Schneier on Security

DECEMBER 12, 2022

After way too many years, Apple is finally encrypting iCloud backups : Based on a screenshot from Apple, these categories are covered when you flip on Advanced Data Protection: device backups, messages backups, iCloud Drive, Notes, Photos, Reminders, Safari bookmarks, Siri Shortcuts, Voice Memos, and Wallet Passes. Apple says the only “major” categories not covered by Advanced Data Protection are iCloud Mail, Contacts, and Calendar because “of the need to interoperate with the global email, cont

Backups 283

Backups Encryption Accountability 283

Krebs on Security

DECEMBER 13, 2022

InfraGard , a program run by the U.S. Federal Bureau of Investigation (FBI) to build cyber and physical threat information sharing partnerships with the private sector, this week saw its database of contact information on more than 80,000 members go up for sale on an English-language cybercrime forum. Meanwhile, the hackers responsible are communicating directly with members through the InfraGard portal online — using a new account under the assumed identity of a financial industry CEO tha

Hacking 359

Hacking Energy and Utilities Cybercrime Accountability 359

Anton on Security

DECEMBER 15, 2022

In recent weeks, I did two fun webinars related to Security Operations, and there was a lot of fun Q&A. The questions below are sometimes slighting edited for clarity, typos, etc. For extra fun, I had ChatGPT answer some of them, to see if it can replace me :-) So, first, ISACA webinar “Modernize Your SOC for the Future” focused on our Autonomic Security Operations vision.

Engineering 312

Engineering Risk Technology Information Security 312

Javvad Malik

DECEMBER 12, 2022

As I wandered through the psychedelic chaos of Black Hat Europe 2022, I couldn’t help but feel like I had stumbled into the belly of the beast. The vendor area was a tacky nightmare of flashing lights and buzzword-laden sales pitches, but I knew there was something deeper lurking beneath the surface. And then, like a shot of pure adrenaline to the heart, Dan Cuthbert’s opening keynote began and the conference was suddenly alive with the raw energy of truth and rebellion.

Social Engineering 234

Social Engineering Engineering Cybersecurity 234

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Troy Hunt

DECEMBER 11, 2022

For the first time in I don't know how long, I couldn't do this live. Turns out both cell and wifi in Lapland are, with the benefit of hindsight, exactly what you'd expect from a remote location in the Arctic circle. The rest of the place was pretty amazing though, and a good deal of this week's content has gone to that. Plus, there's the whole "Australia becoming the world's most cyber-secure country" goal which deserves discussion.

Passwords 220

Passwords Hacking 220

Krebs on Security

DECEMBER 14, 2022

The U.S. Department of Justice (DOJ) today seized four-dozen domains that sold “booter” or “stresser” services — businesses that make it easy and cheap for even non-technical users to launch powerful Distributed Denial of Service (DDoS) attacks designed knock targets offline. The DOJ also charged six U.S. men with computer crimes related to their alleged ownership of the popular DDoS-for-hire services.

DDOS 285

DDOS Computers and Electronics Internet Internet 285

Schneier on Security

DECEMBER 14, 2022

Interesting discussion of vulnerabilities and exploits against Boston’s CharlieCard.

Hacking 226

Hacking 226

Tech Republic Security

DECEMBER 13, 2022

No longer limited to email, BEC attacks are hitting users through text messages in an attempt to steal money or commit other types of fraud, says Trustwave. The post Business email compromise attacks now targeting people via SMS messages appeared first on TechRepublic.

Mobile 169

Mobile 169

Security Boulevard

DECEMBER 13, 2022

At the weekend, Linus Torvalds released Linux 6.1 to the world. Among other security features is support for writing parts of the kernel in Rust. The post Rust: Officially Released in Linux 6.1 Kernel appeared first on Security Boulevard.

IoT 145

IoT Risk Mobile Government 145

Bleeping Computer

DECEMBER 12, 2022

Fortinet urges customers to patch their appliances against an actively exploited FortiOS SSL-VPN vulnerability that could allow unauthenticated remote code execution on devices. [.].

VPN 143

VPN 143

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Schneier on Security

DECEMBER 16, 2022

There are these.

270

270

Tech Republic Security

DECEMBER 14, 2022

A password manager can be a useful and effective tool for creating, controlling and applying complex and secure passwords, but if you don’t use it the right way, you can open yourself up to account compromise and even identity theft. The post Improper use of password managers leaves people vulnerable to identity theft appeared first on TechRepublic.

Identity Theft 162

Identity Theft Password Management Passwords Accountability 162

CSO Magazine

DECEMBER 12, 2022

We're about to finish yet another erratic year, in which Elon Musk bought Twitter, Russia invaded Ukraine, and many workers returned to their offices. We also saw, for the first time, a security chief sentenced to prison for concealing a data breach. These events and many more have changed the business landscape and forced CISOs to steer a course through uncertain waters.

CISO 140

CISO Data breaches Cybersecurity 140

Bleeping Computer

DECEMBER 12, 2022

Uber has suffered a new data breach after a threat actor leaked employee email addresses, corporate reports, and IT asset information stolen from a third-party vendor in a cybersecurity incident. [.].

Data breaches 140

Data breaches Cybersecurity 140

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Security Boulevard

DECEMBER 13, 2022

Stop me if you’ve heard this one before: Next year is the year we will finally eliminate passwords. That statement has been a staple of annual cybersecurity predictions for at least a decade, but could 2023 actually be the year that we see a major shift toward the passwordless workplace? Digital Identity thinks so. They. The post Enterprises Move Toward Passwordless, But There’s a Long Way to Go appeared first on Security Boulevard.

Passwords 139

Passwords Cybersecurity Authentication Network Security 139

Tech Republic Security

DECEMBER 14, 2022

As the SolarWinds and Log4j hacks show, vulnerabilities in open source software used in application development can open doors for attackers with vast consequences. A new study looks at the open source community’s efforts to “credit-rate” the risk. The post Open source code for commercial software applications is ubiquitous, but so is the risk appeared first on TechRepublic.

Software 159

Software Risk Hacking Cybersecurity 159

We Live Security

DECEMBER 14, 2022

ESET researchers discovered a spearphishing campaign targeting Japanese political entities a few weeks before the House of Councillors elections, and in the process uncovered a previously undescribed MirrorFace credential stealer. The post Unmasking MirrorFace: Operation LiberalFace targeting Japanese political entities appeared first on WeLiveSecurity.

137

137

eSecurity Planet

DECEMBER 15, 2022

Released on November 30, ChatGPT has instantly become a viral online sensation. In a week, the app gained more than one million users. Unlike most other AI research projects, ChatGPT has captivated the interest of ordinary people who do not have PhDs in data science. They can type in queries and get human-like responses. The answers are often succinct.

Cybersecurity 136

Cybersecurity Phishing Technology Malware 136

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

CyberSecurity Insiders

DECEMBER 11, 2022

Taylor Swift, the American singer with multiple talents, is extremely concerned about her privacy these days as environmental advocate groups are publishing her travel data online, giving a tip-off to stalkers about her whereabouts. In the year 2022, a survey conducted by a company called ‘Yard’ landed Swift on top of the list of ‘Celebrities with the Worst Private Jet CO2 Emissions’.

Technology 134

Technology Cybersecurity 134

Tech Republic Security

DECEMBER 13, 2022

From safety to where? Find out the right way to turn with this comprehensive analysis of seven options for your business. The post Top industrial IoT security solutions appeared first on TechRepublic.

IoT 159

IoT Internet Internet Software 159

SecureList

DECEMBER 14, 2022

At this point, it has become cliché to say that nothing in 2022 turned out the way we expected. We left the COVID-19 crisis behind hoping for a long-awaited return to normality and were immediately plunged into the chaos and uncertainty of a twentieth-century-style military conflict that posed serious risks of spreading over the continent. While the broader geopolitical analysis of the war in Ukraine and its consequences are best left to experts, a number of cyberevents have taken place during t

DDOS 132

DDOS Ransomware Government Energy and Utilities 132

InfoWorld on Security

DECEMBER 12, 2022

Early December marked the one-year anniversary of the Log4j security meltdown. Ever since, the software world has been on a dead sprint to ensure it would never happen again. We’re finally seeing some traction as the missing links in software supply chain security begin to get filled in. Log4j was a crippling event for many organizations that struggled to understand whether and where they were even running the popular open source logging utility in their environments.

Software 132

Software 132

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Google Security

DECEMBER 13, 2022

Posted by Rex Pan, software engineer, Google Open Source Security Team Today, we’re launching the OSV-Scanner , a free tool that gives open source developers easy access to vulnerability information relevant to their project. Last year, we undertook an effort to improve vulnerability triage for developers and consumers of open source software. This involved publishing the Open Source Vulnerability (OSV) schema and launching the OSV.dev service, the first distributed open source vulnerability dat

Software 131

Software Engineering Cybersecurity 131

Tech Republic Security

DECEMBER 15, 2022

Yes, there’s a good chance “123456” is the code to the restroom at your local Starbucks, but it is also the second most popular password worldwide, according to a new study by password manager NordPass. That can’t be good. The post Security alert: Use these most popular passwords at your peril appeared first on TechRepublic.

Passwords 146

Passwords Password Management 146

Bleeping Computer

DECEMBER 15, 2022

Security analysts have discovered two API security vulnerabilities in BrickLink.com, LEGO Group's official second-hand and vintage marketplace for LEGO bricks. [.].

Accountability 135

Accountability 135

CyberSecurity Insiders

DECEMBER 13, 2022

Central government employees of India will receive a Standard Operating Procedure (SOP) on Cyber Attacks by this month and suggesting measures to take before a cyber attack and steps to mitigate risks, if in case, an organization becomes a victim to a digital attack. Amid tensions from the government of China, the Prime Minister Shri Narendra Modi led government has urged public sector units and ministries to increase vigil on their computer networks against foreign nation intrusions.

Cyber Attacks 129

Cyber Attacks Government Passwords Cyber threats 129

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

Security Boulevard

DECEMBER 14, 2022

Introduction In the cyber security space, one of the accepted realities is that to stay relevant, you must be constantly learning. Whether this is learning a new field, tool, or even just staying abreast of the latest emerging threats, you must always be learning. However, sometimes finding quality content to learn from can be tricky, […]. The post The 80 Best Cyber Security YouTube Channels appeared first on Cyborg Security.

127

127

Tech Republic Security

DECEMBER 14, 2022

New research from Proofpoint exposes a large shift in the TA453 threat actor’s modus operandi, which started conducting more hostile attacks. The post Iranian state-aligned threat actor targets new victims in cyberespionage and kinetic campaigns appeared first on TechRepublic.

Cybersecurity 143

Cybersecurity Hacking 143

Bleeping Computer

DECEMBER 14, 2022

Multiple editions of Windows 10 21H1 have reached their end of service (EOS) on this month's Patch Tuesday, as Microsoft reminded customers yesterday. [.].

139

139

Heimadal Security

DECEMBER 14, 2022

GoTrim, a new Go-based botnet malware, scans the internet for WordPress websites and attempts to brute force the administrator’s password and take control of the site. Compromise means potential security risks, including malware deployment and injection of scripts that steal credit card information, being capable of impacting millions, depending on the popularity of the breached sites.

Accountability 126

Accountability Passwords Internet Internet 126

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

Risk