Daniel Miessler

MARCH 10, 2022

People are starting to get the fact that texts (SMS) are a weak form of multi-factor authentication (MFA). Fewer people know that there’s a big gap between the post-SMS MFA options as well. As I talked about in the original CASSM post , there are levels to this game. In that post we talked about 8 levels of password security, starting from using shared and weak passwords and going all the way up to passwordless.

Authentication 364

Authentication Phishing Passwords Accountability 364

Joseph Steinberg

MARCH 8, 2022

Russian President, Vladimir Putin, is unlikely to publicly thank the tens of thousands of pro-Ukraine hacker activists whose highly visible hacking efforts have likely helped Russia far more than they have Ukraine, but if he were to issue a thank you letter, it might read something like this: Dear “Pro-Ukraine Hackers,” I wish to thank you for all of your valiant efforts over the past few weeks.

Artificial Intelligence 360

Artificial Intelligence Hacking Penetration Testing Government 360

Troy Hunt

MARCH 9, 2022

I have lots of little ideas for various pet projects, most of which go nowhere ( Have I Been Pwned being the exception), so I'm always looking for the fastest, cheapest way to get up and running. Last month as part of my blog post on How Everything We're Told About Website Identity Assurance is Wrong , I spun up a Cloudflare Pages website for the first time and hosted digicert-secured.com there (the page has a seal on it so you know you can trust it).

Passwords 345

Passwords DNS Accountability Risk 345

Schneier on Security

MARCH 7, 2022

An Alexa can respond to voice commands it issues. This can be exploited : The attack works by using the device’s speaker to issue voice commands. As long as the speech contains the device wake word (usually “Alexa” or “Echo”) followed by a permissible command, the Echo will carry it out, researchers from Royal Holloway University in London and Italy’s University of Catania found.

Hacking 342

Hacking 342

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Krebs on Security

MARCH 8, 2022

Lumen Technologies , an American company that operates one of the largest Internet backbones and carries a significant percentage of the world’s Internet traffic, said today it will stop routing traffic for organizations based in Russia. Lumen’s decision comes just days after a similar exit by backbone provider Cogent , and amid a news media crackdown in Russia that has already left millions of Russians in the dark about what is really going on with their president’s war in Ukr

Internet 318

Internet Internet Government Technology 318

Lohrman on Security

MARCH 6, 2022

New mandated reporting of major cyber incidents for all owners and operators of U.S. critical infrastructure seems closer than ever, thanks to new bills that are supported by the White House.

Cyber Attacks 285

Cyber Attacks 285

Schneier on Security

MARCH 10, 2022

It has been interesting to notice how unimportant and ineffective cyber operations have been in the Russia-Ukraine war. Russia launched a wiper against Ukraine at the beginning, but it was found and neutered. Near as I can tell, the only thing that worked was the disabling of regional KA-SAT SATCOM terminals. It’s probably too early to reach any conclusions, but people are starting to write about this, with varying theories.

302

302

Krebs on Security

MARCH 11, 2022

As their cities suffered more intense bombardment by Russian military forces this week, Ukrainian Internet users came under renewed cyberattacks, with one Internet company providing service there saying they blocked ten times the normal number of phishing and malware attacks targeting Ukrainians. John Todd is general manager of Quad9 , a free “anycast” DNS platform.

DNS 298

DNS Internet Internet Phishing 298

Tech Republic Security

MARCH 11, 2022

Developers are exploring new tools and methodologies to ensure the next log4j doesn’t happen. Will it work? The post Log4j postmortem: Developers are taking a hard look at software supply-chain security gaps appeared first on TechRepublic.

Software 213

Software 213

Security Affairs

MARCH 5, 2022

Anonymous and its affiliates continue to target Russia and Belarus, it is also targeting the Russian disinformation machine. Anonymous announced to have hacked more than 2,500 websites linked to the Russian and Belarusian governments, state-owned media outlets spreading disinformation, Russian private organizations, banks, hospitals, airports. The attacks were conducted as part of the #OpRussia launched by the collective after the violent and illegitimate invasion of Ukraine.

Hacking 145

Hacking Government Banking Media 145

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Schneier on Security

MARCH 8, 2022

Yet another method of surveillance : Radar can detect you moving closer to a computer and entering its personal space. This might mean the computer can then choose to perform certain actions, like booting up the screen without requiring you to press a button. This kind of interaction already exists in current Google Nest smart displays , though instead of radar, Google employs ultrasonic sound waves to measure a person’s distance from the device.

Surveillance 296

Surveillance Internet Internet Technology 296

Bleeping Computer

MARCH 11, 2022

Video game developer Ubisoft has confirmed that it suffered a 'cyber security incident' that caused disruption to some of its services. Data extortion group LAPSUS$, who has claimed responsibility for hacking Samsung, NVIDIA, and Mercado Libre thus far, also appears to be behind Ubisoft incident. [.].

Passwords 143

Passwords Hacking 143

Tech Republic Security

MARCH 8, 2022

APC-branded uninterruptible power supplies were found to be vulnerable to three zero day exploits that could let an attacker physically damage the UPS and attached assets, Armis said. The post TLStorm exploits expose more than 20 million UPS units to takeover. Was yours one of them? appeared first on TechRepublic.

191

191

Trend Micro

MARCH 7, 2022

We analyze RURansom, a malware variant discovered to be targeting Russia. Originally suspected to be a ransomware because of its name, analysis reveals RURansom to be a wiper.

