Krebs on Security
MAY 2, 2022
Image: Proxima Studios, via Shutterstock. Faced with a brain drain of smart people fleeing the country following its invasion of Ukraine, the Russian Federation is floating a new strategy to address a worsening shortage of qualified information technology experts: Forcing tech-savvy people within the nation’s prison population to perform low-cost IT work for domestic companies.
Troy Hunt
MAY 6, 2022
It's back to business as usual with more data breaches, more poor handling of them and more IoT pain. I think on all those fronts there's a part of me that just likes the challenge and the opportunity to fix a broken thing. Or maybe I'm just a sucker for punishment, I don't know, but either way it's kept me entertained and given me plenty of new material for this week's video 😊 References The book is almost ready to launch!
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Schneier on Security
MAY 4, 2022
Mandiant is reporting on a new botnet. The group, which security firm Mandiant is calling UNC3524, has spent the past 18 months burrowing into victims’ networks with unusual stealth. In cases where the group is ejected, it wastes no time reinfecting the victim environment and picking up where things left off. There are many keys to its stealth, including: The use of a unique backdoor Mandiant calls Quietexit, which runs on load balancers, wireless access point controllers, and other types
Tech Republic Security
MAY 6, 2022
Several businesses in critical infrastructure were forced to confront some hard truths in the wake of the 2021 ransomware attack. The post One year removed from the Colonial Pipeline attack, what have we learned? appeared first on TechRepublic.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Bleeping Computer
MAY 4, 2022
F5 has issued a security advisory warning about a flaw that may allow unauthenticated attackers with network access to execute arbitrary system commands, perform file actions, and disable services on BIG-IP. [.].
Troy Hunt
APRIL 30, 2022
Didn't get a lot done this week, unless you count scuba diving, snorkelling, spear fishing and laying around on tropical sand cays 😎 This week is predominantly about the time we just spent up on the Great Barrier Reef which has very little relevance to infosec, IoT, 3D printing and the other usual topics. But as I refer to in the guitar lessons blog post referenced below, I share what I do pretty transparently and organically and this week, that's what I want to talk about.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Tech Republic Security
MAY 3, 2022
Chats analyzed by Cisco Talos show how ransomware groups determine ransom amounts and force organizations to pay but also are willing to negotiate with victims. The post Internal chats of ransomware cybercriminals reveal ways to avoid becoming a victim appeared first on TechRepublic.
We Live Security
MAY 3, 2022
Organizations need to get better at mitigating threats from unknown vulnerabilities, especially as both state-backed operatives and financially-motivated cybercriminals are increasing their activity. The post What’s behind the record‑high number of zero days? appeared first on WeLiveSecurity.
Graham Cluley
MAY 3, 2022
A police car's digital in-car video system uncovered that two Los Angeles officers ignored calls to provide assistance at a department store robbery because they were too enthralled in catching Pokémon.
CSO Magazine
MAY 2, 2022
Cybersecurity pros interested in metrics and measures frequently ponder and pontificate on what measures would be best to show the board of directors. That can be a tricky proposition because “we have to speak like the business” is also a mantra. Coming up with cybersecurity metrics from a business perspective can be a challenge. So how can we solve this problem and provide useful insight?
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Tech Republic Security
MAY 3, 2022
Identity theft and data breaches are less likely to occur in an environment without passwords. The post Why World Password Day should become World Passwordless Day appeared first on TechRepublic.
Security Boulevard
MAY 4, 2022
Back on May 25, 2018, the European Union’s General Data Protection Regulation (GDPR) came into effect, meaning all organizations that offer goods or services to European Union residents, or collect consumer data within the region, are now required to comply with the regulation. The post Unstructured Data and What it Means for GDPR Compliance appeared first on Security Boulevard.
Bleeping Computer
MAY 3, 2022
A vulnerability in the domain name system (DNS) component of a popular C standard library that is present in a wide range of IoT products may put millions of devices at DNS poisoning attack risk. [.].
Malwarebytes
MAY 4, 2022
The wacky world of ape jpegs are at the heart of yet another increasingly bizarre internet scam, which contains malware, stolen accounts, a faint possibility of phishing, and zips full of ape pictures. The Ape Executives have a job offer you can, and must, refuse. Lots of people with art profiles on social media in Japan and elsewhere have reported messages from people claiming to be from the “Cyberpunk Ape Executives”.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Tech Republic Security
MAY 3, 2022
Many high-level executives and business owners rely on weak and simple passwords, leaving their companies more vulnerable to data breaches, says NordPass. The post Even C-suite executives use terrible passwords like 123456 appeared first on TechRepublic.
Security Boulevard
MAY 1, 2022
In the past, I’ve written about digital privacy and how much data we leak through our day to day interactions. I think this is an important topic to consider and really focus on and it is an element of cybersecurity at both the enterprise and personal level that isn’t discussed enough. One of the reasons […]… Read More. The post OSINT: The privacy risks of sharing too much information appeared first on The State of Security.
Bleeping Computer
MAY 5, 2022
The Tor Project has published details about a newly introduced system called Congestion Control that promises to eliminate speed limits on the network. [.].
The State of Security
MAY 5, 2022
The FBI's Internet Crime Complaint Center (IC3) has issued updated statistics on Business Email Compromise (BEC) attacks which use a variety of social engineering and phishing techniques to break into accounts and trick companies into transferring large amounts of money into the hands of criminals. Read more in my article on the Tripwire State of Security blog.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Tech Republic Security
MAY 5, 2022
Adopting a new authentication method from the FIDO Alliance, the three major OS vendors will let you use encrypted credentials stored on your phone to automatically sign you into your online accounts. The post Google, Apple, Microsoft promise end to passwords, courtesy of your mobile phone appeared first on TechRepublic.
Security Boulevard
MAY 2, 2022
Twenty years ago, Bill Gates foresaw the security threats looming as new technologies were introduced and threat actors were ramping up their efforts. He urged for including security development at every stage of the software life cycle in his company’s products. It’s a lesson developers haven’t taken to heart, as AppSec lags far behind in. The post AppSec Champions Bring Security Front and Center appeared first on Security Boulevard.
Bleeping Computer
MAY 3, 2022
Hackers commonly exploit vulnerabilities in corporate networks to gain access, but a researcher has turned the table by finding exploits in the most common ransomware and malware being distributed today. [.].
CSO Magazine
MAY 3, 2022
Effective partnerships between CISOs and their cybersecurity vendors are integral to security success. A well-oiled relationship built on trust, communication and mutual understanding can reap significant benefits for a business’s cybersecurity posture. Conversely, one that is problematic and incohesive can have the opposite effect, negatively impacting a company’s security practices and leaving them vulnerable to risks and wasted investment.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Tech Republic Security
MAY 4, 2022
If you're looking to employ a solid VPN service for remote workers, NordLayer VPN is an outstanding option. Find out how to install and use the client on both Ubuntu Desktop and Fedora 36. The post How to install the NordLayer VPN client on Linux and connect it to a virtual network appeared first on TechRepublic.
eSecurity Planet
MAY 3, 2022
Databases contain some of the most critical data in enterprises, so vulnerabilities in them are serious issues. Researchers at Singapore-based cybersecurity company Group-IB recently discovered thousands of databases exposed to the internet that could have been exploited when they were left unprotected. The Attack Surface Management team at Group-IB said it constantly scans the IPv4 landscape for exposed databases, potentially unwanted programs, and other risks.
Bleeping Computer
MAY 3, 2022
Several ransomware strains have been linked to APT38, a North Korean-sponsored hacking group known for its focus on targeting and stealing funds from financial institutions worldwide. [.].
Threatpost
MAY 3, 2022
Popular apps to support people’s psychological and spiritual well-being can harm them by sharing their personal and sensitive data with third parties, among other privacy offenses.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Tech Republic Security
MAY 4, 2022
Since April 2022 phishing emails have been sent to Gmail users from legitimate addresses, making it hard to tell spam from legitimate sources. The post Phishers taking advantage of Gmail’s SMTP relay service to impersonate brands appeared first on TechRepublic.
Malwarebytes
MAY 3, 2022
A real world scam which sucks the fun out of craft fairs has caused nothing but stress for victims. It may sound bizarre, but it’s actually a fairly popular attack focused on small/self-run business owners selling their own creations. Are you ready for a trip to the craft fair? You’re a small business owner. You sell a variety of craft-style items, the type you see in vast quantities on sites like Etsy and Redbubble.
Bleeping Computer
MAY 3, 2022
?A handy tip was shared online this week, showing how you can use PowerShell to monitor changes to the Windows Registry over time. [.].
CyberSecurity Insiders
MAY 1, 2022
A Texas school district has hit Google headlines as one of its employees was caught mining cryptocurrency without permission of the school management or the government officials. Galveston Independent School District (Galveston ISD) is the educational institution in discussion and the name of the employee found guilty is withheld. According a source reporting from the IT department of Galveston Independent School District (GISD), an employee has installed cryptocurrency mining hardware and softw
Speaker: William Hord, Vice President of ERM Services
A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.
Expert insights. Personalized for you.
268 
Let's personalize your content