Joseph Steinberg

JANUARY 20, 2022

Zero Trust. A seemingly simple term that appears in pitches sent to me several times a day by cybersecurity product and services vendors that are seeking media exposure. And, in many (if not most cases), the term is being misused – even by the very vendors who claim to be the ones delivering zero trust to the world. So, let’s cut through the marketing fluff and understand what Zero Trust is – and, even before that that, what Zero Trust Is not.

Cybersecurity 363

Cybersecurity Artificial Intelligence Ransomware Social Engineering 363

Krebs on Security

JANUARY 19, 2022

If you created an online account to manage your tax records with the U.S. Internal Revenue Service (IRS), those login credentials will cease to work later this year. The agency says that by the summer of 2022, the only way to log in to irs.gov will be through ID.me , an online identity verification service that requires applicants to submit copies of bills and identity documents, as well as a live video feed of their faces via a mobile device.

Mobile 363

Mobile Accountability Insurance Government 363

Schneier on Security

JANUARY 18, 2022

Rolling Stone is reporting that the UK government has hired the M&C Saatchi advertising agency to launch an anti-encryption advertising campaign. Presumably they’ll lean heavily on the “think of the children!” rhetoric we’re seeing in this current wave of the crypto wars. The technical eavesdropping mechanisms have shifted to client-side scanning, which won’t actually help — but since that’s not really the point, it’s not argued on its merits.

Encryption 344

Encryption Government Advertising Marketing 344

Tech Republic Security

JANUARY 20, 2022

The Microsoft RDP vulnerability is a serious problem, but with a few caveats: It's been patched, and experts say it may be less likely to happen than it seems at first glance.

218

218

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Joseph Steinberg

JANUARY 19, 2022

At some point in the not-so-distant future, quantum computers are going to pose a major threat to today’s encryption mechanisms and encrypted data. The ability to leverage quantum physics in order to create immense multi-dimensional representations of data, and to simultaneously analyze many values within those structures, will give these emerging mathematical powerhouses the ability to quickly crack most, if not all, of the standard asymmetric and symmetric encryption utilized to today pr

Encryption 363

Encryption Backups Banking Artificial Intelligence 363

Krebs on Security

JANUARY 21, 2022

Up for the “Most Meta Cybercrime Offering” award this year is Accountz Club , a new cybercrime store that sells access to purloined accounts at services built for cybercriminals, including shops peddling stolen payment cards and identities, spamming tools, email and phone bombing services, and those selling authentication cookies for a slew of popular websites.

Hacking 311

Hacking Cybercrime Authentication Passwords 311

Tech Republic Security

JANUARY 18, 2022

As more companies focus on digital adoption goals in 2022, finding security tools to detect malicious activity is top-of-mind for executives.

Cybersecurity 210

Cybersecurity 210

Thales Cloud Protection & Licensing

JANUARY 20, 2022

How to activate multifactor authentication everywhere. divya. Thu, 01/20/2022 - 10:19. The impact of not having multifactor authentication (MFA) activated for all users is now well known by enterprises. Verizon’s Data Breach Investigation 2021 Report indicates that over 80% of breaches evolve phishing, brute force or the use of lost or stolen credentials.

Authentication 143

Authentication Mobile Data breaches Marketing 143

Security Boulevard

JANUARY 21, 2022

China is mandating that athletes download and use a health and travel app when they attend the Winter Olympics next month. Citizen Lab examined the app and found it riddled with security holes. Key Findings: MY2022, an app mandated for use by all attendees of the 2022 Olympic Games in Beijing, has a simple but devastating flaw where encryption protecting users’ voice audio and file transfers can be trivially sidestepped.

Encryption 145

Encryption Data collection Surveillance 145

Schneier on Security

JANUARY 20, 2022

Last summer, the San Francisco police illegally used surveillance cameras at the George Floyd protests. The EFF is suing the police: This surveillance invaded the privacy of protesters, targeted people of color, and chills and deters participation and organizing for future protests. The SFPD also violated San Francisco’s new Surveillance Technology Ordinance.

Surveillance 336

Surveillance Technology 336

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Tech Republic Security

JANUARY 20, 2022

LastPass's Premium Plan keeps your digital life secure and at your fingertips with management for an unlimited number of passwords and seamless access across all of your devices.

Passwords 174

Passwords 174

The Hacker News

JANUARY 21, 2022

In yet another instance of software supply chain attack, dozens of WordPress themes and plugins hosted on a developer's website were backdoored with malicious code in the first half of September 2021 with the goal of infecting further sites.

Software 145

Software 145

eSecurity Planet

JANUARY 20, 2022

Incidents of malware targeting Linux-based Internet of Things (IoT) devices jumped by more than a third in 2021, with three malware families the primary drivers behind the increase. According to a report by CrowdStrike , there was a 35 percent year-over year growth in 2021 of malware targeting these devices, and the XorDDoS, Mirai and Mozi families were responsible for 22 percent of all Linux-based IoT malware.

IoT 145

IoT DDOS Malware Internet 145

Schneier on Security

JANUARY 19, 2022

Over the past few weeks, I’ve seen a bunch of writing about what seems to be fake COVID-19 testing sites. They take your name and info, and do a nose swab, but you never get test results. Speculation centered around data harvesting, but that didn’t make sense because it was far too labor intensive for that and — sorry to break it to you — your data isn’t worth all that much.

Insurance 328

Insurance Marketing Government Software 328

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Tech Republic Security

JANUARY 18, 2022

For the final quarter of 2021, DHL surpassed Microsoft as the brand most spoofed in phishing campaigns, says Check Point Research.

Phishing 196

Phishing 196

SecureList

JANUARY 20, 2022

What happened? At the end of 2021, we were made aware of a UEFI firmware-level compromise through logs from our Firmware Scanner , which has been integrated into Kaspersky products since the beginning of 2019. Further analysis has shown that a single component within the inspected firmware’s image was modified by attackers in a way that allowed them to intercept the original execution flow of the machine’s boot sequence and introduce a sophisticated infection chain.

Firmware 145

Firmware Malware Encryption Passwords 145

Bleeping Computer

JANUARY 21, 2022

McAfee has patched a security vulnerability discovered in the company's McAfee Agent software for Windows enabling attackers to escalate privileges and execute arbitrary code with SYSTEM privileges. [.].

Software 145

Software 145

Schneier on Security

JANUARY 17, 2022

Here’s a fascinating report: “ Bounty Everything: Hackers and the Making of the Global Bug Marketplace.” From a summary : …researchers Ryan Ellis and Yuan Stevens provide a window into the working lives of hackers who participate in “bug bounty” programs­ — programs that hire hackers to discover and report bugs or other vulnerabilities in their systems.

Risk 312

Risk Hacking 312

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Tech Republic Security

JANUARY 19, 2022

A phishing campaign seen by email security provider Inky tries to trick its victims by inviting them to submit bids for alleged government projects.

Phishing 171

Phishing Accountability Government 171

We Live Security

JANUARY 18, 2022

ESET researchers take a deep look into recent attacks carried out by Donot Team throughout 2020 and 2021, targeting government and military entities in several South Asian countries. The post DoNot Go! Do not respawn! appeared first on WeLiveSecurity.

Government 145

Government 145

Security Boulevard

JANUARY 20, 2022

Despite your best efforts to prevent it, you get hit by a massive cyberattack. Maybe it’s a data breach; maybe a ransomware attack or maybe a supply chain disruption. You engage a forensics team, work with law enforcement entities and find out that the likely perpetrators were hackers in Russia; possibly working with the Russian. The post Does Your Cyberinsurance Policy Cover Cyberwar?

Data breaches 145

Data breaches Ransomware Insurance Risk 145

Bleeping Computer

JANUARY 17, 2022

There's a problem with the implementation of the IndexedDB API in Safari's WebKit engine, which could result in leaking browsing histories and even user identities to anyone exploiting the flaw. [.].

Accountability 145

Accountability Engineering 145

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

The Hacker News

JANUARY 21, 2022

A previously undocumented firmware implant deployed to maintain stealthy persistence as part of a targeted espionage campaign has been linked to the Chinese-speaking Winnti advanced persistent threat group (APT41).

Firmware 144

Firmware Malware 144

We Live Security

JANUARY 17, 2022

Do you often take to social media to broadcast details about your job, employer or coworkers? Think before you share – less may be more. The post Social media in the workplace: Cybersecurity dos and don’ts for employees appeared first on WeLiveSecurity.

Media 145

Media Cybersecurity 145

Security Boulevard

JANUARY 17, 2022

As per an article by The Hindu, 50,035 cases of cybercrime were reported in 2020, 11.8% more than in 2019 while 60.2% of cybercrimes were of fraud. Every organization or institution has some sort of information or data that needs to be protected. Organizations invest large sums of money to secure that information and data. […]. The post Cybercrime: Rising Concern to Cyber World appeared first on Kratikal Blogs.

Cybercrime 145

Cybercrime Social Engineering Engineering Cybersecurity 145

Bleeping Computer

JANUARY 15, 2022

The number of malware infections on Linux-based IoT (internet of things) devices rose by 35% in 2021 compared to the previous year's numbers. The principal goal was recruiting devices to be part of DDoS (distributed denial of service) attacks. [.].

Malware 145

Malware DDOS IoT Internet 145

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

Appknox

JANUARY 17, 2022

BFSI (Banking, Financial Service and Insurance) organizations have remained a primary target of cybercriminals over the last several years. Given the amount of sensitive data that the BFSI sector has to deal with, they become an obvious goldmine for hackers and that is why they have to prioritise cybersecurity above all else.

Financial Services 143

Financial Services Cybersecurity Insurance Banking 143

We Live Security

JANUARY 20, 2022

Think your email may have been hacked? Here are the signs to look for, how account takeover attacks commonly occur, and how to recover your account and avoid falling victim again. The post How to know if your email has been hacked appeared first on WeLiveSecurity.

Hacking 144

Hacking Accountability 144

Security Boulevard

JANUARY 20, 2022

Throughout its history, the tech industry has had to deal with constant change, increasingly complex architectures and security challenges. Security is a particularly deep well of concepts to navigate. One offshoot of this is acronym fatigue, a never-ending, ever-changing mishmash of insider terms that are intended to define markets. The advent of cloud has taken.

Architecture 144

Architecture Marketing Cybersecurity 144

The Hacker News

JANUARY 19, 2022

Microsoft on Wednesday disclosed details of a new security vulnerability in SolarWinds Serv-U software that it said was being weaponized by threat actors to propagate attacks leveraging the Log4j flaws to compromise targets. Tracked as CVE-2021-35247 (CVSS score: 5.

Software 143

Software 143

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity