Sat.Dec 18, 2021 - Fri.Dec 24, 2021

The Top 22 Security Predictions for 2022

Lohrman on Security

What will the New Year bring in cyber space? Here’s your annual roundup of the top security industry forecasts, trends and cybersecurity prediction reports for calendar year 2022

Open Source Pwned Passwords with FBI Feed and 225M New NCA Passwords is Now Live!

Troy Hunt

In the last month, there were 1,260,000,000 occasions where a service somewhere checked a password against Have I Been Pwned's (HIBP's) Pwned Password API. 99.7%

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

More on NSO Group and Cytrox: Two Cyberweapons Arms Manufacturers

Schneier on Security

Citizen Lab published another report on the spyware used against two Egyptian nationals. One was hacked by NSO Group’s Pegasus spyware. The other was hacked both by Pegasus and by the spyware from another cyberweapons arms manufacturer: Cytrox.

Stealing More SRE Ideas for Your SOC

Anton on Security

As we discussed in “Achieving Autonomic Security Operations: Reducing toil” (or it’s early version “Kill SOC Toil, Do SOC Eng” ), your Security Operations Center (SOC) can learn a lot from what IT operations learned during the SRE revolution.

How Preparation and Strategy Can Be Used to Fight and Defeat Any Ransomware Attack

Speaker: Karl Camilleri, Cloud Services Product Manager at phoenixNAP

Through a detailed analysis of major attacks and their consequences, Karl Camilleri, Cloud Services Product Manager at phoenixNAP, will discuss the state of ransomware and future predictions, as well as provide best practices for attack prevention and recovery.

2021 Cyber Review: The Year Ransomware Disrupted Infrastructure

Lohrman on Security

2021 will be remembered as the most disruptive year so far when it came to cyber attacks, with ransomware impacting businesses and governments — including critical infrastructure — as never before

Weekly Update 275

Troy Hunt

I'd say this is probably the most epic scene I've ever done one of these videos from and equally, the main topic of the day around Pwned Passwords and the work done with the FBI and NCA is the most epic thing I've done for a very long time.

More Trending

Everything Encrypted Will Soon Become Decryptable: We Must Prepare Now For The Era Of Quantum Computers

Joseph Steinberg

Nearly every piece of data that is presently protected through the use of encryption may become vulnerable to exposure unless we take action soon.

The Subsequent Waves of log4j Vulnerabilities Aren’t as Bad as People Think

Daniel Miessler

If you’re reading this you’re underslept and over-caffeinated due to log4j. Thank you for your service. I have some good news. I know a super-smart guy named d0nut who figured something out like 3 days ago that very few people know. Once you have 2.15

GUEST ESSAY: Introducing ‘killware’ — malware designed to contaminate, disrupt critical services

The Last Watchdog

Within the past year, we have seen a glut of ransomware attacks that made global news as they stymied the operations of many. In May, the infamous Colonial Pipeline ransomware attack disrupted nationwide fuel supply to most of the U.S. East Coast for six days. Related: Using mobile apps to radicalize youth. But the danger has moved up a notch with a new, grave threat: killware.

Switch to a well-paid tech career in 2022: Check out these 200+ IT courses

Tech Republic Security

Training for a lucrative tech career is easier and less expensive than you might think. Check out these online courses on programming, cybersecurity, project management and more

Cover Your SaaS: How to Overcome Security Challenges and Risks For Your Organization

Speaker: Ronald Eddings, Cybersecurity Expert and Podcaster

In this webinar, Ronald Eddings, Cybersecurity Expert, will outline the relationship between SaaS apps and IT & security teams, along with several actionable solutions to overcome the new difficulties facing your organization.

Ransomware: 10 Facts You Need To Know, But Might Not

Joseph Steinberg

Ransomware. After years of making headlines by successfully breaching hospitals, businesses, and government agencies, and causing them to suffer many millions of dollars of damage, the dangerous type of malware known as “ransomware” continues to wreak havoc around the globe.

Log4j: A CISO's Practical Advice

Dark Reading

Working together is going to make getting through this problem a lot easier

CISO 114

GUEST ESSAY: Why Microsoft Exchange users ‘must have’ robust data recovery policies, practices

The Last Watchdog

Cloud hosted email services have come into wide use as the go-to communication and collaboration work tools for businesses far and wide. Related: Weaponized email endures as top threat. Digital native companies start from day one relying entirely on Microsoft Office 365 or Google’s G Suite and most established companies are in some stage of migrating to, or adjusting for, Office 365 or G Suite.

How to deploy a Bitwarden server with Docker

Tech Republic Security

Are you looking to deploy an in-house password manager server? Jack Wallen shows you how with Bitwarden and Docker

How to Avoid the Pain and Cost of PCI Compliance While Optimizing Payments

Speaker: P. Andrew Sjogren, Sr. Product Marketing Manager at Very Good Security, Matt Doka, Co-Founder and CTO of Fivestars, and Steve Andrews, President & CEO of the Western Bankers Association 

In this webinar, we have a great set of panelists who will take you through how Zero Data strategies can be used as part of a well-rounded compliance and security approach, and get you to market much sooner by also allowing for payment optimization. They’ll share how to grow your business faster and minimize costs for both security and compliance

Expert Details macOS Bug That Could Let Malware Bypass Gatekeeper Security

The Hacker News

Apple recently fixed a security vulnerability in the macOS operating system that could be potentially exploited by a threat actor to "trivially and reliably" bypass a "myriad of foundational macOS security mechanisms" and run arbitrary code.

7 of the Most Impactful Cybersecurity Incidents of 2021

Dark Reading

There was a lot to learn from breaches, vulnerabilities, and attacks this year

Patch these 2 Active Directory flaws to prevent the takeover of Windows domains

Security Affairs

Microsoft warns of a couple of Active Directory flaws fixed with the November 2021 Patch Tuesday updates that could allow takeover of Windows domains.

Grinch bots hijack all kinds of holiday shopping, from gift cards to hype drop sales

Tech Republic Security

Kasada research finds that all-in-one bots are fooling cyberdefenses and automating the checkout process to snap up in-demand goods

171
171

Back to the Office: Privacy and Security Solutions to Compliance Issues for 2021 and Beyond

Speaker: Mike Cramer, Director of HIPAA & Data Security at The Word & Brown Companies

Now that companies are slowly allowing employees to return to work at the office, it's time to re-evaluate your company’s posture towards privacy and security. Join Mike Cramer, Director of HIPAA & Data Security at The Word & Brown Companies, for a discussion that will focus on compliance and the types of privacy and security measures your company should be aware of, as well as tips and methods for implementing these measures.

New Exploit Lets Malware Attackers Bypass Patch for Critical Microsoft MSHTML Flaw

The Hacker News

A short-lived phishing campaign has been observed taking advantage of a novel exploit that bypassed a patch put in place by Microsoft to fix a remote code execution vulnerability affecting the MSHTML component with the goal of delivering Formbook malware.

The Future of Work Has Changed, and Your Security Mindset Needs to Follow

Dark Reading

VPNs have become a vulnerability that puts organizations at risk of cyberattacks

Risk 114

How to evolve your organization into a data-centric security architecture

CyberSecurity Insiders

This blog was written by an independent guest blogger. Defense strategies have evolved as hackers have changed their schemes, and one new approach companies are putting into practice for their security plan is data-centric security.

Conti ransomware is exploiting the Log4Shell vulnerability to the tune of millions

Tech Republic Security

Log4Shell is a dangerous security concern — and now Conti, a prominent ransomware group, is exploiting it to attack vulnerable servers to extort millions of dollars

China suspends deal with Alibaba for not sharing Log4j 0-day first with the government

The Hacker News

China's internet regulator, the Ministry of Industry and Information Technology (MIIT), has suspended a partnership with Alibaba Cloud, the cloud computing subsidiary of e-commerce giant Alibaba Group, for six months for failing to promptly report a critical security vulnerability affecting the broadly used Log4j logging library.

93% of Tested Networks Vulnerable to Breach, Pen Testers Find

Dark Reading

Data from dozens of penetration tests and security assessments suggest nearly every organization can be infiltrated by cyberattackers

How to manage the security risk of remote working

CyberSecurity Insiders

By Jon Lucas, Co-director, Hyve Managed Hosting. What was once regarded as a perk of the job has now become an outright necessity.

Synthetic identity fraud: What is it and why is it harmful?

Tech Republic Security

Online consumers can do everything right and still become cyber victims. Learn about synthetic identity fraud and why "buyer beware" is not enough

166
166

CISA, FBI and NSA Publish Joint Advisory and Scanner for Log4j Vulnerabilities

The Hacker News

Cybersecurity agencies from Australia, Canada, New Zealand, the U.S., and the U.K. on Wednesday released a joint advisory in response to widespread exploitation of multiple vulnerabilities in Apache's Log4j software library by nefarious adversaries.

The Future of Ransomware

Dark Reading

Focusing on basic security controls and executing them well is the best way to harden your systems against an attack

Securing the Supply Chain During Shipping Challenges

CyberSecurity Insiders

Supply chain challenges have always been present, but they’re growing increasingly common and severe. COVID-related shortages have compounded typical disruptions like holiday season demand, creating unprecedented logistics obstacles.

How to visualise security and threat information in Microsoft Power BI

Tech Republic Security

Want a custom security dashboard to bring together data from multiple places? Microsoft Power BI can do that and help you spot what's changing

163
163

New Mobile Network Vulnerabilities Affect All Cellular Generations Since 2G

The Hacker News

Researchers have disclosed security vulnerabilities in handover, a fundamental mechanism that undergirds modern cellular networks, which could be exploited by adversaries to launch denial-of-service (DoS) and man-in-the-middle (MitM) attacks using low-cost equipment.

Mobile 114

Meta Files Federal Lawsuit Against Phishing Operators

Dark Reading

The Facebook parent company seeks court's help in identifying the individuals behind some 39,000 websites impersonating its brands to collect login credentials

British police data published on dark web by Clop Ransomware Group

CyberSecurity Insiders

Clop Ransomware Group, a Russian based hacking gang, has published some data belonging to British Police on the dark web and stated that the act was a retaliation for not paying the demanded ransom.