Troy Hunt
APRIL 10, 2022
In my ongoing bid to make more useful information on data breaches available to impacted national governments , today I'm very happy to welcome the 32nd national CERT to Have I Been Pwned, the Republic of North Macedonia! They now join their counterparts across the globe in having free API-level access to monitor and query their government domains.
Schneier on Security
APRIL 13, 2022
A Russian cyberweapon, similar to the one used in 2016, was detected and removed before it could be used. Key points: ESET researchers collaborated with CERT-UA to analyze the attack against the Ukrainian energy company The destructive actions were scheduled for 2022-04-08 but artifacts suggest that the attack had been planned for at least two weeks The attack used ICS-capable malware and regular disk wipers for Windows, Linux and Solaris operating systems We assess with high confidence that the
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Krebs on Security
APRIL 13, 2022
Microsoft on Tuesday released updates to fix roughly 120 security vulnerabilities in its Windows operating systems and other software. Two of the flaws have been publicly detailed prior to this week, and one is already seeing active exploitation, according to a report from the U.S. National Security Agency (NSA). Of particular concern this month is CVE-2022-24521 , which is a “privilege escalation” vulnerability in the Windows common log file system driver.
Doctor Chaos
APRIL 10, 2022
Many people who know me know that I have accumulated quite a few frequent flyer miles. Before COVID, I had many years where I would clock in 200k+ air miles in a single year. It was pretty easy to rack up miles when you have a job that requires travel Sunday through Friday. I can’t say I don’t enjoy it. Some of that has to do with the fact that I have learned a few tips to make my travel life easier.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Troy Hunt
APRIL 14, 2022
For many years now, I've lamented about how much of my time is spent attempting to disclose data breaches to impacted companies. It's by far the single most time-consuming activity in processing breaches for Have I Been Pwned (HIBP) and frankly, it's about the most thankless task I can imagine. Finding contact details is hard. Getting responses is hard.
The Last Watchdog
APRIL 14, 2022
It’s no secret that cyberattacks can happen to any business, and we should all be suspicious of messages from unfamiliar senders appearing in our email inboxes. Related: Deploying human sensors. But surely, we can feel confident in email communications and requests from our organization’s executives and fellow coworkers, right? The short answer: Not always.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Schneier on Security
APRIL 12, 2022
John Oliver has an excellent segment on data brokers and surveillance capitalism.
Troy Hunt
APRIL 14, 2022
Bit of a long one this week, just due to a bunch of stuff all coinciding at the same time. The drone is obviously the coolest one and it was interesting to hear other people's experiences with theirs. This is just super cool tech and I can't remember the last time I looked at a consumer product and thought "wow, I didn't know they could do that!
Tech Republic Security
APRIL 13, 2022
The new vulnerabilities are being actively exploited, prompting CISA to advise federal agencies and organizations to patch them in a timely manner. The post CISA adds 8 known security vulnerabilities as priorities to patch appeared first on TechRepublic.
Security Boulevard
APRIL 14, 2022
More than a year after the SolarWinds Sunburst attack and most companies are still exposed to software supply chain attacks. In a study conducted by Argon Security at Aqua Security, it was found that the majority of companies didn’t implement software supply chain security measures and that most organizations are still at risk. “Unfortunately, most.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Security Affairs
APRIL 12, 2022
The dark web marketplace RaidForums has been shut down and its infrastructure seized as a result of Operation TOURNIQUET. The illegal dark web marketplace RaidForums has been shut down and its infrastructure seized as a result of the international law enforcement Operation TOURNIQUET coordinated by Europol’s European Cybercrime Centre. Operation TOURNIQUET was conducted by law enforcement agencies from the United States, United Kingdom, Sweden, Portugal, and Romania.
CSO Magazine
APRIL 12, 2022
Almost all cloud users, roles, services, and resources grant excessive permissions leaving organizations vulnerable to attack expansion in the event of compromise, a new report from Palo Alto’s Unit 42 has revealed. The security vendor’s research discovered that misconfigured identity and access management (IAM) is opening the door to malicious actors that are targeting cloud infrastructure and credentials in attacks.
Tech Republic Security
APRIL 14, 2022
Cybersecurity is more important than ever. Safeguard data from web trawling with this WordPress plugin. The post This WordPress plugin protects the emails displayed on your website appeared first on TechRepublic.
Security Boulevard
APRIL 14, 2022
An analysis of more than 680,000 identities across 18,000 cloud accounts from 200 different organizations published this week by Palo Alto Networks found nearly all (99%) cloud users, roles, services and resources were granted excessive permissions that were unused for 60 days or more. Nathaniel Quist, a principal researcher for the Unit 42 security research.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Malwarebytes
APRIL 12, 2022
Thanks to the Threat Intelligence team for their help with this article. Conti, the infamous ransomware created by a group of Russian and Eastern European cybercriminals, has again made headlines after a hacking group used its leaked source code to create another variant of the ransomware and target Russian businesses. The hacking group calls itself Network Battalion ’65 ( @xxNB65 ), and it is highly motivated by Russia’s invasion of Ukraine.
Security Affairs
APRIL 13, 2022
Apache addressed a critical flaw in Apache Struts RCE that was linked to a previous issue that was not properly fixed. Apache Struts is an open-source web application framework for developing Java EE web applications. The Apache Software Foundation urges organizations to address a vulnerability, tracked as CVE-2021-31805, affecting Struts versions ranging 2.0.0 to 2.5.29.
Tech Republic Security
APRIL 14, 2022
A new SaaS survey finds that IT teams don’t know what software business units are using or who has access to security settings. The post Business teams increase cybersecurity risk due to poor SaaS management appeared first on TechRepublic.
CyberSecurity Insiders
APRIL 11, 2022
SuperCare Health, a California based healthcare firm that deals with patients suffering from respiratory ailments, has posted a data breach notice on its website. And the notice says that a security incident hit the company on July 27th, 2021 when hackers fraudulently accessed its system for 5 complete days, i.e. from July 23rd to July 27th last year.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Bleeping Computer
APRIL 14, 2022
A popular Windows 11 ToolBox script used to add the Google Play Store to the Android Subsystem has secretly infected users with malicious scripts, Chrome extensions, and potentially other malware. [.].
eSecurity Planet
APRIL 15, 2022
Unlike penetration tests , vulnerability tests do not consist of performing real attacks. However, they’re no less valuable, as they can spot vulnerabilities missed by a penetration test and provide a baseline for comparison. In addition, vulnerability tests allow IT teams to identify weaknesses before they become an actual problem. The goal is not to be stealthy but to assess risks from the inside, like how hackers would deploy their attack after breaking into a network.
Tech Republic Security
APRIL 13, 2022
A study published by NCC Group shows what businesses need to be aware of when attempting to prevent cyber attacks. The post Supply chain cyberattacks jumped 51% in 2021 appeared first on TechRepublic.
Security Affairs
APRIL 12, 2022
Russia-linked Sandworm APT group targeted energy facilities in Ukraine with INDUSTROYER2 and CADDYWIPER wipers. Russia-linked Sandworm threat actors targeted energy facilities in Ukraine with a new strain of the Industroyer ICS malware (INDUSTROYER2) and a new version of the CaddyWiper wiper. According to the CERT-UA, nation-state actors targeted high-voltage electrical substations with INDUSTROYER2, the variant analyzed by the researchers were customized to target respective substations.
Advertisement
Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.
Malwarebytes
APRIL 14, 2022
After having tracked stalkerware for years, Malwarebytes can reveal that in 2021, detections for apps that can non-consensually monitor another person’s activity reached their highest peak ever, but that, amidst the record-setting numbers, the volume of detections actually began to significantly decrease in the second half of the year. This decrease in stalkerware-type activity never reached the lower levels in 2019 that Malwarebytes recorded before the start of the global coronavirus pand
eSecurity Planet
APRIL 14, 2022
Critical infrastructure , industrial control (ICS) and supervisory control and data acquisition (SCADA) systems are under increasing threat of cyber attacks, according to a number of recent warnings from government agencies and private security researchers. CERT-UA (Computer Emergency Response Team of Ukraine) reported a major attack on Ukrainian energy infrastructure last week.
Tech Republic Security
APRIL 14, 2022
Hackers are using a technique known as Quoted-printable to trick security defenses into thinking a malicious link is legitimate, says Avanan. The post How cybercriminals are creating malicious hyperlinks that bypass security software appeared first on TechRepublic.
Bleeping Computer
APRIL 14, 2022
The Conti ransomware operation has claimed responsibility for a cyberattack on wind turbine giant Nordex, which was forced to shut down IT systems and remote access to the managed turbines earlier this month. [.].
Advertisement
Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!
CSO Magazine
APRIL 13, 2022
From cloud to on-premises access, having two-factor authentication (2FA) can help keep attackers at bay. The goal is to get the attackers to go somewhere else and leave you alone. But what if an attacker wants to target you? Is your 2FA implementation good enough to protect you in that situation? If you have rolled out 2FA already, you probably made some of the same decisions I did when implementing it.
SecureList
APRIL 13, 2022
Emotet was first found in the wild in 2014. Back then its main functionality was stealing user banking credentials. Since then it has survived numerous transformations , started delivering other malware and finally became a powerful botnet. In January 2021 Emotet was disrupted by a joint effort of different countries’ authorities. It took the threat actors almost 10 months to rebuild the infrastructure, whereupon Emotet returned in November.
Tech Republic Security
APRIL 15, 2022
According to Sophos, the route of attack stemmed from vulnerabilities in the system’s open firewall ports. The post Attackers unleash LockBit ransomware on US government computers appeared first on TechRepublic.
eSecurity Planet
APRIL 11, 2022
As technologies advance, and cyber threats with them, deception has become a big part of the 21st century cybersecurity battle. From bank transfer cons to CEO fraud to elaborate phishing and spear phishing campaigns, cyber criminals have been quick to use deception as a major means of infiltrating networks and systems, and for remaining undetected while inside.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Expert insights. Personalized for you.
323 
Let's personalize your content