Sat.Feb 25, 2023 - Fri.Mar 03, 2023

article thumbnail

When Low-Tech Hacks Cause High-Impact Breaches

Krebs on Security

Web hosting giant GoDaddy made headlines this month when it disclosed that a multi-year breach allowed intruders to steal company source code, siphon customer and employee login credentials, and foist malware on customer websites. Media coverage understandably focused on GoDaddy’s admission that it suffered three different cyberattacks over as many years at the hands of the same hacking group.

Hacking 293
article thumbnail

Nick Weaver on Regulating Cryptocurrency

Schneier on Security

Nicholas Weaver wrote an excellent paper on the problems of cryptocurrencies and the need to regulate the space—with all existing regulations. His conclusion: Regulators, especially regulators in the United States, often fear accusations of stifling innovation. As such, the cryptocurrency space has grown over the past decade with very little regulatory oversight.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Debating SIEM in 2023, Part 1

Anton on Security

Hey, it is 2023, let’s debate SIEM again! Debate SIEM? In 2023? This is so 1997! Or perhaps 2017. Anyhow, Security Information and Event Management (SIEM) is a growing $4+B market that is proving remarkably resilient, and, actually, interesting again. Let’s start with an obligatory AI response: (source: Bard ) Let’s proceed with a just-as-obligatory Gartner quote: “The SIEM market is maturing at a rapid pace and continues to be extremely competitive.

Marketing 233
article thumbnail

Weekly Update 337

Troy Hunt

Guns! You know, the things you kinda want to keep pretty well protected and out of the hands of nefarious parties, like the kinds of folks that following their data breach could match firearms to an individual at an address on a phone number of a gender and specific age. But don't worry, no financial information was compromised! 🤦‍♂️ All that and more in the 337th addition of my weekly update, enjoy!

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Hackers Claim They Breached T-Mobile More Than 100 Times in 2022

Krebs on Security

Image: Shutterstock.com Three different cybercriminal groups claimed access to internal networks at communications giant T-Mobile in more than 100 separate incidents throughout 2022, new data suggests. In each case, the goal of the attackers was the same: Phish T-Mobile employees for access to internal company tools, and then convert that access into a cybercrime service that could be hired to divert any T-Mobile user’s text messages and phone calls to another device.

Mobile 333
article thumbnail

Side-Channel Attack against CRYSTALS-Kyber

Schneier on Security

CRYSTALS-Kyber is one of the public-key algorithms currently recommended by NIST as part of its post-quantum cryptography standardization process. Researchers have just published a side-channel attack—using power consumption—against an implementation of the algorithm that was supposed to be resistant against that sort of attack. The algorithm is not “broken” or “cracked”—despite headlines to the contrary—this is just a side-channel attack.

More Trending

article thumbnail

GUEST ESSAY: Why CISOs absolutely must take authentication secrets much more seriously

The Last Watchdog

The IT world relies on digital authentication credentials, such as API keys, certificates, and tokens, to securely connect applications, services, and infrastructures. Related: The coming of agile cryptography These secrets work similarly to passwords, allowing systems to interact with one another. However, unlike passwords intended for a single user, secrets must be distributed.

article thumbnail

Top 10 open-source security and operational risks of 2023

Tech Republic Security

Many software companies rely on open-source code but lack consistency in how they measure and handle risks and vulnerabilities associated with open-source software, according to a new report. The post Top 10 open-source security and operational risks of 2023 appeared first on TechRepublic.

Risk 200
article thumbnail

Fooling a Voice Authentication System with an AI-Generated Voice

Schneier on Security

A reporter used an AI synthesis of his own voice to fool the voice authentication system for Lloyd’s Bank.

article thumbnail

Organizations Struggle With CCPA, CPRA, GDPR Compliance

Security Boulevard

The vast majority—92% of companies across all verticals, states and business sizes—are still unprepared for compliance with the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), while a similar percentage (91%) are unprepared for GDPR compliance. A report from Cytrio revealed these organizations are still using time-consuming and error-prone manual processes to.

IoT 139
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Beware rogue 2FA apps in App Store and Google Play – don’t get hacked!

Naked Security

Even in Apple's and Google's "walled gardens", there are plenty of 2FA apps that are either dangerously incompetent, or unrepentantly malicious. (Or perhaps both.

Hacking 144
article thumbnail

Pen testing report: IT budgets should focus on entire security stack

Tech Republic Security

With nearly 90% of companies reporting cyberattacks, pen testing budgets are on the rise, with cloud infrastructure and services a key focus area, according to a new report. The post Pen testing report: IT budgets should focus on entire security stack appeared first on TechRepublic.

article thumbnail

Cybersecurity in wartime: how Ukraine's infosec community is coping

CSO Magazine

Whenever shells rain down on Ukraine, Yuriy Gatupov's colleagues put a '+' sign in a chat room. Then, the pluses are counted. "We check if everybody is alive," he says. Gatupov, the owner of two cybersecurity companies, says it is vital to stay connected during a time of war. With Russia now controlling around 18% of Ukraine's territory including Donbas and Crimea, tech workers face formidable challenges.

InfoSec 137
article thumbnail

Trezor crypto wallets under attack in SMS phishing campaign

Graham Cluley

Willie Sutton, the criminal who became legendary for stealing from banks during a forty year career, was once asked, "Why do you keep robbing banks?" His answer? "Because that's where the money is." However, today there's a better target for robbers today than banks, which are typically well-defended against theft. Cryptocurrency wallets. Read more in my article on the Tripwire State of Security blog.

Phishing 131
article thumbnail

The Importance of User Roles and Permissions in Cybersecurity Software

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

article thumbnail

The Bridge to Zero Trust

CyberSecurity Insiders

No one likes to think their company might be hit by a cyber attack or breach, but the truth is cybercrime is one of the biggest threats your organization can face. If you suffer a breach, the loss of data is only the first of many issues you will be facing. You also have to navigate reputational damage, lost revenue, and the potential for fines and sanctions from regulatory agencies.

article thumbnail

Google Workspace admins can now use client-side encryption on Gmail and Calendar

Tech Republic Security

Organizations subject to government regulations can gain more control over their own security. The post Google Workspace admins can now use client-side encryption on Gmail and Calendar appeared first on TechRepublic.

article thumbnail

Hacked home computer of engineer led to second LastPass data breach

CSO Magazine

Password management company LastPass, which was hit by two data breaches last year , has revealed that data exfiltrated during the first intrusion, discovered in August, was used to target the personal home computer of one of its devops engineers and launch a second successful cyberatttack, detected in November. The threat actor involved in the breaches infected the engineer's home computer with a keylogger , which recorded information that enabled a cyberattack that exfiltrated sensitive inform

article thumbnail

US Marshals Ransomware Hack is ‘Major Incident’

Security Boulevard

The U.S. Marshals Service (USMS) has been hacked (again). Scrotes stole sensitive stuff (supposedly). The post US Marshals Ransomware Hack is ‘Major Incident’ appeared first on Security Boulevard.

Hacking 131
article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

Cybersecurity headlines trending on Google

CyberSecurity Insiders

CISA of the United States has issued a warning to all public and private entities to stay away from the Royal Ransomware group. They issued an advisory as a part of StopRansomware Campaign and issued some tips that help raise the defense-line against such cyber threats. Royal Ransomware gang has been active since September 2022 and demands a sum ranging between $1m to $11 million that needs to be paid in Bitcoins.

article thumbnail

1Password is looking to a password-free future. Here’s why

Tech Republic Security

With phishing-based credentials theft on the rise, 1Password CPO Steve Won explains why the endgame is to 'eliminate’ passwords entirely. The post 1Password is looking to a password-free future. Here’s why appeared first on TechRepublic.

Passwords 138
article thumbnail

How security leaders can effectively manage Gen Z staff

CSO Magazine

In 2022, I started a podcast aimed at converting more Gen Z to seek careers in cybersecurity. In doing so, I had to educate myself on what they value and realized the many differences between Gen Z and previous generations. Gen Z refers to those born between mid-to-late 1990s and 2010, making them between the ages of 11 and 28. This means they grew up experiencing a much faster rate in which technology evolves.

Education 126
article thumbnail

National Cybersecurity Strategy | Contrast Security

Security Boulevard

Time for the gloves to come off, the U.S. government said on Thursday in a newly aggressive policy on cybersecurity that has — mostly — thrilled cybersecurity experts. The post National Cybersecurity Strategy | Contrast Security appeared first on Security Boulevard.

article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

The mobile malware threat landscape in 2022

SecureList

These statistics are based on detection verdicts of Kaspersky products received from users who consented to providing statistical data. Figures of the year In 2022, Kaspersky mobile products and technology detected: 1,661,743 malicious installers 196,476 new mobile banking Trojans 10,543 new mobile ransomware Trojans Trends of the year Mobile attacks leveled off after decreasing in the second half of 2021 and remained around the same level throughout 2022.

Mobile 127
article thumbnail

Attackers Were on Network for 2 Years, News Corp Says

Dark Reading

The publisher of the Wall Street Journal, New York Post, and several other publications had last year disclosed a breach it said was the work of a state-backed actor likely working for China.

126
126
article thumbnail

LastPass Reveals Second Attack Resulting in Breach of Encrypted Password Vaults

The Hacker News

LastPass, which in December 2022 disclosed a severe data breach that allowed threat actors to access encrypted password vaults, said it happened as a result of the same adversary launching a second attack on its systems.

article thumbnail

Microsoft FAIL: ‘BlackLotus’ Bootkit Breaks Secure Boot

Security Boulevard

The BlackLotus malware targets UEFI Secure Boot. For a mere $5000, you too can own it. The post Microsoft FAIL: ‘BlackLotus’ Bootkit Breaks Secure Boot appeared first on Security Boulevard.

Malware 124
article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

article thumbnail

Best and worst data breach responses highlight the do's and don'ts of IR

CSO Magazine

In theory, enterprises should not only have security measures in place to prevent a data breach but should also have detailed plans for a response in the event of a breach. And they should periodically conduct drills to test those plans. Industry-wide best practices for incident response are well established. “In general, you want breach responses to be fairly timely, transparent, communicate with victims in a timely manner, prevent further harm to victims as best as they can do that, and tell s

article thumbnail

Apple iPhone Vulnerability let hackers steal photos, messages and files

CyberSecurity Insiders

Apple Inc has issued an update that it will soon release the fix to the two newly discovered vulnerabilities that are plaguing iPhone users for the past two weeks. According to an update released by privacy experts at VPNOverview, these two bugs have the potential of handing over fraudulent access to cyber criminals, thus allowing them to steal photos, messages and files.

Banking 123
article thumbnail

LastPass: The crooks used a keylogger to crack a corporatre password vault

Naked Security

Seems the crooks implanted a keylogger via a vulnerable media app (LastPass politely didn't say which one!) on a developer's home computer.

Passwords 138
article thumbnail

Dish Network confirms ransomware attack behind multi-day outage

Bleeping Computer

Satellite broadcast provider and TV giant Dish Network has finally confirmed that a ransomware attack was the cause of a multi-day network and service outage that started on Friday. [.

article thumbnail

Cybersecurity Predictions for 2024

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.