Schneier on Security

MAY 11, 2022

Georgetown has a new report on the highly secretive bulk surveillance activities of ICE in the US: When you think about government surveillance in the United States, you likely think of the National Security Agency or the FBI. You might even think of a powerful police agency, such as the New York Police Department. But unless you or someone you love has been targeted for deportation, you probably don’t immediately think of Immigration and Customs Enforcement (ICE).

Surveillance 340

Surveillance Government 340

Krebs on Security

MAY 10, 2022

Microsoft today released updates to fix at least 74 separate security problems in its Windows operating systems and related software. This month’s patch batch includes fixes for seven “critical” flaws, as well as a zero-day vulnerability that affects all supported versions of Windows. By all accounts, the most urgent bug Microsoft addressed this month is CVE-2022-26925 , a weakness in a central component of Windows security (the “ Local Security Authority ” process

Authentication 315

Authentication Engineering Internet Internet 315

The Last Watchdog

MAY 9, 2022

In the days of non-stop attacks on personal and work devices, the common day consumer wouldn’t know where to begin in order to protect their devices. Related: Apple’s privacy stance questioned. The rise of attacks is unavoidable and with the everyday announcement of a new strain of malware, ransomware and now data wipers, consumers find themselves asking: where do I start?

Backups 247

Backups Firewall Software Mobile 247

Joseph Steinberg

MAY 9, 2022

Russians seeking to obtain accurate information about their government’s war with Ukraine are turning to Virtual Private Network (VPN) technology in order to circumvent Kremlin-ordered bans of more than 1,000 various Western media outlets and other information-sharing websites; unfortunately, however, sanctions leveled by Western governments against Russia are complicating such efforts.

VPN 242

VPN Government Artificial Intelligence Technology 242

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

Schneier on Security

MAY 9, 2022

Apple Mail now blocks email trackers by default. Most email newsletters you get include an invisible “image,” typically a single white pixel, with a unique file name. The server keeps track of every time this “image” is opened and by which IP address. This quirk of internet history means that marketers can track exactly when you open an email and your IP address, which can be used to roughly work out your location.

Marketing 304

Marketing Internet Internet 304

Krebs on Security

MAY 12, 2022

The U.S. Drug Enforcement Administration (DEA) says it is investigating reports that hackers gained unauthorized access to an agency portal that taps into 16 different federal law enforcement databases. KrebsOnSecurity has learned the alleged compromise is tied to a cybercrime and online harassment community that routinely impersonates police and government officials to harvest personal information on their targets.

Government 302

Government Authentication Passwords Mobile 302

Lohrman on Security

MAY 8, 2022

In early May 2021, the world was shocked into attention by a ransomware attack that brought down gas lines. What have we learned — or not — one year later?

Ransomware 217

Ransomware 217

Schneier on Security

MAY 12, 2022

San Francisco police are using autonomous vehicles as mobile surveillance cameras. Privacy advocates say the revelation that police are actively using AV footage is cause for alarm. “This is very concerning,” Electronic Frontier Foundation (EFF) senior staff attorney Adam Schwartz told Motherboard. He said cars in general are troves of personal consumer data, but autonomous vehicles will have even more of that data from capturing the details of the world around them.

Surveillance 296

Surveillance Mobile 296

Krebs on Security

MAY 7, 2022

Apple , Google and Microsoft announced this week they will soon support an approach to authentication that avoids passwords altogether, and instead requires users to merely unlock their smartphones to sign in to websites or online services. Experts say the changes should help defeat many types of phishing attacks and ease the overall password burden on Internet users, but caution that a true passwordless future may still be years away for most websites.

Passwords 262

Passwords Authentication Accountability Mobile 262

Tech Republic Security

MAY 9, 2022

The cybersecurity company says this is the first time they have seen this type of malware hiding method. The post Kaspersky uncovers fileless malware inside Windows event logs appeared first on TechRepublic.

Malware 201

Malware Cybersecurity 201

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

We Live Security

MAY 12, 2022

The ‘it won’t happen to me’ mindset leaves you unprepared – here are some common factors that put any of us at risk of online fraud. The post 10 reasons why we fall for scams appeared first on WeLiveSecurity.

Scams 145

Scams Risk 145

Malwarebytes

MAY 12, 2022

When you’re buying things online, reducing the exposure of payment details during transactions is one way to help reduce the risk of data theft. If you can hide this payment data and switch it out for something else entirely, even better. Google is proposing to do just that for customers in the US, with recently announced plans to offer a virtual credit card service for Chrome.

Banking 145

Banking Authentication Accountability Risk 145

The Hacker News

MAY 12, 2022

Cybersecurity researchers have disclosed a massive campaign that's responsible for injecting malicious JavaScript code into compromised WordPress websites that redirects visitors to scam pages and other malicious websites to generate illegitimate traffic.

Scams 145

Scams Hacking Cybersecurity 145

Tech Republic Security

MAY 11, 2022

Companies need one person in charge of creating a consistent user experience that is strong on safety and trust. The post Why you need to add a trust and safety officer to the leadership team appeared first on TechRepublic.

199

199

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Zero Day

MAY 11, 2022

Here is a step-by-step guide to reducing your digital footprint online, whether you want to lock down data or vanish entirely.

Internet 145

Internet Internet 145

Malwarebytes

MAY 10, 2022

On April 26th, we identified a suspicious email that targeted a government official from Jordan’s foreign ministry. The email contained a malicious Excel document that drops a new backdoor named Saitama. Following our investigation, we were able to attribute this attack to the known Iranian Actor APT34. Also known as OilRig/COBALT GYPSY/IRN2/HELIX KITTEN, APT34 is an Iranian threat group that has targeted Middle Eastern countries and victims worldwide since at least 2014.

Government 145

Government DNS Telecommunications Accountability 145

Security Boulevard

MAY 11, 2022

With more people looking to cash in on hype surrounding the cryptocurrency market than ever before and an increasing digital workforce which may lack awareness of network security set-ups, cybercriminal activity remains rampant. Bitcoin’s enduring popularity and peak valuation in 2021 has only encouraged heists on crypto exchanges, the use of cryptomining malware, cryptocurrency-related scams , and malware targeting cryptocurrency wallets.

Scams 145

Scams Phishing Cryptocurrency Marketing 145

Tech Republic Security

MAY 13, 2022

See what features you can expect from Cylance and CrowdStrike to choose the EDR solution that is ideal for your business. The post Cylance vs CrowdStrike: EDR software comparison appeared first on TechRepublic.

Software 189

Software Artificial Intelligence 189

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

We Live Security

MAY 9, 2022

LinkedIn scammers attack when we may be at our most vulnerable – here’s what to look out for and how to avoid falling victim to fraud when using the platform. The post Common LinkedIn scams: Beware of phishing attacks and fake job offers appeared first on WeLiveSecurity.

Scams 145

Scams Phishing 145

Malwarebytes

MAY 12, 2022

Lincoln College, one of the few rural schools in Illinois, said that it will permanently close on Friday, May 13, after 157 years, partly due to the impacts of the COVID-19 pandemic and partly due to a long recovery after a ransomware attack in December 2021. The institution notified the Illinois Department of Higher Education and Higher Learning Commission and posted a goodbye note on its website. “Lincoln College has survived many difficult and challenging times – the economic crisis of

Ransomware 145

Ransomware Education Backups Software 145

SecureList

MAY 11, 2022

Ahead of the Anti-Ransomware Day, we summarized the tendencies that characterize ransomware landscape in 2022. This year, ransomware is no less active than before: cybercriminals continue to threaten nationwide retailers and enterprises , old variants of malware return while the new ones develop. Watching and assessing these tendencies not only provides us with threat intelligence to fight cybercrime today, but also helps us deduce what trends may see in the months to come and prepare for them b

Ransomware 144

Ransomware Encryption Malware Cybercrime 144

Tech Republic Security

MAY 12, 2022

On average, companies lose $480 worth of productivity per employee per year due to the time spent dealing with password problems, says Beyond Identity. The post How password fatigue can cost organizations time, money and mental energy appeared first on TechRepublic.

Passwords 176

Passwords 176

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Appknox

MAY 12, 2022

Internet and software giant Google recently recalibrated how it categorizes its Playstore apps. Google's Android applications are tagged with 'nutrition labels' based on the security practices and the data they collect from users to share with third parties.

Mobile 143

Mobile Internet Internet Software 143

Bleeping Computer

MAY 12, 2022

Microsoft is investigating a known issue causing authentication failures for some Windows services after installing updates released during the May 2022 Patch Tuesday. [.].

Authentication 143

Authentication 143

Malwarebytes

MAY 11, 2022

Microsoft has released patches for 74 security problems, including fixes for seven “critical” vulnerabilities, and an actively exploited zero-day vulnerability that affects all supported versions of Windows. First, we’ll look at the actively exploited zero-day. Then we’ll discuss two zero-days that are publicly disclosed, but so far no in the wild exploits have been reported.

Authentication 143

Authentication Internet Internet 143

Tech Republic Security

MAY 9, 2022

BEC is a growing type of cybercrime that generates billions in losses every year. It also involves cryptocurrency more and more, providing an additional layer of anonymity to the cybercriminals. The post FBI: $43 billion in losses are due to Business Email Compromise fraud between 2016 and 2021 appeared first on TechRepublic.

Cryptocurrency 164

Cryptocurrency Cybercrime 164

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

Graham Cluley

MAY 9, 2022

The ransomware attack is likely to impact a number of agricultural machinery brands, including Challenger, Fendt, Ferguson, Massey, and Valtra, in the run-up to a crucial time of year for crop farmers.

Ransomware 141

Ransomware Malware 141

Security Affairs

MAY 10, 2022

Microsoft Patch Tuesday security updates for May 2022 address three zero-day vulnerabilities, one of them actively exploited. Microsoft Patch Tuesday security updates for May 2022 addressed three zero-day vulnerabilities, one of which is under active attack. The IT giant fixed a total of 74 flaws in Microsoft Windows and Windows Components,NET and Visual Studio, Microsoft Edge (Chromium-based), Microsoft Exchange Server, Office and Office Components, Windows Hyper-V, Windows Authentication Metho

Authentication 141

Authentication Hacking Software Cybersecurity 141

CyberSecurity Insiders

MAY 10, 2022

Are you having a doubt that your smartphone has been hacked or is being used by remote hackers for malevolent scams? If so, then watch out for these abnormal behavioral signs to know whether the device has been hacked. When apps are taking longer time to open than usual, it can be a sign that the device has been hacked. However, if the phone is crashing randomly, it can also mean that the device is lacking security updates.

Hacking 139

Hacking Malware Mobile Scams 139

Tech Republic Security

MAY 10, 2022

Security key company and local identity management firm replace passwords with security keys to strengthen cybersecurity defenses. The post As important as bulletproof vests: Yubico sends 20,000 keys to Ukrainian government and energy agencies appeared first on TechRepublic.

Government 149

Government Passwords Cybersecurity 149

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity