Schneier on Security
MARCH 24, 2022
In kernel version 5.17, both /dev/random and /dev/urandom have been replaced with a new — identical — algorithm based on the BLAKE2 hash function, which is an excellent security improvement.
Troy Hunt
MARCH 19, 2022
So the plan was to schedule this week's session in advance then right on 17:30 at my end, go live. It mostly worked, I just forgot to press the "go live" button having worked on the (obviously incorrect) assumption that would happen automatically. Lesson learned, session restarted, we'll be all good next week 😊 References Asking about IoT'ing the kids' showers led to lots of wrong answers (maybe I'm just scarred now knowing how much work is involved as so
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Lohrman on Security
MARCH 20, 2022
What have we learned so far regarding cybersecurity from the Russia-Ukraine war and related cyber incidents around the world? Let’s explore.
Tech Republic Security
MARCH 24, 2022
A study from Nokia outlining the growing number of botnet attacks shows a larger amount of sophistication by hackers. The post Nokia: Botnet DDoS attacks are on the rise appeared first on TechRepublic.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Schneier on Security
MARCH 21, 2022
This is a big deal : A developer has been caught adding malicious code to a popular open-source package that wiped files on computers located in Russia and Belarus as part of a protest that has enraged many users and raised concerns about the safety of free and open source software. The application, node-ipc, adds remote interprocess communication and neural networking capabilities to other open source code libraries.
Troy Hunt
MARCH 21, 2022
For the last 4 years, I've been providing API-level access to national government agencies so that they can search and monitor their government domains on Have I Been Pwned. Today, I'm very happy to welcome the 29th government to join the service, Italy! Via CSIRT-Italia within their National Cybersecurity Agency (ACN), they now have free access to breach data I hope will further empower them to protect their people in the wake of data breaches.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Tech Republic Security
MARCH 22, 2022
Half of the security pros surveyed by Laminar said their cloud environments were hit by a data breach in 2020 or 2021. The post Cloud security: How your public cloud environment may be vulnerable to data breach appeared first on TechRepublic.
Schneier on Security
MARCH 25, 2022
Gus Simmons is an early pioneer in cryptography and computer security. I know him best for his work on authentication and covert channels, specifically as related to nuclear treaty verification. His work is cited extensively in Applied Cryptography. He has written a memoir of growing up dirt-poor in 1930s rural West Virginia. I’m in the middle of reading it, and it’s fascinating.
Troy Hunt
MARCH 25, 2022
Wow, what a day yesterday! I mentioned at the start of this week's update that Charlotte and I jumped on a chopper with our parents to check out our wedding venue, here's the pics and I just added a video to the thread too: Well that was amazing; chopper ride to our wedding venue for lunch with our parents. So happy to live here and have access to such a wonderful place.
Malwarebytes
MARCH 24, 2022
In two security advisories, HP has alerted users to the existence of security vulnerabilities in several of its printer models. In total, four vulnerabilities were patched, but three of those vulnerabilities are rated critical, and all of them can lead to remote code execution (RCE) when exploited. Link-Local Multicast Name Resolution. CVE-2022-3942 is a vulnerability rated with a CVSS score of 8.4 out of 10.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Tech Republic Security
MARCH 25, 2022
SecureWorks announced the themes and trends of cybersecurity incidents recorded in 2021 so you can better protect your business in 2022. The post Cybersecurity incident response: Lessons learned from 2021 appeared first on TechRepublic.
Schneier on Security
MARCH 23, 2022
The Office of Inspector General has audited NASA’s insider threat program: While NASA has a fully operational insider threat program for its classified systems, the vast majority of the Agency’s information technology (IT) systems — including many containing high-value assets or critical infrastructure — are unclassified and are therefore not covered by its current insider threat program.
Bleeping Computer
MARCH 24, 2022
Morgan Stanley Wealth Management, the wealth and asset management division of Morgan Stanley, says some of its customers had their accounts compromised following vishing attacks. [.].
Security Boulevard
MARCH 24, 2022
Cloud adoption continues to accelerate and exceed expectations year after year. Gartner expects public cloud services to grow another 21.7% in 2022, and while this is a positive direction for the industry as a whole, it creates a dramatic shift in cybersecurity risks. It also prompts a reevaluation of the solutions required to address those. The post Are You Prepared for Your Next Cloud Incident?
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Tech Republic Security
MARCH 25, 2022
Encryption software protects confidential and private data in transit and at rest by making it accessible only to authorized individuals. Learn about the best encryption software and techniques. The post Best encryption software 2022 appeared first on TechRepublic.
