Schneier on Security

JUNE 24, 2022

Earlier this month, I and others wrote a letter to Congress, basically saying that cryptocurrencies are an complete and total disaster, and urging them to regulate the space. Nothing in that letter is out of the ordinary, and is in line with what I wrote about blockchain in 2019. In response, Matthew Green has written —not really a rebuttal—but a “a general response to some of the more common spurious objections …people make to public blockchain systems.” In it, he

Cryptocurrency 364

Cryptocurrency Technology Scams Government 364

Lohrman on Security

JUNE 19, 2022

The United States and the European Union are planning to work together to secure digital infrastructure in developing countries. Here’s why this is vitally important.

Cybersecurity 348

Cybersecurity 348

Krebs on Security

JUNE 20, 2022

Check out this handmade sign posted to the front door of a shuttered Jimmy John’s sandwich chain shop in Missouri last week. See if you can tell from the store owner’s message what happened. If you guessed that someone in the Jimmy John’s store might have fallen victim to a Business Email Compromise (BEC) or “CEO fraud” scheme — wherein the scammers impersonate company executives to steal money — you’d be in good company.

Scams 319

Scams Media 319

Troy Hunt

JUNE 24, 2022

First up, I'm really sorry about the audio quality on this one. It's the exact same setup I used last week (and carefully tested first) but it's obviously just super sensitive to the wind. If you look at the trees in the background you can see they're barely moving, but inevitably that was enough to really mess with the audio quality.

Data breaches 255

Data breaches Hacking 255

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Schneier on Security

JUNE 22, 2022

Interesting : What makes Symbiote different from other Linux malware that we usually come across, is that it needs to infect other running processes to inflict damage on infected machines. Instead of being a standalone executable file that is run to infect a machine, it is a shared object (SO) library that is loaded into all running processes using LD_PRELOAD (T1574.006), and parasitically infects the machine.

Malware 325

Malware 325

Anton on Security

JUNE 23, 2022

Let’s play a game and define a hypothetical market called Cloud Detection and Response (CDR). Note that it is no longer my job to define markets , so I am doing it for fun here (yes, people find the weirdest things to be fun! ) So, let’s define CDR as a type of a security tool primarily focused on detecting, confirming and investigating suspicious activities and other security problems in various public cloud environments , including, but not limited to IaaS, PaaS, SaaS.

Threat Detection 246

Threat Detection Marketing Technology 246

Tech Republic Security

JUNE 24, 2022

Solidify your skills as a cybersecurity professional by becoming certified. Here is a list of some of the best cybersecurity certifications available today. The post Best cybersecurity certifications in 2022 appeared first on TechRepublic.

Cybersecurity 208

Cybersecurity 208

Schneier on Security

JUNE 23, 2022

Nadiya Kostyuk and Susan Landau wrote an interesting paper: “ Dueling Over DUAL_EC_DRBG: The Consequences of Corrupting a Cryptographic Standardization Process “: Abstract: In recent decades, the U.S. National Institute of Standards and Technology (NIST), which develops cryptographic standards for non-national security agencies of the U.S. government, has emerged as the de facto international source for cryptographic standards.

Government 239

Government Technology 239

The State of Security

JUNE 23, 2022

The UK's National Health Service has warned the public about a spate of fake messages, sent out as SMS text messages, fraudulently telling recipients that they have been exposed to the Omicron variant of COVID-19. Read more in my article on the Tripwire State of Security blog.

Scams 145

Scams Phishing 145

Bleeping Computer

JUNE 23, 2022

CISA warned today that threat actors including state-backed hacking groups are still targeting VMware Horizon and Unified Access Gateway (UAG) servers using the Log4Shell (CVE-2021-44228) remote code execution vulnerability. [.].

Hacking 145

Hacking 145

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Tech Republic Security

JUNE 22, 2022

The cybersecurity company went into great detail on some of the sweeping cybersecurity changes anticipated over the next four years. The post Gartner reveals 8 cybersecurity predictions for the next 4 years appeared first on TechRepublic.

Cybersecurity 178

Cybersecurity 178

Security Boulevard

JUNE 19, 2022

A new IoT malware was detected in October 2021 with as many as 30 exploit mechanisms that were coded into it. This malware called BotenaGo was able to seek out and attack vulnerable targets by itself without having to rely on any human intervention. Once it infects a device, it creates two backdoor ports viz., […]. The post The future of IoT ransomware – targeted multi-function bots and more cyberattacks appeared first on Security Boulevard.

IoT 144

IoT Ransomware Malware 144

Security Affairs

JUNE 22, 2022

Cyber Spetsnaz is targeting government resources and critical infrastructure in Lithuania after the ban of Russian railway goods. Cyber Spetsnaz is targeting Lithuanian government resources and critical infrastructure – the recent ban on Russian railway goods has caused a new spike of hacktivist activity on the Dark Web. Today the group has announced multiple targets for coordinated DDoS attacks – the resources to be attacked are distributed between so-called “units” who are based on members and

Cyber Attacks 144

Cyber Attacks DDOS Media Government 144

Bleeping Computer

JUNE 21, 2022

Cloudflare says a massive outage that affected more than a dozen of its data centers and hundreds of major online platforms and services today was caused by a change that should have increased network resilience. [.].

Technology 145

Technology 145

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Tech Republic Security

JUNE 23, 2022

CEO Alexander García-Tobar advises IT professionals on addressing the cybersecurity shortage. The post The current cybersecurity shortage and how to resolve it appeared first on TechRepublic.

Cybersecurity 177

Cybersecurity 177

Malwarebytes

JUNE 21, 2022

A researcher has found a way to generate a fingerprint of your device from your installed Google Chrome extensions, and then use that fingerprint to track you online. Fingerprinting is a way of figuring out what makes your device unique and then using that to identify you as you move around the internet. Websites you visit receive a huge amount of information when you land on their portal—it’s a lot more than “just” which web browser you use to load up someone’s site.

VPN 141

VPN Media Internet Internet 141

SecureList

JUNE 23, 2022

These days ransomware analysis gets a lot of coverage in commercial and public reports, with vendors issuing dozens of ransomware-related publications each year. These reports provide analysis on specific malware families or new samples, describe the activities of a particular ransomware group, give general tips on how to prevent ransomware from working, and so on.

Ransomware 141

Ransomware Malware Backups Accountability 141

Bleeping Computer

JUNE 20, 2022

This month's Windows Server updates are causing a wide range of issues for administrators, including VPN and RDP connectivity problems on servers with Routing and Remote Access Service (RRAS) enabled. [.].

VPN 143

VPN 143

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Tech Republic Security

JUNE 21, 2022

A new banking Trojan dubbed "Malibot" pretends to be a cryptomining application to spread between Android phones. While only active now in Spain and Italy, it could begin targeting Americans. The post New Android banking malware disguises as crypto app to spread appeared first on TechRepublic.

Banking 177

Banking Malware 177

Malwarebytes

JUNE 24, 2022

Microsoft’s PowerShell is a useful, flexible tool that is as popular with criminals as it is with admins. Cybercrooks like it becasue PowerShell is powerful, available almost everywhere, and doesn’t look out of place running on a company network. In most places it isn’t practical to block PowerShell completely, which raises the question: How do you stop the bad stuff without disrupting the good stuff?

Cybersecurity 138

Cybersecurity Malware Firewall System Administration 138

Security Affairs

JUNE 20, 2022

The Attorney General has issued an arrest warrant for a hacker who targeted a NATO think tank in Germany for the Russia-linked APT28. The Attorney General has issued an arrest warrant for the Russian hacker Nikolaj Kozachek (aka “blabla1234565” and “kazak”) who is accused to have carried out a cyber espionage attack against the NATO think tank Joint Air Power Competence Center in Germany.

Hacking 137

Hacking Accountability Malware Cybersecurity 137

CSO Magazine

JUNE 21, 2022

Cybersecurity researchers work hard to keep the digital world safe, but every once in a while their own physical security is at risk. Anyone who has been in this field long enough has stumbled upon stories of infosec professionals receiving threats or has experienced incidents themselves. A security expert who wanted to remain anonymous to protect his family says that "several people focusing on cybercrime have received death threats" in the past few years, and some of them even decided to fly u

Cybersecurity 137

Cybersecurity InfoSec Cybercrime Risk 137

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Tech Republic Security

JUNE 24, 2022

The group has targeted 50 businesses from English speaking countries since April 2022. The post Black Basta may be an all-star ransomware gang made up of former Conti and REvil members appeared first on TechRepublic.

Ransomware 171

Ransomware 171

Security Boulevard

JUNE 21, 2022

Cybercriminals are moving to exploit vulnerabilities in the digital value chain as organizations fight to secure a rapidly expanding threat surface. These were among the findings of a report from Micro Focus subsidiary CyberRes. The study revealed North America tops the list of most impacted regions, experiencing a third of the total cyber issues reported.

Security Awareness 135

Security Awareness Cybersecurity Network Security 135

Bleeping Computer

JUNE 22, 2022

The National Security Agency (NSA) and cybersecurity partner agencies issued an advisory today recommending system administrators to use PowerShell to prevent and detect malicious activity on Windows machines. [.].

System Administration 136

System Administration Cybersecurity 136

Security Affairs

JUNE 21, 2022

Experts identified a spike in phishing content delivered via Azure Front Door (AFD), a cloud CDN service provided by Microsoft. Resecurity, Inc. (USA) has identified a spike in phishing content delivered via Azure Front Door (AFD), a cloud CDN service provided by Microsoft. The identified resources in one of the malicious campaigns impersonate various services appearing to be legitimately created on the “azurefd.net” domain – This allows the bad actors to trick users and spread phishing content

Phishing 135

Phishing Accountability Hacking Scams 135

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

Tech Republic Security

JUNE 22, 2022

Most organizations surveyed by Banyan Security consider zero trust a priority, but many see it as difficult and expensive to implement. The post Why organizations are keen on zero trust but are slow to adopt it appeared first on TechRepublic.

151

151

Security Boulevard

JUNE 20, 2022

Most attacks are intended toward the most crucial asset of businesses: data. The wave of cyberthreats forced organizations to set up cybersecurity to survive. The post 9 Cybersecurity Challenges Companies Must Tackle Now appeared first on Security Boulevard.

Cybersecurity 135

Cybersecurity 135

Bleeping Computer

JUNE 21, 2022

A security report has been published on a set of 56 vulnerabilities that are collectively called Icefall and affect operational technology (OT) equipment used in various critical infrastructure environments. [.].

Technology 135

Technology 135

Google Security

JUNE 21, 2022

Posted by Jan Keller, Technical Entertainment Manager, Bug Hunters Are you ready to put your hacking skills to the test? It’s Google CTF time! The competition kicks off on July 1 2022 6:00 PM UTC and runs through July 3 2022 6:00 PM UTC. Registration is now open at [link] In true old Google CTF fashion, the top 8 teams will qualify for our Hackceler8 speedrunning meets CTFs competition.

Hacking 135

Hacking 135

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

Risk