Dark Reading

SEPTEMBER 14, 2022

With enough passion, intelligence, and effort, anyone can be a successful cybersecurity professional, regardless of education or background.

Cybersecurity 98

Cybersecurity Education 98

Schneier on Security

SEPTEMBER 12, 2022

It’s pretty nasty : The malware was dubbed “ Shikitega ” for its extensive use of the popular Shikata Ga Nai polymorphic encoder, which allows the malware to “mutate” its code to avoid detection. Shikitega alters its code each time it runs through one of several decoding loops that AT&T said each deliver multiple attacks, beginning with an ELF file that’s just 370 bytes.

Malware 301

Malware Backups IoT Software 301

Krebs on Security

SEPTEMBER 15, 2022

A number of financial institutions in and around New York City are dealing with a rash of super-thin “deep insert” skimming devices designed to fit inside the mouth of an ATM’s card acceptance slot. The card skimmers are paired with tiny pinhole cameras that are cleverly disguised as part of the cash machine. Here’s a look at some of the more sophisticated deep insert skimmer technology that fraud investigators have recently found in the wild.

Wireless 300

Wireless Banking Technology Scams 300

Troy Hunt

SEPTEMBER 15, 2022

I came so close to skipping this week's video. I'm surrounded by family, friends and my amazing wife to be in only a couple of days. But. this video has been my constant companion through very difficult times, and I'm happy to still being doing it at the best of times 😊 So, with that, I'm signing out and heading off to do something much more important.

Media 261

Media Accountability 261

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

Anton on Security

SEPTEMBER 14, 2022

This blog / mini-paper is written jointly with Oliver Rochford. When we detect threats we expect to know what we are detecting. Sounds painfully obvious, right? But it is very clear to us that throughout the entire history of the security industry this has not always been the case. Some of us remember the early days of the network IDS intrusion detections systems were delivered without customers being able to see how the detections worked .

Threat Detection 244

Threat Detection CISO Accountability Ransomware 244

Schneier on Security

SEPTEMBER 16, 2022

Nice work : Radio relay attacks are technically complicated to execute, but conceptually easy to understand: attackers simply extend the range of your existing key using what is essentially a high-tech walkie-talkie. One thief stands near you while you’re in the grocery store, intercepting your key’s transmitted signal with a radio transceiver.

Engineering 277

Engineering Hacking 277

Troy Hunt

SEPTEMBER 11, 2022

I'm so excited to see the book finally out and awesome feedback coming in, but I'm disappointed with this week's video. I frankly wasn't in the right frame of mind to do it justice (it's been a very hard road up until this point, for various reasons), then my connection dropped out halfway through and I had to roll to 5G, and now I'm hearing (both from other people and with my own ears), a constant background noise being picked up by the mic.

242

242

Krebs on Security

SEPTEMBER 14, 2022

This month’s Patch Tuesday offers a little something for everyone, including security updates for a zero-day flaw in Microsoft Windows that is under active attack, and another Windows weakness experts say could be used to power a fast-spreading computer worm. Also, Apple has also quashed a pair of zero-day bugs affecting certain macOS and iOS users, and released iOS 16 , which offers a new privacy and security feature called “ Lockdown Mode.” And Adobe axed 63 vulnerabilities i

Spyware 189

Spyware Cyber threats Security Defenses Cyber Attacks 189

Schneier on Security

SEPTEMBER 16, 2022

It’s big : The breach appeared to have compromised many of Uber’s internal systems, and a person claiming responsibility for the hack sent images of email, cloud storage and code repositories to cybersecurity researchers and The New York Times. “They pretty much have full access to Uber,” said Sam Curry, a security engineer at Yuga Labs who corresponded with the person who claimed to be responsible for the breach. “This is a total compromise, from what it looks like

Data breaches 276

Data breaches Engineering Phishing Hacking 276

Tech Republic Security

SEPTEMBER 16, 2022

While it's important to implement processes and procedures that safeguard data security and privacy, you can also focus on more strategic data governance goals. The post How does data governance affect data security and privacy? appeared first on TechRepublic.

Government 179

Government Big data Data privacy Cybersecurity 179

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Graham Cluley

SEPTEMBER 16, 2022

Uber has suffered a security breach which allowed a hacker to break into its network, and access the company's internal documents and systems. How did they do it? By bombarding an employee with a spate of multi-factor authentication (MFA) push notifications.

Authentication 145

Authentication Data breaches 145

Security Affairs

SEPTEMBER 16, 2022

Uber on Thursday disclosed a security breach, threat actors gained access to its network, and stole internal documents. Uber on Thursday suffered a cyberattack, the attackers were able to penetrate its internal network and access internal documents, including vulnerability reports. We are currently responding to a cybersecurity incident. We are in touch with law enforcement and will post additional updates here as they become available. — Uber Comms (@Uber_Comms) September 16, 2022.

Hacking 145

Hacking Data breaches Engineering Information Security 145

Schneier on Security

SEPTEMBER 13, 2022

The Wall Street Journal is reporting that the FBI has recovered over $30 million in cryptocurrency stolen by North Korean hackers earlier this year. It’s only a fraction of the $540 million stolen, but it’s something. The Axie Infinity recovery represents a shift in law enforcement’s ability to trace funds through a web of so-called crypto addresses, the virtual accounts where cryptocurrencies are stored.

Cryptocurrency 220

Cryptocurrency Banking Accountability 220

Tech Republic Security

SEPTEMBER 16, 2022

One breach of digital trust can cause devastating reputational, regulatory and financial repercussions, according to ISACA’s State of Digital Trust 2022 survey findings. The post Report: Digital trust is critical, but many enterprises are not prioritizing it appeared first on TechRepublic.

Data privacy 157

Data privacy 157

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Bleeping Computer

SEPTEMBER 10, 2022

Winamp 5.9 Final has been released after four years of development and includes numerous improvements, including Windows 11 support, playback of HTTPS:// streams, and various bug fixes. [.].

Software 145

Software 145

Security Affairs

SEPTEMBER 10, 2022

The U.S. Treasury Department sanctioned Iran ‘s Ministry of Intelligence and Security (MOIS) and its Minister of Intelligence over the Albania cyberattack. The U.S. Treasury Department announced sanctions against Iran ‘s Ministry of Intelligence and Security (MOIS) and its Minister of Intelligence over the cyber attack that hit Albania in July.

Government 145

Government Cyber Attacks Hacking Cyber threats 145

Schneier on Security

SEPTEMBER 14, 2022

People are trying to dig up dirt on Peiter Zatko, better known as Mudge. For the record, I have not been contacted. I’m not sure if I should feel slighted.

220

220

Tech Republic Security

SEPTEMBER 13, 2022

These five SASE companies are the leaders in their field. The post Secure Access Service Edge: Trends and SASE companies to watch appeared first on TechRepublic.

148

148

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

SecureList

SEPTEMBER 15, 2022

An unusual malicious bundle (a collection of malicious programs distributed in the form of a single installation file, self-extracting archive or other file with installer-type functionality) recently caught our eye. Its main payload is the widespread RedLine stealer. Discovered in March 2020, RedLine is currently one of the most common Trojans used to steal passwords and credentials from browsers, FTP clients and desktop messengers.

Passwords 139

Passwords Hacking Malware Software 139

Security Affairs

SEPTEMBER 12, 2022

Google completed the acquisition of the threat intelligence firm Mandiant, the IT giant will pay $5.4 billion. Google announced the completion of the $5.4 billion acquisition of threat intelligence firm Mandiant. The acquisition was announced in March 2022 by both companies: “ RESTON, Va., March 8, 2022 – Mandiant, Inc. (NASDAQ: MNDT) today announced that it has entered into a definitive agreement to be acquired by Google LLC for $23.00 per share in an all-cash transaction valued at appro

Cyber threats 144

Cyber threats Cybersecurity Hacking Technology 144

Schneier on Security

SEPTEMBER 14, 2022

This is a current list of where and when I am scheduled to speak: I’m speaking as part of a Geneva Centre for Security Policy course on Cyber Security in the Context of International Security , online, on September 22, 2022. I’m speaking at IT-Security INSIDE 2022 in Zurich, Switzerland, on September 22, 2022. The list is maintained on this page.

41

41

Tech Republic Security

SEPTEMBER 12, 2022

Some ransomware groups are now using a new method to try to bypass those detections. The post Ransomware makes use of intermittent encryption to bypass detection algorithms appeared first on TechRepublic.

Encryption 148

Encryption Ransomware 148

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Digital Shadows

SEPTEMBER 14, 2022

Although in decline, carding has traditionally been an easy entry point into the world of cybercrime, owing to the low. The post There’s No Honor Among Thieves: Carding Forum Staff Defraud Users in an ESCROW Scam first appeared on Digital Shadows.

Scams 139

Scams Cybercrime 139

Security Affairs

SEPTEMBER 10, 2022

Scammers live-streamed on YouTube an old interview with Tim Cook as part of a fake Apple crypto event, and tens of thousands of users viewed it. Cybercriminals were live-streaming on YouTube an old interview with Tim Cook as part of a fake Apple crypto event, and tens of thousands of users viewed it. The interview was transmitted by CNN conducted in 2018.

Scams 140

Scams Advertising Hacking Information Security 140

Bleeping Computer

SEPTEMBER 14, 2022

Security analysts have found a severe security vulnerability in the desktop app for Microsoft Teams that gives threat actors access to authentication tokens and accounts with multi-factor authentication (MFA) turned on. [.].

Authentication 139

Authentication Accountability 139

Tech Republic Security

SEPTEMBER 12, 2022

A new report finds that ransomware attacks are delaying procedures and tests, resulting in poor patient outcomes and increased complications from medical procedures. The post ‘Cyber insecurity’ in healthcare is leading to increased patient mortality rates appeared first on TechRepublic.

Healthcare 147

Healthcare Ransomware Cybersecurity 147

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

CyberSecurity Insiders

SEPTEMBER 16, 2022

According to State of Cloud Security Report compiled by Snyk, over 80% of organizations have suffered cloud security in the past one year and an equal proportion of them have suffered a data breach, but aren’t aware of it due to lack of coordination between teams & policy frameworks, enforcement challenges and budget allotment on time. The report that was compiled after taking the response of over 400 cloud engineers and security analysts concluded that their cloud platforms suffered a varie

Accountability 137

Accountability Cyber Attacks Cyber Risk Data breaches 137

Security Affairs

SEPTEMBER 10, 2022

InterContinental Hotels Group PLC (IHG) discloses a security breach, parts of its IT infrastructure has been subject to unauthorised activity. The hospitality conglomerate, InterContinental Hotel Group (IHG) manages 17 hotel chains, including the Regent, Crowne Plaza, Holiday Inn, and Candlewood Suites. IHG operates 6,028 hotels in more than 100 different countries.

Technology 140

Technology Hacking Ransomware Information Security 140

Bleeping Computer

SEPTEMBER 10, 2022

A growing number of ransomware groups are adopting a new tactic that helps them encrypt their victims' systems faster while reducing the chances of being detected and stopped. [.].

Encryption 139

Encryption Ransomware 139

Naked Security

SEPTEMBER 16, 2022

Uber is all over the news for a widely-publicised data breach. We help you answer the question, "How do I stop this happening to me?".

Data breaches 134

Data breaches Hacking 134

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity