Krebs on Security
MAY 30, 2023
A number of Discord communities focused on cryptocurrency have been hacked this past month after their administrators were tricked into running malicious Javascript code disguised as a Web browser bookmark. This attack involves malicious Javascript that is added to one’s browser by dragging a component from a web page to one’s browser bookmarks.
Schneier on Security
JUNE 1, 2023
Earlier this week, I signed on to a short group statement , coordinated by the Center for AI Safety: Mitigating the risk of extinction from AI should be a global priority alongside other societal-scale risks such as pandemics and nuclear war. The press coverage has been extensive, and surprising to me. The New York Times headline is “A.I. Poses ‘Risk of Extinction,’ Industry Leaders Warn.” BBC : “Artificial intelligence could lead to extinction, experts warn.”
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Troy Hunt
MAY 27, 2023
This week's update is dominated by my experience with "Lena", the scammer from Gumtree who tried to fleece my wife of $800. There's a blow-by-blow rundown of how it all happened in this video and it's fascinating to think that these things can actually be successful given all the red flags. But they are, and in Australia alone innocent victims are stung to the tune of more than 3 billion dollars every year by fraudsters which is a staggering number.
The Last Watchdog
MAY 31, 2023
The world of Identity and Access Management ( IAM ) is rapidly evolving. Related: Stopping IAM threats IAM began 25 years ago as a method to systematically grant human users access to company IT assets. Today, a “user” most often is a snippet of code seeking access at the cloud edge. At the RSAC Conference 2023 , I sat down with Venkat Raghavan , founder and CEO of start-up Stack Identity.
Advertisement
Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.
Krebs on Security
JUNE 1, 2023
Code-signing certificates are supposed to help authenticate the identity of software publishers, and provide cryptographic assurance that a signed piece of software has not been altered or tampered with. Both of these qualities make stolen or ill-gotten code-signing certificates attractive to cybercriminal groups, who prize their ability to add stealth and longevity to malicious software.
Schneier on Security
MAY 30, 2023
It’s neither hard nor expensive : Unlike password authentication, which requires a direct match between what is inputted and what’s stored in a database, fingerprint authentication determines a match using a reference threshold. As a result, a successful fingerprint brute-force attack requires only that an inputted image provides an acceptable approximation of an image in the fingerprint database.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
|
Lohrman on Security
MAY 28, 2023
Despite what you may have heard, ransomware threats continue to grow and evolve in mid-2023. Here’s what you need to know.
Tech Republic Security
JUNE 2, 2023
Identity management company 1Password is spinning up a pair of new features that constitute a major shift away from passwords and toward their low-friction replacement: passkeys. The post 1Password enables passkeys — a new option from passwords appeared first on TechRepublic.
Schneier on Security
MAY 31, 2023
Everyone is writing about an interagency and international report on Chinese hacking of US critical infrastructure. Lots of interesting details about how the group, called Volt Typhoon , accesses target networks and evades detection.
Bleeping Computer
JUNE 2, 2023
After introducing a string of AI-powered assistants for its products, Microsoft has now announced that it will soon end support for the Windows standalone Cortana app. [.
Advertisement
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
SecureList
JUNE 1, 2023
While monitoring the network traffic of our own corporate Wi-Fi network dedicated for mobile devices using the Kaspersky Unified Monitoring and Analysis Platform (KUMA), we noticed suspicious activity that originated from several iOS-based phones. Since it is impossible to inspect modern iOS devices from the inside, we created offline backups of the devices in question, inspected them using the Mobile Verification Toolkit’s mvt-ios and discovered traces of compromise.
Tech Republic Security
JUNE 1, 2023
Users should be aware of what personal data is being collected and stored by Microsoft Edge and be prepared to perform periodic maintenance on that data to keep it secure. The post How to determine exactly what personal information Microsoft Edge knows about you appeared first on TechRepublic.
Security Boulevard
JUNE 2, 2023
Tit-For-Tat Triangulation Trojan Talk: Backdoor inserted at U.S. behest, alleges FSB. The post Russia Says NSA Hacked iOS With Apple’s Help — we Triangulate Kaspersky’s Research appeared first on Security Boulevard.
Bleeping Computer
JUNE 2, 2023
Microsoft says SMB signing (aka security signatures) will be required by default for all connections to defend against NTLM relay attacks, starting with today's Windows build (Enterprise edition) rolling out to Insiders in the Canary Channel. [.
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
CyberSecurity Insiders
JUNE 2, 2023
By Matt Morris, Global Managing Director of 1898 & Co. Two years have passed since the notorious Colonial Pipeline hack, an incident that plunged the nation into a state of emergency, causing fuel disruptions in airlines and commercial sectors, and triggering panic-buying among consumers leading to a sharp rise in gas prices. In May 2021, the hack infiltrated critical systems of the pipeline, resulting in its shutdown for several days.
Tech Republic Security
MAY 31, 2023
Best practices for securing your Mac against potential hacks and security vulnerabilities include enabling the firewall, using strong passwords and encryption, and enabling Lockdown Mode. The post 8 best practices for securing your Mac from hackers in 2023 appeared first on TechRepublic.
We Live Security
MAY 31, 2023
A roundup of some of the handiest tools for the collection and analysis of publicly available data from Twitter, Facebook and other social media platforms The post 5 free OSINT tools for social media appeared first on WeLiveSecurity
Bleeping Computer
JUNE 2, 2023
Google has removed from the Chrome Web Store 32 malicious extensions that could alter search results and push spam or unwanted ads. Collectively, they come with a download count of 75 million. [.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Dark Reading
MAY 31, 2023
The newly found misconfigured cloud services are discovered just two weeks after an initial data breach affecting millions came to light.
Tech Republic Security
JUNE 1, 2023
A new study by Okta finds that a proliferation of active accounts and web identities is exacerbating security risks both for individuals and enterprises. The post Most people are aware of their data trails, but few know how to deal with it: Okta study appeared first on TechRepublic.
CyberSecurity Insiders
JUNE 2, 2023
By Jayakumar (Jay) Kurup, Global Sales Engineering Director at Morphisec Securing operational technology (OT) creates unique challenges. Zero tolerance of downtime in factories, ports, banks, treatment plants, and other OT environments means that standard security practices like patch management or deploying protective solutions onto endpoints can be almost impossible to uphold.
Bleeping Computer
MAY 31, 2023
Amazon will pay $30 million in fines to settle allegations of privacy violations related to the operation of its Ring video doorbell and Alexa virtual assistant services. [.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Dark Reading
JUNE 2, 2023
A recent campaign tricks victims into visiting credential harvesting sites by hiding malicious URLs behind photos advertising deals from trusted brands.
Tech Republic Security
MAY 31, 2023
Researchers at Akamai’s Security Intelligence unit find a botnet specimen that reveals how successful DDoS, spam and other cyberattacks can be done with little finesse, knowledge or savvy. The post Threatening botnets can be created with little code experience, Akamai finds appeared first on TechRepublic.
CyberSecurity Insiders
JUNE 1, 2023
The shifting landscape of cybersecurity poses significant challenges for traditional vulnerability management approaches. The difficulties often arise from a lack of automation and a compartmentalized “silo” approach. Unfortunately, the full potential of modern, sophisticated vulnerability management frameworks is yet to be realized across the industry, leaving some room for cybercriminals to exploit.
Bleeping Computer
MAY 31, 2023
Kali Linux 2023.2, the second version of 2023, is now available with a pre-built Hyper-V image and thirteen new tools, including the Evilginx framework for stealing credentials and session cookies. [.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Trend Micro
MAY 30, 2023
In this blog entry, we analyze BlackSuit ransomware and how it compares to Royal Ransomware.
Tech Republic Security
MAY 30, 2023
Admins can force users to reset their respective passwords during their next Windows 11 login by making a few simple changes on a difficult-to-find configuration screen. The post Windows 11: Enforcing password resets for local group users appeared first on TechRepublic.
The Hacker News
MAY 29, 2023
Researchers have discovered an inexpensive attack technique that could be leveraged to brute-force fingerprints on smartphones to bypass user authentication and seize control of the devices.
Bleeping Computer
MAY 31, 2023
Toyota Motor Corporation has discovered two additional misconfigured cloud services that leaked car owners' personal information for over seven years. [.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Expert insights. Personalized for you.
337 
Let's personalize your content