Schneier on Security

DECEMBER 31, 2021

This development suprises no one who has been paying attention: Researchers now believe AirTags, which are equipped with Bluetooth technology, could be revealing a more widespread problem of tech-enabled tracking. They emit a digital signal that can be detected by devices running Apple’s mobile operating system. Those devices then report where an AirTag has last been seen.

Technology 348

Technology Mobile Surveillance 348

Troy Hunt

DECEMBER 30, 2021

2021 Dumpster fire? Harsh, but fair and I shall keep this 3D-printed reminder handy and hope I don't end up needing to print a 2022 version! So many times throughout this week's video I came back to that theme. But hey, there was some positive stuff too, not least the bits about some of the wonderful organisations I've worked with this year, bought products from or otherwise just been a big part of my digital life in 2021.

Accountability 289

Accountability Malware 289

Tech Republic Security

DECEMBER 31, 2021

Enjoy the peace of mind that comes from having a lifetime backup plan and VPN subscription — at a price you can afford.

VPN 218

VPN Backups 218

Security Affairs

DECEMBER 31, 2021

Researchers devised a series of attacks against SSDs that could allow to implant malware in a location that is not monitored by security solutions. Korean researchers devised a series of attacks against solid-state drives (SSDs) that could allow to implant malware in specific memory locations bypassing security solutions. The attacks work against drives with flex capacity features and allow to implant a malicious code in a hidden area of SSDs called over-provisioning.

Malware 145

Malware Firmware Manufacturing Media 145

Speaker: Erroll Amacker

Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.

Risk

Bleeping Computer

DECEMBER 30, 2021

The Kyoto University in Japan has lost about 77TB of research data due to an error in the backup system of its Hewlett-Packard supercomputer. [.].

Backups 145

Backups 145

We Live Security

DECEMBER 30, 2021

As we usher in the New Year, let’s take a look at some statistics that will help you stay up-to-date on recent cybersecurity trends. The post 22 cybersecurity statistics to know for 2022 appeared first on WeLiveSecurity.

Cybersecurity 145

Cybersecurity 145

Security Affairs

DECEMBER 31, 2021

The Have I Been Pwned data breach notification service now includes credentials for 441K accounts that were stolen by RedLine malware. The Have I Been Pwned data breach notification service now allows victims of the RedLine malware to check if their credentials have been stolen. The service now includes credentials for 441K accounts stolen by the popular info-stealer.

Accountability 145

Accountability Malware Data breaches Passwords 145

The Hacker News

DECEMBER 30, 2021

A never-before-seen China-based targeted intrusion adversary dubbed Aquatic Panda has been observed leveraging critical flaws in the Apache Log4j logging library as an access vector to perform various post-exploitation operations, including reconnaissance and credential harvesting on targeted systems.

Cybersecurity 145

Cybersecurity 145

Bleeping Computer

DECEMBER 28, 2021

Many LastPass users report that their master passwords have been compromised after receiving email warnings that someone tried to use them to log into their accounts from unknown locations. [.].

Passwords 145

Passwords Accountability 145

Tech Republic Security

DECEMBER 27, 2021

Have fond memories of 2021? They probably don't include these 10 stories or the products and services surrounding them.

218

218

Advertisement

Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.

Cyber threats

Security Affairs

DECEMBER 27, 2021

Researchers from DrWeb monitored attacks leveraging exploits for vulnerabilities in the Apache Log4j library. Researchers from DrWeb monitored attacks leveraging exploits for vulnerabilities (CVE-2021-44228, CVE-2021-45046, CVE2021-4104, and CVE-2021-42550) in the Apache Log4j library warning of the need to adopt protective measures. The vulnerabilities can allow threat actors to execute arbitrary code on the target systems, trigger a Denial of Service condition, or disclose confidential informa

Hacking 145

Hacking Software Cybercrime Information Security 145

CSO Magazine

DECEMBER 28, 2021

Many employees at businesses worldwide have been forced to work from home because of COVID-19 related social distancing mandates. The security of employee home networks, and of the devices connected to them, are becoming increasingly important considerations for organizations that need to continue to support a large remote workforce for the foreseeable future.

Technology 144

Technology 144

Bleeping Computer

DECEMBER 28, 2021

Apache has released another Log4j version, 2.17.1 fixing a newly discovered remote code execution (RCE) vulnerability in 2.17.0, tracked as CVE-2021-44832. Prior to today, 2.17.0 was the most recent version of Log4j and deemed the safest release to upgrade to, but that advice has now evolved. [.].

145

145

Tech Republic Security

DECEMBER 27, 2021

Dark data is a major challenge in enterprises, and it's not going away soon. Fortunately, there are ways to reduce dark data and the risks that come with it.

Risk 209

Risk 209

Advertisement

The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.

