Joseph Steinberg
APRIL 6, 2021
While ransomware may seem like a straightforward concept, people who are otherwise highly-knowledgeable seem to cite erroneous information about ransomware on a regular basis. As such, I would like to point out 8 essential points about ransomware. 1. Paying a demanded ransom may not get you your files back, and may not prevent a leak of your information.
Tech Republic Security
APRIL 6, 2021
IDs, names, email addresses and more personal details are part of the massive database of stolen data, which could be used to launch additional attacks on LinkedIn and its users.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
CyberSecurity Insiders
APRIL 5, 2021
Argus, a Cybersecurity solutions provider for connected cars aka automated vehicles has announced that it is collaborating with Tech Giant Microsoft to assist automotive manufacturers in mitigating risks associated with connected cars. Microsoft is going to achieve it by integrating Argus Cyber Security suite with Azure IoT to provide an end-to-end solution that helps monitor, detect and mitigate cyber threats targeting in-vehicle information.
Troy Hunt
APRIL 6, 2021
The headline is pretty self-explanatory so in the interest of time, let me just jump directly into the details of how this all works. There's been huge interest in this incident, and I've seen near-unprecedented traffic to Have I Been Pwned (HIBP) over the last couple of days, let me do my best to explain how I've approached the phone number search feature.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Schneier on Security
APRIL 9, 2021
Unknown hackers attempted to add a backdoor to the PHP source code. It was two malicious commits , with the subject “fix typo” and the names of known PHP developers and maintainers. They were discovered and removed before being pushed out to any users. But since 79% of the Internet’s websites use PHP, it’s scary. Developers have moved PHP to GitHub, which has better authentication.
Krebs on Security
APRIL 6, 2021
Ne’er-do-wells leaked personal data — including phone numbers — for some 553 million Facebook users this week. Facebook says the data was collected before 2020 when it changed things to prevent such information from being scraped from profiles. To my mind, this just reinforces the need to remove mobile phone numbers from all of your online accounts wherever feasible.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Troy Hunt
APRIL 9, 2021
"What a s**t week". I stand by that statement in the opening couple of minutes of the video and I write this now at midday on Saturday after literally falling asleep on the couch. The Facebook incident just dominated; everything from processing data to writing code to dozens of media interviews. And I ran a workshop over 4 half days. And had 2 lots of guests visiting.
Schneier on Security
APRIL 7, 2021
According to Wired , Signal is adding support for the cryptocurrency MobileCoin, “a form of digital cash designed to work efficiently on mobile devices while protecting users’ privacy and even their anonymity.” Moxie Marlinspike, the creator of Signal and CEO of the nonprofit that runs it, describes the new payments feature as an attempt to extend Signal’s privacy protections to payments with the same seamless experience that Signal has offered for encrypted conversations
Krebs on Security
APRIL 4, 2021
For four days this past week, Internet-of-Things giant Ubiquiti did not respond to requests for comment on a whistleblower’s allegations the company had massively downplayed a “catastrophic” two-month breach ending in January to save its stock price, and that Ubiquiti’s insinuation that a third-party was to blame was a fabrication.
Joseph Steinberg
APRIL 7, 2021
Back in 2015 and 2017, I ran articles in Inc. about various innovative Israeli startups , in which I featured firms that I selected based on numerous discussions that I had had with tech-company CEOs and with journalists who cover the Israeli startup scene. For various reasons, when I wrote those two pieces, I intentionally featured innovators from outside of the information-security sector.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Troy Hunt
APRIL 8, 2021
Another month, another national government to bring onto Have I Been Pwned. This time it's the Ukrainian National Cybersecurity Coordination Center who now has access to monitor all their government domains via API domain search, free of charge. The Ukraine is now the 13th government to be onboarded to HIBP's service joining counterparts across Europe, North America and Australia.
Schneier on Security
APRIL 5, 2021
The new 802.11bf standard will turn Wi-Fi devices into object sensors: In three years or so, the Wi-Fi specification is scheduled to get an upgrade that will turn wireless devices into sensors capable of gathering data about the people and objects bathed in their signals. “When 802.11bf will be finalized and introduced as an IEEE standard in September 2024, Wi-Fi will cease to be a communication-only standard and will legitimately become a full-fledged sensing paradigm,” explains Fra
Krebs on Security
APRIL 5, 2021
Some of the top ransomware gangs are deploying a new pressure tactic to push more victim organizations into paying an extortion demand: Emailing the victim’s customers and partners directly, warning that their data will be leaked to the dark web unless they can convince the victim firm to pay up. This letter is from the Clop ransomware gang, putting pressure on a recent victim named on Clop’s dark web shaming site. “Good day!
Tech Republic Security
APRIL 8, 2021
Zero trust is a good cybersecurity platform, but experts suggest care to get it right and not disenfranchise users.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Troy Hunt
APRIL 6, 2021
I've been chatting about this in some of my recent weekly videos and I thought it was finally time to sit down and write the blog post. So, this is a blog post about a book about blog posts. Gotcha, makes sense. It all began when Rob Conery reached out a few years ago and said "dude, we should totally turn a bunch of your blog posts into a book" to which I replied, "why?
Schneier on Security
APRIL 6, 2021
A newspaper in Malaysia is reporting on a cell phone cloning scam. The scammer convinces the victim to lend them their cell phone, and the scammer quickly clones it. What’s clever about this scam is that the victim is an Uber driver and the scammer is the passenger, so the driver is naturally busy and can’t see what the scammer is doing.
Bleeping Computer
APRIL 9, 2021
The FBI arrested a Texas man on Thursday for allegedly planning to "kill of about 70% of the internet" in a bomb attack targeting an Amazon Web Services (AWS) data center on Smith Switch Road in Ashburn, Virginia. [.].
Tech Republic Security
APRIL 5, 2021
Marketing psychology has influenced each of us; experts suggest it could help reduce the angst of cybersecurity training.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
SecureList
APRIL 9, 2021
Recently, we’ve found malicious code in version 3.17.18 of the official client of the APKPure app store. The app is not on Google Play, but it is itself a quite a popular app store around the world. Most likely, its infection is a repeat of the CamScanner incident, when the developer implemented a new adware SDK from an unverified source. We notified the developers about the infection on April 8.
Schneier on Security
APRIL 8, 2021
Google’s Project Zero discovered , and caused to be patched, eleven zero-day exploits against Chrome, Safari, Microsoft Windows, and iOS. This seems to have been exploited by “Western government operatives actively conducting a counterterrorism operation”: The exploits, which went back to early 2020 and used never-before-seen techniques, were “watering hole” attacks that used infected websites to deliver malware to visitors.
Trend Micro
APRIL 8, 2021
This blog details how Iron Tiger threat actors have updated their toolkit with an updated SysUpdate malware variant that now uses five files in its infection routine instead of the usual three.
Tech Republic Security
APRIL 7, 2021
A majority of security pros said they're most concerned about malicious payloads sent to employees via file attachments, according to a survey from GreatHorn.
Advertisement
Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.
Google Security
APRIL 6, 2021
Posted by Jeff Vander Stoep and Stephen Hines, Android Team Correctness of code in the Android platform is a top priority for the security, stability, and quality of each Android release. Memory safety bugs in C and C++ continue to be the most-difficult-to-address source of incorrectness. We invest a great deal of effort and resources into detecting, fixing, and mitigating this class of bugs, and these efforts are effective in preventing a large number of bugs from making it into Android release
We Live Security
APRIL 8, 2021
ESET researchers discover a new Lazarus backdoor deployed against a freight logistics firm in South Africa. The post (Are you) afreight of the dark? Watch out for Vyveva, new Lazarus backdoor appeared first on WeLiveSecurity.
Bleeping Computer
APRIL 4, 2021
Data breach notification service Have I Been Pwned can now be used to check if your personal information was exposed in yesterday's Facebook data leak that contains the phone numbers and information for over 500 million users. [.].
Tech Republic Security
APRIL 8, 2021
New HP-sponsored report finds significant increase in nation-states targeting enterprises to steal high-value IP.
Advertisement
Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!
Security Boulevard
APRIL 9, 2021
There's no time to waste in a cybersecurity disaster. How do you plan to respond to an incident, and what do you do next? Find out now! The post Don’t Put Off Cybersecurity Incident Response Planning appeared first on Security Boulevard.
Hot for Security
APRIL 5, 2021
Food-delivery company Delveroo thought it would be fun to play an April Fool’s trick on its customers in France. After all, who wouldn’t find a corporation demonstrating its human side by causing a chuckle a welcome relief amid a global pandemic? Unfortunately, what Deliveroo France did just wasn’t funny. It sent an email to thousands of its customers, claiming that they had ordered €466.40 (almost USD $500) worth of pizza.
Bleeping Computer
APRIL 3, 2021
Microsoft has revealed that Thursday's worldwide outage was caused by a code defect that allowed the Azure DNS service to become overwhelmed and not respond to DNS queries. [.].
Tech Republic Security
APRIL 6, 2021
Automating cloud security is a process still in its infancy for many organizations, says Unit 42.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Expert insights. Personalized for you.
352 
Let's personalize your content