Schneier on Security

JUNE 29, 2023

We have learned this lesson again : As part of the FTC v. Microsoft hearing , Sony supplied a document from PlayStation chief Jim Ryan that includes redacted details on the margins Sony shares with publishers, its Call of Duty revenues, and even the cost of developing some of its games. It looks like someone redacted the documents with a black Sharpie ­ but when you scan them in, it’s easy to see some of the redactions.

259

259

Krebs on Security

JUNE 29, 2023

Nikita Kislitsin , formerly the head of network security for one of Russia’s top cybersecurity firms, was arrested last week in Kazakhstan in response to 10-year-old hacking charges from the U.S. Department of Justice. Experts say Kislitsin’s prosecution could soon put the Kazakhstan government in a sticky diplomatic position, as the Kremlin is already signaling that it intends to block his extradition to the United States.

Cybersecurity 242

Cybersecurity Cybercrime Hacking Technology 242

Lohrman on Security

JUNE 25, 2023

Michael Geraghty, the director of cybersecurity and chief information security officer for the state of New Jersey, shares information on cyber operations, partnerships and more.

CISO 215

CISO Information Security Cybersecurity 215

Tech Republic Security

JUNE 29, 2023

If you're not sure how to view your SSH certificates, this article walks you through the steps on Linux, macOS and Windows. The post How to View Your SSH Keys in Linux, macOS and Windows appeared first on TechRepublic.

190

190

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Schneier on Security

JUNE 30, 2023

The Washington Post is reporting that the US is spying on the UN Secretary General. The reports on Guterres appear to contain the secretary general’s personal conversations with aides regarding diplomatic encounters. They indicate that the United States relied on spying powers granted under the Foreign Intelligence Surveillance Act (FISA) to gather the intercepts.

Surveillance 218

Surveillance 218

Krebs on Security

JUNE 27, 2023

Joseph James “PlugwalkJoe” O’Connor , a 24-year-old from the United Kingdom who earned his 15 minutes of fame by participating in the July 2020 hack of Twitter , has been sentenced to five years in a U.S. prison. That may seem like harsh punishment for a brief and very public cyber joy ride. But O’Connor also pleaded guilty in a separate investigation involving a years-long spree of cyberstalking and cryptocurrency theft enabled by “ SIM swapping ,” a crime wh

Cryptocurrency 217

Cryptocurrency Accountability Mobile Hacking 217

Tech Republic Security

JUNE 27, 2023

The FIDO Alliance’s Andrew Shikiar explains how passkeys are quickly replacing passwords as the next-generation login, a low friction, high security protocol for any device. The post How FIDO2 Powers Up Passkeys Across Devices appeared first on TechRepublic.

Passwords 175

Passwords 175

Schneier on Security

JUNE 27, 2023

Don’t do it : Recently, the manager of the Harvard Med School morgue was accused of stealing and selling human body parts. Cedric Lodge and his wife Denise were among a half-dozen people arrested for some pretty grotesque crimes. This part is also at least a little bit funny though: Over a three-year period, Taylor appeared to pay Denise Lodge more than $37,000 for human remains.

212

212

Dark Reading

JUNE 30, 2023

The group has given one of Apple's biggest semiconductor suppliers until Aug. 6 to pay $70 million or risk having its data and "points of entry" to its network publicly leaked.

Risk 134

Risk 134

Bleeping Computer

JUNE 27, 2023

A new process injection technique named 'Mockingjay' could allow threat actors to bypass EDR (Endpoint Detection and Response) and other security products to stealthily execute malicious code on compromised systems. [.

142

142

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Tech Republic Security

JUNE 27, 2023

DLP helps organizations protect their sensitive data. Learn about the best practices and tools available to prepare for and prevent data loss. The post What is Data Loss Prevention (DLP)? appeared first on TechRepublic.

Big data 166

Big data 166

Schneier on Security

JUNE 26, 2023

In this detailed article about academic plagiarism are some interesting details about how to do data forensics on Excel files. It really needs the graphics to understand, so see the description at the link. (And, yes, an author of a paper on dishonesty is being accused of dishonesty. There’s more evidence.

211

211

Security Boulevard

JUNE 27, 2023

The EU has proposed legislation that would govern the use of AI and could be used for a blueprint by other countries looking to put guardrails around the technology. The post As Goes GDPR, So Goes AI: EU Leads With Proposed AI Law appeared first on Security Boulevard.

Government 134

Government Technology Data privacy Risk 134

Bleeping Computer

JUNE 28, 2023

Microsoft has released Sysmon 15, converting it into a protected process and adding the new 'FileExecutableDetected' option to log when executable files are created. [.

145

145

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Tech Republic Security

JUNE 26, 2023

Pro-Kremlin groups Anonymous Sudan, Killnet and Clop have other motivations than just hacktivism as they widen their attack field beyond political targets. The post Anonymous Sudan’s Attack of European Investment Bank: Money, Politics and PR appeared first on TechRepublic.

