Dark Reading
DECEMBER 28, 2022
Will the bottom falling out of the cryptocurrency market have a profound impact on cybercriminal tactics and business models? Experts weigh in on what to expect.
Schneier on Security
DECEMBER 30, 2022
Yet another smartphone side-channel attack: “ EarSpy: Spying Caller Speech and Identity through Tiny Vibrations of Smartphone Ear Speakers “: Abstract: Eavesdropping from the user’s smartphone is a well-known threat to the user’s safety and privacy. Existing studies show that loudspeaker reverberation can inject speech into motion sensor readings, leading to speech eavesdropping.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Daniel Miessler
DECEMBER 24, 2022
If you follow Information Security at all you are surely aware of the LastPass breach situation. It started back in August of 2022 as a fairly common breach notification on a blog, but it, unfortunately, turned into more of a blog series. The initial blog was on August 25th, saying there was a breach, but it wasn’t so bad because they had no access to customer data or password vaults: Two weeks ago, we detected some unusual activity within portions of the LastPass development environment.
Lohrman on Security
DECEMBER 30, 2022
After a year full of data breaches, ransomware attacks and real-world cyber impacts stemming from Russia’s invasion of Ukraine, what’s next? Here’s part 2 of your annual roundup of security industry forecasts for 2023 and beyond.
Advertisement
Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.
Krebs on Security
DECEMBER 29, 2022
KrebsOnSecurity turns 13 years old today. That’s a crazy long time for an independent media outlet these days, but then again I’m bound to keep doing this as long as they keep letting me. Heck, I’ve been doing this so long I briefly forgot which birthday this was! Thanks to your readership and support, I was able to spend more time in 2022 on some deep, meaty investigative stories — the really satisfying kind with the potential to affect positive change.
Schneier on Security
DECEMBER 27, 2022
This is one way of ensuring that IT keeps up with patches : Albanian prosecutors on Wednesday asked for the house arrest of five public employees they blame for not protecting the country from a cyberattack by alleged Iranian hackers. Prosecutors said the five IT officials of the public administration department had failed to check the security of the system and update it with the most recent antivirus software.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
|
Tech Republic Security
DECEMBER 28, 2022
A password manager can keep your sensitive information in-house. Here's how to deploy Passbolt to your data center or cloud-hosted service. The post How to deploy a self-hosted instance of the Passbolt password manager appeared first on TechRepublic.
Bleeping Computer
DECEMBER 29, 2022
A bug in Google Home smart speaker allowed installing a backdoor account that could be used to control it remotely and to turn it into a snooping device by accessing the microphone feed. [.].
Schneier on Security
DECEMBER 28, 2022
An enterprising individual made fake parking tickets with a QR code for easy payment.
Troy Hunt
DECEMBER 25, 2022
It's my last weekly update on the road for a while! As enjoyable as travel is, I'm looking forward to getting back to a normal routine and really starting to smash out some of the goals I have for the coming year. For now though, I've published this a couple of days after recording, and a day after an awesome hot, beachside Christmas.
Advertisement
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
Tech Republic Security
DECEMBER 30, 2022
Find out how you can have a safe and secure transition to the cloud. This guide describes tips and steps to take to ensure your data is secure during a migration. The post Tips and tricks for securing data when migrating to the cloud appeared first on TechRepublic.
SecureList
DECEMBER 27, 2022
BlueNoroff group is a financially motivated threat actor eager to profit from its cyberattack capabilities. We have published technical details of how this notorious group steals cryptocurrency before. We continue to track the group’s activities and this October we observed the adoption of new malware strains in its arsenal. The group usually takes advantage of Word documents and uses shortcut files for the initial intrusion.
Schneier on Security
DECEMBER 26, 2022
Last August, LastPass reported a security breach, saying that no customer information—or passwords—were compromised. Turns out the full story is worse : While no customer data was accessed during the August 2022 incident, some source code and technical information were stolen from our development environment and used to target another employee, obtaining credentials and keys which were used to access and decrypt some storage volumes within the cloud-based storage service. […].
We Live Security
DECEMBER 27, 2022
The past year has seen no shortage of disruptive cyberattacks – here’s a round-up of some of the worst hacks and breaches that have impacted a variety of targets around the world in 2022. The post 2022 in review: 10 of the year’s biggest cyberattacks appeared first on WeLiveSecurity.
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
Tech Republic Security
DECEMBER 27, 2022
Researchers from PRODAFT reveal that the infamous FIN7 threat actor updated its ransomware activities and provide a unique view into the structure of the group. Learn how to protect against it. The post FIN7 threat actor updated its ransomware activity appeared first on TechRepublic.
Bleeping Computer
DECEMBER 28, 2022
Malware operators have been increasingly abusing the Google Ads platform to spread malware to unsuspecting users searching for popular software products. [.].
Security Boulevard
DECEMBER 29, 2022
As another year wraps up, it’s time to take a look back at the cybersecurity trends that dominated the landscape. From the ongoing impact of the past years’ pandemic to major geopolitical events and nation-state cyber attacks, 2022 saw a surge in cyberattacks that shows no signs of slowing down. But what exactly is driving […]. The post Year in review for 2022 – Where is Cybersecurity headed?
CyberSecurity Insiders
DECEMBER 26, 2022
A few days ago, Comcast hit the news headlines for increasing its service price so much that many of its customers weren’t ready for the surprise at all. Now, reports are in that the database of the Pennsylvania based digital services provider was hit by a cyber attack leading to a data breach, thus leaking details to hackers. The attack reportedly took place on December 9th,2022(likely) when most of the IT staff were on a long Christmas leave or were about to take it to enjoy the festive season
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Tech Republic Security
DECEMBER 30, 2022
Supply chain security concerns continue to grow. Does your company have a risk management strategy in place that addresses the possibility of a major supplier security failure? The post Don’t overlook supply chain security in your 2023 security plan appeared first on TechRepublic.
CSO Magazine
DECEMBER 26, 2022
On January 1, 2023, 20, the California Privacy Rights Act (CPRA) will go into effect. Approved by ballot measure as Proposition 24 in November 2020, it created a new consumer data privacy agency and put California another step ahead of other states in terms of privacy productions for consumers—and data security requirements for enterprises. California already had a privacy law in place, the California Consumer Privacy Act (CCPA), adopted in 2018.
Security Boulevard
DECEMBER 29, 2022
Today’s cyber threat landscape is constantly expanding and evolving. On top of that, threat actors’ attack tactics are increasingly complex and difficult to detect. It can be challenging for organizations to keep up with all the new technologies they are adopting, how and where they are being used, who is using them, and whether they are critical for operations. .
CyberSecurity Insiders
DECEMBER 29, 2022
Joe Biden and his administration seems be on a forward thinking gear for quantum technology linked cyber attacks leading to data breaches. On December 21st,2022, the Senate passed a bipartisan bill to prevent data breaches emerging from quantum computing. The Quantum Computing Cybersecurity Preparedness Act was made into a legislation that prevents usage of quantum computing technology in decrypting stolen information, as they can break any kind of cryptographic algorithms.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Dark Reading
DECEMBER 29, 2022
Attackers are harvesting credentials from compromised systems. Here's how some commonly used tools can enable this.
The Hacker News
DECEMBER 29, 2022
Thousands of Citrix Application Delivery Controller (ADC) and Gateway endpoints remain vulnerable to two critical security flaws disclosed by the company over the last few months. The issues in question are CVE-2022-27510 and CVE-2022-27518 (CVSS scores: 9.8), which were addressed by the virtualization services provider on November 8 and December 13, 2022, respectively.
Bleeping Computer
DECEMBER 26, 2022
A threat actor claims to be selling public and private data of 400 million Twitter users scraped in 2021 using a now-fixed API vulnerability. They're asking $200,000 for an exclusive sale. [.].
CyberSecurity Insiders
DECEMBER 28, 2022
Smart Phones have become a need for us these days as they assist us in commuting, help in entertaining us if/when bored, help communicate with near & dear, read news and do more such stuff. But as these gadgets have turned crucial in our lives, many hackers are also interested in infiltrating them, to get our glimpse of our lives or where we are heading. .
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Security Boulevard
DECEMBER 28, 2022
As the holiday season ramps up, online gamers spend more time in their favorite virtual worlds. From Nintendo to Xbox to “God of War” and “Call of Duty,” a flood of video games appear on the scene, encouraging players to invest even more time and money in this form of competitive entertainment. There are an […]. The post Gaming Companies Take Big Risks This Holiday appeared first on Security Boulevard.
The Hacker News
DECEMBER 29, 2022
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two years-old security flaws impacting TIBCO Software's JasperReports product to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The flaws, tracked as CVE-2018-5430 (CVSS score: 7.7) and CVE-2018-18809 (CVSS score: 9.
Naked Security
DECEMBER 29, 2022
Is there a special meaning of "don't" that means "go right ahead"?
CyberSecurity Insiders
DECEMBER 26, 2022
Insurance companies like Lloyd offer cyber insurance policies that cover a business from facing a business loss during a cyber-attack. However, in coming days, cyber attacks will become uninsurable, as per Mario Greco, the Chief of Zurich Insurance. Mario, who leads the Europe’s biggest insurance firms, predicted that digital attacks will lose their sheen with time, as business facing such threats cannot be monetarily covered because of multiple reasons.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Expert insights. Personalized for you.
106 
Let's personalize your content