Dark Reading
DECEMBER 28, 2022
Will the bottom falling out of the cryptocurrency market have a profound impact on cybercriminal tactics and business models? Experts weigh in on what to expect.
Daniel Miessler
DECEMBER 24, 2022
If you follow Information Security at all you are surely aware of the LastPass breach situation. It started back in August of 2022 as a fairly common breach notification on a blog, but it, unfortunately, turned into more of a blog series. The initial blog was on August 25th, saying there was a breach, but it wasn’t so bad because they had no access to customer data or password vaults: Two weeks ago, we detected some unusual activity within portions of the LastPass development environment.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Schneier on Security
DECEMBER 30, 2022
Yet another smartphone side-channel attack: “ EarSpy: Spying Caller Speech and Identity through Tiny Vibrations of Smartphone Ear Speakers “: Abstract: Eavesdropping from the user’s smartphone is a well-known threat to the user’s safety and privacy. Existing studies show that loudspeaker reverberation can inject speech into motion sensor readings, leading to speech eavesdropping.
Lohrman on Security
DECEMBER 30, 2022
After a year full of data breaches, ransomware attacks and real-world cyber impacts stemming from Russia’s invasion of Ukraine, what’s next? Here’s part 2 of your annual roundup of security industry forecasts for 2023 and beyond.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Krebs on Security
DECEMBER 29, 2022
KrebsOnSecurity turns 13 years old today. That’s a crazy long time for an independent media outlet these days, but then again I’m bound to keep doing this as long as they keep letting me. Heck, I’ve been doing this so long I briefly forgot which birthday this was! Thanks to your readership and support, I was able to spend more time in 2022 on some deep, meaty investigative stories — the really satisfying kind with the potential to affect positive change.
Troy Hunt
DECEMBER 30, 2022
We made it! That's 2022 done and dusted, and what a year it was, both professionally and personally. It feels great to get to the end of the year with all the proverbial ducks lined up, some massive achievements now behind us (not least of which was the wedding), and a clean slate coming into 2023 to do amazing things. I'm super excited about next year and can't wait to share a whole bunch of new stuff over the coming 52 Fridays.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Tech Republic Security
DECEMBER 28, 2022
A password manager can keep your sensitive information in-house. Here's how to deploy Passbolt to your data center or cloud-hosted service. The post How to deploy a self-hosted instance of the Passbolt password manager appeared first on TechRepublic.
Bleeping Computer
DECEMBER 29, 2022
A bug in Google Home smart speaker allowed installing a backdoor account that could be used to control it remotely and to turn it into a snooping device by accessing the microphone feed. [.].
Troy Hunt
DECEMBER 25, 2022
It's my last weekly update on the road for a while! As enjoyable as travel is, I'm looking forward to getting back to a normal routine and really starting to smash out some of the goals I have for the coming year. For now though, I've published this a couple of days after recording, and a day after an awesome hot, beachside Christmas.
Schneier on Security
DECEMBER 28, 2022
An enterprising individual made fake parking tickets with a QR code for easy payment.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Tech Republic Security
DECEMBER 30, 2022
Find out how you can have a safe and secure transition to the cloud. This guide describes tips and steps to take to ensure your data is secure during a migration. The post Tips and tricks for securing data when migrating to the cloud appeared first on TechRepublic.
We Live Security
DECEMBER 27, 2022
The past year has seen no shortage of disruptive cyberattacks – here’s a round-up of some of the worst hacks and breaches that have impacted a variety of targets around the world in 2022. The post 2022 in review: 10 of the year’s biggest cyberattacks appeared first on WeLiveSecurity.
Javvad Malik
DECEMBER 29, 2022
The search for a job has never been easy, but with the commoditisation of AI tools, it’s becoming a bit easier for the ambitious jobseeker. Recently, one such individual used AI to apply for nearly 200 jobs in the span of two days – a feat most of us can only dream of achieving. @jerryjhlee Replying to @jaymie_inc this is how you apply to 200 jobs in 2 days — perfect timing with the holidays #resume #jobtips ♬ Betty (Get Money) – Yung Gravy.
SecureList
DECEMBER 27, 2022
BlueNoroff group is a financially motivated threat actor eager to profit from its cyberattack capabilities. We have published technical details of how this notorious group steals cryptocurrency before. We continue to track the group’s activities and this October we observed the adoption of new malware strains in its arsenal. The group usually takes advantage of Word documents and uses shortcut files for the initial intrusion.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Tech Republic Security
DECEMBER 27, 2022
Researchers from PRODAFT reveal that the infamous FIN7 threat actor updated its ransomware activities and provide a unique view into the structure of the group. Learn how to protect against it. The post FIN7 threat actor updated its ransomware activity appeared first on TechRepublic.
Security Boulevard
DECEMBER 29, 2022
As another year wraps up, it’s time to take a look back at the cybersecurity trends that dominated the landscape. From the ongoing impact of the past years’ pandemic to major geopolitical events and nation-state cyber attacks, 2022 saw a surge in cyberattacks that shows no signs of slowing down. But what exactly is driving […]. The post Year in review for 2022 – Where is Cybersecurity headed?
CyberSecurity Insiders
DECEMBER 26, 2022
A few days ago, Comcast hit the news headlines for increasing its service price so much that many of its customers weren’t ready for the surprise at all. Now, reports are in that the database of the Pennsylvania based digital services provider was hit by a cyber attack leading to a data breach, thus leaking details to hackers. The attack reportedly took place on December 9th,2022(likely) when most of the IT staff were on a long Christmas leave or were about to take it to enjoy the festive season
CSO Magazine
DECEMBER 26, 2022
On January 1, 2023, 20, the California Privacy Rights Act (CPRA) will go into effect. Approved by ballot measure as Proposition 24 in November 2020, it created a new consumer data privacy agency and put California another step ahead of other states in terms of privacy productions for consumers—and data security requirements for enterprises. California already had a privacy law in place, the California Consumer Privacy Act (CCPA), adopted in 2018.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Tech Republic Security
DECEMBER 30, 2022
Supply chain security concerns continue to grow. Does your company have a risk management strategy in place that addresses the possibility of a major supplier security failure? The post Don’t overlook supply chain security in your 2023 security plan appeared first on TechRepublic.
Security Boulevard
DECEMBER 29, 2022
Today’s cyber threat landscape is constantly expanding and evolving. On top of that, threat actors’ attack tactics are increasingly complex and difficult to detect. It can be challenging for organizations to keep up with all the new technologies they are adopting, how and where they are being used, who is using them, and whether they are critical for operations. .
CyberSecurity Insiders
DECEMBER 29, 2022
Joe Biden and his administration seems be on a forward thinking gear for quantum technology linked cyber attacks leading to data breaches. On December 21st,2022, the Senate passed a bipartisan bill to prevent data breaches emerging from quantum computing. The Quantum Computing Cybersecurity Preparedness Act was made into a legislation that prevents usage of quantum computing technology in decrypting stolen information, as they can break any kind of cryptographic algorithms.
Bleeping Computer
DECEMBER 26, 2022
A threat actor claims to be selling public and private data of 400 million Twitter users scraped in 2021 using a now-fixed API vulnerability. They're asking $200,000 for an exclusive sale. [.].
Advertisement
Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.
Javvad Malik
DECEMBER 28, 2022
It was bound to happen – welcome to the future! Mom took her daughter to see a show. AI facial recognition software recognizes her and she’s unceremoniously escorted out by security. . Her offence? Her employer, a huge law firm (not her) is in protracted litigation with the owner MSG Entertainment, and MSG has a policy that precludes attorneys pursuing active litigation against the company from attending events at their venues.
Security Boulevard
DECEMBER 28, 2022
As the holiday season ramps up, online gamers spend more time in their favorite virtual worlds. From Nintendo to Xbox to “God of War” and “Call of Duty,” a flood of video games appear on the scene, encouraging players to invest even more time and money in this form of competitive entertainment. There are an […]. The post Gaming Companies Take Big Risks This Holiday appeared first on Security Boulevard.
CyberSecurity Insiders
DECEMBER 28, 2022
Smart Phones have become a need for us these days as they assist us in commuting, help in entertaining us if/when bored, help communicate with near & dear, read news and do more such stuff. But as these gadgets have turned crucial in our lives, many hackers are also interested in infiltrating them, to get our glimpse of our lives or where we are heading. .
Bleeping Computer
DECEMBER 28, 2022
Malware operators have been increasingly abusing the Google Ads platform to spread malware to unsuspecting users searching for popular software products. [.].
Advertisement
Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!
CSO Magazine
DECEMBER 28, 2022
The Log4Shell critical vulnerability that impacted millions of enterprise applications remains a common cause for security breaches a year after it received patches and widespread attention and is expected to remain a popular target for some time to come. Its long-lasting impact highlights the major risks posed by flaws in transitive software dependencies and the need for enterprises to urgently adopt software composition analysis and secure supply chain management practices Log4Shell , official
Security Boulevard
DECEMBER 30, 2022
While low-code and no-code application development is a couple decades old, the train truly left the station just a few years ago. It has been gaining considerable steam ever since. So popular and prevalent is low-code/no-code that several studies estimate that by 2025 it will be responsible for two-thirds of all applications developed. The post How Low-Code/No-Code App Development Affects IT Security appeared first on Radware Blog.
CyberSecurity Insiders
DECEMBER 26, 2022
Insurance companies like Lloyd offer cyber insurance policies that cover a business from facing a business loss during a cyber-attack. However, in coming days, cyber attacks will become uninsurable, as per Mario Greco, the Chief of Zurich Insurance. Mario, who leads the Europe’s biggest insurance firms, predicted that digital attacks will lose their sheen with time, as business facing such threats cannot be monetarily covered because of multiple reasons.
Bleeping Computer
DECEMBER 28, 2022
The Lake Charles Memorial Health System (LCMHS) is sending out notices of a data breach affecting thousands of people who have received care at one of its medical centers. [.].
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Expert insights. Personalized for you.
106 
Let's personalize your content