Daniel Miessler
FEBRUARY 2, 2022
There’s something strange about how our InfoSec community is reacting to cryptocurrency, NFTs, and Web3. Mostly, it’s horribly negative. And not dispassionate negative either—but a negativity soaked in ridicule and hate. This is very curious coming from a community that includes so many hackers. I think this comes from the dual nature of hackers themselves.
Joseph Steinberg
FEBRUARY 2, 2022
As I discussed last month, unless we take actions soon, a tremendous amount of data that is today protected through the use of encryption will become vulnerable to exposure. The reason that such a major threat exists is simple – much of today’s data relies on the security of what are known as asymmetric encryption algorithms, and such algorithms rely for their security on the fact that the mathematics that they use to encrypt cannot easily be reversed in order to decrypt.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Krebs on Security
FEBRUARY 3, 2022
If you received a link to LinkedIn.com via email, SMS or instant message, would you click it? Spammers, phishers and other ne’er-do-wells are hoping you will, because they’ve long taken advantage of a marketing feature on the business networking site which lets them create a LinkedIn.com link that bounces your browser to other websites, such as phishing pages that mimic top online brands (but chiefly Linkedin’s parent firm Microsoft ).
Schneier on Security
FEBRUARY 4, 2022
Senators have reintroduced the EARN IT Act, requiring social media companies (among others) to administer a massive surveillance operation on their users: A group of lawmakers led by Sen. Richard Blumenthal (D-CT) and Sen. Lindsey Graham (R-SC) have re-introduced the EARN IT Act , an incredibly unpopular bill from 2020 that was dropped in the face of overwhelming opposition.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Tech Republic Security
FEBRUARY 3, 2022
APT group Armageddon was identified as acting against Ukraine late last year, and Symantec’s own data backs up that presented by The Security Service of Ukraine. The post Symantec finds evidence of continued Russian hacking campaigns in Ukraine appeared first on TechRepublic.
Acunetix
FEBRUARY 2, 2022
Server-side request forgery (SSRF) is the only type of vulnerability that has its own category in the OWASP Top 10 2021 list. Several major cybersecurity breaches in recent years, including Capital One and MS Exchange attacks, involved the use of SSRF as one of the break-in techniques. SSRF. Read more. The post What is server-side request forgery (SSRF)?
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Schneier on Security
FEBRUARY 3, 2022
MIT Technology Review published an interview with Gil Herrera, the new head of the NSA’s Research Directorate. There’s a lot of talk about quantum computing, monitoring 5G networks, and the problems of big data: The math department, often in conjunction with the computer science department, helps tackle one of NSA’s most interesting problems: big data.
Tech Republic Security
FEBRUARY 4, 2022
The hacker that made off with millions from blockchain bridge service Wormhole exploited an incredibly common coding error that could be lurking in anyone’s software. The post What your organization can learn from the $324 million Wormhole blockchain hack appeared first on TechRepublic.
Bleeping Computer
JANUARY 30, 2022
A team of researchers from French, Israeli, and Australian universities has explored the possibility of using people's GPUs to create unique fingerprints and use them for persistent web tracking. [.].
Security Boulevard
FEBRUARY 4, 2022
The post Drone Technology – a Rising Threat to Cybersecurity appeared first on PeoplActive. The post Drone Technology – a Rising Threat to Cybersecurity appeared first on Security Boulevard.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Malwarebytes
FEBRUARY 3, 2022
In April of 2021, Apple introduced AirTags to the world, making the small tracking devices—similar to a Tile— available for purchase at the end of that month. The circular, coin-like product is designed to be attached to or placed in objects that are commonly lost, such as keychains, wallets, purses, backpacks, etc. You can track an AirTag with your iPhone in some powerful ways, enabling you to locate a set of keys that has fallen down between the cushions of a couch, for example.
Tech Republic Security
FEBRUARY 3, 2022
Those traveling to China for the 2022 Winter Olympics have been advised to bring burner phones. Here’s how to use travel tips like that one to keep yourself safe anywhere in the world. The post Bring a burner to the Olympics, and other mobile device travel safety tips appeared first on TechRepublic.
Bleeping Computer
JANUARY 29, 2022
A security researcher has publicly disclosed an exploit for a Windows local privilege elevation vulnerability that allows anyone to gain admin privileges in Windows 10. [.].
Security Boulevard
FEBRUARY 3, 2022
The attacks on critical industrial systems such as Colonial Pipeline last year pushed industrial cybersecurity to center stage. And with the threat of war between Russia and Ukraine, experts warned nations that a global flare-up of cybersecurity attacks on critical infrastructure could be looming. In late January, the U.S. Cybersecurity and Infrastructure Security Agency (CISA).
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
The State of Security
FEBRUARY 3, 2022
What is this BlackCat thing I’ve heard about? BlackCat (also known as ALPHV) is a relatively new ransomware-as-a-service (RaaS) operation, which has been aggressively recruiting affiliates from other ransomware groups and targeting organisations worldwide. What makes BlackCat different from other ransomware-as-a-service providers? Like other ransomware groups, BlackCat extorts money from targeted organisations by stealing sensitive […]… Read More.
CyberSecurity Insiders
JANUARY 31, 2022
The Internet of Things (IoT) has been exploding in the last decade, with more and more connected objects or devices. These devices, once connected to the external world or to a private app, can transfer device data and support device owners with new monitoring features. This helps them make decisions that are more informed.? . When it comes to home security, the key advantage of connected devices is that your systems can transfer data in real-time, for you to be able to react quickly, in the ca
Bleeping Computer
JANUARY 30, 2022
Americans are increasingly targeted by scammers on social media, according to tens of thousands of reports received by the US Federal Trade Commission (FTC) in 2021. [.].
Security Boulevard
FEBRUARY 4, 2022
On page 15 of World Pipelines magazine, Steve Hanna, Co-Chair of the industrial Work Group at TCG, describes how to protect the digital future of pipeline operations. The post Taking Industrial Cybersecurity Seriously appeared first on Trusted Computing Group. The post Taking Industrial Cybersecurity Seriously appeared first on Security Boulevard.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
WIRED Threat Level
FEBRUARY 2, 2022
Disappointed with the lack of US response to the Hermit Kingdom's attacks against US security researchers, one hacker took matters into his own hands.
CyberSecurity Insiders
FEBRUARY 1, 2022
This blog was written by an independent guest blogger. Although commercial quantum computing may still be decades away, government agencies and industry experts agree that now is the time to prepare your cybersecurity landscape for the future. The power of quantum computing brings security complexities that we are only beginning to understand. Even now, our cybersecurity climate is getting hotter.
The Hacker News
JANUARY 31, 2022
DDoS (Distributed Denial of Service) attacks are making headlines almost every day. 2021 saw a 434% upsurge in DDoS attacks, 5.5 times higher than 2020. Q3 2021 saw a 24% increase in the number of DDoS attacks in comparison to Q3 2020. Advanced DDoS attacks that are typically targeted, known as smart attacks, rose by 31% in the same period.
Security Boulevard
JANUARY 29, 2022
Our sincere thanks to Security BSides Dublin for publishing their tremendous videos from the Security BSides Dublin 2021 Conference on the organization’s YouTube channel. Additionally, the Security BSides Dublin organization has slated their eponymous Security BSides Dublin 2022 confab at the The Convention Centre Dublin ( CCD ) on 2022/03/19. Just a month and a half away.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Identity IQ
FEBRUARY 1, 2022
FTC Recognizes Identity Theft Awareness Week. IdentityIQ. The Federal Trade Commission is commemorating Identity Theft Awareness Week with a series of free events focused on raising awareness and educating consumers about the growing risk of identity theft. The online events also offer advice on recovering and repairing your personal information after Identity Theft occurs.
CyberSecurity Insiders
FEBRUARY 2, 2022
The first news that is related to malicious software and is trending heavily on Google is related to SolarMarker malware that can steal credentials and act as a backdoor for other cyber attacks. Security researchers from Sophos have found that the malware tricks the Windows Registry system and dodges the regular defense-line to enter the victim’s computer and then the network.
Bleeping Computer
FEBRUARY 2, 2022
Researchers from firmware protection company Binarly have discovered critical vulnerabilities in the UEFI firmware from InsydeH2O used by multiple computer vendors such as Fujitsu, Intel, AMD, Lenovo, Dell, ASUS, HP, Siemens, Microsoft, and Acer. [.].
Security Boulevard
FEBRUARY 3, 2022
Editor's Note: We’re celebrating February 3rd, the day the term ‘Open Source’ was first coined , as World Open Source Day here at Sonatype by recognizing our incredible maintainers and contributors, and the open source projects they support. Read all about Sal Kimmich's journey below. . The post Meet an Open Source Contributor: Sal Kimmich appeared first on Security Boulevard.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Heimadal Security
FEBRUARY 1, 2022
A critical WordPress plugin RCE (remote code execution) vulnerability has been identified in version 5.0.4 and older of Essential Addons for Elementor, the well-known library. How Does the WordPress Plugin RCE Work? The WordPress plugin RCE works by letting an unauthenticated user initiate an inclusion attack on a local file, like, for instance, a PHP […].
CyberSecurity Insiders
JANUARY 30, 2022
The Work from Home (WfH) culture might do well to the employees, but some companies are disclosing openly that they are witnessing a surge in cyber attacks( mainly data breaches) on their IT infrastructure as their employees are not following basic cyber hygiene of using strong passwords and authenticating their Identity whole accessing networks. A survey conducted by a software firm Diligent involving 450 respondents in UK found that the WfH culture offered to its employees after the eruption o
IT Security Central
FEBRUARY 3, 2022
There has been no shortage of digital ink spilled about the merits and pitfalls of remote work. A seemingly unending surge of worker surveys, scientific studies, pundit prognostications and C-suite demands have coalesced around the one intractable truth — nobody seems to agree if remote work is a productivity boon or bust. To be sure, […]. The post Solving The Remote-Work Productivity Questions Once And For All first appeared on IT Security Central - Teramind Blog.
Graham Cluley
FEBRUARY 3, 2022
Who's that new guy working at your company, and why don't you recognise him from the interview? How are hacktivists raising the heat in Belarus? And should you be fully vaxxed for your online date? All this and much more is discussed in the latest edition of the award-winning "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Maria Varmazis.
Speaker: William Hord, Vice President of ERM Services
A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.
Expert insights. Personalized for you.
352 
Let's personalize your content