Schneier on Security
OCTOBER 17, 2022
Suspected members of a European car-theft ring have been arrested : The criminals targeted vehicles with keyless entry and start systems, exploiting the technology to get into the car and drive away. As a result of a coordinated action carried out on 10 October in the three countries involved, 31 suspects were arrested. A total of 22 locations were searched, and over EUR 1 098 500 in criminal assets seized.
Krebs on Security
OCTOBER 20, 2022
On October 10, 2022, there were 576,562 LinkedIn accounts that listed their current employer as Apple Inc. The next day, half of those profiles no longer existed. A similarly dramatic drop in the number of LinkedIn profiles claiming employment at Amazon comes as LinkedIn is struggling to combat a significant uptick in the creation of fake employee accounts that pair AI-generated profile photos with text lifted from legitimate users.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Troy Hunt
OCTOBER 15, 2022
I decided to do something a bit different this week and mostly just answer questions from my talk at GOTO Copenhagen last week. I wasn't actually in Denmark this time, but a heap of really good questions came through and as I started reading them, I thought "this would actually make for a really good weekly update" So here we are, and those questions then spurned on a whole heap more from the live audience too so this week's video became one large Q&A.
Tech Republic Security
OCTOBER 17, 2022
A slew of new Asana capabilities are geared toward enhancing reporting, decreasing duplicate cross-functional work and costs, and strengthening security. The post Asana launches enterprise-level workplace tools for prioritization and planning appeared first on TechRepublic.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Schneier on Security
OCTOBER 18, 2022
Everyone visiting Qatar for the World Cup needs to install spyware on their phone. Everyone travelling to Qatar during the football World Cup will be asked to download two apps called Ehteraz and Hayya. Briefly, Ehteraz is an covid-19 tracking app, while Hayya is an official World Cup app used to keep track of match tickets and to access the free Metro in Qatar.
Krebs on Security
OCTOBER 18, 2022
When people banking in the United States lose money because their payment card got skimmed at an ATM , gas pump or grocery store checkout terminal , they may face hassles or delays in recovering any lost funds, but they are almost always made whole by their financial institution. Yet, one class of Americans — those receiving food assistance benefits via state-issued prepaid debit cards — are particularly exposed to losses from skimming scams, and usually have little recourse to do an
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Tech Republic Security
OCTOBER 20, 2022
A new report from Zerto finds that only half of the companies surveyed focus on both recovery and prevention. The post Incomplete ransomware strategies still dog organizations appeared first on TechRepublic.
Schneier on Security
OCTOBER 21, 2022
Machine learning security is extraordinarily difficult because the attacks are so varied—and it seems that each new one is weirder than the next. Here’s the latest: a training-time attack that forces the model to exhibit a point of view: Spinning Language Models: Risks of Propaganda-As-A-Service and Countermeasures.” Abstract: We investigate a new threat to neural sequence-to-sequence (seq2seq) models: training-time attacks that cause models to “spin” their outputs
Krebs on Security
OCTOBER 15, 2022
AMLBot , a service that helps businesses avoid transacting with cryptocurrency wallets that have been sanctioned for cybercrime activity, said an investigation published by KrebsOnSecurity last year helped it shut down three dark web services that secretly resold its technology to help cybercrooks avoid detection by anti-money laundering systems. Antinalysis, as it existed in 2021.
eSecurity Planet
OCTOBER 18, 2022
For any organization struck by ransomware , business leaders always ask “how do we decrypt the data ASAP, so we can get back in business?”. The good news is that ransomware files can be decrypted. The bad news is it doesn’t work most of the time: Paid ransom decryption tools and keys don’t always work. Free decryption tools don’t always work. Paid decryption tools don’t always work.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Tech Republic Security
OCTOBER 17, 2022
Hybrid cloud has become a popular computing model in recent times. Find out all you need to know, including its features, pros and cons. The post What is hybrid cloud? appeared first on TechRepublic.
Security Affairs
OCTOBER 20, 2022
Cybersecurity researchers warn of a new PowerShell backdoor that disguises itself as part of the Windows update process to avoid detection. Cybersecurity researchers from SafeBreach a warning of a new PowerShell backdoor masqueraded as a Windows update process to avoid detection. The backdoor spreads via weaponized Word documents (“ Apply Form.docm.”) posing as a LinkedIn-based job application.
Bleeping Computer
OCTOBER 15, 2022
Over 45,000 VMware ESXi servers inventoried by Lansweeper just reached end-of-life (EOL), with VMware no longer providing software and security updates unless companies purchase an extended support contract. [.].
We Live Security
OCTOBER 17, 2022
What can schools, which all too often make easy prey for cybercriminals, do to bolster their defenses and keep threats at bay? The post 5 steps to protect your school from cyberattacks appeared first on WeLiveSecurity.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Tech Republic Security
OCTOBER 19, 2022
Consumer data compliance and privacy are growing in importance. Learn how to automate compliance efforts here. The post Consumers care about their data: Learn how to automate privacy and compliance efforts appeared first on TechRepublic.
Security Affairs
OCTOBER 15, 2022
Palo Alto Networks addressed a high-severity authentication bypass vulnerability affecting the PAN-OS 8.1 software. Palo Alto Networks released security patches to address a high-severity authentication bypass flaw, tracked as CVE-2022-0030 (CVSS score 8.1), impacting the PAN-OS 8.1 software. “An authentication bypass vulnerability in the Palo Alto Networks PAN-OS 8.1 web interface allows a network-based attacker with specific knowledge of the target firewall or Panorama appliance to imper
Bleeping Computer
OCTOBER 20, 2022
A major Internet cable in the South of France was severed yesterday at 20:30 UTC, impacting subsea cable connectivity to Europe, Asia, and the United States and causing data packet losses and increased website response latency. [.].
Digital Shadows
OCTOBER 19, 2022
Ransomware activity decreased in the third quarter of 2022 (Q3 2022), as actors regrouped and refocused after a busy start. The post Ransomware In Q3 2022 first appeared on Digital Shadows.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Tech Republic Security
OCTOBER 17, 2022
Gartner analysts outline the steps CIOs need to take to “revolutionize work” for the next stage of digital and detail how to power sustainability outcomes during a keynote address at the Gartner IT Symposium/Xpo Monday. The post Gartner: IT force multipliers for sustainable growth, cyber resiliency and responsible investment appeared first on TechRepublic.
Security Affairs
OCTOBER 18, 2022
Fortinet confirmed that many systems are still vulnerable to attacks exploiting the CVE-2022-40684 zero-day vulnerability. Fortinet is urging customers to address the recently discovered CVE-2022-40684 zero-day vulnerability. Unfortunately, the number of devices that have yet to be patched is still high. “After multiple notifications from Fortinet over the past week, there are still a significant number of devices that require mitigation, and following the publication by an outside party o
Bleeping Computer
OCTOBER 15, 2022
Fortinet urges customers to urgently patch their appliances against a critical authentication bypass FortiOS, FortiProxy, and FortiSwitchManager vulnerability exploited in attacks. [.].
We Live Security
OCTOBER 20, 2022
APT-C-50’s Domestic Kitten campaign continues, targeting Iranian citizens with a new version of the FurBall malware masquerading as an Android translation app. The post Domestic Kitten campaign spying on Iranian citizens with new FurBall malware appeared first on WeLiveSecurity.
Advertisement
Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.
Tech Republic Security
OCTOBER 18, 2022
Mike Arrowsmith, chief trust officer at NinjaOne, makes the case for a permanent shift in the way businesses conduct remote security. The post Plugging holes remote work punched through security appeared first on TechRepublic.
Security Affairs
OCTOBER 17, 2022
Black Lotus is a new, powerful Windows UEFI rootkit advertised on underground criminal forums, researcher warns. Cybersecurity researcher Scott Scheferman reported that a new Windows UEFI rootkit, dubbed Black Lotus, is advertised on underground criminal forums. The powerful malware is offered for sale at $5,000, with $200 payments per new updates. The researcher warns that the availability of this rootkit in the threat landscape represents a serious threat for organizations due to its evasion a
Digital Shadows
OCTOBER 20, 2022
Note: This blog is part of a series of articles related to the use of Structured Analytic Techniques in Cyber. The post Alternative Future Analysis: Pro-Russian Hacktivism first appeared on Digital Shadows.
CyberSecurity Insiders
OCTOBER 21, 2022
Advocate Aurora Health(AAH), a medical services provider serving Wisconsin and Illinois populace, was hit by a data breach affecting over 3,000,000 patients. According to the information available to Cybersecurity Insiders, AAH websites are loaded by Meta Pixel, and hackers used a vulnerability in the software tool to access information. Technically, Meta Pixel is a Facebook researchers supplied JavaScript code based analytics tool that assists website owners to gain insights on user interaction
Advertisement
Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!
Tech Republic Security
OCTOBER 21, 2022
BlackByte is using Exbyte, a new custom exfiltration tool, to steal data. Learn how to protect your organization from this ransomware. The post BlackByte Ransomware Picks Up Where Conti and Sodinokibi Left Off appeared first on TechRepublic.
Security Affairs
OCTOBER 17, 2022
The IT infrastructure of the Japanese tech company Oomiya was infected with the LockBit 3.0 ransomware. One of the affiliates for the LockBit 3.0 RaaS hit the Japanese tech company Oomiya. Oomiya is focused on designing and manufacturing microelectronics and facility system equipment. The business of Omiya Kasei is divided into four major areas, manufacturing and designing chemical and industrial products, designing electronic materials, pharmaceutical development, and factory manufacturing.
Bleeping Computer
OCTOBER 16, 2022
Google Search is timing out when users search for specific terms like "How many emojis on iOS," "How many emojis on Apple" and "How many emojis on Windows." [.].
CyberSecurity Insiders
OCTOBER 20, 2022
By Jason Dover, VP of Product Strategy at Progress. With the growing complexity and sophistication of modern security threats, organizations must make suitable investments and develop comprehensive strategies to keep their digital assets secure. This is not a new challenge, but the frequency of attacks is certainly on the rise. The 2022 IBM Cost of a Data Breach Report showed that 83% of the groups studied have had more than one data breach.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Expert insights. Personalized for you.
347 
Let's personalize your content