Sat.Jun 11, 2022 - Fri.Jun 17, 2022

Tracking People via Bluetooth on Their Phones

Schneier on Security

We’ve always known that phones—and the people carrying them—can be uniquely identified from their Bluetooth signatures, and that we need security techniques to prevent that. This new research shows that that’s not enough.

Weekly Update 300

Troy Hunt

Well, we're about 2,000km down on this trip and are finally in Melbourne, which was kinda the point of the drive in the first place (things just escalated after that).

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Ransomware Group Debuts Searchable Victim Data

Krebs on Security

Cybercrime groups that specialize in stealing corporate data and demanding a ransom not to publish it have tried countless approaches to shaming their victims into paying.

Crosspost: A Simple SOAR Adoption Maturity Model

Anton on Security

Originally written for a new Chronicle blog. As security orchestration, automation and response (SOAR) adoption continues at a rapid pace , security operations teams have a greater need for a structured planning approach.

How Preparation and Strategy Can Be Used to Fight and Defeat Any Ransomware Attack

Speaker: Karl Camilleri, Cloud Services Product Manager at phoenixNAP

Through a detailed analysis of major attacks and their consequences, Karl Camilleri, Cloud Services Product Manager at phoenixNAP, will discuss the state of ransomware and future predictions, as well as provide best practices for attack prevention and recovery.

Attacking the Performance of Machine Learning Systems

Schneier on Security

Interesting research: “ Sponge Examples: Energy-Latency Attacks on Neural Networks “: Abstract: The high energy costs of neural network training and inference led to the use of acceleration hardware such as GPUs and TPUs.

245
245

SHARED INTEL: VCs pumped $21.8 billion into cybersecurity in 2021 — why there’s more to come

The Last Watchdog

At the start of this year, analysts identified a number of trends driving the growth of cybersecurity. Among them: an expanding digital footprint, growing attack surfaces, and increasing government regulation. Related: Taking API proliferation seriously. Last year saw an unprecedented $21.8 billion in venture capital poured into cybersecurity companies globally. Investors more than doubled down in 2021, increasing investment by about 145 percent.

More Trending

Lessons from the Gartner Security & Risk Management Summit

Lohrman on Security

What are the important trends regarding business risk and all things cybersecurity? Here are my top takeaways from the Gartner conference I attended this week.

Risk 148

M1 Chip Vulnerability

Schneier on Security

This is a new vulnerability against Apple’s M1 chip. Researchers say that it is unpatchable.

GUEST ESSAY: Five steps to improving identity management — and reinforcing network security

The Last Watchdog

The identity management market has grown to $13 billion and counting. While intuition would tell you enterprises have identity under control, that is far from reality. Related: Taking a zero-trust approach to access management. Current events, such as the global pandemic and ‘ The Great Resignation, ’ which have accelerated cloud adoption, remote working environments, and the number of business applications and systems in use has complicated matters.

Guilty as charged (or not) for spreading FUD about women in cyber

Jane Frankland

Judge: Jane Frankland, you have been picked up by the male police (one acting alone)) and stand here accused of potentially spreading FUD. On the 8 June you posted on LinkedIn highlighting data gaps and inconsistencies with regards to reporting for women in cyber, specifically methodologies.

Cover Your SaaS: How to Overcome Security Challenges and Risks For Your Organization

Speaker: Ronald Eddings, Cybersecurity Expert and Podcaster

In this webinar, Ronald Eddings, Cybersecurity Expert, will outline the relationship between SaaS apps and IT & security teams, along with several actionable solutions to overcome the new difficulties facing your organization.

“Downthem” DDoS-for-Hire Boss Gets 2 Years in Prison

Krebs on Security

A 33-year-old Illinois man was sentenced to two years in prison today following his conviction last year for operating services that allowed paying customers to launch powerful distributed denial-of-service (DDoS) attacks against hundreds of thousands of Internet users and websites. The user interface for Downthem[.]org. Matthew Gatrel of St. Charles, Ill. was found guilty for violations of the Computer Fraud and Abuse Act (CFAA) related to his operation of downthem[.]org org and ampnode[.]com

DDOS 126

Hacking Tesla’s Remote Key Cards

Schneier on Security

Atlassian Confluence Server Bug Under Active Attack to Distribute Ransomware

Dark Reading

Most of the attacks involve the use of automated exploits, security vendor says

Police Linked to Hacking Campaign to Frame Indian Activists

WIRED Threat Level

New details connect police in India to a plot to plant evidence on victims' computers that led to their arrest. Security Security / Cyberattacks and Hacks

How to Avoid the Pain and Cost of PCI Compliance While Optimizing Payments

Speaker: P. Andrew Sjogren, Sr. Product Marketing Manager at Very Good Security, Matt Doka, Co-Founder and CTO of Fivestars, and Steve Andrews, President & CEO of the Western Bankers Association 

In this webinar, we have a great set of panelists who will take you through how Zero Data strategies can be used as part of a well-rounded compliance and security approach, and get you to market much sooner by also allowing for payment optimization. They’ll share how to grow your business faster and minimize costs for both security and compliance

Radware Survey Reveals API Security Weaknesses

Security Boulevard

A survey published today suggests there is a disconnect between the perceived and actual level of security being applied to application programming interfaces (APIs).

Cryptanalysis of ENCSecurity’s Encryption Implementation

Schneier on Security

ENCSecurity markets a file encryption system, and it’s used by SanDisk, Sony, Lexar, and probably others. Despite it using AES as its algorithm, it’s implementation is flawed in multiple ways—and breakable.

Can global recruitment solve the cybersecurity hiring problem?

CyberSecurity Insiders

This blog was written by an independent guest blogger. It’s well known that there’s a pervasive cybersecurity skills shortage. The problem has multiple ramifications.

A compelling story

Cisco CSR

This article is part of a series in which we will explore several features, principles, and the building blocks of a security detection engine within an extended detection and response (XDR) solution.

Retail 112

Back to the Office: Privacy and Security Solutions to Compliance Issues for 2021 and Beyond

Speaker: Mike Cramer, Director of HIPAA & Data Security at The Word & Brown Companies

Now that companies are slowly allowing employees to return to work at the office, it's time to re-evaluate your company’s posture towards privacy and security. Join Mike Cramer, Director of HIPAA & Data Security at The Word & Brown Companies, for a discussion that will focus on compliance and the types of privacy and security measures your company should be aware of, as well as tips and methods for implementing these measures.

How to Build Cybersecurity Resilience

Security Boulevard

Cybersecurity has been changing rapidly over the past couple of years, due in no small part to the COVID-19 pandemic. In response, organizations have digitized at an unprecedented rate and, in the process, created new opportunities for cybersecurity shortfalls.

Upcoming Speaking Engagements

Schneier on Security

This is a current list of where and when I am scheduled to speak: I’m speaking at the Dublin Tech Summit in Dublin, Ireland, June 15-16, 2022. The list is maintained on this page

158
158

Delivering Apps Securely Across Any Network and Cloud

CyberSecurity Insiders

by Troye technical director Kurt Goodall. Businesses need to deliver apps with high reliability, deep visibility, and security across any network and cloud.

Iran-linked Lyceum APT adds a new.NET DNS Backdoor to its arsenal

Security Affairs

Iran-linked Lyceum APT group uses a new.NET-based DNS backdoor to target organizations in the energy and telecommunication sectors.

DNS 113

How China Hacked US Phone Networks

WIRED Threat Level

Plus: Russia rattles its cyber sword, a huge Facebook phishing operation is uncovered, feds take down the SSNDOB marketplace, and more. Security Security / Security News

MIT Researchers Discover New Flaw in Apple M1 CPUs That Can't Be Patched

The Hacker News

A novel hardware attack dubbed PACMAN has been demonstrated against Apple's M1 processor chipsets, potentially arming a malicious actor with the capability to gain arbitrary code execution on macOS systems.

Most of the cyber attacks in Canada are ransomware genre

CyberSecurity Insiders

According to a study conducted by Blake, Cassels Graydon LLP, most of the cyber attacks that were targeted on Canadian companies were of ransomware genre and alarmingly there was an increase in frequency and complexity of attacks.

What are the Consequences of a Data Breach?

Security Boulevard

2022 has proved to be the year where it’s impossible to negate the consequences of a data breach. Data breaches have the potential to destroy businesses. A small company can shut down all operations within six months of a breach.

WordPress Plug-in Ninja Forms Issues Update for Critical Bug

Dark Reading

The code injection vulnerability is being actively exploited in the wild, researchers say

106
106

BlackCat Ransomware Gang Targeting Unpatched Microsoft Exchange Servers

The Hacker News

Microsoft is warning that the BlackCat ransomware crew is leveraging exploits for unpatched Exchange server vulnerabilities to gain access to targeted networks.

Interpol arrests 2000 criminals launching social engineering attacks

CyberSecurity Insiders

In what appears as an operation first of its kind, Interpol has arrested over 2000 criminals who launched social engineering attacks worldwide.

What is a Cyberattack? Types and Defenses

eSecurity Planet

A cyberattack is any action taken by a cyber criminal in an attempt to illegally gain control of a computer, device, network, or system with malicious intent. Cyber criminals may damage, destroy, steal, encrypt, expose, or leak data as well as cause harm to a system.

HIPAA FAIL: ~33% of Hospital Websites Send PII to Facebook

Security Boulevard

A study shows many U.S. hospitals are leaking personal information to Facebook. Experts say it’s a HIPAA violation. The post HIPAA FAIL: ~33% of Hospital Websites Send PII to Facebook appeared first on Security Boulevard.

How Emotet is changing tactics in response to Microsoft’s tightening of Office macro security

We Live Security

Emotet malware is back with ferocious vigor, according to ESET telemetry in the first four months of 2022. Will it survive the ever-tightening controls on macro-enabled documents?

Ireland is now a part of the Microsoft Government Security Program (GSP)

CyberSecurity Insiders

Ireland government has proclaimed that it is joining Microsoft Government Security Program (GSP) and so will be getting needed help in defending its country’s critical infrastructure from cyber attacks.