Sat.Dec 24, 2022 - Fri.Dec 30, 2022

article thumbnail

Will the Crypto Crash Impact Cybersecurity in 2023? Maybe.

Dark Reading

Will the bottom falling out of the cryptocurrency market have a profound impact on cybercriminal tactics and business models? Experts weigh in on what to expect.

article thumbnail

My Philosophy and Recommendations Around the LastPass Breaches

Daniel Miessler

If you follow Information Security at all you are surely aware of the LastPass breach situation. It started back in August of 2022 as a fairly common breach notification on a blog, but it, unfortunately, turned into more of a blog series. The initial blog was on August 25th, saying there was a breach, but it wasn’t so bad because they had no access to customer data or password vaults: Two weeks ago, we detected some unusual activity within portions of the LastPass development environment.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Recovering Smartphone Voice from the Accelerometer

Schneier on Security

Yet another smartphone side-channel attack: “ EarSpy: Spying Caller Speech and Identity through Tiny Vibrations of Smartphone Ear Speakers “: Abstract: Eavesdropping from the user’s smartphone is a well-known threat to the user’s safety and privacy. Existing studies show that loudspeaker reverberation can inject speech into motion sensor readings, leading to speech eavesdropping.

article thumbnail

The Top 23 Security Predictions for 2023 (Part 2)

Lohrman on Security

After a year full of data breaches, ransomware attacks and real-world cyber impacts stemming from Russia’s invasion of Ukraine, what’s next? Here’s part 2 of your annual roundup of security industry forecasts for 2023 and beyond.

article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Happy 13th Birthday, KrebsOnSecurity!

Krebs on Security

KrebsOnSecurity turns 13 years old today. That’s a crazy long time for an independent media outlet these days, but then again I’m bound to keep doing this as long as they keep letting me. Heck, I’ve been doing this so long I briefly forgot which birthday this was! Thanks to your readership and support, I was able to spend more time in 2022 on some deep, meaty investigative stories — the really satisfying kind with the potential to affect positive change.

article thumbnail

Weekly Update 328

Troy Hunt

We made it! That's 2022 done and dusted, and what a year it was, both professionally and personally. It feels great to get to the end of the year with all the proverbial ducks lined up, some massive achievements now behind us (not least of which was the wedding), and a clean slate coming into 2023 to do amazing things. I'm super excited about next year and can't wait to share a whole bunch of new stuff over the coming 52 Fridays.

More Trending

article thumbnail

How to deploy a self-hosted instance of the Passbolt password manager

Tech Republic Security

A password manager can keep your sensitive information in-house. Here's how to deploy Passbolt to your data center or cloud-hosted service. The post How to deploy a self-hosted instance of the Passbolt password manager appeared first on TechRepublic.

article thumbnail

Google Home speakers allowed hackers to snoop on conversations

Bleeping Computer

A bug in Google Home smart speaker allowed installing a backdoor account that could be used to control it remotely and to turn it into a snooping device by accessing the microphone feed. [.].

article thumbnail

Weekly Update 327

Troy Hunt

It's my last weekly update on the road for a while! As enjoyable as travel is, I'm looking forward to getting back to a normal routine and really starting to smash out some of the goals I have for the coming year. For now though, I've published this a couple of days after recording, and a day after an awesome hot, beachside Christmas.

article thumbnail

QR Code Scam

Schneier on Security

An enterprising individual made fake parking tickets with a QR code for easy payment.

Scams 294
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Tips and tricks for securing data when migrating to the cloud

Tech Republic Security

Find out how you can have a safe and secure transition to the cloud. This guide describes tips and steps to take to ensure your data is secure during a migration. The post Tips and tricks for securing data when migrating to the cloud appeared first on TechRepublic.

article thumbnail

BlueNoroff introduces new methods bypassing MoTW

SecureList

BlueNoroff group is a financially motivated threat actor eager to profit from its cyberattack capabilities. We have published technical details of how this notorious group steals cryptocurrency before. We continue to track the group’s activities and this October we observed the adoption of new malware strains in its arsenal. The group usually takes advantage of Word documents and uses shortcut files for the initial intrusion.

Malware 144
article thumbnail

LastPass Data Breach: It's Time to Ditch This Password Manager

WIRED Threat Level

The password manager's most recent data breach is so concerning, users need to take immediate steps to protect themselves.

article thumbnail

LastPass Breach

Schneier on Security

Last August, LastPass reported a security breach, saying that no customer information—or passwords—were compromised. Turns out the full story is worse : While no customer data was accessed during the August 2022 incident, some source code and technical information were stolen from our development environment and used to target another employee, obtaining credentials and keys which were used to access and decrypt some storage volumes within the cloud-based storage service. […].

Passwords 293
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

FIN7 threat actor updated its ransomware activity

Tech Republic Security

Researchers from PRODAFT reveal that the infamous FIN7 threat actor updated its ransomware activities and provide a unique view into the structure of the group. Learn how to protect against it. The post FIN7 threat actor updated its ransomware activity appeared first on TechRepublic.

article thumbnail

2022 in review: 10 of the year’s biggest cyberattacks

We Live Security

The past year has seen no shortage of disruptive cyberattacks – here’s a round-up of some of the worst hacks and breaches that have impacted a variety of targets around the world in 2022. The post 2022 in review: 10 of the year’s biggest cyberattacks appeared first on WeLiveSecurity.

Hacking 143
article thumbnail

Thousands of Citrix Servers Still Unpatched for Critical Vulnerabilities

The Hacker News

Thousands of Citrix Application Delivery Controller (ADC) and Gateway endpoints remain vulnerable to two critical security flaws disclosed by the company over the last few months. The issues in question are CVE-2022-27510 and CVE-2022-27518 (CVSS scores: 9.8), which were addressed by the virtualization services provider on November 8 and December 13, 2022, respectively.

139
139
article thumbnail

Hackers abuse Google Ads to spread malware in legit software

Bleeping Computer

Malware operators have been increasingly abusing the Google Ads platform to spread malware to unsuspecting users searching for popular software products. [.].

Software 137
article thumbnail

The Importance of User Roles and Permissions in Cybersecurity Software

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

article thumbnail

Don’t overlook supply chain security in your 2023 security plan

Tech Republic Security

Supply chain security concerns continue to grow. Does your company have a risk management strategy in place that addresses the possibility of a major supplier security failure? The post Don’t overlook supply chain security in your 2023 security plan appeared first on TechRepublic.

Risk 176
article thumbnail

Year in review for 2022 – Where is Cybersecurity headed?

Security Boulevard

As another year wraps up, it’s time to take a look back at the cybersecurity trends that dominated the landscape. From the ongoing impact of the past years’ pandemic to major geopolitical events and nation-state cyber attacks, 2022 saw a surge in cyberattacks that shows no signs of slowing down. But what exactly is driving […]. The post Year in review for 2022 – Where is Cybersecurity headed?

article thumbnail

CISA Warns of Active exploitation of JasperReports Vulnerabilities

The Hacker News

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two years-old security flaws impacting TIBCO Software's JasperReports product to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The flaws, tracked as CVE-2018-5430 (CVSS score: 7.7) and CVE-2018-18809 (CVSS score: 9.

Software 138
article thumbnail

Data Breach leads to Comcast Customer Data Leak

CyberSecurity Insiders

A few days ago, Comcast hit the news headlines for increasing its service price so much that many of its customers weren’t ready for the surprise at all. Now, reports are in that the database of the Pennsylvania based digital services provider was hit by a cyber attack leading to a data breach, thus leaking details to hackers. The attack reportedly took place on December 9th,2022(likely) when most of the IT staff were on a long Christmas leave or were about to take it to enjoy the festive season

article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

CPRA explained: New California privacy law ramps up restrictions on data use

CSO Magazine

On January 1, 2023, 20, the California Privacy Rights Act (CPRA) will go into effect. Approved by ballot measure as Proposition 24 in November 2020, it created a new consumer data privacy agency and put California another step ahead of other states in terms of privacy productions for consumers—and data security requirements for enterprises. California already had a privacy law in place, the California Consumer Privacy Act (CCPA), adopted in 2018.

article thumbnail

6 Reasons Why Today’s Cybersecurity Landscape is so Complex

Security Boulevard

Today’s cyber threat landscape is constantly expanding and evolving. On top of that, threat actors’ attack tactics are increasingly complex and difficult to detect. It can be challenging for organizations to keep up with all the new technologies they are adopting, how and where they are being used, who is using them, and whether they are critical for operations. .

article thumbnail

Extracting Encrypted Credentials From Common Tools

Dark Reading

Attackers are harvesting credentials from compromised systems. Here's how some commonly used tools can enable this.

article thumbnail

Biden administration passes bill against Quantum Computing Data Breaches

CyberSecurity Insiders

Joe Biden and his administration seems be on a forward thinking gear for quantum technology linked cyber attacks leading to data breaches. On December 21st,2022, the Senate passed a bipartisan bill to prevent data breaches emerging from quantum computing. The Quantum Computing Cybersecurity Preparedness Act was made into a legislation that prevents usage of quantum computing technology in decrypting stolen information, as they can break any kind of cryptographic algorithms.

article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

Hacker claims to be selling Twitter data of 400 million users

Bleeping Computer

A threat actor claims to be selling public and private data of 400 million Twitter users scraped in 2021 using a now-fixed API vulnerability. They're asking $200,000 for an exclusive sale. [.].

129
129
article thumbnail

Gaming Companies Take Big Risks This Holiday

Security Boulevard

As the holiday season ramps up, online gamers spend more time in their favorite virtual worlds. From Nintendo to Xbox to “God of War” and “Call of Duty,” a flood of video games appear on the scene, encouraging players to invest even more time and money in this form of competitive entertainment. There are an […]. The post Gaming Companies Take Big Risks This Holiday appeared first on Security Boulevard.

Risk 128
article thumbnail

Cybersecurity trends and challenges to look out for in 2023

We Live Security

What are some of the key cybersecurity trends and themes that organizations should have on their radars in 2023? The post Cybersecurity trends and challenges to look out for in 2023 appeared first on WeLiveSecurity.

article thumbnail

Follow these simple tricks to keep your smart phone secure in 2023

CyberSecurity Insiders

Smart Phones have become a need for us these days as they assist us in commuting, help in entertaining us if/when bored, help communicate with near & dear, read news and do more such stuff. But as these gadgets have turned crucial in our lives, many hackers are also interested in infiltrating them, to get our glimpse of our lives or where we are heading. .

article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!