Sat.Apr 23, 2022 - Fri.Apr 29, 2022

article thumbnail

You Can Now Ask Google to Remove Your Phone Number, Email or Address from Search Results

Krebs on Security

Google said this week it is expanding the types of data people can ask to have removed from search results, to include personal contact information like your phone number, email address or physical address. The move comes just months after Google rolled out a new policy enabling people under the age of 18 (or a parent/guardian) to request removal of their images from Google search results.

article thumbnail

SMS Phishing Attacks are on the Rise

Schneier on Security

SMS phishing attacks — annoyingly called “smishing” — are becoming more common. I know that I have been receiving a lot of phishing SMS messages over the past few months. I am not getting the “Fedex package delivered” messages the article talks about. Mine are usually of the form: “thank you for paying your bill, here’s a free gift for you.

Phishing 320
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Will Supply Chain Delays Impact Your Next Project?

Lohrman on Security

Where next for supply chain disruptions? How will this impact technology projects and plans? Let’s explore.

article thumbnail

GUEST ESSAY: Why automating distribution of strong passwords to employees is wise to do

The Last Watchdog

Passwords have become ubiquitous with digital. Yet most people don’t know how to use them properly. The humble password is nothing more than a digital key that opens a door. Related: The coming of passwordless access. People use keys to open their house, office, garage or car. And they use passwords to open a device, a system, an account, a file and so on.

Passwords 237
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Fighting Fake EDRs With ‘Credit Ratings’ for Police

Krebs on Security

When KrebsOnSecurity recently explored how cybercriminals were using hacked email accounts at police departments worldwide to obtain warrantless Emergency Data Requests (EDRs) from social media firms and technology providers, many security experts called it a fundamentally unfixable problem. But don’t tell that to Matt Donahue , a former FBI agent who recently quit the agency to launch a startup that aims to help tech companies do a better job screening out phony law enforcement data reque

Mobile 194
article thumbnail

Video Conferencing Apps Sometimes Ignore the Mute Button

Schneier on Security

New research: “ Are You Really Muted?: A Privacy Analysis of Mute Buttons in Video Conferencing Apps “: Abstract: In the post-pandemic era, video conferencing apps (VCAs) have converted previously private spaces — bedrooms, living rooms, and kitchens — into semi-public extensions of the office. And for the most part, users have accepted these apps in their personal space, without much thought about the permission models that govern the use of their personal data during me

More Trending

article thumbnail

GUEST ESSAY: A call to blur the lines between cybersecurity training, up-skilling and higher ed

The Last Watchdog

In a recent survey of US-based CEOs, talent shortages and cybersecurity were listed as two of the top five business concerns in 2022. Related: Cultivating ‘human sensors’ They may not entirely realize that when compounded, these two concerns could pose a critical security threat for their organization. CEOs who are looking to secure their data and build a cyber-resilient infrastructure are facing a quadruple whammy: •Expanding their digital infrastructure faster than they can secure

article thumbnail

T-Mobile hit by data breaches from Lapsus$ extortion group

Tech Republic Security

Through multiple breaches, the Lapsus$ cybercriminal group was able to steal source code from T-Mobile, says KrebsOnSecurity. The post T-Mobile hit by data breaches from Lapsus$ extortion group appeared first on TechRepublic.

article thumbnail

Microsoft Issues Report of Russian Cyberattacks against Ukraine

Schneier on Security

Microsoft has a comprehensive report on the dozens of cyberattacks — and even more espionage operations — Russia has conducted against Ukraine as part of this war: At least six Russian Advanced Persistent Threat (APT) actors and other unattributed threats, have conducted destructive attacks, espionage operations, or both, while Russian military forces attack the country by land, air, and sea.

article thumbnail

Russia Is Being Hacked at an Unprecedented Scale

WIRED Threat Level

From “IT Army” DDoS attacks to custom malware, the country has become a target like never before.

DDOS 145
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Watch out for this SMS phish promising a tax refund

Malwarebytes

Imagine logging into your bank’s website after responding to a text message claiming you’re due a refund, only to see a warning to watch out for bogus texts: Beware of SMS phishing! For those who don’t read Dutch, the warning reads: Never respond to unusual emails or texts! Fraudsters often send e-mails under the guise of renewing your debit card or digipas.

Phishing 145
article thumbnail

Top 5 things about zero-trust security that you need to know

Tech Republic Security

If malicious actors are already on your network, then typical cybersecurity measures aren’t enough. Learn how to further protect your organization’s data with these five facts about zero-trust security from Tom Merritt. The post Top 5 things about zero-trust security that you need to know appeared first on TechRepublic.

article thumbnail

Zero-Day Vulnerabilities Are on the Rise

Schneier on Security

Both Google and Mandiant are reporting a significant increase in the number of zero-day vulnerabilities reported in 2021. Google: 2021 included the detection and disclosure of 58 in-the-wild 0-days, the most ever recorded since Project Zero began tracking in mid-2014. That’s more than double the previous maximum of 28 detected in 2015 and especially stark when you consider that there were only 25 detected in 2020.

article thumbnail

APT trends report Q1 2022

SecureList

For five years, the Global Research and Analysis Team (GReAT) at Kaspersky has been publishing quarterly summaries of advanced persistent threat (APT) activity. These summaries are based on our threat intelligence research; and they provide a representative snapshot of what we have published and discussed in greater detail in our private APT reports.

Malware 144
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Iran announced to have foiled massive cyberattacks on public services

Security Affairs

State television announced that Iran has foiled massive cyberattacks that targeted public services operated by both government and private organizations. According to the Iran state television, the attack attempts took place in recent days and aimed at the infrastructure of more than 100 public sector agencies. The report did not name entities that were targeted by the cyberattacks.

article thumbnail

Emotet malware launches new email campaign

Tech Republic Security

The malicious software had been slowly returning since November 2021, and saw a large number of phishing emails sent out with Emotet attached in April 2022. The post Emotet malware launches new email campaign appeared first on TechRepublic.

Malware 152
article thumbnail

How to Generate an SBOM in Veracode SCA

Veracode Security

Emerging government regulations have driven the advancement of standards for securing software supply chains. The production of a Software Bill of Materials (SBOM) in a standard format is an increasing audit and compliance need for large organizations. Having an SBOM can help Identify and avoid security risks Understand and manage licensing risks Veracode Software Composition Analysis (SCA) helps teams qualify and manage risks from software running in their environments, better plan and control

Software 142
article thumbnail

CISA adds 7 vulnerabilities to list of bugs exploited in attacks

Bleeping Computer

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added seven vulnerabilities to its list of actively exploited security issues, including those from Microsoft, Linux, and Jenkins. [.].

article thumbnail

The Importance of User Roles and Permissions in Cybersecurity Software

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

article thumbnail

BlackCat Ransomware gang breached over 60 orgs worldwide

Security Affairs

At least 60 entities worldwide have been breached by BlackCat ransomware, warns a flash report published by the U.S. FBI. The U.S. Federal Bureau of Investigation (FBI) published a flash report that states that at least 60 entities worldwide have been breached by BlackCat ransomware (aka ALPHV and Noberus) since it started its operations in November. “The Federal Bureau of Investigation (FBI) has released a Flash report detailing indicators of compromise (IOCs) associated with attacks in

article thumbnail

Dualmon vs TeamViewer: Remote desktop software comparison

Tech Republic Security

Both dualmon and TeamViewer are feature-rich remote desktop software tools. We compare the tools so you can choose the right remote desktop software for your needs. The post Dualmon vs TeamViewer: Remote desktop software comparison appeared first on TechRepublic.

Software 148
article thumbnail

Rogue ads phishing for cryptocurrency: Are you secure?

Malwarebytes

Bad ads are at it again. Rogue Google ads caused no end of misery for cryptocurrency enthusiasts, costing them roughly $4.31 million between the 12th and the 21st of April. This is an astonishing slice of cryptocurrency cash to lose for the sake of clicking on something in a search engine. The bogus links were at the top of results for Terra blockchain projects.

article thumbnail

10 top anti-phishing tools and services

CSO Magazine

Phishing continues to be one of the primary attack mechanisms for bad actors with a variety of endgames in mind, in large part because phishing attacks are trivial to launch and difficult to fully protect against. Some phishing attacks target customers rather than employees, and others simply aim to damage your corporate reputation rather than compromise your systems.

Phishing 136
article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

Threat Detection Software: A Deep Dive

CyberSecurity Insiders

As the threat landscape evolves and multiplies with more advanced attacks than ever, defending against these modern cyber threats is a monumental challenge for almost any. organization. Threat detection is about an organization’s ability to accurately identify threats, be it to. the network, an endpoint, another asset or application – including cloud infrastructure. and assets.

article thumbnail

DDoS attacks were at all-time high in Q1 2022 due to war in Ukraine

Tech Republic Security

Kaspersky found that January and February were a hotbed of cyberattacks for a number of different targeted countries. The post DDoS attacks were at all-time high in Q1 2022 due to war in Ukraine appeared first on TechRepublic.

DDOS 146
article thumbnail

New BotenaGo Malware Variant Targeting Lilin Security Camera DVR Devices

The Hacker News

A new variant of an IoT botnet called BotenaGo has emerged in the wild, specifically singling out Lilin security camera DVR devices to infect them with Mirai malware. Dubbed "Lilin Scanner" by Nozomi Networks, the latest version is designed to exploit a two-year-old critical command injection vulnerability in the DVR firmware that was patched by the Taiwanese company in February 2020.

Malware 136
article thumbnail

Ukraine’s postal service prints stamp mocking sunken Russian ship, and gets hit by DDoS attack

Graham Cluley

Someone isn't happy that Ukraine's post office has issued stamps mocking the sunken Russian navy flagship.

DDOS 135
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

‘Crypto Bug of the Year’ Fixed — Update Java NOW

Security Boulevard

A ridiculously dumb flaw in Java’s signature checking code is patched. This isn’t some crufty legacy Sun code, but actual garbage Oracle sloppiness that’s causing IT people to chase their tails yet again. The post ‘Crypto Bug of the Year’ Fixed — Update Java NOW appeared first on Security Boulevard.

IoT 134
article thumbnail

IAM software: Okta vs Azure Active Directory

Tech Republic Security

Okta and Microsoft Azure Active Directory are both robust and capable IAM solutions. Okta wins out on ease of use and streamlined implementation; Azure Active Directory is best for existing Azure infrastructures where more complex user access permissions are needed. The post IAM software: Okta vs Azure Active Directory appeared first on TechRepublic.

Software 144
article thumbnail

FBI Warns of BlackCat Ransomware That Breached Over 60 Organisations Worldwide

The Hacker News

The U.S. Federal Bureau of Investigation (FBI) is sounding the alarm on the BlackCat ransomware-as-a-service (RaaS), which it said victimized at least 60 entities worldwide between as of March 2022 since its emergence last November.

article thumbnail

How a new generation of IoT botnets is amplifying DDoS attacks

CSO Magazine

Larry Pesce remembers the day when the distributed denial of service (DDoS) threat landscape changed dramatically. It was late fall in 2016 when a fellow researcher joined him at the InGuardians lab, where he is director of research. His friend wanted to see how fast Mirai , a novel internet of things (IoT) botnet installer, would take over a Linux-based DVR camera recorder that was popular with medium-size businesses.

DDOS 132
article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!