Sat.Jun 11, 2022 - Fri.Jun 17, 2022

article thumbnail

Attacking the Performance of Machine Learning Systems

Schneier on Security

Interesting research: “ Sponge Examples: Energy-Latency Attacks on Neural Networks “: Abstract: The high energy costs of neural network training and inference led to the use of acceleration hardware such as GPUs and TPUs. While such devices enable us to train large-scale neural networks in datacenters and deploy them on edge devices, their designers’ focus so far is on average-case performance.

303
303
article thumbnail

Crosspost: A Simple SOAR Adoption Maturity Model

Anton on Security

Originally written for a new Chronicle blog. As security orchestration, automation and response (SOAR) adoption continues at a rapid pace , security operations teams have a greater need for a structured planning approach. My favorite approach has been a maturity model, vaguely modeled on the CMM approach. For example, in my analyst days, I built a maturity model for a SOC (2018) , a SIEM deployment (2018) and vulnerability management (2017).

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

SHARED INTEL: VCs pumped $21.8 billion into cybersecurity in 2021 — why there’s more to come

The Last Watchdog

At the start of this year, analysts identified a number of trends driving the growth of cybersecurity. Among them: an expanding digital footprint, growing attack surfaces, and increasing government regulation. Related: Taking API proliferation seriously. Last year saw an unprecedented $21.8 billion in venture capital poured into cybersecurity companies globally.

article thumbnail

Ransomware Group Debuts Searchable Victim Data

Krebs on Security

Cybercrime groups that specialize in stealing corporate data and demanding a ransom not to publish it have tried countless approaches to shaming their victims into paying. The latest innovation in ratcheting up the heat comes from the ALPHV/BlackCat ransomware group, which has traditionally published any stolen victim data on the Dark Web. Today, however, the group began publishing individual victim websites on the public Internet, with the leaked data made available in an easily searchable form

article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

Tracking People via Bluetooth on Their Phones

Schneier on Security

We’ve always known that phones—and the people carrying them—can be uniquely identified from their Bluetooth signatures, and that we need security techniques to prevent that. This new research shows that that’s not enough. Computer scientists at the University of California San Diego proved in a study published May 24 that minute imperfections in phones caused during manufacturing create a unique Bluetooth beacon , one that establishes a digital signature or fingerprint di

article thumbnail

‘Potentially dangerous’ Office 365 flaw discovered

Tech Republic Security

Proofpoint says the piece of functionality allows ransomware to encrypt files stored on Microsoft SharePoint and OneDrive. The post ‘Potentially dangerous’ Office 365 flaw discovered appeared first on TechRepublic.

More Trending

article thumbnail

Microsoft Patch Tuesday, June 2022 Edition

Krebs on Security

Microsoft on Tuesday released software updates to fix 60 security vulnerabilities in its Windows operating systems and other software, including a zero-day flaw in all supported Microsoft Office versions on all flavors of Windows that’s seen active exploitation for at least two months now. On a lighter note, Microsoft is officially retiring its Internet Explorer (IE) web browser, which turns 27 years old this year.

article thumbnail

Hacking Tesla’s Remote Key Cards

Schneier on Security

Interesting vulnerability in Tesla’s NFC key cards: Martin Herfurt, a security researcher in Austria, quickly noticed something odd about the new feature: Not only did it allow the car to automatically start within 130 seconds of being unlocked with the NFC card, but it also put the car in a state to accept entirely new keys­with no authentication required and zero indication given by the in-car display. “The authorization given in the 130-second interval is too general… [it

Hacking 235
article thumbnail

How to back up your Authy app

Tech Republic Security

In this step-by-step guide, learn how to enable the backup feature within the two-factor authentication application Authy. The post How to back up your Authy app appeared first on TechRepublic.

Backups 157
article thumbnail

Iran-linked Lyceum APT adds a new.NET DNS Backdoor to its arsenal

Security Affairs

Iran-linked Lyceum APT group uses a new.NET-based DNS backdoor to target organizations in the energy and telecommunication sectors. The Iran-linked Lyceum APT group, aka Hexane or Spilrin, used a new.NET-based DNS backdoor in a campaign aimed at companies in the energy and telecommunication sectors, ZScaler researchers warn. The activity of the Lyceum APT group was first documented earlier in August 2019 by researchers at ICS security firm Dragos which tracked it as Hexane.

DNS 144
article thumbnail

Beware of Pixels & Trackers on U.S. Healthcare Websites

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

article thumbnail

How to Build Cybersecurity Resilience

Security Boulevard

Cybersecurity has been changing rapidly over the past couple of years, due in no small part to the COVID-19 pandemic. In response, organizations have digitized at an unprecedented rate and, in the process, created new opportunities for cybersecurity shortfalls. Here are four trends that, in addition to the anticipated rise in ransomware, should affect how.

article thumbnail

M1 Chip Vulnerability

Schneier on Security

This is a new vulnerability against Apple’s M1 chip. Researchers say that it is unpatchable. Researchers from MIT’s Computer Science and Artificial Intelligence Laboratory, however, have created a novel hardware attack, which combines memory corruption and speculative execution attacks to sidestep the security feature. The attack shows that pointer authentication can be defeated without leaving a trace, and as it utilizes a hardware mechanism, no software patch can fix it.

article thumbnail

How to fix the four biggest problems with failed VPN connections

Tech Republic Security

Is your VPN connected but not working? Learn four of the biggest trouble areas with VPN connections and how you can fix them today. The post How to fix the four biggest problems with failed VPN connections appeared first on TechRepublic.

VPN 157
article thumbnail

Over 2 Million People Have Downloaded Android Malware from the Google Play Store

Heimadal Security

Last month, security specialists found adware and info-stealing malware on the Google Play Store, with at least five threats still obtainable and with more than 2 million downloads. Adware infections showing unsolicited ads degrade the user experience, use up the battery, generate heat, and can even lead to fraudulent transactions. This software typically attempts to […].

Adware 138
article thumbnail

Software Composition Analysis: The New Armor for Your Cybersecurity

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

article thumbnail

How Emotet is changing tactics in response to Microsoft’s tightening of Office macro security

We Live Security

Emotet malware is back with ferocious vigor, according to ESET telemetry in the first four months of 2022. Will it survive the ever-tightening controls on macro-enabled documents? The post How Emotet is changing tactics in response to Microsoft’s tightening of Office macro security appeared first on WeLiveSecurity.

Malware 138
article thumbnail

Most of the cyber attacks in Canada are ransomware genre

CyberSecurity Insiders

According to a study conducted by Blake, Cassels Graydon LLP, most of the cyber attacks that were targeted on Canadian companies were of ransomware genre and alarmingly there was an increase in frequency and complexity of attacks. Coming to ransomware payments, there was a 25% increase in such attacks exceeding USD $1 million on average. From now on, Canadian businesses will be required to report any kind of digital assaults within 72 hours under a new law introduced early this week.

article thumbnail

Half of IT leaders say passwords too weak for security purposes

Tech Republic Security

Most IT leaders are worried about passwords being stolen at their organization, according to a survey from Ping Identity. The post Half of IT leaders say passwords too weak for security purposes appeared first on TechRepublic.

Passwords 152
article thumbnail

Hertzbleed exposes computers’ secret whispers

Malwarebytes

Hertzbleed is the name for a vulnerability that can be used to obtain cryptographic keys and other secret data from Intel and AMD CPUs, remotely. It works by monitoring changes in power consumption, which can be deduced by the careful timing of known workloads, thanks to a processor power saving feature called dynamic voltage and frequency scaling (DVFS).

article thumbnail

From Complexity to Clarity: Strategies for Effective Compliance and Security Measures

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

article thumbnail

HIPAA FAIL: ~33% of Hospital Websites Send PII to Facebook

Security Boulevard

A study shows many U.S. hospitals are leaking personal information to Facebook. Experts say it’s a HIPAA violation. The post HIPAA FAIL: ~33% of Hospital Websites Send PII to Facebook appeared first on Security Boulevard.

article thumbnail

New Vytal Chrome extension hides location info that your VPN can't

Bleeping Computer

A new Google Chrome browser extension called Vytal prevents webpages from using programming APIs to find your geographic location leaked, even when using a VPN. [.].

VPN 144
article thumbnail

State-sponsored Chinese threat actors compromise telecommunications and network services providers

Tech Republic Security

Threat actors originating from the People's Republic of China are exploiting known vulnerabilities to build a broad network infrastructure of compromised machines worldwide. Learn more about how to protect yourself from this threat. The post State-sponsored Chinese threat actors compromise telecommunications and network services providers appeared first on TechRepublic.

article thumbnail

Interpol arrests thousands of scammers in operation “First Light 2022”

The State of Security

Law enforcement agencies around the world appear to have scored a major victory in the fight against fraudsters, in an operation which has seized tens of millions of dollars and seen more than 2000 people arrested. Read more in my article on the Tripwire State of Security blog.

article thumbnail

Successful Change Management with Enterprise Risk Management

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

article thumbnail

What are the Consequences of a Data Breach?

Security Boulevard

2022 has proved to be the year where it’s impossible to negate the consequences of a data breach. Data breaches have the potential to destroy businesses. A small company can shut down all operations within six months of a breach. Larger companies can withstand the pinch, but not without a hefty cost. Even multinationals can […]. The post What are the Consequences of a Data Breach?

article thumbnail

Hello XD ransomware now drops a backdoor while encrypting

Bleeping Computer

Cybersecurity researchers report increased activity of the Hello XD ransomware, whose operators are now deploying an upgraded sample featuring stronger encryption. [.].

article thumbnail

Review: System Mechanic Ultimate Defense

Tech Republic Security

System Mechanic Ultimate Defense is a Windows utility intended to optimize system performance, secure the OS and user data/credentials and perform data recovery services. Learn more about how it works and how the features rate. The post Review: System Mechanic Ultimate Defense appeared first on TechRepublic.

Software 148
article thumbnail

The State of Security: Ransomware

The State of Security

Sophos Labs recently released its annual global study, State of Ransomware 2022, which covers real-world ransomware experiences in 2021, their financial and operational impact on organizations, as well as the role of cyber insurance in cyber defense. The report, which surveyed 5,600 IT professionals in mid-sized organizations across 31 countries, shows that ransomware attacks are […]… Read More.

article thumbnail

Cover Your SaaS: How to Overcome Security Challenges and Risks For Your Organization

Speaker: Ronald Eddings, Cybersecurity Expert and Podcaster

So, you’ve accomplished an organization-wide SaaS adoption. It started slow, and now just a few team members might be responsible for running Salesforce, Slack, and a few others applications that boost productivity, but it’s all finished. Or is it? Through all the benefits offered by SaaS applications, it’s still a necessity to onboard providers as quickly as possible.

article thumbnail

Interpol arrests 2000 criminals launching social engineering attacks

CyberSecurity Insiders

In what appears as an operation first of its kind, Interpol has arrested over 2000 criminals who launched social engineering attacks worldwide. The operation to nab thousands of cyber criminals at a time was named ‘ First Light 2022’ and was performed with the coordination of police forces from about 76 countries. Social engineering attacks are crimes that involve business email compromise, job scams, X-rated scams using beautiful faces of women, mainly models, telephone scams, money laundering,

article thumbnail

PyPI package 'keep' mistakenly included a password stealer

Bleeping Computer

PyPI packages 'keep,' 'pyanxdns,' 'api-res-py' were found to contain a password-stealer and a backdoor due to the presence of malicious 'request' dependency within some versions. [.].

Passwords 145
article thumbnail

New botnet and cryptominer Panchan attacking Linux servers

Tech Republic Security

Panchan is going after telecom and education providers using novel and unique methods to thwart defenses and escalate privileges. The post New botnet and cryptominer Panchan attacking Linux servers appeared first on TechRepublic.

Education 148
article thumbnail

What is a Cyberattack? Types and Defenses

eSecurity Planet

A cyberattack is any action taken by a cyber criminal in an attempt to illegally gain control of a computer, device, network, or system with malicious intent. Cyber criminals may damage, destroy, steal, encrypt, expose, or leak data as well as cause harm to a system. Cyberattacks are on the rise, with cyber criminal trends and techniques becoming increasingly sophisticated and creative.

Backups 130
article thumbnail

How Preparation and Strategy Can Be Used to Fight and Defeat Any Ransomware Attack

Speaker: Karl Camilleri, Cloud Services Product Manager at phoenixNAP

Did you know that 2021 was a record-breaking year for ransomware? The days of a “once in a while” attack against businesses and organizations are over. Cyberthreats have become a serious issue. With 495.1 million attacks, the threat marked a 148% increase compared to 2020 and was the most expensive year on record! As a result, data protection needs to be a concern for most banks, businesses, and information technology specialists.