Joseph Steinberg

DECEMBER 7, 2021

CyberSecurity and Artificial Intelligence Expert, Joseph Steinberg, will lead a panel discussion on the intersection of CyberSecurity and Artificial Intelligence (AI), to take place on Thursday, December 9, 2021, the second and final day of the AI Summit being held in person in New York’s Javits Center. Steinberg’s session, entitled Key Challenges for Security Leaders Now and Beyond – Not Just Technical Competence , will feature a discussion with four other notable figures from the w

Artificial Intelligence 363

Artificial Intelligence Cybersecurity Technology 363

Schneier on Security

DECEMBER 7, 2021

Since 2017, someone is running about a thousand — 10% of the total — Tor servers in an attempt to deanonymize the network: Grouping these servers under the KAX17 umbrella, Nusenu says this threat actor has constantly added servers with no contact details to the Tor network in industrial quantities, operating servers in the realm of hundreds at any given point.

343

343

Troy Hunt

DECEMBER 7, 2021

I was having a coffee with a good mate the other day. He's not a techie (he runs a pizza restaurant), but somehow, we ended up talking about passwords. Because he's a normal person, he has the same 1 or 2 or 3 he uses everywhere and even without telling me what they were, I knew they were terrible. Actually, I'll rephrase that: because he was a normal guy; he's not normal anymore because yesterday I carved out some time to give him an early Christmas present: Today I spent an

Passwords 338

Passwords Password Management Banking Accountability 338

Lohrman on Security

DECEMBER 5, 2021

Underestimating, or not properly preparing for, adversaries can lead to big trouble — in both football and cybersecurity. So what can cyber teams learn from “The Game”?

Cybersecurity 338

Cybersecurity 338

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Krebs on Security

DECEMBER 8, 2021

A 31-year-old Canadian man has been arrested and charged with fraud in connection with numerous ransomware attacks against businesses, government agencies and private citizens throughout Canada and the United States. Canadian authorities describe him as “the most prolific cybercriminal we’ve identified in Canada,” but so far they’ve released few other details about the investigation or the defendant.

Cybercrime 299

Cybercrime Ransomware Accountability Advertising 299

Schneier on Security

DECEMBER 9, 2021

Google took steps to shut down the Glupteba botnet, at least for now. (The botnet uses the bitcoin blockchain as a backup command-and-control mechanism, making it hard to get rid of it permanently.) So Google is also suing the botnet’s operators. It’s an interesting strategy. Let’s see if it’s successful.

Backups 333

Backups Cybersecurity 333

Tech Republic Security

DECEMBER 8, 2021

The initial apps in Google Play were safe, but the creators found a way around the Play Store's protections to install malware on Android users' devices. Here's how it happened and how to stay safe.

Malware 217

Malware Banking 217

Bleeping Computer

DECEMBER 10, 2021

Wordfence analysts report having detected a massive wave of attacks in the last couple of days, originating from 16,000 IPs and targeting over 1.6 million WordPress sites. [.].

145

145

Schneier on Security

DECEMBER 6, 2021

From Ontario and not surprising : Since September 2021, officers have investigated five incidents where suspects have placed small tracking devices on high-end vehicles so they can later locate and steal them. Brand name “air tags” are placed in out-of-sight areas of the target vehicles when they are parked in public places like malls or parking lots.

326

326

Acunetix

DECEMBER 9, 2021

In the latest release of Acunetix, we added support for the HTTP/2 protocol and introduced several checks specific to the vulnerabilities associated with this protocol. For example, we introduced checks for misrouting, server-side request forgery (SSRF), and web cache poisoning. In this article, we’d like. Read more. The post How Acunetix addresses HTTP/2 vulnerabilities appeared first on Acunetix.

145

145

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Tech Republic Security

DECEMBER 10, 2021

HackerOne reports that hackers are reporting more bugs and earning bigger bounties, but is an increase in testing or an increase in software vulnerabilities the cause of the jump?

Software 209

Software 209

InfoWorld on Security

DECEMBER 10, 2021

Yesterday the Apache Foundation released an emergency update for a critical zero-day vulnerability in Log4j, a ubiquitous logging tool included in almost every Java application. The issue has been named Log4Shell and received the identifier CVE-2021-44228. The problem revolves around a bug in the Log4j library that can allow an attacker to execute arbitrary code on a system that is using Log4j to write out log messages.

145

145

Schneier on Security

DECEMBER 10, 2021

A January 2021 FBI document outlines what types of data and metadata can be lawfully obtained by the FBI from messaging apps. Rolling Stone broke the story and it’s been written about elsewhere. I don’t see a lot of surprises in the document. Lots of apps leak all sorts of metadata: iMessage and WhatsApp seem to be the worst. Signal protects the most metadata.

Backups 309

Backups Encryption 309

Bleeping Computer

DECEMBER 10, 2021

Proof-of-concept exploits for a critical zero-day vulnerability in the ubiquitous Apache Log4j Java-based logging library are currently being shared online, exposing home users and enterprises alike to remote code execution attacks. [.].

145

145

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Tech Republic Security

DECEMBER 9, 2021

Cyberattackers use artificial intelligence, so why not apply it as a defense? One expert explains why AI can take your cybersecurity to the next level of protection.

Artificial Intelligence 211

Artificial Intelligence Cybersecurity 211

Security Boulevard

DECEMBER 10, 2021

Makers of ad-blocker and anti-tracking browser extensions are spitting blood over Google’s Manifest V3—EFF calls it a “conflict of interest.”. The post Google Nukes Ad-Blockers—Manifest V3 is Coming appeared first on Security Boulevard.

Malware 145

Malware Cybersecurity Network Security 145

Security Affairs

DECEMBER 9, 2021

A botnet tracked as Dark Mirai spreads by exploiting a new vulnerability affecting TP-Link TL-WR840N EU V5 home routers. Dark Mirai botnet spreads by exploiting a new vulnerability, tracked as CVE-2021-41653, affecting TP-Link TL-WR840N EU V5 home routers. “The PING function on the TP-Link TL-WR840N EU v5 router with firmware through TL-WR840N(EU)_V5_171211 is vulnerable to remote code execution via a crafted payload in an IP address input field.” reads the description for the CVE-20

Firmware 145

Firmware Architecture Malware Hacking 145

Bleeping Computer

DECEMBER 5, 2021

A persuasive and ongoing series of phishing attacks are using fake Office 365 notifications asking the recipients to review blocked spam messages, with the end goal of stealing their Microsoft credentials. [.].

Phishing 143

Phishing 143

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Tech Republic Security

DECEMBER 10, 2021

Research from Kaspersky finds that a quarter of phishing sites are gone within 13 hours — how in the world can we catch and stop cyber criminals that move so quickly?

Phishing 203

Phishing 203

Security Boulevard

DECEMBER 6, 2021

The NSO Group, known for their suite of exploitation tools, has once again found itself at the center of unwanted attention when Apple revealed that it had warned a number of individuals, including 11 members of the U.S. Embassy Kampala mission that their iPhones had been compromised. The compromise was carried out, according to Apple, The post Apple Warns of Further Compromises by Israel’s NSO Group appeared first on Security Boulevard.

Spyware 144

Spyware Surveillance Security Awareness Mobile 144

Security Affairs

DECEMBER 5, 2021

Researchers discovered a total of 226 potential security vulnerabilities in nine Wi-Fi popular routers from known manufacturers. Security researchers and editors with the German IT magazine CHIP have discovered 226 potential security defects in nine Wi-Fi routers from known manufacturers (Asus, AVM, D-Link, Netgear, Edimax, TP-Link, Synology, and Linksys).

Manufacturing 145

Manufacturing IoT Firmware VPN 145

Veracode Security

DECEMBER 10, 2021

A previously unknown zero-day vulnerability in Log4j 2.x has been reported on December 9, 2021. If your organization deploys or uses Java applications or hardware running Log4j 2.x your organization is likely affected. Technical summary Yesterday a new Log4J zero-day vulnerability was reported on Twitter: [link]. The first PoC (Proof of Concept) of the vulnerability is already available at the time of writing - [link] According to RedHat (source: [link] it’s rated as 9.8 CVSSv3 which is almost

Software 142

Software Risk Internet Internet 142

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

Tech Republic Security

DECEMBER 7, 2021

The new service protects against current and future cyberattacks, according to Quantinuum CEO, and works with existing cybersecurity systems.

Cybersecurity 216

Cybersecurity 216

Security Boulevard

DECEMBER 7, 2021

The post An Open Source Approach for Cybersecurity Information Sharing appeared first on Nozomi Networks. The post An Open Source Approach for Cybersecurity Information Sharing appeared first on Security Boulevard.

Cybersecurity 143

Cybersecurity 143

Security Affairs

DECEMBER 10, 2021

Experts publicly disclose Proof-of-concept exploits for a critical zero-day vulnerability in the Apache Log4j Java-based logging library. Experts publicly disclose Proof-of-concept exploits for a critical remote code execution zero-day vulnerability, tracked a CVE-2021-44228 (aka Log4Shell ), in the Apache Log4j Java-based logging library. Apache Log4j2 jndi RCE #apache #rce [link] pic.twitter.com/CdSlSCytaD — p0rz9 (@P0rZ9) December 9, 2021.

Data breaches 145

Data breaches Marketing Hacking Information Security 145

The Hacker News

DECEMBER 10, 2021

The Apache Software Foundation has released fixes to contain an actively exploited zero-day vulnerability affecting the widely-used Apache Log4j Java-based logging library that could be weaponized to execute malicious code and allow a complete takeover of vulnerable systems.

Internet 141

Internet Internet Risk Software 141

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

Tech Republic Security

DECEMBER 8, 2021

Security pros surveyed by One Identity cited a lack of clarity, other priorities and a lack of resources as bumps on the road to Zero Trust.

Cybersecurity 213

Cybersecurity 213

Security Boulevard

DECEMBER 6, 2021

The history of deep fake technology is surprisingly long. Researchers at academic institutions have been developing deep fake tech since the early 1990s. The idea is even older, as popular science fiction—like the 1987 film The Running Man—can attest. But deep fakes are no longer relegated to the realm of sci-fi; they are, in fact, The post Your CEO Isn’t Real: How to Deal With Deep Fakes appeared first on Security Boulevard.

Technology 142

Technology Social Engineering Engineering Security Awareness 142

Security Affairs

DECEMBER 4, 2021

The FBI has revealed that the Cuba ransomware gang breached the networks of at least 49 US critical infrastructure organizations. A flash alert published by the FBI has reported that the Cuba ransomware gang breached the networks of at least 49 US critical infrastructure organizations. “The FBI has identified, as of early November 2021 that Cuba ransomware actors have compromised at least 49 entities in five critical infrastructure sectors, including but not limited to the financial, gover

Ransomware 145

Ransomware Hacking Malware Encryption 145

CSO Magazine

DECEMBER 10, 2021

Attackers are actively exploiting a critical vulnerability in Apache Log4j, a logging library that's used in potentially millions of Java-based applications, including web-based ones. Organizations should immediately review if their apps, especially the publicly accessible ones, use the library and should implement mitigations as soon as possible. A proof-of-concept exploit for the vulnerability, now tracked as CVE-2021-44228, was published on December 9 while the Apache Log4j developers were st

141

141

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity