Sat.Jun 18, 2022 - Fri.Jun 24, 2022

On the Dangers of Cryptocurrencies and the Uselessness of Blockchain

Schneier on Security

Earlier this month, I and others wrote a letter to Congress, basically saying that cryptocurrencies are an complete and total disaster, and urging them to regulate the space. Nothing in that letter is out of the ordinary, and is in line with what I wrote about blockchain in 2019.

EU and U.S. Join Forces to Help Developing World Cybersecurity

Lohrman on Security

The United States and the European Union are planning to work together to secure digital infrastructure in developing countries. Here’s why this is vitally important

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Meet the Administrators of the RSOCKS Proxy Botnet

Krebs on Security

Authorities in the United States, Germany, the Netherlands and the U.K.

GUEST ESSAY: Threat hunters adapt personas, leverage AI to gather intel in the Dark Web

The Last Watchdog

The Deep & Dark Web is a mystery to most in the mainstream today: many have heard about it, but few understand just a fraction of what’s going on there. Related: ‘IABs’ spread ransomware. Planning your roadmap, executing your projects, and keeping an eye on the barrage of ransomware headlines, it’s understandable if you and your team are feeling some anxiety. Cyber anxiety can indeed be paralyzing, but new software solutions have the potential to become game-changers for IT departments.

Successful Change Management with Enterprise Risk Management

Speaker: William Hord, Vice President of ERM Services

Join us as we discuss the various tangents of data and the change management process that will help you make better risk-based business decisions to save time and money for your organization.

Hidden Anti-Cryptography Provisions in Internet Anti-Trust Bills

Schneier on Security

Two bills attempting to reduce the power of Internet monopolies are currently being debated in Congress: S. 2992, the American Innovation and Choice Online Act ; and S. 2710, the Open App Markets Act.

Weekly Update 301

Troy Hunt

First up, I'm really sorry about the audio quality on this one. It's the exact same setup I used last week (and carefully tested first) but it's obviously just super sensitive to the wind.

More Trending

RSAC insights: How IABs — initial access brokers — help sustain, accelerate the ransomware plague

The Last Watchdog

Specialization continues to advance apace in the cybercriminal ecosystem. Related: How cybercriminals leverage digital transformation. Initial access brokers, or IABs , are the latest specialists on the scene. IABs flashed to prominence on the heels of gaping vulnerabilities getting discovered and widely exploited in Windows servers deployed globally in enterprise networks.

Symbiote Backdoor in Linux

Schneier on Security

Interesting : What makes Symbiote different from other Linux malware that we usually come across, is that it needs to infect other running processes to inflict damage on infected machines.

Does the World Need Cloud Detection and Response (CDR)?

Anton on Security

Let’s play a game and define a hypothetical market called Cloud Detection and Response (CDR). Note that it is no longer my job to define markets , so I am doing it for fun here (yes, people find the weirdest things to be fun! )

Multiple Backdoored Python Libraries Caught Stealing AWS Secrets and Keys

The Hacker News

Researchers have discovered a number of malicious Python packages in the official third-party software repository that are engineered to exfiltrate AWS credentials and environment variables to a publicly exposed endpoint.

Cover Your SaaS: How to Overcome Security Challenges and Risks For Your Organization

Speaker: Ronald Eddings, Cybersecurity Expert and Podcaster

In this webinar, Ronald Eddings, Cybersecurity Expert, will outline the relationship between SaaS apps and IT & security teams, along with several actionable solutions to overcome the new difficulties facing your organization.

GUEST ESSAY: New SEC rules aim to help C-levels, board members quantify cyber risks

The Last Watchdog

The U.S. Securities and Exchange Commission (SEC) is taking steps to crack down on insufficient cyber risk reporting. Related : Making third-party risk audits actionable. Seeking to minimize cybersecurity threat effects, the SEC has proposed several amendments requiring organizations to report on cyber risk in a “fast, comparable, and decision-useful manner.”. Worryingly, threats are beginning to outpace organizations’ ability to effectively prevent and respond to them.

On the Subversion of NIST by the NSA

Schneier on Security

Nadiya Kostyuk and Susan Landau wrote an interesting paper: “ Dueling Over DUAL_EC_DRBG: The Consequences of Corrupting a Cryptographic Standardization Process “: Abstract: In recent decades, the U.S.

7 Ways to Avoid Worst-Case Cyber Scenarios

Dark Reading

In the wake of devastating attacks, here are some of the best techniques and policies a company can implement to protect its data

114
114

The future of IoT ransomware – targeted multi-function bots and more cyberattacks  

Security Boulevard

A new IoT malware was detected in October 2021 with as many as 30 exploit mechanisms that were coded into it. This malware called BotenaGo was able to seek out and attack vulnerable targets by itself without having to rely on any human intervention.

IoT 113

How Preparation and Strategy Can Be Used to Fight and Defeat Any Ransomware Attack

Speaker: Karl Camilleri, Cloud Services Product Manager at phoenixNAP

Through a detailed analysis of major attacks and their consequences, Karl Camilleri, Cloud Services Product Manager at phoenixNAP, will discuss the state of ransomware and future predictions, as well as provide best practices for attack prevention and recovery.

Fireside chat: New ‘SASE’ weapon chokes off ransomware before attack spreads laterally

The Last Watchdog

It’s stunning that the ransomware plague persists. Related: ‘SASE’ blends connectivity and security. Verizon’s Data Breach Incident Report shows a 13 percent spike in 2021, a jump greater than the past years combined; Sophos’ State of Ransomware survey shows victims routinely paying $1 million ransoms. In response, Cato Networks today introduced network-based ransomware protection for the Cato SASE Cloud.

Hartzbleed: A New Side-Channel Attack

Schneier on Security

Hartzbleed is a new side-channel attack that works against a variety of microprocressors. Deducing cryptographic keys by analyzing power consumption has long been an attack, but it’s not generally viable because measuring power consumption is often hard.

AI Is Not a Security Silver Bullet

Dark Reading

AI can help companies more effectively identify and respond to threats, as well as harden applications

114
114

Researchers Uncover Ways to Break the Encryption of 'MEGA' Cloud Storage Service

The Hacker News

A new piece of research from academics at ETH Zurich has identified a number of critical security issues in the MEGA cloud storage service that could be leveraged to break the confidentiality and integrity of user data.

How to Avoid the Pain and Cost of PCI Compliance While Optimizing Payments

Speaker: P. Andrew Sjogren, Sr. Product Marketing Manager at Very Good Security, Matt Doka, Co-Founder and CTO of Fivestars, and Steve Andrews, President & CEO of the Western Bankers Association 

In this webinar, we have a great set of panelists who will take you through how Zero Data strategies can be used as part of a well-rounded compliance and security approach, and get you to market much sooner by also allowing for payment optimization. They’ll share how to grow your business faster and minimize costs for both security and compliance

Q&A: The lesser role VPNs now play for enterprises, SMBs — in a post-pandemic world

The Last Watchdog

During the first two decades of this century, virtual private networks —VPNs—served as a cornerstone of network security. Related: Deploying human sensors. VPNs encrypt data streams and protect endpoints from unauthorized access, essentially by requiring all network communications to flow over a secured pipe. This worked extremely well for users accessing network resources remotely via their company-issued laptops and immobile home computers.

VPN 129

Hertzbleed: A New Side-Channel Attack

Schneier on Security

Hertzbleed is a new side-channel attack that works against a variety of microprocressors. Deducing cryptographic keys by analyzing power consumption has long been an attack, but it’s not generally viable because measuring power consumption is often hard.

Only 3% of Open Source Software Bugs Are Actually Attackable, Researchers Say

Dark Reading

A new study says 97% of open source vulnerabilities linked to software supply chain risks are not attackable — but is "attackability" the best method for prioritizing bugs

Risk 109

The current cybersecurity shortage and how to resolve it

Tech Republic Security

CEO Alexander García-Tobar advises IT professionals on addressing the cybersecurity shortage. The post The current cybersecurity shortage and how to resolve it appeared first on TechRepublic. CXO Security

Back to the Office: Privacy and Security Solutions to Compliance Issues for 2021 and Beyond

Speaker: Mike Cramer, Director of HIPAA & Data Security at The Word & Brown Companies

Now that companies are slowly allowing employees to return to work at the office, it's time to re-evaluate your company’s posture towards privacy and security. Join Mike Cramer, Director of HIPAA & Data Security at The Word & Brown Companies, for a discussion that will focus on compliance and the types of privacy and security measures your company should be aware of, as well as tips and methods for implementing these measures.

Digital Value Chain Attacks on the Rise

Security Boulevard

Cybercriminals are moving to exploit vulnerabilities in the digital value chain as organizations fight to secure a rapidly expanding threat surface. These were among the findings of a report from Micro Focus subsidiary CyberRes.

Exclusive: Lithuania under cyber-attack after the ban on Russian railway goods

Security Affairs

Cyber Spetsnaz is targeting government resources and critical infrastructure in Lithuania after the ban of Russian railway goods.

DDOS 107

Microsoft 365 Users in US Face Raging Spate of Attacks

Dark Reading

A voicemail-themed phishing campaign is hitting specific industry verticals across the country, bent on scavenging credentials that can be used for a range of nefarious purposes

New Android banking malware disguises as crypto app to spread

Tech Republic Security

A new banking Trojan dubbed "Malibot" pretends to be a cryptomining application to spread between Android phones. While only active now in Spain and Italy, it could begin targeting Americans. The post New Android banking malware disguises as crypto app to spread appeared first on TechRepublic.

9 Cybersecurity Challenges Companies Must Tackle Now

Security Boulevard

Most attacks are intended toward the most crucial asset of businesses: data. The wave of cyberthreats forced organizations to set up cybersecurity to survive. The post 9 Cybersecurity Challenges Companies Must Tackle Now appeared first on Security Boulevard. Security Bloggers Network

How to Discover Exploitable Intelligence with Attack Surface Management

CyberSecurity Insiders

The attack surface of organizations is nowadays more complex than ever. As more and more businesses increase the number of their digital assets and incorporate new technology to operate, they turn their attack surface into an intricate network.

NSO Confirms Pegasus Spyware Used by at least 5 European Countries

The Hacker News

The beleaguered Israeli surveillanceware vendor NSO Group this week admitted to the European Union lawmakers that its Pegasus tool was used by at least five countries in the region.

Feds Take Down Russian 'RSOCKS' Botnet

Dark Reading

RSOCKS commandeered millions of devices in order to offer proxy services used to mask malicious traffic

105
105

Machine Learning Tackles Ransomware Attacks

Security Boulevard

There are approximately 250 known ransomware families, and these families are directly related to the rise of ransomware-as-a-service, according to Bitdefender.

What You Need to Know About The Role of Patch Management For Cyber Security

CyberSecurity Insiders

If you’re in any software sector, you’re dealing with bugs. But you need patch management when each patch is a piece of software, another place for bugs to hide.