Krebs on Security
FEBRUARY 26, 2023
Web hosting giant GoDaddy made headlines this month when it disclosed that a multi-year breach allowed intruders to steal company source code, siphon customer and employee login credentials, and foist malware on customer websites. Media coverage understandably focused on GoDaddy’s admission that it suffered three different cyberattacks over as many years at the hands of the same hacking group.
Schneier on Security
MARCH 2, 2023
Troy Hunt is collecting examples of dumb password rules. There are some pretty bad disasters out there. My worst experiences are with sites that have artificial complexity requirements that cause my personal password-generation systems to fail. Some of the systems on the list are even worse: when they fail they don’t tell you why, so you just have to guess until you get it right.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Troy Hunt
MARCH 2, 2023
Guns! You know, the things you kinda want to keep pretty well protected and out of the hands of nefarious parties, like the kinds of folks that following their data breach could match firearms to an individual at an address on a phone number of a gender and specific age. But don't worry, no financial information was compromised! 🤦♂️ All that and more in the 337th addition of my weekly update, enjoy!
Anton on Security
MARCH 1, 2023
Hey, it is 2023, let’s debate SIEM again! Debate SIEM? In 2023? This is so 1997! Or perhaps 2017. Anyhow, Security Information and Event Management (SIEM) is a growing $4+B market that is proving remarkably resilient, and, actually, interesting again. Let’s start with an obligatory AI response: (source: Bard ) Let’s proceed with a just-as-obligatory Gartner quote: “The SIEM market is maturing at a rapid pace and continues to be extremely competitive.
Advertisement
Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.
Krebs on Security
FEBRUARY 28, 2023
Image: Shutterstock.com Three different cybercriminal groups claimed access to internal networks at communications giant T-Mobile in more than 100 separate incidents throughout 2022, new data suggests. In each case, the goal of the attackers was the same: Phish T-Mobile employees for access to internal company tools, and then convert that access into a cybercrime service that could be hired to divert any T-Mobile user’s text messages and phone calls to another device.
Schneier on Security
MARCH 1, 2023
A reporter used an AI synthesis of his own voice to fool the voice authentication system for Lloyd’s Bank.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
|
Lohrman on Security
FEBRUARY 26, 2023
This past week was dominated with stories surrounding the one-year mark of Russia’s invasion into Ukraine. What have we learned on the global cybersecurity front in that time?
The Last Watchdog
MARCH 1, 2023
The IT world relies on digital authentication credentials, such as API keys, certificates, and tokens, to securely connect applications, services, and infrastructures. Related: The coming of agile cryptography These secrets work similarly to passwords, allowing systems to interact with one another. However, unlike passwords intended for a single user, secrets must be distributed.
Schneier on Security
MARCH 3, 2023
Nicholas Weaver wrote an excellent paper on the problems of cryptocurrencies and the need to regulate the space—with all existing regulations. His conclusion: Regulators, especially regulators in the United States, often fear accusations of stifling innovation. As such, the cryptocurrency space has grown over the past decade with very little regulatory oversight.
Tech Republic Security
FEBRUARY 28, 2023
With nearly 90% of companies reporting cyberattacks, pen testing budgets are on the rise, with cloud infrastructure and services a key focus area, according to a new report. The post Pen testing report: IT budgets should focus on entire security stack appeared first on TechRepublic.
Advertisement
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
The Last Watchdog
FEBRUARY 27, 2023
A new generation of security frameworks are gaining traction that are much better aligned to today’s cloud-centric, work-from-anywhere world. Related: The importance of ‘attack surface management’ I’m referring specifically to Secure Access Service Edge (SASE) and Zero Trust (ZT). SASE replaces perimeter-based defenses with more flexible, cloud-hosted security that can extend multiple layers of protection anywhere.
Schneier on Security
FEBRUARY 28, 2023
CRYSTALS-Kyber is one of the public-key algorithms currently recommended by NIST as part of its post-quantum cryptography standardization process. Researchers have just published a side-channel attack—using power consumption—against an implementation of the algorithm that was supposed to be resistant against that sort of attack. The algorithm is not “broken” or “cracked”—despite headlines to the contrary—this is just a side-channel attack.
Tech Republic Security
MARCH 3, 2023
Many software companies rely on open-source code but lack consistency in how they measure and handle risks and vulnerabilities associated with open-source software, according to a new report. The post Top 10 open-source security and operational risks of 2023 appeared first on TechRepublic.
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
Naked Security
FEBRUARY 26, 2023
Even in Apple's and Google's "walled gardens", there are plenty of 2FA apps that are either dangerously incompetent, or unrepentantly malicious. (Or perhaps both.
The Last Watchdog
FEBRUARY 26, 2023
Of the numerous security frameworks available to help companies protect against cyber-threats, many consider ISO 27001 to be the gold standard. Related: The demand for ‘digital trust’ Organizations rely on ISO 27001 to guide risk management and customer data protection efforts against growing cyber threats that are inflicting record damage , with the average cyber incident now costing $266,000 and as much as $52 million for the top 5% of incidents.
SecureList
FEBRUARY 27, 2023
These statistics are based on detection verdicts of Kaspersky products received from users who consented to providing statistical data. Figures of the year In 2022, Kaspersky mobile products and technology detected: 1,661,743 malicious installers 196,476 new mobile banking Trojans 10,543 new mobile ransomware Trojans Trends of the year Mobile attacks leveled off after decreasing in the second half of 2021 and remained around the same level throughout 2022.
Tech Republic Security
MARCH 2, 2023
Organizations subject to government regulations can gain more control over their own security. The post Google Workspace admins can now use client-side encryption on Gmail and Calendar appeared first on TechRepublic.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Javvad Malik
FEBRUARY 27, 2023
I saw a video on the BBC about a wind Turbine catching fire after a lightning strike. The video looked kind of cool as the flaming blades were spinning creating rings of smoke. With a bit of digging, it transpired that lightning strikes on wind turbines are very common and is only set to get worse as turbines get taller and blades are increasingly made of carbon.
Security Boulevard
MARCH 3, 2023
The vast majority—92% of companies across all verticals, states and business sizes—are still unprepared for compliance with the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), while a similar percentage (91%) are unprepared for GDPR compliance. A report from Cytrio revealed these organizations are still using time-consuming and error-prone manual processes to.
Naked Security
FEBRUARY 27, 2023
Seems the crooks implanted a keylogger via a vulnerable media app (LastPass politely didn't say which one!) on a developer's home computer.
Tech Republic Security
MARCH 2, 2023
With phishing-based credentials theft on the rise, 1Password CPO Steve Won explains why the endgame is to 'eliminate’ passwords entirely. The post 1Password is looking to a password-free future. Here’s why appeared first on TechRepublic.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
CSO Magazine
FEBRUARY 27, 2023
Whenever shells rain down on Ukraine, Yuriy Gatupov's colleagues put a '+' sign in a chat room. Then, the pluses are counted. "We check if everybody is alive," he says. Gatupov, the owner of two cybersecurity companies, says it is vital to stay connected during a time of war. With Russia now controlling around 18% of Ukraine's territory including Donbas and Crimea, tech workers face formidable challenges.
The Hacker News
FEBRUARY 27, 2023
LastPass, which in December 2022 disclosed a severe data breach that allowed threat actors to access encrypted password vaults, said it happened as a result of the same adversary launching a second attack on its systems.
CyberSecurity Insiders
FEBRUARY 28, 2023
No one likes to think their company might be hit by a cyber attack or breach, but the truth is cybercrime is one of the biggest threats your organization can face. If you suffer a breach, the loss of data is only the first of many issues you will be facing. You also have to navigate reputational damage, lost revenue, and the potential for fines and sanctions from regulatory agencies.
IT Security Guru
FEBRUARY 28, 2023
Cyber insurers are losing money. Their loss ratios – total claims plus the insurer’s costs, divided by total premiums earned – are now consistently above 60%, which presents something of an existential threat to the insurance industry, making cyber risk a potentially uninsurable area due to falling profitability. The insurance sector is battling its losses by increasing premiums – which have gone up by some 94% between 2019 and 2022 – creating the artificial impression that the sector is growing
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
CSO Magazine
FEBRUARY 28, 2023
Password management company LastPass, which was hit by two data breaches last year , has revealed that data exfiltrated during the first intrusion, discovered in August, was used to target the personal home computer of one of its devops engineers and launch a second successful cyberatttack, detected in November. The threat actor involved in the breaches infected the engineer's home computer with a keylogger , which recorded information that enabled a cyberattack that exfiltrated sensitive inform
Security Boulevard
FEBRUARY 28, 2023
The U.S. Marshals Service (USMS) has been hacked (again). Scrotes stole sensitive stuff (supposedly). The post US Marshals Ransomware Hack is ‘Major Incident’ appeared first on Security Boulevard.
Jane Frankland
MARCH 3, 2023
International Women’s Day is a global day of celebration and recognition for the social, economic, cultural, and political achievements of women. It is celebrated on March 8th every year and originated in Europe during the early 1900s. The day provides an opportunity to come together to support and honor female contributions around the world. The theme for this year is “Embrace Equity” – which encourages everyone to focus on gender equity and get the world talking about Why equal opp
IT Security Guru
MARCH 1, 2023
Mobile phishing is an issue plaguing the masses and a growing concern for enterprises, particularly as 2022 had the highest percentage of mobile phishing encounter rates ever, according to Lookout ‘s Global State of Mobile Phishing report. On average, more than 30% of personal and enterprise users exposed to these attacks every quarter. In the U.K., there was a 35% increase in the average number of mobile devices exposed to at least one malicious phishing attack per quarter between 2020 a
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Expert insights. Personalized for you.
319 
Let's personalize your content