Krebs on Security
APRIL 3, 2023
John Clifton Davies , a 60-year-old con man from the United Kingdom who fled the country in 2015 before being sentenced to 12 years in prison for fraud, has enjoyed a successful life abroad swindling technology startups by pretending to be a billionaire investor. Davies’ newest invention appears to be “ CodesToYou ,” which purports to be a “full cycle software development company” based in the U.K.
Troy Hunt
APRIL 5, 2023
A quick summary first before the details: This week, the FBI in cooperation with international law enforcement partners took down a notorious marketplace trading in stolen identity data in an effort they've named "Operation Cookie Monster" They've provided millions of impacted email addresses and passwords to Have I Been Pwned (HIBP) so that victims of the incident can discover if they have been exposed.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Schneier on Security
APRIL 6, 2023
New research: “ Achilles Heels for AGI/ASI via Decision Theoretic Adversaries “: As progress in AI continues to advance, it is important to know how advanced systems will make choices and in what ways they may fail. Machines can already outsmart humans in some domains, and understanding how to safely build ones which may have capabilities at or above the human level is of particular concern.
Lohrman on Security
APRIL 2, 2023
NATO countries are facing a growing breadth and depth of nation-state cyber attacks as Russia, China, Iran and other countries increase military cyber cooperation.
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
The Last Watchdog
APRIL 3, 2023
Modern cyber attacks are ingenious — and traditional vulnerability management, or VM, simply is no longer very effective. Related: Taking a risk-assessment approach to VM Unlike a typical cyber attack that exploits a software vulnerability, recent cyber attacks exploit other security risks, such as misconfigurations, security deviations, and posture anomalies.
Troy Hunt
APRIL 1, 2023
Most of this week's video went on talking about the UniFi Dream Wall. What a unit! I mean it's big, but then it wraps a lot of stuff up in the one device too. If you watch this and have thoughts on how I can integrate it into the new garage such that it doesn't clash with the dark theme, I'd love to hear about it. I'll share more once I set it up in the coming weeks but for now, enjoy this week's video 🙂 References The UniFi Dream Wall is an impressive unit
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Tech Republic Security
APRIL 3, 2023
Some 43% of employees have been targeted with work-related phishing attacks on their personal devices, says a survey from SlashNext. The post BYOD and personal apps: A recipe for data breaches appeared first on TechRepublic.
Daniel Miessler
APRIL 2, 2023
There is much being said right now about the AI Alignment Problem. There’s more to it, but it’s essentially the question of how to keep AI from destroying us when it wakes up. Yay. Russell argues that we need uncertainty built into our alignment efforts. I just read Stuart Russell’s excellent book on the topic—which I highly recommend—and Lex Fridman’s recent conversation with Eleizer Yudkowsky is an absolute must as well.
Troy Hunt
APRIL 6, 2023
Next time I post a poll about something as simple as "when is next Friday", I don't expect I'll get as much interest. Of course "next time" will be whatever poll follows the last one, not the poll that falls after that one! But more seriously, I cannot think of a better example of ambiguous language that's open to interpretation and so easily avoided (hello MM-DD people!
Schneier on Security
APRIL 4, 2023
News : Researchers at Russian cybersecurity firm Kaspersky today revealed that they identified a small number of cryptocurrency-focused firms as at least some of the victims of the 3CX software supply-chain attack that’s unfolded over the past week. Kaspersky declined to name any of those victim companies, but it notes that they’re based in “western Asia.” Security firms CrowdStrike and SentinelOne last week pinned the operation on North Korean hackers, who compromised 3C
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Tech Republic Security
APRIL 6, 2023
Two Russia-associated groups hit Israel and Finland with DDoS attacks, this week. Cybersecurity experts say the actions represent a marked increase in exploits and a harbinger of cyberattacks to come. The post DDoS attacks rise as pro-Russia groups attack Finland, Israel appeared first on TechRepublic.
Daniel Miessler
APRIL 2, 2023
After two and a half decades in information security, I’ve witnessed countless failures in security efforts. Most of them can be traced back to either asking the wrong questions or lacking the necessary context for effective action. Enter AI, which promises to address these shortcomings with two fundamental advantages: Context and Question-based security products.
Bleeping Computer
APRIL 7, 2023
Amazon has banned the sale of the Flipper Zero portable multi-tool for pen-testers as it no longer allows its sale on the platform after tagging it as a card-skimming device. [.
Security Boulevard
APRIL 3, 2023
Déjà Vu: Hack of WD systems leads to My Cloud service outage. Owners unable to access files. The post Western Digital Hacked: ‘My Cloud’ Data Dead (Even Local Storage!) appeared first on Security Boulevard.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Tech Republic Security
APRIL 3, 2023
A new report for cybersecurity firm WithSecure suggests that most companies are investing in security solutions that are tactical and reactive, but not in line with strategic aims of an organization. The post Cybersecurity unaligned with business goals is reactive … and flawed: Study appeared first on TechRepublic.
SecureList
APRIL 3, 2023
On March 29, Crowdstrike published a report about a supply chain attack conducted via 3CXDesktopApp, a popular VoIP program. Since then, the security community has started analyzing the attack and sharing their findings. The following has been discovered so far: The infection is spread via 3CXDesktopApp MSI installers. An installer for macOS has also been trojanized.
Bleeping Computer
APRIL 7, 2023
Apple has released emergency security updates to address two new zero-day vulnerabilities exploited in attacks to compromise iPhones, Macs, and iPads. [.
Security Boulevard
APRIL 4, 2023
$8.50 per child: UK regulator punishes TikTok at 5.5% of revenue. Says app illegally tracked children. The post TikTok Abused Kids’ Data — UK Fines it $16 Million appeared first on Security Boulevard.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Tech Republic Security
APRIL 7, 2023
Google's Threat Analysis Group reported on a subset of APT43 called Archipelago and detailed how the company is trying to protect users. The post Cyberespionage threat actor APT43 targets US, Europe, Japan and South Korea appeared first on TechRepublic.
SecureList
APRIL 5, 2023
Telegram has been gaining popularity with users around the world year by year. Common users are not the only ones who have recognized the messaging app’s handy features — cybercrooks have already made it a branch of the dark web, their Telegram activity soaring since late 2021. The service is especially popular with phishers. They have become adept at using Telegram both for automating their activities and for providing various services — from selling phishing kits to helping with setting
Bleeping Computer
APRIL 4, 2023
HP announced in a security bulletin this week that it would take up to 90 days to patch a critical-severity vulnerability that impacts the firmware of certain business-grade printers. [.
Dark Reading
APRIL 6, 2023
A flaw in Twitter code allows bot abuse to trick the algorithm into suppressing certain accounts.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Tech Republic Security
APRIL 7, 2023
Joe Burton, CEO of digital identity company Telesign, talks to TechRepublic about how the “fuzzy” realm between statistical analysis and AI can fuel global, fast, accurate identity. The post Company that launched 2FA is pioneering AI for digital identity appeared first on TechRepublic.
Security Boulevard
APRIL 7, 2023
I guess I’m banned from Twitter now: Tesla employees mocked and memeified private photos and videos. Firm’s message boards were full of the stuff. The post Tesla Staff Shared Saucy Snaps of Customers (Sources Say) appeared first on Security Boulevard.
Bleeping Computer
APRIL 3, 2023
Western Digital announced today that its network has been breached and an unauthorized party gained access to multiple company systems. [.
Dark Reading
APRIL 5, 2023
Using only ChatGPT prompts, a Forcepoint researcher convinced the AI to create malware for finding and exfiltrating specific documents, despite its directive to refuse malicious requests.
Advertisement
Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.
Tech Republic Security
APRIL 5, 2023
Windscribe has functions you probably didn’t know you need and is offering new users best-on-web pricing for one-to-three-year subscriptions. The post Get two years of ultimate VPN protection on unlimited connections for only $60 appeared first on TechRepublic.
The Hacker News
APRIL 6, 2023
Microsoft said it teamed up with Fortra and Health Information Sharing and Analysis Center (Health-ISAC) to tackle the abuse of Cobalt Strike by cybercriminals to distribute malware, including ransomware. To that end, the tech giant's Digital Crimes Unit (DCU) revealed that it secured a court order in the U.S.
Bleeping Computer
APRIL 3, 2023
Hackers are adding malicious functionality to WinRAR self-extracting archives that contain harmless decoy files, allowing them to plant backdoors without triggering the security agent on the target system. [.
Dark Reading
APRIL 4, 2023
In the height of tax-return season, a popular tax prep software service leaves a malicious JavaScript file online for weeks.
Advertisement
Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!
Expert insights. Personalized for you.
228 
Let's personalize your content