Troy Hunt
MARCH 28, 2022
Data breaches impact us all as individuals, companies and as governments. Over the last 4 years, I've been providing additional access to data breach information in Have I Been Pwned for government agencies responsible for protecting their citizens. The access is totally free and amounts to APIs designed to search and monitor government owned domains and TLDs.
Schneier on Security
APRIL 1, 2022
These techniques are not new, but they’re increasingly popular : …some forms of MFA are stronger than others, and recent events show that these weaker forms aren’t much of a hurdle for some hackers to clear. In the past few months, suspected script kiddies like the Lapsus$ data extortion gang and elite Russian-state threat actors (like Cozy Bear, the group behind the SolarWinds hack) have both successfully defeated the protection. […].
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Adam Levin
MARCH 31, 2022
When it comes to backing up your data, IT and cybersecurity experts alike consistently advise what’s known as the “3-2-1” rules, which are: Keep at least three copies of your data: The emphasis here is on at least. Backups are inherently fallible, and can fall prey to malware, ransomware, power surges, and hardware failure. The only way to make sure your data is truly secured is by having backups of your backups.
Krebs on Security
MARCH 29, 2022
There is a terrifying and highly effective “method” that criminal hackers are now using to harvest sensitive customer data from Internet service providers, phone companies and social media firms. It involves compromising email accounts and websites tied to police departments and government agencies, and then sending unauthorized demands for subscriber data while claiming the information being requested can’t wait for a court order because it relates to an urgent matter of life
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Troy Hunt
APRIL 1, 2022
Everyone just came for the Ubiquiti discussion, right? This is such a tricky one; if their products sucked we could all just forget about them and go on with our day. But they don't suck - they're awesome - and that makes it hard to fathom how a company that makes such great gear is responding this way to such a well-respected journo. I spend most of this week's video talking about this and perhaps what surprised me most, is even after that discussion there's a bunch of peopl
Schneier on Security
MARCH 31, 2022
North Korean hackers have been exploiting a zero-day in Chrome. The flaw, tracked as CVE-2022-0609, was exploited by two separate North Korean hacking groups. Both groups deployed the same exploit kit on websites that either belonged to legitimate organizations and were hacked or were set up for the express purpose of serving attack code on unsuspecting visitors.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Krebs on Security
MARCH 31, 2022
On Tuesday, KrebsOnSecurity warned that hackers increasingly are using compromised government and police department email accounts to obtain sensitive customer data from mobile providers, ISPs and social media companies. Today, one of the U.S. Senate’s most tech-savvy lawmakers said he was troubled by the report and is now asking technology companies and federal agencies for information about the frequency of such schemes.
Veracode Security
MARCH 31, 2022
Details of a zero-day vulnerability in Spring Framework were leaked on March 29, 2022 but promptly taken down by the original source. Although much of the initial speculation about the nature of the vulnerability was incorrect, we now know that the vulnerability has the potential to be quite serious depending on your organization’s use of Spring Framework.
Schneier on Security
MARCH 30, 2022
The malicious uses of these technologies are scary : Police reportedly arrived on the scene last week and found the man crouched beside the woman’s passenger side door. According to the police, the man had, at some point, wrapped his Apple Watch across the spokes of the woman’s passenger side front car wheel and then used the Watch to track her movements.
Tech Republic Security
APRIL 1, 2022
A report from NCC Group profiles the industries plagued by ransomware as well as the most active hacking groups in February. The post Ransomware attacks are on the rise, who is being affected? appeared first on TechRepublic.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
PCI perspectives
MARCH 31, 2022
PCI Data Security Standard (PCI DSS) is a global standard that provides a baseline of technical and operational requirements designed to protect account data. The next evolution of the standard- PCI DSS v4.0- is now available. This PCI DSS Resource Hub provides links to both standard documents and educational resources to help organizations become familiar with PCI DSS v4.0.
Digital Shadows
MARCH 29, 2022
Since Russia’s invasion of Ukraine in February, the Digital Shadows Photon team has been following multiple aspects of the tragic. The post “Your rubles will only be good for lighting a fire”: Cybercriminals reel from impact of sanctions first appeared on Digital Shadows.
CSO Magazine
MARCH 29, 2022
If you don’t currently have your own security operations center (SOC), you have two ways to get one: Build your own or use some managed collection of services. In past years the two paths were distinct, and it was relatively easy to make the call based on staffing costs and skills. Now, the SOC-as-a-service (SOCaaS) industry has matured to the point now where the term is falling into disfavor as managed services vendors have become more integral to the practice.
Tech Republic Security
MARCH 29, 2022
To reduce security threats within your organization, you must prioritize security risk management. Here are some best practices to follow, as well as some top resources from TechRepublic Premium. The post Minimizing security risks: Best practices for success appeared first on TechRepublic.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
CyberSecurity Insiders
MARCH 31, 2022
By Chester Avey. The Covid-19 pandemic has caused seismic change for business. Not only have markets and industries had to find ways to adapt, but companies of all sizes have faced an unprecedented scenario. It can be easy to understand then, that cybersecurity may not have been a huge priority for businesses . However, it has now been well established that over the period of the pandemic there has been an enormous rise in cybercrime.
