Krebs on Security

MAY 17, 2022

Millions of U.S. government employees and contractors have been issued a secure smart ID card that enables physical access to buildings and controlled spaces, and provides access to government computer networks and systems at the cardholder’s appropriate security level. But many government employees aren’t issued an approved card reader device that lets them use these cards at home or remotely, and so turn to low-cost readers they find online.

Malware 359

Malware Government Internet Internet 359

Schneier on Security

MAY 19, 2022

A surprising number of websites include JavaScript keyloggers that collect everything you type as you type it, not just when you submit a form. Researchers from KU Leuven, Radboud University, and University of Lausanne crawled and analyzed the top 100,000 websites, looking at scenarios in which a user is visiting a site while in the European Union and visiting a site from the United States.

Passwords 348

Passwords Marketing Data collection 348

Troy Hunt

MAY 19, 2022

Just before Christmas, the promise to launch a fully open source Pwned Passwords fed with a firehose of fresh data from the FBI and NCA finally came true. We pushed out the code, published the blog post, dusted ourselves off and that was that. Kind of - there was just one thing remaining. The k-anonymity API is lovely and that's not just me saying that, that's people voting with their feet: That's already 58% by volume from my December blog post, only 5 months ago to the day.

Passwords 305

Passwords 305

Anton on Security

MAY 19, 2022

This is written jointly with Tim Peacock and will eventually appear on the GCP blog. For now, treat this as “posted for feedback” :-) Ideally, read this post first. In this post, we will share our views on a foundational framework for thinking about threat detection in public cloud computing. To start, let’s remind our audience what we mean by threat detection and detection and response.

Threat Detection 299

Threat Detection Technology Backups Data breaches 299

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

The Last Watchdog

MAY 16, 2022

It’s a scenario executives know too well. Related: Third-party audits can hold valuable intel. You and your cybersecurity team do everything correctly to safeguard your infrastructure, yet the frightening alert still arrives that you’ve suffered a data breach. It’s a maddening situation that occurs far more often than it should. One of the main culprits for these incredibly frustrating attacks has not so much to do with how a team functions or the protocols a company employs, but instead, it’s a

Cyber Attacks 273

Cyber Attacks Firmware Artificial Intelligence Manufacturing 273

Schneier on Security

MAY 18, 2022

Researchers have demonstrated iPhone malware that works even when the phone is fully shut down. t turns out that the iPhone’s Bluetooth chip­ — which is key to making features like Find My work­ — has no mechanism for digitally signing or even encrypting the firmware it runs. Academics at Germany’s Technical University of Darmstadt figured out how to exploit this lack of hardening to run malicious firmware that allows the attacker to track the phone’s location or run new features whe

Malware 311

Malware Firmware Encryption Risk 311

Lohrman on Security

MAY 15, 2022

Lincoln College in Illinois announced they were closing their doors as a result of COVID-19 and cyber attack disruptions. Who’s next?

Cyber Attacks 214

Cyber Attacks Ransomware 214

The Last Watchdog

MAY 19, 2022

You very likely will interact with a content management system (CMS) multiple times today. Related: How ‘business logic’ hackers steal from companies. For instance, the The Last Watchdog article you are reading uses a CMS to store posts, display them in an attractive manner, and provide search capabilities. Wikipedia uses a CMS for textual entries, blog posts, images, photographs, videos, charts, graphics, and “ talk pages ” that help its many contributors collaborate.

Data breaches 262

Data breaches Encryption Mobile Technology 262

Schneier on Security

MAY 20, 2022

Locks that use Bluetooth Low Energy to authenticate keys are vulnerable to remote unlocking. The research focused on Teslas, but the exploit is generalizable. In a video shared with Reuters, NCC Group researcher Sultan Qasim Khan was able to open and then drive a Tesla using a small relay device attached to a laptop which bridged a large gap between the Tesla and the Tesla owner’s phone. “This proves that any product relying on a trusted BLE connection is vulnerable to attacks even f

Technology 272

Technology Authentication Hacking 272

Troy Hunt

MAY 14, 2022

A short one this week as the previous 7 days disappeared with AusCERT and other commitments. Geez it was nice to not only be back at an event, but out there socialising and attending all the related things that tend to go along with it. I'll leave you with this tweet which was a bit of a highlight for me, having Ari alongside me at the event and watching his enthusiasm being part of the industry I love 😊 At #AusCERT with Ari for “take your son to work” day 🙂 I&

Passwords 232

Passwords 232

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Tech Republic Security

MAY 20, 2022

A commercial surveillance company previously exposed for selling a spyware service dubbed "Predator" keeps targeting users and uses 0-day exploits to compromise Android phones. Learn more about how to protect yourself from it. The post Packaged zero-day vulnerabilities on Android used for cyber surveillance attacks appeared first on TechRepublic.

Surveillance 196

Surveillance Spyware Mobile 196

The Last Watchdog

MAY 20, 2022

The unification revolution of cybersecurity solutions has started – and managed security service providers are leading the way. Managed security services (MSS) refer to a service model that enable the monitoring and managing of security technologies, systems, or even software-as-a-service (SaaS) products. Here’s more on the various types and benefits of MSS, as well as the state of the MSS(P) market in 2022!

Marketing 247

Marketing Digital transformation Technology Cybersecurity 247

Schneier on Security

MAY 16, 2022

Rob Joyce, the director of cybersecurity at the NSA, said so in an interview: The NSA already has classified quantum-resistant algorithms of its own that it developed over many years, said Joyce. But it didn’t enter any of its own in the contest. The agency’s mathematicians, however, worked with NIST to support the process, trying to crack the algorithms in order to test their merit. “Those candidate algorithms that NIST is running the competitions on all appear strong, secure,

Architecture 241

Architecture Cybersecurity Encryption 241

Graham Cluley

MAY 20, 2022

I'm not sure if it would be enough for me to switch bank accounts, but I have something of a sneaking respect for the Bank of Zambia.

Banking 145

Banking Accountability Ransomware Malware 145

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Tech Republic Security

MAY 20, 2022

McAfee and Kaspersky are some of the oldest, most trusted names in the antivirus business, but their ideal use cases vary. See which is best for you. The post McAfee vs Kaspersky: Compare EDR software appeared first on TechRepublic.

Software 185

Software Antivirus 185

The Last Watchdog

MAY 17, 2022

Defending companies as they transition to cloud-first infrastructures has become a very big problem – but it’s certainly not an unsolvable one. Coming Wed., May 18: How security teams can help drive business growth — by embracing complexity. . The good news is that a long-overdue transition to a new attack surface and security paradigm is well underway, one built on a fresh set of cloud-native security frameworks and buttressed by software-defined security technologies.

Technology 235

Technology Software Cybersecurity Internet 235

Schneier on Security

MAY 17, 2022

CISA, NSA, FBI, and similar organizations in the other Five Eyes countries are warning that attacks on MSPs — as a vector to their customers — are likely to increase. No details about what this prediction is based on. Makes sense, though. The SolarWinds attack was incredibly successful for the Russian SVR, and a blueprint for future attacks.

Cybersecurity 237

Cybersecurity 237

Malwarebytes

MAY 19, 2022

A joint multi-national cybersecurity advisory has revealed the top ten attack vectors most exploited by cybercriminals in order to gain access to organisation networks, as well as the techniques they use to gain access. The advisory cites five techniques used to gain leverage: Public facing applications. Anything internet-facing can be a threat if not properly patched and updated.

Phishing 145

Phishing Passwords Social Engineering VPN 145

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Tech Republic Security

MAY 17, 2022

NCC Group has found proof of concept that BLE devices can be exploited from anywhere on the planet. The post Vulnerabilities found in Bluetooth Low Energy gives hackers access to numerous devices appeared first on TechRepublic.

184

184

The Last Watchdog

MAY 18, 2022

The shift to software-defined everything and reliance on IT infrastructure scattered across the Internet has boosted corporate productivity rather spectacularly. Related: Stopping attack surface expansion. And yet, the modern attack surface continues to expand exponentially, largely unchecked. This dichotomy cannot be tolerated over the long run. Encouragingly, an emerging class of network visibility technology is gaining notable traction.

Digital transformation 212

Digital transformation Technology Software Internet 212

Schneier on Security

MAY 20, 2022

“ Google Maps Adds Shortcuts through Houses of People Google Knows Aren’t Home Right Now.” Excellent satire.

Surveillance 229

Surveillance 229

The Hacker News

MAY 19, 2022

Google last month addressed a high-severity flaw in its OAuth client library for Java that could be abused by a malicious actor with a compromised token to deploy arbitrary payloads. Tracked as CVE-2021-22573, the vulnerability is rated 8.7 out of 10 for severity and relates to an authentication bypass in the library that stems from an improper verification of the cryptographic signature.

Authentication 145

Authentication 145

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Tech Republic Security

MAY 19, 2022

A threat actor has successfully compromised and modified a US business website's checkout page in order to collect all the credit card data from unsuspecting customers. Read more about how to protect from this threat. The post Threat actors compromising US business online checkout pages to steal credit card information appeared first on TechRepublic.

174

174

Malwarebytes

MAY 20, 2022

A poor password at the highest levels of an organisation can cost a company millions in losses. Recent findings show that half of IT leaders store passwords in shared documents. On top of that, it seems that folks at executive level are not picking good passwords either. Researchers from NordPass combed through a large list of CEO and business owner breaches.

Passwords 144

Passwords Password Management Authentication VPN 144

Schneier on Security

MAY 14, 2022

This is a current list of where and when I am scheduled to speak: I’m speaking on “Securing a World of Physically Capable Computers” at OWASP Belgium’s chapter meeting in Antwerp, Belgium, on May 17, 2022. I’m speaking at Future Summits in Antwerp, Belgium, on May 18, 2022. I’m speaking at IT-S Now 2022 in Vienna, Austria, on June 2, 2022. I’m speaking at the 14th International Conference on Cyber Conflict, CyCon 2022, in Tallinn, Estonia, on June 3, 2022.

220

220

The Hacker News

MAY 19, 2022

The 2022 SaaS Security Survey Report, in collaboration with CSA, examines the state of SaaS security as seen in the eyes of CISOs and security professionals in today's enterprises. The report gathers anonymous responses from 340 CSA members to examine not only the growing risks in SaaS security but also how different organizations are currently working to secure themselves.

CISO 144

CISO Risk 144

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

Tech Republic Security

MAY 17, 2022

Security staffers can spend more than five hours addressing security flaws that occurred during the application development cycle, says Invicti. The post Cybersecurity pros spend hours on issues that should have been prevented appeared first on TechRepublic.

Cybersecurity 164

Cybersecurity 164

Bleeping Computer

MAY 19, 2022

The notorious Conti ransomware gang has officially shut down their operation, with infrastructure taken offline and team leaders told that the brand is no more. [.].

Ransomware 144

Ransomware 144

Security Affairs

MAY 19, 2022

A new China-linked cyberespionage group known as ‘Space Pirates’ is targeting enterprises in the Russian aerospace industry. A previously unknown Chinese cyberespionage group, tracked as ‘Space Pirates’, targets enterprises in the Russian aerospace industry with spear-phishing attacks. The group has been active since at least 2017, researchers believe it is linked with other China-linked APT groups, including APT41 (Winnti), Mustang Panda , and APT27.

Malware 144

Malware Phishing Government Hacking 144

Security Boulevard

MAY 17, 2022

What’s the correlation between Kubernetes and software supply chains? To answer that question, let’s start by exploring the latter. Simply put, software supply chains are the lifeblood of building, delivering, maintaining and scaling cloud-native applications. They are made up of software components, including those at the infrastructure and application layer, and their underlying pipelines, repositories.

Software 144

Software Cybersecurity 144

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity