Schneier on Security

JUNE 24, 2022

Earlier this month, I and others wrote a letter to Congress, basically saying that cryptocurrencies are an complete and total disaster, and urging them to regulate the space. Nothing in that letter is out of the ordinary, and is in line with what I wrote about blockchain in 2019. In response, Matthew Green has written —not really a rebuttal—but a “a general response to some of the more common spurious objections …people make to public blockchain systems.” In it, he

Cryptocurrency 364

Cryptocurrency Technology Scams Government 364

Lohrman on Security

JUNE 19, 2022

The United States and the European Union are planning to work together to secure digital infrastructure in developing countries. Here’s why this is vitally important.

Cybersecurity 361

Cybersecurity 361

Krebs on Security

JUNE 20, 2022

Check out this handmade sign posted to the front door of a shuttered Jimmy John’s sandwich chain shop in Missouri last week. See if you can tell from the store owner’s message what happened. If you guessed that someone in the Jimmy John’s store might have fallen victim to a Business Email Compromise (BEC) or “CEO fraud” scheme — wherein the scammers impersonate company executives to steal money — you’d be in good company.

Scams 346

Scams Media 346

Troy Hunt

JUNE 24, 2022

First up, I'm really sorry about the audio quality on this one. It's the exact same setup I used last week (and carefully tested first) but it's obviously just super sensitive to the wind. If you look at the trees in the background you can see they're barely moving, but inevitably that was enough to really mess with the audio quality.

Data breaches 311

Data breaches Hacking 311

Speaker: Erroll Amacker

Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.

Risk

Schneier on Security

JUNE 22, 2022

Interesting : What makes Symbiote different from other Linux malware that we usually come across, is that it needs to infect other running processes to inflict damage on infected machines. Instead of being a standalone executable file that is run to infect a machine, it is a shared object (SO) library that is loaded into all running processes using LD_PRELOAD (T1574.006), and parasitically infects the machine.

Malware 363

Malware 363

The Last Watchdog

JUNE 20, 2022

The Deep & Dark Web is a mystery to most in the mainstream today: many have heard about it, but few understand just a fraction of what’s going on there. Related: ‘IABs’ spread ransomware. Planning your roadmap, executing your projects, and keeping an eye on the barrage of ransomware headlines, it’s understandable if you and your team are feeling some anxiety.

Ransomware 260

Ransomware Marketing Data collection VPN 260

Anton on Security

JUNE 23, 2022

Let’s play a game and define a hypothetical market called Cloud Detection and Response (CDR). Note that it is no longer my job to define markets , so I am doing it for fun here (yes, people find the weirdest things to be fun! ) So, let’s define CDR as a type of a security tool primarily focused on detecting, confirming and investigating suspicious activities and other security problems in various public cloud environments , including, but not limited to IaaS, PaaS, SaaS.

Threat Detection 246

Threat Detection Marketing Technology 246

Schneier on Security

JUNE 21, 2022

Two bills attempting to reduce the power of Internet monopolies are currently being debated in Congress: S. 2992, the American Innovation and Choice Online Act ; and S. 2710, the Open App Markets Act. Reducing the power to tech monopolies would do more to “fix” the Internet than any other single action, and I am generally in favor of them both.

Internet 346

Internet Internet Encryption Backups 346

The Last Watchdog

JUNE 23, 2022

The U.S. Securities and Exchange Commission (SEC) is taking steps to crack down on insufficient cyber risk reporting. Related : Making third-party risk audits actionable. Seeking to minimize cybersecurity threat effects, the SEC has proposed several amendments requiring organizations to report on cyber risk in a “fast, comparable, and decision-useful manner.”.

Cyber Risk 252

Cyber Risk Risk Cybersecurity Cyber threats 252

Tech Republic Security

JUNE 24, 2022

Solidify your skills as a cybersecurity professional by becoming certified. Here is a list of some of the best cybersecurity certifications available today. The post Best cybersecurity certifications in 2022 appeared first on TechRepublic.

Cybersecurity 213

Cybersecurity 213

Advertisement

Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.

Cyber threats

SecureList

JUNE 23, 2022

These days ransomware analysis gets a lot of coverage in commercial and public reports, with vendors issuing dozens of ransomware-related publications each year. These reports provide analysis on specific malware families or new samples, describe the activities of a particular ransomware group, give general tips on how to prevent ransomware from working, and so on.

Ransomware 145

Ransomware Malware Backups Accountability 145

Schneier on Security

JUNE 20, 2022

Hartzbleed is a new side-channel attack that works against a variety of microprocressors. Deducing cryptographic keys by analyzing power consumption has long been an attack, but it’s not generally viable because measuring power consumption is often hard. This new attack measures power consumption by measuring time, making it easier to exploit.

Manufacturing 302

Manufacturing Encryption 302

The Last Watchdog

JUNE 20, 2022

Specialization continues to advance apace in the cybercriminal ecosystem. Related: How cybercriminals leverage digital transformation. Initial access brokers, or IABs , are the latest specialists on the scene. IABs flashed to prominence on the heels of gaping vulnerabilities getting discovered and widely exploited in Windows servers deployed globally in enterprise networks.

Ransomware 235

Ransomware Digital transformation Marketing Software 235

Tech Republic Security

JUNE 22, 2022

The cybersecurity company went into great detail on some of the sweeping cybersecurity changes anticipated over the next four years. The post Gartner reveals 8 cybersecurity predictions for the next 4 years appeared first on TechRepublic.

Cybersecurity 197

Cybersecurity 197

Advertisement

The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.

Cybersecurity

The State of Security

JUNE 23, 2022

The UK's National Health Service has warned the public about a spate of fake messages, sent out as SMS text messages, fraudulently telling recipients that they have been exposed to the Omicron variant of COVID-19. Read more in my article on the Tripwire State of Security blog.

Scams 145

Scams Phishing 145

Schneier on Security

JUNE 20, 2022

Hertzbleed is a new side-channel attack that works against a variety of microprocressors. Deducing cryptographic keys by analyzing power consumption has long been an attack, but it’s not generally viable because measuring power consumption is often hard. This new attack measures power consumption by measuring time, making it easier to exploit.

Manufacturing 263

Manufacturing Encryption 263

The Last Watchdog

JUNE 21, 2022

It’s stunning that the ransomware plague persists. Related: ‘SASE’ blends connectivity and security. Verizon’s Data Breach Incident Report shows a 13 percent spike in 2021, a jump greater than the past years combined; Sophos’ State of Ransomware survey shows victims routinely paying $1 million ransoms. In response, Cato Networks today introduced network-based ransomware protection for the Cato SASE Cloud.

Ransomware 222

Ransomware Data breaches Network Security Internet 222

Tech Republic Security

JUNE 24, 2022

The group has targeted 50 businesses from English speaking countries since April 2022. The post Black Basta may be an all-star ransomware gang made up of former Conti and REvil members appeared first on TechRepublic.

Ransomware 195

Ransomware 195

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

Cisco Security

JUNE 22, 2022

As an early adopter of Cisco Secure Endpoint , Per Mar Security Services has seen the product evolve alongside the threat landscape. According to Dan Turner , CIO at Per Mar, the evolution of the Cisco security portfolio has helped the company remain cyber resilient during the pandemic and beyond. We recently spoke with Turner to discuss how Per Mar uses Cisco technology to rapidly detect and mitigate threats, while still enabling employees to work from wherever they need to — whether it’s a con

Mobile 145

Mobile Technology Manufacturing Malware 145

Schneier on Security

JUNE 23, 2022

Nadiya Kostyuk and Susan Landau wrote an interesting paper: “ Dueling Over DUAL_EC_DRBG: The Consequences of Corrupting a Cryptographic Standardization Process “: Abstract: In recent decades, the U.S. National Institute of Standards and Technology (NIST), which develops cryptographic standards for non-national security agencies of the U.S. government, has emerged as the de facto international source for cryptographic standards.

Government 259

Government Technology 259

The Last Watchdog

JUNE 22, 2022

During the first two decades of this century, virtual private networks —VPNs—served as a cornerstone of network security. Related: Deploying human sensors. VPNs encrypt data streams and protect endpoints from unauthorized access, essentially by requiring all network communications to flow over a secured pipe. This worked extremely well for users accessing network resources remotely via their company-issued laptops and immobile home computers.

VPN 213

VPN Cloud Migration Firewall Encryption 213

Tech Republic Security

JUNE 23, 2022

CEO Alexander García-Tobar advises IT professionals on addressing the cybersecurity shortage. The post The current cybersecurity shortage and how to resolve it appeared first on TechRepublic.

Cybersecurity 195

Cybersecurity 195

Speaker: Sierre Lindgren

Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.

Scams

Security Affairs

JUNE 22, 2022

Cyber Spetsnaz is targeting government resources and critical infrastructure in Lithuania after the ban of Russian railway goods. Cyber Spetsnaz is targeting Lithuanian government resources and critical infrastructure – the recent ban on Russian railway goods has caused a new spike of hacktivist activity on the Dark Web. Today the group has announced multiple targets for coordinated DDoS attacks – the resources to be attacked are distributed between so-called “units” who are based on members and

Cyber Attacks 145

Cyber Attacks DDOS Media Government 145

SecureList

JUNE 21, 2022

ToddyCat is a relatively new APT actor that we have not been able to relate to other known actors, responsible for multiple sets of attacks detected since December 2020 against high-profile entities in Europe and Asia. We still have little information about this actor, but we know that its main distinctive signs are two formerly unknown tools that we call ‘Samurai backdoor’ and ‘Ninja Trojan’ The group started its activities in December 2020, compromising selected Exchang

Encryption 145

Encryption Malware Technology Internet 145

Bleeping Computer

JUNE 23, 2022

CISA warned today that threat actors including state-backed hacking groups are still targeting VMware Horizon and Unified Access Gateway (UAG) servers using the Log4Shell (CVE-2021-44228) remote code execution vulnerability. [.].

Hacking 145

Hacking 145

Tech Republic Security

JUNE 21, 2022

A new banking Trojan dubbed "Malibot" pretends to be a cryptomining application to spread between Android phones. While only active now in Spain and Italy, it could begin targeting Americans. The post New Android banking malware disguises as crypto app to spread appeared first on TechRepublic.

Banking 195

Banking Malware 195

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Security Affairs

JUNE 21, 2022

Experts identified a spike in phishing content delivered via Azure Front Door (AFD), a cloud CDN service provided by Microsoft. Resecurity, Inc. (USA) has identified a spike in phishing content delivered via Azure Front Door (AFD), a cloud CDN service provided by Microsoft. The identified resources in one of the malicious campaigns impersonate various services appearing to be legitimately created on the “azurefd.net” domain – This allows the bad actors to trick users and spread phishing content

Phishing 145

Phishing Accountability Hacking Scams 145

Malwarebytes

JUNE 21, 2022

This blog post was authored by Hossein Jazi and Roberto Santos. In a recent campaign, APT28, an advanced persistent threat actor linked with Russian intelligence, set its sights on Ukraine, targeting users with malware that steals credentials stored in browsers. APT28 (also known as Sofacy and Fancy Bear) is a notorious Russian threat actor that has been active since at least 2004 with its main activity being collecting intelligence for the Russian government.

Passwords 145

Passwords Malware Government 145

Bleeping Computer

JUNE 21, 2022

Cloudflare says a massive outage that affected more than a dozen of its data centers and hundreds of major online platforms and services today was caused by a change that should have increased network resilience. [.].

Technology 144

Technology 144

Tech Republic Security

JUNE 22, 2022

A new wave of targeted voicemail phishing attacks has been hitting US companies in selected verticals since May 2022. The campaign’s goal is to collect Office 365 credentials of legitimate corporate users. The post Targeted voicemail phishing attacks hits specific US industries’ verticals appeared first on TechRepublic.

Phishing 167

Phishing 167

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!