Krebs on Security

JANUARY 17, 2023

Most people who operate DDoS-for-hire businesses attempt to hide their true identities and location. Proprietors of these so-called “booter” or “stresser” services — designed to knock websites and users offline — have long operated in a legally murky area of cybercrime law. But until recently, their biggest concern wasn’t avoiding capture or shutdown by the feds: It was minimizing harassment from unhappy customers or victims, and insulating themselves ag

DDOS 303

DDOS Cybercrime Engineering Government 303

Schneier on Security

JANUARY 17, 2023

No details , though: According to the complaint against him, Al-Azhari allegedly visited a dark web site that hosts “unofficial propaganda and photographs related to ISIS” multiple times on May 14, 2019. In virtue of being a dark web site—­that is, one hosted on the Tor anonymity network—­it should have been difficult for the site owner’s or a third party to determine the real IP address of any of the site’s visitors.

Surveillance 363

Surveillance Media Hacking 363

Lohrman on Security

JANUARY 15, 2023

What were the top government technology and security blogs in 2022? The metrics don’t lie, and they tell us what cybersecurity and technology infrastructure topics were most popular.

Cybersecurity 258

Cybersecurity Technology Government 258

Tech Republic Security

JANUARY 19, 2023

The cybersecurity implications of ChatGPT are vast, especially for email exploits, but putting up guardrails, flagging elements of phishing emails that it doesn’t touch and using it to train itself could help boost defense. The post As a cybersecurity blade, ChatGPT can cut both ways appeared first on TechRepublic.

Cybersecurity 215

Cybersecurity Phishing 215

Speaker: Erroll Amacker

Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.

Risk

Krebs on Security

JANUARY 19, 2023

T-Mobile today disclosed a data breach affecting tens of millions of customer accounts, its second major data exposure in as many years. In a filing with federal regulators, T-Mobile said an investigation determined that someone abused its systems to harvest subscriber data tied to approximately 37 million current customer accounts. Image: customink.com In a filing today with the U.S.

Mobile 339

Mobile Accountability Data breaches Identity Theft 339

Schneier on Security

JANUARY 20, 2023

From an article about Zheng Xiaoqing, an American convicted of spying for China: According to a Department of Justice (DOJ) indictment, the US citizen hid confidential files stolen from his employers in the binary code of a digital photograph of a sunset, which Mr Zheng then mailed to himself.

349

349

Tech Republic Security

JANUARY 18, 2023

The volume of cloud-based malware tripled in 2022 over the prior year, says Netskope, with 30% of the malicious downloads coming from Microsoft OneDrive. The post Rise of cloud-delivered malware poses key security challenges appeared first on TechRepublic.

Malware 211

Malware Cybersecurity 211

Cisco Security

JANUARY 18, 2023

When the Internet Engineering Task Force (IETF) announced the TLS 1.3 standard in RFC 8446 in August 2018, plenty of tools and utilities were already supporting it (even as early as the year prior, some web browsers had implemented it as their default standard, only having to roll it back due to compatibility issues. Needless to say, the rollout was not perfect).

Encryption 145

Encryption Engineering Technology Firewall 145

Schneier on Security

JANUARY 18, 2023

Launched just weeks ago, ChatGPT is already threatening to upend how we draft everyday communications like emails , college essays and myriad other forms of writing. Created by the company OpenAI, ChatGPT is a chatbot that can automatically respond to written prompts in a manner that is sometimes eerily close to human. But for all the consternation over the potential for humans to be replaced by machines in formats like poetry and sitcom scripts, a far greater threat looms: artificial intelligen

Artificial Intelligence 346

Artificial Intelligence Media Government Advertising 346

The Last Watchdog

JANUARY 17, 2023

To get network protection where it needs to be, legacy cybersecurity vendors have begun reconstituting traditional security toolsets. The overarching goal is to try to derive a superset of very dynamic, much more tightly integrated security platforms that we’ll very much need, going forward. Related: The rise of security platforms. This development has gained quite a bit of steam over the past couple of years with established vendors of vulnerability management (VM,) endpoint detection and respo

Authentication 208

Authentication Mobile Encryption Internet 208

Advertisement

Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.

Cyber threats

Tech Republic Security

JANUARY 17, 2023

William “Hutch” Hutchison, founder and CEO of SimSpace, speaks with Karl Greenberg about the virtues of cyber ranges in training IT teams, and SimSpace’s own specialty: Digital-twin based ranges that the firm provides to NATO governments worldwide, including security teams in Ukraine. The post SimSpace CEO brings dogfight mentality to terra firma for IT cybersecurity training appeared first on TechRepublic.

Cybersecurity 186

Cybersecurity Government 186

Graham Cluley

JANUARY 16, 2023

If you use Norton lifeLock as your password manager, your account may have been compromised. Learn more now.

Password Management 145

Password Management Passwords Accountability Data breaches 145

Schneier on Security

JANUARY 19, 2023

A group of Swiss researchers have published an impressive security analysis of Threema. We provide an extensive cryptographic analysis of Threema, a Swiss-based encrypted messaging application with more than 10 million users and 7000 corporate customers. We present seven different attacks against the protocol in three different threat models. As one example, we present a cross-protocol attack which breaks authentication in Threema and which exploits the lack of proper key separation between diff

Encryption 339

Encryption Authentication Advertising Government 339

Security Boulevard

JANUARY 20, 2023

The Un-carrier is In-secure, it seems. Un-believable. In-credibly in-competent. CEO Mike Sievert (pictured) might become un-CEO. The post T-Mobile’s SIXTH Breach in 5 years: 37M Users’ PII Leaks appeared first on Security Boulevard.

Data breaches 145

Data breaches Mobile Security Awareness Risk 145

Advertisement

The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.

Cybersecurity

Tech Republic Security

JANUARY 18, 2023

This report shows cybercriminals need only a couple days to access your full corporate network and exfiltrate its data. Read on to learn more. The post Threat attackers can own your data in just two days appeared first on TechRepublic.

Cybercrime 181

Cybercrime Malware Cybersecurity 181

The Hacker News

JANUARY 16, 2023

Unidentified threat actors have deployed a new backdoor that borrows its features from the U.S. Central Intelligence Agency (CIA)'s Hive multi-platform malware suite, the source code of which was released by WikiLeaks in November 2017.

Malware 145

Malware 145

Schneier on Security

JANUARY 14, 2023

This is a current list of where and when I am scheduled to speak: I’m speaking at Capricon , a four-day science fiction convention in Chicago. My talk is on “The Coming AI Hackers” and will be held Friday, February 3 at 1:00 PM. The list is maintained on this page.

311

311

Bleeping Computer

JANUARY 14, 2023

Brave Browser version 1.47 was released yesterday, adding the Snowflake extension in the software's settings, enabling users to turn their devices into proxies that help users in censored countries connect to Tor. [.].

Software 145

Software 145

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

Tech Republic Security

JANUARY 19, 2023

Mail Backup X is the ultimate solution to protect your email from corruptions and crashes. The post Secure your email with this top-rated backup service appeared first on TechRepublic.

Backups 164

Backups 164

SecureList

JANUARY 19, 2023

Roaming Mantis (a.k.a Shaoye) is well-known as a long-term cyberattack campaign that uses malicious Android package (APK) files to control infected Android devices and steal device information; it also uses phishing pages to steal user credentials, with a strong financial motivation. Kaspersky has been investigating the actor’s activity throughout 2022, and we observed a DNS changer function used for getting into Wi-Fi routers and undertaking DNS hijacking.

DNS 144

DNS Mobile Malware Accountability 144

Schneier on Security

JANUARY 16, 2023

Cellebrite is an cyberweapons arms manufacturer that sells smartphone forensic software to governments around the world. MSAB is a Swedish company that does the same thing. Someone has released software and documentation from both companies.

Software 277

Software Hacking Manufacturing Government 277

Trend Micro

JANUARY 16, 2023

We discovered an active campaign ongoing since at least mid-2022 which uses Middle Eastern geopolitical-themed lures to distribute NjRAT (also known as Bladabindi) to infect victims across the Middle East and North Africa.

Media 145

Media Cyber threats Phishing Malware 145

Speaker: Sierre Lindgren

Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.

Scams

Tech Republic Security

JANUARY 18, 2023

All company communication needs may vary but certain standard template messages can come in handy for IT staff to keep employees up to date on “need to know” informational bulletins. These bulletins may be one-off or regularly scheduled communications to help raise awareness about your technology processes, accepted procedures and best practices or to explain.

Technology 162

Technology 162

Graham Cluley

JANUARY 19, 2023

For the second time in less than a year, email newsletter service Mailchimp has found itself in the embarrassing position of admitting it has suffered a data breach, putting its customers' subscribers at risk.

Social Engineering 144

Social Engineering Engineering Data breaches Risk 144

Schneier on Security

JANUARY 14, 2023

Booklist reviews A Hacker’s Mind : Author and public-interest security technologist Schneier ( Data and Goliath , 2015) defines a “hack” as an activity allowed by a system “that subverts the rules or norms of the system […] at the expense of someone else affected by the system.” In accessing the security of a particular system, technologists such as Schneier look at how it might fail.

Hacking 252

Hacking Technology 252

Security Boulevard

JANUARY 16, 2023

NortonLifeLock is warning customers their passwords are loose. First LastPass, now this? The post Another Password Manager Breach: NortonLifeLock Apes LastPass appeared first on Security Boulevard.

Password Management 144

Password Management Passwords Social Engineering Security Awareness 144

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Tech Republic Security

JANUARY 20, 2023

This deal includes full licenses to Genie Timeline Pro 10 for three devices. The post Get lifetime access to this powerful backup tool for $59.99 appeared first on TechRepublic.

Backups 156

Backups Encryption 156

eSecurity Planet

JANUARY 20, 2023

CyberArk researchers are warning that OpenAI’s popular new AI tool ChatGPT can be used to create polymorphic malware. “[ChatGPT]’s impressive features offer fast and intuitive code examples, which are incredibly beneficial for anyone in the software business,” CyberArk researchers Eran Shimony and Omer Tsarfati wrote this week in a blog post that was itself apparently written by AI. “However, we find that its ability to write sophisticated malware that holds no mali

Malware 143

Malware CISO Cybersecurity Technology 143

Dark Reading

JANUARY 18, 2023

The powerful AI bot can produce malware without malicious code, making it tough to mitigate.

Malware 143

Malware 143

Bleeping Computer

JANUARY 17, 2023

Hackers are setting up fake websites for popular free and open-source software to promote malicious downloads through advertisements in Google search results. [.].

Advertising 143

Advertising Malware Software 143

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!