Sat.Dec 17, 2022 - Fri.Dec 23, 2022

article thumbnail

The top cyber security stories of 2022

Security Boulevard

A look in the rearview can tell you a lot about the future, so we revisited the top cyber security stories of 2022 with experts in the field. The post The top cyber security stories of 2022 appeared first on Security Boulevard.

Internet 138
article thumbnail

The Top 23 Security Predictions for 2023 (Part 1)

Lohrman on Security

After a year full of data breaches, ransomware attacks and real-world cyber impacts stemming from Russia’s invasion of Ukraine, what’s next? Here’s part 1 of your annual roundup of security industry forecasts for 2023 and beyond.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Hacked Ring Cams Used to Record Swatting Victims

Krebs on Security

Photo: BrandonKleinPhoto / Shutterstock.com. Two U.S. men have been charged with hacking into the Ring home security cameras of a dozen random people and then “swatting” them — falsely reporting a violent incident at the target’s address to trick local police into responding with force. Prosecutors say the duo used the compromised Ring devices to stream live video footage on social media of police raiding their targets’ homes, and to taunt authorities when they arri

Hacking 272
article thumbnail

How to Surrender to a Drone

Schneier on Security

The Ukrainian army has released an instructional video explaining how Russian soldiers should surrender to a drone: “Seeing the drone in the field of view, make eye contact with it,” the video instructs. Soldiers should then raise their arms and signal they’re ready to follow. After that the drone will move up and down a few meters, before heading off at walking pace in the direction of the nearest representatives of Ukraine’s army, it says.

281
281
article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

Weekly Update 326

Troy Hunt

Despite having both my tripod and mic in the wrong suitcase in the wrong place, Scott and I still pulled together a weekly vid from the Norwegian mountains. Much of this week is a combination of our travels here, responses to my tweets around cookie warnings and reactions to Elon's various decisions (and undecisions) on Twitter. Plus, there's the CoinTracker and Gemini breaches which appear to have stemmed from the SendGrid breach, the connection to that incident having been made by Co

213
213
article thumbnail

2022 Cyber Review: The Year the Ukraine War Shocked the World

Lohrman on Security

This past year will be remembered as another year of ransomware attacks, data breaches impacting critical infrastructure and, most of all, global cybersecurity impacts from the Russian war with Ukraine.

More Trending

article thumbnail

Ukraine Intercepting Russian Soldiers’ Cell Phone Calls

Schneier on Security

They’re using commercial phones, which go through the Ukrainian telecom network : “You still have a lot of soldiers bringing cellphones to the frontline who want to talk to their families and they are either being intercepted as they go through a Ukrainian telecommunications provider or intercepted over the air,” said Alperovitch. “That doesn’t pose too much difficulty for the Ukrainian security services.” […]. “Security has always been a mess, bot

article thumbnail

Study: Consumer security savvy is way behind IoT threat landscape

Tech Republic Security

A new Comcast study hints at a major risk to businesses, governments and public systems due to poor cybersecurity in the booming Internet of Things industry. The post Study: Consumer security savvy is way behind IoT threat landscape appeared first on TechRepublic.

IoT 181
article thumbnail

Lastpass: Hackers stole customer vault data in cloud storage breach

Bleeping Computer

LastPass revealed today that attackers stole customer vault data after breaching its cloud storage earlier this year using information stolen during an August 2022 incident. [.].

145
145
article thumbnail

Why do cyber-attacks increase during holidays?

Security Boulevard

Why do cyber-attacks increase during holidays? Why do cyber-attacks increase during holidays? The holiday season is traditionally a golden opportunity for hackers to take advantage of the increase in the number of employees working remotely, decrease in IT staff levels, and extended server vulnerabilities. It’s a season when the number of attacks to access your […].

article thumbnail

Beware of Pixels & Trackers on U.S. Healthcare Websites

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

article thumbnail

CVE-2022-41040 and CVE-2022-41082 – zero-days in MS Exchange

SecureList

Summary. At the end of September, GTSC reported an attack on critical infrastructure that took place in August. During the investigation, experts found that two 0-day vulnerabilities in Microsoft Exchange Server were used in the attack. The first one, later identified as CVE-2022-41040, is a server-side request forgery (SSRF) vulnerability that allows an authenticated attacker to remotely trigger the next vulnerability – CVE-2022-41082.

Malware 142
article thumbnail

On-premises vs cloud security: What are the pros and cons?

Tech Republic Security

Is on-premises or cloud computing operations more secure for your business? Consider the security pros and cons with our guide. The post On-premises vs cloud security: What are the pros and cons? appeared first on TechRepublic.

170
170
article thumbnail

Google introduces end-to-end encryption for Gmail on the web

Bleeping Computer

Google announced on Friday that it's adding end-to-end encryption to Gmail on the web, allowing enrolled Google Workspace users to send and receive encrypted emails within their domain and outside their domain. [.].

article thumbnail

A Robot’s View of AI in Cybersecurity

Security Boulevard

An AI chatbot wrote the following article on AI in cybersecurity. For real. No humans were harmed in the drafting of this article. Artificial intelligence (AI) and machine learning (ML) are rapidly advancing technologies that have the potential to greatly impact cybersecurity. These technologies can be used to enhance security by analyzing large amounts of.

article thumbnail

Software Composition Analysis: The New Armor for Your Cybersecurity

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

article thumbnail

Business Communication Compromise (BCC) Predictions for 2023

CyberSecurity Insiders

By Steven Spadaccini, VP Threat Intelligence, SafeGuard Cyber. In 2022, cybersecurity further became a top priority for businesses around the world following critical attacks on both the public and private sectors and of course, the use of cyber warfare as a Russian tactic in its invasion of Ukraine. This year, organizations have spent significant time and resources attempting to mitigate the risks associated with Business Communication Compromise, including phishing attacks and Personally-Ident

article thumbnail

Google unveils beta of client-side encryption for Gmail

Tech Republic Security

Customers of Google Workspace Enterprise Plus, Education Plus, or Education Standard can apply for the beta until Jan. 20, 2023. The post Google unveils beta of client-side encryption for Gmail appeared first on TechRepublic.

article thumbnail

Okta's source code stolen after GitHub repositories hacked

Bleeping Computer

In a 'confidential' email notification sent by Okta and seen by BleepingComputer, the company states that attackers gained access to its GitHub repositories this month and stole the company's source code. [.].

Hacking 142
article thumbnail

GitHub Secret Scanning is now Free (as in Beer)

Security Boulevard

Microsoft’s GitHub source control service will help stop devs accidentally embedding secrets in public code repositories. It’s a big problem. The post GitHub Secret Scanning is now Free (as in Beer) appeared first on Security Boulevard.

article thumbnail

From Complexity to Clarity: Strategies for Effective Compliance and Security Measures

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

article thumbnail

ChatGPT: What are the Implications for Infosec?

SecureWorld News

ChatGPT, a chatbot developed by OpenAI, is all the rage right now, and is so popular the site continually throws up an overcapacity message. Launched in November of this year, ChatGPT is designed to provide detailed responses and articulate answers across many domains of knowledge. The ability to ask any question on just about any topic and have a very intelligent answer given has cybersecurity experts wondering if the infosec community is using it and, if so, for what; and, if so, how is it wor

InfoSec 140
article thumbnail

GitHub offers secret scanning for free

Tech Republic Security

Open source software development service has made it easier for developers using its public repositories to keep coding secrets and tokens close to the chest. The post GitHub offers secret scanning for free appeared first on TechRepublic.

Software 152
article thumbnail

Old vulnerabilities in Cisco products actively exploited in the wild

Security Affairs

IT giant Cisco is warning of threat actors exploiting many old vulnerabilities in attacks in the wild. Cisco has updated multiple security advisories to warn of the active exploitation of several old vulnerabilities impacting its products. The bugs, some of which are rated as ‘critical’ severity, impact Cisco IOS, NX-OS, and HyperFlex software. Below are the critical vulnerabilities being exploited in attacks in the wild: CVE-2017-12240 (CVSS score of 9.8) – The vulnerability affects the D

Wireless 137
article thumbnail

What is Kubernetes Governance?

Security Boulevard

Kubernetes governance is the set of policies and procedures organizations adopt to define how Kubernetes is managed and maintained, and it is an essential part of how enterprises become production-ready at scale. Kubernetes governance includes management of Kubernetes resources, scheduling, upgrades, and role-based access control. It also includes the process for making decisions about Kubernetes, such as how to manage security issues, bug fixes, and feature requests. .

article thumbnail

Successful Change Management with Enterprise Risk Management

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

article thumbnail

Cybersecurity Predictions: 2023 Brings New Threats from Hybrid Working and Economic Downturn

CyberSecurity Insiders

John Stock, Product Manager, Outpost24. With continued challenges from remote and hybrid working, increased economic unrest and geopolitical conflict, and a new gang of teenage hackers , 2022 has certainly thrown cybersecurity professionals some curveballs. While many of the same trends and threats remain, 2023 is likely to keep us on our toes as these threats mature and the landscape continues to shift.

article thumbnail

What is Microsoft’s Secure Supply Chain Consumption Framework, and why should I use it?

Tech Republic Security

Microsoft has open sourced its framework for managing open source in software development. The post What is Microsoft’s Secure Supply Chain Consumption Framework, and why should I use it? appeared first on TechRepublic.

Software 145
article thumbnail

Thales collaborates with Hewlett Packard Enterprise to Enhance 5G Subscriber Privacy and Security

Thales Cloud Protection & Licensing

Thales collaborates with Hewlett Packard Enterprise to Enhance 5G Subscriber Privacy and Security. divya. Thu, 12/22/2022 - 05:40. Thales collaborates with Hewlett Packard Enterprise (HPE) to provide enhanced privacy and secure authentication for global 5G users, further extending its partner ecosystem. The Thales Luna 7 Hardware Security Module (HSM), a world-class HSM, will power a foundation of trust around HPE’s Subscriber Data Management (SDM) solutions, ensuring subscriber data, transactio

article thumbnail

Cloud Security Podcast?—?Two Years Later or Our Year-End Reflections for 2022!

Security Boulevard

Cloud Security Podcast — Two Years Later or Our Year-End Reflections for 2022! We have been running our Cloud Security Podcast by Google for almost 2 years ( TWO YEARS! ) and since we are on a break now, I wanted to reflect a bit, while Tim is relaxing on a beach somewhere warm and “ hammy” ?. So, we aired 102 episodes, but what was new in 2022? We explored a few new areas of cloud security.

article thumbnail

Cover Your SaaS: How to Overcome Security Challenges and Risks For Your Organization

Speaker: Ronald Eddings, Cybersecurity Expert and Podcaster

So, you’ve accomplished an organization-wide SaaS adoption. It started slow, and now just a few team members might be responsible for running Salesforce, Slack, and a few others applications that boost productivity, but it’s all finished. Or is it? Through all the benefits offered by SaaS applications, it’s still a necessity to onboard providers as quickly as possible.

article thumbnail

Few things are certain except cyberattacks: Security predictions for 2023

CyberSecurity Insiders

Darren James, Head of Internal IT, Specops Software. It’s that time of year again, when IT and security experts line up to reflect on the past year and share their industry predictions for what’s to come. With the cybersecurity landscape more unpredictable than ever, it can be difficult to predict what’s going to happen tomorrow, let alone in the next 12 months.

article thumbnail

Cisco Talos report: Threat actors use known Excel vulnerability

Tech Republic Security

The use of.XLL Excel files by threat actors to infect computers with malware is growing fast. Learn more about this relatively new technique and how to protect from it. The post Cisco Talos report: Threat actors use known Excel vulnerability appeared first on TechRepublic.

Malware 145
article thumbnail

Brave launches FrodoPIR, a privacy-focused database query system

Bleeping Computer

Brave Software developers have created a new privacy-centric database query system called FrodoPIR that retrieves data from servers without disclosing the content of user queries. [.].

Software 138
article thumbnail

All GitHub Users Will Need to Enable 2FA by the End of 2023

Heimadal Security

GitHub recently announced that it will require all users who contribute with code on the platform to enable two-factor authentification over the course of 2023. Two-factor authentication (2FA) makes accounts safer by adding an extra step that requires entering a one-time code during the login process. Takeovers of user accounts on GitHub can result in the […].

article thumbnail

How Preparation and Strategy Can Be Used to Fight and Defeat Any Ransomware Attack

Speaker: Karl Camilleri, Cloud Services Product Manager at phoenixNAP

Did you know that 2021 was a record-breaking year for ransomware? The days of a “once in a while” attack against businesses and organizations are over. Cyberthreats have become a serious issue. With 495.1 million attacks, the threat marked a 148% increase compared to 2020 and was the most expensive year on record! As a result, data protection needs to be a concern for most banks, businesses, and information technology specialists.