Sat.Jun 24, 2023 - Fri.Jun 30, 2023

article thumbnail

Redacting Documents with a Black Sharpie Doesn’t Work

Schneier on Security

We have learned this lesson again : As part of the FTC v. Microsoft hearing , Sony supplied a document from PlayStation chief Jim Ryan that includes redacted details on the margins Sony shares with publishers, its Call of Duty revenues, and even the cost of developing some of its games. It looks like someone redacted the documents with a black Sharpie ­ but when you scan them in, it’s easy to see some of the redactions.

289
289
article thumbnail

Russian Cybersecurity Executive Arrested for Alleged Role in 2012 Megahacks

Krebs on Security

Nikita Kislitsin , formerly the head of network security for one of Russia’s top cybersecurity firms, was arrested last week in Kazakhstan in response to 10-year-old hacking charges from the U.S. Department of Justice. Experts say Kislitsin’s prosecution could soon put the Kazakhstan government in a sticky diplomatic position, as the Kremlin is already signaling that it intends to block his extradition to the United States.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Strengthening Cyber Partnerships: An Interview With the N.J. CISO

Lohrman on Security

Michael Geraghty, the director of cybersecurity and chief information security officer for the state of New Jersey, shares information on cyber operations, partnerships and more.

CISO 215
article thumbnail

How to View Your SSH Keys in Linux, macOS and Windows

Tech Republic Security

If you're not sure how to view your SSH certificates, this article walks you through the steps on Linux, macOS and Windows. The post How to View Your SSH Keys in Linux, macOS and Windows appeared first on TechRepublic.

205
205
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

The US Is Spying on the UN Secretary General

Schneier on Security

The Washington Post is reporting that the US is spying on the UN Secretary General. The reports on Guterres appear to contain the secretary general’s personal conversations with aides regarding diplomatic encounters. They indicate that the United States relied on spying powers granted under the Foreign Intelligence Surveillance Act (FISA) to gather the intercepts.

article thumbnail

U.K. Cyber Thug “PlugwalkJoe” Gets 5 Years in Prison

Krebs on Security

Joseph James “PlugwalkJoe” O’Connor , a 24-year-old from the United Kingdom who earned his 15 minutes of fame by participating in the July 2020 hack of Twitter , has been sentenced to five years in a U.S. prison. That may seem like harsh punishment for a brief and very public cyber joy ride. But O’Connor also pleaded guilty in a separate investigation involving a years-long spree of cyberstalking and cryptocurrency theft enabled by “ SIM swapping ,” a crime wh

More Trending

article thumbnail

How FIDO2 Powers Up Passkeys Across Devices

Tech Republic Security

The FIDO Alliance’s Andrew Shikiar explains how passkeys are quickly replacing passwords as the next-generation login, a low friction, high security protocol for any device. The post How FIDO2 Powers Up Passkeys Across Devices appeared first on TechRepublic.

Passwords 199
article thumbnail

Excel Data Forensics

Schneier on Security

In this detailed article about academic plagiarism are some interesting details about how to do data forensics on Excel files. It really needs the graphics to understand, so see the description at the link. (And, yes, an author of a paper on dishonesty is being accused of dishonesty. There’s more evidence.

242
242
article thumbnail

Weekly Update 353

Troy Hunt

This feels like a week of minor frustrations with little real world consequence but they just bugged the hell out of me. Couldn't record in my office due to a weird ground loop problem, my Home Assistant instance was unexpectedly rebooting, the Yale IoT door locks had near unprecedentedly bad UX. and then I saw Miele's IoT 😭 Other than that, everything is fine 😊 References Sponsored by: Kolide can get your cross-platform fleet to 100% compliance.

IoT 179
article thumbnail

GUEST ESSAY: Dialing in generative AI to truly relieve and assist cybersecurity professionals

The Last Watchdog

As the threat of cybercrime grows with each passing year, cybersecurity must begin utilizing artificial intelligence tools to better combat digital threats. Related: A call to regulate facial recognition Although AI has become a powerful weapon, there’s concern it might be too effective compared to human cybersecurity professionals — leading to layoffs and replacements.

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

What is Data Loss Prevention (DLP)?

Tech Republic Security

DLP helps organizations protect their sensitive data. Learn about the best practices and tools available to prepare for and prevent data loss. The post What is Data Loss Prevention (DLP)? appeared first on TechRepublic.

Big data 191
article thumbnail

Typing Incriminating Evidence in the Memo Field

Schneier on Security

Don’t do it : Recently, the manager of the Harvard Med School morgue was accused of stealing and selling human body parts. Cedric Lodge and his wife Denise were among a half-dozen people arrested for some pretty grotesque crimes. This part is also at least a little bit funny though: Over a three-year period, Taylor appeared to pay Denise Lodge more than $37,000 for human remains.

240
240
article thumbnail

Microsoft Sysmon now detects when executables files are created

Bleeping Computer

Microsoft has released Sysmon 15, converting it into a protected process and adding the new 'FileExecutableDetected' option to log when executable files are created. [.

145
145
article thumbnail

Andariel’s silly mistakes and a new malware family

SecureList

Introduction Andariel, a part of the notorious Lazarus group, is known for its use of the DTrack malware and Maui ransomware in mid-2022. During the same period, Andariel also actively exploited the Log4j vulnerability as reported by Talos and Ahnlab. Their campaign introduced several new malware families, such as YamaBot and MagicRat, but also updated versions of NukeSped and, of course, DTrack.

Malware 145
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Aqua Security Study Finds 1,400% Increase in Memory Attacks

Tech Republic Security

Analysis of 700,000 real-world attacks shows how memory attacks evade protections and suggest mitigations. The post Aqua Security Study Finds 1,400% Increase in Memory Attacks appeared first on TechRepublic.

Software 188
article thumbnail

Stalkerware Vendor Hacked

Schneier on Security

The stalkerware company LetMeSpy has been hacked : TechCrunch reviewed the leaked data, which included years of victims’ call logs and text messages dating back to 2013. The database we reviewed contained current records on at least 13,000 compromised devices, though some of the devices shared little to no data with LetMeSpy. (LetMeSpy claims to delete data after two months of account inactivity.) […] The database also contained over 13,400 location data points for several thousand v

Hacking 224
article thumbnail

Trojanized Super Mario game used to install Windows malware

Bleeping Computer

A trojanized installer for a popular Super Mario Bros game has been infecting unsuspecting players with multiple Windows malware families. [.

Malware 145
article thumbnail

Chinese Hackers Using Never-Before-Seen Tactics for Critical Infrastructure Attacks

The Hacker News

The newly discovered Chinese nation-state actor known as Volt Typhoon has been observed to be active in the wild since at least mid-2020, with the hacking crew linked to never-before-seen tradecraft to retain remote access to targets of interest. The findings come from CrowdStrike, which is tracking the adversary under the name Vanguard Panda.

Hacking 142
article thumbnail

The Importance of User Roles and Permissions in Cybersecurity Software

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

article thumbnail

Anonymous Sudan’s Attack of European Investment Bank: Money, Politics and PR

Tech Republic Security

Pro-Kremlin groups Anonymous Sudan, Killnet and Clop have other motivations than just hacktivism as they widen their attack field beyond political targets. The post Anonymous Sudan’s Attack of European Investment Bank: Money, Politics and PR appeared first on TechRepublic.

Banking 186
article thumbnail

As Goes GDPR, So Goes AI: EU Leads With Proposed AI Law

Security Boulevard

The EU has proposed legislation that would govern the use of AI and could be used for a blueprint by other countries looking to put guardrails around the technology. The post As Goes GDPR, So Goes AI: EU Leads With Proposed AI Law appeared first on Security Boulevard.

article thumbnail

YouTube tests restricting ad blocker users to 3 video views

Bleeping Computer

YouTube is currently running what it describes as a "small experiment globally," warning users to toggle off their ad blockers and avoid being limited to only three video views. [.

article thumbnail

From MuddyC3 to PhonyC2: Iran's MuddyWater Evolves with a New Cyber Weapon

The Hacker News

The Iranian state-sponsored group dubbed MuddyWater has been attributed to a previously unseen command-and-control (C2) framework called PhonyC2 that's been put to use by the actor since 2021.

article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

8Base Ransomware Attacks Show Spike in Activity

Tech Republic Security

Ransomware attacks from the 8Base group claimed the second largest number of victims over the past 30 days, says VMware. The post 8Base Ransomware Attacks Show Spike in Activity appeared first on TechRepublic.

article thumbnail

Chip Giant TSMC Blames $70M LockBit Breach on IT Hardware Supplier

Dark Reading

The group has given one of Apple's biggest semiconductor suppliers until Aug. 6 to pay $70 million or risk having its data and "points of entry" to its network publicly leaked.

Risk 134
article thumbnail

MITRE releases new list of top 25 most dangerous software bugs

Bleeping Computer

MITRE shared today this year's list of the top 25 most dangerous weaknesses plaguing software during the previous two years.

Software 141
article thumbnail

Beware: New 'Rustbucket' Malware Variant Targeting macOS Users

The Hacker News

Researchers have pulled back the curtain on an updated version of an Apple macOS malware called Rustbucket that comes with improved capabilities to establish persistence and avoid detection by security software.

Malware 131
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

Different Methods to Secure Your Microsoft Word Documents

Tech Republic Security

Microsoft offers different Word document security solutions. Dive into the methods to learn how you can secure your files and ensure document protection. The post Different Methods to Secure Your Microsoft Word Documents appeared first on TechRepublic.

Software 172
article thumbnail

‘Wagner Mercenary’ Hackers Destroy Russian Satellite Comms

Security Boulevard

Dozor-Teleport hack, vandalism and data breach. But is it a Ukrainian false flag op? The post ‘Wagner Mercenary’ Hackers Destroy Russian Satellite Comms appeared first on Security Boulevard.

article thumbnail

New Mockingjay process injection technique evades EDR detection

Bleeping Computer

A new process injection technique named 'Mockingjay' could allow threat actors to bypass EDR (Endpoint Detection and Response) and other security products to stealthily execute malicious code on compromised systems. [.

137
137
article thumbnail

Preventing Cyberattacks on Schools Starts With K–12 Cybersecurity Education

Dark Reading

By investing in a strong future cybersecurity workforce, we can prevent future attacks on US critical infrastructure before they occur.

Education 131
article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!