Sat.May 14, 2022 - Fri.May 20, 2022

The NSA Says that There are No Known Flaws in NIST’s Quantum-Resistant Algorithms

Schneier on Security

Rob Joyce, the director of cybersecurity at the NSA, said so in an interview: The NSA already has classified quantum-resistant algorithms of its own that it developed over many years, said Joyce. But it didn’t enter any of its own in the contest.

Weekly Update 295

Troy Hunt

A short one this week as the previous 7 days disappeared with AusCERT and other commitments. Geez it was nice to not only be back at an event, but out there socialising and attending all the related things that tend to go along with it.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Senators Urge FTC to Probe ID.me Over Selfie Data

Krebs on Security

Some of more tech-savvy Democrats in the U.S. Senate are asking the Federal Trade Commission (FTC) to investigate identity-proofing company ID.me

College Closing Another Sad Milestone for Ransomware Impact

Lohrman on Security

Lincoln College in Illinois announced they were closing their doors as a result of COVID-19 and cyber attack disruptions. Who’s next

How Preparation and Strategy Can Be Used to Fight and Defeat Any Ransomware Attack

Speaker: Karl Camilleri, Cloud Services Product Manager at phoenixNAP

Through a detailed analysis of major attacks and their consequences, Karl Camilleri, Cloud Services Product Manager at phoenixNAP, will discuss the state of ransomware and future predictions, as well as provide best practices for attack prevention and recovery.

Upcoming Speaking Engagements

Schneier on Security

This is a current list of where and when I am scheduled to speak: I’m speaking on “Securing a World of Physically Capable Computers” at OWASP Belgium’s chapter meeting in Antwerp, Belgium, on May 17, 2022. I’m speaking at Future Summits in Antwerp, Belgium, on May 18, 2022.

178
178

MY TAKE: How ‘CAASM’ can help security teams embrace complexity – instead of trying to tame it

The Last Watchdog

The shift to software-defined everything and reliance on IT infrastructure scattered across the Internet has boosted corporate productivity rather spectacularly. Related: Stopping attack surface expansion. And yet, the modern attack surface continues to expand exponentially, largely unchecked. This dichotomy cannot be tolerated over the long run. Encouragingly, an emerging class of network visibility technology is gaining notable traction.

More Trending

OpRussia update: Anonymous breached other organizations

Security Affairs

Another week has passed and Anonymous has hacked other Russian companies and leaked their data via DDoSecrets. The #OpRussia launched by Anonymous on Russia after the criminal invasion of Ukraine continues, the collective claims to have hacked multiple organizations and government entities.

Attacks on Managed Service Providers Expected to Increase

Schneier on Security

CISA, NSA, FBI, and similar organizations in the other Five Eyes countries are warning that attacks on MSPs — as a vector to their customers — are likely to increase. No details about what this prediction is based on. Makes sense, though.

NEW TECH SNAPHOT: Can ‘CAASM’ help slow, perhaps reverse, attack surface expansion?

The Last Watchdog

Defending companies as they transition to cloud-first infrastructures has become a very big problem – but it’s certainly not an unsolvable one. Coming Wed., May 18: How security teams can help drive business growth — by embracing complexity. . The good news is that a long-overdue transition to a new attack surface and security paradigm is well underway, one built on a fresh set of cloud-native security frameworks and buttressed by software-defined security technologies.

How to Turn a Coke Can Into an Eavesdropping Device

Dark Reading

Cyber-researchers are testing the bounds of optical attacks with a technique that allows attackers to recover voice audio from meetings if there are shiny, lightweight objects nearby

111
111

Cover Your SaaS: How to Overcome Security Challenges and Risks For Your Organization

Speaker: Ronald Eddings, Cybersecurity Expert and Podcaster

In this webinar, Ronald Eddings, Cybersecurity Expert, will outline the relationship between SaaS apps and IT & security teams, along with several actionable solutions to overcome the new difficulties facing your organization.

The LEGION collective calls to action to attack the final of the Eurovision song contest

Security Affairs

The Pro-Russian volunteer movement known as LEGION is calling to launch DDoS attacks against the final of the Eurovision song contest. The LEGION is a Pro-Russian volunteer movement that focuses on DDOS attacks.

DDOS 109

iPhone Malware that Operates Even When the Phone Is Turned Off

Schneier on Security

Researchers have demonstrated iPhone malware that works even when the phone is fully shut down. t turns out that the iPhone’s Bluetooth chip­ — which is key to making features like Find My work­ — has no mechanism for digitally signing or even encrypting the firmware it runs.

GUEST ESSAY: The many ways your supply chain is exposing your company to a cyber attack

The Last Watchdog

It’s a scenario executives know too well. Related: Third-party audits can hold valuable intel. You and your cybersecurity team do everything correctly to safeguard your infrastructure, yet the frightening alert still arrives that you’ve suffered a data breach. It’s a maddening situation that occurs far more often than it should.

This Week in Malware—Malicious Rust crate, ‘colors’ typosquats

Security Boulevard

This Week in Malware digest was delayed by a day in light of a significant announcement on Friday from Sonatype's CTO Brian Fox.

How to Avoid the Pain and Cost of PCI Compliance While Optimizing Payments

Speaker: P. Andrew Sjogren, Sr. Product Marketing Manager at Very Good Security, Matt Doka, Co-Founder and CTO of Fivestars, and Steve Andrews, President & CEO of the Western Bankers Association 

In this webinar, we have a great set of panelists who will take you through how Zero Data strategies can be used as part of a well-rounded compliance and security approach, and get you to market much sooner by also allowing for payment optimization. They’ll share how to grow your business faster and minimize costs for both security and compliance

Pro-Russian hacktivists target Italy government websites

Security Affairs

Pro-Russian hacker group Killnet targeted the websites of several Italian institutions, including the senate and the National Institute of Health.

Cybersecurity pros spend hours on issues that should have been prevented

Tech Republic Security

Security staffers can spend more than five hours addressing security flaws that occurred during the application development cycle, says Invicti. The post Cybersecurity pros spend hours on issues that should have been prevented appeared first on TechRepublic. Developer Security

How Mobile Networks Have Become a Front in the Battle for Ukraine

Dark Reading

Since 2014's annexation of Crimea, Ukrainian mobile operators have taken multiple, proactive steps to defend networks in the country and ensure their resilience

How To Organize Your Digital Life With Desktop.com

SecureBlitz

Read on as I show you how to organize your digital life with Desktop.com, an intuitive virtual desktop software. Basically, virtual desktop software empowers employees to work from anywhere by providing them with a virtual desktop that they can access from any device.

Back to the Office: Privacy and Security Solutions to Compliance Issues for 2021 and Beyond

Speaker: Mike Cramer, Director of HIPAA & Data Security at The Word & Brown Companies

Now that companies are slowly allowing employees to return to work at the office, it's time to re-evaluate your company’s posture towards privacy and security. Join Mike Cramer, Director of HIPAA & Data Security at The Word & Brown Companies, for a discussion that will focus on compliance and the types of privacy and security measures your company should be aware of, as well as tips and methods for implementing these measures.

Researchers Find Potential Way to Run Malware on iPhone Even When it's OFF

The Hacker News

A first-of-its-kind security analysis of iOS Find My function has identified a novel attack surface that makes it possible to tamper with the firmware and load malware onto a Bluetooth chip that's executed while an iPhone is "off."

Kaspersky report identifies new ransomware trends for 2022

Tech Republic Security

Ransomware is probably the type of cybercrime that has made headlines the most in 2021, and 2022 seems to follow that trend. Yet it is still evolving, and new ransomware seems more adaptive, resilient and more industrialized.

Local Government's Guide to Minimizing the Risk of a Cyberattack

Dark Reading

Most local leaders lack cybersecurity resources so they don't know where their weaknesses are and which areas threat actors are most likely to target, with little focus or understanding of risk

The NSA Says that There are No Known Flaws in NIST’s Quantum-Resistant Algorithms

Security Boulevard

Rob Joyce, the director of cybersecurity at the NSA, said so in an interview: The NSA already has classified quantum-resistant algorithms of its own that it developed over many years, said Joyce. But it didn’t enter any of its own in the contest.

The Ultimate Antivirus Software Guide: What Is An Antivirus?

SecureBlitz

Have you been hearing about Antivirus lately but you don’t know what it means and what it does? Don’t worry this article will serve as an Antivirus software guide that you can always refer to.

Microsoft Defender vs CrowdStrike: Compare EDR software

Tech Republic Security

Microsoft Defender and CrowdStrike provide robust endpoint protection software, but one of them comes out consistently superior. See how the features of these EDR tools compare. The post Microsoft Defender vs CrowdStrike: Compare EDR software appeared first on TechRepublic. Security Software

iPhones Open to Attack Even When Off, Researchers Say

Dark Reading

Wireless chips that run when the iPhone iOS is shut down can be exploited

OT and IoT cybersecurity: are you tracking the wrong KPIs?

Security Boulevard

Tracking the wrong KPIs is as good as not tracking the effectiveness of your cybersecurity measures at all.

IoT 78

Over 200 Apps on Play Store were distributing Facestealer info-stealer

Security Affairs

Experts spotted over 200 Android apps on the Play Store distributing spyware called Facestealer used to steal sensitive data. Trend Micro researchers spotted over 200 Android apps on the Play Store distributing spyware called Facestealer used to steal sensitive data from infected devices.

Bitdefender vs McAfee: Compare EDR software

Tech Republic Security

When you're choosing EDR software for your business, see how the features of Bitdefender and McAfee compare. The post Bitdefender vs McAfee: Compare EDR software appeared first on TechRepublic. Security Software

NSA Cyber Chief Vows 'No Backdoors' in Quantum Encryption Standards

Dark Reading

New quantum encryption standards will stand up to spy-snooping, NSA cybersecurity director said

Privacy As Enabling Technology

Security Boulevard

Recently, Google demonstrated a new smart glasses technology. In the demo, they showed how these smart glasses could “break down communication barriers” by instantaneously translating communications and displaying what the other person is saying in the wearer’s native language.

Cyber Attack and Ransomware news headlines trending on Google

CyberSecurity Insiders

Conti Ransomware gang reportedly hit Parker Hannifin Corporation in March this year leaking sensitive details to the public.

Securing Your Migration to the Cloud

Cisco CSR

Cisco Secure Access by Duo and Cisco Umbrella expands availability on AWS Marketplace. Cisco Secure powers security resilience enabling you to protect the integrity of your business amidst unpredictable threats and major change, such as migrating to the cloud.

US Cyber Director: Forging a Cybersecurity Social Contract Is Not Optional

Dark Reading

In a Black Hat Asia keynote fireside chat, US national cyber director Chris Inglis outlined his vision of an effective cybersecurity public-private partnership strategy