them to protect their people in the wake of data breaches.
Tech Republic Security
MARCH 22, 2022
Half of the security pros surveyed by Laminar said their cloud environments were hit by a data breach in 2020 or 2021. The post Cloud security: How your public cloud environment may be vulnerable to data breach appeared first on TechRepublic.
Advertisement
Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.
Daniel Miessler
MARCH 20, 2022
I’m starting a new series with this 2022 edition where I think about what Information Security could or should look like in the distant future—say in 2050. The ideas will cover multiple aspects of InfoSec, from organizational structure to technology. I’m doing this for fun—basically to see how dumb I look later—but I also hope it’ll drive interesting discussions on where things should go.
Schneier on Security
MARCH 21, 2022
This is a big deal : A developer has been caught adding malicious code to a popular open-source package that wiped files on computers located in Russia and Belarus as part of a protest that has enraged many users and raised concerns about the safety of free and open source software. The application, node-ipc, adds remote interprocess communication and neural networking capabilities to other open source code libraries.
Bleeping Computer
MARCH 25, 2022
A set of flaws affecting the world's leading messaging and email platforms, including Instagram, iMessage, WhatsApp, Signal, and Facebook Messenger, has allowed threat actors to create legitimate-looking phishing URLs for the past three years. [.].
Tech Republic Security
MARCH 25, 2022
SecureWorks announced the themes and trends of cybersecurity incidents recorded in 2021 so you can better protect your business in 2022. The post Cybersecurity incident response: Lessons learned from 2021 appeared first on TechRepublic.
Advertisement
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
Malwarebytes
MARCH 24, 2022
In two security advisories, HP has alerted users to the existence of security vulnerabilities in several of its printer models. In total, four vulnerabilities were patched, but three of those vulnerabilities are rated critical, and all of them can lead to remote code execution (RCE) when exploited. Link-Local Multicast Name Resolution. CVE-2022-3942 is a vulnerability rated with a CVSS score of 8.4 out of 10.
The Hacker News
MARCH 24, 2022
Before hunting malware, every researcher needs to find a system where to analyze it. There are several ways to do it: build your own environment or use third-party solutions. Today we will walk through all the steps of creating a custom malware sandbox where you can perform a proper analysis without infecting your computer. And then compare it with a ready-made service.
Cisco Security
MARCH 24, 2022
Lately, there has been a lot of chatter around the 3.x release designation for Cisco Identity Services Engine, known to over 45,000 customers as ISE. ISE has been the market’s leading network access and control solution for over ten years. So, as we look to end support for older versions, including ISE 2.7, what’s the big deal about 3.x? ISE from the cloud . 3.x – A cloud-ready, modernized approach to securing access to your managed infrastructure. .
Tech Republic Security
MARCH 25, 2022
Nutanix’s new report details why the move to multicloud is important for security. The post Healthcare industry still lagging in multicloud adoption appeared first on TechRepublic.
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
Bleeping Computer
MARCH 25, 2022
The Federal Communications Commission (FCC) added Russian cybersecurity firm Kaspersky to its Covered List, saying it poses unacceptable risks to U.S. national security. [.].
Security Boulevard
MARCH 24, 2022
Cloud adoption continues to accelerate and exceed expectations year after year. Gartner expects public cloud services to grow another 21.7% in 2022, and while this is a positive direction for the industry as a whole, it creates a dramatic shift in cybersecurity risks. It also prompts a reevaluation of the solutions required to address those. The post Are You Prepared for Your Next Cloud Incident?
SecureList
MARCH 24, 2022
What are phishing kits? One of the most common tricks scammers use in phishing attacks is to create a fake official page of a famous brand. Attackers tend to copy design elements from the real website, which is why users can find it hard to distinguish the fake pages from the official ones. Even phishing page domain name can often look like the real web address of a certain brand, as cybercriminals include the name of the company or service they are posing as in the URL.
Tech Republic Security
MARCH 25, 2022
While ransomware has been around for decades, its prevalence has exploded over the last two years. These attacks used to be perpetrated by individuals; now they’re launched by networked groups of affiliates who buy and sell each other’s specialized skills and toolkits. Attacks were once unfocused and one- dimensional; now they use targeted, multi-layered tactics.
Speaker: Sierre Lindgren
Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.
Security Affairs
MARCH 25, 2022
Anonymous announced that the affiliate group Black Rabbit World has leaked 28 GB of data stolen from the Central Bank of Russia. This week the Anonymous hacker collective claims to have hacked the Central Bank of Russia and stole accessed 35,000 documents. The group of hacktivists announced that will leak the stolen documents in 48 hours. Anonymous hacks Russia's Central Bank and more than 35,000 files will be exposed in 48 hours. pic.twitter.com/0VUhqVmo89 — Anonymous (@LatestAnonPres
Security Boulevard
MARCH 24, 2022
It was the third week of January 2022 and the offer letter was signed and accepted; Guarav Kathuria was on his way out the door to start the next chapter in his career and closing out his 12-plus years at Qualcomm. Nothing to see here—this scenario happens to thousands of engineers each month. Except, well, The post Qualcomm: ‘We’d Like Our IP Back, Please’ appeared first on Security Boulevard.
Bleeping Computer
MARCH 25, 2022
Google has released Chrome 99.0.4844.84 for Windows, Mac, and Linux users to address a high-severity zero-day bug exploited in the wild. [.].
Tech Republic Security
MARCH 25, 2022
Encryption software protects confidential and private data in transit and at rest by making it accessible only to authorized individuals. Learn about the best encryption software and techniques. The post Best encryption software 2022 appeared first on TechRepublic.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Malwarebytes
MARCH 25, 2022
Russia is in the midst of its fourth week of attack against Ukraine. People worldwide have been increasingly and passionately showing support for Ukrainians since day one while condemning the atrocities of Russian President Vladimir Putin, the Russian military, and Belarus, its allied country. While there is truly increased risk against lives and property in the frontline, we have also seen certain risks online affecting individuals and businesses alike.
We Live Security
MARCH 24, 2022
ESET Research uncovers a sophisticated scheme that distributes trojanized Android and iOS apps posing as popular cryptocurrency wallets. The post Crypto malware in patched wallets targeting Android and iOS devices appeared first on WeLiveSecurity.
Bleeping Computer
MARCH 24, 2022
Morgan Stanley Wealth Management, the wealth and asset management division of Morgan Stanley, says some of its customers had their accounts compromised following vishing attacks. [.].
Tech Republic Security
MARCH 22, 2022
LogRhythm and Splunk are security information and event management solutions with many similarities. Check out this features comparison of LogRhythm and Splunk to help you decide between these SIEM tools. The post LogRhythm vs. Splunk: SIEM tool comparison appeared first on TechRepublic.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Expert insights. Personalized for you.
351 
Let's personalize your content