Bleeping Computer
MARCH 28, 2022
The Ukrainian Security Service (SSU) has announced that since the start of the war with Russia, it has discovered and shut down five bot farms with over 100,000 fake social media accounts spreading fake news. [.].
Security Affairs
APRIL 1, 2022
Anonymous continues its operations against Russia, the group announced the hack of the Russian investment firm Marathon Group. Anonymous continues to target Russian firms owned by oligarchs, yesterday the collective announced the hack of the Thozis Corp , while today the group claimed the hack of Marathon Group. The Marathon Group is a Russian investment firm owned by oligarch Alexander Vinokuro, who was sanctioned by the EU.
Tech Republic Security
APRIL 1, 2022
As digital transformation takes hold, companies must employ zero trust to fully secure the expanded threat layer that drives efficiency. The post Digital Transformation Phase 2: Increased Efficiency and Heightened Security Risk appeared first on TechRepublic.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
CyberSecurity Insiders
APRIL 1, 2022
As CIOs and CTOs are getting extremely worried about distributed denial of service attacks (DDoS), here’s a brief article that can help to enlighten their mind on protecting their corporate networks, without the need of any professional help. Running a DDoS Testing- It is essential, although it is a 3 hour effort to conduct. It can be done in two ways- hire a company to do it on your behalf or rent a cloud platform for three hours to test controlled attacks.
Bleeping Computer
MARCH 27, 2022
Sophos has fixed a critical vulnerability in its Sophos Firewall product that allows remote code execution. Tracked as CVE-2022-1040, the authentication bypass vulnerability exists in the User Portal and Webadmin areas of Sophos Firewall. [.].
Security Boulevard
MARCH 31, 2022
As Women's History Month comes to an end, we reflect on the impact women have made in shaping our industry. At Contrast, women comprise more than a fourth of our workforce, and they are well represented across sales, customer success, marketing, human resources, finance, and product development. To celebrate Women's History Month, we invited some of our women in tech to give advice to others trying to break into the field.
Tech Republic Security
APRIL 1, 2022
A credential harvesting campaign spotted by INKY at the end of February tried to lure its victims to Calendly, a legitimate and free online calendar app. The post Phishing attacks exploit free calendar app to steal account credentials appeared first on TechRepublic.
Advertisement
Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.
CSO Magazine
MARCH 29, 2022
Shodan is a search engine for everything on the internet — web cams, water treatment facilities, yachts, medical devices, traffic lights, wind turbines, license plate readers, smart TVs, refrigerators, anything and everything you could possibly imagine that's plugged into the internet (and often shouldn't be). Google and other search engines, by comparison, index only the web.
Bleeping Computer
APRIL 1, 2022
GitLab has addressed a critical severity vulnerability that could allow remote attackers to take over user accounts using hardcoded passwords. [.].
eSecurity Planet
MARCH 31, 2022
As web security improves, email security has become a bigger problem than ever. The overwhelming majority of malware attacks now come from email — as high as 89 percent , according to HP Wolf Security research. And with many employees getting multiple emails per day, it’s easy for spam emails to slip their notice. Approximately 83 percent of organizations said they faced a successful phishing attempt in 2021, up from 57 percent in 2020.
Tech Republic Security
MARCH 29, 2022
Phishing attempts are within reach of less tech-savvy attackers, thanks to the rise of phishing kits. Learn where these kits are found, how they work, and how to combat them. The post Cybercriminals’ phishing kits make credential theft easier than ever appeared first on TechRepublic.
Advertisement
Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!
The Hacker News
APRIL 1, 2022
A Chinese advanced persistent threat tracked as Deep Panda has been observed exploiting the Log4Shell vulnerability in VMware Horizon servers to deploy a backdoor and a novel rootkit on infected machines with the goal of stealing sensitive data.
Bleeping Computer
MARCH 27, 2022
Okta has admitted that it made a mistake delaying the disclosure hack from the Lapsus$ data extortion group that took place in January. Additionally, the company has provided a detailed timeline of the incident and its investigation activities. [.].
CyberSecurity Insiders
MARCH 30, 2022
A startup Liberty Strategic Capital, that is into the business of private equity fund, has announced that it has invested $525 million in a Cybersecurity firm, ZIMPERIUM. Sources reporting to Cybersecurity Insiders state that Steven Mnuchin, the former treasurer of United States, found the financial business. And he will now become the chairperson to Zimperium’s board of directors.
Tech Republic Security
MARCH 31, 2022
The two tech companies are believed to have provided hacker groups with user information as part of the impersonation. The post Apple and Meta shared data with child hackers pretending to be law enforcement appeared first on TechRepublic.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Expert insights. Personalized for you.
363 
Let's personalize your content