Joseph Steinberg

MARCH 14, 2022

The cybersecurity term “secure workloads” seems to be gaining a lot of traction in marketing materials lately. Yet, it has become a ubiquitous catchphrase that is often misused. So, let’s cut through the fluff, and understand what “secure workloads” really are…. When it comes to cybersecurity, securing workloads means protecting all of the various components that make up an application (such as its database functionality).

Cybersecurity 357

Cybersecurity Artificial Intelligence Encryption Technology 357

Krebs on Security

MARCH 17, 2022

Researchers are tracking a number of open-source “ protestware ” projects on GitHub that have recently altered their code to display “Stand with Ukraine” messages for users, or basic facts about the carnage in Ukraine. The group also is tracking several code packages that were recently modified to erase files on computers that appear to be coming from Russian or Belarusian Internet addresses.

Malware 351

Malware Internet Internet Software 351

Schneier on Security

MARCH 18, 2022

My proof of COVID-19 vaccination is recorded on an easy-to-forge paper card. With little trouble, I could print a blank form, fill it out, and snap a photo. Small imperfections wouldn’t pose any problem; you can’t see whether the paper’s weight is right in a digital image. When I fly internationally, I have to show a negative COVID-19 test result. That, too, would be easy to fake.

Banking 316

Banking Surveillance Cybersecurity 316

Lohrman on Security

MARCH 13, 2022

Cyber insurance is only getting more expensive, and the market is changing dramatically, with more changes to come. So what trends will drive adoption, rates and the wider future of cyber insurance?

Cyber Insurance 288

Cyber Insurance Insurance Marketing Government 288

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

Daniel Miessler

MARCH 13, 2022

A lot of people, especially in the security industry , are concerned that NFTs are a scam. And that’s for a good reason in many cases, since many of them are. In fact, I’d say it’s something like 95%. That’s not a real number, but that’s where I’d put the ratio. But I’m not trying to convince you that NFTs are scams.

Scams 287

Scams Marketing Manufacturing Engineering 287

Adam Levin

MARCH 17, 2022

The NCAA Men’s Basketball tournament is underway, and with it the annual prediction brackets. Guessing the brackets right usually means a nice chunk of change. The outcome of over 60 games is wagered on through shared files or online services. . Unfortunately, brackets create opportunities for a wide array of phishing and hacking campaigns, particularly in workplaces where a lot of brackets are distributed.

Cyber threats 229

Cyber threats Phishing Passwords Malware 229

The Last Watchdog

MARCH 14, 2022

When was the last time you read an online privacy policy in its entirety? Perhaps, never? Yet our world has moved online. We have on average 67 applications on our mobile phones, seven social media accounts and more than 120 online accounts. But these accounts are not all about networking and games. Related: What happened to privacy in 2021. COVID crisis has forced us to work remotely.

Artificial Intelligence 223

Artificial Intelligence Mobile Technology Accountability 223

Tech Republic Security

MARCH 18, 2022

If you are interested in pursuing a career in cybersecurity and don't know where to start, here's your go-to guide about salaries, job markets, skills and common interview questions in the field, as well as the top security software. The post How to become a cybersecurity pro: A cheat sheet appeared first on TechRepublic.

Cybersecurity 218

Cybersecurity Marketing Software 218

Anton on Security

MARCH 16, 2022

As we discussed in “Achieving Autonomic Security Operations: Reducing toil” (or it’s early version “Kill SOC Toil, Do SOC Eng” ) and “Stealing More SRE Ideas for Your SOC” , your Security Operations Center (SOC) can learn a lot from what IT operations learned during the SRE revolution. In this post of the series, we plan to extract the lessons for your SOC centered on another SRE principle?

Phishing 189

Phishing Big data 189

Schneier on Security

MARCH 17, 2022

Oops : Instead of telling you when it’s safe to cross the street, the walk signs in Crystal City, VA are just repeating ‘CHANGE PASSWORD.’ Something’s gone terribly wrong here.

Passwords 297

Passwords 297

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Security Affairs

MARCH 17, 2022

The collective Anonymous and its affiliated groups continue to target the Russian government and private organizations. The collective Anonymous, and other groups in its ecosystem, continue to target the Russian government and private organizations. Let’s summarize the most interesting attacks observed in the last few days. Yesterday Anonymous announced the hack of the website of the Ministry of Emergencies of Russia, the hackers defaced them and published the message: “Don’t t

Hacking 145

Hacking Government Media Information Security 145

Tech Republic Security

MARCH 15, 2022

NCC Group’s study outlines the use cases for BCIs as well as the security risks associated with using them. The post Brain Computer Interfaces may be the future, but will they be secure? appeared first on TechRepublic.

Risk 217

Risk 217

Bleeping Computer

MARCH 15, 2022

Russia faces a critical IT storage crisis after Western cloud providers pulled out of the country, leaving Russia with only two more months before they run out of data storage. [.].

Technology 145

Technology Government 145

Schneier on Security

MARCH 14, 2022

This is a current list of where and when I am scheduled to speak: I’m participating in an online panel discussion on “ Ukraine and Russia: The Online War ,” hosted by UMass Amherst, at 5:00 PM Eastern on March 31, 2022. I’m speaking at Future Summits in Antwerp, Belgium on May 18, 2022. I’m speaking at IT-S Now 2022 in Vienna on June 2, 2022. I’m speaking at the 14th International Conference on Cyber Conflict, CyCon 2022, in Tallinn, Estonia on June 3, 2022.

52

52

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Security Boulevard

MARCH 17, 2022

Russian hackers are known as some of the world’s best, and the increase in tensions between the United States and Russia since the invasion of Ukraine has raised the prospect that Russian hackers may target U.S. citizens and organizations with cyberattacks. Our company, INKY Technology, provides cloud-based anti-phishing defense-in-depth to protect against email attacks.

Phishing 145

Phishing Technology Social Engineering Engineering 145

Tech Republic Security

MARCH 15, 2022

Don’t let mobile malware ruin your day or your device. Be aware of how this threat happens and take good precautions to avoid it. The post Mobile malware is on the rise: Know how to protect yourself from a virus or stolen data appeared first on TechRepublic.

Mobile 217

Mobile Malware 217

Security Affairs

MARCH 15, 2022

OpenSSL addressed a high-severity denial-of-service (DoS) vulnerability, tracked as CVE-2022-0778, related to certificate parsing. OpenSSL released updates to address a high-severity denial-of-service (DoS) vulnerability, tracked as CVE-2022-0778 , that affects the BN_mod_sqrt() function used when certificate parsing. The flaw was discovered by the popular Google Project Zero researchers Tavis Ormandy.

Hacking 145

Hacking Information Security 145

Schneier on Security

MARCH 14, 2022

The transparency organization Distributed Denial of Secrets has released 800GB of data from Roskomnadzor, the Russian government censorship organization. Specifically, Distributed Denial of Secrets says the data comes from the Roskomnadzor of the Republic of Bashkortostan. The Republic of Bashkortostan is in the west of the country. […]. The data is split into two main categories: a series of over 360,000 files totalling in at 526.9GB and which date up to as recently as March 5, and then t

Government 209

Government 209

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Malwarebytes

MARCH 17, 2022

Some don’t mind putting extra effort into making their crime appear as legitimate as possible by perpetuating more lies as long as they are guaranteed money in the end. Osondu Victor Igwilo is one such Nigerian scammer. The “catchers” 52-year-old Igwilo has been on the Federal Bureau of Investigation’s watch list since 2018. According to court documents, Igwilo was charged in 2016 in the US District Court, Southern District of Texas, Houston, Texas for “one count of

Identity Theft 145

Identity Theft Banking Government Accountability 145

Tech Republic Security

MARCH 17, 2022

CISA adds 15 known exploited vulnerabilities to its catalog and BlackBerry researchers warn of a new ransomware-as-a-service family. The post Cybersecurity news: LokiLocker ransomware, Instagram phishing attack and new warnings from CISA appeared first on TechRepublic.

Phishing 210

Phishing Ransomware Cybersecurity 210

Security Affairs

MARCH 17, 2022

Researchers uncovered a new Linux botnet, tracked as B1txor20, that exploits the Log4J vulnerability and DNS tunnel. Researchers from Qihoo 360’s Netlab have discovered a new backdoor used to infect Linux systems and include them in a botnet tracked as B1txor20. The malware was first spotted on February 9, 2022, when 360Netlab’s honeypot system captured an unknown ELF file that was spreading by exploiting the Log4J vulnerability.

DNS 145

DNS Malware Technology Encryption 145

Trend Micro

MARCH 16, 2022

This report discusses the technical capabilities of this Cyclops Blink malware variant that targets ASUS routers and includes a list of more than 150 current and historical command-and-control (C&C) servers of the Cyclops Blink botnet.

Malware 145

Malware IoT 145

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Security Boulevard

MARCH 18, 2022

Cloud security management issues are increasing the flood of false positive alerts and missed critical issues and contributing to higher burnout rates for IT teams. These were among the findings of an Orca Security survey of 800 IT professionals across five countries and 10 industries, which revealed more than half (55%) of respondents use three. The post Cloud Security Tool Sprawl Draining IT Teams appeared first on Security Boulevard.

Cybersecurity 144

Cybersecurity Network Security 144

Tech Republic Security

MARCH 17, 2022

The first line of defense against ransomware lies with email authentication. Learn more information about how to take a proactive approach to cyber attacks. The post Email authentication helps governments and private companies battle ransomware appeared first on TechRepublic.

Authentication 204

Authentication Government Ransomware Cyber Attacks 204

Security Affairs

MARCH 18, 2022

Experts spotted a new Unix rootkit, called Caketap, that was used to steal ATM banking data. Mandiant researchers discovered a new Unix rootkit named Caketap, which is used to steal ATM banking data, while investigating the activity of the LightBasin cybercrime group (aka UNC1945 ). The China-linked hacking group has been active since at least 2016, according to the CrowdStrike researchers it is using a very sophisticated toolset.

Banking 145

Banking Telecommunications System Administration Hacking 145

The Hacker News

MARCH 17, 2022

ASUS routers have emerged as the target of a nascent botnet called Cyclops Blink, almost a month after it was revealed the malware abused WatchGuard firewall appliances as a stepping stone to gain remote access to breached networks.

Firewall 144

Firewall Malware 144

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

Malwarebytes

MARCH 17, 2022

Researchers have found that the Gh0stCringe RAT is infecting Microsoft SQL and MySQL, and seems to focus on servers with weak protection. The Gh0stCringe RAT communicates with a command and control (C&C) server to receive instructions and is capable of exfiltrating information. . SQL. SQL is short for Structured Query Language and usually pronounced as “sequel.

Encryption 144

Encryption Malware Surveillance Authentication 144

Tech Republic Security

MARCH 14, 2022

One lesser-known aspect of non-fungible tokens is their vulnerability to cybercrime. Learn how you can protect yourself and your company from the potential risks of NFTs. The post NFTs: The growing cybercrime risks and how to avoid them appeared first on TechRepublic.

Cybercrime 203

Cybercrime Risk 203

Bleeping Computer

MARCH 15, 2022

A recently discovered botnet under active development targets Linux systems, attempting to ensnare them into an army of bots ready to steal sensitive info, installing rootkits, creating reverse shells, and acting as web traffic proxies. [.].

DNS 144

DNS 144

Security Affairs

MARCH 16, 2022

In mere seconds, a hacker remotely accessed a computer belonging to a regional Russian Ministry of Health, taking advantage of sloppy cybersecurity practices to expose its entire network. Original post at [link]. Spielerkid89, who wished to remain anonymous, did not intend to harm the organization and left its systems intact. However, his experiment is a perfect example of how poor cyber hygiene can leave organizations vulnerable to cyber attacks.

Authentication 142

Authentication Cyber Attacks System Administration Internet 142

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity