Krebs on Security

JULY 10, 2022

Twice in the past month KrebsOnSecurity has heard from readers who’ve had their accounts at big-three credit bureau Experian hacked and updated with a new email address that wasn’t theirs. In both cases the readers used password managers to select strong, unique passwords for their Experian accounts. Research suggests identity thieves were able to hijack the accounts simply by signing up for new accounts at Experian using the victim’s personal information and a different email

Accountability 347

Accountability Passwords Authentication Password Management 347

Schneier on Security

JULY 12, 2022

Honda vehicles from 2021 to 2022 are vulnerable to this attack : On Thursday, a security researcher who goes by Kevin2600 published a technical report and videos on a vulnerability that he claims allows anyone armed with a simple hardware device to steal the code to unlock Honda vehicles. Kevin2600, who works for cybersecurity firm Star-V Lab, dubbed the attack RollingPWN. […].

Software 343

Software Cybersecurity 343

The Last Watchdog

JULY 14, 2022

Phishing itself is not a new or a particularly complicated threat. But the emergence of advanced phishing techniques – “DeepSea Phishing” – poses an entirely new challenge for enterprises. Related: Deploying human sensors. Phishing comes with a simple premise – lure someone to interact with a malicious link, file, or credentials-input, disguised as a legitimate email or website.

Phishing 277

Phishing Education Cybersecurity Threat Detection 277

Joseph Steinberg

JULY 13, 2022

Apple last week announced new security features specifically intended to offer “specialized additional protection to users who may be at risk of highly targeted cyberattacks from private companies developing state-sponsored mercenary spyware.”. In its announcement, the maker of iPhones, iPads, and Macs stated that its new “Lockdown Mode” represents a “groundbreaking security capability;” Lockdown Mode, which is available to users of a range of devices running Apple’s latest OS beta releases, is

Cybersecurity 257

Cybersecurity Artificial Intelligence Government Social Engineering 257

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

Krebs on Security

JULY 12, 2022

Microsoft today released updates to fix at least 86 security vulnerabilities in its Windows operating systems and other software, including a weakness in all supported versions of Windows that Microsoft warns is actively being exploited. The software giant also has made a controversial decision to put the brakes on a plan to block macros in Office documents downloaded from the Internet.

Internet 254

Internet Internet Cyber threats Software 254

Schneier on Security

JULY 15, 2022

Surely no one could have predicted this : The new proposal—championed by Mayor London Breed after November’s wild weekend of orchestrated burglaries and theft in the San Francisco Bay Area—would authorize the police department to use non-city-owned security cameras and camera networks to live monitor “significant events with public safety concerns” and ongoing felony or misdemeanor violations.

Surveillance 327

Surveillance Technology 327

The Last Watchdog

JULY 11, 2022

It is astounding that billions of online accounts have been breached over the past 18 years and that US consumer accounts are by far the most compromised. Related: VPNs vs ZTNA. Now comes hard metrics quantifying the scope of this phenomenon. It’s in findings of a deep dive data analytics study led by Surfshark , a supplier of VPN services aimed at the consumer and SMB markets.

VPN 229

VPN Data breaches Internet Internet 229

Tech Republic Security

JULY 14, 2022

Journalists have information that makes them particularly interesting for state-sponsored cyberespionage threat actors. Learn more about these threats now. The post State-sponsored cyberespionage campaigns continue targeting journalists and media appeared first on TechRepublic.

Media 211

Media 211

Schneier on Security

JULY 14, 2022

Researchers have a new way to de-anonymize browser users, by correlating their behavior on one account with their behavior on another: The findings, which NJIT researchers will present at the Usenix Security Symposium in Boston next month, show how an attacker who tricks someone into loading a malicious website can determine whether that visitor controls a particular public identifier, like an email address or social media account, thus linking the visitor to a piece of potentially personal data

Accountability 240

Accountability Media Hacking 240

Troy Hunt

JULY 15, 2022

It's very much a last-minute agenda this week as I catch up on the inevitable post-travel backlog and pretty much just pick stuff from my tweet timeline over the week 😊 But hey, there's some good stuff in there and I still managed to knock out almost an hour worth of content! References La Poste Mobile got themselves ransom'd and their data dumped (and they're still offline) Mangatoon are very clearly covering up their breach (which is now hard to do given it's i

Mobile 239

Mobile 239

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Javvad Malik

JULY 12, 2022

The Rolling Pwn vulnerability can be used against some keyless Honda’s to unlock, start and drive off. It allows you to eavesdrop on a remote key fob from about 100 feet away (which for my American friends is the distance from pitchers mount to the outfield grass). On Twitter, @RobDrivesCars replicated the bug in a nice video to confirm that yes, the bug definitely works. .

IoT 182

IoT Technology 182

Tech Republic Security

JULY 13, 2022

Use the new Windows Remote Help app to support remote and hybrid employees from Microsoft Endpoint Manager securely without a VPN. The post Secure remote help can be powerful but may not be cheap appeared first on TechRepublic.

VPN 197

VPN Software 197

Schneier on Security

JULY 11, 2022

There was a massive prison break in Abuja, Nigeria: Armed with bombs, Rocket Propelled Grenade (RPGs) and General Purpose Machine Guns (GPMG), the attackers, who arrived at about 10:05 p.m. local time, gained access through the back of the prison, using dynamites to destroy the heavily fortified facility, freeing 600 out of the prison’s 994 inmates, according to the country’s defense minister, Bashir Magashi… What’s interesting to me is how the defenders got the threat mo

214

214

Lohrman on Security

JULY 10, 2022

On July 6, 2022, CISA issued a new national cyber awareness system alert ( AA22-187A). Here’s what you need to know — and do next.

Ransomware 153

Ransomware 153

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Dark Reading

JULY 15, 2022

And some ways to up your game for identifying fabricated online profiles of people who don't exist.

Social Engineering 145

Social Engineering Engineering 145

Tech Republic Security

JULY 13, 2022

Organizations are struggling to manage devices and stay ahead of vulnerabilities, patches and attacks, according to a new report from Adaptiva and the Ponemon Institute. The post Nearly half of enterprise endpoint devices present significant security risks appeared first on TechRepublic.

Risk 184

Risk 184

Schneier on Security

JULY 14, 2022

This is a current list of where and when I am scheduled to speak: I’m speaking as part of a Geneva Centre for Security Policy course on Cyber Security in the Context of International Security , online, on September 22, 2022. I’m speaking at IT-Security INSIDE 2022 in Zurich, Switzerland, on September 22, 2022. The list is maintained on this page.

201

201

Malwarebytes

JULY 13, 2022

WhatsApp boss Will Cathcart is warning users of the popular messaging app to be on their guard after the WhatsApp Security Team discovered bogus apps packing a hidden punch in the form of malware. Outside the safety of the walled garden. App stores do whatever they can to try and prevent bogus programs making it onto the storefront. While the majority of apps on legitimate stores are likely safe, rogues do get through.

Mobile 145

Mobile Malware Software Cybercrime 145

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Security Affairs

JULY 15, 2022

Microsoft researchers linked the Holy Ghost ransomware (H0lyGh0st) operation to North Korea-linked threat actors. The Microsoft Threat Intelligence Center (MSTIC) researchers linked the activity of the Holy Ghost ransomware (H0lyGh0st) operation to a North Korea-linked group they tracked as DEV-0530. The Holy Ghost ransomware gang has been active since June 2021 and it conducted ransomware attacks against small businesses in multiple countries.

Ransomware 145

Ransomware Cryptocurrency Government Small Business 145

Tech Republic Security

JULY 15, 2022

The independent search engine introduced its new feature that filters results. The post Brave uses Goggle to show only cybersecurity websites appeared first on TechRepublic.

Cybersecurity 176

Cybersecurity Engineering 176

eSecurity Planet

JULY 11, 2022

Intezer Labs security researchers have identified a sophisticated new malware that targets Linux devices. Dubbed OrBit , the malware can gain persistence quickly, evade detection and hide its presence in network activity by manipulating logs. The module hooks functions called in shared libraries, which is pretty common for malware, but it also implements “advanced evasion techniques” and “remote capabilities over SSH.”.

Malware 145

Malware Authentication Antivirus Architecture 145

We Live Security

JULY 13, 2022

In a world of ever-evolving cyberthreats, collaboration and knowledge exchange are vital for keeping an edge on attackers. The post Collaboration and knowledge sharing key to progress in cybersecurity appeared first on WeLiveSecurity.

Cybersecurity 145

Cybersecurity 145

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Security Affairs

JULY 12, 2022

A large-scale phishing campaign used adversary-in-the-middle (AiTM) phishing sites to hit more than 10,000 organizations. Microsoft observed a large-scale phishing campaign that used adversary-in-the-middle (AiTM) phishing sites to steal passwords, hijack a user’s sign-in session, and bypass the authentication process even when the victim has enabled the MFA.

Phishing 145

Phishing Authentication Social Engineering Passwords 145

Tech Republic Security

JULY 13, 2022

Keep your internet connection behind lock and key with these 20 VPN subscriptions and bundles offered through TechRepublic Academy. The post 20 VPN subscriptions and bundles on sale now appeared first on TechRepublic.

VPN 173

VPN Internet Internet Software 173

Bleeping Computer

JULY 15, 2022

A threat actor is infecting industrial control systems (ICS) to create a botnet through password "cracking" software for programmable logic controllers (PLCs). [.].

Passwords 144

Passwords Malware Software 144

Malwarebytes

JULY 13, 2022

This blog was authored by Roberto Santos and Hossein Jazi. The Malwarebytes Threat Intelligence team recently reviewed a series of cyber attacks against Ukraine that we attribute with high confidence to UAC-0056 (AKA UNC2589, TA471). This threat group has repeatedly targeted the government entities in Ukraine via phishing campaigns following the same common tactics, techniques and procedures (TTPs).

Government 144

Government Cyber Attacks Phishing Malware 144

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

Security Affairs

JULY 9, 2022

Fortinet released security patches to address multiple High-Severity vulnerabilities in several products of the vendor. Fortinet addressed multiple vulnerabilities in several products of the vendor. Impacted products are FortiADC, FortiAnalyzer, FortiManager, FortiOS, FortiProxy, FortiClient, FortiDeceptor, FortiEDR, FortiNAC, FortiSwitch, FortiRecorder, and FortiVoiceEnterprise.

Authentication 145

Authentication Passwords Hacking Accountability 145

Tech Republic Security

JULY 14, 2022

Given Chrome's frequent security issues, Jack Wallen strongly believes you shouldn't be saving your passwords to Google's browser. Here, Jack shows you how to delete and prevent them from re-syncing. The post How to remove your saved passwords in Chrome appeared first on TechRepublic.

Passwords 168

Passwords Software 168

Naked Security

JULY 15, 2022

Here you go - seven thoughtful cybersecurity tips to help you travel safely.

Cybersecurity 143

Cybersecurity Surveillance 143

Dark Reading

JULY 14, 2022

Vulnerability will remain a "significant" threat for years to come and highlighted the need for more public and private sector support for open source software ecosystem, Cyber Safety Review Board says.

Cyber threats 143

Cyber threats Software 143

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity