Schneier on Security

APRIL 19, 2022

New paper: “ Planting Undetectable Backdoors in Machine Learning Models : Abstract : Given the computational cost and technical expertise required to train machine learning models, users may delegate the task of learning to a service provider. We show how a malicious learner can plant an undetectable backdoor into a classifier. On the surface, such a backdoored classifier behaves normally, but in reality, the learner maintains a mechanism for changing the classification of any input, with

363

363

Joseph Steinberg

APRIL 21, 2022

It is no secret that cybersecurity professionals universally recommend that people, businesses, and governments employ strong encryption as one of several methods of protecting sensitive information. Data that must remain private simply cannot be readable by unauthorized parties – and that rule applies both when the relevant information is at rest on an internal server, in the cloud, or on some backup media, as well as when it is in transit over any form of network or other means of communicatio

Encryption 348

Encryption Cybersecurity Artificial Intelligence Backups 348

Krebs on Security

APRIL 18, 2022

Conti — one of the most ruthless and successful Russian ransomware groups — publicly declared during the height of the COVID-19 pandemic that it would refrain from targeting healthcare providers. But new information confirms this pledge was always a lie, and that Conti has launched more than 200 attacks against hospitals and other healthcare facilities since first surfacing in 2018 under its earlier name, “ Ryuk.” On April 13, Microsoft said it executed a legal sneak atta

Healthcare 317

Healthcare Ransomware Cybersecurity Malware 317

The Last Watchdog

APRIL 21, 2022

Today, all organizations are required or encouraged to meet certain standards and regulations to protect their data against cybersecurity threats. The regulations vary across countries and industries, but they are designed to protect customers from the threat of posed data breaches. . Related: The value of sharing third-party risk assessments. With estimates suggesting there are currently over 15 billion user credentials scattered across the dark web, the importance of compliance is clear to se

Risk 235

Risk Cybersecurity Architecture Data breaches 235

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

Schneier on Security

APRIL 20, 2022

Beanstalk Farms is a decentralized finance project that has a majority stake governance system: basically people have proportiona votes based on the amount of currency they own. A clever hacker used a “flash loan” feature of another decentralized finance project to borrow enough of the currency to give himself a controlling stake, and then approved a $182 million transfer to his own wallet.

Cryptocurrency 363

Cryptocurrency Government 363

Troy Hunt

APRIL 22, 2022

Well that was an unusual ending. Both my mouse and keyboard decided to drop off right at the end of this week's video and without any control whatsoever, there was no way to end the live stream! Wired devices from kids borrowed, I eventually got back control and later discovered that all things Bluetooth had suddenly decided to die without any warning whatsoever.

Data breaches 235

Data breaches 235

The Last Watchdog

APRIL 19, 2022

While global commerce is an important aspect of the world economy, individuals who hold national security clearances need to be aware that some of the activities they engage in could pose a security risk and may negatively impact their security clearances. Related: Russia takes steps to radicalize U.S. youth. Individuals who possess security clearances are not prohibited from traveling to foreign countries; however, there are certain acts and behaviors that may raise foreign influence and/or for

Government 235

Government Risk 235

Schneier on Security

APRIL 21, 2022

Ronan Farrow has a long article in The New Yorker on NSO Group, which includes the news that someone — probably Spain — used the software to spy on domestic Catalonian sepratists.

Software 308

Software 308

Malwarebytes

APRIL 21, 2022

Twitter philanthropists are a controversial emergence on the social media platform. In essence, Twitter-based philanthropy is about incredibly rich people helping out those who need it. The help is random, and often focused around performing a task like listening to a podcast or simply retweeting something. Of course, not everyone can “win” and many, many people miss out.

Accountability 145

Accountability Scams Media Social Engineering 145

Tech Republic Security

APRIL 20, 2022

Identity and access management software helps you maintain control of your environment by allowing authorized users to access company resources. Learn 10 of the top IAM tools to see which might be the best fit for your business. The post Top IAM tools 2022: Compare identity and access management solutions appeared first on TechRepublic.

Software 193

Software 193

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

We Live Security

APRIL 19, 2022

ESET researchers discover multiple vulnerabilities in various Lenovo laptop models that allow an attacker with admin privileges to expose the user to firmware-level malware. The post When “secure” isn’t secure at all: High‑impact UEFI vulnerabilities discovered in Lenovo consumer laptops appeared first on WeLiveSecurity.

Firmware 145

Firmware Malware 145

Schneier on Security

APRIL 22, 2022

Interesting implementation mistake : The vulnerability, which Oracle patched on Tuesday , affects the company’s implementation of the Elliptic Curve Digital Signature Algorithm in Java versions 15 and above. ECDSA is an algorithm that uses the principles of elliptic curve cryptography to authenticate messages digitally. […]. ECDSA signatures rely on a pseudo-random number, typically notated as K, that’s used to derive two additional numbers, R and S.

Authentication 273

Authentication 273

Malwarebytes

APRIL 20, 2022

Oracle has issued a Critical Patch Update which contains 520 new security patches across various product families. A few of these updates may need your urgent attention if you are a user of the affected product. Publicly disclosed computer security flaws are listed in the Common Vulnerabilities and Exposures (CVE) database. Its goal is to make it easier to share data across separate vulnerability capabilities (tools, databases, and services).

Authentication 145

Authentication Big data DNS Risk 145

Tech Republic Security

APRIL 21, 2022

Attackers are impersonating local credit unions to capture personal information and extract money, says Avanan. The post How phishing attacks are spoofing credit unions to steal money and account credentials appeared first on TechRepublic.

Phishing 189

Phishing Accountability 189

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Security Affairs

APRIL 18, 2022

US CISA adds a VMware privilege escalation flaw and a Google Chrome type confusion issue to its Known Exploited Vulnerabilities Catalog. The Cybersecurity and Infrastructure Security Agency (CISA) added a VMware privilege escalation flaw (CVE-2022-22960) and a Google Chrome type confusion issue (CVE-2022-1364) to its Known Exploited Vulnerabilities Catalog.

Engineering 145

Engineering Cybersecurity Hacking Risk 145

SecureList

APRIL 18, 2022

Yanluowang is a type of targeted ransomware discovered by the Symantec Threat Hunter team as they were investigating an incident on a large corporate network. Kaspersky experts have found a vulnerability in the Yanluowang encryption algorithm and created a free decryptor to help victims of this ransomware with recovering their files. Yanluowang description.

Encryption 145

Encryption Ransomware Backups VPN 145

Malwarebytes

APRIL 21, 2022

Web scraping—the automated extraction of data from websites—has been around for a long time. Simultaneously cursed and praised, with nobody being able to quite land the decisive blow about whether it should be allowed, one way or another. This may have changed, thanks to a recent US appeals court ruling. A tangled web of scraped content. LinkedIn (and, by extension, Microsoft ) is not impressed with people or organisations scraping publicly available data from its site.

Phishing 145

Phishing Internet Internet Malware 145

Tech Republic Security

APRIL 18, 2022

International law firm RPC found the rate of ransomware attacks are spiking, leading to more sensitive information being jeopardized. The post Over 42 million people in the UK had financial data compromised appeared first on TechRepublic.

Ransomware 181

Ransomware 181

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Security Boulevard

APRIL 18, 2022

The digital age has created several opportunities for us, and at the same time, we’ve been exposed to a whole new level of cyberthreats. There’s no denying that cybersecurity is now an integral part of every business that wants to avoid being a victim of identity theft, data breaches, and other cyber risks. Cybercriminals are […]. The post The Use of Artificial Intelligence in Cybersecurity appeared first on EasyDMARC.

Artificial Intelligence 145

Artificial Intelligence Identity Theft Cybersecurity Cyber Risk 145

Dark Reading

APRIL 19, 2022

Three flaws present in consumer laptops can give attackers a way to drop highly persistent malware capable of evading methods to remove it, security vendor says.

Firmware 145

Firmware Malware 145

Bleeping Computer

APRIL 21, 2022

Cisco has released security updates to address a high severity vulnerability in the Cisco Umbrella Virtual Appliance (VA), allowing unauthenticated attackers to steal admin credentials remotely. [.].

145

145

Tech Republic Security

APRIL 18, 2022

A recently discovered set of malicious tools allows state-sponsored attackers to target critical infrastructures in the US. See what you should do to protect yourself from this new threat. The post US critical infrastructures targeted by complex malware appeared first on TechRepublic.

Malware 163

Malware 163

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Security Boulevard

APRIL 20, 2022

Cloud security encompasses the controls, policies, practices and technologies that protect applications, data and infrastructure from internal and external threats. Cloud security is critical for organizations to successfully implement digital transformation plans and integrate cloud-based solutions and services into their existing operating structures.

Digital transformation 145

Digital transformation Technology Data privacy Cybersecurity 145

Security Affairs

APRIL 17, 2022

Enemybot is a DDoS botnet that targeted several routers and web servers by exploiting known vulnerabilities. Researchers from Fortinet discovered a new DDoS botnet, tracked as Enemybot, that has targeted several routers and web servers by exploiting known vulnerabilities. The botnet targets multiple architectures, including arm, bsd, x64, and x86. The researchers attribute the botnet to the cybercrime group Keksec which focuses on DDoS-based extortion.

DDOS 145

DDOS Architecture Malware Cybercrime 145

Malwarebytes

APRIL 18, 2022

It is important to realize that uploading certain files to VirusTotal may result in leaking confidential data, which could result in a breach of confidentiality, or worse. We have warned against uploading personal information, as does VirusTotal itself on their home page. But apparently some organizations have automated the uploading of email attachments without really thinking through the possible consequences.

Malware 144

Malware Engineering Technology Cybersecurity 144

Tech Republic Security

APRIL 19, 2022

Phishing attacks aimed at stealing LinkedIn account credentials surged during the first quarter of 2022, says Check Point Research. The post LinkedIn was the most exploited brand in phishing attacks last quarter appeared first on TechRepublic.

Phishing 156

Phishing Accountability 156

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

Bleeping Computer

APRIL 16, 2022

Russian software developers are reporting that their GitHub accounts are being suspended without warning if they work for or previously worked for companies under US sanctions. [.].

Accountability 142

Accountability Software 142

Security Affairs

APRIL 21, 2022

CVE-2022-20685 flaw in the Modbus preprocessor of the Snort detection engine could trigger a DoS condition and make it ineffective against malicious traffic. Snort is a free open source network intrusion detection system (IDS) and intrusion prevention system (IPS) which is currently developed by Cisco. The software performs real-time traffic analysis and packet logging on Internet Protocol (IP) networks, protocol analysis, content searching and matching.

Engineering 144

Engineering Software Internet Internet 144

Malwarebytes

APRIL 19, 2022

A new advisory issued by the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the US Treasury Department (Treasury), highlights the cyberthreats associated with cryptocurrency thefts and tactics used by a North Korean state-sponsored advanced persistent threat (APT) group since at least 2020. The Lazarus Group.

Social Engineering 143

Social Engineering Cryptocurrency Computers and Electronics Engineering 143

Tech Republic Security

APRIL 18, 2022

Some 75% of SMBs polled in a CyberCatch survey said they’d be able to survive only three to seven days following a ransomware attack. The post Report: Many SMBs wouldn’t survive a ransomware attack appeared first on TechRepublic.

Ransomware 156

Ransomware 156

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity