Troy Hunt

JANUARY 23, 2022

I have been, and still remain, a massive proponent of "the cloud" I built Have I Been Pwned (HIBP) as a cloud-first service that took advantage of modern cloud paradigms such as Azure Table Storage to massively drive down costs at crazy levels of performance I never could have achieved before. I wrote many blog posts about doing big things for small dollars and did talks all over the world about the great success I'd had with these approaches.

Passwords 363

Passwords Accountability Firewall Risk 363

Schneier on Security

JANUARY 28, 2022

A German activist is trying to track down a secret government intelligence agency. One of her research techniques is to mail Apple AirTags to see where they actually end up: Wittmann says that everyone she spoke to denied being part of this intelligence agency. But what she describes as a “good indicator,” would be if she could prove that the postal address for this “federal authority” actually leads to the intelligence service’s apparent offices. “To understa

Telecommunications 315

Telecommunications Government 315

Joseph Steinberg

JANUARY 26, 2022

The FBI recently warned the public that many people are still falling prey to a Google Voice scam that the FTC warned about months ago. Here is what you need to know to keep yourself safe: What is the common Google Voice scam about which the FBI warned? The particular Google Voice scam that is presently wreaking havoc involves a fraudster contacting a would-be victim – for our case let’s assume that they are targeting you – perhaps in response to a post that you made offering something for sale

Scams 313

Scams Authentication Accountability Artificial Intelligence 313

Krebs on Security

JANUARY 28, 2022

In December 2021, researchers discovered a new ransomware-as-a-service named ALPHV (a.k.a. “ BlackCat “), considered to be the first professional cybercrime group to create and use a ransomware strain written in the Rust programming language. In this post, we’ll explore some of the clues left behind by a developer who was reputedly hired to code the ransomware variant.

Ransomware 253

Ransomware Accountability Cybercrime Malware 253

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Lohrman on Security

JANUARY 23, 2022

Recent cyber attacks against Ukrainian websites have focused global attention on the potential for wider online conflict. So what are the new cyber threats and potential scenarios to be prepared for?

Cyber Attacks 266

Cyber Attacks Cyber threats 266

Schneier on Security

JANUARY 24, 2022

Crowdstrike is reporting that malware targeting Linux has increased considerably in 2021: Malware targeting Linux systems increased by 35% in 2021 compared to 2020. XorDDoS, Mirai and Mozi malware families accounted for over 22% of Linux-targeted threats observed by CrowdStrike in 2021. Ten times more Mozi malware samples were observed in 2021 compared to 2020.

Malware 290

Malware Accountability 290

Bleeping Computer

JANUARY 23, 2022

The Federal Bureau of Investigation (FBI) warned Americans this week that cybercriminals are using maliciously crafted Quick Response (QR) codes to steal their credentials and financial info. [.].

145

145

Security Boulevard

JANUARY 28, 2022

Today, the world is more connected than ever before. As a result, the rate at which data is being produced is growing exponentially every year. While many organizations have prioritized managing and securing this data, the topic of data privacy has also come into question particularly given the rise of connected devices and AI surveillance features.

Data privacy 141

Data privacy Surveillance Data collection 141

The Hacker News

JANUARY 22, 2022

An active espionage campaign has been attributed to the threat actor known as Molerats that abuses legitimate cloud services like Google Drive and Dropbox to host malware payloads and for command-and-control and the exfiltration of data from targets across the Middle East.

Malware 141

Malware 141

Tech Republic Security

JANUARY 28, 2022

The critical remote code execution vulnerability in Apache's Log4j utility continues to be a popular tactic for cybercriminals. Consider this yet another plea to patch your systems.

162

162

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Bleeping Computer

JANUARY 22, 2022

This week, the Cybersecurity and Infrastructure Security Agency (CISA) added seventeen actively exploited vulnerabilities to the 'Known Exploited Vulnerabilities Catalog. [.].

Cybersecurity 145

Cybersecurity 145

Security Boulevard

JANUARY 25, 2022

One way or another, cloud infrastructure has firmly entrenched itself as a crucial component for almost all organizations, and public cloud spending is expected to continue to skyrocket over the next five years. As with any organization-wide adoption program, cloud infrastructure initiatives require extensive planning to embrace and expand the scope successfully and securely.

Risk 141

Risk Cybersecurity Network Security 141

CSO Magazine

JANUARY 24, 2022

The past few years have seen a dramatic shift in how organizations protect themselves against attackers. The hybrid working model, fast-paced digitalization, and increased number of ransomware incidents have changed the security landscape, making CISOs' jobs more complex than ever.

CISO 141

CISO Cybersecurity Ransomware 141

Tech Republic Security

JANUARY 27, 2022

Data Privacy Day is a day to focus on best practices for ensuring private data remains that way. Learn insights and tips from security experts on the front lines.

Data privacy 166

Data privacy 166

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Graham Cluley

JANUARY 26, 2022

Apple has released urgent security updates for its customers, following the discovery of zero-day vulnerabilities that can be used to hack into iPhones, iPads, and Macs.

Hacking 140

Hacking 140

Bleeping Computer

JANUARY 24, 2022

A critical severity vulnerability impacting SonicWall's Secure Mobile Access (SMA) gateways addressed last month is now targeted in ongoing exploitation attempts. [.].

Mobile 141

Mobile 141

Security Boulevard

JANUARY 24, 2022

Two cybersecurity experts identified the top security threats for 2022 during an online Predict 2022 conference hosted by Techstrong Live, an arm of Techstrong Group, the parent company of Security Boulevard. Both Mike Jones, host of the H4unt3d Hacker podcast and a former anonymous hacktivist, and Donovan Farrow, CEO of Alias Forensics, a cybersecurity forensics.

Cybersecurity 137

Cybersecurity Security Awareness Ransomware Malware 137

Tech Republic Security

JANUARY 27, 2022

Dubbed PwnKit, it's been sitting in a user policy module used in Linux distros for over a decade and can be used by anyone to gain root privileges. Here's what you can do to protect your systems.

148

148

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

CyberSecurity Insiders

JANUARY 26, 2022

Tesla company owner Elon Musk announced last year that his SpaceX Starlink internet service will reach to the remote places on continents like Africa and Asia providing connectivity to the people in rural areas who lack at least the basic communication services. China is all set to follow the same path as it has applied for a license to access spectrum for a ‘national network of satellites’ dubbed “Mega Constellation” in 2020.

Internet 134

Internet Internet Mobile Cybersecurity 134

Bleeping Computer

JANUARY 22, 2022

In a warning issued on Thursday, the Dutch National Cybersecurity Centre (NCSC) says organizations should still be aware of risks connected to Log4j attacks and remain vigilant for ongoing threats. [.].

Risk 136

Risk Cybersecurity 136

Security Boulevard

JANUARY 24, 2022

A popular maker of WordPress plugins and themes was hacked—93 of AccessPress’s offerings were modified to give the hackers “full access” to users’ sites. The post WordPress Supply Chain Attack—93 Add-Ons Infected for Months appeared first on Security Boulevard.

Hacking 137

Hacking Software Malware Cybersecurity 137

Tech Republic Security

JANUARY 26, 2022

Scammers are taking advantage of the focus on COVID-19 testing and the need for at-home test kits, says Barracuda Networks.

Phishing 176

Phishing 176

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Thales Cloud Protection & Licensing

JANUARY 24, 2022

Data Privacy and Security: It Takes Two to Tango. madhav. Tue, 01/25/2022 - 05:15. The National Cybersecurity Alliance (NCA) announced earlier this year that they have expanded the Data Privacy Day campaign into Data Privacy Week , a full week-long initiative. Data Privacy Day began in the United States and Canada in January 2008 as an extension of Data Protection Day in Europe.

Data privacy 127

Data privacy Data breaches Social Engineering Technology 127

Bleeping Computer

JANUARY 24, 2022

Since December 2021, a growing trend in phishing campaigns has emerged that uses malicious PowerPoint documents to distribute various types of malware, including remote access and information-stealing trojans. [.].

Phishing 133

Phishing Malware 133

Security Boulevard

JANUARY 28, 2022

Cybertechnology has always been an issue in the drone industry, but its reach is expanding and evolving in multiple dimensions. Traditional cybersecurity concerns in the drone world referred either to the vulnerability of drone data and operations to cyberattacks, or the role that drones played in perpetrating cyberattacks themselves. But a new challenge has appeared, The post From Drone to Counter-Drone: The Shifting Role of Cybersecurity appeared first on Security Boulevard.

Cybersecurity 135

Cybersecurity IoT Risk Government 135

Tech Republic Security

JANUARY 26, 2022

Cisco's 2022 data privacy study finds that privacy budgets are up, and companies are seeing good return on these investments.

Data privacy 150

Data privacy 150

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

CyberSecurity Insiders

JANUARY 28, 2022

The 5G technology appears to be perfect from a distance, with its grand claims of fostering efficient interconnectivity and speedy data transfers between people, objects, and devices. From this claim alone, everything seems too good to be true. Despite the massive inclination that we might have to believe these claims, we must scrutinize the legitimacy of the claims being made by 5G providers and get to the reality of the situation to maintain a robust cybersecurity landscape for the long run.

IoT 131

IoT Technology Mobile Software 131

CSO Magazine

JANUARY 25, 2022

The U.S. federal government has been very active the past year, particularly with the cybersecurity executive order (EO) and associated tasks and goals that have come out of it. One framework and industry source that has been getting increased attention is the NIST Cybersecurity Framework (CSF). The CSF came out of another EO, 13636, which is from 2013 and directed NIST to work with stakeholders to develop a voluntary framework for reducing risk to critical infrastructure.

Risk 130

Risk Cybersecurity Government 130

Security Boulevard

JANUARY 23, 2022

via the Comic Noggins of Nitrozac and Snaggy at The Joy of Tech® ! Permalink. The post Joy Of Tech® ‘I See You Bought Activision Blizzard!’ appeared first on Security Boulevard.

135

135

The Hacker News

JANUARY 22, 2022

Latest analysis into the wiper malware that targeted dozens of Ukrainian agencies earlier this month has revealed "strategic similarities" to NotPetya malware that was unleashed against the country's infrastructure and elsewhere in 2017.

Malware 129

Malware Government 129

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

Risk