Security Boulevard
DECEMBER 22, 2022
A look in the rearview can tell you a lot about the future, so we revisited the top cyber security stories of 2022 with experts in the field. The post The top cyber security stories of 2022 appeared first on Security Boulevard.
Schneier on Security
DECEMBER 22, 2022
A critical code-execution vulnerability in Microsoft Windows was patched in September. It seems that researchers just realized how serious it was (and is): Like EternalBlue, CVE-2022-37958, as the latest vulnerability is tracked, allows attackers to execute malicious code with no authentication required. Also, like EternalBlue, it’s wormable, meaning that a single exploit can trigger a chain reaction of self-replicating follow-on exploits on other vulnerable systems.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Krebs on Security
DECEMBER 19, 2022
Photo: BrandonKleinPhoto / Shutterstock.com. Two U.S. men have been charged with hacking into the Ring home security cameras of a dozen random people and then “swatting” them — falsely reporting a violent incident at the target’s address to trick local police into responding with force. Prosecutors say the duo used the compromised Ring devices to stream live video footage on social media of police raiding their targets’ homes, and to taunt authorities when they arri
Lohrman on Security
DECEMBER 23, 2022
After a year full of data breaches, ransomware attacks and real-world cyber impacts stemming from Russia’s invasion of Ukraine, what’s next? Here’s part 1 of your annual roundup of security industry forecasts for 2023 and beyond.
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
Troy Hunt
DECEMBER 18, 2022
Despite having both my tripod and mic in the wrong suitcase in the wrong place, Scott and I still pulled together a weekly vid from the Norwegian mountains. Much of this week is a combination of our travels here, responses to my tweets around cookie warnings and reactions to Elon's various decisions (and undecisions) on Twitter. Plus, there's the CoinTracker and Gemini breaches which appear to have stemmed from the SendGrid breach, the connection to that incident having been made by Co
Schneier on Security
DECEMBER 19, 2022
The Ukrainian army has released an instructional video explaining how Russian soldiers should surrender to a drone: “Seeing the drone in the field of view, make eye contact with it,” the video instructs. Soldiers should then raise their arms and signal they’re ready to follow. After that the drone will move up and down a few meters, before heading off at walking pace in the direction of the nearest representatives of Ukraine’s army, it says.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Lohrman on Security
DECEMBER 18, 2022
This past year will be remembered as another year of ransomware attacks, data breaches impacting critical infrastructure and, most of all, global cybersecurity impacts from the Russian war with Ukraine.
Tech Republic Security
DECEMBER 20, 2022
A new Comcast study hints at a major risk to businesses, governments and public systems due to poor cybersecurity in the booming Internet of Things industry. The post Study: Consumer security savvy is way behind IoT threat landscape appeared first on TechRepublic.
Schneier on Security
DECEMBER 21, 2022
They’re using commercial phones, which go through the Ukrainian telecom network : “You still have a lot of soldiers bringing cellphones to the frontline who want to talk to their families and they are either being intercepted as they go through a Ukrainian telecommunications provider or intercepted over the air,” said Alperovitch. “That doesn’t pose too much difficulty for the Ukrainian security services.” […]. “Security has always been a mess, bot
Bleeping Computer
DECEMBER 22, 2022
LastPass revealed today that attackers stole customer vault data after breaching its cloud storage earlier this year using information stolen during an August 2022 incident. [.].
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Security Affairs
DECEMBER 22, 2022
The Vice Society ransomware group has adopted new custom ransomware, with a strong encryption scheme, in recent intrusions. SentinelOne researchers discovered that the Vice Society ransomware gang has started using a custom ransomware that implements a robust encryption scheme, using NTRUEncrypt and ChaCha20-Poly1305 algorithms. Vice Society ransomware has been active since June 2021, it is considered by researchers a spin-off of the HelloKitty ransomware , the malware targets both Windows and L
Tech Republic Security
DECEMBER 20, 2022
Is on-premises or cloud computing operations more secure for your business? Consider the security pros and cons with our guide. The post On-premises vs cloud security: What are the pros and cons? appeared first on TechRepublic.
Schneier on Security
DECEMBER 23, 2022
Two men have been convicted of hacking the taxi dispatch system at the JFK airport. This enabled them to reorder the taxis on the list; they charged taxi drivers $10 to cut the line.
The Last Watchdog
DECEMBER 20, 2022
The 2020s are already tumultuous. Related: The Holy Grail of ‘digital resiliency’ Individuals are experiencing everything from extraordinary political and social upheaval to war on the European continent to the reemergence of infectious diseases to extreme weather events. Against this unsettling backdrop, citizens, consumers, employees, and partners will look to organizations that they trust for stability and positive long-term relationships.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
SecureList
DECEMBER 19, 2022
Summary. At the end of September, GTSC reported an attack on critical infrastructure that took place in August. During the investigation, experts found that two 0-day vulnerabilities in Microsoft Exchange Server were used in the attack. The first one, later identified as CVE-2022-41040, is a server-side request forgery (SSRF) vulnerability that allows an authenticated attacker to remotely trigger the next vulnerability – CVE-2022-41082.
Tech Republic Security
DECEMBER 20, 2022
Customers of Google Workspace Enterprise Plus, Education Plus, or Education Standard can apply for the beta until Jan. 20, 2023. The post Google unveils beta of client-side encryption for Gmail appeared first on TechRepublic.
Schneier on Security
DECEMBER 20, 2022
Mandiant is reporting on a trojaned Windows installer that targets Ukrainian users. The installer was left on various torrent sites, presumably ensnaring people downloading pirated copies of the operating system: Mandiant uncovered a socially engineered supply chain operation focused on Ukrainian government entities that leveraged trojanized ISO files masquerading as legitimate Windows 10 Operating System installers.
Security Affairs
DECEMBER 19, 2022
IT giant Cisco is warning of threat actors exploiting many old vulnerabilities in attacks in the wild. Cisco has updated multiple security advisories to warn of the active exploitation of several old vulnerabilities impacting its products. The bugs, some of which are rated as ‘critical’ severity, impact Cisco IOS, NX-OS, and HyperFlex software. Below are the critical vulnerabilities being exploited in attacks in the wild: CVE-2017-12240 (CVSS score of 9.8) – The vulnerability affects the D
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Bleeping Computer
DECEMBER 17, 2022
Google announced on Friday that it's adding end-to-end encryption to Gmail on the web, allowing enrolled Google Workspace users to send and receive encrypted emails within their domain and outside their domain. [.].
Tech Republic Security
DECEMBER 22, 2022
Dive into CompTIA, NIST, CISSP and more with the online training offered in The 2022 Ultimate Advanced CyberSecurity Professional Certification Bundle. The post Study to ace five cybersecurity certification exams appeared first on TechRepublic.
Security Boulevard
DECEMBER 17, 2022
Why do cyber-attacks increase during holidays? Why do cyber-attacks increase during holidays? The holiday season is traditionally a golden opportunity for hackers to take advantage of the increase in the number of employees working remotely, decrease in IT staff levels, and extended server vulnerabilities. It’s a season when the number of attacks to access your […].
Security Affairs
DECEMBER 19, 2022
US government is warning of business email compromise (BEC) attacks aimed at hijacking shipments of food products and ingredients. The Federal Bureau of Investigation (FBI), the Food and Drug Administration Office of Criminal Investigations (FDA OCI), and the US Department of Agriculture (USDA) have published a joint security advisory to warn of business email compromise (BEC) attacks leading to the hijack of shipments of food products and ingredients.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Bleeping Computer
DECEMBER 20, 2022
In a 'confidential' email notification sent by Okta and seen by BleepingComputer, the company states that attackers gained access to its GitHub repositories this month and stole the company's source code. [.].
Tech Republic Security
DECEMBER 21, 2022
Microsoft has open sourced its framework for managing open source in software development. The post What is Microsoft’s Secure Supply Chain Consumption Framework, and why should I use it? appeared first on TechRepublic.
Security Boulevard
DECEMBER 20, 2022
An AI chatbot wrote the following article on AI in cybersecurity. For real. No humans were harmed in the drafting of this article. Artificial intelligence (AI) and machine learning (ML) are rapidly advancing technologies that have the potential to greatly impact cybersecurity. These technologies can be used to enhance security by analyzing large amounts of.
Security Affairs
DECEMBER 19, 2022
Researchers spotted a new variant of the Agenda ransomware which is written in the cross-platform programming language Rust. Trend Micro researchers have spotted a new variant of the Agenda ransomware (aka Qilin) that is written in Rust Language. The move follows the decision of other ransomware gangs, like Hive , Blackcat , RansomExx , and Luna , of rewriting their ransomware into Rust.
Advertisement
Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.
CyberSecurity Insiders
DECEMBER 23, 2022
By Steven Spadaccini, VP Threat Intelligence, SafeGuard Cyber. In 2022, cybersecurity further became a top priority for businesses around the world following critical attacks on both the public and private sectors and of course, the use of cyber warfare as a Russian tactic in its invasion of Ukraine. This year, organizations have spent significant time and resources attempting to mitigate the risks associated with Business Communication Compromise, including phishing attacks and Personally-Ident
Tech Republic Security
DECEMBER 22, 2022
The use of.XLL Excel files by threat actors to infect computers with malware is growing fast. Learn more about this relatively new technique and how to protect from it. The post Cisco Talos report: Threat actors use known Excel vulnerability appeared first on TechRepublic.
Security Boulevard
DECEMBER 19, 2022
Microsoft’s GitHub source control service will help stop devs accidentally embedding secrets in public code repositories. It’s a big problem. The post GitHub Secret Scanning is now Free (as in Beer) appeared first on Security Boulevard.
Security Affairs
DECEMBER 22, 2022
North Korea-linked threat actors have stolen an estimated $1.2 billion worth of cryptocurrency and other virtual assets in the past five years. South Korea’s spy agency, the National Intelligence Service, estimated that North Korea-linked threat actors have stolen an estimated 1.5 trillion won ($1.2 billion) in cryptocurrency and other virtual assets in the past five years.
Advertisement
Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!
Expert insights. Personalized for you.
138 
Let's personalize your content