Sat.Jan 14, 2023 - Fri.Jan 20, 2023

article thumbnail

Thinking of Hiring or Running a Booter Service? Think Again.

Krebs on Security

Most people who operate DDoS-for-hire businesses attempt to hide their true identities and location. Proprietors of these so-called “booter” or “stresser” services — designed to knock websites and users offline — have long operated in a legally murky area of cybercrime law. But until recently, their biggest concern wasn’t avoiding capture or shutdown by the feds: It was minimizing harassment from unhappy customers or victims, and insulating themselves ag

DDOS 303
article thumbnail

The FBI Identified a Tor User

Schneier on Security

No details , though: According to the complaint against him, Al-Azhari allegedly visited a dark web site that hosts “unofficial propaganda and photographs related to ISIS” multiple times on May 14, 2019. In virtue of being a dark web site—­that is, one hosted on the Tor anonymity network—­it should have been difficult for the site owner’s or a third party to determine the real IP address of any of the site’s visitors.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Most Popular Cybersecurity Blog Posts from 2022

Lohrman on Security

What were the top government technology and security blogs in 2022? The metrics don’t lie, and they tell us what cybersecurity and technology infrastructure topics were most popular.

article thumbnail

As a cybersecurity blade, ChatGPT can cut both ways

Tech Republic Security

The cybersecurity implications of ChatGPT are vast, especially for email exploits, but putting up guardrails, flagging elements of phishing emails that it doesn’t touch and using it to train itself could help boost defense. The post As a cybersecurity blade, ChatGPT can cut both ways appeared first on TechRepublic.

article thumbnail

How to Avoid Pitfalls In Automation: Keep Humans In the Loop

Speaker: Erroll Amacker

Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.

article thumbnail

New T-Mobile Breach Affects 37 Million Accounts

Krebs on Security

T-Mobile today disclosed a data breach affecting tens of millions of customer accounts, its second major data exposure in as many years. In a filing with federal regulators, T-Mobile said an investigation determined that someone abused its systems to harvest subscriber data tied to approximately 37 million current customer accounts. Image: customink.com In a filing today with the U.S.

Mobile 339
article thumbnail

Real-World Steganography

Schneier on Security

From an article about Zheng Xiaoqing, an American convicted of spying for China: According to a Department of Justice (DOJ) indictment, the US citizen hid confidential files stolen from his employers in the binary code of a digital photograph of a sunset, which Mr Zheng then mailed to himself.

349
349

LifeWorks

More Trending

article thumbnail

Rise of cloud-delivered malware poses key security challenges

Tech Republic Security

The volume of cloud-based malware tripled in 2022 over the prior year, says Netskope, with 30% of the malicious downloads coming from Microsoft OneDrive. The post Rise of cloud-delivered malware poses key security challenges appeared first on TechRepublic.

Malware 211
article thumbnail

Encryption is on the Rise!

Cisco Security

When the Internet Engineering Task Force (IETF) announced the TLS 1.3 standard in RFC 8446 in August 2018, plenty of tools and utilities were already supporting it (even as early as the year prior, some web browsers had implemented it as their default standard, only having to roll it back due to compatibility issues. Needless to say, the rollout was not perfect).

article thumbnail

AI and Political Lobbying

Schneier on Security

Launched just weeks ago, ChatGPT is already threatening to upend how we draft everyday communications like emails , college essays and myriad other forms of writing. Created by the company OpenAI, ChatGPT is a chatbot that can automatically respond to written prompts in a manner that is sometimes eerily close to human. But for all the consternation over the potential for humans to be replaced by machines in formats like poetry and sitcom scripts, a far greater threat looms: artificial intelligen

article thumbnail

NEW TECH: DigiCert unveils ‘Trust Lifecyle Manager’ to centralize control of digital certificates

The Last Watchdog

To get network protection where it needs to be, legacy cybersecurity vendors have begun reconstituting traditional security toolsets. The overarching goal is to try to derive a superset of very dynamic, much more tightly integrated security platforms that we’ll very much need, going forward. Related: The rise of security platforms. This development has gained quite a bit of steam over the past couple of years with established vendors of vulnerability management (VM,) endpoint detection and respo

article thumbnail

Why Giant Content Libraries Do Nothing for Your Employees’ Cyber Resilience

Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.

article thumbnail

SimSpace CEO brings dogfight mentality to terra firma for IT cybersecurity training

Tech Republic Security

William “Hutch” Hutchison, founder and CEO of SimSpace, speaks with Karl Greenberg about the virtues of cyber ranges in training IT teams, and SimSpace’s own specialty: Digital-twin based ranges that the firm provides to NATO governments worldwide, including security teams in Ukraine. The post SimSpace CEO brings dogfight mentality to terra firma for IT cybersecurity training appeared first on TechRepublic.

article thumbnail

Ugh! Norton LifeLock password manager accounts accessed by hackers

Graham Cluley

If you use Norton lifeLock as your password manager, your account may have been compromised. Learn more now.

article thumbnail

Security Analysis of Threema

Schneier on Security

A group of Swiss researchers have published an impressive security analysis of Threema. We provide an extensive cryptographic analysis of Threema, a Swiss-based encrypted messaging application with more than 10 million users and 7000 corporate customers. We present seven different attacks against the protocol in three different threat models. As one example, we present a cross-protocol attack which breaks authentication in Threema and which exploits the lack of proper key separation between diff

article thumbnail

T-Mobile’s SIXTH Breach in 5 years: 37M Users’ PII Leaks

Security Boulevard

The Un-carrier is In-secure, it seems. Un-believable. In-credibly in-competent. CEO Mike Sievert (pictured) might become un-CEO. The post T-Mobile’s SIXTH Breach in 5 years: 37M Users’ PII Leaks appeared first on Security Boulevard.

