Troy Hunt

FEBRUARY 16, 2022

I have a vehement dislike for misleading advertising. We see it every day; weight loss pills, make money fast schemes and if you travel in the same circles I do, claims that extended validation (EV) certificates actually do something useful: Why are you still claiming this @digicert ? This is extremely misleading, anyone feel like reporting this to the relevant advertising standards authority in their jurisdiction?

Banking 330

Banking Mobile Phishing Advertising 330

Schneier on Security

FEBRUARY 17, 2022

A reporter interviews a Uyghur human-rights advocate, and uses the Otter.ai transcription app. The next day, I received an odd note from Otter.ai, the automated transcription app that I had used to record the interview. It read: “Hey Phelim, to help us improve your Otter’s experience, what was the purpose of this particular recording with titled ‘Mustafa Aksu’ created at ‘2021-11-08 11:02:41’?”.

Surveillance 306

Surveillance Government 306

Krebs on Security

FEBRUARY 16, 2022

A network intrusion at the International Committee for the Red Cross (ICRC) in January led to the theft of personal information on more than 500,000 people receiving assistance from the group. KrebsOnSecurity has learned that the email address used by a cybercriminal actor who offered to sell the stolen ICRC data also was used to register multiple domain names the FBI says are tied to a sprawling media influence operation originating from Iran.

Hacking 264

Hacking Ransomware Media Accountability 264

Lohrman on Security

FEBRUARY 13, 2022

Some global experts are predicting a significant cyber attack against U.S. and UK critical infrastructure if Russia invades Ukraine. Whether it happens or not, is your organization prepared for this scenario?

Cyber Attacks 244

Cyber Attacks 244

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Troy Hunt

FEBRUARY 16, 2022

Continuing the march forward to provide governments with better access to their departments' data exposed in breaches , I'm very pleased to welcome the 28th national government onto Have I Been Pwned - New Zealand! They'll join the other govs around the world that have complete free access to breach information impacting their gov domains and TLDs.

Government 304

Government 304

Schneier on Security

FEBRUARY 15, 2022

Two US Senators claim that the CIA has been running an unregulated — and almost certainly illegal — mass surveillance program on Americans. The senator’s statement. Some declassified information from the CIA. No real details yet.

Data collection 299

Data collection Surveillance 299

Security Boulevard

FEBRUARY 15, 2022

Aeris today updated a cloud service that leverages machine learning and other forms of artificial intelligence to secure internet of things (IoT) platforms connected via cellular networks. Hari Nair, senior director of product management at Aeris, said the latest edition of the Intelligent IoT Network also adds an Intelligent Security Center to provide visibility and.

IoT 145

IoT Artificial Intelligence Internet Internet 145

Security Affairs

FEBRUARY 17, 2022

Attackers compromise Microsoft Teams accounts to attach malicious executables to chat and spread them to participants in the conversation. While the popularity of Microsoft Teams continues to grow, with roughly 270 million monthly active users , threat actors started using it as an attack vector. Starting in January 2022, security researchers from Avanan observed attackers compromising Microsoft Teams accounts attach malicious executables to chat and infect participants in the conversation.

Malware 145

Malware Phishing Accountability Data breaches 145

Schneier on Security

FEBRUARY 16, 2022

Google’s Project Zero is reporting that software vendors are patching their code faster. tl;dr. In 2021, vendors took an average of 52 days to fix security vulnerabilities reported from Project Zero. This is a significant acceleration from an average of about 80 days 3 years ago. In addition to the average now being well below the 90-day deadline, we have also seen a dropoff in vendors missing the deadline (or the additional 14-day grace period).

Software 259

Software 259

Tech Republic Security

FEBRUARY 18, 2022

Get to know the ins and outs of cyber threat intelligence and how your company's security can be can be strengthened by putting threat intelligence into place. The post Cyber threat intelligence is a great way for a company to improve its security appeared first on TechRepublic.

Cyber threats 194

Cyber threats 194

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Security Boulevard

FEBRUARY 18, 2022

A lot of talk these days centers around companies leaving money on the table by not maximizing cost savings, but more egregious in today’s risk-filled environment is leaving security on the table. That’s just what organizations are doing by not properly offboarding former employees; giving them plenty of opportunities to breach defenses and conduct malicious.

Risk 144

Risk Security Awareness Cybersecurity Network Security 144

Digital Shadows

FEBRUARY 16, 2022

To say that 2021 was a turbulent year for security teams would be a massive understatement. Last year, we observed. The post Initial Access Brokers in 2021: An Ever Expanding Threat first appeared on Digital Shadows.

Cybercrime 144

Cybercrime 144

CyberSecurity Insiders

FEBRUARY 16, 2022

By Matt Tesauro, Noname Security. As the number and complexity of APIs continue to grow, companies face increasing challenges when securing their APIs. The dilemmas facing companies I’ve worked at include: Not enough security team members know how to test APIs. APIs are growing faster than the security team can keep up. Existing security tools do not understand APIs or lack adequate coverage.

Risk 143

Risk Hacking Cybersecurity 143

Tech Republic Security

FEBRUARY 17, 2022

The only category to decrease was malware attacks, but SonicWall said in its report that even that number was deceptive. . The post Report: Pretty much every type of cyberattack increased in 2021 appeared first on TechRepublic.

Malware 173

Malware 173

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Graham Cluley

FEBRUARY 17, 2022

The Federal Bureau of Investigation (FBI), Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA), and National Security Agency (NSA) have joined forces to publish a joint warning that Russian hackers have targeted defence contractors to steal sensitive data. Read more in my article on the Tripwire State of Security blog.

Government 139

Government Cybersecurity Data breaches Malware 139

CSO Magazine

FEBRUARY 17, 2022

When the insider is the President of the United States, the mishandling and removal of information take on a different demeanor given the national security implications. The U.S. media has widely reported how the National Archives and Records Administration bird-dogged the return of missing presidential records, most recently 15 boxes of presidential papers that should have been directed to the National Archives when President Trump’s term ended on January 20, 2021.

Media 137

Media 137

CyberSecurity Insiders

FEBRUARY 16, 2022

Russia announced on Tuesday that it is going to withdraw troops from the borders of Ukraine hinting that it is planning negotiations, as war can lead to economic and human loss on both sides. However, just within hours of its announcement, the Putin led nation seems to have launched a hybrid war in the form of cyber attacks on Ukraine as most of the websites, including banks and defense ministry, were down because of a sophisticated digital attack.

Banking 140

Banking Cyber Attacks DDOS Media 140

Tech Republic Security

FEBRUARY 16, 2022

Data privacy software can help protect your employees, customers and organization by ensuring data is protected and handled appropriately and securely. Learn how to choose the right options. The post How to choose the right data privacy software for your business appeared first on TechRepublic.

Data privacy 169

Data privacy Software 169

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Veracode Security

FEBRUARY 17, 2022

What is SQL injection? A SQL injection flaw allows for an attacker to modify or inject SQL syntax into the request to make the application behave in a manner that was not initially intended. In other words, an attacker can change a database query to: Read sensitive data Modify the database Execute other database functions Break authentication Lead to remote code execution Now with almost all web applications having integrations with databases in some way, this flaw has the potential to arise oft

Authentication 136

Authentication Information Security 136

Security Boulevard

FEBRUARY 17, 2022

On this episode of The View With Vizard, Mike Vizard talks with CyberGRX CISO Dave Stapleton about the Cybersecurity Literacy Act, its promise and whether or not it will actually make a difference. The video is below followed by a transcript of the conversation. Michael Vizard: Hey, guys. Thanks for the throw. We’re here with. The post Will the Cybersecurity Literacy Act Make a Difference?

Cybersecurity 133

Cybersecurity CISO Security Awareness Education 133

Identity IQ

FEBRUARY 16, 2022

SIM Swapping Attacks on the Rise- Here’s How to Keep Safe. IdentityIQ. SIM swapping , also called SIM splitting or hijacking, is a technique employed by online fraudsters to gain access to, seize and control a victim’s phone number and SIM information. They gain access to the victim’s identity and information through their phone company and use the information to conduct theft and other fraudulent activities online.

Identity Theft 133

Identity Theft Authentication Accountability Banking 133

Tech Republic Security

FEBRUARY 18, 2022

Learn how to securely store notes along with your account credentials with iCloud Keychain and sync them to all of your Apple devices. The post How to add notes to iCloud passwords in macOS 12.3 and iOS 15.4 appeared first on TechRepublic.

Passwords 157

Passwords Accountability 157

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

Graham Cluley

FEBRUARY 16, 2022

Bravo to Microsoft, because it sounds like they’re doing something to improve the security of Office users. Way back in 1995, Microsoft accidentally shipped a virus on CD ROM. At first Microsoft refused to call it a virus, preferring to call it a “Prank macro,” but WM/Concept as it became known was the first widespread … Continue reading "25 years on, Microsoft makes another stab at stopping macro malware".

Malware 132

Malware 132

Security Boulevard

FEBRUARY 18, 2022

Today’s decentralized, global workplace has broadened IT’s role within the enterprise. The role of the IT admin now includes direct responsibility for bolstering a company’s security posture. IT admins have become a core part of the security organization, with 34% of Fortune 500 companies rolling the IT department into the CISO’s purview in 2021. In startups.

CISO 132

CISO Security Awareness Cybersecurity 132

Security Affairs

FEBRUARY 18, 2022

Iran-linked TunnelVision APT group is actively exploiting the Log4j vulnerability to deploy ransomware on unpatched VMware Horizon servers. Researchers from SentinelOne have observed the potentially destructive Iran-linked APT group TunnelVision is actively exploiting the Log4j vulnerability to deploy ransomware on unpatched VMware Horizon servers. TunnelVision’s TTPs overlap with the ones associated with Iran-linked nation-state actors Phosphorus , Charming Kitten and Nemesis Kitten.

Ransomware 134

Ransomware Hacking Accountability Information Security 134

Tech Republic Security

FEBRUARY 18, 2022

If you'd like a little more privacy when surfing the web, Firefox offers a few different options to defend yourself against trackers. The post How to protect yourself against website trackers in Firefox appeared first on TechRepublic.

Software 151

Software 151

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

Graham Cluley

FEBRUARY 16, 2022

If you don't understand what they are, don't feel too bad about it. The truth is that many people don't understand what NFTs are. It's not that people are dumb, but rather that they're too intelligent. Because NFTs simply don't make any sense to anyone with more than a peanut for a brain.

Cryptocurrency 129

Cryptocurrency 129

Security Boulevard

FEBRUARY 17, 2022

Alan Shimel and Mike Rothman from Securosis and DisruptOps talk Colonial Pipeline, JBS and all things ransomware. The video is below followed by a transcript of the conversation. Alan Shimel: Hey, everyone. Thanks for joining us on another segment for TechStrong TV. My guest in this segment is the one, the only Mike Rothman. I. The post The New Realities of Ransomware appeared first on Security Boulevard.

Ransomware 130

Ransomware CISO Malware Cybersecurity 130

eSecurity Planet

FEBRUARY 15, 2022

Ransomware attacks on critical infrastructure and a surge in exploited vulnerabilities are getting the attention of U.S. cybersecurity agencies, which highlighted the threats in a pair of warnings issued in recent days. The FBI and U.S. Secret Service issued a detailed advisory on the BlackByte Ransomware as a Service (RaaS) group, which has attacked critical infrastructure industries in recent months, among them government, financial and food and agriculture targets.

Ransomware 128

Ransomware Encryption Backups Accountability 128

Tech Republic Security

FEBRUARY 17, 2022

It was a banner year for online fraudsters. Almost every industry saw an attack spike, with online fraud jumping 85% year over year in 2021, says Arkose Labs. The post Metaverse companies faced 60% more attacks last year, and 5 other online fraud statistics appeared first on TechRepublic.

149

149

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity