Schneier on Security
DECEMBER 2, 2022
We know that complexity is the worst enemy of security, because it makes attack easier and defense harder. This becomes catastrophic as the effects of that attack become greater. In A Hacker’s Mind (coming in February 2023), I write: Our societal systems, in general, may have grown fairer and more just over the centuries, but progress isn’t linear or equitable.
Joseph Steinberg
DECEMBER 2, 2022
I am happy (and proud) to announce that SecureMySocial, a cybersecurity company that I co-founded, has been issued its fifth United States patent for social media security. The patent was issued by the United States Patent Office on September 6th, 2022, with a priority date going back over a decade, to June of 2012. Patent number US 11,438,334 entitled Systems and Methods for Securing Social Media for Users and Businesses and Rewarding for Enhancing Security , discloses a robust invention that a
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Krebs on Security
DECEMBER 1, 2022
ConnectWise , which offers a self-hosted, remote desktop software application that is widely used by Managed Service Providers (MSPs), is warning about an unusually sophisticated phishing attack that can let attackers take remote control over user systems when recipients click the included link. The warning comes just weeks after the company quietly patched a vulnerability that makes it easier for phishers to launch these attacks.
Lohrman on Security
NOVEMBER 28, 2022
A Sandia National Laboratories study determined that electric vehicle charging stations are vulnerable to cyber attacks. What might happen next — and how hard will this be to fix?
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Schneier on Security
NOVEMBER 30, 2022
Facebook—Meta—was just fined $276 million (USD) for a data leak that included full names, birth dates, phone numbers, and location. Meta’s total fine by the Data Protection Commission is over $700 million. Total GDPR fines are over €2 billion (EUR) since 2018.
Joseph Steinberg
NOVEMBER 30, 2022
Zero Trust is becoming the new norm for securing corporate networks. The growing adoption of hybrid work models and the shift to the cloud have transformed the modern business network. No longer a well-defined and manageable set of edge locations, today’s corporate networks are an infinite web of users connecting from anywhere to resources hosted all over the globe.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Tech Republic Security
DECEMBER 1, 2022
Microsoft thinks new digital meeting tools — which include Mesh avatars that reduce the pressure of being on camera for video calls and AI that summarizes meetings — are worth the extra cost. The post How to run better meetings with new Microsoft Teams tools appeared first on TechRepublic.
Schneier on Security
DECEMBER 1, 2022
This is new : Newly revealed research shows that a number of major car brands, including Honda, Nissan, Infiniti, and Acura, were affected by a previously undisclosed security bug that would have allowed a savvy hacker to hijack vehicles and steal user data. According to researchers, the bug was in the car’s Sirius XM telematics infrastructure and would have allowed a hacker to remotely locate a vehicle, unlock and start it, flash the lights, honk the horn, pop the trunk, and access sensit
Security Affairs
DECEMBER 2, 2022
Qualys researchers demonstrated how to chain a new Linux flaw with two other two issues to gain full root privileges on an impacted system. Researchers at the Qualys’ Threat Research Unit demonstrated how to chain a new Linux vulnerability, tracked as CVE-2022-3328 , with two other flaws to gain full root privileges on an affected system. The vulnerability resides in the snap-confine function on Linux operating systems, a SUID-root program installed by default on Ubuntu.
Google Security
DECEMBER 1, 2022
Posted by Jeffrey Vander Stoep For more than a decade, memory safety vulnerabilities have consistently represented more than 65% of vulnerabilities across products, and across the industry. On Android, we’re now seeing something different - a significant drop in memory safety vulnerabilities and an associated drop in the severity of our vulnerabilities.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Tech Republic Security
DECEMBER 1, 2022
This deal is your last chance to get the Deeper Connect Pico Decentralized VPN at $50 off plus free shipping. The post Meet the most comprehensive portable cybersecurity device appeared first on TechRepublic.
Schneier on Security
DECEMBER 2, 2022
The company was hacked , and customer information accessed. No passwords were compromised.
Security Affairs
DECEMBER 1, 2022
Redigo is a new Go-based malware employed in attacks against Redis servers affected by the CVE-2022-0543 vulnerability. Researchers from security firm AquaSec discovered a new Go-based malware that is used in a campaign targeting Redis servers. Threat actors are exploiting a critical vulnerability, tracked as CVE-2022-0543 , in Redis (Remote Dictionary Server) servers.
Cisco Security
NOVEMBER 29, 2022
Cisco supports the Open Cybersecurity Schema Framework and is a launch partner of AWS Security Lake. The Cisco Secure Technical Alliance supports the open ecosystem and AWS is a valued technology alliance partner, with integrations across the Cisco Secure portfolio, including SecureX, Secure Firewall, Secure Cloud Analytics, Duo, Umbrella, Web Security Appliance, Secure Workload, Secure Endpoint, Identity Services Engine, and more.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Tech Republic Security
NOVEMBER 28, 2022
There's news from Amazon Web Services' Las Vegas show as a flurry of partnerships and edge computing initiatives have been revealed. The post AWS re:Invent 2022: Partners on parade appeared first on TechRepublic.
CyberSecurity Insiders
NOVEMBER 28, 2022
Windows 11 is all set to get a VPN Status Indicator in its system tray, allowing users to connect or download files anonymously and without the revelation of their home or IP address. Therefore, all those using VPN services to browse websites, stream movies and download files can look at their network and proceed only when it shows a sign. According to a report that turned viral on Twitter, Windows 11 users will get an indicator as a shield icon to let us know whether their network is connected
Security Affairs
NOVEMBER 28, 2022
Amazon Web Services (AWS) fixed a cross-tenant vulnerability that could have allowed attackers to gain unauthorized access to resources. Amazon Web Services (AWS) has addressed a cross-tenant confused deputy problem in its platform that could have allowed threat actors to gain unauthorized access to resources. The problem was reported to the company by researchers from Datadog on September 1, 2022, and the bug was solved on September 6.
Bleeping Computer
DECEMBER 2, 2022
Google has released Chrome 108.0.5359.94/.95 for Windows, Mac, and Linux users to address a single high-severity security flaw, the ninth Chrome zero-day exploited in the wild patched since the start of the year. [.].
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Tech Republic Security
NOVEMBER 28, 2022
Big data meets private data in a perfect storm for healthcare. Confidential computing providers say they’ll make the cloud safer for medical data. The post Top 5 confidential computing uses in healthcare appeared first on TechRepublic.
eSecurity Planet
DECEMBER 1, 2022
The Wiz Research Team recently discovered a supply chain vulnerability in IBM Cloud that they say is the first to impact a cloud provider’s infrastructure. In a dramatic flair, they named the flaw Hell’s Keychain. The security issues were reported to IBM Cloud in late August, and were patched in early September. Before it was patched, an attacker with knowledge of the vulnerability could run malicious code and modify data being stored by any IBM Cloud customer using PostgreSQL.
Security Affairs
DECEMBER 2, 2022
Experts found multiple flaws in three Android Keyboard apps that can be exploited by remote attackers to compromise a mobile phone. Researchers at the Synopsys Cybersecurity Research Center (CyRC) warn of three Android keyboard apps with cumulatively two million installs that are affected by multiple flaws ( CVE-2022-45477, CVE-2022-45478, CVE-2022-45479, CVE-2022-45480, CVE-2022-45481, CVE-2022-45482, CVE-2022-45483 ) that can be exploited by attackers to compromise a mobile phone.
We Live Security
NOVEMBER 30, 2022
ESET researchers uncover Dolphin, a sophisticated backdoor extending the arsenal of the ScarCruft APT group. The post Who’s swimming in South Korean waters? Meet ScarCruft’s Dolphin appeared first on WeLiveSecurity.
Advertisement
Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.
CyberSecurity Insiders
NOVEMBER 29, 2022
By Stephanie Benoit Kurtz, Lead Faculty for the College of Information Systems and Technology at University of Phoenix. As we near the end of 2022, IT professionals look back at one of the worst years on record for incidents. Cyber attacks and breaches continue to rise with no end in sight. Organizations continue to invest in technology at a record pace; however still continue to be at risk.
InfoWorld on Security
DECEMBER 2, 2022
There seems to be a clear trend in the world of cloud computing to return to IT fundamentals—the core problems that IT was set up to solve, such as data management, security, operations, governance, and development. All these things have been practiced for many decades and should be practiced now. The issue is not that IT is ignoring the fundamentals as they build and deploy major business systems in the cloud.
Security Affairs
DECEMBER 2, 2022
Threat actors could exploit drones for payload delivery, kinetic operations, and even diversion, experts warn. Original post at [link]. Once a niche technology, drones are about to explode in terms of market growth and enterprise adoption. Naturally, threat actors follow the trend and exploit the technology for surveillance, payload delivery, kinetic operations, and even diversion.
WIRED Threat Level
NOVEMBER 28, 2022
Google provided investigators with location data for more than 5,000 devices as part of the federal investigation into the attack on the US Capitol.
Advertisement
Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!
CyberSecurity Insiders
DECEMBER 1, 2022
LastPass, a password management service offering company, has disclosed that it has suffered a data breach in an attack that might be linked to the August data leak where hackers stole vital information from the servers of the said company. Karim Toubba, the CEO of LastPass, acknowledged the news as true and added a detailed investigation was being held by the security firm Mandiant on this note and the results are yet awaited!
Security Boulevard
NOVEMBER 28, 2022
Two key members of the Five Eyes intelligence alliance have made further moves to stop Chinese equipment imports. The post U.S. and UK Ban More Chinese Kit as Xi’s Grip Weakens appeared first on Security Boulevard.
Security Affairs
NOVEMBER 28, 2022
ESET announced the discovery of a vulnerability impacting Acer laptops that can allow an attacker to deactivate UEFI Secure Boot. ESET researchers announced in a series of tweets the discovery of a vulnerability impacting Acer laptops, the issue can allow an attacker to deactivate UEFI Secure Boot. The experts explained that the flaw, tracked as CVE-2022-4020 , is similar to the Lenovo vulnerabilities the company disclosed earlier this month.
SecureList
NOVEMBER 28, 2022
The consumer threat landscape constantly changes. Although the main types of threats (phishing, scams, malware, etc.) remain the same, lures that fraudsters use vary greatly depending on the time of year, current major events, news, etc. This year, we have seen spikes in cybercriminal activity aimed at users amid the shopping and back-to-school season, big pop culture events, such as Grammy and Oscar, movie premieres , new smartphone announcements , game releases , etc.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Expert insights. Personalized for you.
272 
Let's personalize your content