article thumbnail

Zero Trust Mandate: The Realities, Requirements and Roadmap

The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.

article thumbnail

Threat attackers can own your data in just two days

Tech Republic Security

This report shows cybercriminals need only a couple days to access your full corporate network and exfiltrate its data. Read on to learn more. The post Threat attackers can own your data in just two days appeared first on TechRepublic.

article thumbnail

New Backdoor Created Using Leaked CIA's Hive Malware Discovered in the Wild

The Hacker News

Unidentified threat actors have deployed a new backdoor that borrows its features from the U.S. Central Intelligence Agency (CIA)'s Hive multi-platform malware suite, the source code of which was released by WikiLeaks in November 2017.

Malware 145
article thumbnail

Upcoming Speaking Engagements

Schneier on Security

This is a current list of where and when I am scheduled to speak: I’m speaking at Capricon , a four-day science fiction convention in Chicago. My talk is on “The Coming AI Hackers” and will be held Friday, February 3 at 1:00 PM. The list is maintained on this page.

311
311
article thumbnail

Brave browser’s new Snowflake feature help bypass Tor blocks

Bleeping Computer

Brave Browser version 1.47 was released yesterday, adding the Snowflake extension in the software's settings, enabling users to turn their devices into proxies that help users in censored countries connect to Tor. [.].

Software 145
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Secure your email with this top-rated backup service

Tech Republic Security

Mail Backup X is the ultimate solution to protect your email from corruptions and crashes. The post Secure your email with this top-rated backup service appeared first on TechRepublic.

Backups 164
article thumbnail

Roaming Mantis implements new DNS changer in its malicious mobile app in 2022

SecureList

Roaming Mantis (a.k.a Shaoye) is well-known as a long-term cyberattack campaign that uses malicious Android package (APK) files to control infected Android devices and steal device information; it also uses phishing pages to steal user credentials, with a strong financial motivation. Kaspersky has been investigating the actor’s activity throughout 2022, and we observed a DNS changer function used for getting into Wi-Fi routers and undertaking DNS hijacking.

DNS 144
article thumbnail

Hacked Cellebrite and MSAB Software Released

Schneier on Security

Cellebrite is an cyberweapons arms manufacturer that sells smartphone forensic software to governments around the world. MSAB is a Swedish company that does the same thing. Someone has released software and documentation from both companies.

Software 277
article thumbnail

Earth Bogle: Campaigns Target the Middle East with Geopolitical Lures

Trend Micro

We discovered an active campaign ongoing since at least mid-2022 which uses Middle Eastern geopolitical-themed lures to distribute NjRAT (also known as Bladabindi) to infect victims across the Middle East and North Africa.

Media 145
article thumbnail

Next-Level Fraud Prevention: Strategies for Today’s Threat Landscape

Speaker: Sierre Lindgren

Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.

article thumbnail

IT email templates: Security alerts

Tech Republic Security

All company communication needs may vary but certain standard template messages can come in handy for IT staff to keep employees up to date on “need to know” informational bulletins. These bulletins may be one-off or regularly scheduled communications to help raise awareness about your technology processes, accepted procedures and best practices or to explain.

article thumbnail

Mailchimp slips up again, suffers security breach after falling on social engineering banana skin

Graham Cluley

For the second time in less than a year, email newsletter service Mailchimp has found itself in the embarrassing position of admitting it has suffered a data breach, putting its customers' subscribers at risk.

article thumbnail

Booklist Review of A Hacker’s Mind

Schneier on Security

Booklist reviews A Hacker’s Mind : Author and public-interest security technologist Schneier ( Data and Goliath , 2015) defines a “hack” as an activity allowed by a system “that subverts the rules or norms of the system […] at the expense of someone else affected by the system.” In accessing the security of a particular system, technologists such as Schneier look at how it might fail.

Hacking 252
article thumbnail

Another Password Manager Breach: NortonLifeLock Apes LastPass

Security Boulevard

NortonLifeLock is warning customers their passwords are loose. First LastPass, now this? The post Another Password Manager Breach: NortonLifeLock Apes LastPass appeared first on Security Boulevard.

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Get lifetime access to this powerful backup tool for $59.99

Tech Republic Security

This deal includes full licenses to Genie Timeline Pro 10 for three devices. The post Get lifetime access to this powerful backup tool for $59.99 appeared first on TechRepublic.

Backups 156
article thumbnail

ChatGPT’s Dark Side: An Endless Supply of Polymorphic Malware

eSecurity Planet

CyberArk researchers are warning that OpenAI’s popular new AI tool ChatGPT can be used to create polymorphic malware. “[ChatGPT]’s impressive features offer fast and intuitive code examples, which are incredibly beneficial for anyone in the software business,” CyberArk researchers Eran Shimony and Omer Tsarfati wrote this week in a blog post that was itself apparently written by AI. “However, we find that its ability to write sophisticated malware that holds no mali

Malware 143
article thumbnail

ChatGPT Could Create Polymorphic Malware Wave, Researchers Warn

Dark Reading

The powerful AI bot can produce malware without malicious code, making it tough to mitigate.

Malware 143
article thumbnail

Hackers push malware via Google search ads for VLC, 7-Zip, CCleaner

Bleeping Computer

Hackers are setting up fake websites for popular free and open-source software to promote malicious downloads through advertisements in Google search results. [.].

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!