Joseph Steinberg
JULY 21, 2022
The second edition of Cybersecurity For Dummies , Joseph Steinberg’s best-selling introductory-level book about cybersecurity, is now available. Like its first-edition counterpart, CyberSecurity For Dummies: Second Edition is written for general audiences, and can help people of all backgrounds stay cyber-secure, regardless of their technical skillsets.
Schneier on Security
JULY 18, 2022
Some sites, including Facebook, add parameters to the web address for tracking purposes. These parameters have no functionality that is relevant to the user, but sites rely on them to track users across pages and properties. Mozilla introduced support for URL stripping in Firefox 102 , which it launched in June 2022. Firefox removes tracking parameters from web addresses automatically, but only in private browsing mode or when the browser’s Tracking Protection feature is set to strict.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Krebs on Security
JULY 10, 2022
Twice in the past month KrebsOnSecurity has heard from readers who’ve had their accounts at big-three credit bureau Experian hacked and updated with a new email address that wasn’t theirs. In both cases the readers used password managers to select strong, unique passwords for their Experian accounts. Research suggests identity thieves were able to hijack the accounts simply by signing up for new accounts at Experian using the victim’s personal information and a different email
Javvad Malik
JULY 7, 2022
Over here in the UK we’ve had dozens of MPs (members of parliament) tender their resignation over the last day or so. While I’m not interested in politics, seeing so many resignation letters did provide me with the template to create the perfect letter. It consists of a few steps. 1. Yellow paper (not the white one peasants write on). 2.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Adam Levin
JULY 6, 2022
A firewall is a network security device or program designed to prevent unauthorized and malicious internet traffic from entering a private network or device. It is a digital safety barrier between public and private internet connections, allowing non-threatening traffic in and keeping malicious traffic out, which in theory includes malware and hackers.
Tech Republic Security
JULY 7, 2022
Cybercriminals found a way into a Shanghai National Police database, in the largest exploit of personal information in the country’s history. The post China suffers massive cybersecurity breach affecting over 1 billion people appeared first on TechRepublic.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Schneier on Security
JULY 12, 2022
Honda vehicles from 2021 to 2022 are vulnerable to this attack : On Thursday, a security researcher who goes by Kevin2600 published a technical report and videos on a vulnerability that he claims allows anyone armed with a simple hardware device to steal the code to unlock Honda vehicles. Kevin2600, who works for cybersecurity firm Star-V Lab, dubbed the attack RollingPWN. […].
Krebs on Security
JULY 21, 2022
U.S. state and federal investigators are being inundated with reports from people who’ve lost hundreds of thousands or millions of dollars in connection with a complex investment scam known as “ pig butchering ,” wherein people are lured by flirtatious strangers online into investing in cryptocurrency trading platforms that eventually seize any funds when victims try to cash out.
Security Affairs
JULY 31, 2022
A vulnerability, tracked as CVE-2022-30563, impacting Dahua IP Camera can allow attackers to seize control of IP cameras. The CVE-2022-30563 vulnerability impacting Dahua IP Camera can allow attackers to seize control of IP cameras. The issue affects Dahua’s implementation of the Open Network Video Interface Forum ( ONVIF ). ONVIF provides and promotes standardized interfaces for effective interoperability of IP-based physical security products.
eSecurity Planet
JULY 11, 2022
Intezer Labs security researchers have identified a sophisticated new malware that targets Linux devices. Dubbed OrBit , the malware can gain persistence quickly, evade detection and hide its presence in network activity by manipulating logs. The module hooks functions called in shared libraries, which is pretty common for malware, but it also implements “advanced evasion techniques” and “remote capabilities over SSH.”.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Tech Republic Security
JULY 19, 2022
CSRB has released a report saying that the Log4j exploit is here to stay long-term, meaning businesses should be ready in case of a cyber attack. The post Cyber Safety Review Board classifies Log4j as ‘endemic vulnerability’ appeared first on TechRepublic.
Joseph Steinberg
JULY 20, 2022
There is little doubt that quantum computing will ultimately undermine the security of most of today’s encryption systems , and, thereby, render vulnerable to exposure nearly every piece of data that is presently protected through the use of encryption. What remains uncertain, however, is when the day of so-called “quantum supremacy” will arrive. As such, many organizations have hesitated to start preparing for the quantum era – after all, they reason, there are enough fires to fight now, and li
Schneier on Security
JULY 28, 2022
Kaspersky is reporting on a new UFEI rootkit that survives reinstalling the operating system and replacing the hard drive. From an article : The firmware compromises the UEFI, the low-level and highly opaque chain of firmware required to boot up nearly every modern computer. As the software that bridges a PC’s device firmware with its operating system, the UEFI—short for Unified Extensible Firmware Interface—is an OS in its own right.
SecureList
JULY 25, 2022
Introduction. Rootkits are malware implants which burrow themselves in the deepest corners of the operating system. Although on paper they may seem attractive to attackers, creating them poses significant technical challenges and the slightest programming error has the potential to completely crash the victim machine. In our APT predictions for 2022 , we noted that despite these risks, we expected more attackers to reach the sophistication level required to develop such tools.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Bleeping Computer
JULY 7, 2022
While Microsoft announced earlier this year that it would block VBA macros on downloaded documents by default, Redmond said on Thursday that it will roll back this change based on "feedback" until further notice. [.].
CSO Magazine
JULY 4, 2022
Identity and access issues topped the list of concerns of IT pros in the Cloud Security Alliance's annual Top Threats to Cloud Computing: The Pandemic 11 report released earlier this month. "Data breaches and data loss were the top concerns last year," says CSA Global Vice President of Research John Yeoh. "This year, they weren't even in the top 11.
Tech Republic Security
JULY 14, 2022
Journalists have information that makes them particularly interesting for state-sponsored cyberespionage threat actors. Learn more about these threats now. The post State-sponsored cyberespionage campaigns continue targeting journalists and media appeared first on TechRepublic.
Security Boulevard
JULY 20, 2022
Salt Security today extended its security platform for application programming interfaces (APIs) to include the ability to visually depict API call sequences, create attack simulations before APIs are released into production and gain insights into attacker behaviors and patterns. Elad Koren, chief product officer for Salt Security, said the latest version of the Salt Security.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Schneier on Security
JULY 21, 2022
This is a dangerous vulnerability: An assessment from security firm BitSight found six vulnerabilities in the Micodus MV720 , a GPS tracker that sells for about $20 and is widely available. The researchers who performed the assessment believe the same critical vulnerabilities are present in other Micodus tracker models. The China-based manufacturer says 1.5 million of its tracking devices are deployed across 420,000 customers.
eSecurity Planet
JULY 12, 2022
The first signs of the ransomware attack at data storage vendor Spectra Logic were reports from a number of IT staffers about little things going wrong at the beginning of the day. Matters steadily worsened within a very short time and signs of a breach became apparent. Screens then started to display a ransom demand, which said files had been encrypted by the NetWalker ransomware virus.
Bleeping Computer
JULY 19, 2022
An Israeli security researcher has demonstrated a novel attack against air-gapped systems by leveraging the SATA cables inside computers as a wireless antenna to emanate data via radio signals. [.].
Security Affairs
JULY 9, 2022
Fortinet released security patches to address multiple High-Severity vulnerabilities in several products of the vendor. Fortinet addressed multiple vulnerabilities in several products of the vendor. Impacted products are FortiADC, FortiAnalyzer, FortiManager, FortiOS, FortiProxy, FortiClient, FortiDeceptor, FortiEDR, FortiNAC, FortiSwitch, FortiRecorder, and FortiVoiceEnterprise.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Tech Republic Security
JULY 18, 2022
Microsoft says a ransomware gang calling itself H0lyGh0st may be sponsored by the North Korean government as a way for the country to offset its struggling economy. The post Why North Korean cybercriminals are targeting businesses with ransomware appeared first on TechRepublic.
Security Boulevard
JULY 21, 2022
Radware this week revealed it added blockchain technologies to its Bot Manager platform to thwart attacks designed to evade completely automated public Turing tests to tell computers and humans apart—better known as CAPTCHA challenges. Dr. David Aviv, CTO for Radware, said that while a CAPTCHA challenge can be an effective way to determine if an. The post Radware Employs Blockchain Technologies to Thwart Bots appeared first on Security Boulevard.
Schneier on Security
JULY 15, 2022
Surely no one could have predicted this : The new proposal—championed by Mayor London Breed after November’s wild weekend of orchestrated burglaries and theft in the San Francisco Bay Area—would authorize the police department to use non-city-owned security cameras and camera networks to live monitor “significant events with public safety concerns” and ongoing felony or misdemeanor violations.
Dark Reading
JULY 14, 2022
Vulnerability will remain a "significant" threat for years to come and highlighted the need for more public and private sector support for open source software ecosystem, Cyber Safety Review Board says.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Bleeping Computer
JULY 29, 2022
The Federal Communications Commission (FCC) warned Americans of an increasing wave of SMS (Short Message Service) phishing attacks attempting to steal their personal information and money. [.].
Security Affairs
JULY 24, 2022
Threat actor leaked data of 5.4 million Twitter users that were obtained by exploiting a now patched flaw in the popular platform. A threat actor has leaked data of 5.4 million Twitter accounts that were obtained by exploiting a now-fixed vulnerability in the popular social media platform. The threat actor is now offering for sale the stolen data on a the popular hacking forum Breached Forums.
Tech Republic Security
JULY 1, 2022
Triggered by an employee from an external vendor who shared email addresses with an unauthorized party, the breach could lead to phishing attempts against affected individuals. The post Data breach of NFT marketplace OpenSea may expose customers to phishing attacks appeared first on TechRepublic.
Security Boulevard
JULY 4, 2022
Find out top 10 risks answering why SMB's are doing cyber security wrong. We have also included fixes to help you understand the cybersecurity for SMB. The post The Top 10 SMB cyber security mistakes. Find out how to fix these security risks. appeared first on Cyphere | Securing Your Cyber Sphere. The post The Top 10 SMB cyber security mistakes.
Advertisement
Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.
Expert insights. Personalized for you.
363 
Let's personalize your content