The Last Watchdog

MAY 24, 2022

Google, Microsoft and Apple are bitter arch-rivals who don’t often see eye-to-eye. Related: Microsoft advocates regulation of facial recognition tools. Yet, the tech titans recently agreed to adopt a common set of standards supporting passwordless access to websites and apps. This is one giant leap towards getting rid of passwords entirely. Perhaps not coincidently, it comes at a time when enterprises have begun adopting passwordless authentication systems in mission-critical parts of their inte

Authentication 342

Authentication Passwords Banking Digital transformation 342

Schneier on Security

MAY 25, 2022

Yet another adversarial ML attack: Most deep neural networks are trained by stochastic gradient descent. Now “stochastic” is a fancy Greek word for “random”; it means that the training data are fed into the model in random order. So what happens if the bad guys can cause the order to be not random? You guessed it— all bets are off. Suppose for example a company or a country wanted to have a credit-scoring system that’s secretly sexist, but still be able to pretend that its training was act

Engineering 337

Engineering 337

Tech Republic Security

MAY 24, 2022

A study conducted by Agari and PhishLabs found a five-times increase in attempted vishing attacks from the beginning of 2021 to Q1 of 2022. The post Voice phishing attacks reach all-time high appeared first on TechRepublic.

Phishing 218

Phishing 218

Lohrman on Security

MAY 22, 2022

The topic of cyber staffing shortages is a hot issue that has grown hotter during the pandemic. So what are some of the latest trends, newer perspectives and opportunities available?

177

177

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

The Last Watchdog

MAY 25, 2022

According to recent data from Oracle and KPMG, organizations today employ over 100 cybersecurity products to secure their environments. These products play essential roles in detecting and preventing threats. Related: Taking a ‘risk-base’ approach to security compliance. However, because they generate thousands of alerts every day , this vast sprawl of security sources adds even more work to already over-stretched security teams.

Digital transformation 222

Digital transformation Threat Detection Cybersecurity Architecture 222

Schneier on Security

MAY 26, 2022

Brian Krebs has an interesting story of a smart ID card reader with a malware-infested Windows driver, and US government employees who inadvertently buy and use them. But by all accounts, the potential attack surface here is enormous, as many federal employees clearly will purchase these readers from a myriad of online vendors when the need arises. Saicoo’s product listings, for example, are replete with comments from customers who self-state that they work at a federal agency (and several

Malware 311

Malware Government Accountability 311

Security Affairs

MAY 27, 2022

Microsoft found several high-severity vulnerabilities in a mobile framework used in pre-installed Android System apps. The Microsoft 365 Defender Research Team discovered four vulnerabilities ( CVE-2021-42598 , CVE-2021-42599 , CVE-2021-42600 , and CVE-2021-42601 ) in a mobile framework, owned by mce Systems , that is used by several mobile carriers in pre-installed Android System apps.

Mobile 145

Mobile Hacking Cybersecurity Information Security 145

The Last Watchdog

MAY 23, 2022

Modern digital systems simply could not exist without trusted operations, processes and connections. They require integrity, authentication, trusted identity and encryption. Related: Leveraging PKI to advance electronic signatures. It used to be that trusting the connection between a workstation and a mainframe computer was the main concern. Then the Internet took off and trusting the connection between a user’s device and a web server became of paramount importance.

Digital transformation 214

Digital transformation Cybersecurity Computers and Electronics Encryption 214

Schneier on Security

MAY 23, 2022

The New South Wales digital driver’s license has multiple implementation flaws that allow for easy forgeries. This file is encrypted using AES-256-CBC encryption combined with Base64 encoding. A 4-digit application PIN (which gets set during the initial onboarding when a user first instals the application) is the encryption password used to protect or encrypt the licence data.

Encryption 307

Encryption Backups Passwords 307

Tech Republic Security

MAY 27, 2022

Only 104 critical vulnerabilities were reported in 2021, an all-time low for the world’s largest software company. The post Critical Microsoft vulnerabilities decreased 47% in 2021 appeared first on TechRepublic.

Software 214

Software 214

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Security Affairs

MAY 27, 2022

Security researchers devised a technique, dubbed GhostTouch, to remotely control touchscreens using electromagnetic signals. A team of researchers from Zhejiang University and Technical University of Darmstadt devised a technique, dubbed GhostTouch, to remotely control capacitive touchscreens using electromagnetic signals. According to the experts, GhostTouch is the first active contactless attack against capacitive touchscreens.

Authentication 145

Authentication Passwords Hacking Software 145

The Hacker News

MAY 27, 2022

Researchers have demonstrated what they call the "first active contactless attack against capacitive touchscreens." GhostTouch, as it's called, "uses electromagnetic interference (EMI) to inject fake touch points into a touchscreen without the need to physically touch it," a group of academics from Zhejiang University and Technical University of Darmstadt said in a new research paper.

145

145

Schneier on Security

MAY 24, 2022

Following a recent Supreme Court ruling , the Justice Department will no longer prosecute “good faith” security researchers with cybercrimes: The policy for the first time directs that good-faith security research should not be charged. Good faith security research means accessing a computer solely for purposes of good-faith testing, investigation, and/or correction of a security flaw or vulnerability, where such activity is carried out in a manner designed to avoid any harm to indiv

Hacking 273

Hacking Cybercrime Accountability Cybersecurity 273

Tech Republic Security

MAY 27, 2022

Cryptocurrency exchanges allow the transfer of crypto between buyers and sellers. Learn about the top crypto exchange options. The post Best cryptocurrency exchanges of 2022 appeared first on TechRepublic.

