Lohrman on Security
DECEMBER 23, 2021
What will the New Year bring in cyber space? Here’s your annual roundup of the top security industry forecasts, trends and cybersecurity prediction reports for calendar year 2022.
Daniel Miessler
DECEMBER 18, 2021
If you’re reading this you’re underslept and over-caffeinated due to log4j. Thank you for your service. I have some good news. I know a super-smart guy named d0nut who figured something out like 3 days ago that very few people know. Once you have 2.15 applied—or the CLI implementation to disable lookups—you actually need a non-default log4j2.properties configuration to still be vulnerable!
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Troy Hunt
DECEMBER 19, 2021
In the last month, there were 1,260,000,000 occasions where a service somewhere checked a password against Have I Been Pwned's (HIBP's) Pwned Password API. 99.7% of the time, that check went no further than one of hundreds of Cloudflare edge nodes spread around the world (95% of the world's population is within 50ms of one). It looks like this: There are all sorts of amazing Pwned Passwords use cases out there.
Anton on Security
DECEMBER 21, 2021
As we discussed in “Achieving Autonomic Security Operations: Reducing toil” (or it’s early version “Kill SOC Toil, Do SOC Eng” ), your Security Operations Center (SOC) can learn a lot from what IT operations learned during the SRE revolution. In this post of the series, we plan to extract the lessons for your SOC centered on another SRE principle?—?
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Schneier on Security
DECEMBER 20, 2021
Citizen Lab published another report on the spyware used against two Egyptian nationals. One was hacked by NSO Group’s Pegasus spyware. The other was hacked both by Pegasus and by the spyware from another cyberweapons arms manufacturer: Cytrox. We haven’t heard a lot about Cytrox and its Predator spyware. According to Citzen Lab: We conducted Internet scanning for Predator spyware servers and found likely Predator customers in Armenia, Egypt, Greece, Indonesia, Madagascar, Oman, Saud
Lohrman on Security
DECEMBER 19, 2021
2021 will be remembered as the most disruptive year so far when it came to cyber attacks, with ransomware impacting businesses and governments — including critical infrastructure — as never before.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
The Last Watchdog
DECEMBER 20, 2021
Within the past year, we have seen a glut of ransomware attacks that made global news as they stymied the operations of many. In May, the infamous Colonial Pipeline ransomware attack disrupted nationwide fuel supply to most of the U.S. East Coast for six days. Related: Using mobile apps to radicalize youth. But the danger has moved up a notch with a new, grave threat: killware.
Schneier on Security
DECEMBER 22, 2021
The US has returned $154 million in bitcoins stolen by a Sony employee. However, on December 1, following an investigation in collaboration with Japanese law enforcement authorities, the FBI seized the 3879.16242937 BTC in Ishii’s wallet after obtaining the private key, which made it possible to transfer all the bitcoins to the FBI’s bitcoin wallet.
Troy Hunt
DECEMBER 24, 2021
I'd say this is probably the most epic scene I've ever done one of these videos from and equally, the main topic of the day around Pwned Passwords and the work done with the FBI and NCA is the most epic thing I've done for a very long time. On reflection, I feel like this is the first major step towards HIBP growing up and becoming self-sufficient; that Pwned Passwords piece is now owned by the community, supported by the community, contributed to by 2 of the world's foremost
Tech Republic Security
DECEMBER 22, 2021
Log4Shell is a dangerous security concern — and now Conti, a prominent ransomware group, is exploiting it to attack vulnerable servers to extort millions of dollars.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
The Last Watchdog
DECEMBER 21, 2021
Cloud hosted email services have come into wide use as the go-to communication and collaboration work tools for businesses far and wide. Related: Weaponized email endures as top threat. Digital native companies start from day one relying entirely on Microsoft Office 365 or Google’s G Suite and most established companies are in some stage of migrating to, or adjusting for, Office 365 or G Suite.
Bleeping Computer
DECEMBER 24, 2021
An Android banking trojan targeting Itaú Unibanco, a large financial services provider in Brazil with 55 million customers globally, is using a fake Google Play store to spread to devices. [.].
The Hacker News
DECEMBER 24, 2021
Apple recently fixed a security vulnerability in the macOS operating system that could be potentially exploited by a threat actor to "trivially and reliably" bypass a "myriad of foundational macOS security mechanisms" and run arbitrary code. Security researcher Patrick Wardle detailed the discovery in a series of tweets on Thursday. Tracked as CVE-2021-30853 (CVSS score: 5.
Tech Republic Security
DECEMBER 24, 2021
Training for a lucrative tech career is easier and less expensive than you might think. Check out these online courses on programming, cybersecurity, project management and more.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Security Affairs
DECEMBER 21, 2021
Microsoft warns of a couple of Active Directory flaws fixed with the November 2021 Patch Tuesday updates that could allow takeover of Windows domains. Microsoft released an alert on a couple of Active Directory vulnerabilities, that have been fixed with the November 2021 Patch Tuesday security updates, that could allow threat actors to takeover Windows domains.
Bleeping Computer
DECEMBER 22, 2021
The Cybersecurity and Infrastructure Security Agency (CISA) has announced the release of a scanner for identifying web services impacted by& two Apache Log4j remote code execution vulnerabilities, tracked as CVE-2021-44228 and CVE-2021-45046. [.].
The Hacker News
DECEMBER 21, 2021
Even with the growing awareness about cybersecurity, many myths about it are prevalent. These misconceptions can be a barrier to effective security. The first step to ensure the security of your business is to separate the false information, myths, and rumors from the truth. Here, we're busting some common cybersecurity myths. Read on to find out which of the following you thought were true.
Tech Republic Security
DECEMBER 23, 2021
Kasada research finds that all-in-one bots are fooling cyberdefenses and automating the checkout process to snap up in-demand goods.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
eSecurity Planet
DECEMBER 22, 2021
When it comes to managing cybersecurity risk , approximately 35 percent of organizations say they only take an active interest if something bad happens. But in order for businesses to maintain compliance with major privacy laws , they have to have security measures in place before an attack. The regulations from GDPR, PIPL, and CCPA are especially prevalent to MSPs and software vendors because they get access to data from so many organizations, but all businesses need to comply with them.
Bleeping Computer
DECEMBER 19, 2021
A new malware named 'DarkWatchman' has emerged in the cybercrime underground, and it's a lightweight and highly-capable JavaScript RAT (Remote Access Trojan) paired with a C# keylogger. [.].
Dark Reading
DECEMBER 20, 2021
Security experts in Germany discover similar attacks that lock building engineering management firms out of the BASes they built and manage — by turning a security feature against them.
Tech Republic Security
DECEMBER 20, 2021
Online consumers can do everything right and still become cyber victims. Learn about synthetic identity fraud and why "buyer beware" is not enough.
Advertisement
Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.
Security Affairs
DECEMBER 18, 2021
Multiple flaws in the Log4J library are scaring organizations worldwide while threat actors are already exploiting them. 2.17 is the third fix issued in a week. While the experts were warning that threat actors are actively attempting to exploit a second vulnerability, tracked as CVE-2021-45046 , disclosed in the Log4j library a third security vulnerability made the headlines.
Bleeping Computer
DECEMBER 18, 2021
Yesterday, BleepingComputer summed up all the log4j and logback CVEs known thus far. Ever since the critical log4j zero-day saga began last week, security experts have time and time again recommended version 2.16 as the safest release to be on. That changes today with version 2.17.0 out that fixes CVE-2021-45105, a DoS vulnerability. [.].
CyberSecurity Insiders
DECEMBER 20, 2021
By Jon Lucas, Co-director, Hyve Managed Hosting. What was once regarded as a perk of the job has now become an outright necessity. Once an optional luxury in select businesses and industries, remote working is now one of the central pillars of the so-called ‘new normal’, at least where desk-based working is concerned. Even businesses that are keen to get workers back into the office as soon as possible are at least keeping the door open with regards to remote working, such has been the uncertain
Tech Republic Security
DECEMBER 23, 2021
Are you looking to deploy an in-house password manager server? Jack Wallen shows you how with Bitwarden and Docker.
Advertisement
Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!
The Hacker News
DECEMBER 18, 2021
Cybersecurity researchers have discovered an entirely new attack vector that enables adversaries to exploit the Log4Shell vulnerability on servers locally by using a JavaScript WebSocket connection.
Bleeping Computer
DECEMBER 20, 2021
Microsoft warned customers today to patch two Active Directory domain service privilege escalation security flaws that, when combined, allow attackers to easily takeover Windows domains. [.].
CyberSecurity Insiders
DECEMBER 20, 2021
Supply chain challenges have always been present, but they’re growing increasingly common and severe. COVID-related shortages have compounded typical disruptions like holiday season demand, creating unprecedented logistics obstacles. Some experts warn that these challenges may last up to two years , and even then, disruptions could still be likely as supply chains grow more complex.
Tech Republic Security
DECEMBER 21, 2021
Want a custom security dashboard to bring together data from multiple places? Microsoft Power BI can do that and help you spot what's changing.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Expert insights. Personalized for you.
363 
Let's personalize your content