Ransomware 142

Ransomware Malware Cyber threats 142

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Schneier on Security

MARCH 9, 2022

Zelle is rife with fraud : Zelle’s immediacy has also made it a favorite of fraudsters. Other types of bank transfers or transactions involving payment cards typically take at least a day to clear. But once crooks scare or trick victims into handing over money via Zelle, they can siphon away thousands of dollars in seconds. There’s no way for customers — and in many cases, the banks themselves — to retrieve the money. […].

Banking 273

Banking Scams 273

Bleeping Computer

MARCH 10, 2022

Russia has created its own trusted TLS certificate authority (CA) to solve website access problems that have been piling up after sanctions prevent certificate renewals. [.].

142

142

Tech Republic Security

MARCH 7, 2022

Advances in graphics processing technology have slashed the time needed to crack a password using brute force techniques, says Hive Systems. The post How an 8-character password could be cracked in less than an hour appeared first on TechRepublic.

Passwords 178

Passwords Technology 178

Graham Cluley

MARCH 6, 2022

Oh how embarrassing for the criminal gang who extorted millions from businesses by threatening to leak their data, that someone leaked some 160,000 messages between their members as well as their malware source code.

Ransomware 142

Ransomware Malware 142

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Security Affairs

MARCH 10, 2022

The U.S. CISA has updated the alert on Conti ransomware and added 98 domain names used by the criminal gang. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has updated the alert on Conti ransomware operations, the agency added 100 domain names used by the group. The joint report published by CISA, the Federal Bureau of Investigation (FBI), and the National Security Agency (NSA) in September warned of an increased number of Conti ransomware attacks against US organizations.

Ransomware 145

Ransomware Cyber threats Hacking Cybersecurity 145

CSO Magazine

MARCH 10, 2022

The world is watching closely as Russia’s invasion of Ukraine evolves with each passing day. The conflict, combined with geopolitical tensions prompted by the disapproving responses from NATO, the US and many other countries, have made organizations within those countries high targets of offensive Russian and associated nation state cybersecurity attacks.

Cyber Attacks 139

Cyber Attacks Cybersecurity 139

Tech Republic Security

MARCH 8, 2022

Antivirus software protects your data against cybercriminals, ransomware and malware. Compare the best software now. The post The 10 best antivirus products you should consider for your business appeared first on TechRepublic.

Antivirus 176

Antivirus Software Ransomware Malware 176

Bleeping Computer

MARCH 11, 2022

Finland's Transport and Communications Agency, Traficom, has issued a public announcement informing of an unusual spike in GPS interference near the country's eastern border. [.].

Technology 136

Technology 136

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

Google Security

MARCH 10, 2022

Posted by Adrian Taylor, Chrome Security Team If you are a regular reader of our Chrome release blog , you may have noticed that phrases like 'exploit for CVE-1234-567 exists in the wild' have been appearing more often recently. In this post we'll explore why there seems to be such an increase in exploits, and clarify some misconceptions in the process.

Engineering 133

Engineering Software Risk Accountability 133

CSO Magazine

MARCH 11, 2022

An error in the SaaS platform of an S&P 500 company is leaking data on the internet. News of the misconfiguration mistake found in nearly 70% of ServiceNow instances was reported Wednesday by AppOmni, a SaaS security provider. According to AppOmni, the misconfiguration resulted from a combination of customer-managed configurations and over-provisioning of permissions to guest users.

Internet 137

Internet Internet 137

Tech Republic Security

MARCH 10, 2022

The Financial Crimes Enforcement Network has issued a statement for financial institutions to be aware of suspicious activity. The post Russia may try to dodge sanctions using ransomware payments, warns US Treasury appeared first on TechRepublic.

Ransomware 174

Ransomware 174

Bleeping Computer

MARCH 11, 2022

Offensive Security has announced its implementation of a file system snapshot in Kali Linux, a feature designed to add VM-like snapshotting to bare-metal installs. [.].

137

137

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

CyberSecurity Insiders

MARCH 10, 2022

Ukraine’s critical infrastructure is being cyber-attacked by malware these days and highly placed sources state that the malicious software has compromised 13 computer networks operating for public utilities so far. In a statement released on March 7, 2022, the Computer Emergency Response Team (CERT-UA) has confirmed that its digital infrastructure was constantly being hit by malicious attacks and phishing emails were acting as a source for the infiltration.

Malware 134

Malware Government Cyber Attacks Phishing 134

eSecurity Planet

MARCH 7, 2022

A SaaS security company says a spike in cyber attacks from Russia and China in recent weeks suggests the two countries may be coordinating their cyber efforts. SaaS Alerts, which helps managed service providers (MSPs) manage and protect customers’ SaaS apps, mentioned the finding in conjunction with the release of its annual SaaS Application Security Insights (SASI) report. “Over the last several weeks, SaaS Alerts has seen a sharp rise in activity from countries with consistently hi

Cyber Attacks 134

Cyber Attacks Accountability Risk Network Security 134

Tech Republic Security

MARCH 7, 2022

A recent cyberattack has compromised a large amount of Nvidia’s data, including a pair of digital-signing certificates. Here’s what's at stake and how to react. The post Nvidia’s breach might help cybercriminals run malware campaigns appeared first on TechRepublic.

Malware 155

Malware 155

Bleeping Computer

MARCH 9, 2022

Security researchers have found new a new way to bypass existing hardware-based defenses for speculative execution in modern computer processors from Intel, AMD, and ARM. [.].

132

132

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity