Troy Hunt
MAY 6, 2022
It's back to business as usual with more data breaches, more poor handling of them and more IoT pain. I think on all those fronts there's a part of me that just likes the challenge and the opportunity to fix a broken thing. Or maybe I'm just a sucker for punishment, I don't know, but either way it's kept me entertained and given me plenty of new material for this week's video 😊 References The book is almost ready to launch!
Krebs on Security
MAY 2, 2022
Image: Proxima Studios, via Shutterstock. Faced with a brain drain of smart people fleeing the country following its invasion of Ukraine, the Russian Federation is floating a new strategy to address a worsening shortage of qualified information technology experts: Forcing tech-savvy people within the nation’s prison population to perform low-cost IT work for domestic companies.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Schneier on Security
MAY 4, 2022
Mandiant is reporting on a new botnet. The group, which security firm Mandiant is calling UNC3524, has spent the past 18 months burrowing into victims’ networks with unusual stealth. In cases where the group is ejected, it wastes no time reinfecting the victim environment and picking up where things left off. There are many keys to its stealth, including: The use of a unique backdoor Mandiant calls Quietexit, which runs on load balancers, wireless access point controllers, and other types
Lohrman on Security
MAY 1, 2022
Criminals are using stolen information to imitate the police and scam both companies and individuals. Here’s what you need to know.
Speaker: Erroll Amacker
Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.
Troy Hunt
APRIL 30, 2022
Didn't get a lot done this week, unless you count scuba diving, snorkelling, spear fishing and laying around on tropical sand cays 😎 This week is predominantly about the time we just spent up on the Great Barrier Reef which has very little relevance to infosec, IoT, 3D printing and the other usual topics. But as I refer to in the guitar lessons blog post referenced below, I share what I do pretty transparently and organically and this week, that's what I want to talk about.
The Last Watchdog
MAY 5, 2022
Ransomware? I think you may have heard of it, isn’t the news full of it? Well, the stats are even scarier with over 50% increase in ransomware attacks in 2021, compared to 2020. Related: Make it costly for cybercriminals. The media paid close attention to ransomware attacks last year, as they had a significant impact on Colonial Pipeline, the nation’s largest fuel distributor, and JBS, the nation’s largest meat distributor.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
|
Tech Republic Security
MAY 3, 2022
Chats analyzed by Cisco Talos show how ransomware groups determine ransom amounts and force organizations to pay but also are willing to negotiate with victims. The post Internal chats of ransomware cybercriminals reveal ways to avoid becoming a victim appeared first on TechRepublic.
Cisco Security
MAY 5, 2022
Customers globally are requesting – and often requiring – SaaS providers to demonstrate their commitment to security, availability, confidentiality, and privacy. While attaining global security certifications has become table-stakes for many to do business, it’s no easy feat. Many organizations struggle to keep pace with this resource- and time-intensive process.
We Live Security
MAY 3, 2022
Organizations need to get better at mitigating threats from unknown vulnerabilities, especially as both state-backed operatives and financially-motivated cybercriminals are increasing their activity. The post What’s behind the record‑high number of zero days? appeared first on WeLiveSecurity.
Schneier on Security
MAY 5, 2022
Cloudflare is reporting a large DDoS attack against an unnamed company “operating a crypto launchpad.” While this isn’t the largest application-layer attack we’ve seen , it is the largest we’ve seen over HTTP S. HTTPS DDoS attacks are more expensive in terms of required computational resources because of the higher cost of establishing a secure TLS encrypted connection.
Advertisement
Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.
Tech Republic Security
MAY 6, 2022
Several businesses in critical infrastructure were forced to confront some hard truths in the wake of the 2021 ransomware attack. The post One year removed from the Colonial Pipeline attack, what have we learned? appeared first on TechRepublic.
Trend Micro
MAY 1, 2022
We found an AvosLocker ransomware variant using a legitimate anti-virus component to disable detection and blocking solutions.
SecureList
MAY 4, 2022
In February 2022 we observed the technique of putting the shellcode into Windows event logs for the first time “in the wild” during the malicious campaign. It allows the “fileless” last stage Trojan to be hidden from plain sight in the file system. Such attention to the event logs in the campaign isn’t limited to storing shellcodes.
Bleeping Computer
MAY 3, 2022
?A handy tip was shared online this week, showing how you can use PowerShell to monitor changes to the Windows Registry over time. [.].
Advertisement
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
Tech Republic Security
MAY 3, 2022
Many high-level executives and business owners rely on weak and simple passwords, leaving their companies more vulnerable to data breaches, says NordPass. The post Even C-suite executives use terrible passwords like 123456 appeared first on TechRepublic.
Cisco Security
MAY 4, 2022
Cisco is pleased to announce a new addition to the Forensic Investigation Procedures for First Responders series of documents that will help customers and partners triage Cisco products that are suspected of being tampered with or compromised. These guides provide step-by-step instructions for first responders that can be used to assess platform integrity and collect information that can be used for forensic analysis.
Graham Cluley
MAY 3, 2022
A police car's digital in-car video system uncovered that two Los Angeles officers ignored calls to provide assistance at a department store robbery because they were too enthralled in catching Pokémon.
Bleeping Computer
MAY 4, 2022
F5 has issued a security advisory warning about a flaw that may allow unauthenticated attackers with network access to execute arbitrary system commands, perform file actions, and disable services on BIG-IP. [.].
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
Tech Republic Security
MAY 4, 2022
If you're looking to employ a solid VPN service for remote workers, NordLayer VPN is an outstanding option. Find out how to install and use the client on both Ubuntu Desktop and Fedora 36. The post How to install the NordLayer VPN client on Linux and connect it to a virtual network appeared first on TechRepublic.
Malwarebytes
MAY 4, 2022
The wacky world of ape jpegs are at the heart of yet another increasingly bizarre internet scam, which contains malware, stolen accounts, a faint possibility of phishing, and zips full of ape pictures. The Ape Executives have a job offer you can, and must, refuse. Lots of people with art profiles on social media in Japan and elsewhere have reported messages from people claiming to be from the “Cyberpunk Ape Executives”.
Cisco Security
MAY 3, 2022
The Public Cloud and Security Responsibility. Across many businesses, leveraging services offered and hosted by public cloud providers such as AWS proves to be extremely advantageous for both improving operational efficiencies, cost savings, scaling, and for security. For AWS customers, Lambda functions are a great example of this advantage in providing a useful way to execute only the code you need to execute when you need to execute it, saving businesses money on hosting costs and reducing ope
Bleeping Computer
MAY 5, 2022
The Tor Project has published details about a newly introduced system called Congestion Control that promises to eliminate speed limits on the network. [.].
Speaker: Sierre Lindgren
Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.
Tech Republic Security
MAY 3, 2022
Identity theft and data breaches are less likely to occur in an environment without passwords. The post Why World Password Day should become World Passwordless Day appeared first on TechRepublic.
Malwarebytes
MAY 3, 2022
Airdrop phishing is a really popular tactic at the moment. It emerged alongside the explosion of Web3/NFT/cryptocurrency popularity, and ensures scammers get a slice of the money pie. You may well have heard the term in passing, and wondered what an Airdrop is. Is your iPhone about to be Airdrop phished? It doesn’t really help that the term tied up into lots of new forms of tech you might never have experienced directly.
CSO Magazine
MAY 2, 2022
Cybersecurity pros interested in metrics and measures frequently ponder and pontificate on what measures would be best to show the board of directors. That can be a tricky proposition because “we have to speak like the business” is also a mantra. Coming up with cybersecurity metrics from a business perspective can be a challenge. So how can we solve this problem and provide useful insight?
Security Boulevard
MAY 4, 2022
Back on May 25, 2018, the European Union’s General Data Protection Regulation (GDPR) came into effect, meaning all organizations that offer goods or services to European Union residents, or collect consumer data within the region, are now required to comply with the regulation. The post Unstructured Data and What it Means for GDPR Compliance appeared first on Security Boulevard.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Tech Republic Security
MAY 4, 2022
Auth0 and Okta are identity and access management software solutions, but which one should you choose? Dive into the specifics with this IAM tools feature comparison guide. The post Auth0 vs Okta: Compare IAM software appeared first on TechRepublic.
Malwarebytes
MAY 3, 2022
In an unexpected turn of events, research has surfaced about a Chinese APT (advanced persistent threat) group targeting the Russian military in recent cyberattacks. Tracked as Bronze President, Mustang Panda, RedDelta, and TA416, the group has focused mainly on Southeast Asian targets—and more recently, European diplomats —and turned their attention towards Russia and started targeting the country’s military situated close to the Chinese border.
Cisco Security
MAY 3, 2022
Forrester Consulting ?recently conducted an independent analysis of five organizations using Cisco Identity Services Engine (ISE), the industry-leading network access control solution, to uncover the business value of ISE. The commissioned study conducted by Forrester Consulting on behalf of Cisco, “The Total Economic Impact of Cisco Identity Services Engine (ISE),” published in March 2022, highlighted a total payback period of only 11 months within a composite organization that was built from d
Bleeping Computer
MAY 3, 2022
A vulnerability in the domain name system (DNS) component of a popular C standard library that is present in a wide range of IoT products may put millions of devices at DNS poisoning attack risk. [.].
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Expert insights. Personalized for you.
324 
Let's personalize your content