Schneier on Security
MARCH 24, 2022
In kernel version 5.17, both /dev/random and /dev/urandom have been replaced with a new — identical — algorithm based on the BLAKE2 hash function, which is an excellent security improvement.
Krebs on Security
MARCH 23, 2022
Microsoft and identity management platform Okta both this week disclosed breaches involving LAPSUS$ , a relatively new cybercrime group that specializes in stealing data from big companies and threatening to publish it unless a ransom demand is paid. Here’s a closer look at LAPSUS$, and some of the low-tech but high-impact methods the group uses to gain access to targeted organizations.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Lohrman on Security
MARCH 20, 2022
What have we learned so far regarding cybersecurity from the Russia-Ukraine war and related cyber incidents around the world? Let’s explore.
Troy Hunt
MARCH 19, 2022
So the plan was to schedule this week's session in advance then right on 17:30 at my end, go live. It mostly worked, I just forgot to press the "go live" button having worked on the (obviously incorrect) assumption that would happen automatically. Lesson learned, session restarted, we'll be all good next week 😊 References Asking about IoT'ing the kids' showers led to lots of wrong answers (maybe I'm just scarred now knowing how much work is involved as so
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
Schneier on Security
MARCH 23, 2022
The Office of Inspector General has audited NASA’s insider threat program: While NASA has a fully operational insider threat program for its classified systems, the vast majority of the Agency’s information technology (IT) systems — including many containing high-value assets or critical infrastructure — are unclassified and are therefore not covered by its current insider threat program.
The Last Watchdog
MARCH 21, 2022
It’s an irony often noted about wealth: The more money you have, the more you have to worry about money – managing it, protecting it, nurturing it for further growth. Related: Using employees as human sensors. For businesses, the same is now true about information. Data has become critical to your organization’s success. At the same time – in fact, as a direct result of data’s central importance – more adversaries are working harder and finding more nefarious ways to steal or otherwise compromis
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Troy Hunt
MARCH 25, 2022
Wow, what a day yesterday! I mentioned at the start of this week's update that Charlotte and I jumped on a chopper with our parents to check out our wedding venue, here's the pics and I just added a video to the thread too: Well that was amazing; chopper ride to our wedding venue for lunch with our parents. So happy to live here and have access to such a wonderful place.
Schneier on Security
MARCH 25, 2022
Gus Simmons is an early pioneer in cryptography and computer security. I know him best for his work on authentication and covert channels, specifically as related to nuclear treaty verification. His work is cited extensively in Applied Cryptography. He has written a memoir of growing up dirt-poor in 1930s rural West Virginia. I’m in the middle of reading it, and it’s fascinating.
Krebs on Security
MARCH 22, 2022
Pavel Vrublevsky , founder of the Russian payment technology firm ChronoPay and the antagonist in my 2014 book “ Spam Nation ,” was arrested in Moscow this month and charged with fraud. Russian authorities allege Vrublevsky operated several fraudulent SMS-based payment schemes, and facilitated money laundering for Hydra , the largest Russian darknet market.
Tech Republic Security
MARCH 24, 2022
A study from Nokia outlining the growing number of botnet attacks shows a larger amount of sophistication by hackers. The post Nokia: Botnet DDoS attacks are on the rise appeared first on TechRepublic.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Troy Hunt
MARCH 21, 2022
For the last 4 years, I've been providing API-level access to national government agencies so that they can search and monitor their government domains on Have I Been Pwned. Today, I'm very happy to welcome the 29th government to join the service, Italy! Via CSIRT-Italia within their National Cybersecurity Agency (ACN), they now have free access to breach data I hope will further empower them to protect their people in the wake of data breaches.
Schneier on Security
MARCH 21, 2022
This is a big deal : A developer has been caught adding malicious code to a popular open-source package that wiped files on computers located in Russia and Belarus as part of a protest that has enraged many users and raised concerns about the safety of free and open source software. The application, node-ipc, adds remote interprocess communication and neural networking capabilities to other open source code libraries.
Anton on Security
MARCH 24, 2022
Sometimes I write blog posts with answers. In other cases, I write blog posts with questions. This particular blog post covers a topic where I feel I am in the “discovering questions” phase. In other words, don’t expect answers?—?but also don’t expect questions… So, in recent weeks, I had a few simultaneous conversations with various people that focused on the quality of threat detection.
Tech Republic Security
MARCH 25, 2022
SecureWorks announced the themes and trends of cybersecurity incidents recorded in 2021 so you can better protect your business in 2022. The post Cybersecurity incident response: Lessons learned from 2021 appeared first on TechRepublic.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Daniel Miessler
MARCH 20, 2022
I’m starting a new series with this 2022 edition where I think about what Information Security could or should look like in the distant future—say in 2050. The ideas will cover multiple aspects of InfoSec, from organizational structure to technology. I’m doing this for fun—basically to see how dumb I look later—but I also hope it’ll drive interesting discussions on where things should go.
Bleeping Computer
MARCH 25, 2022
A set of flaws affecting the world's leading messaging and email platforms, including Instagram, iMessage, WhatsApp, Signal, and Facebook Messenger, has allowed threat actors to create legitimate-looking phishing URLs for the past three years. [.].
Malwarebytes
MARCH 24, 2022
In two security advisories, HP has alerted users to the existence of security vulnerabilities in several of its printer models. In total, four vulnerabilities were patched, but three of those vulnerabilities are rated critical, and all of them can lead to remote code execution (RCE) when exploited. Link-Local Multicast Name Resolution. CVE-2022-3942 is a vulnerability rated with a CVSS score of 8.4 out of 10.
Tech Republic Security
MARCH 25, 2022
Encryption software protects confidential and private data in transit and at rest by making it accessible only to authorized individuals. Learn about the best encryption software and techniques. The post Best encryption software 2022 appeared first on TechRepublic.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
The Hacker News
MARCH 24, 2022
Before hunting malware, every researcher needs to find a system where to analyze it. There are several ways to do it: build your own environment or use third-party solutions. Today we will walk through all the steps of creating a custom malware sandbox where you can perform a proper analysis without infecting your computer. And then compare it with a ready-made service.
Bleeping Computer
MARCH 25, 2022
The Federal Communications Commission (FCC) added Russian cybersecurity firm Kaspersky to its Covered List, saying it poses unacceptable risks to U.S. national security. [.].
Security Affairs
MARCH 25, 2022
Anonymous announced that the affiliate group Black Rabbit World has leaked 28 GB of data stolen from the Central Bank of Russia. This week the Anonymous hacker collective claims to have hacked the Central Bank of Russia and stole accessed 35,000 documents. The group of hacktivists announced that will leak the stolen documents in 48 hours. Anonymous hacks Russia's Central Bank and more than 35,000 files will be exposed in 48 hours. pic.twitter.com/0VUhqVmo89 — Anonymous (@LatestAnonPres
Tech Republic Security
MARCH 25, 2022
Nutanix’s new report details why the move to multicloud is important for security. The post Healthcare industry still lagging in multicloud adoption appeared first on TechRepublic.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Security Boulevard
MARCH 24, 2022
Cloud adoption continues to accelerate and exceed expectations year after year. Gartner expects public cloud services to grow another 21.7% in 2022, and while this is a positive direction for the industry as a whole, it creates a dramatic shift in cybersecurity risks. It also prompts a reevaluation of the solutions required to address those. The post Are You Prepared for Your Next Cloud Incident?
Malwarebytes
MARCH 24, 2022
Back in January, we wrote about how the Dark Souls games had their online components switched off for PC gamers. This is because someone figured out how to execute code remotely on the target’s PC. Given that the multiplayer angle of Souls games is rather important, this was quite a body blow for anyone playing. I fired up the first Dark Souls game a few days ago to see if the online services have been reinstated.
SecureList
MARCH 24, 2022
What are phishing kits? One of the most common tricks scammers use in phishing attacks is to create a fake official page of a famous brand. Attackers tend to copy design elements from the real website, which is why users can find it hard to distinguish the fake pages from the official ones. Even phishing page domain name can often look like the real web address of a certain brand, as cybercriminals include the name of the company or service they are posing as in the URL.
Tech Republic Security
MARCH 25, 2022
While ransomware has been around for decades, its prevalence has exploded over the last two years. These attacks used to be perpetrated by individuals; now they’re launched by networked groups of affiliates who buy and sell each other’s specialized skills and toolkits. Attacks were once unfocused and one- dimensional; now they use targeted, multi-layered tactics.
Advertisement
Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.
Security Boulevard
MARCH 24, 2022
It was the third week of January 2022 and the offer letter was signed and accepted; Guarav Kathuria was on his way out the door to start the next chapter in his career and closing out his 12-plus years at Qualcomm. Nothing to see here—this scenario happens to thousands of engineers each month. Except, well, The post Qualcomm: ‘We’d Like Our IP Back, Please’ appeared first on Security Boulevard.
Bleeping Computer
MARCH 25, 2022
Google has released Chrome 99.0.4844.84 for Windows, Mac, and Linux users to address a high-severity zero-day bug exploited in the wild. [.].
Malwarebytes
MARCH 25, 2022
Russia is in the midst of its fourth week of attack against Ukraine. People worldwide have been increasingly and passionately showing support for Ukrainians since day one while condemning the atrocities of Russian President Vladimir Putin, the Russian military, and Belarus, its allied country. While there is truly increased risk against lives and property in the frontline, we have also seen certain risks online affecting individuals and businesses alike.
Tech Republic Security
MARCH 23, 2022
Using social engineering rather than traditional ransomware tactics, the Lapsus$ group has already hit multiple organizations, says Microsoft. The post Microsoft warns of destructive attacks by Lapsus$ cybercrime group appeared first on TechRepublic.
Advertisement
Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!
Expert insights. Personalized for you.
347 
Let's personalize your content