Cybersecurity

Security Affairs

DECEMBER 26, 2021

Apple recently addressed fixed a flaw in the macOS that could be potentially exploited by an attacker to bypass Gatekeeper security feature. Apple recently addressed a vulnerability in the macOS operating system, tracked as CVE-2021-30853, that could be potentially exploited by an attacker to bypass the Gatekeeper security feature and run arbitrary code.

Malware 145

Malware Hacking Information Security 145

Security Boulevard

DECEMBER 31, 2021

What do you think will happen next in the domain of cybersecurity? Which new developments or challenges will become the talk of the town in the year ahead? Who will make the most progress in the constant war waged between cybercriminals and organizations worldwide? When it comes to cybersecurity, it always pays to stay prepared. […]. The post Cybersecurity Predictions for 2022: Stay Ahead of Threats appeared first on Kratikal Blogs.

Cybersecurity 144

Cybersecurity Cyber threats 144

Bleeping Computer

DECEMBER 29, 2021

T-Mobile confirmed that recent reports of a new data breach are linked to notifications sent to a "very small number of customers" that they fell victim to SIM swap attacks. [.].

Data breaches 145

Data breaches Mobile 145

Tech Republic Security

DECEMBER 30, 2021

If you're looking for a VPN server to host in-house, look no further than the AlmaLinux/Pritunl combination. See how easy it is to get this service up and running.

VPN 200

VPN 200

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

Security Affairs

DECEMBER 29, 2021

T-Mobile discloses a new data breach that impacted a “very small number of customers” who were victim of SIM swap attacks. T-Mobile has suffered another security breach, threat actors gained access to the accounts of “a small number of” customers.’. According to The T-Mo Report , which viewed T-Mobile internal documents, there was “unauthorized activity” on some customer accounts.

Data breaches 145

Data breaches Mobile Accountability Wireless 145

Security Boulevard

DECEMBER 28, 2021

The post Top DevOps Trends That Will Dominate in 2022 appeared first on PeoplActive. The post Top DevOps Trends That Will Dominate in 2022 appeared first on Security Boulevard.

144

144

Bleeping Computer

DECEMBER 28, 2021

The RedLine information-stealing malware targets popular web browsers such as Chrome, Edge, and Opera, demonstrating why storing your passwords in browsers is a bad idea. [.].

Passwords 145

Passwords Malware 145

Tech Republic Security

DECEMBER 27, 2021

Many employers are now offering digital security benefits to help protect their employees. Learn about such arrangements and see how you can get started implementing them.

199

199

Speaker: Sierre Lindgren

Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.

Scams

Security Affairs

DECEMBER 29, 2021

China-linked BlackTech cyberespionage group was targeting Japanese companies using new malware tracked as ‘Flagpro’. Researchers from NTT Security reported that China-linked BlackTech cyberespionage group targeted Japanese companies using new malware tracked as ‘Flagpro’. Attacks using Flagpro targeted multiple companies in Defense, Media, and Communications industries several times. .

Malware 145

Malware Phishing Passwords Media 145

The Hacker News

DECEMBER 30, 2021

A previously unknown rootkit has been found setting its sights on Hewlett-Packard Enterprise's Integrated Lights-Out (iLO) server management technology to carry out in-the-wild attacks that tamper with the firmware modules and completely wipe data off the infected systems.

Firmware 143

Firmware Technology Malware Cybersecurity 143

Bleeping Computer

DECEMBER 31, 2021

Researchers have found half a dozen high-risk vulnerabilities in the latest firmware version for the Netgear Nighthawk R6700v3 router. At publishing time the flaws remain unpatched. [.].

Firmware 144

Firmware Risk 144

Tech Republic Security

DECEMBER 30, 2021

Even if you have no tech experience, you can develop valuable skills with the online training offered by The Super-Sized Ethical Hacking Bundle.

Hacking 148

Hacking Marketing 148

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Security Affairs

DECEMBER 26, 2021

The IT services company Inetum Group was hit by a ransomware attack a few days before the Christmas holiday. French IT services company Inetum Group was hit by a ransomware attack a few days before the Christmas holiday, but according to the company the security breach had a limited impact on its operations. Inetum is an agile IT services company that provides digital services and solutions, and a global group that helps companies and institutions to get the most out of digital flow.

Ransomware 145

Ransomware Cybercrime Advertising Information Security 145

The Hacker News

DECEMBER 29, 2021

An ongoing crypto mining campaign has upgraded its arsenal while adding new defense evasion tactics that enable the threat actors to conceal the intrusions and fly under the radar, new research published today has revealed.

Malware 143

Malware 143

Bleeping Computer

DECEMBER 30, 2021

Korean researchers have developed a set of attacks against some solid-state drives (SSDs) that could allow planting malware in a location that's beyond the reach of the user and security solutions. [.].

Firmware 144

Firmware Malware 144

Naked Security

DECEMBER 30, 2021

We deconstructed a copyright phish so you don't have to. Be warned: the crooks are getting better at these scams.

Scams 142

Scams Phishing 142

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!