Sat.Feb 05, 2022 - Fri.Feb 11, 2022

article thumbnail

Breaking 256-bit Elliptic Curve Encryption with a Quantum Computer

Schneier on Security

Researchers have calculated the quantum computer size necessary to break 256-bit elliptic curve public-key cryptography: Finally, we calculate the number of physical qubits required to break the 256-bit elliptic curve encryption of keys in the Bitcoin network within the small available time frame in which it would actually pose a threat to do so. It would require 317 × 10 6 physical qubits to break the encryption within one hour using the surface code, a code cycle time of 1 μ s, a reaction

article thumbnail

Weekly Update 281

Troy Hunt

I feel like perfect audio remains an unsolved problem for me. Somehow, a low "hiss" has slipped in over the last couple of weeks and messing around trying to solve it before recording this video only served to leave me without any audio at all on the first attempt, and the status quo remaining on the second attempt. And I still can't use my Apollo Twin DAC as an input device almost a year on from when I bought it.

295
295
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

FBI: Criminals escalating SIM swap attacks to steal millions of dollars

Tech Republic Security

The federal agency says hundreds of victims have lost money due to scams over a two-year span. The post FBI: Criminals escalating SIM swap attacks to steal millions of dollars appeared first on TechRepublic.

Scams 211
article thumbnail

Hidden in plain sight: How the dark web is spilling onto social media

We Live Security

A trip into the dark corners of Telegram, which has become a magnet for criminals peddling everything from illegal drugs to fake money and COVID-19 vaccine passes. The post Hidden in plain sight: How the dark web is spilling onto social media appeared first on WeLiveSecurity.

Media 145
article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

FBI shares Lockbit ransomware technical details, defense tips

Bleeping Computer

The Federal Bureau of Investigation (FBI) has released technical details and indicators of compromise associated with Lockbit ransomware attacks in a new flash alert published this Friday. [.].

article thumbnail

Update now! Apple fixes actively exploited zero-day

Malwarebytes

Apple has released a security fix for a zero-day vulnerability ( CVE-2022-22620 ) that it says “may have been actively exploited.” According to the security update information provided by Apple the vulnerability exists in WebKit—the HTML rendering engine component of its Safari browser—and can be used by an attacker to create web content that may lead to arbitrary code execution.

More Trending

article thumbnail

Cyber Attack disrupts Vodafone Portugal entire 4G and 5G Network

CyberSecurity Insiders

A malicious cyber attack has reportedly hit Vodafone Portugal servers, bringing the 4G and 5G network across the country to a complete halt since February 7th,2022. And news is out that the company couldn’t restore its servers even after 24 hours, deeply affecting wired landline services, SMS, mobile internet, digital TV and call services on a wholesome note.

article thumbnail

Mandiant is for Sale and Microsoft Should Get Serious with Enterprise Security

Security Boulevard

FireEye Failed, Mandiant is for Sale and it’s Time for Microsoft to Get Serious with Enterprise Security An autopsy of FireEye’s missteps and why Microsoft should Acquire Mandiant and create a Security Division It’s widely rumored that Microsoft (MSFT) is in talks to acquire Mandiant (MNDT), the company once known as FireEye (FEYE). As an. The post Mandiant is for Sale and Microsoft Should Get Serious with Enterprise Security appeared first on Security Boulevard.

article thumbnail

FritzFrog Botnet Is Back and Focuses on Education, Healthcare, and Government Entities

Heimadal Security

The FritzFrog botnet, which has been operative for more than two years, has reemerged with a concerning infection rate, having grodawn tenfold in just a month after compromising medical, education, and government systems via a vulnerable SSH server. The malware was noticed in August 2020 and is written in the Golang programming language. As explained […].

Education 127
article thumbnail

iOS users: Patch now to avoid falling prey to this WebKit vulnerability

Tech Republic Security

iPhones, iPads and the iPod Touch are all at risk, and it doesn’t matter what web browser you use: All of them could let an attacker execute arbitrary code on an infected device. The post iOS users: Patch now to avoid falling prey to this WebKit vulnerability appeared first on TechRepublic.

Risk 191
article thumbnail

Beware of Pixels & Trackers on U.S. Healthcare Websites

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

article thumbnail

Microsoft disables macros to curtail Malware Cyber Attacks

CyberSecurity Insiders

Microsoft has made it official that it has disabled macros across its office products to block malware cyber attacks. The tech giant announced officially that from now on the macros feature in the Visual Basic for Applications (VBA) running across Word, PowerPoint, Excel, Access and Visio will be in disabled form and will have to be activated on a manual note by the admin or the device owner.

article thumbnail

7 top challenges of security tool integration

CSO Magazine

Enterprises are frequently deploying new security tools and services to address needs and threats. A key consideration is how to integrate these various offerings—in many cases provided by different vendors—into the existing infrastructure to support a cohesive security strategy. The move to the cloud has made security integration somewhat easier, but the process can still be a major hurdle for organizations as they try to build strong protection against the latest threats.

130
130
article thumbnail

PHP Everywhere RCE flaws threaten thousands of WordPress sites

Bleeping Computer

Researchers found three critical remote code execution (RCE) vulnerabilities in the PHP Everywhere plugin for WordPress, used by over 30,000 websites worldwide. [.].

137
137
article thumbnail

Cybersecurity incident response: The 6 steps to success

Tech Republic Security

Cybersecurity incident response is not only about handling an incident – it’s also about preparing for any possible incident and learning from it. Here are six steps for a successful and efficient cybersecurity incident response. The post Cybersecurity incident response: The 6 steps to success appeared first on TechRepublic.

article thumbnail

Software Composition Analysis: The New Armor for Your Cybersecurity

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

article thumbnail

What Is DevSecOps and Why Is It Important for Cybersecurity?

CyberSecurity Insiders

By Jenna Bunnell – Senior Manager, Content Marketing, Dialpad. With 53% of businesses saying it’s likely their enterprise will experience a cyberattack in the next 12 months, cybersecurity has never been more important. Software development companies can’t afford to release vulnerable products – but they also have to balance the time it takes to run security checks against the pressure to release software rapidly in a competitive market.

article thumbnail

Social Engineering from the Attacker Perspective

Security Through Education

At Social-Engineer, LLC (SECOM), we define social engineering as “any act that influences a person to take an action that may or may not be in their best interest.” If you Google “social engineering,” you will get a very different and more negative definition. However, I prefer our definition, with more broad and general terms, because I feel that social engineering is not always negative.

article thumbnail

CISA warns about 15 actively exploited vulnerabilities

CSO Magazine

The US Cybersecurity and Infrastructure Security Agency (CISA) has added 15 more vulnerabilities to its catalog of flaws that are actively exploited in the wild by hackers. Some are older dating back to 2014, but two are from the past two years and are in Windows components. "These types of vulnerabilities are a frequent attack vector for malicious cyber actors of all types and pose significant risk to the federal enterprise," the agency said in its advisory.

Risk 127
article thumbnail

IBM and Snyk: Developers must lead the charge on cybersecurity

Tech Republic Security

IBM developer advocate and the founder of Snyk talk about changing the way developers think about cybersecurity. The post IBM and Snyk: Developers must lead the charge on cybersecurity appeared first on TechRepublic.

article thumbnail

From Complexity to Clarity: Strategies for Effective Compliance and Security Measures

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

article thumbnail

30,000 WordPress Websites Are at Risk Due to RCE Bugs in PHP Everywhere

Heimadal Security

Three critical Remote Code Execution (RCE) weaknesses were discovered by cybersecurity experts in the ‘PHP Everywhere’ WordPress plugin, which is used by more than 30,000 sites all over the world. What Is PHP Everywhere? PHP Everywhere is a WordPress plugin that is intended to let site owners insert PHP code in pages, posts, the sidebar, […].

Risk 121
article thumbnail

AI & ML Cybersecurity: The Latest Battleground for Attackers & Defenders

eSecurity Planet

Machine learning (ML) and artificial intelligence (AI) have emerged as critical tools for dealing with the ever-growing volume and complexity of cybersecurity threats. Machines can recognize patterns to detect malware and unusual activity better than humans and classic software. The technology also predicts potential attacks and automatically responds to threats by identifying specific trends and cycles.

article thumbnail

New Magnet Forensics app automates, coordinates cybersecurity response

CSO Magazine

A slow response to a data breach or other cybersecurity incident can cost companies time and money, as well as damage to their reputation. To help companies accelerate their response to cybersecurity incidents, Magnet Forensics is offering a new application, Magnet Automate Enterprise, designed to automatically trigger investigations into security breaches and synchronize incident detection and response tasks by third party tools.

article thumbnail

Hackers have begun adapting to wider use of multi-factor authentication

Tech Republic Security

Proofpoint researchers have found that “phish kits” available for purchase online are beginning to adapt to MFA by adding transparent reverse proxies to their list of tools. The post Hackers have begun adapting to wider use of multi-factor authentication appeared first on TechRepublic.

article thumbnail

Successful Change Management with Enterprise Risk Management

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

article thumbnail

Medusa Malware Increases the Number of Android SMS Phishing Cyberattacks

Heimadal Security

Medusa malware was noticed to target multiple geographic regions. Its goal? Financial fraud and online credentials theft. More Details on Medusa Malware A new report from the ThreatFabric researchers came out revealing insights into the latest methods employed by this banking Trojan. Medusa malware, also known as TangleBot, has been leveraged in North America and […].

Phishing 121
article thumbnail

Who dropped the DB? Find out with Teleport Database Access

Graham Cluley

Graham Cluley Security News is sponsored this week by the folks at Teleport. Thanks to the great team there for their support! You’re woken up at 3 am, only to discover your worst nightmare. The new intern just deleted the production database during routine maintenance by accident. You quickly restore from a backup. During the … Continue reading "Who dropped the DB?

Backups 126
article thumbnail

Top 5 Reasons Companies Choose Arkose Labs Over reCAPTCHA Enterprise

Security Boulevard

Stopping automated attacks is key to protecting businesses and users in today’s threat landscape. Bots are vital to attackers being able to launch attacks at scale and profitably. To stop bot-driven attacks, many large companies rely on reCAPTCHA Enterprise, a version of google’s reCAPTCHA that claims to work invisibly on the back end to stop […]. The post Top 5 Reasons Companies Choose Arkose Labs Over reCAPTCHA Enterprise appeared first on Security Boulevard.

124
124
article thumbnail

How to enable end-to-end encryption in Facebook Messenger

Tech Republic Security

To keep your Facebook Messenger conversations private and secured, you should start using the new end-to-end encryption feature. Jack Wallen shows you how. The post How to enable end-to-end encryption in Facebook Messenger appeared first on TechRepublic.

article thumbnail

Cover Your SaaS: How to Overcome Security Challenges and Risks For Your Organization

Speaker: Ronald Eddings, Cybersecurity Expert and Podcaster

So, you’ve accomplished an organization-wide SaaS adoption. It started slow, and now just a few team members might be responsible for running Salesforce, Slack, and a few others applications that boost productivity, but it’s all finished. Or is it? Through all the benefits offered by SaaS applications, it’s still a necessity to onboard providers as quickly as possible.

article thumbnail

Hacking Group ‘ModifiedElephant’ Has Been Living Out of Sight for a Long Time

Heimadal Security

It has been discovered that a hacking group dubbed ‘ModifiedElephant’, described as an APT (advanced persistent threat) actor has been engaging in its malicious activities in secret for a decade, avoiding detection and correlation between attacks due to the employed methods. Bringing ‘ModifiedElephant’ Out of the Shadows Researchers from SentinelLabs have recently published a report […].

Hacking 118
article thumbnail

Gaming Application Penetration Testing - My Favorite 9 Business Logical Flaws

Appknox

Application Scenario. The target application is an online gaming application that offers a variety of games to play. You can earn money by playing a variety of games. This application organizes various battles. As a result, two users can participate in the games and win money. This application also gives users coins for playing games, which they can later exchange for buying profile pictures and other items & also users can withdraw the earned money later.

article thumbnail

Kubernetes Incident Response strategy – A Complete Guide 2022

Security Boulevard

The post Kubernetes Incident Response strategy – A Complete Guide 2022 appeared first on PeoplActive. The post Kubernetes Incident Response strategy – A Complete Guide 2022 appeared first on Security Boulevard.

124
124
article thumbnail

5 ways to improve the governance of unstructured data

Tech Republic Security

Bringing big data governance and security up to the level of practice applied to structured data is critical. Here are five ways to get there. The post 5 ways to improve the governance of unstructured data appeared first on TechRepublic.

article thumbnail

How Preparation and Strategy Can Be Used to Fight and Defeat Any Ransomware Attack

Speaker: Karl Camilleri, Cloud Services Product Manager at phoenixNAP

Did you know that 2021 was a record-breaking year for ransomware? The days of a “once in a while” attack against businesses and organizations are over. Cyberthreats have become a serious issue. With 495.1 million attacks, the threat marked a 148% increase compared to 2020 and was the most expensive year on record! As a result, data protection needs to be a concern for most banks, businesses, and information technology specialists.