Krebs on Security
JANUARY 6, 2022
Norton 360 , one of the most popular antivirus products on the market today, has installed a cryptocurrency mining program on its customers’ computers. Norton’s parent firm says the cloud-based service that activates the program and allows customers to profit from the scheme — in which the company keeps 15 percent of any currencies mined — is “opt-in,” meaning users have to agree to enable it.
Schneier on Security
JANUARY 6, 2022
DuckDuckGo has had a banner year : And yet, DuckDuckGo. The privacy-oriented search engine netted more than 35 billion search queries in 2021 , a 46.4% jump over 2020 (23.6 billion). That’s big. Even so, the company, which bills itself as the “Internet privacy company,” offering a search engine and other products designed to “empower you to seamlessly take control of your personal information online without any tradeoffs,” remains a rounding error compared to Google
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
The Last Watchdog
JANUARY 6, 2022
Cyber threats continue to gain momentum and there are still not enough ways to counter it. Related: Why the ‘Golden Age’ of cyber espionage is upon us. The global threat intelligence market size was estimated at $10.9 billion in 2020 and will grow to $16.1 billion by 2025. Yet, according to the study by the Ponemon Institute, the number of insider leaks has increased by 47 percent in 2020 compared to 2018.
Tech Republic Security
JANUARY 4, 2022
Google says Manifest V3 is focused on security, privacy and performance, but it could also break Chrome browser extensions used by millions of people.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Malwarebytes
JANUARY 6, 2022
When removing malware from an iOS device, it is said that users need to restart the device to clear the malware from memory. That is no longer the case. Security researchers from ZecOps have created a new proof-of-concept (PoC) iPhone Trojan capable of doing “fun” things. Not only can it fake a device shutting down, it can also let attackers snoop via the device’s built-in microphone and camera, and receive potentially sensitive data due to it still being connected to a live ne
Schneier on Security
JANUARY 7, 2022
Norton 360 can now mine Ethereum. It’s opt-in, and the company keeps 15%. It’s hard to uninstall this option.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Tech Republic Security
JANUARY 3, 2022
If you'd like a powerful firewall for your Ubuntu Server, but one that offers a fairly straightforward configuration, Jack Wallen thinks CSF might be the right tool for the job.
Bleeping Computer
JANUARY 5, 2022
Researchers have developed a new technique that fakes a shutdown or reboot of iPhones, preventing malware from being removed and allowing hackers to secretly snoop on microphones and receive sensitive data via a live network connection. [.].
Schneier on Security
JANUARY 5, 2022
Both Russia and Ukraine are preparing for military operations in cyberspace.
Security Boulevard
JANUARY 4, 2022
There was no shortage of cybersecurity headlines in 2021. From REvil’s attacks, disappearance and resurgence to a brewing “cyber cold war” sweeping the world, 2021 was one of the most hectic years yet for the cybersecurity industry. And 2022 looks like it is going to be just as challenging, if not more so. A complex. The post What’s Ahead for AI and Cybersecurity in 2022 appeared first on Security Boulevard.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Tech Republic Security
JANUARY 5, 2022
The Kennedy Space Center kick-started Andee Harston's career in cybersecurity. Here's how she worked her way up to overseeing the cybersecurity curriculum for Infosec.
Bleeping Computer
JANUARY 3, 2022
Programmers, sysadmins, security researchers, and tech hobbyists copying-pasting commands from web pages into a console or terminal risk having their system compromised. Wizer's Gabriel Friedlander demonstrates an obvious, simple yet stunning trick that'll make you think twice before copying-pasting text from web pages. [.].
We Live Security
JANUARY 3, 2022
Be alert, be proactive and break these 10 bad habits to improve your cyber-hygiene in 2022. The post Breaking the habit: Top 10 bad cybersecurity habits to shed in 2022 appeared first on WeLiveSecurity.
Security Boulevard
JANUARY 3, 2022
Ransomware is more pervasive than ever, and the number of attacks is mindboggling. With help from ransomware-as-a-service (RaaS), cybercriminals and organized “bad actors” continue to wreak havoc. Cybersecurity vendor SonicWall recorded more than 495 million ransomware attack attempts globally by the end of Q3 2021, a 148% increase from 2020. Despite efforts by enterprises to secure.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Tech Republic Security
JANUARY 6, 2022
Attackers are taking advantage of the comment feature in Google Docs to send people emails with malicious links, says Avanan.
Bleeping Computer
JANUARY 4, 2022
Hackers used a cloud video hosting service to perform a supply chain attack on over one hundred real estate sites that injected malicious scripts to steal information inputted in website forms. [.].
We Live Security
JANUARY 4, 2022
How can you help your kids navigate Instagram safely? Here are a few tips to help you protect their privacy on the app. The post Instagram and teens: A quick guide for parents to keep their kids safe appeared first on WeLiveSecurity.
Security Boulevard
JANUARY 3, 2022
Apple is coming under renewed flak for its AirTags—and how they make life easy for stalkers and carjackers. But is the criticism fair? The post Apple AirTag: Absolutely Awful, Say Stalking Victims appeared first on Security Boulevard.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Tech Republic Security
JANUARY 5, 2022
Already impacting more than 2,000 victims, the malware is able to modify a DLL file digitally signed by Microsoft, says Check Point Research.
Bleeping Computer
JANUARY 7, 2022
SonicWall has confirmed today that some of its Email Security and firewall products have been hit by the Y2K22 bug, causing message log updates and junk box failures starting with January 1, 2022. [.].
CSO Magazine
JANUARY 6, 2022
As global economies look to exit the pandemic chaos, there is a cloud of uncertainty around navigating the new normal. While enterprises tout their efforts to accelerate digital transformation efforts, for security leaders in business there is a dark side to the rapid deployment of new technology. Remote work, virtual meetings, hybrid cloud networks , and SaaS adoption have all brought about complex IT infrastructures that are opening up new threat avenues.
Security Boulevard
JANUARY 7, 2022
On Tuesday, the United States Federal Trade Commission (FTC) issued a stern warning to companies that have not yet patched the Log4j vulnerability: We will find you. The post Cybersecurity News Round-Up: Week of January 3, 2022 appeared first on Security Boulevard.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Tech Republic Security
JANUARY 7, 2022
The new opt-in feature turns your idle PC into a cryptominer, with Norton skimming 15% off the top, plus market fees.
Bleeping Computer
JANUARY 7, 2022
The US National Counterintelligence and Security Center (NCSC) and the Department of State have jointly published guidance on defending against attacks using commercial surveillance tools. [.].
Malwarebytes
JANUARY 6, 2022
The New York State Office of the Attorney General has warned 17 companies that roughly 1.1 million customers have had their user accounts compromised in credential stuffing attacks. Credential stuffing is the automated injection of stolen username and password pairs in to website login forms, in order to fraudulently gain access to user accounts. Many users reuse the same password and username/email, so if those credentials are stolen from one site—say, in a data breach or phishing attack—attack
Security Boulevard
JANUARY 4, 2022
This time of year is traditionally for either looking back at the previous year or looking forward to the year ahead. While there have been great advances over the years with respect to information security tools, technologies, training and awareness, significant challenges remain. What follows are my estimations of the top information security challenges for.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Tech Republic Security
JANUARY 4, 2022
Commentary: The privacy-oriented search engine keeps winning fans. Will it spur Google to improve its own privacy?
Bleeping Computer
JANUARY 6, 2022
Microsoft has acknowledged an issue triggered by a Windows 10, version 21H2 security update released during the December 2021 Patch Tuesday that causes search issues in Outlook for Microsoft 365. [.].
Security Affairs
JANUARY 2, 2022
The Lapsus$ ransomware hit Impresa, the largest media conglomerate in Portugal and the owner of SIC and Expresso. The Lapsus$ ransomware gang has compromised the infrastructure of Impresa, the largest media conglomerate in Portugal. Impresa owns SIC TV channel, and Expresso newspaper, among other leading media, like several magazine publications. The attack took place during the New Year holiday, the websites of the Impresa group, the SIC TV channels, and the Expresso were forced offline.
Security Boulevard
JANUARY 6, 2022
Finite State this week has added a binary analysis capability that enables device manufacturers to more easily identify zero-day vulnerabilities in software. Jeff Martin, vice president of product for Finite State, said this latest addition to the company’s risk analysis platform can quickly assess third-party components for zero-day vulnerabilities and other known common vulnerabilities and.
Speaker: William Hord, Vice President of ERM Services
A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.
Expert insights. Personalized for you.
324 
Let's personalize your content