Security Affairs

OCTOBER 29, 2022

The Slovak and Polish parliaments were hit by a massive cyber attack, and the voting system in Slovakia’s legislature was brought down. A massive cyber attack hit the Slovak and Polish parliaments, reported the authorities. The cyber attack brought down the voting system in Slovakia’s legislature. “The attack was multi-directional, including from inside the Russian Federation,” reads a statement published by the Polish Senate.

Cyber Attacks 145

Cyber Attacks Government Hacking Information Security 145

Schneier on Security

NOVEMBER 1, 2022

It’s Iran’s turn to have its digital surveillance tools leaked : According to these internal documents, SIAM is a computer system that works behind the scenes of Iranian cellular networks, providing its operators a broad menu of remote commands to alter, disrupt, and monitor how customers use their phones. The tools can slow their data connections to a crawl, break the encryption of phone calls, track the movements of individuals or large groups, and produce detailed metadata summari

Surveillance 353

Surveillance Telecommunications Mobile Encryption 353

Krebs on Security

OCTOBER 31, 2022

A 26-year-old Ukrainian man is awaiting extradition from The Netherlands to the United States on charges that he acted as a core developer for Raccoon , a popular “malware-as-a-service” offering that helped paying customers steal passwords and financial data from millions of cybercrime victims. KrebsOnSecurity has learned that the defendant was busted in March 2022, after fleeing mandatory military service in Ukraine in the weeks following the Russian invasion.

Malware 329

Malware Identity Theft Cybercrime Accountability 329

Troy Hunt

NOVEMBER 3, 2022

I've been investing a heap of time into Have I Been Pwned (HIBP) lately, ranging from all the usual stuff (namely trawling through masses of data breaches) to all new stuff, in particular expanding and enhancing the public API. The API is actually pretty simple: plug in an email address, get a result, and that's a very clearly documented process.

Data breaches 317

Data breaches 317

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

The Last Watchdog

OCTOBER 31, 2022

Here’s a frustrating reality about securing an enterprise network: the more closely you inspect network traffic, the more it deteriorates the user experience. Related: Taking a risk-assessment approach to vulnerabilities. Slow down application performance a little, and you’ve got frustrated users. Slow it down a lot, and most likely, whichever knob you just turned gets quickly turned back again—potentially leaving your business exposed.

Network Security 213

Network Security Encryption Firewall Telecommunications 213

Schneier on Security

NOVEMBER 4, 2022

The NSA (together with CISA) has published a long report on supply-chain security: “ Securing the Software Supply Chain: Recommended Practices Guide for Suppliers. “: Prevention is often seen as the responsibility of the software developer, as they are required to securely develop and deliver code, verify third party components, and harden the build environment.

Software 315

Software Risk 315

Troy Hunt

NOVEMBER 3, 2022

I feel like life is finally complete: I have beaches, sunshine and fast internet! (Yes, and of course an amazing wife, but that goes without saying 😊) For the folks asking via various channels, the speed is not exactly symmetrical at 1000/400 and I'm honestly not sure why that's the case here in Australia. I also had to shell out quite a bit extra to go from 50 up to a "business" plan of 400 up, but with the volumes of data I ship around it'll make a pretty big dif

Internet 253

Internet Internet 253

Lohrman on Security

OCTOBER 30, 2022

Cyber summits were held this past week in Michigan and Kansas, and hot topics ranged from workforce development to ransomware to growing global cyber threats. Here’s a rundown.

Cyber threats 207

Cyber threats Ransomware 207

Schneier on Security

OCTOBER 31, 2022

People have suspected this for a while, but Apple has made it official. It only commits to fully patching the latest version of its OS, even though it claims to support older versions. From ArsTechnica : In other words, while Apple will provide security-related updates for older versions of its operating systems, only the most recent upgrades will receive updates for every security problem Apple knows about.

