Schneier on Security

FEBRUARY 9, 2022

Researchers have calculated the quantum computer size necessary to break 256-bit elliptic curve public-key cryptography: Finally, we calculate the number of physical qubits required to break the 256-bit elliptic curve encryption of keys in the Bitcoin network within the small available time frame in which it would actually pose a threat to do so. It would require 317 × 10 6 physical qubits to break the encryption within one hour using the surface code, a code cycle time of 1 μ s, a reaction

Encryption 358

Encryption 358

Joseph Steinberg

FEBRUARY 2, 2022

As I discussed last month, unless we take actions soon, a tremendous amount of data that is today protected through the use of encryption will become vulnerable to exposure. The reason that such a major threat exists is simple – much of today’s data relies on the security of what are known as asymmetric encryption algorithms, and such algorithms rely for their security on the fact that the mathematics that they use to encrypt cannot easily be reversed in order to decrypt.

Encryption 357

Encryption Artificial Intelligence Risk Engineering 357

Krebs on Security

FEBRUARY 22, 2022

Missouri Governor Mike Parson made headlines last year when he vowed to criminally prosecute a journalist for reporting a security flaw in a state website that exposed personal information of more than 100,000 teachers. But Missouri prosecutors now say they will not pursue charges following revelations that the data had been exposed since 2011 — two years after responsibility for securing the state’s IT systems was centralized within Parson’s own Office of Administration.

Education 354

Education Technology Hacking Media 354

Daniel Miessler

FEBRUARY 2, 2022

There’s something strange about how our InfoSec community is reacting to cryptocurrency, NFTs, and Web3. Mostly, it’s horribly negative. And not dispassionate negative either—but a negativity soaked in ridicule and hate. This is very curious coming from a community that includes so many hackers. I think this comes from the dual nature of hackers themselves.

InfoSec 352

InfoSec Internet Internet Cryptocurrency 352

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Troy Hunt

FEBRUARY 16, 2022

I have a vehement dislike for misleading advertising. We see it every day; weight loss pills, make money fast schemes and if you travel in the same circles I do, claims that extended validation (EV) certificates actually do something useful: Why are you still claiming this @digicert ? This is extremely misleading, anyone feel like reporting this to the relevant advertising standards authority in their jurisdiction?

Banking 330

Banking Mobile Phishing Advertising 330

Tech Republic Security

FEBRUARY 18, 2022

Corporate users are more aware of phishing attacks in their mailboxes. Yet they are not used to being targeted via other systems like Microsoft Teams. Learn how to protect yourself. The post Cyberattack threat: Corporate users infected via Microsoft Teams appeared first on TechRepublic.

Phishing 217

Phishing 217

Graham Cluley

FEBRUARY 25, 2022

The Conti ransomware gang says that it supports the Russian government's invasion of Ukraine. and if anyone launches a retaliatory cyber attack against Russia, they will hit back hard - launching attacks on critical infrastructure.

Ransomware 145

Ransomware Hacking Cyber Attacks Government 145

Krebs on Security

FEBRUARY 3, 2022

If you received a link to LinkedIn.com via email, SMS or instant message, would you click it? Spammers, phishers and other ne’er-do-wells are hoping you will, because they’ve long taken advantage of a marketing feature on the business networking site which lets them create a LinkedIn.com link that bounces your browser to other websites, such as phishing pages that mimic top online brands (but chiefly Linkedin’s parent firm Microsoft ).

Phishing 342

Phishing Marketing Scams Accountability 342

Malwarebytes

FEBRUARY 24, 2022

According to a joint security advisory published yesterday by US and UK cybersecurity and law enforcement agencies, a new malware called Cyclops Blink has surfaced to replace the VPNFilter malware attributed to the Sandworm group, which has always been seen as a Russian state-sponsored group. Cyclops Blink. The alert issued b y the Cybersecurity & Infrastructure Security Agency (CISA) and an analysis published by the UK’s National Cyber Security Center (NCSC) show Indicators of Compromise (I

Malware 145

Malware Firewall Firmware DDOS 145

Troy Hunt

FEBRUARY 16, 2022

Continuing the march forward to provide governments with better access to their departments' data exposed in breaches , I'm very pleased to welcome the 28th national government onto Have I Been Pwned - New Zealand! They'll join the other govs around the world that have complete free access to breach information impacting their gov domains and TLDs.

Government 304

Government 304

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Tech Republic Security

FEBRUARY 11, 2022

The federal agency says hundreds of victims have lost money due to scams over a two-year span. The post FBI: Criminals escalating SIM swap attacks to steal millions of dollars appeared first on TechRepublic.

Scams 210

Scams 210

Schneier on Security

FEBRUARY 22, 2022

The US National Cyber Director Chris Inglis wrote an essay outlining a new social contract for the cyber age: The United States needs a new social contract for the digital age — one that meaningfully alters the relationship between public and private sectors and proposes a new set of obligations for each. Such a shift is momentous but not without precedent.

Cybersecurity 320

Cybersecurity Surveillance Marketing Encryption 320

Security Boulevard

FEBRUARY 15, 2022

Aeris today updated a cloud service that leverages machine learning and other forms of artificial intelligence to secure internet of things (IoT) platforms connected via cellular networks. Hari Nair, senior director of product management at Aeris, said the latest edition of the Intelligent IoT Network also adds an Intelligent Security Center to provide visibility and.

IoT 145

IoT Artificial Intelligence Internet Internet 145

Graham Cluley

FEBRUARY 28, 2022

A game, developed by the so-called IT Army of Ukraine, makes it easy for anyone around the world to contribute to the overloading of Russian websites while playing a version of the simple sliding puzzle "2048.".

DDOS 145

DDOS 145

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

eSecurity Planet

FEBRUARY 11, 2022

Machine learning (ML) and artificial intelligence (AI) have emerged as critical tools for dealing with the ever-growing volume and complexity of cybersecurity threats. Machines can recognize patterns to detect malware and unusual activity better than humans and classic software. The technology also predicts potential attacks and automatically responds to threats by identifying specific trends and cycles.

Cybersecurity 145

Cybersecurity Phishing Risk Artificial Intelligence 145

Bleeping Computer

FEBRUARY 5, 2022

The Federal Bureau of Investigation (FBI) has released technical details and indicators of compromise associated with Lockbit ransomware attacks in a new flash alert published this Friday. [.].

Ransomware 145

Ransomware 145

Tech Republic Security

FEBRUARY 25, 2022

The conflict we all feared is expected to bring an increase of cyberattacks, but experts agree that all hope isn’t lost. The post How Russia’s invasion of Ukraine will affect your cybersecurity appeared first on TechRepublic.

Cybersecurity 207

Cybersecurity 207

Schneier on Security

FEBRUARY 4, 2022

Senators have reintroduced the EARN IT Act, requiring social media companies (among others) to administer a massive surveillance operation on their users: A group of lawmakers led by Sen. Richard Blumenthal (D-CT) and Sen. Lindsey Graham (R-SC) have re-introduced the EARN IT Act , an incredibly unpopular bill from 2020 that was dropped in the face of overwhelming opposition.

Surveillance 321

Surveillance Backups Media Technology 321

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

We Live Security

FEBRUARY 10, 2022

A trip into the dark corners of Telegram, which has become a magnet for criminals peddling everything from illegal drugs to fake money and COVID-19 vaccine passes. The post Hidden in plain sight: How the dark web is spilling onto social media appeared first on WeLiveSecurity.

Media 145

Media Cybercrime 145

Acunetix

FEBRUARY 2, 2022

Server-side request forgery (SSRF) is the only type of vulnerability that has its own category in the OWASP Top 10 2021 list. Several major cybersecurity breaches in recent years, including Capital One and MS Exchange attacks, involved the use of SSRF as one of the break-in techniques. SSRF. Read more. The post What is server-side request forgery (SSRF)?

Cybersecurity 145

Cybersecurity 145

eSecurity Planet

FEBRUARY 11, 2022

Risk management is a concept that has been around as long as companies have had assets to protect. The simplest example may be insurance. Life, health, auto, and other insurance are all designed to help a person protect against losses. Risk management also extends to physical devices, such as doors and locks to protect homes and vehicles, vaults to protect money and precious jewels, and police, fire, and CCTV to protect against other physical risks.

Risk 145

Risk Cybersecurity Encryption Technology 145

Security Affairs

FEBRUARY 17, 2022

Attackers compromise Microsoft Teams accounts to attach malicious executables to chat and spread them to participants in the conversation. While the popularity of Microsoft Teams continues to grow, with roughly 270 million monthly active users , threat actors started using it as an attack vector. Starting in January 2022, security researchers from Avanan observed attackers compromising Microsoft Teams accounts attach malicious executables to chat and infect participants in the conversation.

Malware 145

Malware Phishing Accountability Data breaches 145

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Tech Republic Security

FEBRUARY 24, 2022

Whether the chicken or the egg came first, Beyond Identity’s data suggests that the fastest growing companies are all more likely to take cybersecurity seriously. The post What hyper-growth companies all have in common: They prioritize cybersecurity appeared first on TechRepublic.

Cybersecurity 205

Cybersecurity 205

Schneier on Security

FEBRUARY 11, 2022

A detailed report of the 2021 ransomware attack against Ireland’s Health Services Executive lists some really bad security practices : The report notes that: The HSE did not have a Chief Information Security Officer (CISO) or a “single responsible owner for cybersecurity at either senior executive or management level to provide leadership and direction.

Antivirus 309

Antivirus Hacking Ransomware CISO 309

Security Boulevard

FEBRUARY 18, 2022

A lot of talk these days centers around companies leaving money on the table by not maximizing cost savings, but more egregious in today’s risk-filled environment is leaving security on the table. That’s just what organizations are doing by not properly offboarding former employees; giving them plenty of opportunities to breach defenses and conduct malicious.

Risk 144

Risk Security Awareness Cybersecurity Network Security 144

Digital Shadows

FEBRUARY 16, 2022

To say that 2021 was a turbulent year for security teams would be a massive understatement. Last year, we observed. The post Initial Access Brokers in 2021: An Ever Expanding Threat first appeared on Digital Shadows.

Cybercrime 144

Cybercrime 144

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

eSecurity Planet

FEBRUARY 4, 2022

Malware is one of the biggest threats businesses face, and with nearly a third of all malware coming through the internet and email, businesses and consumers alike need ways to protect themselves. The best internet security software comes in several different forms, giving businesses all of the protection they need to identify and stop malware before it causes bigger problems.

Internet 144

Internet Internet Software Antivirus 144

Security Affairs

FEBRUARY 28, 2022

Anonymous and other hacker groups that responded to the call to war against Russia continue to launch cyberattacks on gov organizations and businesses. Anonymous and numerous hacker groups linked to the popular collective continue to launch cyber attacks against Russian and Belarussian government organizations and private businesses. In the last few days massive DDoS attacks have taken offline numerous websites of Russian government entities, including the Duma and Ministry of Defense.

DDOS 144

DDOS Banking Cyber Attacks Media 144

Tech Republic Security

FEBRUARY 22, 2022

2021 saw a decrease in mobile malware attacks, yet they have become increasingly sophisticated. Learn more about these threats and how to avoid being a victim. The post 2021 mobile malware evolution: Fewer attacks, escalating dangers appeared first on TechRepublic.

Mobile 203

Mobile Malware 203

Schneier on Security

FEBRUARY 17, 2022

A reporter interviews a Uyghur human-rights advocate, and uses the Otter.ai transcription app. The next day, I received an odd note from Otter.ai, the automated transcription app that I had used to record the interview. It read: “Hey Phelim, to help us improve your Otter’s experience, what was the purpose of this particular recording with titled ‘Mustafa Aksu’ created at ‘2021-11-08 11:02:41’?”.

Surveillance 306

Surveillance Government 306

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software