Schneier on Security
MARCH 24, 2022
In kernel version 5.17, both /dev/random and /dev/urandom have been replaced with a new — identical — algorithm based on the BLAKE2 hash function, which is an excellent security improvement.
Krebs on Security
MARCH 23, 2022
Microsoft and identity management platform Okta both this week disclosed breaches involving LAPSUS$ , a relatively new cybercrime group that specializes in stealing data from big companies and threatening to publish it unless a ransom demand is paid. Here’s a closer look at LAPSUS$, and some of the low-tech but high-impact methods the group uses to gain access to targeted organizations.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Troy Hunt
MARCH 19, 2022
So the plan was to schedule this week's session in advance then right on 17:30 at my end, go live. It mostly worked, I just forgot to press the "go live" button having worked on the (obviously incorrect) assumption that would happen automatically. Lesson learned, session restarted, we'll be all good next week 😊 References Asking about IoT'ing the kids' showers led to lots of wrong answers (maybe I'm just scarred now knowing how much work is involved as so
Lohrman on Security
MARCH 20, 2022
What have we learned so far regarding cybersecurity from the Russia-Ukraine war and related cyber incidents around the world? Let’s explore.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Schneier on Security
MARCH 21, 2022
This is a big deal : A developer has been caught adding malicious code to a popular open-source package that wiped files on computers located in Russia and Belarus as part of a protest that has enraged many users and raised concerns about the safety of free and open source software. The application, node-ipc, adds remote interprocess communication and neural networking capabilities to other open source code libraries.
Tech Republic Security
MARCH 22, 2022
Half of the security pros surveyed by Laminar said their cloud environments were hit by a data breach in 2020 or 2021. The post Cloud security: How your public cloud environment may be vulnerable to data breach appeared first on TechRepublic.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Bleeping Computer
MARCH 25, 2022
A set of flaws affecting the world's leading messaging and email platforms, including Instagram, iMessage, WhatsApp, Signal, and Facebook Messenger, has allowed threat actors to create legitimate-looking phishing URLs for the past three years. [.].
Schneier on Security
MARCH 23, 2022
The Office of Inspector General has audited NASA’s insider threat program: While NASA has a fully operational insider threat program for its classified systems, the vast majority of the Agency’s information technology (IT) systems — including many containing high-value assets or critical infrastructure — are unclassified and are therefore not covered by its current insider threat program.
Tech Republic Security
MARCH 24, 2022
A study from Nokia outlining the growing number of botnet attacks shows a larger amount of sophistication by hackers. The post Nokia: Botnet DDoS attacks are on the rise appeared first on TechRepublic.
Troy Hunt
MARCH 25, 2022
Wow, what a day yesterday! I mentioned at the start of this week's update that Charlotte and I jumped on a chopper with our parents to check out our wedding venue, here's the pics and I just added a video to the thread too: Well that was amazing; chopper ride to our wedding venue for lunch with our parents. So happy to live here and have access to such a wonderful place.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Malwarebytes
MARCH 24, 2022
In two security advisories, HP has alerted users to the existence of security vulnerabilities in several of its printer models. In total, four vulnerabilities were patched, but three of those vulnerabilities are rated critical, and all of them can lead to remote code execution (RCE) when exploited. Link-Local Multicast Name Resolution. CVE-2022-3942 is a vulnerability rated with a CVSS score of 8.4 out of 10.
Schneier on Security
MARCH 25, 2022
Gus Simmons is an early pioneer in cryptography and computer security. I know him best for his work on authentication and covert channels, specifically as related to nuclear treaty verification. His work is cited extensively in Applied Cryptography. He has written a memoir of growing up dirt-poor in 1930s rural West Virginia. I’m in the middle of reading it, and it’s fascinating.
Tech Republic Security
MARCH 25, 2022
SecureWorks announced the themes and trends of cybersecurity incidents recorded in 2021 so you can better protect your business in 2022. The post Cybersecurity incident response: Lessons learned from 2021 appeared first on TechRepublic.
Bleeping Computer
MARCH 25, 2022
The Federal Communications Commission (FCC) added Russian cybersecurity firm Kaspersky to its Covered List, saying it poses unacceptable risks to U.S. national security. [.].
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Security Boulevard
MARCH 24, 2022
Cloud adoption continues to accelerate and exceed expectations year after year. Gartner expects public cloud services to grow another 21.7% in 2022, and while this is a positive direction for the industry as a whole, it creates a dramatic shift in cybersecurity risks. It also prompts a reevaluation of the solutions required to address those. The post Are You Prepared for Your Next Cloud Incident?
The Hacker News
MARCH 24, 2022
Before hunting malware, every researcher needs to find a system where to analyze it. There are several ways to do it: build your own environment or use third-party solutions. Today we will walk through all the steps of creating a custom malware sandbox where you can perform a proper analysis without infecting your computer. And then compare it with a ready-made service.
Tech Republic Security
MARCH 25, 2022
Encryption software protects confidential and private data in transit and at rest by making it accessible only to authorized individuals. Learn about the best encryption software and techniques. The post Best encryption software 2022 appeared first on TechRepublic.
Security Affairs
MARCH 25, 2022
Anonymous announced that the affiliate group Black Rabbit World has leaked 28 GB of data stolen from the Central Bank of Russia. This week the Anonymous hacker collective claims to have hacked the Central Bank of Russia and stole accessed 35,000 documents. The group of hacktivists announced that will leak the stolen documents in 48 hours. Anonymous hacks Russia's Central Bank and more than 35,000 files will be exposed in 48 hours. pic.twitter.com/0VUhqVmo89 — Anonymous (@LatestAnonPres
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Security Boulevard
MARCH 24, 2022
It was the third week of January 2022 and the offer letter was signed and accepted; Guarav Kathuria was on his way out the door to start the next chapter in his career and closing out his 12-plus years at Qualcomm. Nothing to see here—this scenario happens to thousands of engineers each month. Except, well, The post Qualcomm: ‘We’d Like Our IP Back, Please’ appeared first on Security Boulevard.
Bleeping Computer
MARCH 24, 2022
Morgan Stanley Wealth Management, the wealth and asset management division of Morgan Stanley, says some of its customers had their accounts compromised following vishing attacks. [.].
Tech Republic Security
MARCH 25, 2022
Nutanix’s new report details why the move to multicloud is important for security. The post Healthcare industry still lagging in multicloud adoption appeared first on TechRepublic.
We Live Security
MARCH 24, 2022
ESET Research uncovers a sophisticated scheme that distributes trojanized Android and iOS apps posing as popular cryptocurrency wallets. The post Crypto malware in patched wallets targeting Android and iOS devices appeared first on WeLiveSecurity.
Advertisement
Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.
CyberSecurity Insiders
MARCH 21, 2022
Britain’s military personnel were ordered not to use WhatsApp messaging app anymore, as Russian hackers were using the app’s location service to track down individuals and kill them using missile attacks. Though the built-up theory seems illogical, as WhatsApp functionality is under full encryption, a missile attack that took place on Sunday on a training camp of foreign fighters, suggests that the hackers from the Russian federation could have sniffed the activity by tracking down the phone loc
Bleeping Computer
MARCH 24, 2022
North Korean state hackers have exploited a zero-day, remote code execution vulnerability in Google Chrome web browser for more than a month before a patch became available, in attacks targeting news media, IT companies, cryptocurrency and fintech organizations. [.].
Tech Republic Security
MARCH 25, 2022
While ransomware has been around for decades, its prevalence has exploded over the last two years. These attacks used to be perpetrated by individuals; now they’re launched by networked groups of affiliates who buy and sell each other’s specialized skills and toolkits. Attacks were once unfocused and one- dimensional; now they use targeted, multi-layered tactics.
eSecurity Planet
MARCH 21, 2022
The final piece of the complicated Mandiant-FireEye split and subsequent FireEye-McAfee merger fell into place today, as McAfee’s cloud security business was officially spun off under the new name of Skyhigh Security. McAfee Enterprise and FireEye were acquired by Symphony Technology Group last year as Mandiant became a standalone company. STG also owns RSA Security, which remains a separate company.
Advertisement
Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!
CyberSecurity Insiders
MARCH 23, 2022
Only solution to deliver integrated cloud-based SIEM, SOAR, and UEBA services directly to organizations of all sizes. Includes security for business-critical applications to protect the digital heart of businesses. COPENHAGEN, Denmark & BOSTON, March 22, 2022 — Logpoint is now making its Converged SIEM, combining SIEM, SOAR, UEBA, and security for business-critical applications generally available.
Graham Cluley
MARCH 23, 2022
AvosLocker is a ransomware-as-a-service (RaaS) gang which first appeared in mid-2021. It has since become notorious for its attacks targeting critical infrastructure in the United States, including the sectors of financial services, critical manufacturing, and government facilities. Read more in my article on the Tripwire State of Security blog.
Tech Republic Security
MARCH 23, 2022
Using social engineering rather than traditional ransomware tactics, the Lapsus$ group has already hit multiple organizations, says Microsoft. The post Microsoft warns of destructive attacks by Lapsus$ cybercrime group appeared first on TechRepublic.
Security Boulevard
MARCH 23, 2022
Today’s businesses are no stranger to innovation. From enhancing products and services with cutting-edge technologies to honing productivity with cloud-based applications and new ways of networking, innovation has become a key differentiator across virtually every industry. In the vast majority of cases, that innovation is almost wholly dependent on a company’s IT capabilities.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Expert insights. Personalized for you.
335 
Let's personalize your content