Banking 162

Banking Ransomware Cybersecurity 162

Schneier on Security

JUNE 28, 2023

The stalkerware company LetMeSpy has been hacked : TechCrunch reviewed the leaked data, which included years of victims’ call logs and text messages dating back to 2013. The database we reviewed contained current records on at least 13,000 compromised devices, though some of the devices shared little to no data with LetMeSpy. (LetMeSpy claims to delete data after two months of account inactivity.) […] The database also contained over 13,400 location data points for several thousand v

Hacking 194

Hacking Spyware Accountability Data breaches 194

SecureList

JUNE 28, 2023

Introduction Andariel, a part of the notorious Lazarus group, is known for its use of the DTrack malware and Maui ransomware in mid-2022. During the same period, Andariel also actively exploited the Log4j vulnerability as reported by Talos and Ahnlab. Their campaign introduced several new malware families, such as YamaBot and MagicRat, but also updated versions of NukeSped and, of course, DTrack.

Malware 133

Malware Cybercrime Phishing Ransomware 133

Bleeping Computer

JUNE 24, 2023

Grafana has released security fixes for multiple versions of its application, addressing a vulnerability that enables attackers to bypass authentication and take over any Grafana account that uses Azure Active Directory for authentication. [.

Authentication 138

Authentication Accountability 138

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Tech Republic Security

JUNE 30, 2023

Analysis of 700,000 real-world attacks shows how memory attacks evade protections and suggest mitigations. The post Aqua Security Study Finds 1,400% Increase in Memory Attacks appeared first on TechRepublic.

Software 158

Software Cybersecurity Network Security 158

Security Boulevard

JUNE 30, 2023

Dozor-Teleport hack, vandalism and data breach. But is it a Ukrainian false flag op? The post ‘Wagner Mercenary’ Hackers Destroy Russian Satellite Comms appeared first on Security Boulevard.

Data breaches 130

Data breaches Hacking Social Engineering Engineering 130

Google Security

JUNE 29, 2023

Nicolas Lidzborski, Principal Engineer and Jaishankar Sundararaman, Sr. Director of Engineering, Google Workspace In February, we expanded Google Workspace client-side encryption (CSE) capabilities to include Gmail and Calendar in addition to Drive, Docs, Slides, Sheets , and Meet. CSE in Gmail was designed to provide commercial and public sector organizations an additional layer of confidentiality and data integrity protection beyond the existing encryption offered by default in Workspace.

Encryption 126

Encryption Authentication Engineering Phishing 126

Bleeping Computer

JUNE 30, 2023

Starting today, Twitter is no longer accessible on web and mobile apps if you don't have an account, forcing all users to log in if they want to get access to the platform. [.

Mobile 136

Mobile Accountability Technology 136

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Tech Republic Security

JUNE 29, 2023

Ransomware attacks from the 8Base group claimed the second largest number of victims over the past 30 days, says VMware. The post 8Base Ransomware Attacks Show Spike in Activity appeared first on TechRepublic.

Ransomware 150

Ransomware Cybersecurity 150

eSecurity Planet

JUNE 28, 2023

Penetration tests are vital components of vulnerability management programs. In these tests, white hat hackers try to find and exploit vulnerabilities in your systems to help you stay one step ahead of cyberattackers. Because these tests can use illegal hacker techniques, pentest services will sign a contract detailing their roles, goals, and responsibilities.

Penetration Testing 125

Penetration Testing Social Engineering Wireless Engineering 125

InfoWorld on Security

JUNE 27, 2023

The studies are coming fast these days. Thales Global Cloud Security Study for 2022 found that during the past 12 months, 45% of businesses have experienced a cloud data breach or failed to perform audits. (It would have been nice for this number to be broken out.) If you’ve been watching this space, it was only 5% off from the previous year. What gives?

Data breaches 121

Data breaches 121

Bleeping Computer

JUNE 30, 2023

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned today of ongoing distributed denial-of-service (DDoS) attacks after U.S. organizations across multiple industry sectors were hit. [.

DDOS 133

DDOS Cybersecurity 133

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

Tech Republic Security

JUNE 29, 2023

Microsoft offers different Word document security solutions. Dive into the methods to learn how you can secure your files and ensure document protection. The post Different Methods to Secure Your Microsoft Word Documents appeared first on TechRepublic.

Software 148

Software Cybersecurity 148

Security Boulevard

JUNE 30, 2023

Onboarding new software and SaaS vendors in the cloud presents a new set of security challenges for a lot of organizations. The post The Cloud Security Risks of Overprivileged Vendors appeared first on Security Boulevard.

Risk 120

Risk Software Government Cybersecurity 120

Dark Reading

JUNE 27, 2023

Organizations are largely deluded about their own security postures, according to an analysis, with the average SIEM failing to detect a whopping 76% of attacker TTPs.

123

123

Bleeping Computer

JUNE 28, 2023

Data protection vendor Arcserve has addressed a high-severity security flaw in its Unified Data Protection (UDP) backup software that can let attackers bypass authentication and gain admin privileges. [.

Backups 131

Backups Authentication Software 131

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

Risk