Schneier on Security

MAY 11, 2022

Georgetown has a new report on the highly secretive bulk surveillance activities of ICE in the US: When you think about government surveillance in the United States, you likely think of the National Security Agency or the FBI. You might even think of a powerful police agency, such as the New York Police Department. But unless you or someone you love has been targeted for deportation, you probably don’t immediately think of Immigration and Customs Enforcement (ICE).

Surveillance 326

Surveillance Government 326

Krebs on Security

MAY 10, 2022

Microsoft today released updates to fix at least 74 separate security problems in its Windows operating systems and related software. This month’s patch batch includes fixes for seven “critical” flaws, as well as a zero-day vulnerability that affects all supported versions of Windows. By all accounts, the most urgent bug Microsoft addressed this month is CVE-2022-26925 , a weakness in a central component of Windows security (the “ Local Security Authority ” process

Authentication 305

Authentication Engineering Internet Internet 305

Joseph Steinberg

MAY 9, 2022

Russians seeking to obtain accurate information about their government’s war with Ukraine are turning to Virtual Private Network (VPN) technology in order to circumvent Kremlin-ordered bans of more than 1,000 various Western media outlets and other information-sharing websites; unfortunately, however, sanctions leveled by Western governments against Russia are complicating such efforts.

VPN 256

VPN Government Artificial Intelligence Technology 256

The Last Watchdog

MAY 9, 2022

In the days of non-stop attacks on personal and work devices, the common day consumer wouldn’t know where to begin in order to protect their devices. Related: Apple’s privacy stance questioned. The rise of attacks is unavoidable and with the everyday announcement of a new strain of malware, ransomware and now data wipers, consumers find themselves asking: where do I start?

Backups 247

Backups Firewall Software Mobile 247

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Schneier on Security

MAY 9, 2022

Apple Mail now blocks email trackers by default. Most email newsletters you get include an invisible “image,” typically a single white pixel, with a unique file name. The server keeps track of every time this “image” is opened and by which IP address. This quirk of internet history means that marketers can track exactly when you open an email and your IP address, which can be used to roughly work out your location.

Marketing 288

Marketing Internet Internet 288

Krebs on Security

MAY 12, 2022

The U.S. Drug Enforcement Administration (DEA) says it is investigating reports that hackers gained unauthorized access to an agency portal that taps into 16 different federal law enforcement databases. KrebsOnSecurity has learned the alleged compromise is tied to a cybercrime and online harassment community that routinely impersonates police and government officials to harvest personal information on their targets.

Government 289

Government Authentication Passwords Mobile 289

We Live Security

MAY 12, 2022

The ‘it won’t happen to me’ mindset leaves you unprepared – here are some common factors that put any of us at risk of online fraud. The post 10 reasons why we fall for scams appeared first on WeLiveSecurity.

Scams 145

Scams Risk 145

Schneier on Security

MAY 12, 2022

San Francisco police are using autonomous vehicles as mobile surveillance cameras. Privacy advocates say the revelation that police are actively using AV footage is cause for alarm. “This is very concerning,” Electronic Frontier Foundation (EFF) senior staff attorney Adam Schwartz told Motherboard. He said cars in general are troves of personal consumer data, but autonomous vehicles will have even more of that data from capturing the details of the world around them.

Surveillance 278

Surveillance Mobile 278

Krebs on Security

MAY 7, 2022

Apple , Google and Microsoft announced this week they will soon support an approach to authentication that avoids passwords altogether, and instead requires users to merely unlock their smartphones to sign in to websites or online services. Experts say the changes should help defeat many types of phishing attacks and ease the overall password burden on Internet users, but caution that a true passwordless future may still be years away for most websites.

Passwords 253

Passwords Authentication Accountability Mobile 253

Tech Republic Security

MAY 9, 2022

The cybersecurity company says this is the first time they have seen this type of malware hiding method. The post Kaspersky uncovers fileless malware inside Windows event logs appeared first on TechRepublic.

Malware 194

Malware Cybersecurity 194

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Security Boulevard

MAY 11, 2022

With more people looking to cash in on hype surrounding the cryptocurrency market than ever before and an increasing digital workforce which may lack awareness of network security set-ups, cybercriminal activity remains rampant. Bitcoin’s enduring popularity and peak valuation in 2021 has only encouraged heists on crypto exchanges, the use of cryptomining malware, cryptocurrency-related scams , and malware targeting cryptocurrency wallets.

Scams 145

Scams Phishing Cryptocurrency Marketing 145

We Live Security

MAY 9, 2022

LinkedIn scammers attack when we may be at our most vulnerable – here’s what to look out for and how to avoid falling victim to fraud when using the platform. The post Common LinkedIn scams: Beware of phishing attacks and fake job offers appeared first on WeLiveSecurity.

Scams 145

Scams Phishing 145

Appknox

MAY 12, 2022

Internet and software giant Google recently recalibrated how it categorizes its Playstore apps. Google's Android applications are tagged with 'nutrition labels' based on the security practices and the data they collect from users to share with third parties.

Mobile 143

Mobile Internet Internet Software 143

Tech Republic Security

MAY 11, 2022

Companies need one person in charge of creating a consistent user experience that is strong on safety and trust. The post Why you need to add a trust and safety officer to the leadership team appeared first on TechRepublic.

190

190

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Graham Cluley

MAY 9, 2022

The ransomware attack is likely to impact a number of agricultural machinery brands, including Challenger, Fendt, Ferguson, Massey, and Valtra, in the run-up to a crucial time of year for crop farmers.

Ransomware 143

Ransomware Malware 143

Bleeping Computer

MAY 12, 2022

Microsoft is investigating a known issue causing authentication failures for some Windows services after installing updates released during the May 2022 Patch Tuesday. [.].

Authentication 143

Authentication 143

Malwarebytes

MAY 10, 2022

On April 26th, we identified a suspicious email that targeted a government official from Jordan’s foreign ministry. The email contained a malicious Excel document that drops a new backdoor named Saitama. Following our investigation, we were able to attribute this attack to the known Iranian Actor APT34. Also known as OilRig/COBALT GYPSY/IRN2/HELIX KITTEN, APT34 is an Iranian threat group that has targeted Middle Eastern countries and victims worldwide since at least 2014.

Government 142

Government DNS Telecommunications Accountability 142

Tech Republic Security

MAY 13, 2022

See what features you can expect from Cylance and CrowdStrike to choose the EDR solution that is ideal for your business. The post Cylance vs CrowdStrike: EDR software comparison appeared first on TechRepublic.

Software 174

Software Artificial Intelligence 174

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

The Hacker News

MAY 12, 2022

Cybersecurity researchers have disclosed a massive campaign that's responsible for injecting malicious JavaScript code into compromised WordPress websites that redirects visitors to scam pages and other malicious websites to generate illegitimate traffic.

Scams 139

Scams Hacking Cybersecurity 139

CyberSecurity Insiders

MAY 10, 2022

Are you having a doubt that your smartphone has been hacked or is being used by remote hackers for malevolent scams? If so, then watch out for these abnormal behavioral signs to know whether the device has been hacked. When apps are taking longer time to open than usual, it can be a sign that the device has been hacked. However, if the phone is crashing randomly, it can also mean that the device is lacking security updates.

Hacking 139

Hacking Malware Mobile Scams 139

Malwarebytes

MAY 12, 2022

Lincoln College, one of the few rural schools in Illinois, said that it will permanently close on Friday, May 13, after 157 years, partly due to the impacts of the COVID-19 pandemic and partly due to a long recovery after a ransomware attack in December 2021. The institution notified the Illinois Department of Higher Education and Higher Learning Commission and posted a goodbye note on its website. “Lincoln College has survived many difficult and challenging times – the economic crisis of

Ransomware 141

Ransomware Education Backups Software 141

Tech Republic Security

MAY 12, 2022

On average, companies lose $480 worth of productivity per employee per year due to the time spent dealing with password problems, says Beyond Identity. The post How password fatigue can cost organizations time, money and mental energy appeared first on TechRepublic.

Passwords 166

Passwords 166

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

Security Boulevard

MAY 11, 2022

It shouldn’t be news to anyone that people sharing information online are concerned about the safety of their data. Imperva recently conducted a study with YouGov plc regarding consumers’ attitudes towards data, whether they feel in control of their personal data, and if they trust the organizations tasked with protecting this sensitive information.

Cybersecurity 134

Cybersecurity Phishing 134

CyberSecurity Insiders

MAY 12, 2022

Nokia, once renowned for its amazing mobile phones, has now developed a testing lab completely dedicated to cybersecurity in the United States. The new Dallas, Texas-based Advanced Security Testing and Research (ASTaR) Lab will be fully based on a 5G network and will be useful in putting IoT products based on 5G to test against known and unknown cybersecurity threats.

Cybersecurity 136

Cybersecurity IoT Cyber Attacks Threat Detection 136

Malwarebytes

MAY 12, 2022

When you’re buying things online, reducing the exposure of payment details during transactions is one way to help reduce the risk of data theft. If you can hide this payment data and switch it out for something else entirely, even better. Google is proposing to do just that for customers in the US, with recently announced plans to offer a virtual credit card service for Chrome.

Banking 138

Banking Authentication Accountability Risk 138

Tech Republic Security

MAY 9, 2022

BEC is a growing type of cybercrime that generates billions in losses every year. It also involves cryptocurrency more and more, providing an additional layer of anonymity to the cybercriminals. The post FBI: $43 billion in losses are due to Business Email Compromise fraud between 2016 and 2021 appeared first on TechRepublic.

Cryptocurrency 157

Cryptocurrency Cybercrime 157

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

We Live Security

MAY 11, 2022

What can organizations do to capitalize on the current fluidity in the job market and bring fresh cybersecurity talent into the fold? The post Opportunity out of crisis: Tapping the Great Resignation to close the cybersecurity skills gap appeared first on WeLiveSecurity.

Cybersecurity 133

Cybersecurity Marketing 133

Hacker Combat

MAY 10, 2022

A cyber-attack is a malicious attack undertaken by cybercriminals against single or numerous computers, computer systems, networks, or infrastructures utilizing one or more computers. The goal is to interrupt the victim’s business operations or steal important information. Individuals, corporations, governments, and critical infrastructure are potential cyber-attack targets.

Encryption 132

Encryption Ransomware Malware Cyber Attacks 132

Malwarebytes

MAY 11, 2022

Microsoft has released patches for 74 security problems, including fixes for seven “critical” vulnerabilities, and an actively exploited zero-day vulnerability that affects all supported versions of Windows. First, we’ll look at the actively exploited zero-day. Then we’ll discuss two zero-days that are publicly disclosed, but so far no in the wild exploits have been reported.

Authentication 134

Authentication Internet Internet 134

Tech Republic Security

MAY 13, 2022

You can have a great career helping companies secure their data by becoming a white hat hacker. Try this training to start a fun new career. The post Start a new career in ethical hacking with these 18 training courses appeared first on TechRepublic.

Hacking 148

Hacking 148

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity