Schneier on Security
MARCH 4, 2022
Researchers have found a major encryption flaw in 100 million Samsung Galaxy phones. From the abstract: In this work, we expose the cryptographic design and implementation of Android’s Hardware-Backed Keystore in Samsung’s Galaxy S8, S9, S10, S20, and S21 flagship devices. We reversed-engineered and provide a detailed description of the cryptographic design and code structure, and we unveil severe design flaws.
Krebs on Security
MARCH 1, 2022
A Ukrainian security researcher this week leaked several years of internal chat logs and other sensitive data tied to Conti , an aggressive and ruthless Russian cybercrime group that focuses on deploying its ransomware to companies with more than $100 million in annual revenue. The chat logs offer a fascinating glimpse into the challenges of running a sprawling criminal enterprise with more than 100 salaried employees.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
The Last Watchdog
FEBRUARY 28, 2022
One could make the argument that Application Programming Interfaces — APIs – are a vital cornerstone of digital transformation. Related: How a dynamic WAF can help protect SMBs. APIs interconnect the underlying components of modern digital services in a very flexible, open way. This has resulted in astounding innovations in cloud services, mobile computing, IoT systems and agile software development.
Tech Republic Security
MARCH 1, 2022
The vulnerability lies in how Samsung implemented a portion of the Android Trusted Execution Environment, leading to devices as new as the S21 being vulnerable to initialization vector reuse attacks. The post 100 million Samsung phones affected by encryption weakness appeared first on TechRepublic.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Schneier on Security
MARCH 1, 2022
Nice piece of research : Abstract: Among the many types of malicious codes, ransomware poses a major threat. Ransomware encrypts data and demands a ransom in exchange for decryption. As data recovery is impossible if the encryption key is not obtained, some companies suffer from considerable damage, such as the payment of huge amounts of money or the loss of important data.
Graham Cluley
FEBRUARY 28, 2022
A game, developed by the so-called IT Army of Ukraine, makes it easy for anyone around the world to contribute to the overloading of Russian websites while playing a version of the simple sliding puzzle "2048.".
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Tech Republic Security
MARCH 1, 2022
A new type of malware attack is hitting Ukraine, and it renders the victim's machine useless. The post Destructive “HermeticWiper” malware strikes Ukraine appeared first on TechRepublic.
Schneier on Security
FEBRUARY 28, 2022
Tarah Wheeler and Josephine Wolff analyze a recent court decision that the NotPetya attacks are not considered an act of war under the wording of Merck’s insurance policy, and that the insurers must pay the $1B+ claim. Wheeler and Wolff argue that the judge “did the right thing for the wrong reasons.
Security Boulevard
MARCH 1, 2022
In one of the most impactful European conflicts since World War II, Russian troops have invaded neighboring Ukraine, a sovereign nation. While the effects of this war on world peace and stability remain to be seen and while a larger conflict involving other nations including the U.S. could soon become a reality, the uncomfortable truth. The post Ignoring US Cybersecurity Vulnerabilities No Longer an Option appeared first on Security Boulevard.
Bleeping Computer
MARCH 1, 2022
A Ukrainian researcher continues to deal devastating blows to the Conti ransomware operation, leaking further internal conversations, as well as the source for their ransomware, administrative panels, and more. [.].
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Tech Republic Security
MARCH 2, 2022
Eighty-four percent of organizations were phishing victims last year, 59% of whom were hit with ransomware. Why, then, do less than a quarter of boards think ransomware is a top priority? The post Ransomware infections top list of the most common results of phishing attacks appeared first on TechRepublic.
CSO Magazine
MARCH 2, 2022
Since Russia launched a full-scale military invasion into Ukraine on February 23, a series of cyberattacks have been detected targeting Ukrainian businesses, websites and government agencies amid the ongoing conflict. Meanwhile, organizations in the cybersecurity sector have begun taking action to provide help and support to those directly and subsequently impacted by cyber incidents relating to the Ukraine-Russia crisis.
Security Boulevard
MARCH 2, 2022
A survey of more than 250 security, application and DevOps executives and professionals published today by Salt Security found 95% of respondents experienced a security incident involving application programming interfaces (APIs) in the last 12 months, with 62% reporting they slowed down the rollout of an application because of API security concerns.
Bleeping Computer
MARCH 1, 2022
Microsoft has started rolling out its new endpoint security solution for small and medium-sized businesses (SMBs) known as Microsoft Defender for Business to Microsoft 365 Business Premium customers worldwide starting today, March 1st. [.].
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Tech Republic Security
MARCH 1, 2022
If you're using WordPress, you need to consider one or more of these security plugins to keep your website safe from attack. The post 5 WordPress plugins to bolster security appeared first on TechRepublic.
InfoWorld on Security
MARCH 1, 2022
Want to know who has the most stressful job in the enterprise these days? It’s the CISO, or chief information security officer. This is typically a senior-level executive responsible for developing and implementing information security programs and the person first on the hook if a breach occurs. Many of these brave men and women took on the role prior to the pandemic when vulnerable applications and data could be placed within a secure domain—typically, a well-defined firewall. [ Also on InfoWo
Security Boulevard
MARCH 3, 2022
Beyond the disturbing images of the invasion of Ukraine that began February 24 are the invisible cyberattacks that preceded it and continue to be waged on Ukraine by Russian state-sponsored and other threat actors, which also threaten the West. Vedere Labs, Forescout’s threat intelligence and research team, is closely monitoring the evolution of cyber activities […].
Bleeping Computer
MARCH 2, 2022
The Log4Shell vulnerabilities in the widely used Log4j software are still leveraged by threat actors today to deploy various malware payloads, including recruiting devices into DDoS botnets and for planting cryptominers. [.].
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Tech Republic Security
MARCH 4, 2022
TechRepublic Premium content helps you solve your toughest IT issues and jumpstart your career or next project. The post TechRepublic Premium editorial calendar: IT policies, checklists, toolkits, and research for download appeared first on TechRepublic.
CyberSecurity Insiders
FEBRUARY 26, 2022
With everyone living online these days, web traffic to the online channels is on the upsurge. However, if you delve into the traffic, you’ll see that most of the traffic is not from legitimate users. Only less than half of the traffic is actual humans, the rest are bots including both good and bad bots. In the early days, the bots were used only for spamming or small scraping attempts.
Security Boulevard
MARCH 2, 2022
Why we need to clarify the ideal and acceptable outcomes If you want to deliver value faster, you need to know more than the problem you’re trying to solve. You also need to know what success looks like. Start by asking people to define and explain the ideal outcome. The ideal outcome is without restriction, […]. The post How to define outcomes to deliver value faster appeared first on Security Boulevard.
Heimadal Security
FEBRUARY 28, 2022
According to threat analysts, the year 2022 will mark the beginning of a change in hackers’ attention from huge corporations to individuals. Researchers base their prediction on a number of variables that point out how consumers are now more valuable to hackers than in the past. What Happened in 2021 and What Will Happen in 2022? […]. The post Hackers Might Shift Focus to Consumers Instead of Businesses in 2022 appeared first on Heimdal Security Blog.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Tech Republic Security
MARCH 4, 2022
Commentary: For years we’ve tried tackling security at the company or organizational level. The new Alpha-Omega Project seems to be taking a true industry-wide approach, and that’s promising. The post New OpenSSF project may finally be doing security right appeared first on TechRepublic.
CSO Magazine
MARCH 1, 2022
Corporate boards are asking their CISOs to inform them more often about cybersecurity risks. This gives security leaders an opportunity to help senior business stakeholders better understand security’s value and makes them more likely to support and strengthen security strategies. However, talking to the board about cybersecurity in a way that is productive can be a significant challenge, and failing to do so effectively can result in confusion, disillusionment, and a lack of cohesion among dire
Security Affairs
FEBRUARY 28, 2022
Anonymous and other hacker groups that responded to the call to war against Russia continue to launch cyberattacks on gov organizations and businesses. Anonymous and numerous hacker groups linked to the popular collective continue to launch cyber attacks against Russian and Belarussian government organizations and private businesses. In the last few days massive DDoS attacks have taken offline numerous websites of Russian government entities, including the Duma and Ministry of Defense.
eSecurity Planet
MARCH 4, 2022
The U.S. National Security Agency (NSA) released comprehensive network security guidance on March 3, on the same day that the Cybersecurity and Infrastructure Security Agency (CISA) released its longest-ever list of exploited vulnerabilities. With organizations around the world on heightened alert in the wake of Russia’s unprovoked war against Ukraine, government agencies have stepped up efforts too.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Tech Republic Security
MARCH 4, 2022
Coro’s report details a growing number of attacks on mid-sized businesses and the steps that need to be taken in order to be prepared. The post Cyberattacks on SMBs are increasing, will your business be ready? appeared first on TechRepublic.
Heimadal Security
MARCH 4, 2022
Two-factor authentication, also called multiple-factor or multiple-step verification, is an authentication mechanism used to double-check that your identity is legitimate. How Does Two-Factor Authentication Work? When you want to sign into your account, you are prompted to authenticate with a username and a password – that’s the first verification layer.
CyberSecurity Insiders
FEBRUARY 27, 2022
NVIDIA, the silicon processor making company of North America, has issued a public statement that few of its servers were affected by a ransomware attack that has nothing to do with the ongoing war between Russia and Ukraine. As the business and the other commercial activities remain uninterrupted, NVIDIA has pressed a few of its members from its technical team to investigate the nature and scope of the event; as most of its email and intercom, communication has been deeply affected.
CSO Magazine
MARCH 2, 2022
The Russian invasion of Ukraine has a very visible aspect as we see Ukrainians stand and fight the Russian military might. The geopolitical landscape is changing by the hour, as more governments take action to restrict Russia’s ability to wage war. Two aspects of the conflict have percolated to the top. These are the “information war” and the “war on information.
Speaker: William Hord, Vice President of ERM Services
A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.
Expert insights. Personalized for you.
290 
Let's personalize your content