Lohrman on Security

APRIL 9, 2023

From Lloyd’s of London to the new National Cybersecurity Strategy, the future of cyber insurance is evolving fast. What do you need to watch?

Cyber Insurance 248

Cyber Insurance Insurance Cybersecurity 248

Schneier on Security

APRIL 12, 2023

The FBI is warning people against using public phone-charging stations, worrying that the combination power-data port can be used to inject malware onto the devices: Avoid using free charging stations in airports, hotels, or shopping centers. Bad actors have figured out ways to use public USB ports to introduce malware and monitoring software onto devices that access these ports.

Malware 299

Malware Software Risk 299

Krebs on Security

APRIL 14, 2023

KrebsOnSecurity received a nice bump in traffic this week thanks to tweets from the Federal Bureau of Investigation (FBI) and the Federal Communications Commission (FCC) about “ juice jacking ,” a term first coined here in 2011 to describe a potential threat of data theft when one plugs their mobile device into a public charging kiosk. It remains unclear what may have prompted the alerts, but the good news is that there are some fairly basic things you can do to avoid having to worry

Mobile 266

Mobile Software Backups Technology 266

Tech Republic Security

APRIL 14, 2023

A new report from cyberthreat intelligence company Cybersixgill sees threat actors swarming to digital bazaars to collaborate, buy and sell malware and credentials. The post For cybercriminal mischief, it’s dark web vs deep web appeared first on TechRepublic.

Malware 198

Malware Cybercrime Ransomware Cybersecurity 198

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Bleeping Computer

APRIL 10, 2023

Yum! Brands, the brand owner of the KFC, Pizza Hut, and Taco Bell fast food chains, is now sending data breach notification letters to an undisclosed number of individuals whose personal information was stolen in a January 13 ransomware attack. [.

Data breaches 143

Data breaches Ransomware 143

Schneier on Security

APRIL 11, 2023

Car thieves are injecting malicious software into a car’s network through wires in the headlights (or taillights) that fool the car into believing that the electronic key is nearby. News articles.

Hacking 284

Hacking Software Malware 284

Tech Republic Security

APRIL 13, 2023

Android infections are also prevalent on the dark web, according to Kaspersky. Learn how to keep your workforce safe from these mobile and BYOD security threats. The post Google Play threats on the dark web are big business appeared first on TechRepublic.

Mobile 174

Mobile Cybersecurity 174

Bleeping Computer

APRIL 11, 2023

Microsoft has patched a zero-day vulnerability in the Windows Common Log File System (CLFS), actively exploited by cybercriminals to escalate privileges and deploy Nokoyawa ransomware payloads. [.

Ransomware 141

Ransomware 141

Schneier on Security

APRIL 14, 2023

You can beat the game without a computer : On a perfect [roulette] wheel, the ball would always fall in a random way. But over time, wheels develop flaws, which turn into patterns. A wheel that’s even marginally tilted could develop what Barnett called a ‘drop zone.’ When the tilt forces the ball to climb a slope, the ball decelerates and falls from the outer rim at the same spot on almost every spin.

Software 229

Software 229

Security Boulevard

APRIL 10, 2023

CAN You Not? Toyota RAV4 and many others vulnerable to CAN bus injection attack. Cars need zero-trust too. The post Yes, You CAN Steal This Car — by Opening the Fender appeared first on Security Boulevard.

IoT 138

IoT Security Awareness Mobile Malware 138

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Tech Republic Security

APRIL 10, 2023

With PingOne Neo, PingIdentity aims to accelerate “speed to trust”, supercharge identity management and put control of a user’s identity in the user’s pocket. The post PingIdentity launches decentralized identity management appeared first on TechRepublic.

Passwords 159

Passwords Cybersecurity 159

CyberSecurity Insiders

APRIL 13, 2023

Quantum computing, while still in its infancy, is developing rapidly and holds tremendous potential for solving complex computational problems. However, its growth also presents significant challenges to cybersecurity, as it has the potential to render traditional cryptographic algorithms obsolete. This guide aims to provide a comprehensive understanding of the implications of quantum computing on cybersecurity, review the most notable quantum security technologies and vendors, and offer real-wo

Cybersecurity 135

Cybersecurity Encryption Technology Authentication 135

Schneier on Security

APRIL 13, 2023

Thieves cut through the wall of a coffee shop to get to an Apple store, bypassing the alarms in the process. I wrote about this kind of thing in 2000, in Secrets and Lies (page 318): My favorite example is a band of California art thieves that would break into people’s houses by cutting a hole in their walls with a chainsaw. The attacker completely bypassed the threat model of the defender.

216

216

CSO Magazine

APRIL 10, 2023

Will artificial intelligence become clever enough to upend computer security? AI is already surprising the world of art by producing masterpieces in any style on demand. It’s capable of writing poetry while digging up arcane facts in a vast repository. If AIs can act like a bard while delivering the comprehensive power of the best search engines, why can’t they shatter security protocols, too?

Artificial Intelligence 135

Artificial Intelligence Cybersecurity Engineering 135

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Tech Republic Security

APRIL 12, 2023

In the face of growing risks from open-source software dependencies, Google Cloud is releasing its Assured Open Source Software (Assured OSS) service for Java and Python ecosystems at no cost. The post Google Cloud offers Assured Open Source Software for free appeared first on TechRepublic.

Software 150

Software Risk 150

Bleeping Computer

APRIL 14, 2023

Google has released an emergency Chrome security update to address the first zero-day vulnerability exploited in attacks since the start of the year. [.

145

145

The Hacker News

APRIL 10, 2023

Over one million WordPress websites are estimated to have been infected by an ongoing campaign to deploy malware called Balada Injector since 2017. The massive campaign, per GoDaddy's Sucuri, "leverages all known and recently discovered theme and plugin vulnerabilities" to breach WordPress sites. The attacks are known to play out in waves once every few weeks.

Malware 133

Malware 133

CyberSecurity Insiders

APRIL 12, 2023

By Jaye Tillson, Director of Strategy, Axis Security The iconic 1986 film “Top Gun” is one of my favorite films. In the movie, a group of elite fighter pilots train to become the best of the best. The film depicts a world of intense competition and high stakes, where the pilots must constantly prove themselves in order to earn their place among the elite.

CISO 134

CISO Cybersecurity Authentication Internet 134

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Tech Republic Security

APRIL 12, 2023

Graymail, phishing, vendor impersonation, and other BECs clogging up security teams’ time. The post Cybersecurity leaders see risk from email attacks, hybrid work appeared first on TechRepublic.

Risk 140

Risk Cybersecurity Phishing 140

Security Boulevard

APRIL 14, 2023

Your Cloud — But For How Long? WD’s My Cloud service is finally back online, but ransomware scrotes demand “eight figures.” The post Western Digital Redux: My Cloud Alive Again, Ransom is $10M+ appeared first on Security Boulevard.

Ransomware 133

Ransomware Social Engineering IoT Engineering 133

CSO Magazine

APRIL 14, 2023

The European Data Protection Board (EDPB) plans to launch a dedicated task force to investigate ChatGPT after a number of European privacy watchdogs raised concerns about whether the technology is compliant with the EU's General Data Protection Regulation (GDPR). Europe's national privacy regulators said on Thursday that the decision came following discussions about recent enforcement action undertaken by the Italian data protection authority against OpenAI regarding its ChatGPT service.

Technology 132

Technology 132

Thales Cloud Protection & Licensing

APRIL 13, 2023

Post-Quantum Cryptography (PQC): Three Easy Ways to Prepare madhav Fri, 04/14/2023 - 06:05 The infamous Y2K “disaster” was successfully averted because people paid heed and prepared well in advance. Likewise, many Post-Quantum Computing (PCQ) security concerns can be addressed ahead of time with proper planning. Organizations that rely on data security and protection need to start preparing and refining strategies immediately.

IoT 127

IoT Marketing Risk Encryption 127

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Tech Republic Security

APRIL 10, 2023

There are courses in this bundle for all skill levels; several require no previous tech background whatsoever. The post Learn what you need to protect your business with ethical hacking for just $45 appeared first on TechRepublic.

Hacking 135

Hacking 135

Naked Security

APRIL 10, 2023

That double-whammy Apple browser-to-kernel spyware bug combo we wrote up last week? Turns out it applies to all supported Macs and iDevices - patch now!

Spyware 143

Spyware 143

Bleeping Computer

APRIL 8, 2023

On Friday, five days into a massive outage impacting its cloud services, Western Digital finally provided customers with a workaround to access their files. [.

Technology 139

Technology 139

CyberSecurity Insiders

APRIL 12, 2023

StormWall , a premier cybersecurity firm specializing in the defense of websites, networks, and online services from Distributed Denial of Service (DDoS) attacks, has published an in-depth report on the DDoS landscape during the first quarter of 2023. The report stems from a detailed analysis of attacks targeting StormWall’s clientele, which spans various sectors such as finance, e-commerce, telecommunications, entertainment, transportation, education, and logistics.

DDOS 129

DDOS Telecommunications Data breaches Firmware 129

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

Tech Republic Security

APRIL 11, 2023

The service previously won the BestVPN.com Fastest VPN Award. The post Protect your company data with an Ivacy VPN lifetime subscription for $18 appeared first on TechRepublic.

VPN 131

VPN 131

Naked Security

APRIL 11, 2023

Stealing private keys is like getting hold of a medieval monarch's personal signet ring. you get to put an official seal on treasonous material.

Firmware 143

Firmware Data breaches Ransomware Malware 143

Bleeping Computer

APRIL 10, 2023

Apple has released emergency updates to backport security patches released on Friday, addressing two actively exploited zero-day flaws also affecting older iPhones, iPads, and Macs. [.

128

128

CSO Magazine

APRIL 13, 2023

The Polish government warns that a cyberespionage group linked to Russia's intelligence services is targeting diplomatic and foreign ministries from NATO and EU member states in an ongoing campaign that uses previously undocumented malware payloads. The group, known in the security industry as APT29, Cozy Bear, and NOBELIUM, is believed to be part of Russia's Foreign Intelligence Service (SVR) and is the group behind the 2020 supply chain attack against software company SolarWinds that led to th

Malware 126

Malware Government Software 126

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

Risk