Tech Republic Security
NOVEMBER 7, 2022
As attackers target the ever-growing IoT attack surface, companies can reduce their risks with these six security best practices. The post 6 ways to reduce your IoT attack surface appeared first on TechRepublic.
Schneier on Security
NOVEMBER 10, 2022
The major browsers natively trust a whole bunch of certificate authorities, and some of them are really sketchy : Google’s Chrome, Apple’s Safari, nonprofit Firefox and others allow the company, TrustCor Systems, to act as what’s known as a root certificate authority, a powerful spot in the internet’s infrastructure that guarantees websites are not fake, guiding users to them seamlessly.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Troy Hunt
NOVEMBER 6, 2022
A couple of weeks ago I wrote about some big changes afoot for Have I Been Pwned (HIBP), namely the introduction of annual billing and new rate limits. Today, it's finally here! These are two of the most eagerly awaited, most requested features on HIBP's UserVoice so it's great to see them finally knocked off after years of waiting. In implementing all this, there are changes to the existing "one size fits all" model so if you're using the HIBP API, please make sure y
Lohrman on Security
NOVEMBER 6, 2022
As we head into the pivotal 2022 midterm elections this week, how prepared are states to ensure votes are properly counted and protected from cyber attacks? Here’s a roundup of recent developments.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Krebs on Security
NOVEMBER 8, 2022
Let’s face it: Having “2022 election” in the headline above is probably the only reason anyone might read this story today. Still, while most of us here in the United States are anxiously awaiting the results of how well we’ve patched our Democracy, it seems fitting that Microsoft Corp. today released gobs of security patches for its ubiquitous Windows operating systems.
Schneier on Security
NOVEMBER 9, 2022
CISA is now pushing phishing-resistant multifactor authentication. Roger Grimes has an excellent post reminding everyone that “phishing-resistant” is not “phishing proof,” and that everyone needs to stop pretending otherwise. His list of different attacks is particularly useful.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Tech Republic Security
NOVEMBER 10, 2022
It wasn’t a “Day of Anger” as Qualys used the final leg of its multi-city conference series to discuss the control of edge assets. The post Qualys Security Conference 2022: Corralling horses in an expanding edge rodeo appeared first on TechRepublic.
Graham Cluley
NOVEMBER 8, 2022
Mastodon is hot right now. After some years of only being used by geeks (yes, I've had an account for a while now) it's at the tipping point of becoming mainstream. If you're part of the exodus of users leaving Twitter for Mastodon, what are the security and privacy issues that you need to be aware of?
Schneier on Security
NOVEMBER 8, 2022
This technique measures device response time to determine distance: The scientists tested the exploit by modifying an off-the-shelf drone to create a flying scanning device, the Wi-Peep. The robotic aircraft sends several messages to each device as it flies around, establishing the positions of devices in each room. A thief using the drone could find vulnerable areas in a home or office by checking for the absence of security cameras and other signs that a room is monitored or occupied.
Digital Shadows
NOVEMBER 10, 2022
Sporting events, like the upcoming FIFA World Cup Qatar 2022 (Qatar 2022 World Cup), attract massive attention from every corner. The post Cyber Threats to the FIFA World Cup Qatar 2022 first appeared on Digital Shadows.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Tech Republic Security
NOVEMBER 9, 2022
If you're in the process of constructing a multi-cloud security plan, these providers can help you avoid the most common pitfalls of multi-cloud security. The post Top 6 Multi-Cloud Security Solution Providers appeared first on TechRepublic.
CyberSecurity Insiders
NOVEMBER 9, 2022
By Moinul Khan , Vice President & General Manager, Data Protection, at Zscaler. In 2022, Gartner established its first ever Magic Quadrant for Security Service Edge (SSE) , a new security industry category. SSE acknowledges that protecting a distributed digital business from malicious actors requires three integrated technologies: secure web gateways (SWG) to control internet access, zero trust network access (ZTNA) to control private application access and cloud access security broker (CASB
Schneier on Security
NOVEMBER 7, 2022
I have been meaning to write about Joe Sullivan, Uber’s former Chief Security Officer. He was convicted of crimes related to covering up a cyberattack against Uber. It’s a complicated case, and I’m not convinced that he deserved a guilty ruling or that it’s a good thing for the industry. I may still write something, but until then, this essay on the topic is worth reading.
Bleeping Computer
NOVEMBER 7, 2022
Mastodon, the free, open-source, decentralized micro-blogging social media platform, has surpassed a million monthly active users for the first time in its history. [.].
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
eSecurity Planet
NOVEMBER 7, 2022
REMnux is a free community distribution that ethical hackers, security researchers, and many other security pros can leverage to build their own labs and speed up malware analysis. Whether you’re new to these specialties or an experienced investigator, REMnux contains many helpful Debian packages and configurations to perform advanced tasks, such as: Extracting IoCs (Indicators of Compromise) Disassembling/decompiling binaries or windows executables (such as PE files) Decoding, deobfuscating, de
Security Affairs
NOVEMBER 6, 2022
At the end of October, a cyber attack caused the trains to stop in Denmark, the attack hit a third-party IT service provider. A cyber attack caused training the trains operated by DSB to stop in Denmark the last weekend, threat actors hit a third-party IT service provider. The attack hit the Danish company Supeo which provides enterprise asset management solutions to railway companies, transportation infrastructure operators and public passenger authorities.
Schneier on Security
NOVEMBER 11, 2022
Here in 2022, we have a newly declassified 2016 Inspector General report—”Misuse of Sigint Systems”—about a 2013 NSA program that resulted in the unauthorized (that is, illegal) targeting of Americans. Given all we learned from Edward Snowden, this feels like a minor coda. There’s nothing really interesting in the IG document, which is heavily redacted.
SecureList
NOVEMBER 9, 2022
Knowing what the future holds can help with being prepared for emerging threats better. Every year, Kaspersky experts prepare forecasts for different industries, helping them to build a strong defense against any cybersecurity threats they might face in the foreseeable future. Those predictions form Kaspersky Security Bulletin (KSB), an annual project lead by Kaspersky experts.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Security Boulevard
NOVEMBER 7, 2022
What’s the best way for a company to test its malware defenses in real-life scenarios? The past few years have seen both an uptick in cyberattacks and a dire shortage of security talent. In fact, a 2017 report predicted that by 2020 businesses will be hit by a threat actor every eleven seconds. Not to. The post Safely Test Your Malware, Ransomware and Virus Defenses appeared first on Security Boulevard.
Security Affairs
NOVEMBER 6, 2022
The ransomware group LockBit claimed to have stolen data from consulting and IT services provider Kearney & Company. Kearney is the premier CPA firm that services across the financial management spectrum to government entities. The company provides audit, consulting and IT services to the United States government. It has helped the Federal Government improve its financial operations’ overall effectiveness and efficiency.
Trend Micro
NOVEMBER 8, 2022
We looked into the campaigns deployed by a new subgroup of advanced persistent threat (APT) group APT41, Earth Longzhi. This entry breaks down the technical details of the campaigns in full as presented at HITCON PEACE 2022 in August.
Identity IQ
NOVEMBER 6, 2022
How Identity Theft Damages More Than Just Your Credit Scores. IdentityIQ. Having a good credit score can be extremely beneficial when pursuing important financial goals like opening a credit card, taking out a loan or buying a car or a home. It can even help you land certain types of jobs or rent your dream apartment. For this reason, it’s very important to protect your identity and credit score.
Advertisement
Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.
CSO Magazine
NOVEMBER 7, 2022
Organizations that want to prove to others – and to themselves – that they have a solid cybersecurity and data privacy program will undergo a SOC 2 audit. As such, a SOC 2 audit is a big deal, and it’s demanding, and it requires some serious preparation. SOC audits were created by the American Institute of CPAs (AICPA) under several evaluation and reporting frameworks comprising the System and Organization Controls headers SOC 1, SOC 2, and SOC 3.Although each of those holds value, many organiza
Security Affairs
NOVEMBER 10, 2022
A flaw in the ABB Totalflow system used in oil and gas organizations could be exploited by an attacker to inject and execute arbitrary code. Researchers from industrial security firm Claroty disclosed details of a vulnerability affecting ABB Totalflow flow computers and remote controllers. Flow computers are used to calculate volume and flow rates for oil and gas that are critical to electric power manufacturing and distribution.
Security Boulevard
NOVEMBER 8, 2022
James Zhong admitted to stealing 50,000 bitcoins from the former dark web market, Silk Road. The post Hacker Stole $3B of Bitcoin — Because ‘Crypto’ is Garbage appeared first on Security Boulevard.
InfoWorld on Security
NOVEMBER 8, 2022
Automation is not new, but its use in cloud computing is recent. The idea is to automate tasks that have been traditionally carried out by humans; for example, self-healing a saturated compute server by automatically restarting it on a cloud provider. Or restricting the overuse of some expensive cloud service by finops automation, or having security automation defend against a cloud-borne breach attempt that happens at 3:00 a.m.
Advertisement
Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!
IT Security Guru
NOVEMBER 8, 2022
Our industry faces a shortage of skilled, experienced professionals, which puts a strain on companies finding and retaining capable and reliable security staff. The rise of specialist cyber security consultants and managed cyber security service providers (MSSPs) is underpinned by organisations that appreciate the lower investment cost and greater experience these companies can offer.
Bleeping Computer
NOVEMBER 7, 2022
Microsoft's WinGet package manager is currently having problems installing or upgrading packages due to the Azure Content Delivery Network (CDN) returning a 0-byte database file. [.].
Security Boulevard
NOVEMBER 11, 2022
The C and C++ languages are unsafe. Instead, the NSA would like devs to use memory-safe languages—such as Rust. The post NSA’s Plea: Stop Using C and C++ (Because You’re Idiots) appeared first on Security Boulevard.
Security Affairs
NOVEMBER 10, 2022
Experts discovered a malicious package on the Python Package Index (PyPI) that uses steganographic to hide malware within image files. CheckPoint researchers discovered a malicious package, named ‘ apicolor ,’ on the Python Package Index (PyPI) that uses steganographic to hide malware within image files. The malicious package infects PyPI users through open-source projects on Github. .
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Expert insights. Personalized for you.
214 
Let's personalize your content