306

306

Krebs on Security

NOVEMBER 3, 2022

A 25-year-old Finnish man has been charged with extorting a once popular and now-bankrupt online psychotherapy company and its patients. Finnish authorities rarely name suspects in an investigation, but they were willing to make an exception for Julius “Zeekill” Kivimaki , a notorious hacker who — at the tender age of 17 — had been convicted of more than 50,000 cybercrimes , including data breaches, payment fraud, operating botnets, and calling in bomb threats.

Data breaches 218

Data breaches Cybercrime Telecommunications Accountability 218

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Troy Hunt

OCTOBER 29, 2022

Geez we've been getting hammered down here: Optus, MyDeal, Vinomofo, Medibank and now Australian Clinical Labs. It's crazy how much press interest there's been down here and whilst I think some of it is a bit hyperbolic, bringing the issue to the forefront and ensuring it's being discussed is certainly a good thing. Anyway, let's see what happens between now and next week's video, at this rate there'll be at least one more major Aussie breach to talk about!

IoT 224

IoT Data breaches 224

Tech Republic Security

NOVEMBER 2, 2022

Also including blockchain-related projects in the ban, SourceHut's creator said the technology is associated with fraudulent activities and high-risk investments. The post Open-source repository SourceHut to remove all cryptocurrency-related projects appeared first on TechRepublic.

Cryptocurrency 206

Cryptocurrency Technology Risk Scams 206

Bleeping Computer

NOVEMBER 4, 2022

Internet domains for the popular Z-Library online eBook repository were seized early this morning by the U.S. Department of Justice, preventing easy access to the service. [.].

Internet 145

Internet Internet Technology Government 145

SecureList

NOVEMBER 1, 2022

For more than five years, the Global Research and Analysis Team (GReAT) at Kaspersky has been publishing quarterly summaries of advanced persistent threat (APT) activity. These summaries are based on our threat intelligence research; and they provide a representative snapshot of what we have published and discussed in greater detail in our private APT reports.

Malware 145

Malware Ransomware Spyware Encryption 145

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Security Affairs

NOVEMBER 1, 2022

The ransomware group LockBit 3.0 claimed to have stolen data from the French defence and technology group Thales. Thales is a global high-tech leader with more than 81,000 employees worldwide. The Group invests in digital and deep tech innovations – big data, artificial intelligence, connectivity, cybersecurity and quantum – to build a future of trust, essential to the development of our societies, by placing people at the heart of decision-making.

Artificial Intelligence 145

Artificial Intelligence Big data Ransomware Technology 145

Tech Republic Security

NOVEMBER 3, 2022

New Microsoft 365 deployment tools, making OneDrive work on your iPhone, and a new Cranefly backdoor lead the top news for this week. The post Tech news you may have missed Oct. 28–Nov. 3 appeared first on TechRepublic.

Big data 178

Big data Software 178

Bleeping Computer

NOVEMBER 4, 2022

The United Kingdom's National Cyber Security Centre (NCSC), the government agency that leads the country's cyber security mission, is now scanning all Internet-exposed devices hosted in the UK for vulnerabilities. [.].

Internet 145

Internet Internet Government 145

SecureList

OCTOBER 31, 2022

Kaspersky has been tracking activities involving the LODEINFO malware family since 2019, looking for new modifications and thoroughly investigating any attacks utilizing those new variants. LODEINFO is sophisticated fileless malware first named in a blogpost from JPCERT/CC in February 2020. The malware was regularly modified and upgraded by the developers to target media, diplomatic, governmental and public sector organizations and think-tanks in Japan.

Malware 145

Malware Encryption Media Phishing 145

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Security Affairs

NOVEMBER 1, 2022

ConnectWise has addressed a critical remote code execution vulnerability impacting Recover and R1Soft Server Backup Manager (SBM). According to the advisory published by ConnectWise , the vulnerability is an Improper Neutralization of Special Elements in Output Used by a Downstream Component. An attacker can exploit the vulnerability to execute remote code or directly access confidential data.

Backups 145

Backups Authentication Ransomware Hacking 145

Tech Republic Security

NOVEMBER 1, 2022

IoT devices can be openings for attackers, causing major disruptions to businesses. Follow these three steps to secure your IoT devices. The post 3 inexpensive steps to secure IoT appeared first on TechRepublic.

IoT 148

IoT Internet Internet 148

Bleeping Computer

OCTOBER 29, 2022

A new open-source 'S3crets Scanner' scanner allows researchers and red-teamers to search for 'secrets' mistakenly stored in publicly exposed or company's Amazon AWS S3 storage buckets. [.].

145

145

SecureList

NOVEMBER 2, 2022

Introduction. This report describes several interesting incidents observed by the Kaspersky Managed Detection and Response (MDR) team. The goal of the report is to inform our customers about techniques used by attackers. We hope that learning about the attacks that took place in the wild helps you to stay up to date on the modern threat landscape and to be better prepared for attacks.

Engineering 144

Engineering Malware Passwords Data collection 144

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Security Affairs

NOVEMBER 3, 2022

Cisco addressed multiple flaws impacting its products, including high-severity issues in identity, email, and web security solutions. Cisco addressed multiple vulnerabilities impacting some of its products, including high-severity flaws in identity, email, and web security products. The most severe vulnerability addressed by the IT giant is a cross-site request forgery (CSRF) flaw, tracked as CVE-2022-20961 (CVSS score of 8.8), that impacts the Identity Services Engine (ISE).

Engineering 144

Engineering Hacking Information Security 144

The Hacker News

OCTOBER 29, 2022

Communication services provider Twilio this week disclosed that it experienced another "brief security incident" in June 2022 perpetrated by the same threat actor behind the August hack that resulted in unauthorized access of customer information.

Hacking 143

Hacking 143

Bleeping Computer

NOVEMBER 1, 2022

Dropbox disclosed a security breach after threat actors stole 130 code repositories after gaining access to one of its GitHub accounts using employee credentials stolen in a phishing attack. [.].

Phishing 143

Phishing Accountability 143

Security Boulevard

NOVEMBER 3, 2022

Written by Christopher Hadnagy and Dr. Abbie Marono There is no denying the appeal of body-language focused blogs, particularly those […]. The post Dispelling Body Language Myths appeared first on Security Boulevard.

Social Engineering 139

Social Engineering Engineering 139

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

Security Affairs

OCTOBER 30, 2022

According to the Daily Mail, Former British Prime Minister Liz Truss ‘s personal phone was hacked by Russian spies. The personal mobile phone of British Prime Minister Liz Truss was hacked by cyber spies suspected of working for the Kremlin, the Daily Mail reported. According to the British tabloid, the cyber-spies are believed to have gained access to top-secret exchanges with key international partners as well as private conversations with his friend, the British Conservative Party polit

Hacking 144

Hacking Mobile Government Cyber threats 144

SecureList

OCTOBER 31, 2022

In the previous publication ‘ Tracking down LODEINFO 2022, part I ‘, we mentioned that the initial infection methods vary in different attack scenarios and that the LODEINFO shellcode was regularly updated for use with each infection vector. In this article, we discuss improvements made to the LODEINFO backdoor shellcode in 2022. Kaspersky investigated new versions of LODEINFO shellcode, namely v0.5.9, v0.6.2, v0.6.3 and v0.6.5, in March, April and June, respectively.

Encryption 136

Encryption Architecture Malware Engineering 136

Bleeping Computer

NOVEMBER 1, 2022

The OpenSSL Project has patched two high-severity security flaws in its open-source cryptographic library used to encrypt communication channels and HTTPS connections. [.].

Encryption 141

Encryption 141

The Hacker News

NOVEMBER 1, 2022

The Chinese state-sponsored threat actor known as Stone Panda has been observed employing a new stealthy infection chain in its attacks aimed at Japanese entities. Targets include media, diplomatic, governmental and public sector organizations and think-tanks in Japan, according to twin reports published by Kaspersky.

Malware 134

Malware Media 134

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity