Sat.Jan 14, 2023 - Fri.Jan 20, 2023

article thumbnail

Thinking of Hiring or Running a Booter Service? Think Again.

Krebs on Security

Most people who operate DDoS-for-hire businesses attempt to hide their true identities and location.

DDOS 182
article thumbnail

The FBI Identified a Tor User

Schneier on Security

No details , though: According to the complaint against him, Al-Azhari allegedly visited a dark web site that hosts “unofficial propaganda and photographs related to ISIS” multiple times on May 14, 2019.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Pwned or Bot

Troy Hunt

It's fascinating to see how creative people can get with breached data. Of course there's all the nasty stuff (phishing, identity theft, spam), but there are also some amazingly positive uses for data illegally taken from someone else's system.

article thumbnail

Most Popular Cybersecurity Blog Posts from 2022

Lohrman on Security

What were the top government technology and security blogs in 2022? The metrics don’t lie, and they tell us what cybersecurity and technology infrastructure topics were most popular

article thumbnail

Successful Change Management with Enterprise Risk Management

Speaker: William Hord, Vice President of ERM Services

Join us as we discuss the various tangents of data and the change management process that will help you make better risk-based business decisions to save time and money for your organization.

article thumbnail

New T-Mobile Breach Affects 37 Million Accounts

Krebs on Security

T-Mobile today disclosed a data breach affecting tens of millions of customer accounts, its second major data exposure in as many years.

Mobile 227
article thumbnail

Security Analysis of Threema

Schneier on Security

A group of Swiss researchers have published an impressive security analysis of Threema. We provide an extensive cryptographic analysis of Threema, a Swiss-based encrypted messaging application with more than 10 million users and 7000 corporate customers.

More Trending

article thumbnail

As a cybersecurity blade, ChatGPT can cut both ways

Tech Republic Security

The cybersecurity implications of ChatGPT are vast, especially for email exploits, but putting up guardrails, flagging elements of phishing emails that it doesn’t touch and using it to train itself could help boost defense.

Phishing 156
article thumbnail

EmojiDeploy Attack Chain Targets Misconfigured Azure Service

Dark Reading

Multiple misconfigurations in a service that underpins many Azure features could have allowed an attacker to remotely compromise a cloud user's system

114
114
article thumbnail

Real-World Steganography

Schneier on Security

From an article about Zheng Xiaoqing, an American convicted of spying for China: According to a Department of Justice (DOJ) indictment, the US citizen hid confidential files stolen from his employers in the binary code of a digital photograph of a sunset, which Mr Zheng then mailed to himself.

242
242
article thumbnail

NEW TECH: DigiCert unveils ‘Trust Lifecyle Manager’ to centralize control of digital certificates

The Last Watchdog

To get network protection where it needs to be, legacy cybersecurity vendors have begun reconstituting traditional security toolsets. The overarching goal is to try to derive a superset of very dynamic, much more tightly integrated security platforms that we’ll very much need, going forward. Related: The rise of security platforms.

article thumbnail

Cover Your SaaS: How to Overcome Security Challenges and Risks For Your Organization

Speaker: Ronald Eddings, Cybersecurity Expert and Podcaster

In this webinar, Ronald Eddings, Cybersecurity Expert, will outline the relationship between SaaS apps and IT & security teams, along with several actionable solutions to overcome the new difficulties facing your organization.

article thumbnail

Rise of cloud-delivered malware poses key security challenges

Tech Republic Security

The volume of cloud-based malware tripled in 2022 over the prior year, says Netskope, with 30% of the malicious downloads coming from Microsoft OneDrive. The post Rise of cloud-delivered malware poses key security challenges appeared first on TechRepublic.

Malware 154
article thumbnail

T-Mobile’s SIXTH Breach in 5 years: 37M Users’ PII Leaks

Security Boulevard

The Un-carrier is In-secure, it seems. Un-believable. In-credibly in-competent. CEO Mike Sievert (pictured) might become un-CEO. The post T-Mobile’s SIXTH Breach in 5 years: 37M Users’ PII Leaks appeared first on Security Boulevard.

Mobile 112
article thumbnail

AI and Political Lobbying

Schneier on Security

Launched just weeks ago, ChatGPT is already threatening to upend how we draft everyday communications like emails , college essays and myriad other forms of writing.

article thumbnail

ChatGPT Could Create Polymorphic Malware Wave, Researchers Warn

Dark Reading

The powerful AI bot can produce malware without malicious code, making it tough to mitigate

Malware 114
article thumbnail

How Preparation and Strategy Can Be Used to Fight and Defeat Any Ransomware Attack

Speaker: Karl Camilleri, Cloud Services Product Manager at phoenixNAP

Through a detailed analysis of major attacks and their consequences, Karl Camilleri, Cloud Services Product Manager at phoenixNAP, will discuss the state of ransomware and future predictions, as well as provide best practices for attack prevention and recovery.

article thumbnail

SimSpace CEO brings dogfight mentality to terra firma for IT cybersecurity training

Tech Republic Security

William “Hutch” Hutchison, founder and CEO of SimSpace, speaks with Karl Greenberg about the virtues of cyber ranges in training IT teams, and SimSpace’s own specialty: Digital-twin based ranges that the firm provides to NATO governments worldwide, including security teams in Ukraine.

article thumbnail

Difference between Cybersecurity and Information Security

CyberSecurity Insiders

Many of you get confused with terms cybersecurity and Information Security and think that both these words are same and synonymous. However, in reality, both these terms are different and confused with one another.

article thumbnail

Upcoming Speaking Engagements

Schneier on Security

This is a current list of where and when I am scheduled to speak: I’m speaking at Capricon , a four-day science fiction convention in Chicago. My talk is on “The Coming AI Hackers” and will be held Friday, February 3 at 1:00 PM. The list is maintained on this page.

203
203
article thumbnail

PayPal Breach Exposed PII of Nearly 35K Accounts

Dark Reading

The credential-stuffing attack, likely fueled by password reuse, yielded personal identifiable information that can be used to verify the authenticity of previously stolen data

article thumbnail

How to Avoid the Pain and Cost of PCI Compliance While Optimizing Payments

Speaker: P. Andrew Sjogren, Sr. Product Marketing Manager at Very Good Security, Matt Doka, Co-Founder and CTO of Fivestars, and Steve Andrews, President & CEO of the Western Bankers Association 

In this webinar, we have a great set of panelists who will take you through how Zero Data strategies can be used as part of a well-rounded compliance and security approach, and get you to market much sooner by also allowing for payment optimization. They’ll share how to grow your business faster and minimize costs for both security and compliance

article thumbnail

Threat attackers can own your data in just two days

Tech Republic Security

This report shows cybercriminals need only a couple days to access your full corporate network and exfiltrate its data. Read on to learn more. The post Threat attackers can own your data in just two days appeared first on TechRepublic. Security cybercrime cybersecurity malware

article thumbnail

Understanding Malware-as-a-Service (MaaS): The future Of cyber attack accessibility

CyberSecurity Insiders

The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. With the explosive growth of technology, businesses are more vulnerable than ever to malicious cyber attacks.

article thumbnail

Hacked Cellebrite and MSAB Software Released

Schneier on Security

Cellebrite is an cyberweapons arms manufacturer that sells smartphone forensic software to governments around the world. MSAB is a Swedish company that does the same thing. Someone has released software and documentation from both companies. Uncategorized cyberweapons leaks smartphones

Software 187
article thumbnail

Attackers Crafted Custom Malware for Fortinet Zero-Day

Dark Reading

The "BoldMove" backdoor demonstrates a high level of knowledge of FortiOS, according to Mandiant researchers, who said the attacker appears to be based out of China

Malware 110
article thumbnail

Back to the Office: Privacy and Security Solutions to Compliance Issues for 2021 and Beyond

Speaker: Mike Cramer, Director of HIPAA & Data Security at The Word & Brown Companies

Now that companies are slowly allowing employees to return to work at the office, it's time to re-evaluate your company’s posture towards privacy and security. Join Mike Cramer, Director of HIPAA & Data Security at The Word & Brown Companies, for a discussion that will focus on compliance and the types of privacy and security measures your company should be aware of, as well as tips and methods for implementing these measures.

article thumbnail

Secure your email with this top-rated backup service

Tech Republic Security

Mail Backup X is the ultimate solution to protect your email from corruptions and crashes. The post Secure your email with this top-rated backup service appeared first on TechRepublic. Security Tech & Work email email backup mail backup x

Backups 110
article thumbnail

Spy Cams Reveal the Grim Reality of Slaughterhouse Gas Chambers

WIRED Threat Level

Animal rights activists have captured the first hidden-camera video from inside a carbon dioxide “stunning chamber” in a US meatpacking plant. Security Security / Privacy Security / Security News

110
110
article thumbnail

Booklist Review of A Hacker’s Mind

Schneier on Security

Booklist reviews A Hacker’s Mind : Author and public-interest security technologist Schneier ( Data and Goliath , 2015) defines a “hack” as an activity allowed by a system “that subverts the rules or norms of the system […] at the expense of someone else affected by the system.” In accessing the security of a particular system, technologists such as Schneier look at how it might fail. In order to counter a hack, it becomes necessary to think like a hacker.

Hacking 168
article thumbnail

Compromised Zendesk Employee Credentials Lead to Breach

Dark Reading

Zendesk has alerted customers to a successful SMS phishing campaign that has exposed "service data," but details remain scarce

Phishing 107
article thumbnail

T-Mobile API Breach: Playing the Victim

Security Boulevard

I’m not sure what is less surprising, that a big company got hacked or that they are trying to play the victim. The headline is that T-Mobile acknowledged that data on roughly 37 million customers was stolen. The breach resulted from a “bad actor” abusing an API to gain access to the data.

Mobile 107
article thumbnail

Hacker steals data of 37 million T Mobile customers

CyberSecurity Insiders

T Mobile hack is back in news as the telecom company is accusing a hacker of fraudulently stealing customer data from its servers. Earlier, the company was targeted by a sophistication filled digital attack.

Mobile 105
article thumbnail

IT email templates: Security alerts

Tech Republic Security

All company communication needs may vary but certain standard template messages can come in handy for IT staff to keep employees up to date on “need to know” informational bulletins.

article thumbnail

Unpatched Zoho MangeEngine Products Under Active Cyberattack

Dark Reading

The latest critical bug is exploitable in dozens of ManageEngine products and exposes systems to catastrophic risks, researchers warn

Risk 111
article thumbnail

GitHub Rebuffs Breach With Swift Action, Rotating Credentials

Security Boulevard

The holidays were anything but happy over at Slack, which saw threat actors access its externally hosted GitHub repositories. The miscreants apparently used a “limited” number of stolen Slack employee tokens.

article thumbnail

Telephony fraud and risk mitigation: Understanding this ever-changing threat

CyberSecurity Insiders

Telephony fraud is a significant challenge. Companies of all sizes and industries are subjected to the malicious usage of voice and SMS with the intent of committing financial fraud, identity theft, denial-of-service, and a variety of other attacks.