Joseph Steinberg

FEBRUARY 2, 2022

As I discussed last month, unless we take actions soon, a tremendous amount of data that is today protected through the use of encryption will become vulnerable to exposure. The reason that such a major threat exists is simple – much of today’s data relies on the security of what are known as asymmetric encryption algorithms, and such algorithms rely for their security on the fact that the mathematics that they use to encrypt cannot easily be reversed in order to decrypt.

Encryption 357

Encryption Artificial Intelligence Risk Engineering 357

Daniel Miessler

FEBRUARY 2, 2022

There’s something strange about how our InfoSec community is reacting to cryptocurrency, NFTs, and Web3. Mostly, it’s horribly negative. And not dispassionate negative either—but a negativity soaked in ridicule and hate. This is very curious coming from a community that includes so many hackers. I think this comes from the dual nature of hackers themselves.

InfoSec 352

InfoSec Internet Internet Cryptocurrency 352

Krebs on Security

FEBRUARY 3, 2022

If you received a link to LinkedIn.com via email, SMS or instant message, would you click it? Spammers, phishers and other ne’er-do-wells are hoping you will, because they’ve long taken advantage of a marketing feature on the business networking site which lets them create a LinkedIn.com link that bounces your browser to other websites, such as phishing pages that mimic top online brands (but chiefly Linkedin’s parent firm Microsoft ).

Phishing 342

Phishing Marketing Scams Accountability 342

Schneier on Security

FEBRUARY 4, 2022

Senators have reintroduced the EARN IT Act, requiring social media companies (among others) to administer a massive surveillance operation on their users: A group of lawmakers led by Sen. Richard Blumenthal (D-CT) and Sen. Lindsey Graham (R-SC) have re-introduced the EARN IT Act , an incredibly unpopular bill from 2020 that was dropped in the face of overwhelming opposition.

Surveillance 321

Surveillance Backups Media Technology 321

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Tech Republic Security

FEBRUARY 3, 2022

APT group Armageddon was identified as acting against Ukraine late last year, and Symantec’s own data backs up that presented by The Security Service of Ukraine. The post Symantec finds evidence of continued Russian hacking campaigns in Ukraine appeared first on TechRepublic.

Hacking 153

Hacking 153

Acunetix

FEBRUARY 2, 2022

Server-side request forgery (SSRF) is the only type of vulnerability that has its own category in the OWASP Top 10 2021 list. Several major cybersecurity breaches in recent years, including Capital One and MS Exchange attacks, involved the use of SSRF as one of the break-in techniques. SSRF. Read more. The post What is server-side request forgery (SSRF)?

Cybersecurity 145

Cybersecurity 145

Schneier on Security

FEBRUARY 3, 2022

MIT Technology Review published an interview with Gil Herrera, the new head of the NSA’s Research Directorate. There’s a lot of talk about quantum computing, monitoring 5G networks, and the problems of big data: The math department, often in conjunction with the computer science department, helps tackle one of NSA’s most interesting problems: big data.

Big data 281

Big data Surveillance Technology Data collection 281

Tech Republic Security

FEBRUARY 4, 2022

The hacker that made off with millions from blockchain bridge service Wormhole exploited an incredibly common coding error that could be lurking in anyone’s software. The post What your organization can learn from the $324 million Wormhole blockchain hack appeared first on TechRepublic.

Hacking 148

Hacking Software 148

Bleeping Computer

JANUARY 30, 2022

A team of researchers from French, Israeli, and Australian universities has explored the possibility of using people's GPUs to create unique fingerprints and use them for persistent web tracking. [.].

145

145

eSecurity Planet

FEBRUARY 4, 2022

Malware is one of the biggest threats businesses face, and with nearly a third of all malware coming through the internet and email, businesses and consumers alike need ways to protect themselves. The best internet security software comes in several different forms, giving businesses all of the protection they need to identify and stop malware before it causes bigger problems.

Internet 144

Internet Internet Software Antivirus 144

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Schneier on Security

FEBRUARY 2, 2022

The Open Source Security Foundation announced $10 million in funding from a pool of tech and financial companies, including $5 million from Microsoft and Google, to find vulnerabilities in open source projects: The “Alpha” side will emphasize vulnerability testing by hand in the most popular open-source projects, developing close working relationships with a handful of the top 200 projects for testing each year. “Omega” will look more at the broader landscape of open sour

261

261

Tech Republic Security

FEBRUARY 3, 2022

Those traveling to China for the 2022 Winter Olympics have been advised to bring burner phones. Here’s how to use travel tips like that one to keep yourself safe anywhere in the world. The post Bring a burner to the Olympics, and other mobile device travel safety tips appeared first on TechRepublic.

Mobile 146

Mobile 146

Bleeping Computer

JANUARY 29, 2022

A security researcher has publicly disclosed an exploit for a Windows local privilege elevation vulnerability that allows anyone to gain admin privileges in Windows 10. [.].

145

145

Security Boulevard

FEBRUARY 4, 2022

The post Drone Technology – a Rising Threat to Cybersecurity appeared first on PeoplActive. The post Drone Technology – a Rising Threat to Cybersecurity appeared first on Security Boulevard.

Technology 143

Technology Cybersecurity 143

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Malwarebytes

FEBRUARY 3, 2022

In April of 2021, Apple introduced AirTags to the world, making the small tracking devices—similar to a Tile— available for purchase at the end of that month. The circular, coin-like product is designed to be attached to or placed in objects that are commonly lost, such as keychains, wallets, purses, backpacks, etc. You can track an AirTag with your iPhone in some powerful ways, enabling you to locate a set of keys that has fallen down between the cushions of a couch, for example.

Technology 141

Technology 141

The State of Security

FEBRUARY 3, 2022

What is this BlackCat thing I’ve heard about? BlackCat (also known as ALPHV) is a relatively new ransomware-as-a-service (RaaS) operation, which has been aggressively recruiting affiliates from other ransomware groups and targeting organisations worldwide. What makes BlackCat different from other ransomware-as-a-service providers? Like other ransomware groups, BlackCat extorts money from targeted organisations by stealing sensitive […]… Read More.

Ransomware 136

Ransomware Malware 136

The Hacker News

JANUARY 31, 2022

DDoS (Distributed Denial of Service) attacks are making headlines almost every day. 2021 saw a 434% upsurge in DDoS attacks, 5.5 times higher than 2020. Q3 2021 saw a 24% increase in the number of DDoS attacks in comparison to Q3 2020. Advanced DDoS attacks that are typically targeted, known as smart attacks, rose by 31% in the same period.

DDOS 136

DDOS 136

Security Boulevard

FEBRUARY 3, 2022

The attacks on critical industrial systems such as Colonial Pipeline last year pushed industrial cybersecurity to center stage. And with the threat of war between Russia and Ukraine, experts warned nations that a global flare-up of cybersecurity attacks on critical infrastructure could be looming. In late January, the U.S. Cybersecurity and Infrastructure Security Agency (CISA).

Cybersecurity 138

Cybersecurity IoT Ransomware 138

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

CyberSecurity Insiders

JANUARY 31, 2022

The Internet of Things (IoT) has been exploding in the last decade, with more and more connected objects or devices. These devices, once connected to the external world or to a private app, can transfer device data and support device owners with new monitoring features. This helps them make decisions that are more informed.? . When it comes to home security, the key advantage of connected devices is that your systems can transfer data in real-time, for you to be able to react quickly, in the ca

IoT 135

IoT Wireless Technology Internet 135

Bleeping Computer

JANUARY 30, 2022

Americans are increasingly targeted by scammers on social media, according to tens of thousands of reports received by the US Federal Trade Commission (FTC) in 2021. [.].

Media 137

Media 137

WIRED Threat Level

FEBRUARY 2, 2022

Disappointed with the lack of US response to the Hermit Kingdom's attacks against US security researchers, one hacker took matters into his own hands.

Internet 145

Internet Internet Hacking 145

Security Boulevard

FEBRUARY 4, 2022

On page 15 of World Pipelines magazine, Steve Hanna, Co-Chair of the industrial Work Group at TCG, describes how to protect the digital future of pipeline operations. The post Taking Industrial Cybersecurity Seriously appeared first on Trusted Computing Group. The post Taking Industrial Cybersecurity Seriously appeared first on Security Boulevard.

Cybersecurity 136

Cybersecurity 136

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

CyberSecurity Insiders

FEBRUARY 1, 2022

This blog was written by an independent guest blogger. Although commercial quantum computing may still be decades away, government agencies and industry experts agree that now is the time to prepare your cybersecurity landscape for the future. The power of quantum computing brings security complexities that we are only beginning to understand. Even now, our cybersecurity climate is getting hotter.

Risk 134

Risk Social Engineering Threat Detection Encryption 134

Graham Cluley

FEBRUARY 3, 2022

Who's that new guy working at your company, and why don't you recognise him from the interview? How are hacktivists raising the heat in Belarus? And should you be fully vaxxed for your online date? All this and much more is discussed in the latest edition of the award-winning "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Maria Varmazis.

Ransomware 133

Ransomware 133

SecureList

FEBRUARY 1, 2022

Telehealth today doesn’t just involve chatting with a doctor via a video-conferencing application. It’s become an entire collection of rapidly developing technologies and products that includes specialized applications, wearable devices, implantable sensors, and cloud databases, many of which have only appeared in the past couple of years.

Phishing 131

Phishing Healthcare IoT Authentication 131

Security Boulevard

FEBRUARY 4, 2022

With a single healthcare system averaging 2.5 million EMR accesses a day, it’s safe to say that access control can be an overwhelming task for an organization to manage. Not to mention compliance regulations and the fact that healthcare data is often targeted by bad actors, both internal and external. Access to this highly sensitive […]. The post How Artificial Intelligence Benefits Access Control Systems appeared first on SecureLink.

Artificial Intelligence 130

Artificial Intelligence Healthcare 130

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

CyberSecurity Insiders

FEBRUARY 2, 2022

The first news that is related to malicious software and is trending heavily on Google is related to SolarMarker malware that can steal credentials and act as a backdoor for other cyber attacks. Security researchers from Sophos have found that the malware tricks the Windows Registry system and dodges the regular defense-line to enter the victim’s computer and then the network.

Malware 131

Malware Cryptocurrency Authentication Healthcare 131

Identity IQ

FEBRUARY 1, 2022

FTC Recognizes Identity Theft Awareness Week. IdentityIQ. The Federal Trade Commission is commemorating Identity Theft Awareness Week with a series of free events focused on raising awareness and educating consumers about the growing risk of identity theft. The online events also offer advice on recovering and repairing your personal information after Identity Theft occurs.

Identity Theft 130

Identity Theft Scams Data breaches Insurance 130

Heimadal Security

FEBRUARY 1, 2022

A critical WordPress plugin RCE (remote code execution) vulnerability has been identified in version 5.0.4 and older of Essential Addons for Elementor, the well-known library. How Does the WordPress Plugin RCE Work? The WordPress plugin RCE works by letting an unauthenticated user initiate an inclusion attack on a local file, like, for instance, a PHP […].

Cybersecurity 127

Cybersecurity 127

Security Boulevard

JANUARY 29, 2022

Our sincere thanks to Security BSides Dublin for publishing their tremendous videos from the Security BSides Dublin 2021 Conference on the organization’s YouTube channel. Additionally, the Security BSides Dublin organization has slated their eponymous Security BSides Dublin 2022 confab at the The Convention Centre Dublin ( CCD ) on 2022/03/19. Just a month and a half away.

Malware 131

Malware Education InfoSec Information Security 131

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity