Troy Hunt
MARCH 28, 2022
Data breaches impact us all as individuals, companies and as governments. Over the last 4 years, I've been providing additional access to data breach information in Have I Been Pwned for government agencies responsible for protecting their citizens. The access is totally free and amounts to APIs designed to search and monitor government owned domains and TLDs.
Schneier on Security
APRIL 1, 2022
These techniques are not new, but they’re increasingly popular : …some forms of MFA are stronger than others, and recent events show that these weaker forms aren’t much of a hurdle for some hackers to clear. In the past few months, suspected script kiddies like the Lapsus$ data extortion gang and elite Russian-state threat actors (like Cozy Bear, the group behind the SolarWinds hack) have both successfully defeated the protection. […].
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Krebs on Security
MARCH 29, 2022
There is a terrifying and highly effective “method” that criminal hackers are now using to harvest sensitive customer data from Internet service providers, phone companies and social media firms. It involves compromising email accounts and websites tied to police departments and government agencies, and then sending unauthorized demands for subscriber data while claiming the information being requested can’t wait for a court order because it relates to an urgent matter of life
Adam Levin
MARCH 31, 2022
When it comes to backing up your data, IT and cybersecurity experts alike consistently advise what’s known as the “3-2-1” rules, which are: Keep at least three copies of your data: The emphasis here is on at least. Backups are inherently fallible, and can fall prey to malware, ransomware, power surges, and hardware failure. The only way to make sure your data is truly secured is by having backups of your backups.
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
Troy Hunt
APRIL 1, 2022
Everyone just came for the Ubiquiti discussion, right? This is such a tricky one; if their products sucked we could all just forget about them and go on with our day. But they don't suck - they're awesome - and that makes it hard to fathom how a company that makes such great gear is responding this way to such a well-respected journo. I spend most of this week's video talking about this and perhaps what surprised me most, is even after that discussion there's a bunch of peopl
Schneier on Security
MARCH 31, 2022
North Korean hackers have been exploiting a zero-day in Chrome. The flaw, tracked as CVE-2022-0609, was exploited by two separate North Korean hacking groups. Both groups deployed the same exploit kit on websites that either belonged to legitimate organizations and were hacked or were set up for the express purpose of serving attack code on unsuspecting visitors.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
The Last Watchdog
MARCH 31, 2022
Cybersecurity has never felt more porous. You are no doubt aware of the grim statistics: •The average cost of a data breach rose year-over-year from $3.86 million to $4.24 million in 2021, according to IBM. •The majority of cyberattacks result in damages of $500,000 or more, Cisco says. •A sobering analysis by Cybersecurity Ventures forecasts that the global cost of ransomware attacks will reach $265 billion in 2031. • The FBI reports that 3,000-4,000 cyberattacks are counted each day.
Lohrman on Security
MARCH 27, 2022
How bad was cyber crime in 2021? What are the projections for the next few years? More important, what can you do about it?
Schneier on Security
MARCH 30, 2022
The malicious uses of these technologies are scary : Police reportedly arrived on the scene last week and found the man crouched beside the woman’s passenger side door. According to the police, the man had, at some point, wrapped his Apple Watch across the spokes of the woman’s passenger side front car wheel and then used the Watch to track her movements.
Tech Republic Security
APRIL 1, 2022
A report from NCC Group profiles the industries plagued by ransomware as well as the most active hacking groups in February. The post Ransomware attacks are on the rise, who is being affected? appeared first on TechRepublic.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
The Last Watchdog
MARCH 29, 2022
Log4j is the latest, greatest vulnerability to demonstrate just how tenuous the security of modern networks has become. Related: The exposures created by API profileration. Log4j, aka Log4Shell, blasted a surgical light on the multiplying tiers of attack vectors arising from enterprises’ deepening reliance on open-source software. This is all part of corporations plunging into the near future: migration to cloud-based IT infrastructure is in high gear, complexity is mushrooming and fear of falli
Veracode Security
MARCH 31, 2022
Details of a zero-day vulnerability in Spring Framework were leaked on March 29, 2022 but promptly taken down by the original source. Although much of the initial speculation about the nature of the vulnerability was incorrect, we now know that the vulnerability has the potential to be quite serious depending on your organization’s use of Spring Framework.
Schneier on Security
MARCH 29, 2022
Based on two years of leaked messages , 60,000 in all: The Conti ransomware gang runs like any number of businesses around the world. It has multiple departments, from HR and administrators to coders and researchers. It has policies on how its hackers should process their code, and shares best practices to keep the group’s members hidden from law enforcement.
Tech Republic Security
APRIL 1, 2022
A phishing technique called Browser in the Browser (BITB) has emerged, and it’s already aiming at government entities, including Ukraine. Find out how to protect against this new threat. The post “Browser in the Browser” attacks: A devastating new phishing technique arises appeared first on TechRepublic.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
The Last Watchdog
MARCH 28, 2022
Some 96 percent of organizations — according to the recently released 2021 Cloud Native Survey — are either using or evaluating Kubernetes in their production environment, demonstrating that enthusiasm for cloud native technologies has, in the words of the report’s authors, “crossed the adoption chasm.”. Related: The targeting of supply-chain security holes.
PCI perspectives
MARCH 31, 2022
PCI Data Security Standard (PCI DSS) is a global standard that provides a baseline of technical and operational requirements designed to protect account data. The next evolution of the standard- PCI DSS v4.0- is now available. This PCI DSS Resource Hub provides links to both standard documents and educational resources to help organizations become familiar with PCI DSS v4.0.
Bleeping Computer
APRIL 1, 2022
GitLab has addressed a critical severity vulnerability that could allow remote attackers to take over user accounts using hardcoded passwords. [.].
Tech Republic Security
MARCH 29, 2022
To reduce security threats within your organization, you must prioritize security risk management. Here are some best practices to follow, as well as some top resources from TechRepublic Premium. The post Minimizing security risks: Best practices for success appeared first on TechRepublic.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
The Hacker News
APRIL 1, 2022
A Chinese advanced persistent threat tracked as Deep Panda has been observed exploiting the Log4Shell vulnerability in VMware Horizon servers to deploy a backdoor and a novel rootkit on infected machines with the goal of stealing sensitive data.
Malwarebytes
APRIL 1, 2022
This blog post was authored by Ankur Saini, Roberto Santos and Hossein Jazi. UAC-0056 also known as SaintBear, UNC2589 and TA471 is a cyber espionage actor that has been active since early 2021 and has mainly targeted Ukraine and Georgia. The group is known to have performed a wiper attack in January 2022 on multiple Ukrainian government computers and websites.
Digital Shadows
MARCH 29, 2022
Since Russia’s invasion of Ukraine in February, the Digital Shadows Photon team has been following multiple aspects of the tragic. The post “Your rubles will only be good for lighting a fire”: Cybercriminals reel from impact of sanctions first appeared on Digital Shadows.
Tech Republic Security
APRIL 1, 2022
As digital transformation takes hold, companies must employ zero trust to fully secure the expanded threat layer that drives efficiency. The post Digital Transformation Phase 2: Increased Efficiency and Heightened Security Risk appeared first on TechRepublic.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Security Affairs
APRIL 1, 2022
Anonymous continues its operations against Russia, the group announced the hack of the Russian investment firm Marathon Group. Anonymous continues to target Russian firms owned by oligarchs, yesterday the collective announced the hack of the Thozis Corp , while today the group claimed the hack of Marathon Group. The Marathon Group is a Russian investment firm owned by oligarch Alexander Vinokuro, who was sanctioned by the EU.
Malwarebytes
MARCH 29, 2022
Since the start of the Russian invasion of Ukraine, the war on the battlefield has been accompanied by cyber attacks. Those attacks against critical infrastructure have knocked out banking and defense platforms, mostly by targeting several communication systems. In a timeline set up by NetBlocks , you can follow individual attacks on communication services, starting Thursday 24 February 2022, the same day the invasion of Ukraine started.
CSO Magazine
MARCH 29, 2022
If you don’t currently have your own security operations center (SOC), you have two ways to get one: Build your own or use some managed collection of services. In past years the two paths were distinct, and it was relatively easy to make the call based on staffing costs and skills. Now, the SOC-as-a-service (SOCaaS) industry has matured to the point now where the term is falling into disfavor as managed services vendors have become more integral to the practice.
Tech Republic Security
APRIL 1, 2022
A credential harvesting campaign spotted by INKY at the end of February tried to lure its victims to Calendly, a legitimate and free online calendar app. The post Phishing attacks exploit free calendar app to steal account credentials appeared first on TechRepublic.
Advertisement
Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.
Security Affairs
APRIL 1, 2022
Researchers spotted a new destructive wiper, tracked as AcidRain , that is likely linked to the recent attack against Viasat. Security researchers at SentinelLabs have spotted a previously undetected destructive wiper, tracked as AcidRain, that hit routers and modems and that was suspected to be linked to the Viasat KA-SAT attack that took place on February 24th, 2022.
CyberSecurity Insiders
MARCH 31, 2022
By Chester Avey. The Covid-19 pandemic has caused seismic change for business. Not only have markets and industries had to find ways to adapt, but companies of all sizes have faced an unprecedented scenario. It can be easy to understand then, that cybersecurity may not have been a huge priority for businesses . However, it has now been well established that over the period of the pandemic there has been an enormous rise in cybercrime.
Bleeping Computer
MARCH 28, 2022
The Ukrainian Security Service (SSU) has announced that since the start of the war with Russia, it has discovered and shut down five bot farms with over 100,000 fake social media accounts spreading fake news. [.].
Tech Republic Security
MARCH 29, 2022
Phishing attempts are within reach of less tech-savvy attackers, thanks to the rise of phishing kits. Learn where these kits are found, how they work, and how to combat them. The post Cybercriminals’ phishing kits make credential theft easier than ever appeared first on TechRepublic.
Advertisement
Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!
Expert insights. Personalized for you.
363 
Let's personalize your content