Sat.Feb 04, 2023 - Fri.Feb 10, 2023

article thumbnail

Pwned Passwords Adds NTLM Support to the Firehose

Troy Hunt

I think I've pretty much captured it all in the title of this post but as of about a day ago, Pwned Passwords now has full parity between the SHA-1 hashes that have been there since day 1 and NTLM hashes. We always had both as a downloadable corpus but as of just over a year ago with the introduction of the FBI data feed , we stopped maintaining downloadable behemoths of data.

Passwords 291
article thumbnail

Malware Delivered through Google Search

Schneier on Security

Criminals using Google search ads to deliver malware isn’t new, but Ars Technica declared that the problem has become much worse recently. The surge is coming from numerous malware families, including AuroraStealer, IcedID, Meta Stealer, RedLine Stealer, Vidar, Formbook, and XLoader. In the past, these families typically relied on phishing and malicious spam that attached Microsoft Word documents with booby-trapped macros.

Malware 232
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

From Progress to Bans: How Close Are Human Microchip Implants?

Lohrman on Security

A lot has happened in the past 12 months regarding human microchip implants. Here’s your roundup of recent developments.

287
287
article thumbnail

Finland’s Most-Wanted Hacker Nabbed in France

Krebs on Security

Julius “Zeekill” Kivimäki, a 25-year-old Finnish man charged with extorting a local online psychotherapy practice and leaking therapy notes for more than 22,000 patients online, was arrested this week in France. A notorious hacker convicted of perpetrating tens of thousands of cybercrimes, Kivimäki had been in hiding since October 2022, when he failed to show up in court and Finland issued an international warrant for his arrest.

article thumbnail

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

Speaker: Speakers:

They say a defense can be measured by its weakest link. In your cybersecurity posture, what––or who––is the weakest link? And how can you make them stronger? This webinar will equip you with the resources to search for quality training, implement it, and improve the cyber-behaviors of your workforce. By the end of the hour, you will feel empowered to improve the aspects of your security posture you control the least – the situational awareness and decision-making of your workforce.

article thumbnail

Weekly Update 334

Troy Hunt

Did I really need to get a connected BBQ? No more than I needed to connect most of the other things in the house which is to say "a bit useful but not entirely necessary" But it's a fascinating process when looked at through the lens of how accessible the technology is to your average person given it's embedded in a consumer-orientated product.

VPN 212
article thumbnail

Hacking the Tax Code

Schneier on Security

The tax code isn’t software. It doesn’t run on a computer. But it’s still code. It’s a series of algorithms that takes an input—financial information for the year—and produces an output: the amount of tax owed. It’s incredibly complex code; there are a bazillion details and exceptions and special cases. It consists of government laws, rulings from the tax authorities, judicial decisions, and legal opinions.

Hacking 231

More Trending

article thumbnail

KrebsOnSecurity in Upcoming Hulu Series on Ashley Madison Breach

Krebs on Security

KrebsOnSecurity will likely have a decent amount of screen time in an upcoming Hulu documentary series about the 2015 megabreach at marital infidelity site Ashley Madison. While I can’t predict what the producers will do with the video interviews we shot, it’s fair to say the series will explore compelling new clues as to who may have been responsible for the attack.

Media 211
article thumbnail

New cybersecurity data reveals persistent social engineering vulnerabilities

Tech Republic Security

Ransomware was down last year, though LockBit led threat actors and employees opened a third of the toxic emails in the last six months of 2022. The post New cybersecurity data reveals persistent social engineering vulnerabilities appeared first on TechRepublic.

article thumbnail

Attacking Machine Learning Systems

Schneier on Security

The field of machine learning (ML) security—and corresponding adversarial ML—is rapidly advancing as researchers develop sophisticated techniques to perturb, disrupt, or steal the ML model or data. It’s a heady time; because we know so little about the security of these systems, there are many opportunities for new researchers to publish in this field.

article thumbnail

Amazing Fast Crypto for IoT — US NIST Fingers ASCON

Security Boulevard

Implementing modern cryptography standards on tiny IoT devices is hard. They’re underpowered, need to sip battery charge and something like AES is often overkill. The post Amazing Fast Crypto for IoT — US NIST Fingers ASCON appeared first on Security Boulevard.

IoT 144
article thumbnail

The Importance of User Roles and Permissions in Cybersecurity Software

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

article thumbnail

The Power of Relationships: Executive Buy-In and Security Culture for Bolstering Resilience

Cisco Security

“Where do we start?” This is the question every CISO asks about every new program. In fact, I ask and answer that question many times a month. There’s a reason for this, of course. A strong start to any project builds momentum, reassures stakeholders, and sets the stage for what’s to come. Security resilience initiatives are no different.

CISO 133
article thumbnail

How IT jobs and recruiting on the dark web might trick you

Tech Republic Security

A new Kaspersky report sheds light on why some tech pros look for jobs on the dark web and how to spot suspicious and likely illegal positions from recruiters in that environment. The post How IT jobs and recruiting on the dark web might trick you appeared first on TechRepublic.

article thumbnail

Mary Queen of Scots Letters Decrypted

Schneier on Security

This is a neat piece of historical research. The team of computer scientist George Lasry, pianist Norbert Biermann and astrophysicist Satoshi Tomokiyo—all keen cryptographers—initially thought the batch of encoded documents related to Italy, because that was how they were filed at the Bibliothèque Nationale de France. However, they quickly realised the letters were in French.

article thumbnail

Dutch Cops Bust ‘Exclu’ Messaging Service, Arrest 42

Security Boulevard

Police in the Netherlands broke open alleged drugs gangs by hacking an encrypted messenger service, Exclu. Lives were saved and alleged perps arrested. The post Dutch Cops Bust ‘Exclu’ Messaging Service, Arrest 42 appeared first on Security Boulevard.

article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

Will your incident response team fight or freeze when a cyberattack hits?

CSO Magazine

If there’s an intrusion or a ransomware attack on your company, will your security team come out swinging, ready for a real fight? CISOs may feel their staff is always primed with the technical expertise and training they need, but there’s still a chance they might freeze up when the pressure is on, says Bec McKeown, director of human science at cybersecurity training platform Immersive Labs.

CISO 132
article thumbnail

Royal ransomware spreads to Linux and VMware ESXi

Tech Republic Security

A new Linux version of Royal ransomware is targeting VMware ESXi virtual machines. Learn more about this security threat and how to protect from it. The post Royal ransomware spreads to Linux and VMware ESXi appeared first on TechRepublic.

article thumbnail

3 reasons not to repatriate cloud-based apps and data sets

InfoWorld on Security

Repatriation seems to be a hot topic these days as some applications and data sets return to where they came from. I’ve even been tagged in some circles as an advocate for repatriation, mostly because of this recent post. Once again I will restate my position: The overall goal is to find the most optimized architecture to support your business. Sometimes it’s on a public cloud, and sometimes it’s not.

article thumbnail

Do You Need EDR if You Already Have a Firewall?

Security Boulevard

Considering the effectiveness of an endpoint security solution when a firewall is already in place is a valid concern for any organization looking to run lean. On the surface, they can look like two solutions doing very much the same thing. However, they are as different as a guard fence and an internal alarm system, The post Do You Need EDR if You Already Have a Firewall?

Firewall 136
article thumbnail

Beware of Pixels & Trackers on U.S. Healthcare Websites

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

article thumbnail

Online safety laws: What’s in store for children’s digital playgrounds?

We Live Security

As children’s safety and privacy online becomes a matter of increasing urgency, lawmakers around the world push ahead on new regulations in the digital realm The post Online safety laws: What’s in store for children’s digital playgrounds?

121
121
article thumbnail

Massive ransomware operation targets VMware ESXi: How to protect from this security threat

Tech Republic Security

These ransomware infections on VMware ESXi software are due to a vulnerability that has existed since 2021. Find out the most targeted countries and how to secure your organization. The post Massive ransomware operation targets VMware ESXi: How to protect from this security threat appeared first on TechRepublic.

article thumbnail

List of Proxy IPs Used by Killnet, Released

Heimadal Security

Cybersecurity researchers published a list of proxy IP addresses used by the pro-Russian group Killnet to neutralize its attacks. The list, which contains over 17,746 IPs, was disclosed by SecurityScorecard researchers. Since March 2022, the Killnet group has launched DDoS attacks against governments and key infrastructure in nations that have shown support for Ukraine, including Italy, […] The post List of Proxy IPs Used by Killnet, Released appeared first on Heimdal Security Blog.

DDOS 120
article thumbnail

Third-Party Breaches Grow More Destructive  

Security Boulevard

Today’s cybersecurity landscape is riskier, costlier and more complicated than ever before, with bad actors capitalizing on global disruption and vulnerability with destructive third-party breaches, allowing them to compromise multiple victims in one fell swoop. Unfortunately, according to a Black Kite report, the magnitude of the problem is growing worse, and cybercriminals are learning new.

article thumbnail

Software Composition Analysis: The New Armor for Your Cybersecurity

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

article thumbnail

Cybersecurity Analysts Using ChatGPT for Malicious Code Analysis, Predicting Threats

eSecurity Planet

ChatGPT has raised alarm among cybersecurity researchers for its unnerving ability in composing everything from sophisticated malware to phishing lures – but it’s important to keep in mind that the tool can help support cybersecurity defenses as well. Shiran Grinberg, director of research and cyber operations at Cynet, told eSecurity Planet that too many companies are deterred by ChatGPT, rather than encouraging employees to leverage its functionality. “After all, I doubt you’l

article thumbnail

Metaverse adds new dimensions to Web 3.0 cybersecurity

Tech Republic Security

With more companies investing in Web 3.0 this year, including blockchain, gaming and the metaverse, the cat and mouse game will continue, but with more dimensions. The post Metaverse adds new dimensions to Web 3.0 cybersecurity appeared first on TechRepublic.

article thumbnail

Web beacons on websites and in e-mail

SecureList

There is a vast number of trackers , which gather information about users’ activities online. For all intents and purposes, we have grown accustomed to online service providers, marketing agencies, and analytical companies tracking our every mouse click, our social posts, browser and streaming services history. The collected data can be used for improving their user interfaces or the overall user experience, or to personalize ads.

article thumbnail

6clicks Taps GPT-3 to Automate Writing of GRC Controls

Security Boulevard

6clicks today announced it has integrated its namesake governance, risk and compliance management (GRC) platform with generative AI to make it simpler to create policies. The 6clicks platform is based on an artificial intelligence (AI) engine it developed with the GPT-3 platform created by OpenAI. Anthony Stevens, CEO of 6clicks, said creating policies based on.

article thumbnail

Cybersecurity Predictions for 2024

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

article thumbnail

Cohesity Data Cloud 7.0 enhances privileged access authentication, ransomware recovery

CSO Magazine

Data security and management vendor has announced the 7.0 software release of its Cohesity Data Cloud platform. The release provides customers with enhanced cyber resiliency capabilities to help protect and secure data against cyberattacks, the firm stated in its announcement. Expanded features include privileged access hardening, accelerated ransomware recovery for files and objects, and attack surface reduction via AWS GovCloud support, Cohesity added.

article thumbnail

Personal data encryption in Windows 11

Tech Republic Security

There’s a new, more secure way to encrypt files in Windows 11, but it’s only an option for building secure applications, not a replacement for BitLocker. The post Personal data encryption in Windows 11 appeared first on TechRepublic.

article thumbnail

Hard drugs actively sold on Twitter in plain sight. Twitter says it doesn’t breach its safety policies

Graham Cluley

Want to sell some cocaine, ecstasy (MDMA), crystal meth, or magic mushrooms? Twitter could be the place for you. And the site isn't going to do anything to shut down your account.

article thumbnail

Reddit Hacked — 2FA is no Phishing Phix

Security Boulevard

Reddit got hacked with a “sophisticated” spear phishing attack. The individual victim was an employee who clicked the wrong email link. The post Reddit Hacked — 2FA is no Phishing Phix appeared first on Security Boulevard.

Phishing 111
article thumbnail

From Complexity to Clarity: Strategies for Effective Compliance and Security Measures

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.