Cryptocurrency 210

Cryptocurrency Software 210

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Security Affairs

MAY 27, 2022

A new version of the ERMAC Android banking trojan is able to target an increased number of apps. The ERMAC Android banking trojan version 2.0 can target an increasing number of applications, passing from 378 to 467 target applications to steal account credentials and crypto-wallets. ERMAC was first spotted by researchers from Threatfabric in July 2021, it is based on the popular banking trojan Cerberus.

Banking 145

Banking Malware Cybercrime Phishing 145

Malwarebytes

MAY 26, 2022

Our spam traps recently caught a phishing scam that neatly illustrates some of the tactics scammers use routinely to avoid both human intuition, and automatic detection. The scam starts with an unsolicited email, of course… The scam email is ostensibly from the Post Office, an instantly recognisable postal service brand in the UK, and it tells recipients “There is a update in your parcel. item stopped due to unpaid customs fee.” [sic] This is an echo of an extremely popular SMS

Scams 145

Scams Phishing Accountability Malware 145

Bleeping Computer

MAY 24, 2022

The privacy-focused DuckDuckGo browser purposely allows Microsoft trackers on third-party sites due to an agreement in their syndicated search content contract between the two companies. [.].

145

145

Tech Republic Security

MAY 25, 2022

Starting from scratch or maturing a cyber threat intelligence capability is a task that needs several different people with very different skills and competencies. Read more on what competencies can build and make CTI capability a success. The post How to develop competency in cyber threat intelligence capabilities appeared first on TechRepublic.

Cyber threats 206

Cyber threats 206

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Security Affairs

MAY 27, 2022

The FBI warns organizations in the higher education sector of credentials sold on cybercrime forums that can allow threat actors to access their networks. The FBI issued an alert to inform the higher education sector about the availability of login credentials on dark web forums that can be used by threat actors to launch attacks against individuals and organizations in the industry.

Cybercrime 145

Cybercrime Education Accountability Phishing 145

The Hacker News

MAY 27, 2022

Cloud-based repository hosting service GitHub on Friday shared additional details into the theft of GitHub integration OAuth tokens last month, noting that the attacker was able to access internal NPM data and its customer information.

145

145

Malwarebytes

MAY 24, 2022

An unknown Advanced Persistent Threat (APT) group has targeted Russian government entities with at least four separate spear phishing campaigns since late February, 2022. The campaigns, discovered by the Malwarebytes Threat Intelligence team , are designed to implant a Remote Access Trojan (RAT) that can be used to surveil the computers it infects, and run commands on them remotely.

Malware 145

Malware Phishing Government Accountability 145

Tech Republic Security

MAY 27, 2022

Cybersecurity is becoming an increasingly more important field than ever before, and jobs in this industry will only become more sought after as the years roll by. The post 12 most in-demand cybersecurity jobs in 2022 appeared first on TechRepublic.

Cybersecurity 205

Cybersecurity 205

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Security Affairs

MAY 26, 2022

Italy announced its National Cybersecurity Strategy for 2022/26, a crucial document to address cyber threats and increase the resilience of the country. Italy presented its National Cybersecurity Strategy for 2022/26 and reinforce the government’s commitment to addressing cyber threats and increasing the resilience of the country to cyber attacks.

Cybersecurity 145

Cybersecurity Cyber threats Technology Government 145

Trend Micro

MAY 24, 2022

Trend Micro Research detected “Cheerscrypt”, a new Linux-based ransomware variant that compromises EXSi servers. We discuss our initial findings on in this report.

Ransomware 145

Ransomware 145

Malwarebytes

MAY 23, 2022

Multiple NVIDIA graphic card models have been found to have flaws in their GPU drivers, with six medium-and four high-severity ratings. Last Monday, the company released a software security update for NVIDIA GPU Display Driver to address the vulnerabilities. If exploited, they could lead to denial of service, code execution, privilege escalation, and data tampering.

Software 145

Software Accountability 145

Tech Republic Security

MAY 23, 2022

The study from NexusGuard also found that average attack size decreased, while maximum attack size increased threefold. The post DDoS attacks decreased in 2021, still above pre-pandemic levels appeared first on TechRepublic.

DDOS 196

DDOS 196

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

Security Affairs

MAY 25, 2022

US Critical Infrastructure Security Agency (CISA) adds 41 new vulnerabilities to its Known Exploited Vulnerabilities Catalog. The Cybersecurity & Infrastructure Security Agency (CISA) has added 41 flaws to its Known Exploited Vulnerabilities Catalog, including recently addressed issues in the Android kernel ( CVE-2021-1048 and CVE-2021-0920) and Cisco IOS XR ( CVE-2022-20821 ).

Software 145

Software Hacking Cybersecurity Risk 145

The Hacker News

MAY 27, 2022

Today's modern companies are built on data, which now resides across countless cloud apps. Therefore preventing data loss is essential to your success. This is especially critical for mitigating against rising ransomware attacks — a threat that 57% of security leaders expect to be compromised by within the next year. As organizations continue to evolve, in turn so does ransomware.

Ransomware 144

Ransomware Risk 144

Bleeping Computer

MAY 25, 2022

The Federal Trade Commission has fined Twitter $150 million for using phone numbers and email addresses collected to enable two-factor authentication for targeted advertising. [.].

Advertising 144

Advertising Authentication Technology 144

Tech Republic Security

MAY 23, 2022

Cybercriminals are finding new ways to trick users into providing their credit card data. A new technique makes use of a fake chatbot to build trust with victims. Learn more about this threat and how to protect yourself from it. The post New phishing technique lures users with fake chatbot appeared first on TechRepublic.

Phishing 187

Phishing 187

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity