Lohrman on Security
DECEMBER 23, 2021
What will the New Year bring in cyber space? Here’s your annual roundup of the top security industry forecasts, trends and cybersecurity prediction reports for calendar year 2022.
Daniel Miessler
DECEMBER 18, 2021
If you’re reading this you’re underslept and over-caffeinated due to log4j. Thank you for your service. I have some good news. I know a super-smart guy named d0nut who figured something out like 3 days ago that very few people know. Once you have 2.15 applied—or the CLI implementation to disable lookups—you actually need a non-default log4j2.properties configuration to still be vulnerable!
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Joseph Steinberg
DECEMBER 7, 2021
CyberSecurity and Artificial Intelligence Expert, Joseph Steinberg, will lead a panel discussion on the intersection of CyberSecurity and Artificial Intelligence (AI), to take place on Thursday, December 9, 2021, the second and final day of the AI Summit being held in person in New York’s Javits Center. Steinberg’s session, entitled Key Challenges for Security Leaders Now and Beyond – Not Just Technical Competence , will feature a discussion with four other notable figures from the w
Troy Hunt
DECEMBER 19, 2021
In the last month, there were 1,260,000,000 occasions where a service somewhere checked a password against Have I Been Pwned's (HIBP's) Pwned Password API. 99.7% of the time, that check went no further than one of hundreds of Cloudflare edge nodes spread around the world (95% of the world's population is within 50ms of one). It looks like this: There are all sorts of amazing Pwned Passwords use cases out there.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Krebs on Security
DECEMBER 16, 2021
A 24-year-old New York man who bragged about helping to steal more than $20 million worth of cryptocurrency from a technology executive has pleaded guilty to conspiracy to commit wire fraud. Nicholas Truglia was part of a group alleged to have stolen more than $100 million from cryptocurrency investors using fraudulent “SIM swaps,” scams in which identity thieves hijack a target’s mobile phone number and use that to wrest control over the victim’s online identities.
Schneier on Security
DECEMBER 2, 2021
A hacker stole $31 million from the blockchain company MonoX Finance , by exploiting a bug in software the service uses to draft smart contracts. Specifically, the hack used the same token as both the tokenIn and tokenOut, which are methods for exchanging the value of one token for another. MonoX updates prices after each swap by calculating new prices for both tokens.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Lohrman on Security
DECEMBER 5, 2021
Underestimating, or not properly preparing for, adversaries can lead to big trouble — in both football and cybersecurity. So what can cyber teams learn from “The Game”?
Tech Republic Security
DECEMBER 14, 2021
Log4j is a serious vulnerability that has swept across the IT landscape quickly. Here's a single command you can run to test and see if you have any vulnerable packages installed.
Troy Hunt
DECEMBER 7, 2021
I was having a coffee with a good mate the other day. He's not a techie (he runs a pizza restaurant), but somehow, we ended up talking about passwords. Because he's a normal person, he has the same 1 or 2 or 3 he uses everywhere and even without telling me what they were, I knew they were terrible. Actually, I'll rephrase that: because he was a normal guy; he's not normal anymore because yesterday I carved out some time to give him an early Christmas present: Today I spent an
Bleeping Computer
DECEMBER 29, 2021
T-Mobile confirmed that recent reports of a new data breach are linked to notifications sent to a "very small number of customers" that they fell victim to SIM swap attacks. [.].
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Schneier on Security
DECEMBER 7, 2021
Since 2017, someone is running about a thousand — 10% of the total — Tor servers in an attempt to deanonymize the network: Grouping these servers under the KAX17 umbrella, Nusenu says this threat actor has constantly added servers with no contact details to the Tor network in industrial quantities, operating servers in the realm of hundreds at any given point.
CSO Magazine
DECEMBER 13, 2021
A penetration tester, sometimes called an ethical hacker, is a security pro who launches simulated attacks against a client's network or systems in order to seek out vulnerabilities. Their goal is to demonstrate where and how a malicious attacker might exploit the target network, which allows their clients to mitigate any weaknesses before a real attack occurs.
eSecurity Planet
DECEMBER 13, 2021
Cybersecurity vaccines are emerging as a new tool to defend against threats like ransomware and zero-day vulnerabilities. Cybersecurity firms have released “vaccines” in recent days to protect against the widely used STOP ransomware strain and the new Apache Log4Shell vulnerability. Germany-based G Data CyberDefense released software designed to trick the STOP ransomware variant into believing that a targeted system has already been compromised and keeping it from encrypting files af
Tech Republic Security
DECEMBER 1, 2021
This won't replace antivirus software, but it can help you detect problems much more efficiently and allows more customization. Here's how to install it on Mac, Windows and Linux.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Acunetix
DECEMBER 9, 2021
In the latest release of Acunetix, we added support for the HTTP/2 protocol and introduced several checks specific to the vulnerabilities associated with this protocol. For example, we introduced checks for misrouting, server-side request forgery (SSRF), and web cache poisoning. In this article, we’d like. Read more. The post How Acunetix addresses HTTP/2 vulnerabilities appeared first on Acunetix.
Bleeping Computer
DECEMBER 10, 2021
Wordfence analysts report having detected a massive wave of attacks in the last couple of days, originating from 16,000 IPs and targeting over 1.6 million WordPress sites. [.].
InfoWorld on Security
DECEMBER 10, 2021
Yesterday the Apache Foundation released an emergency update for a critical zero-day vulnerability in Log4j, a ubiquitous logging tool included in almost every Java application. The issue has been named Log4Shell and received the identifier CVE-2021-44228. The problem revolves around a bug in the Log4j library that can allow an attacker to execute arbitrary code on a system that is using Log4j to write out log messages.
Malwarebytes
DECEMBER 1, 2021
Not every secure messaging app is as safe as it would like us to think. And some are safer than others. A recently disclosed FBI training document shows how much access to the content of encrypted messages from secure messaging services US law enforcement can gain and what they can learn about your usage of the apps. The infographic shows details about iMessage, Line, Signal, Telegram, Threema, Viber, WeChat, WhatsApp, and Wickr.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
We Live Security
DECEMBER 1, 2021
ESET researchers studied all the malicious frameworks ever reported publicly that have been used to attack air-gapped networks and are releasing a side-by-side comparison of their most important TTPs. The post Jumping the air gap: 15 years of nation‑state effort appeared first on WeLiveSecurity.
Tech Republic Security
DECEMBER 8, 2021
The initial apps in Google Play were safe, but the creators found a way around the Play Store's protections to install malware on Android users' devices. Here's how it happened and how to stay safe.
Security Boulevard
DECEMBER 1, 2021
The Finnish National Cyber Security Centre (NCSC-FI) has issued a warning to citizens about the current version of the FluBot malware campaign which is affecting “tens of thousands of people in Finland.” The malware campaign leverages SMS by sending out numerous text messages, according to NCSC-FI. The messages, all of which are written in Finnish, The post Finland Fending Off FluBot Malware, Again appeared first on Security Boulevard.
Bleeping Computer
DECEMBER 28, 2021
Many LastPass users report that their master passwords have been compromised after receiving email warnings that someone tried to use them to log into their accounts from unknown locations. [.].
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
The Hacker News
DECEMBER 24, 2021
Apple recently fixed a security vulnerability in the macOS operating system that could be potentially exploited by a threat actor to "trivially and reliably" bypass a "myriad of foundational macOS security mechanisms" and run arbitrary code. Security researcher Patrick Wardle detailed the discovery in a series of tweets on Thursday. Tracked as CVE-2021-30853 (CVSS score: 5.
Security Affairs
DECEMBER 21, 2021
Microsoft warns of a couple of Active Directory flaws fixed with the November 2021 Patch Tuesday updates that could allow takeover of Windows domains. Microsoft released an alert on a couple of Active Directory vulnerabilities, that have been fixed with the November 2021 Patch Tuesday security updates, that could allow threat actors to takeover Windows domains.
CSO Magazine
DECEMBER 16, 2021
The COVID-19 pandemic forced companies to scramble to accommodate employees suddenly working from home. This required a move to cloud-based infrastructures, mobile applications and good collaboration and conferencing tools. The shift was massive for most firms. According to Statista , only 17% of workers in the United States telecommuted even a little prior to the pandemic.
Tech Republic Security
DECEMBER 14, 2021
While looking for additional Exchange vulnerabilities in the wake of this year's zero-days, Kaspersky found an IIS add-on that harvests credentials from OWA whenever, and wherever, someone logs in.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Security Boulevard
DECEMBER 2, 2021
Retail is known to experience a spike in cybercrime around the holidays. With millions of shoppers conducting business online, the threat landscape usually increases with this jolt in traffic. However, this year, it's not only Retail that should be concerned — research by CORO finds that all mid-market businesses are 490% more likely to experience.
Bleeping Computer
DECEMBER 19, 2021
A new malware named 'DarkWatchman' has emerged in the cybercrime underground, and it's a lightweight and highly-capable JavaScript RAT (Remote Access Trojan) paired with a C# keylogger. [.].
The Hacker News
DECEMBER 21, 2021
Even with the growing awareness about cybersecurity, many myths about it are prevalent. These misconceptions can be a barrier to effective security. The first step to ensure the security of your business is to separate the false information, myths, and rumors from the truth. Here, we're busting some common cybersecurity myths. Read on to find out which of the following you thought were true.
eSecurity Planet
DECEMBER 3, 2021
AT&T is working to stop a botnet that has infected at least 5,700 network edge servers inside its networks and appears designed to steal sensitive information and launch distributed denial-of-service (DDoS) attacks. Researchers at Netlab, the network security unit of Chinese tech giant Qihoo 360, wrote in a report this week that the rapidly updated botnet was attacking voice-over-IP (VoIP) servers from Edgewater Networks that are housed within AT&T’s network and are designed to route tra
Advertisement
Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.
Expert insights. Personalized for you.
363 
Let's personalize your content