The Hacker News
MARCH 24, 2022
Before hunting malware, every researcher needs to find a system where to analyze it. There are several ways to do it: build your own environment or use third-party solutions. Today we will walk through all the steps of creating a custom malware sandbox where you can perform a proper analysis without infecting your computer. And then compare it with a ready-made service.
Bleeping Computer
MARCH 25, 2022
The Federal Communications Commission (FCC) added Russian cybersecurity firm Kaspersky to its Covered List, saying it poses unacceptable risks to U.S. national security. [.].
Security Boulevard
MARCH 24, 2022
It was the third week of January 2022 and the offer letter was signed and accepted; Guarav Kathuria was on his way out the door to start the next chapter in his career and closing out his 12-plus years at Qualcomm. Nothing to see here—this scenario happens to thousands of engineers each month. Except, well, The post Qualcomm: ‘We’d Like Our IP Back, Please’ appeared first on Security Boulevard.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Tech Republic Security
MARCH 25, 2022
Nutanix’s new report details why the move to multicloud is important for security. The post Healthcare industry still lagging in multicloud adoption appeared first on TechRepublic.
CyberSecurity Insiders
MARCH 21, 2022
Britain’s military personnel were ordered not to use WhatsApp messaging app anymore, as Russian hackers were using the app’s location service to track down individuals and kill them using missile attacks. Though the built-up theory seems illogical, as WhatsApp functionality is under full encryption, a missile attack that took place on Sunday on a training camp of foreign fighters, suggests that the hackers from the Russian federation could have sniffed the activity by tracking down the phone loc
We Live Security
MARCH 24, 2022
ESET Research uncovers a sophisticated scheme that distributes trojanized Android and iOS apps posing as popular cryptocurrency wallets. The post Crypto malware in patched wallets targeting Android and iOS devices appeared first on WeLiveSecurity.
Bleeping Computer
MARCH 24, 2022
North Korean state hackers have exploited a zero-day, remote code execution vulnerability in Google Chrome web browser for more than a month before a patch became available, in attacks targeting news media, IT companies, cryptocurrency and fintech organizations. [.].
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Tech Republic Security
MARCH 25, 2022
While ransomware has been around for decades, its prevalence has exploded over the last two years. These attacks used to be perpetrated by individuals; now they’re launched by networked groups of affiliates who buy and sell each other’s specialized skills and toolkits. Attacks were once unfocused and one- dimensional; now they use targeted, multi-layered tactics.
CyberSecurity Insiders
MARCH 23, 2022
Only solution to deliver integrated cloud-based SIEM, SOAR, and UEBA services directly to organizations of all sizes. Includes security for business-critical applications to protect the digital heart of businesses. COPENHAGEN, Denmark & BOSTON, March 22, 2022 — Logpoint is now making its Converged SIEM, combining SIEM, SOAR, UEBA, and security for business-critical applications generally available.
Security Boulevard
MARCH 23, 2022
Today’s businesses are no stranger to innovation. From enhancing products and services with cutting-edge technologies to honing productivity with cloud-based applications and new ways of networking, innovation has become a key differentiator across virtually every industry. In the vast majority of cases, that innovation is almost wholly dependent on a company’s IT capabilities.
Bleeping Computer
MARCH 19, 2022
The Federal Bureau of Investigation (FBI) warns of AvosLocker ransomware being used in attacks targeting multiple US critical infrastructure sectors. [.].
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Tech Republic Security
MARCH 23, 2022
Using social engineering rather than traditional ransomware tactics, the Lapsus$ group has already hit multiple organizations, says Microsoft. The post Microsoft warns of destructive attacks by Lapsus$ cybercrime group appeared first on TechRepublic.
CSO Magazine
MARCH 22, 2022
I hate to do this but consider the following thought exercise: Transport yourself back to fall 2020 when literally the entire world was waiting for a COVID vaccine. We knew there were a few candidates (in fact, one mRNA vaccine was formulated in late January) and were just waiting on the proof - the efficacy studies. Most of the world was elated to find out in early December 2020 that efficacy rates were 95%.
Thales Cloud Protection & Licensing
MARCH 23, 2022
Shifting Risk and Business Environment Demand creates a Shift in Security Strategies. divya. Thu, 03/24/2022 - 05:00. As the world is slowly returning to pre-pandemic conditions, the underlying trends that have always driven information security, such as new technologies, greater compliance mandates and more severe security incidents, continue to be significant change agents.
Bleeping Computer
MARCH 24, 2022
As Lapsus$ data extortion gang announced that several of its members are taking a vacation, the City of London Police say they have arrested seven individuals connected to the gang. [.].
Speaker: William Hord, Vice President of ERM Services
A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.
Expert insights. Personalized for you.
307 
Let's personalize your content