Schneier on Security
MAY 31, 2022
Interesting paper by Lennart Maschmeyer: “ The Subversive Trilemma: Why Cyber Operations Fall Short of Expectations “: Abstract: Although cyber conflict has existed for thirty years, the strategic utility of cyber operations remains unclear. Many expect cyber operations to provide independent utility in both warfare and low-intensity competition.
Anton on Security
JUNE 3, 2022
One of the well-advertised reasons for being in the office is about those “magical hallway conversations” (Google it). One happened to me a few days ago and led to a somewhat heated debate on the nature of modern threat detection. It also resulted in this half-shallow / half-profound blog that relates detection to cooking and farming! Well, the magical discussion was over lunch, so this is perhaps logical.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Krebs on Security
MAY 31, 2022
Costa Rica’s national health service was hacked sometime earlier this morning by a Russian ransomware group known as Hive. The intrusion comes just weeks after Costa Rican President Rodrigo Chaves declared a state of emergency in response to a data ransom attack from a different Russian ransomware gang — Conti. Ransomware experts say there is good reason to believe the same cybercriminals are behind both attacks, and that Hive has been helping Conti rebrand and evade international sa
The Last Watchdog
MAY 30, 2022
It’s no secret that cybersecurity roles are in high demand. Today there are more than 500,000 open cybersecurity roles in the U.S., leaving organizations vulnerable to cyber threats. Related: Deploying employees as threat sensors. Meanwhile, 200,000 well-trained and technically skilled military service members are discharged each year. These individuals have many transferable skills that would make cybersecurity a prosperous civilian career.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Schneier on Security
JUNE 2, 2022
Researchers have demonstrated controlling touchscreens at a distance, at least in a laboratory setting: The core idea is to take advantage of the electromagnetic signals to execute basic touch events such as taps and swipes into targeted locations of the touchscreen with the goal of taking over remote control and manipulating the underlying device. The attack, which works from a distance of up to 40mm, hinges on the fact that capacitive touchscreens are sensitive to EMI, leveraging it to inject
Lohrman on Security
MAY 29, 2022
In this interview with Washington state Chief Privacy Officer Katy Ruckle, we explore the role of data privacy in providing government services.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
The Last Watchdog
JUNE 3, 2022
The zero trust approach to enterprise security is well on its way to mainstream adoption. This is a very good thing. Related: Covid 19 ruses used in email attacks. At RSA Conference 2022 , which takes place next week in San Francisco, advanced technologies to help companies implement zero trust principals will be in the spotlight. Lots of innovation has come down the pike with respect to imbuing zero trust into two pillars of security operations: connectivity and authentication.
Schneier on Security
JUNE 1, 2022
Researchers have reported a still-unpatched Windows zero-day that is currently being exploited in the wild. Here’s the advisory , which includes a work-around until a patch is available.
Tech Republic Security
JUNE 3, 2022
Learn about and compare the key features of two top password managers, 1Password and Dashlane, to choose the best option for your business. The post 1Password vs Dashlane: Password manager comparison appeared first on TechRepublic.
Security Boulevard
JUNE 3, 2022
Learn about today’s DevOps challenges and what organizations can do to improve security in their processes without compromising speed. The post AppSec Decoded: Security at the speed of DevOps appeared first on Application Security Blog. The post AppSec Decoded: Security at the speed of DevOps appeared first on Security Boulevard.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
The Last Watchdog
JUNE 2, 2022
Third-Party Risk Management ( TPRM ) has been around since the mid-1990s – and has become something of an auditing nightmare. Related: A call to share risk assessments. Big banks and insurance companies instilled the practice of requesting their third-party vendors to fill out increasingly bloated questionnaires, called bespoke assessments, which they then used as their sole basis for assessing third-party risk.
Security Affairs
JUNE 3, 2022
Atlassian warned of an actively exploited critical unpatched remote code execution flaw (CVE-2022-26134) in Confluence Server and Data Center products. Atlassian is warning of a critical unpatched remote code execution vulnerability affecting all Confluence Server and Data Center supported versions, tracked as CVE-2022-26134, that is being actively exploited in attacks in the wild. “Atlassian has been made aware of current active exploitation of a critical severity unauthenticated remote c
Tech Republic Security
JUNE 3, 2022
Digital twins, popular in manufacturing for decades, are gaining traction across verticals. The post Digital twins are moving into the mainstream appeared first on TechRepublic.
Malwarebytes
JUNE 1, 2022
In a short post on LinkedIn Rahul Sasi, founder and CEO of CloudSEK, explains how WhatsApp account takeovers are possible. The methods consists of several steps and it takes some social engineering skills, but it’s good to be aware of the possibility and how it works. It starts with the threat actor reaching out to a victim and convincing them to call a specific number.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
The Last Watchdog
JUNE 3, 2022
It’s not difficult to visualize how companies interconnecting to cloud resources at a breakneck pace contribute to the outward expansion of their networks’ attack surface. Related: Why ‘SBOM’ is gaining traction. If that wasn’t bad enough, the attack surface companies must defend is expanding inwardly, as well – as software tampering at a deep level escalates.
Security Affairs
MAY 30, 2022
A zero-day flaw in Microsoft Office that could be exploited by attackers to achieve arbitrary code execution on Windows systems. The cybersecurity researcher nao_sec discovered a malicious Word document (“05-2022-0438.doc”) that was uploaded to VirusTotal from Belarus. The document uses the remote template feature to fetch an HTML and then uses the “ms-msdt” scheme to execute PowerShell code.
Tech Republic Security
JUNE 3, 2022
Karakurt Team attacks are hitting indiscriminate targets in North America and Europe with data theft, requesting a ransom to delete stolen data. Learn more about their methods and how to protect from it. The post Karakurt Team hits North America and Europe with data theft and extortion appeared first on TechRepublic.
Bleeping Computer
MAY 30, 2022
Security researchers have discovered a new Microsoft Office zero-day vulnerability that is being used in attacks to execute malicious PowerShell commands via Microsoft Diagnostic Tool (MSDT) simply by opening a Word document. [.].
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Graham Cluley
MAY 30, 2022
The world is waiting for a patch from Microsoft, after a zero-day vulnerability in Microsoft Office was found to be being exploited in boobytrapped Word documents to remotely execute code on victims' PCs.
Security Affairs
MAY 30, 2022
The operators of the EnemyBot botnet added exploits for recently disclosed flaws in VMware, F5 BIG-IP, and Android systems. Operators behind the EnemyBot botnet are expanding the list of potential targets adding exploits for recently disclosed critical vulnerabilities in from VMware, F5 BIG-IP, and Android. The botnet was first discovered by Fortinet in March, the DDoS botnet targeted several routers and web servers by exploiting known vulnerabilities.
Tech Republic Security
JUNE 2, 2022
The vulnerability was discovered by Check Point Research. UNISOC processes 11% of the world's smartphones. The post Critical flaw found inside the UNISOC smartphone chip appeared first on TechRepublic.
Bleeping Computer
JUNE 1, 2022
A new Windows Search zero-day vulnerability can be used to automatically open a search window containing remotely-hosted malware executables simply by launching a Word document. [.].
Advertisement
Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.
CSO Magazine
MAY 30, 2022
Linux is a coveted target. It is the host operating system for numerous application backends and servers and powers a wide variety of internet of things (IoT) devices. Still, not enough is done to protect the machines running it. "Linux malware has been massively overlooked," says Giovanni Vigna, senior director of threat intelligence at VMware. "Since most of the cloud hosts run Linux, being able to compromise Linux-based platforms allows the attacker to access an enormous amount of resources o
Security Affairs
MAY 29, 2022
Pro-Russian hacker group KillNet is threatening again Italy, it announced a massive and unprecedented attack on May 30. Pro-Russian hacker group KillNet is threatening again Italy, it announced a massive and unprecedented attack on May 30. Pro-Russian ‘hacktivist’ group Killnet is one of the most active non-state actors operating since the beginning of the Russian invasion of Ukraine.
Tech Republic Security
JUNE 1, 2022
The latest move will enable MFA as the default security setting even for older Azure accounts. The post Microsoft sets multi-factor authentication as default for all Azure AD customers appeared first on TechRepublic.
Bleeping Computer
JUNE 1, 2022
The duration of ransomware attacks in 2021 averaged 92.5 hours, measured from initial network access to payload deployment. In 2020, ransomware actors spent an average of 230 hours to complete their attacks and 1637.6 hours in 2019. [.].
Advertisement
Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!
Security Boulevard
MAY 30, 2022
It’s time for the annual Verizon Data Breach Investigation Report (DBIR), a compendium of cybersecurity and malware trends that offers some of the best analyses in our field. It examines more than 5,000 data breaches collected from 80 partners from around the world. If you'd like to explore the report from previous years, we’ve also written up summaries of the 2021 and 2020 reports.
Security Affairs
JUNE 1, 2022
Researchers uncovered 3.6M accessible MySQL servers worldwide that represent a potential attack surface for their owners. Researchers from Shadow Server scanned the internet for publicly accessible MySQL server instances on port 3306/TCP and uncovered 3.6M installs worldwide responding to their queries. These publicly accessible MySQL server instances represent a potential attack surface for their owners. “These are instances that respond to our MySQL connection request with a Server Greet
Tech Republic Security
JUNE 3, 2022
Compare key features of password managers Keeper and LastPass, including zero trust and user authentication capabilities. The post Keeper vs LastPass: Which password manager is better for your business? appeared first on TechRepublic.
Bleeping Computer
MAY 28, 2022
Hackers are showing an increased interest in the Windows Subsystem for Linux (WSL) as an attack surface as they build new malware, the more advanced samples being suitable for espionage and downloading additional malicious modules. [.].
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Expert insights. Personalized for you.
301 
Let's personalize your content