Security Affairs

OCTOBER 29, 2022

The Slovak and Polish parliaments were hit by a massive cyber attack, and the voting system in Slovakia’s legislature was brought down. A massive cyber attack hit the Slovak and Polish parliaments, reported the authorities. The cyber attack brought down the voting system in Slovakia’s legislature. “The attack was multi-directional, including from inside the Russian Federation,” reads a statement published by the Polish Senate.

Cyber Attacks 145

Cyber Attacks Government Hacking Information Security 145

Schneier on Security

NOVEMBER 1, 2022

It’s Iran’s turn to have its digital surveillance tools leaked : According to these internal documents, SIAM is a computer system that works behind the scenes of Iranian cellular networks, providing its operators a broad menu of remote commands to alter, disrupt, and monitor how customers use their phones. The tools can slow their data connections to a crawl, break the encryption of phone calls, track the movements of individuals or large groups, and produce detailed metadata summari

Surveillance 347

Surveillance Telecommunications Mobile Encryption 347

Krebs on Security

OCTOBER 31, 2022

A 26-year-old Ukrainian man is awaiting extradition from The Netherlands to the United States on charges that he acted as a core developer for Raccoon , a popular “malware-as-a-service” offering that helped paying customers steal passwords and financial data from millions of cybercrime victims. KrebsOnSecurity has learned that the defendant was busted in March 2022, after fleeing mandatory military service in Ukraine in the weeks following the Russian invasion.

Malware 316

Malware Identity Theft Cybercrime Accountability 316

Troy Hunt

NOVEMBER 3, 2022

I've been investing a heap of time into Have I Been Pwned (HIBP) lately, ranging from all the usual stuff (namely trawling through masses of data breaches) to all new stuff, in particular expanding and enhancing the public API. The API is actually pretty simple: plug in an email address, get a result, and that's a very clearly documented process.

Data breaches 298

Data breaches 298

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Tech Republic Security

NOVEMBER 2, 2022

Also including blockchain-related projects in the ban, SourceHut's creator said the technology is associated with fraudulent activities and high-risk investments. The post Open-source repository SourceHut to remove all cryptocurrency-related projects appeared first on TechRepublic.

Cryptocurrency 197

Cryptocurrency Technology Risk Scams 197

Schneier on Security

NOVEMBER 4, 2022

The NSA (together with CISA) has published a long report on supply-chain security: “ Securing the Software Supply Chain: Recommended Practices Guide for Suppliers. “: Prevention is often seen as the responsibility of the software developer, as they are required to securely develop and deliver code, verify third party components, and harden the build environment.

Software 297

Software Risk 297

Troy Hunt

NOVEMBER 3, 2022

I feel like life is finally complete: I have beaches, sunshine and fast internet! (Yes, and of course an amazing wife, but that goes without saying 😊) For the folks asking via various channels, the speed is not exactly symmetrical at 1000/400 and I'm honestly not sure why that's the case here in Australia. I also had to shell out quite a bit extra to go from 50 up to a "business" plan of 400 up, but with the volumes of data I ship around it'll make a pretty big dif

Internet 230

Internet Internet 230

Tech Republic Security

NOVEMBER 3, 2022

New Microsoft 365 deployment tools, making OneDrive work on your iPhone, and a new Cranefly backdoor lead the top news for this week. The post Tech news you may have missed Oct. 28–Nov. 3 appeared first on TechRepublic.

Big data 164

Big data Software 164

Schneier on Security

OCTOBER 31, 2022

People have suspected this for a while, but Apple has made it official. It only commits to fully patching the latest version of its OS, even though it claims to support older versions. From ArsTechnica : In other words, while Apple will provide security-related updates for older versions of its operating systems, only the most recent upgrades will receive updates for every security problem Apple knows about.

293

293

Bleeping Computer

NOVEMBER 4, 2022

Internet domains for the popular Z-Library online eBook repository were seized early this morning by the U.S. Department of Justice, preventing easy access to the service. [.].

Internet 145

Internet Internet Technology Government 145

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

SecureList

NOVEMBER 1, 2022

For more than five years, the Global Research and Analysis Team (GReAT) at Kaspersky has been publishing quarterly summaries of advanced persistent threat (APT) activity. These summaries are based on our threat intelligence research; and they provide a representative snapshot of what we have published and discussed in greater detail in our private APT reports.

Malware 143

Malware Ransomware Spyware Encryption 143

Tech Republic Security

NOVEMBER 1, 2022

IoT devices can be openings for attackers, causing major disruptions to businesses. Follow these three steps to secure your IoT devices. The post 3 inexpensive steps to secure IoT appeared first on TechRepublic.

IoT 147

IoT Internet Internet 147

Security Affairs

NOVEMBER 3, 2022

Cisco addressed multiple flaws impacting its products, including high-severity issues in identity, email, and web security solutions. Cisco addressed multiple vulnerabilities impacting some of its products, including high-severity flaws in identity, email, and web security products. The most severe vulnerability addressed by the IT giant is a cross-site request forgery (CSRF) flaw, tracked as CVE-2022-20961 (CVSS score of 8.8), that impacts the Identity Services Engine (ISE).

Engineering 143

Engineering Hacking Information Security 143

Bleeping Computer

NOVEMBER 4, 2022

The United Kingdom's National Cyber Security Centre (NCSC), the government agency that leads the country's cyber security mission, is now scanning all Internet-exposed devices hosted in the UK for vulnerabilities. [.].

Internet 145

Internet Internet Government 145

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

SecureList

OCTOBER 31, 2022

Kaspersky has been tracking activities involving the LODEINFO malware family since 2019, looking for new modifications and thoroughly investigating any attacks utilizing those new variants. LODEINFO is sophisticated fileless malware first named in a blogpost from JPCERT/CC in February 2020. The malware was regularly modified and upgraded by the developers to target media, diplomatic, governmental and public sector organizations and think-tanks in Japan.

Malware 141

Malware Encryption Media Phishing 141

Security Boulevard

NOVEMBER 3, 2022

Written by Christopher Hadnagy and Dr. Abbie Marono There is no denying the appeal of body-language focused blogs, particularly those […]. The post Dispelling Body Language Myths appeared first on Security Boulevard.

Social Engineering 139

Social Engineering Engineering 139

Security Affairs

NOVEMBER 1, 2022

The ransomware group LockBit 3.0 claimed to have stolen data from the French defence and technology group Thales. Thales is a global high-tech leader with more than 81,000 employees worldwide. The Group invests in digital and deep tech innovations – big data, artificial intelligence, connectivity, cybersecurity and quantum – to build a future of trust, essential to the development of our societies, by placing people at the heart of decision-making.

Artificial Intelligence 144

Artificial Intelligence Big data Ransomware Technology 144

Bleeping Computer

OCTOBER 29, 2022

A new open-source 'S3crets Scanner' scanner allows researchers and red-teamers to search for 'secrets' mistakenly stored in publicly exposed or company's Amazon AWS S3 storage buckets. [.].

145

145

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

SecureList

NOVEMBER 2, 2022

Introduction. This report describes several interesting incidents observed by the Kaspersky Managed Detection and Response (MDR) team. The goal of the report is to inform our customers about techniques used by attackers. We hope that learning about the attacks that took place in the wild helps you to stay up to date on the modern threat landscape and to be better prepared for attacks.

Engineering 131

Engineering Malware Passwords Data collection 131

eSecurity Planet

NOVEMBER 4, 2022

A pair of recent $100 million funding rounds show that venture capital is still flowing into cybersecurity startups despite economic headwinds and rising interest rates. Versa Networks announced a funding round for $120 million last week, while Apiiro followed this week with a $100 million funding round. The two are addressing major issues like sprawling cloud and software supply chain risks, showing that good companies addressing real needs are having little trouble finding investors.

Cybersecurity 130

Cybersecurity Marketing Risk Architecture 130

Security Affairs

OCTOBER 30, 2022

According to the Daily Mail, Former British Prime Minister Liz Truss ‘s personal phone was hacked by Russian spies. The personal mobile phone of British Prime Minister Liz Truss was hacked by cyber spies suspected of working for the Kremlin, the Daily Mail reported. According to the British tabloid, the cyber-spies are believed to have gained access to top-secret exchanges with key international partners as well as private conversations with his friend, the British Conservative Party polit

Hacking 143

Hacking Mobile Government Cyber threats 143

Bleeping Computer

NOVEMBER 1, 2022

Dropbox disclosed a security breach after threat actors stole 130 code repositories after gaining access to one of its GitHub accounts using employee credentials stolen in a phishing attack. [.].

Phishing 143

Phishing Accountability 143

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

Security Boulevard

OCTOBER 30, 2022

Pentesters love passwords. It’s great for us that the keys to the kingdom lie in something the user usually chooses and most often chooses insecurely. Wikipedia tells us that “A password is a secret word or string of characters that is used for authentication, to prove identity or gain access to a resource. The password […]. The post Password Attacks – Saving Time for the Fun Stuff appeared first on Security Aegis.

Passwords 130

Passwords Authentication 130

CyberSecurity Insiders

NOVEMBER 1, 2022

A new ransomware named ‘Azov Ransomware’ is found framing cybersecurity researchers as it doesn’t demand any ransom from its victims, instead it is asking them to contact forensic experts from a firm in the vicinity and do as per their instructions. Though the actions of Azov Ransomware are strange, researchers state that it’s not a big surprise. As someone is trying to frame security personnel from a specific company or some in related field are playing the blame-game.

Ransomware 127

Ransomware Cybersecurity Software Malware 127

Security Affairs

NOVEMBER 1, 2022

ConnectWise has addressed a critical remote code execution vulnerability impacting Recover and R1Soft Server Backup Manager (SBM). According to the advisory published by ConnectWise , the vulnerability is an Improper Neutralization of Special Elements in Output Used by a Downstream Component. An attacker can exploit the vulnerability to execute remote code or directly access confidential data.

Backups 143

Backups Authentication Ransomware Hacking 143

Bleeping Computer

NOVEMBER 1, 2022

The OpenSSL Project has patched two high-severity security flaws in its open-source cryptographic library used to encrypt communication channels and HTTPS connections. [.].

Encryption 141

Encryption 141

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

eSecurity Planet

NOVEMBER 3, 2022

Distributed denial of service (DDoS) attacks seek to cripple a corporate resource such as applications, web sites, servers, and routers, which can quickly lead to steep losses for victims. However, DDoS attackers sometimes even target the specific computers (or routers) of unwary people – often to harass video gamers, for example. Fortunately, many DDoS attacks can be prevented through advanced preparation.

DDOS 125

DDOS Firewall DNS Architecture 125

Security Boulevard

NOVEMBER 4, 2022

Insight #1. ". The game has changed, today's cybercrime cartels want to hijack your digital transformation and use it to launch attacks against your customers. Cybersecurity has become a brand protection imperative. It’s time for you to discuss cybersecurity with your CMO and GC.”. . Insight #2. ". Ransomware deploys remote access trojans (RATs) in your environment.

Digital transformation 124

Digital transformation Cybersecurity Cybercrime Ransomware 124

Security Affairs

NOVEMBER 4, 2022

I’m proud to announce the release of the 10th edition of the ENISA Threat Landscape (ETL) on the state of the cybersecurity threat landscape. The Europen Agency for cybersecurity ENISA releases its ENISA Threat Landscape 2022 (ETL) report , which is the annual analysis of the state of the cybersecurity threat landscape. This is the 10 th edition of the annual report and analyzes events that took place between July 2021 and July 2022.

Cyber threats 142

Cyber threats Phishing Social Engineering Ransomware 142

Bleeping Computer

OCTOBER 29, 2022

Microsoft has released out-of-band updates today to address a known issue causing OneDrive and OneDrive for Business to crash after installing recent Windows 10 updates. [.].

135

135

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity