Krebs on Security

MAY 17, 2022

Millions of U.S. government employees and contractors have been issued a secure smart ID card that enables physical access to buildings and controlled spaces, and provides access to government computer networks and systems at the cardholder’s appropriate security level. But many government employees aren’t issued an approved card reader device that lets them use these cards at home or remotely, and so turn to low-cost readers they find online.

Malware 353

Malware Government Internet Internet 353

Schneier on Security

MAY 19, 2022

A surprising number of websites include JavaScript keyloggers that collect everything you type as you type it, not just when you submit a form. Researchers from KU Leuven, Radboud University, and University of Lausanne crawled and analyzed the top 100,000 websites, looking at scenarios in which a user is visiting a site while in the European Union and visiting a site from the United States.

Passwords 335

Passwords Marketing Data collection 335

Anton on Security

MAY 19, 2022

This is written jointly with Tim Peacock and will eventually appear on the GCP blog. For now, treat this as “posted for feedback” :-) Ideally, read this post first. In this post, we will share our views on a foundational framework for thinking about threat detection in public cloud computing. To start, let’s remind our audience what we mean by threat detection and detection and response.

Threat Detection 299

Threat Detection Technology Backups Data breaches 299

Troy Hunt

MAY 19, 2022

Just before Christmas, the promise to launch a fully open source Pwned Passwords fed with a firehose of fresh data from the FBI and NCA finally came true. We pushed out the code, published the blog post, dusted ourselves off and that was that. Kind of - there was just one thing remaining. The k-anonymity API is lovely and that's not just me saying that, that's people voting with their feet: That's already 58% by volume from my December blog post, only 5 months ago to the day.

Passwords 290

Passwords 290

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

The Last Watchdog

MAY 16, 2022

It’s a scenario executives know too well. Related: Third-party audits can hold valuable intel. You and your cybersecurity team do everything correctly to safeguard your infrastructure, yet the frightening alert still arrives that you’ve suffered a data breach. It’s a maddening situation that occurs far more often than it should. One of the main culprits for these incredibly frustrating attacks has not so much to do with how a team functions or the protocols a company employs, but instead, it’s a

Cyber Attacks 273

Cyber Attacks Firmware Artificial Intelligence Manufacturing 273

Schneier on Security

MAY 18, 2022

Researchers have demonstrated iPhone malware that works even when the phone is fully shut down. t turns out that the iPhone’s Bluetooth chip­ — which is key to making features like Find My work­ — has no mechanism for digitally signing or even encrypting the firmware it runs. Academics at Germany’s Technical University of Darmstadt figured out how to exploit this lack of hardening to run malicious firmware that allows the attacker to track the phone’s location or run new features whe

Malware 297

Malware Firmware Encryption Risk 297

Security Boulevard

MAY 17, 2022

What’s the correlation between Kubernetes and software supply chains? To answer that question, let’s start by exploring the latter. Simply put, software supply chains are the lifeblood of building, delivering, maintaining and scaling cloud-native applications. They are made up of software components, including those at the infrastructure and application layer, and their underlying pipelines, repositories.

Software 144

Software Cybersecurity 144

The Last Watchdog

MAY 19, 2022

You very likely will interact with a content management system (CMS) multiple times today. Related: How ‘business logic’ hackers steal from companies. For instance, the The Last Watchdog article you are reading uses a CMS to store posts, display them in an attractive manner, and provide search capabilities. Wikipedia uses a CMS for textual entries, blog posts, images, photographs, videos, charts, graphics, and “ talk pages ” that help its many contributors collaborate.

Data breaches 262

Data breaches Encryption Mobile Technology 262

Schneier on Security

MAY 20, 2022

Locks that use Bluetooth Low Energy to authenticate keys are vulnerable to remote unlocking. The research focused on Teslas, but the exploit is generalizable. In a video shared with Reuters, NCC Group researcher Sultan Qasim Khan was able to open and then drive a Tesla using a small relay device attached to a laptop which bridged a large gap between the Tesla and the Tesla owner’s phone. “This proves that any product relying on a trusted BLE connection is vulnerable to attacks even f

Technology 263

Technology Authentication Hacking 263

Tech Republic Security

MAY 17, 2022

NCC Group has found proof of concept that BLE devices can be exploited from anywhere on the planet. The post Vulnerabilities found in Bluetooth Low Energy gives hackers access to numerous devices appeared first on TechRepublic.

174

174

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Bleeping Computer

MAY 19, 2022

The U.S. Department of Justice (DOJ) has announced a revision of its policy on how federal prosecutors should charge violations of the Computer Fraud and Abuse Act (CFAA), carving out "good-fath" security research from being prosecuted. [.].

142

142

CyberSecurity Insiders

MAY 18, 2022

A foundational approach to cybersecurity empowers CISOs to see abnormalities and block threats before they do damage. by David Ratner, CEO, HYAS ( www.hyas.com ). Constantly playing catch-up seems to have become the unfortunate norm in the cybersecurity industry. In the aftermath of a new emerging threat, CISOs rush to protect their assets from whatever vulnerability is being exploited and hope that they won’t be one of the first targets when a fresh exploit is discovered and the next inevitable

DNS 140

DNS Cybersecurity CISO Social Engineering 140

Security Affairs

MAY 14, 2022

Another week has passed and Anonymous has hacked other Russian companies and leaked their data via DDoSecrets. The #OpRussia launched by Anonymous on Russia after the criminal invasion of Ukraine continues, the collective claims to have hacked multiple organizations and government entities. The hacktivists leaked the stolen data via DDoSecrets. Below is the list of organizations breached this week by Anonymous: SOCAR Energoresource operates the Antipinsky Refinery and several oilfields.

Government 143

Government Hacking Cybersecurity Information Security 143

Tech Republic Security

MAY 20, 2022

McAfee and Kaspersky are some of the oldest, most trusted names in the antivirus business, but their ideal use cases vary. See which is best for you. The post McAfee vs Kaspersky: Compare EDR software appeared first on TechRepublic.

Software 168

Software Antivirus 168

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Bleeping Computer

MAY 14, 2022

Han Bing, a former database administrator for Lianjia, a Chinese real-estate brokerage giant, has been sentenced to 7 years in prison for logging into corporate systems and deleting the company's data. [.].

142

142

Security Boulevard

MAY 19, 2022

Attackers are using search engine optimization (SEO) techniques to improve the ranking of malicious PDF files on search engines including Google and Microsoft’s Bing, according to a Netskope report. The findings indicated that cybercriminals are leveraging various social engineering techniques—including SEO—and different Trojan families, including those delivered via PDF, to target victims more effectively.

Social Engineering 139

Social Engineering Malware Engineering Cybersecurity 139

Security Affairs

MAY 19, 2022

A new China-linked cyberespionage group known as ‘Space Pirates’ is targeting enterprises in the Russian aerospace industry. A previously unknown Chinese cyberespionage group, tracked as ‘Space Pirates’, targets enterprises in the Russian aerospace industry with spear-phishing attacks. The group has been active since at least 2017, researchers believe it is linked with other China-linked APT groups, including APT41 (Winnti), Mustang Panda , and APT27.

Malware 143

Malware Phishing Government Hacking 143

Tech Republic Security

MAY 17, 2022

Security staffers can spend more than five hours addressing security flaws that occurred during the application development cycle, says Invicti. The post Cybersecurity pros spend hours on issues that should have been prevented appeared first on TechRepublic.

Cybersecurity 156

Cybersecurity 156

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Bleeping Computer

MAY 19, 2022

The notorious Conti ransomware gang has officially shut down their operation, with infrastructure taken offline and team leaders told that the brand is no more. [.].

Ransomware 144

Ransomware 144

Malwarebytes

MAY 17, 2022

A security researcher has disclosed how he chained together multiple bugs in order to take over Facebook accounts that were linked to a Gmail account. Youssef Sammouda states it was possible to target all Facebook users but that it was more complicated to develop an exploit, and using Gmail was actually enough to demonstrate the impact of his discoveries.

Accountability 139

Accountability Passwords 139

We Live Security

MAY 18, 2022

In the age of the perpetual news cycle and digital media, the risks that stem from the fake news problem are all too real. The post Fake news – why do people believe it? appeared first on WeLiveSecurity.

Media 137

Media Risk 137

Tech Republic Security

MAY 19, 2022

A threat actor has successfully compromised and modified a US business website's checkout page in order to collect all the credit card data from unsuspecting customers. Read more about how to protect from this threat. The post Threat actors compromising US business online checkout pages to steal credit card information appeared first on TechRepublic.

155

155

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

The Hacker News

MAY 19, 2022

Google last month addressed a high-severity flaw in its OAuth client library for Java that could be abused by a malicious actor with a compromised token to deploy arbitrary payloads. Tracked as CVE-2021-22573, the vulnerability is rated 8.7 out of 10 for severity and relates to an authentication bypass in the library that stems from an improper verification of the cryptographic signature.

Authentication 137

Authentication 137

Security Boulevard

MAY 19, 2022

Tesla cars can be unlocked and stolen via a simple relay attack. The company shrugged and said it’s “a known limitation.”. The post ‘Incompetent’ Tesla Lets Hackers Steal Cars — via Bluetooth appeared first on Security Boulevard.

Social Engineering 136

Social Engineering IoT Engineering Security Awareness 136

Security Affairs

MAY 19, 2022

White hat hackers earned a total of $800,000 on the first day of the Pwn2Own Vancouver 2022, $450,000 for exploits targeting Microsoft Teams. Pwn2Own Vancouver 2022 hacking contest has begun, it is the 15th edition of this important event organized by Trend Micro’s Zero Day Initiative (ZDI). This year, 17 contestants are attempting to exploit 21 targets across multiple categories.

Hacking 140

Hacking Cybersecurity Information Security 140

Tech Republic Security

MAY 16, 2022

When you're choosing EDR software for your business, see how the features of Bitdefender and McAfee compare. The post Bitdefender vs McAfee: Compare EDR software appeared first on TechRepublic.

Software 153

Software 153

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

Malwarebytes

MAY 20, 2022

A poor password at the highest levels of an organisation can cost a company millions in losses. Recent findings show that half of IT leaders store passwords in shared documents. On top of that, it seems that folks at executive level are not picking good passwords either. Researchers from NordPass combed through a large list of CEO and business owner breaches.

Passwords 136

Passwords Password Management Authentication VPN 136

Graham Cluley

MAY 16, 2022

Central Bedfordshire Council failed to properly redact the details of 'dozens and dozens' of pupils with special educational needs when responding to a Freedom of Information request, publishing them on a public website.

Education 131

Education Data breaches 131

Security Affairs

MAY 19, 2022

Google addressed a high-severity flaw in its OAuth client library for Java that could allow attackers with a compromised token to deploy malicious payloads. Google addressed a high-severity authentication bypass flaw in Google OAuth Client Library for Java, tracked as CVE-2021-22573 (CVS Score 8.7), that could be exploited by an attacker with a compromised token to deploy malicious payloads.

Engineering 138

Engineering Authentication Hacking Cybersecurity 138

Tech Republic Security

MAY 18, 2022

Kaspersky excels with its easy to use interface and automation features, while Bitdefender gets the edge on overall detection rates and laboratory test results, but with a slightly more difficult learning curve. The post Bitdefender vs Kaspersky: EDR software comparison appeared first on TechRepublic.

Software 148

Software 148

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity