Sat.Dec 31, 2022 - Fri.Jan 06, 2023

article thumbnail

Breaking RSA with a Quantum Computer

Schneier on Security

A group of Chinese researchers have just published a paper claiming that they can—although they have not yet done so—break 2048-bit RSA. This is something to take seriously. It might not be correct, but it’s not obviously wrong. We have long known from Shor’s algorithm that factoring with a quantum computer is easy. But it takes a big quantum computer, on the orders of millions of qbits, to factor anything resembling the key sizes we use today.

article thumbnail

Let The New Year And Its Blessings Begin

Joseph Steinberg

“May the present year’s curses end as it ends, and may the upcoming year’s blessings begin as it begins.”. This ancient aphorism from the Talmud is one of my favorite pieces of advice regarding the start of a new year. While many people interpret the saying as a wish or a prayer – and it certainly can be understood as expressing hope for a better future – I understand it also to be a call to action.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Weekly Update 329

Troy Hunt

Strap yourself in, this is a big one! Big video, big breach (scrape?), and a big audience today. The Twitter incident consumed a heap of my time before, during and after this live stream, but then I go and get a sudden itch to do stuff like the number plate capturing and, well, there goes even more hours I don't have. But hey, I love what I do and I have no regrets, I hope you enjoy watching this week's vid 😊 Oh - one more thing: today I set up an official Mastodon account for

article thumbnail

Machine-Learning Python package compromised in supply chain attack

Tech Republic Security

A nightly build version of a machine-learning framework dependency has been compromised. The package ran malicious code on affected systems and stole data from unsuspecting users. The post Machine-Learning Python package compromised in supply chain attack appeared first on TechRepublic.

214
214
article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

Remote Vulnerabilities in Automobiles

Schneier on Security

This group has found a ton of remote vulnerabilities in all sorts of automobiles. It’s enough to make you want to buy a car that is not Internet-connected. Unfortunately, that seems to be impossible.

Internet 278
article thumbnail

200 million Twitter users' email addresses allegedly leaked online

Bleeping Computer

A data leak described as containing email addresses for over 200 million Twitter users has been published on a popular hacker forum for about $2. BleepingComputer has confirmed the validity of many of the email addresses listed in the leak. [.].

More Trending

article thumbnail

Recent 2022 cyberattacks presage a rocky 2023

Tech Republic Security

A spate of zero-day exploits against Twitter, Rackspace and others late last year showed the limits of a cybersecurity workforce under duress, a step behind and understaffed with some 3.4 million vacant seats. The post Recent 2022 cyberattacks presage a rocky 2023 appeared first on TechRepublic.

article thumbnail

Schneier on Security Audiobook Sale

Schneier on Security

I’m not sure why, but Audiobooks.com is offering the audiobook version of Schneier on Security at 50% off until January 17.

231
231
article thumbnail

5 Things You Should Not Share on Social Media

Identity IQ

5 Things You Should Not Share on Social Media. IdentityIQ. Social media has become some of the most popular platforms people spend their time on. Whether you want to check up on your family members, post photos or even meet new people, social media is the way to go. Even businesses take up social media to promote their products and services. What you post on social media today is important, so make sure you try to avoid these types of posts. 1.

Media 142
article thumbnail

An overview of Cybersecurity Issues faced by the Fintech Industry

Security Boulevard

With so many digital wallet options, Fintech Cybersecurity Risks like fraudulent transactions, extortion, denial of service attacks, and credit card fraud have increased. These cyberattacks are powerful enough to put the financial sector at systemic risk. Some of the most well-known cyberattacks the financial sector has seen to date have impacted critical economic infrastructures.

article thumbnail

Beware of Pixels & Trackers on U.S. Healthcare Websites

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

article thumbnail

Cloud email services bolster encryption against hackers

Tech Republic Security

Google, Microsoft and Proton launched new end-to-end encryption products to confront the 50% increase in ransomware, phishing and other email-vector attacks from the first half of 2022. The post Cloud email services bolster encryption against hackers appeared first on TechRepublic.

article thumbnail

LostPass: after the LastPass hack, here’s what you need to know

Graham Cluley

Do you use the LastPass password manager? Did you know they suffered a data breach, and that your passwords may be at risk? You do now. Here's what you need to know.

article thumbnail

Why Zero Trust Helps Unlock Security Resilience

Cisco Security

Speaking to many CISOs, it’s clear that many security executives view zero trust as a journey that can be difficult to start, and one that even makes identifying successful outcomes a challenge. Simultaneously, the topic of security resilience has risen up the C-level agenda and is now another focus for security teams. So, are these complementary?

CISO 139
article thumbnail

Gaming: How much is too much for our children?

We Live Security

With many children spending a little too much time playing video games, learn to spot the signs things may be spinning out of control. The post Gaming: How much is too much for our children? appeared first on WeLiveSecurity.

139
139
article thumbnail

Software Composition Analysis: The New Armor for Your Cybersecurity

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

article thumbnail

Meta violates GDPR with non-compliant targeted ad practices, earns over $400 million in fines

Tech Republic Security

Meta has violated GDPR with illegal personal data collection practices for targeted ads. Learn about this latest violation and Meta's rocky GDPR history. The post Meta violates GDPR with non-compliant targeted ad practices, earns over $400 million in fines appeared first on TechRepublic.

article thumbnail

The Five-Step PCI DSS 4.0 Transition Checklist

CyberSecurity Insiders

By Tyler Reguly, senior manager, security R&D at cybersecurity software and services provider Fortra. The pandemic ushered in an unprecedented wave of online purchasing, as people around the world became far more comfortable with virtual shopping. In fact, the U.S. Census Bureau’s latest  Annual Retail Trade Survey  reports e-commerce expenditures rose from $571.2 billion in 2019 to $815.4 billion in 2020, a 43% increase.

Antivirus 138
article thumbnail

Digital Transformation Driving Increased Cybersecurity Costs

Security Boulevard

Nearly half (49%) of cybersecurity professionals citied digital business transformation issues as the top factor driving an increase in cybersecurity costs, according to a survey conducted by Dimensional Research on behalf of Deepwatch, a provider of managed detection and response services. The survey of 107 IT security professionals working at organizations with more 1,000 employees.

article thumbnail

Security Outlook 2023: Cyber Warfare Expands Threats

eSecurity Planet

After a year that saw massive ransomware attacks and open cyber warfare, the biggest question in cybersecurity for 2023 will likely be how much of those attack techniques get commoditized and weaponized. “In 2022, governments fought wars online, businesses were affected by multiple ransomware gangs, and regular users’ data was constantly on hackers’ radars,” said NordVPN CTO Marijus Briedis. 2023, he predicted, “will not be any easier when it comes to keeping users’

article thumbnail

From Complexity to Clarity: Strategies for Effective Compliance and Security Measures

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

article thumbnail

How to configure an SMTP server in a self-hosted instance Passbolt

Tech Republic Security

With the self-hosted Passbolt password manager, you must configure an SMTP server to use the collaboration features. Learn how to do it. The post How to configure an SMTP server in a self-hosted instance Passbolt appeared first on TechRepublic.

article thumbnail

What’s Next in Cybersecurity: Insights for 2023

CyberSecurity Insiders

By Geert van der Linden, EVP & Head of Global Cybersecurity Practice at Capgemini. You might feel like we live in an age of permacrisis. The past year has brought about rising geopolitical tensions, mass digitalization, more hybrid working, and a skilled labor shortage. Adding to these challenges is the new era of almost limitless connectivity, which is changing the way we live and work, all the while causing havoc for cybersecurity teams.

article thumbnail

F5 Delivers on Cybersecurity Integration Promise

Security Boulevard

F5 has extended the reach of its cloud security platform to include the infrastructure that applications are deployed on using technology it gained with the acquisition of ThreatStack in late 2021. Chris Ford, regional vice president for F5, said F5 Distributed Cloud App Infrastructure Protection (AIP) expands the scope of the capabilities that the company.

article thumbnail

Ransomware gang apologizes, gives SickKids hospital free decryptor

Bleeping Computer

The LockBit ransomware gang has released a free decryptor for the Hospital for Sick Children (SickKids), saying one of its members violated rules by attacking the healthcare organization. [.].

article thumbnail

Successful Change Management with Enterprise Risk Management

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

article thumbnail

Why it might be time to consider using FIDO-based authentication devices

CSO Magazine

Every business needs a secure way to collect, manage, and authenticate passwords. Unfortunately, no method is foolproof. Storing passwords in the browser and sending one-time access codes by SMS or authenticator apps can be bypassed by phishing. Password management products are more secure, but they have vulnerabilities as shown by the recent LastPass breach that exposed an encrypted backup of a database of saved passwords.

article thumbnail

2023 Predictions for Storage and Backup Ransomware

CyberSecurity Insiders

By Doron Pinhas, Chief Technology Officer, Continuity. 2022 clearly demonstrated that attacks on data represent the greatest cyber-threat organizations face. The attack pace not only continued, it accelerated. Notable data breaches took place at Microsoft, News Corp., the Red Cross, FlexBooker, Cash App, GiveSendGo, and several crypto firms. Many of these attacks took advantage of known vulnerabilities and security misconfigurations in storage and backup systems.

Backups 136
article thumbnail

What Should You Expect From The Best Washington DC IT Support?

SecureBlitz

The business world continues to develop and advance. Nowadays, technology plays a crucial role in almost every industry, and you do not want to be left behind. It’s critical to implement technology as much as possible in your business and start benefiting from all its advantages. For that reason, you need to look for the […]. The post What Should You Expect From The Best Washington DC IT Support?

article thumbnail

Cybersecurity Insights with Contrast CISO David Lindner | 1/6

Security Boulevard

Insight #1. ". If your source code is leaked, the first thing you need to do is make sure the malicious actors are not still in your environment, do not worry about what is in your code. Get them out first.". . Insight #2. ". Transparency is the key to incident response and communication with those affected. Be as transparent as possible even with many unknowns.". .

CISO 128
article thumbnail

Cover Your SaaS: How to Overcome Security Challenges and Risks For Your Organization

Speaker: Ronald Eddings, Cybersecurity Expert and Podcaster

So, you’ve accomplished an organization-wide SaaS adoption. It started slow, and now just a few team members might be responsible for running Salesforce, Slack, and a few others applications that boost productivity, but it’s all finished. Or is it? Through all the benefits offered by SaaS applications, it’s still a necessity to onboard providers as quickly as possible.

article thumbnail

Chick-fil-A investigates reports of hacked customer accounts

Bleeping Computer

American fast-food restaurant chain Chick-fil-A is investigating what it described as "suspicious activity" linked to some of its customers' accounts. [.].

article thumbnail

The Four Keys to Achieving an Optimal Application Experience

CyberSecurity Insiders

By Larry Goldman, Senior Manager of Product Marketing, Progress. To this point, many businesses have failed to look at application experience (AX) management holistically, as its own challenge with its own set of distinct––and interlocking––solutions. This oversight has been to their detriment. The fact is that every second of lag time on an online banking app risks alienating the consumer.

Marketing 135
article thumbnail

NATO tests AI’s ability to protect critical infrastructure against cyberattacks

CSO Magazine

Autonomous intelligence, artificial intelligence (AI) that can act without human intervention, can help identify critical infrastructure cyberattack patterns and network activity, and detect malware to enable enhanced decision-making about defensive responses. That’s according to the preliminary findings of an international experiment of AI’s ability to secure and defend systems, power grids and other critical assets by cyber experts at the North Atlantic Treaty Organization’s (NATO) Cyber Coali

article thumbnail

A crazy ’22… ready for “do more with less” 2023?

Security Boulevard

2022 was defined by change and crisis. The year started with glimmers of post-pandemic hope before the war and widespread inflation turned everything upside down. Through this mess, Balbix had to maneuver and execute. Our list of 2022 accomplishments is long: new logos, revenue growth, multi-million-dollar contracts, a growing list of partners, 100+ new platform ….

CISO 128
article thumbnail

How Preparation and Strategy Can Be Used to Fight and Defeat Any Ransomware Attack

Speaker: Karl Camilleri, Cloud Services Product Manager at phoenixNAP

Did you know that 2021 was a record-breaking year for ransomware? The days of a “once in a while” attack against businesses and organizations are over. Cyberthreats have become a serious issue. With 495.1 million attacks, the threat marked a 148% increase compared to 2020 and was the most expensive year on record! As a result, data protection needs to be a concern for most banks, businesses, and information technology specialists.