Krebs on Security

AUGUST 30, 2022

Phishers are enjoying remarkable success using text messages to steal remote access credentials and one-time passcodes from employees at some of the world’s largest technology companies and customer support firms. A recent spate of SMS phishing attacks from one cybercriminal group has spawned a flurry of breach disclosures from affected companies, which are all struggling to combat the same lingering security threat: The ability of scammers to interact directly with employees through their

Mobile 329

Mobile Phishing Authentication Accountability 329

Schneier on Security

AUGUST 29, 2022

The NSA has has published criteria for evaluating levels of assurance required for DoD microelectronics. The introductory report in a DoD microelectronics series outlines the process for determining levels of hardware assurance for systems and custom microelectronic components, which include application-specific integrated circuits (ASICs), field programmable gate arrays (FPGAs) and other devices containing reprogrammable digital logic.

298

298

Lohrman on Security

AUGUST 28, 2022

The Cybersecurity and Infrastructure Security Agency is getting pushback from critical infrastructure owners and operators on cyber goals and objectives. So what happens next?

Cybersecurity 218

Cybersecurity 218

The Last Watchdog

AUGUST 29, 2022

Penetration testing – pen tests – traditionally have been something companies might do once or twice a year. Related : Cyber espionage is on the rise. Bad news is always anticipated. That’s the whole point. The pen tester’s assignment is to seek out and exploit egregious, latent vulnerabilities – before the bad guys — thereby affording the organization a chance to shore up its network defenses.

Penetration Testing 202

Penetration Testing Digital transformation Internet Internet 202

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

Krebs on Security

AUGUST 31, 2022

Last year, I posted a series of articles about a purported “breach” at Ubiquiti. My sole source for that reporting was the person who has since been indicted by federal prosecutors for his alleged wrongdoing – which includes providing false information to the press. As a result of the new information that has been provided to me, I no longer have faith in the veracity of my source or the information he provided to me.

217

217

Schneier on Security

SEPTEMBER 2, 2022

Details are few, but Montenegro has suffered a cyberattack : A combination of ransomware and distributed denial-of-service attacks, the onslaught disrupted government services and prompted the country’s electrical utility to switch to manual control. […]. But the attack against Montenegro’s infrastructure seemed more sustained and extensive, with targets including water supply systems, transportation services and online government services, among many others.

Retail 288

Retail Government Ransomware Information Security 288

The Last Watchdog

AUGUST 29, 2022

Web application attacks directed at organizations’ web and mail servers continue to take the lead in cybersecurity incidents. Related: Damage caused by ‘business logic’ hacking. This is according to Verizon’s latest 2022 Data Breach Investigations Report ( DBIR ). In the report’s findings, stolen credentials and exploited vulnerabilities are the top reasons for web breaches.

Hacking 201

Hacking Passwords Password Management Data breaches 201

Tech Republic Security

AUGUST 29, 2022

A new survey from GitLab also finds that nearly three-quarters of respondents have adopted or are planning to adopt a DevOps platform within the year. The post Security investment, toolchain consolidation emerge as top priorities appeared first on TechRepublic.

168

168

Schneier on Security

SEPTEMBER 1, 2022

Brian Krebs is reporting on a clever PayPal phishing scam that uses legitimate PayPal messaging. Basically, the scammers use the PayPal invoicing system to send the email. The email lists a phone number to dispute the charge, which is not PayPal and quickly turns into a request to download and install a remote-access tool.

Scams 269

Scams Phishing 269

Dark Reading

SEPTEMBER 2, 2022

Threat hunters can help build defenses as they work with offensive security teams to identify potential threats and build stronger threat barriers.

145

145

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Security Affairs

SEPTEMBER 2, 2022

Uptycs researchers recently spotted a new Linux ransomware that appears to be under active development. The Uptycs Threat Research team recently observed an Executable and Linkable Format ( ELF ) ransomware which encrypts the files inside Linux systems based on the given folder path. We observed that the dropped README note matches exactly with the DarkAngels ransomware README note (see Figure 1).

Ransomware 145

Ransomware Encryption Malware Hacking 145

Tech Republic Security

AUGUST 29, 2022

The offensive security tool used by penetration testers is also being used by threat actors from the ransomware and cyberespionage spheres. The post Sliver offensive security framework increasingly used by threat actors appeared first on TechRepublic.

Ransomware 164

Ransomware Penetration Testing Cybersecurity 164

Schneier on Security

AUGUST 30, 2022

This is good news: The Federal Trade Commission (FTC) has sued Kochava, a large location data provider, for allegedly selling data that the FTC says can track people at reproductive health clinics and places of worship, according to an announcement from the agency. “Defendant’s violations are in connection with acquiring consumers’ precise geolocation data and selling the data in a format that allows entities to track the consumers’ movements to and from sensitive locatio

Risk 265

Risk 265

Bleeping Computer

AUGUST 30, 2022

Threat analysts have spotted a new malware campaign dubbed 'GO#WEBBFUSCATOR' that relies on phishing emails, malicious documents, and space images from the James Webb telescope to spread malware. [.].

Malware 145

Malware Phishing 145

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Security Affairs

AUGUST 30, 2022

A group of researchers from the Georgia Institute of Technology discovered malicious plugins on tens of thousands of WordPress sites. A team of researchers from the Georgia Institute of Technology has analyzed the backups of more than 400,000 unique web servers and discovered 47,337 malicious plugins installed on 24,931 unique WordPress websites. The experts studied the evolution of CMS plugins in the production web servers dating back to 2012, to do this they developed an automated framework na

Backups 145

Backups Malware Technology Hacking 145

Tech Republic Security

SEPTEMBER 2, 2022

Traffers are cybercriminals organized in teams whose purpose is to steal a maximum of bankable information from infected computers, which they sell to other cybercriminals. The post Traffers threat: The invisible thieves appeared first on TechRepublic.

Cybercrime 156

Cybercrime Cybersecurity 156

Schneier on Security

AUGUST 31, 2022

This is a fun story, detailing the hack a group of high school students perpetrated against an Illinois school district, hacking 500 screens across a bunch of schools. During the process, the group broke into the school’s IT systems; repurposed software used to monitor students’ computers; discovered a new vulnerability (and reported it ); wrote their own scripts; secretly tested their system at night; and managed to avoid detection in the school’s network.

Hacking 229

Hacking Penetration Testing Accountability Software 229

The Hacker News

SEPTEMBER 2, 2022

How much time do developers spend actually writing code? According to recent studies, developers spend more time maintaining, testing and securing existing code than they do writing or improving code. Security vulnerabilities have a bad habit of popping up during the software development process, only to surface after an application has been deployed.

Software 144

Software 144

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Security Affairs

AUGUST 30, 2022

Google this week launched a new bug bounty program that covers the open source projects of the IT giant. Google launched a new bug bounty program as part of the new Open Source Software Vulnerability Rewards Program (OSS VRP) that covers the source projects of the IT giant. The company will pay up to $31,337 for vulnerabilities in its projects, while its lowest payout will be $100.

Software 144

Software Passwords Hacking Risk 144

Bleeping Computer

AUGUST 30, 2022

Threat analysts at McAfee found five Google Chrome extensions that steal track users' browsing activity. Collectively, the extensions have been downloaded more then 1.4 million times. [.].

144

144

Security Boulevard

SEPTEMBER 2, 2022

How CIOs Can Balance Boldness and Caution By Implementing DevOps Test Data Management. jasonaxelrod. Thu, 09/01/2022 - 12:16. With automated test data, companies can achieve fast, quality software releases, more seamless cloud adoption, and improved data security and privacy for meeting emerging compliance requirements. Josh Harbert. Sep 01, 2022. Too often, modern businesses are forced to choose between the speed of innovation and privacy and security for valuable data.

Data privacy 143

Data privacy Software Data breaches Risk 143

Naked Security

AUGUST 29, 2022

What does the recent LastPass breach mean for password managers? Just a bump in the road, or a reason to ditch them entirely?

Password Management 141

Password Management Passwords 141

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Security Affairs

AUGUST 30, 2022

Researchers spotted three campaigns delivering multiple malware, including ModernLoader, RedLine Stealer, and cryptocurrency miners. Cisco Talos researchers observed three separate, but related, campaigns between March and June 2022 that were delivering multiple malware, including the ModernLoader bot (aka Avatar bot), RedLine info-stealer and cryptocurrency miners to victims.

Malware 143

Malware Cryptocurrency Hacking Technology 143

WIRED Threat Level

SEPTEMBER 2, 2022

Hackers can use Microsoft’s Power Automate to push out ransomware and key loggers—if they get machine access first.

Ransomware 138

Ransomware Hacking 138

Security Boulevard

SEPTEMBER 2, 2022

An investigation into the breach by Britain's Information Commissioner Office (ICO) concluded that British Airways had violated Europe’s General Data Protection Regulation (GDPR). The post British Airways: A Case Study in GDPR Compliance Failure appeared first on Source Defense. The post British Airways: A Case Study in GDPR Compliance Failure appeared first on Security Boulevard.

Risk 143

Risk Government 143

Naked Security

AUGUST 31, 2022

Patch as soon as you can - that recent WebKit zero-day affecting new iPhones is apparently being used against older models, too.

Spyware 138

Spyware 138

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

Security Affairs

AUGUST 28, 2022

Leaked documents show the surveillance firm Intellexa offering exploits for iOS and Android devices for $8 Million. Intellexa is an Israeli surveillance firm founded by Israeli entrepreneur Tal Dilian, it offers surveillance and hacking solution to law enforcement and intelligence agencies. The Vx-undergroud researchers shared some images of several confidential documents that appear to be the commercial offer of Intellect.

Surveillance 143

Surveillance Spyware Mobile Hacking 143

We Live Security

AUGUST 30, 2022

Are you aware of the perils of the world’s no. 1 social media? Do you know how to avoid scams and stay safe on TikTok? The post TikShock: Don’t get caught out by these 5 TikTok scams appeared first on WeLiveSecurity.

Scams 138

Scams Media 138

Security Boulevard

SEPTEMBER 2, 2022

Women make up 51% of the population, but just 24% of the cybersecurity workforce. The good news is that cybersecurity organizations around the world increasingly acknowledge the importance of gender diversity in the workplace. The bad news is that most still struggle with recruitment and hiring of women, with seven out of 10 leaders worldwide. The post Hiring More Women in Cybersecurity is Mission-Critical appeared first on Security Boulevard.

Cybersecurity 137

Cybersecurity Security Awareness 137

CyberSecurity Insiders

AUGUST 27, 2022

Today’s organizations are facing significant threats that can impact a wide range of people, from individual users to the boardroom. Studies show that cyber professionals believe they are missing at least half of the attacks targeting their organization. Most organizations lack the expertise and internal resources to respond effectively to threats. For these reasons, more businesses are seeking out managed security services, like Nisos.

Risk 136

Risk Media Data collection Security Intelligence 136

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity