Sat.Jun 24, 2023 - Fri.Jun 30, 2023

article thumbnail

Redacting Documents with a Black Sharpie Doesn’t Work

Schneier on Security

We have learned this lesson again : As part of the FTC v. Microsoft hearing , Sony supplied a document from PlayStation chief Jim Ryan that includes redacted details on the margins Sony shares with publishers, its Call of Duty revenues, and even the cost of developing some of its games. It looks like someone redacted the documents with a black Sharpie ­ but when you scan them in, it’s easy to see some of the redactions.

276
276
article thumbnail

Russian Cybersecurity Executive Arrested for Alleged Role in 2012 Megahacks

Krebs on Security

Nikita Kislitsin , formerly the head of network security for one of Russia’s top cybersecurity firms, was arrested last week in Kazakhstan in response to 10-year-old hacking charges from the U.S. Department of Justice. Experts say Kislitsin’s prosecution could soon put the Kazakhstan government in a sticky diplomatic position, as the Kremlin is already signaling that it intends to block his extradition to the United States.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Strengthening Cyber Partnerships: An Interview With the N.J. CISO

Lohrman on Security

Michael Geraghty, the director of cybersecurity and chief information security officer for the state of New Jersey, shares information on cyber operations, partnerships and more.

CISO 215
article thumbnail

How to View Your SSH Keys in Linux, macOS and Windows

Tech Republic Security

If you're not sure how to view your SSH certificates, this article walks you through the steps on Linux, macOS and Windows. The post How to View Your SSH Keys in Linux, macOS and Windows appeared first on TechRepublic.

200
200
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

The US Is Spying on the UN Secretary General

Schneier on Security

The Washington Post is reporting that the US is spying on the UN Secretary General. The reports on Guterres appear to contain the secretary general’s personal conversations with aides regarding diplomatic encounters. They indicate that the United States relied on spying powers granted under the Foreign Intelligence Surveillance Act (FISA) to gather the intercepts.

article thumbnail

U.K. Cyber Thug “PlugwalkJoe” Gets 5 Years in Prison

Krebs on Security

Joseph James “PlugwalkJoe” O’Connor , a 24-year-old from the United Kingdom who earned his 15 minutes of fame by participating in the July 2020 hack of Twitter , has been sentenced to five years in a U.S. prison. That may seem like harsh punishment for a brief and very public cyber joy ride. But O’Connor also pleaded guilty in a separate investigation involving a years-long spree of cyberstalking and cryptocurrency theft enabled by “ SIM swapping ,” a crime wh

More Trending

article thumbnail

How FIDO2 Powers Up Passkeys Across Devices

Tech Republic Security

The FIDO Alliance’s Andrew Shikiar explains how passkeys are quickly replacing passwords as the next-generation login, a low friction, high security protocol for any device. The post How FIDO2 Powers Up Passkeys Across Devices appeared first on TechRepublic.

Passwords 188
article thumbnail

Excel Data Forensics

Schneier on Security

In this detailed article about academic plagiarism are some interesting details about how to do data forensics on Excel files. It really needs the graphics to understand, so see the description at the link. (And, yes, an author of a paper on dishonesty is being accused of dishonesty. There’s more evidence.

227
227
article thumbnail

Andariel’s silly mistakes and a new malware family

SecureList

Introduction Andariel, a part of the notorious Lazarus group, is known for its use of the DTrack malware and Maui ransomware in mid-2022. During the same period, Andariel also actively exploited the Log4j vulnerability as reported by Talos and Ahnlab. Their campaign introduced several new malware families, such as YamaBot and MagicRat, but also updated versions of NukeSped and, of course, DTrack.

Malware 143
article thumbnail

Microsoft Sysmon now detects when executables files are created

Bleeping Computer

Microsoft has released Sysmon 15, converting it into a protected process and adding the new 'FileExecutableDetected' option to log when executable files are created. [.

145
145
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

What is Data Loss Prevention (DLP)?

Tech Republic Security

DLP helps organizations protect their sensitive data. Learn about the best practices and tools available to prepare for and prevent data loss. The post What is Data Loss Prevention (DLP)? appeared first on TechRepublic.

Big data 178
article thumbnail

Typing Incriminating Evidence in the Memo Field

Schneier on Security

Don’t do it : Recently, the manager of the Harvard Med School morgue was accused of stealing and selling human body parts. Cedric Lodge and his wife Denise were among a half-dozen people arrested for some pretty grotesque crimes. This part is also at least a little bit funny though: Over a three-year period, Taylor appeared to pay Denise Lodge more than $37,000 for human remains.

227
227
article thumbnail

Chip Giant TSMC Blames $70M LockBit Breach on IT Hardware Supplier

Dark Reading

The group has given one of Apple's biggest semiconductor suppliers until Aug. 6 to pay $70 million or risk having its data and "points of entry" to its network publicly leaked.

Risk 134
article thumbnail

New Mockingjay process injection technique evades EDR detection

Bleeping Computer

A new process injection technique named 'Mockingjay' could allow threat actors to bypass EDR (Endpoint Detection and Response) and other security products to stealthily execute malicious code on compromised systems. [.

137
137
article thumbnail

The Importance of User Roles and Permissions in Cybersecurity Software

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

article thumbnail

Anonymous Sudan’s Attack of European Investment Bank: Money, Politics and PR

Tech Republic Security

Pro-Kremlin groups Anonymous Sudan, Killnet and Clop have other motivations than just hacktivism as they widen their attack field beyond political targets. The post Anonymous Sudan’s Attack of European Investment Bank: Money, Politics and PR appeared first on TechRepublic.

Banking 173
article thumbnail

Stalkerware Vendor Hacked

Schneier on Security

The stalkerware company LetMeSpy has been hacked : TechCrunch reviewed the leaked data, which included years of victims’ call logs and text messages dating back to 2013. The database we reviewed contained current records on at least 13,000 compromised devices, though some of the devices shared little to no data with LetMeSpy. (LetMeSpy claims to delete data after two months of account inactivity.) […] The database also contained over 13,400 location data points for several thousand v

Hacking 210
article thumbnail

As Goes GDPR, So Goes AI: EU Leads With Proposed AI Law

Security Boulevard

The EU has proposed legislation that would govern the use of AI and could be used for a blueprint by other countries looking to put guardrails around the technology. The post As Goes GDPR, So Goes AI: EU Leads With Proposed AI Law appeared first on Security Boulevard.

article thumbnail

Grafana warns of critical auth bypass due to Azure AD integration

Bleeping Computer

Grafana has released security fixes for multiple versions of its application, addressing a vulnerability that enables attackers to bypass authentication and take over any Grafana account that uses Azure Active Directory for authentication. [.

article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

Aqua Security Study Finds 1,400% Increase in Memory Attacks

Tech Republic Security

Analysis of 700,000 real-world attacks shows how memory attacks evade protections and suggest mitigations. The post Aqua Security Study Finds 1,400% Increase in Memory Attacks appeared first on TechRepublic.

Software 171
article thumbnail

7 Types of Penetration Testing: Guide to Pentest Methods & Types

eSecurity Planet

Penetration tests are vital components of vulnerability management programs. In these tests, white hat hackers try to find and exploit vulnerabilities in your systems to help you stay one step ahead of cyberattackers. Because these tests can use illegal hacker techniques, pentest services will sign a contract detailing their roles, goals, and responsibilities.

article thumbnail

‘Wagner Mercenary’ Hackers Destroy Russian Satellite Comms

Security Boulevard

Dozor-Teleport hack, vandalism and data breach. But is it a Ukrainian false flag op? The post ‘Wagner Mercenary’ Hackers Destroy Russian Satellite Comms appeared first on Security Boulevard.

article thumbnail

Twitter now forces you to sign in to view tweets

Bleeping Computer

Starting today, Twitter is no longer accessible on web and mobile apps if you don't have an account, forcing all users to log in if they want to get access to the platform. [.

Mobile 131
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

8Base Ransomware Attacks Show Spike in Activity

Tech Republic Security

Ransomware attacks from the 8Base group claimed the second largest number of victims over the past 30 days, says VMware. The post 8Base Ransomware Attacks Show Spike in Activity appeared first on TechRepublic.

article thumbnail

Diablo IV video game hit by DDoS attacks

Graham Cluley

It wasn't a great weekend for video game fans, as players of Diablo IV multiplayer role-playing game were greeted with an error message as it tried to connect to the servers of developer Blizzard.

DDOS 120
article thumbnail

The Cloud Security Risks of Overprivileged Vendors

Security Boulevard

Onboarding new software and SaaS vendors in the cloud presents a new set of security challenges for a lot of organizations. The post The Cloud Security Risks of Overprivileged Vendors appeared first on Security Boulevard.

Risk 122
article thumbnail

Trojanized Super Mario game used to install Windows malware

Bleeping Computer

A trojanized installer for a popular Super Mario Bros game has been infecting unsuspecting players with multiple Windows malware families. [.

Malware 145
article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

article thumbnail

Different Methods to Secure Your Microsoft Word Documents

Tech Republic Security

Microsoft offers different Word document security solutions. Dive into the methods to learn how you can secure your files and ensure document protection. The post Different Methods to Secure Your Microsoft Word Documents appeared first on TechRepublic.

Software 157
article thumbnail

The unhappy reality of cloud security in 2023

InfoWorld on Security

The studies are coming fast these days. Thales Global Cloud Security Study for 2022 found that during the past 12 months, 45% of businesses have experienced a cloud data breach or failed to perform audits. (It would have been nice for this number to be broken out.) If you’ve been watching this space, it was only 5% off from the previous year. What gives?

article thumbnail

Gmail client-side encryption: A deep dive

Google Security

Nicolas Lidzborski, Principal Engineer and Jaishankar Sundararaman, Sr. Director of Engineering, Google Workspace In February, we expanded Google Workspace client-side encryption (CSE) capabilities to include Gmail and Calendar in addition to Drive, Docs, Slides, Sheets , and Meet. CSE in Gmail was designed to provide commercial and public sector organizations an additional layer of confidentiality and data integrity protection beyond the existing encryption offered by default in Workspace.

article thumbnail

Linux version of Akira ransomware targets VMware ESXi servers

Bleeping Computer

The Akira ransomware operation uses a Linux encryptor to encrypt VMware ESXi virtual machines in double-extortion attacks against companies worldwide. [.

article thumbnail

Cybersecurity Predictions for 2024

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.