Krebs on Security

APRIL 29, 2022

Google said this week it is expanding the types of data people can ask to have removed from search results, to include personal contact information like your phone number, email address or physical address. The move comes just months after Google rolled out a new policy enabling people under the age of 18 (or a parent/guardian) to request removal of their images from Google search results.

Identity Theft 363

Identity Theft Cybercrime Retail Hacking 363

Schneier on Security

APRIL 19, 2022

New paper: “ Planting Undetectable Backdoors in Machine Learning Models : Abstract : Given the computational cost and technical expertise required to train machine learning models, users may delegate the task of learning to a service provider. We show how a malicious learner can plant an undetectable backdoor into a classifier. On the surface, such a backdoored classifier behaves normally, but in reality, the learner maintains a mechanism for changing the classification of any input, with

363

363

Joseph Steinberg

APRIL 21, 2022

It is no secret that cybersecurity professionals universally recommend that people, businesses, and governments employ strong encryption as one of several methods of protecting sensitive information. Data that must remain private simply cannot be readable by unauthorized parties – and that rule applies both when the relevant information is at rest on an internal server, in the cloud, or on some backup media, as well as when it is in transit over any form of network or other means of communicatio

Encryption 362

Encryption Cybersecurity Artificial Intelligence Backups 362

Troy Hunt

APRIL 10, 2022

In my ongoing bid to make more useful information on data breaches available to impacted national governments , today I'm very happy to welcome the 32nd national CERT to Have I Been Pwned, the Republic of North Macedonia! They now join their counterparts across the globe in having free API-level access to monitor and query their government domains.

Government 323

Government Data breaches 323

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Tech Republic Security

APRIL 1, 2022

A phishing technique called Browser in the Browser (BITB) has emerged, and it’s already aiming at government entities, including Ukraine. Find out how to protect against this new threat. The post “Browser in the Browser” attacks: A devastating new phishing technique arises appeared first on TechRepublic.

Phishing 215

Phishing Government 215

Security Boulevard

APRIL 18, 2022

The digital age has created several opportunities for us, and at the same time, we’ve been exposed to a whole new level of cyberthreats. There’s no denying that cybersecurity is now an integral part of every business that wants to avoid being a victim of identity theft, data breaches, and other cyber risks. Cybercriminals are […]. The post The Use of Artificial Intelligence in Cybersecurity appeared first on EasyDMARC.

Artificial Intelligence 145

Artificial Intelligence Identity Theft Cybersecurity Cyber Risk 145

Schneier on Security

APRIL 20, 2022

Beanstalk Farms is a decentralized finance project that has a majority stake governance system: basically people have proportiona votes based on the amount of currency they own. A clever hacker used a “flash loan” feature of another decentralized finance project to borrow enough of the currency to give himself a controlling stake, and then approved a $182 million transfer to his own wallet.

Cryptocurrency 361

Cryptocurrency Government 361

Bleeping Computer

APRIL 21, 2022

Cisco has released security updates to address a high severity vulnerability in the Cisco Umbrella Virtual Appliance (VA), allowing unauthenticated attackers to steal admin credentials remotely. [.].

145

145

Troy Hunt

APRIL 14, 2022

For many years now, I've lamented about how much of my time is spent attempting to disclose data breaches to impacted companies. It's by far the single most time-consuming activity in processing breaches for Have I Been Pwned (HIBP) and frankly, it's about the most thankless task I can imagine. Finding contact details is hard. Getting responses is hard.

Data breaches 313

Data breaches Scams Passwords Accountability 313

Tech Republic Security

APRIL 6, 2022

The Washington Post has revealed details of a contract with a software company that will allow the FBI to track social media posts. The post FBI investing millions in software to monitor social media platforms appeared first on TechRepublic.

Media 212

Media Software 212

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Security Boulevard

APRIL 6, 2022

Digital transformation advances all business areas, fundamentally optimizing business processes and delivering value to customers. Successful digital transformation demands speed and agility over a sustained period, necessitating that cybersecurity keeps pace and becomes equally robust and responsive to changes in business and technology. Spending on digital transformation is expected to reach $1.8 trillion in 2022.

Digital transformation 145

Digital transformation Cybersecurity Technology Ransomware 145

CSO Magazine

APRIL 4, 2022

Botnet definition. A botnet is a collection of internet-connected devices that an attacker has compromised to carry out DDoS attacks and other tasks as a swarm. The idea is that each computer becomes a mindless robot in a larger network of identical robots, which gives the word botnet its meaning. "Malware infects an unsuspecting, legitimate computer, which communicates back to the botnet operator that the infected computer is now ready to follow orders blindly," explains Nasser Fattah, North Am

DDOS 145

DDOS Internet Internet Malware 145

Schneier on Security

APRIL 1, 2022

These techniques are not new, but they’re increasingly popular : …some forms of MFA are stronger than others, and recent events show that these weaker forms aren’t much of a hurdle for some hackers to clear. In the past few months, suspected script kiddies like the Lapsus$ data extortion gang and elite Russian-state threat actors (like Cozy Bear, the group behind the SolarWinds hack) have both successfully defeated the protection. […].

Authentication 361

Authentication Hacking Passwords 361

Bleeping Computer

APRIL 6, 2022

American cybersecurity company Palo Alto Networks warned customers on Wednesday that some of its firewall, VPN, and XDR products are vulnerable to a high severity OpenSSL infinite loop bug disclosed three weeks ago [.].

Firewall 145

Firewall VPN Cybersecurity 145

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

We Live Security

APRIL 19, 2022

ESET researchers discover multiple vulnerabilities in various Lenovo laptop models that allow an attacker with admin privileges to expose the user to firmware-level malware. The post When “secure” isn’t secure at all: High‑impact UEFI vulnerabilities discovered in Lenovo consumer laptops appeared first on WeLiveSecurity.

Firmware 145

Firmware Malware 145

Tech Republic Security

APRIL 1, 2022

A report from NCC Group profiles the industries plagued by ransomware as well as the most active hacking groups in February. The post Ransomware attacks are on the rise, who is being affected? appeared first on TechRepublic.

Ransomware 211

Ransomware Hacking 211

Security Boulevard

APRIL 20, 2022

Cloud security encompasses the controls, policies, practices and technologies that protect applications, data and infrastructure from internal and external threats. Cloud security is critical for organizations to successfully implement digital transformation plans and integrate cloud-based solutions and services into their existing operating structures.

Digital transformation 145

Digital transformation Technology Data privacy Cybersecurity 145

Malwarebytes

APRIL 5, 2022

On April 4 2022, the Cybersecurity & Infrastructure Security Agency (CISA) added CVE-2021-45382 to its known exploited vulnerabilities catalog. But since the affected products have reached end of life (EOL), the advice is to disconnect them, if still in use. CISA catalog. The CISA catalog of known exploited vulnerabilities was set up to list the most important vulnerabilities that have proven to pose the biggest risks.

Firmware 145

Firmware Software Risk Authentication 145

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Schneier on Security

APRIL 8, 2022

Ever since Apple introduced AirTags, security people have warned that they could be used for stalking. But while there have been a bunch of anecdotal stories, this is the first vaguely scientific survey: Motherboard requested records mentioning AirTags in a recent eight month period from dozens of the country’s largest police departments. We obtained records from eight police departments.

328

328

Graham Cluley

APRIL 3, 2022

Owners of physical Trezor cryptocurrency wallets should be on their guard after an email was sent out by thieves attempting to dupe them into downloading new software to their devices.

Phishing 145

Phishing Cryptocurrency Hacking Software 145

eSecurity Planet

APRIL 18, 2022

Information gathering is often the starting point of a cyberattack. For many hackers, before attempting anything they want to know who they’re dealing with, what vulnerabilities they might exploit, and whether they can operate stealthily or not. During such reconnaissance operations, attackers collect relevant data about their victims, but it’s not without risks for them.

Penetration Testing 144

Penetration Testing DNS Firmware Antivirus 144

Tech Republic Security

APRIL 13, 2022

The new vulnerabilities are being actively exploited, prompting CISA to advise federal agencies and organizations to patch them in a timely manner. The post CISA adds 8 known security vulnerabilities as priorities to patch appeared first on TechRepublic.

206

206

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Security Boulevard

APRIL 5, 2022

Hackers have stolen a mother lode of personal data from Intuit’s email marketing operation, Mailchimp. The post Mailchimp Hack Causes Theft of Trezor Crypto Wallet ‘Money’ appeared first on Security Boulevard.

Hacking 145

Hacking Marketing Social Engineering CISO 145

SecureList

APRIL 18, 2022

Yanluowang is a type of targeted ransomware discovered by the Symantec Threat Hunter team as they were investigating an incident on a large corporate network. Kaspersky experts have found a vulnerability in the Yanluowang encryption algorithm and created a free decryptor to help victims of this ransomware with recovering their files. Yanluowang description.

Encryption 145

Encryption Ransomware Backups VPN 145

Schneier on Security

APRIL 13, 2022

A Russian cyberweapon, similar to the one used in 2016, was detected and removed before it could be used. Key points: ESET researchers collaborated with CERT-UA to analyze the attack against the Ukrainian energy company The destructive actions were scheduled for 2022-04-08 but artifacts suggest that the attack had been planned for at least two weeks The attack used ICS-capable malware and regular disk wipers for Windows, Linux and Solaris operating systems We assess with high confidence that the

Malware 315

Malware 315

Security Affairs

APRIL 12, 2022

The dark web marketplace RaidForums has been shut down and its infrastructure seized as a result of Operation TOURNIQUET. The illegal dark web marketplace RaidForums has been shut down and its infrastructure seized as a result of the international law enforcement Operation TOURNIQUET coordinated by Europol’s European Cybercrime Centre. Operation TOURNIQUET was conducted by law enforcement agencies from the United States, United Kingdom, Sweden, Portugal, and Romania.

Cybercrime 145

Cybercrime Banking Accountability Hacking 145

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Bleeping Computer

APRIL 5, 2022

US chipmaker Intel announced Tuesday night that it had suspended all business operations in Russia, joining tech other companies who pulled out of the country due to the invasion of Ukraine. [.].

Technology 143

Technology Government 143

Tech Republic Security

APRIL 8, 2022

A new malware has infiltrated AWS Lambda services, and investigators still aren’t sure how it happened. Here’s how it works and how to protect your organization. The post AWS Lambda sees its first malware attack with Denonia, and we don’t know how it got there appeared first on TechRepublic.

Malware 196

Malware 196

Security Boulevard

APRIL 14, 2022

More than a year after the SolarWinds Sunburst attack and most companies are still exposed to software supply chain attacks. In a study conducted by Argon Security at Aqua Security, it was found that the majority of companies didn’t implement software supply chain security measures and that most organizations are still at risk. “Unfortunately, most.

Software 144

Software Risk Cybersecurity 144

CSO Magazine

APRIL 12, 2022

Almost all cloud users, roles, services, and resources grant excessive permissions leaving organizations vulnerable to attack expansion in the event of compromise, a new report from Palo Alto’s Unit 42 has revealed. The security vendor’s research discovered that misconfigured identity and access management (IAM) is opening the door to malicious actors that are targeting cloud infrastructure and credentials in attacks.

Government 143

Government 143

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software