Krebs on Security

JANUARY 19, 2022

If you created an online account to manage your tax records with the U.S. Internal Revenue Service (IRS), those login credentials will cease to work later this year. The agency says that by the summer of 2022, the only way to log in to irs.gov will be through ID.me , an online identity verification service that requires applicants to submit copies of bills and identity documents, as well as a live video feed of their faces via a mobile device.

Mobile 364

Mobile Accountability Insurance Government 364

Joseph Steinberg

JANUARY 19, 2022

At some point in the not-so-distant future, quantum computers are going to pose a major threat to today’s encryption mechanisms and encrypted data. The ability to leverage quantum physics in order to create immense multi-dimensional representations of data, and to simultaneously analyze many values within those structures, will give these emerging mathematical powerhouses the ability to quickly crack most, if not all, of the standard asymmetric and symmetric encryption utilized to today pr

Encryption 363

Encryption Backups Banking Artificial Intelligence 363

Schneier on Security

JANUARY 18, 2022

Rolling Stone is reporting that the UK government has hired the M&C Saatchi advertising agency to launch an anti-encryption advertising campaign. Presumably they’ll lean heavily on the “think of the children!” rhetoric we’re seeing in this current wave of the crypto wars. The technical eavesdropping mechanisms have shifted to client-side scanning, which won’t actually help — but since that’s not really the point, it’s not argued on its merits.

Encryption 351

Encryption Government Advertising Marketing 351

Troy Hunt

JANUARY 21, 2022

It's mostly breaches this week and that's mostly business as usual, except for one. I didn't know whether I should speak about the one that frankly, upset me, but I felt it would be somewhat disingenuous not to. I couldn't on the one hand build out this "brand", for want of a better term, of transparency and then just shelve a breach and not talk about it because it's too uncomfortable.

Retail 270

Retail 270

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

Krebs on Security

JANUARY 21, 2022

Up for the “Most Meta Cybercrime Offering” award this year is Accountz Club , a new cybercrime store that sells access to purloined accounts at services built for cybercriminals, including shops peddling stolen payment cards and identities, spamming tools, email and phone bombing services, and those selling authentication cookies for a slew of popular websites.

Hacking 321

Hacking Cybercrime Authentication Passwords 321

Joseph Steinberg

JANUARY 20, 2022

Zero Trust. A seemingly simple term that appears in pitches sent to me several times a day by cybersecurity product and services vendors that are seeking media exposure. And, in many (if not most cases), the term is being misused – even by the very vendors who claim to be the ones delivering zero trust to the world. So, let’s cut through the marketing fluff and understand what Zero Trust is – and, even before that that, what Zero Trust Is not.

Cybersecurity 361

Cybersecurity Artificial Intelligence Ransomware Social Engineering 361

The Last Watchdog

JANUARY 17, 2022

A key CEO responsibility is reporting results that deliver on a company’s mission to shareholders. This reporting often requires a host of metrics that define success, like Annual Recurring Revenue and sales for software as a service (SaaS) companies. These are lagging indicators where the results follow behind the work required to achieve them. Related: Automating SecOps.

CISO 240

CISO Software B2B Marketing 240

Lohrman on Security

JANUARY 16, 2022

There were new developments in 2021 regarding implanting microchips into humans. So what plans were announced for 2022? And just as important, what are the privacy and security ramifications?

226

226

Tech Republic Security

JANUARY 20, 2022

The Microsoft RDP vulnerability is a serious problem, but with a few caveats: It's been patched, and experts say it may be less likely to happen than it seems at first glance.

218

218

Schneier on Security

JANUARY 20, 2022

Last summer, the San Francisco police illegally used surveillance cameras at the George Floyd protests. The EFF is suing the police: This surveillance invaded the privacy of protesters, targeted people of color, and chills and deters participation and organizing for future protests. The SFPD also violated San Francisco’s new Surveillance Technology Ordinance.

Surveillance 344

Surveillance Technology 344

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

The Last Watchdog

JANUARY 20, 2022

Looking back, 2021 was a breakout year for ransomware around the globe, with ransoms spiking to unprecedented multi-million dollar amounts. Related: Colonial Pipeline attack ups ransomware ante. All this while Endpoint Detection and Response system (EDR) installations are at an all-time high. EDR systems are supposed to protect IT system endpoints against these very malware, ransomware, and other types of malicious code.

Ransomware 234

Ransomware Malware Data breaches Technology 234

Anton on Security

JANUARY 20, 2022

20 years of SIEM? On Jan 20, 2002 , exactly 20 years ago, I joined a “SIM” vendor that shall remain nameless, but is easy to figure out. That windy winter day in northern New Jersey definitely set my security career on a new course. With this post, I wanted to briefly reflect on this ominous anniversary. Where do we begin? Let’s start with a sad fact that some of the problems that plagued the SIM/SEM of late 1990s and early 2000s are still with us today in 2022.

Technology 211

Technology Engineering Data collection Firewall 211

Tech Republic Security

JANUARY 18, 2022

As more companies focus on digital adoption goals in 2022, finding security tools to detect malicious activity is top-of-mind for executives.

Cybersecurity 215

Cybersecurity 215

Schneier on Security

JANUARY 19, 2022

Over the past few weeks, I’ve seen a bunch of writing about what seems to be fake COVID-19 testing sites. They take your name and info, and do a nose swab, but you never get test results. Speculation centered around data harvesting, but that didn’t make sense because it was far too labor intensive for that and — sorry to break it to you — your data isn’t worth all that much.

Insurance 336

Insurance Marketing Government Software 336

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

The Hacker News

JANUARY 21, 2022

In yet another instance of software supply chain attack, dozens of WordPress themes and plugins hosted on a developer's website were backdoored with malicious code in the first half of September 2021 with the goal of infecting further sites.

Software 145

Software 145

Security Affairs

JANUARY 21, 2022

McAfee addressed a security flaw in its McAfee Agent software for Windows that allows running arbitrary code with SYSTEM privileges. McAfee (now Trellix) has addressed a high-severity vulnerability, tracked as CVE-2022-0166 , that resides in McAfee Agent software for Windows. An attacker can exploit this flaw to escalate privileges and execute arbitrary code with SYSTEM privileges.

Software 145

Software Hacking Accountability Information Security 145

Tech Republic Security

JANUARY 18, 2022

For the final quarter of 2021, DHL surpassed Microsoft as the brand most spoofed in phishing campaigns, says Check Point Research.

Phishing 202

Phishing 202

Schneier on Security

JANUARY 17, 2022

Here’s a fascinating report: “ Bounty Everything: Hackers and the Making of the Global Bug Marketplace.” From a summary : …researchers Ryan Ellis and Yuan Stevens provide a window into the working lives of hackers who participate in “bug bounty” programs­ — programs that hire hackers to discover and report bugs or other vulnerabilities in their systems.

Risk 321

Risk Hacking 321

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

The Hacker News

JANUARY 21, 2022

A previously undocumented firmware implant deployed to maintain stealthy persistence as part of a targeted espionage campaign has been linked to the Chinese-speaking Winnti advanced persistent threat group (APT41).

Firmware 145

Firmware Malware 145

Security Affairs

JANUARY 21, 2022

Researchers have spotted China-linked APT41 cyberespionage group using a UEFI implant, dubbed MoonBounce, to maintain persistence. Kaspersky researchers spotted the China-linked APT41 cyberespionage group using a UEFI implant , dubbed MoonBounce, to maintain persistence. At the end of 2021, researchers discovered a UEFI firmware-level compromise by analyzing logs from its Firmware Scanner.

Firmware 145

Firmware Malware Spyware Surveillance 145

Tech Republic Security

JANUARY 20, 2022

LastPass's Premium Plan keeps your digital life secure and at your fingertips with management for an unlimited number of passwords and seamless access across all of your devices.

Passwords 188

Passwords 188

Security Boulevard

JANUARY 21, 2022

China is mandating that athletes download and use a health and travel app when they attend the Winter Olympics next month. Citizen Lab examined the app and found it riddled with security holes. Key Findings: MY2022, an app mandated for use by all attendees of the 2022 Olympic Games in Beijing, has a simple but devastating flaw where encryption protecting users’ voice audio and file transfers can be trivially sidestepped.

Encryption 145

Encryption Data collection Surveillance 145

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

SecureList

JANUARY 20, 2022

What happened? At the end of 2021, we were made aware of a UEFI firmware-level compromise through logs from our Firmware Scanner , which has been integrated into Kaspersky products since the beginning of 2019. Further analysis has shown that a single component within the inspected firmware’s image was modified by attackers in a way that allowed them to intercept the original execution flow of the machine’s boot sequence and introduce a sophisticated infection chain.

Firmware 145

Firmware Malware Encryption Passwords 145

The Hacker News

JANUARY 19, 2022

Microsoft on Wednesday disclosed details of a new security vulnerability in SolarWinds Serv-U software that it said was being weaponized by threat actors to propagate attacks leveraging the Log4j flaws to compromise targets. Tracked as CVE-2021-35247 (CVSS score: 5.

Software 145

Software 145

Tech Republic Security

JANUARY 19, 2022

A phishing campaign seen by email security provider Inky tries to trick its victims by inviting them to submit bids for alleged government projects.

Phishing 183

Phishing Accountability Government 183

We Live Security

JANUARY 18, 2022

ESET researchers take a deep look into recent attacks carried out by Donot Team throughout 2020 and 2021, targeting government and military entities in several South Asian countries. The post DoNot Go! Do not respawn! appeared first on WeLiveSecurity.

Government 145

Government 145

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

Security Affairs

JANUARY 18, 2022

A new ransomware gang named White Rabbit appeared in the threat landscape, experts believe it is linked to the FIN8 hacking group. A new ransomware gang called ‘White Rabbit’ launched its operations and according to the experts, it is likely linked to the FIN8 financially motivated group. In December the popular malware researcher Michael Gillespie, first mentioned the group and called to action the experts to hunt the new threat.

Ransomware 145

Ransomware Encryption Malware Passwords 145

The Hacker News

JANUARY 19, 2022

Potential connections between a subscription-based crimeware-as-a-service (Caas) solution and a cracked copy of Cobalt Strike have been established in what the researchers suspect is being offered as a tool for its customers to stage post-exploitation activities.

Malware 145

Malware Cybersecurity 145

Tech Republic Security

JANUARY 20, 2022

Are you looking to deploy an in-house password manager server? Jack Wallen shows you how with Bitwarden and Docker.

Password Management 170

Password Management Passwords 170

Bleeping Computer

JANUARY 21, 2022

McAfee has patched a security vulnerability discovered in the company's McAfee Agent software for Windows enabling attackers to escalate privileges and execute arbitrary code with SYSTEM privileges. [.].

Software 145

Software 145

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity