Joseph Steinberg

FEBRUARY 2, 2022

As I discussed last month, unless we take actions soon, a tremendous amount of data that is today protected through the use of encryption will become vulnerable to exposure. The reason that such a major threat exists is simple – much of today’s data relies on the security of what are known as asymmetric encryption algorithms, and such algorithms rely for their security on the fact that the mathematics that they use to encrypt cannot easily be reversed in order to decrypt.

Encryption 357

Encryption Artificial Intelligence Risk Engineering 357

Daniel Miessler

FEBRUARY 2, 2022

There’s something strange about how our InfoSec community is reacting to cryptocurrency, NFTs, and Web3. Mostly, it’s horribly negative. And not dispassionate negative either—but a negativity soaked in ridicule and hate. This is very curious coming from a community that includes so many hackers. I think this comes from the dual nature of hackers themselves.

InfoSec 352

InfoSec Internet Internet Cryptocurrency 352

Krebs on Security

FEBRUARY 3, 2022

If you received a link to LinkedIn.com via email, SMS or instant message, would you click it? Spammers, phishers and other ne’er-do-wells are hoping you will, because they’ve long taken advantage of a marketing feature on the business networking site which lets them create a LinkedIn.com link that bounces your browser to other websites, such as phishing pages that mimic top online brands (but chiefly Linkedin’s parent firm Microsoft ).

Phishing 347

Phishing Marketing Scams Accountability 347

Schneier on Security

FEBRUARY 4, 2022

Senators have reintroduced the EARN IT Act, requiring social media companies (among others) to administer a massive surveillance operation on their users: A group of lawmakers led by Sen. Richard Blumenthal (D-CT) and Sen. Lindsey Graham (R-SC) have re-introduced the EARN IT Act , an incredibly unpopular bill from 2020 that was dropped in the face of overwhelming opposition.

Surveillance 330

Surveillance Backups Media Technology 330

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

Troy Hunt

JANUARY 29, 2022

Well, true to my opening dialogue, this was a monotopical weekly update (and yeah, apparently that's a word ). The Azure bill story got a huge amount of traction this week and there are many interesting angles to it that I didn't fully cover in the original blog post. And incidentally, yep, there's a little background hiss on this video.

57

57

The Last Watchdog

FEBRUARY 3, 2022

I currently have over 450 accounts that use passwords combined with a variety of two-factor authentication methods. Related: How the Fido Alliance enables password-less authentication. I don’t know every password; indeed, each password is long, complex and unique. In effect, my passwords are now “keys” — and I must authenticate across many accounts, multiple times per day, on a variety of device platforms.

Authentication 235

Authentication Passwords Accountability Technology 235

Schneier on Security

FEBRUARY 3, 2022

MIT Technology Review published an interview with Gil Herrera, the new head of the NSA’s Research Directorate. There’s a lot of talk about quantum computing, monitoring 5G networks, and the problems of big data: The math department, often in conjunction with the computer science department, helps tackle one of NSA’s most interesting problems: big data.

Big data 288

Big data Surveillance Technology Data collection 288

Lohrman on Security

JANUARY 30, 2022

People changed jobs in record numbers in 2021, and 2022 is projected to bring more of the same. So what’s behind these trends? Let’s explore with the results of a new study from PlanBeyond.

174

174

The Last Watchdog

JANUARY 31, 2022

We all rely on passwords. For better or worse, we will continue to use passwords to access our computing devices and digital services for years to come. Related : The coming of password-less access. Passwords were static to begin with. They have since been modified in two directions: biometrics and dynamic passwords. Here is an overview of the passwords we’re now using – and their respective security limitations: Static passwords.

Passwords 232

Passwords Computers and Electronics Password Management Artificial Intelligence 232

Tech Republic Security

FEBRUARY 3, 2022

APT group Armageddon was identified as acting against Ukraine late last year, and Symantec’s own data backs up that presented by The Security Service of Ukraine. The post Symantec finds evidence of continued Russian hacking campaigns in Ukraine appeared first on TechRepublic.

Hacking 171

Hacking 171

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Schneier on Security

FEBRUARY 2, 2022

The Open Source Security Foundation announced $10 million in funding from a pool of tech and financial companies, including $5 million from Microsoft and Google, to find vulnerabilities in open source projects: The “Alpha” side will emphasize vulnerability testing by hand in the most popular open-source projects, developing close working relationships with a handful of the top 200 projects for testing each year. “Omega” will look more at the broader landscape of open sour

281

281

Malwarebytes

FEBRUARY 3, 2022

In April of 2021, Apple introduced AirTags to the world, making the small tracking devices—similar to a Tile— available for purchase at the end of that month. The circular, coin-like product is designed to be attached to or placed in objects that are commonly lost, such as keychains, wallets, purses, backpacks, etc. You can track an AirTag with your iPhone in some powerful ways, enabling you to locate a set of keys that has fallen down between the cushions of a couch, for example.

Technology 145

Technology 145

WIRED Threat Level

FEBRUARY 2, 2022

Disappointed with the lack of US response to the Hermit Kingdom's attacks against US security researchers, one hacker took matters into his own hands.

Internet 145

Internet Internet Hacking 145

Tech Republic Security

FEBRUARY 3, 2022

Those traveling to China for the 2022 Winter Olympics have been advised to bring burner phones. Here’s how to use travel tips like that one to keep yourself safe anywhere in the world. The post Bring a burner to the Olympics, and other mobile device travel safety tips appeared first on TechRepublic.

Mobile 159

Mobile 159

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Schneier on Security

JANUARY 31, 2022

It’s a privilege escalation vulnerability : Linux users on Tuesday got a major dose of bad news — a 12-year-old vulnerability in a system tool called Polkit gives attackers unfettered root privileges on machines running most major distributions of the open source operating system. Previously called PolicyKit, Polkit manages system-wide privileges in Unix-like OSes.

226

226

Acunetix

FEBRUARY 2, 2022

Server-side request forgery (SSRF) is the only type of vulnerability that has its own category in the OWASP Top 10 2021 list. Several major cybersecurity breaches in recent years, including Capital One and MS Exchange attacks, involved the use of SSRF as one of the break-in techniques. SSRF. Read more. The post What is server-side request forgery (SSRF)?

Cybersecurity 145

Cybersecurity 145

Bleeping Computer

JANUARY 30, 2022

A team of researchers from French, Israeli, and Australian universities has explored the possibility of using people's GPUs to create unique fingerprints and use them for persistent web tracking. [.].

145

145

Tech Republic Security

FEBRUARY 4, 2022

The hacker that made off with millions from blockchain bridge service Wormhole exploited an incredibly common coding error that could be lurking in anyone’s software. The post What your organization can learn from the $324 million Wormhole blockchain hack appeared first on TechRepublic.

Hacking 155

Hacking Software 155

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Schneier on Security

FEBRUARY 1, 2022

There are two bills working their way through Congress that would force companies like Apple to allow competitive app stores. Apple hates this, since it would break its monopoly, and it’s making a variety of security arguments to bolster its argument. I have written a rebuttal: I would like to address some of the unfounded security concerns raised about these bills.

Risk 218

Risk Cybersecurity 218

The Hacker News

JANUARY 31, 2022

DDoS (Distributed Denial of Service) attacks are making headlines almost every day. 2021 saw a 434% upsurge in DDoS attacks, 5.5 times higher than 2020. Q3 2021 saw a 24% increase in the number of DDoS attacks in comparison to Q3 2020. Advanced DDoS attacks that are typically targeted, known as smart attacks, rose by 31% in the same period.

DDOS 145

DDOS 145

Bleeping Computer

JANUARY 29, 2022

A security researcher has publicly disclosed an exploit for a Windows local privilege elevation vulnerability that allows anyone to gain admin privileges in Windows 10. [.].

145

145

Tech Republic Security

FEBRUARY 3, 2022

A report from Claroty finds ransomware attacks against critical infrastructures rampant, and paying ransoms often results in less downtime and lost revenue. Is there a way out? The post Are IT and OT losing the ransomware battle? appeared first on TechRepublic.

Ransomware 151

Ransomware 151

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Security Boulevard

FEBRUARY 4, 2022

The post Drone Technology – a Rising Threat to Cybersecurity appeared first on PeoplActive. The post Drone Technology – a Rising Threat to Cybersecurity appeared first on Security Boulevard.

Technology 143

Technology Cybersecurity 143

SecureList

FEBRUARY 1, 2022

Telehealth today doesn’t just involve chatting with a doctor via a video-conferencing application. It’s become an entire collection of rapidly developing technologies and products that includes specialized applications, wearable devices, implantable sensors, and cloud databases, many of which have only appeared in the past couple of years.

Phishing 142

Phishing Healthcare IoT Authentication 142

eSecurity Planet

FEBRUARY 4, 2022

Malware is one of the biggest threats businesses face, and with nearly a third of all malware coming through the internet and email, businesses and consumers alike need ways to protect themselves. The best internet security software comes in several different forms, giving businesses all of the protection they need to identify and stop malware before it causes bigger problems.

Internet 141

Internet Internet Software Antivirus 141

Bleeping Computer

JANUARY 30, 2022

Americans are increasingly targeted by scammers on social media, according to tens of thousands of reports received by the US Federal Trade Commission (FTC) in 2021. [.].

Media 137

Media 137

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

Security Boulevard

FEBRUARY 3, 2022

The attacks on critical industrial systems such as Colonial Pipeline last year pushed industrial cybersecurity to center stage. And with the threat of war between Russia and Ukraine, experts warned nations that a global flare-up of cybersecurity attacks on critical infrastructure could be looming. In late January, the U.S. Cybersecurity and Infrastructure Security Agency (CISA).

Cybersecurity 138

Cybersecurity IoT Ransomware 138

The State of Security

FEBRUARY 3, 2022

What is this BlackCat thing I’ve heard about? BlackCat (also known as ALPHV) is a relatively new ransomware-as-a-service (RaaS) operation, which has been aggressively recruiting affiliates from other ransomware groups and targeting organisations worldwide. What makes BlackCat different from other ransomware-as-a-service providers? Like other ransomware groups, BlackCat extorts money from targeted organisations by stealing sensitive […]… Read More.

Ransomware 136

Ransomware Malware 136

The Hacker News

FEBRUARY 3, 2022

An accountant and a security expert walk into a bar… SOC2 is no joke. Whether you're a publicly held or private company, you are probably considering going through a Service Organization Controls (SOC) audit. For publicly held companies, these reports are required by the Securities and Exchange Commission (SEC) and executed by a Certified Public Accountant (CPA).

Accountability 135

Accountability 135

CyberSecurity Insiders

JANUARY 31, 2022

The Internet of Things (IoT) has been exploding in the last decade, with more and more connected objects or devices. These devices, once connected to the external world or to a private app, can transfer device data and support device owners with new monitoring features. This helps them make decisions that are more informed.? . When it comes to home security, the key advantage of connected devices is that your systems can transfer data in real-time, for you to be able to react quickly, in the ca

IoT 135

IoT Wireless Technology Internet 135

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity