Sat.Dec 03, 2022 - Fri.Dec 09, 2022

article thumbnail

Get Smarter About Cybersecurity and Sustainability

Jane Frankland

Last month, many of the world’s leaders gathered for COP27 to discuss climate change, lowering energy consumption and greenhouse gas emissions. With reports suggesting the earth has only 27-years left before it runs out of food , and that 1.7 planets are needed for man’s increasing consumption and waste, it got me thinking about cybersecurity and sustainability.

article thumbnail

CAPTCHA

Schneier on Security

This is an actual CAPTCHA I was shown when trying to log into PayPal. As an actual human and not a bot, I had no idea how to answer. Is this a joke? (Seems not.) Is it a Magritte-like existential question? (It’s not a bicycle. It’s a drawing of a bicycle. Actually, it’s a photograph of a drawing of a bicycle. No, it’s really a computer image of a photograph of a drawing of a bicycle.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

New Ransom Payment Schemes Target Executives, Telemedicine

Krebs on Security

Ransomware groups are constantly devising new methods for infecting victims and convincing them to pay up, but a couple of strategies tested recently seem especially devious. The first centers on targeting healthcare organizations that offer consultations over the Internet and sending them booby-trapped medical records for the “patient.” The other involves carefully editing email inboxes of public company executives to make it appear that some were involved in insider trading.

article thumbnail

Weekly Update 324

Troy Hunt

We're in Copenhagen! Scott and family joined us in Oslo for round 2 of wedding celebrations this week before jumping on the ferry to Copenhagen and seeing the sights here. There's lots of cyber things in this week's vid relating to HIBP's birthday, Medibank and financial penalties for breaches, but I'm just going to leave you with one of the most amazing moments of my life captured in pics: 🇳🇴 ❤️ 👰‍♀️ 🤵 p

article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Cybersecurity for Seniors: Easy and Practical Advice – A Free Webinar With Joseph Steinberg, Author of Cybersecurity For Dummies

Joseph Steinberg

Don’t open attachments. Change your password often. Don’t click on any links sent in emails or text messages. We have all received plenty of advice on how to avoid being harmed by cyber-attacks, but staying safe can often be confusing, complicated, or impractical. Joseph Steinberg, author of the best-selling book, “Cybersecurity for Dummies,” is here to cut through the noise and give you practical tips on how to practice smart digital security — without you having to spend a ton of time or any m

article thumbnail

Leaked Signing Keys Are Being Used to Sign Malware

Schneier on Security

A bunch of Android OEM signing keys have been leaked or stolen, and they are actively being used to sign malware. Łukasz Siewierski, a member of Google’s Android Security Team, has a post on the Android Partner Vulnerability Initiative (AVPI) issue tracker detailing leaked platform certificate keys that are actively being used to sign malware.

Malware 345

More Trending

article thumbnail

Recognize the commonalities in ransomware attacks to avoid them

Tech Republic Security

Learn how your organization can use the MITRE ATT&CK framework to prevent data breaches, fines, and the loss of clients and customers induced by ransomware threats. The post Recognize the commonalities in ransomware attacks to avoid them appeared first on TechRepublic.

article thumbnail

CyberWar In Ukraine: A 21st Century Epilogue To The Cold War (InfoGraphic)

Joseph Steinberg

The era of cyberwar has not only arrived, but is advancing rapidly – and the repercussions of the march forward are nothing short of terrifying. The following infographic, reproduced with permission from Nowsourcing, highlights how Ukraine has become the battleground between Russia and the United States, in a 21st Century epilogue to the Cold War: This infographic originally appeared here , and is reproduced with permission.

article thumbnail

Security Vulnerabilities in Eufy Cameras

Schneier on Security

Eufy cameras claim to be local only, but upload data to the cloud. The company is basically lying to reporters, despite being shown evidence to the contrary. The company’s behavior is so egregious that ReviewGeek is no longer recommending them. This will be interesting to watch. If Eufy can ignore security researchers and the press without there being any repercussions in the market, others will follow suit.

Marketing 305
article thumbnail

GUEST ESSAY: Here’s how and why ‘trust’ presents an existential threat to cybersecurity

The Last Watchdog

Over the years, bad actors have started getting more creative with their methods of attack – from pretending to be a family member or co-worker to offering fortunes and free cruises. Related: Deploying employees as human sensors. Recent research from our team revealed that while consumers are being exposed to these kinds of attacks (31 percent of respondents reported they received these types of messages multiple times a day), they continue to disregard cyber safety guidelines.

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Apple unveils new iMessage, Apple ID and iCloud security for high-value targets

Tech Republic Security

Tech firm aims to strengthen security for users and meet modern cyber threat challenges with new cybersecurity technology and end-to-end cloud encryption. The post Apple unveils new iMessage, Apple ID and iCloud security for high-value targets appeared first on TechRepublic.

article thumbnail

Winning Teams Part 1: Learning from Basketball and Cybersecurity

Lohrman on Security

Tech leaders keep talking about building cyber talent, so what can we learn from looking back at talented teams from the past in cybersecurity and basketball.

article thumbnail

CryWiper Data Wiper Targeting Russian Sites

Schneier on Security

Kaspersky is reporting on a data wiper masquerading as ransomware that is targeting local Russian government networks. The Trojan corrupts any data that’s not vital for the functioning of the operating system. It doesn’t affect files with extensions.exe,dll,lnk,sys or.msi, and ignores several system folders in the C:Windows directory. The malware focuses on databases, archives, and user documents.

article thumbnail

GUEST ESSAY: ‘Continuous authentication’ is driving passwordless sessions into the mainstream

The Last Watchdog

Much more effective authentication is needed to help protect our digital environment – and make user sessions smoother and much more secure. Related: Why FIDO champions passwordless systems. Consider that some 80 percent of hacking-related breaches occur because of weak or reused passwords, and that over 90 percent of consumers continue to re-use their intrinsically weak passwords.

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

McAfee 2023 Threat Predictions

Tech Republic Security

2022 is almost over, and the threats seen during the year have built the foundations for 2023's threat landscape, according to McAfee. Cyber criminals will benefit from new technologies such as AI or Web3. The post McAfee 2023 Threat Predictions appeared first on TechRepublic.

article thumbnail

Security Through Complexity

Javvad Malik

I saw this picture somewhere on social media of these many locks securing the bolt. However, upon closer inspection, you can see that by simply removing any one of the locks, you unlock the whole thing. I hope you’ll allow me the opportunity of dragging this out into a cybersecurity analogy. But, sometimes the sheer number of products and hoops we deploy end up looking a bit like this picture.

Media 147
article thumbnail

Hacking Trespass Law

Schneier on Security

This article talks about public land in the US that is completely surrounded by private land, which in some cases makes it inaccessible to the public. But there’s a hack: Some hunters have long believed, however, that the publicly owned parcels on Elk Mountain can be legally reached using a practice called corner-crossing. Corner-crossing can be visualized in terms of a checkerboard.

Hacking 273
article thumbnail

Antivirus and EDR solutions tricked into acting as data wipers

Bleeping Computer

A security researcher has found a way to exploit the data deletion capabilities of widely used endpoint detection and response (EDR) and antivirus (AV) software from Microsoft, SentinelOne, TrendMicro, Avast, and AVG to turn them into data wipers. [.].

Antivirus 143
article thumbnail

The Importance of User Roles and Permissions in Cybersecurity Software

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

article thumbnail

Healthcare systems face a “royal” cybersecurity threat from new hacker group

Tech Republic Security

A new alert from the HHS warns of the Royal ransomware threat actor’s aim on the healthcare sector. The post Healthcare systems face a “royal” cybersecurity threat from new hacker group appeared first on TechRepublic.

article thumbnail

How to train your Ghidra

SecureList

Getting started with Ghidra. For about two decades, being a reverse engineer meant that you had to master the ultimate disassembly tool, IDA Pro. Over the years, many other tools were created to complement or directly replace it, but only a few succeeded. Then came the era of decompilation, adding even more to the cost and raising the barrier to entry into the RE field.

article thumbnail

The Decoupling Principle

Schneier on Security

This is a really interesting paper that discusses what the authors call the Decoupling Principle: The idea is simple, yet previously not clearly articulated: to ensure privacy, information should be divided architecturally and institutionally such that each entity has only the information they need to perform their relevant function. Architectural decoupling entails splitting functionality for different fundamental actions in a system, such as decoupling authentication (proving who is allowed to

article thumbnail

Kali Linux 2022.4 adds 6 new tools, Azure images, and desktop updates

Bleeping Computer

Offensive Security has released ​Kali Linux 2022.4, the fourth and final version of 2022, with new Azure and QEMU images, six new tools, and improved desktop experiences. [.].

144
144
article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

Experts devised a technique to bypass web application firewalls (WAF) of several vendors

Security Affairs

Claroty researchers devised a technique for bypassing the web application firewalls (WAF) of several vendors. Researchers at industrial and IoT cybersecurity firm Claroty devised an attack technique for bypassing the web application firewalls (WAF) of several industry-leading vendors. The technique was discovered while conducting unrelated research on Cambium Networks’ wireless device management platform.

Firewall 142
article thumbnail

Fantasy – a new Agrius wiper deployed through a supply?chain attack

We Live Security

ESET researchers analyzed a supply-chain attack abusing an Israeli software developer to deploy Fantasy, Agrius’s new wiper, with victims including the diamond industry. The post Fantasy – a new Agrius wiper deployed through a supply‑chain attack appeared first on WeLiveSecurity.

Software 142
article thumbnail

Rackspace Cloud Office suffers security breach

DoublePulsar

Thousands of small to medium size businesses are suffering as Rackspace have suffered a security incident on their Hosted Exchange service. Continue reading on DoublePulsar ».

article thumbnail

Preparing for 2023 and what lies in store for Endpoint Security

Cisco Security

A new year is almost upon us and as we look back on our accomplishments in 2022, we also look forward to helping our customers become more security resilient and be better prepared for 2023. As part of this forward-looking process, and with the help of Gartner Peer Insights, we surveyed 100 Security and IT professionals to understand their level of security maturity and obtain their perspective on the future.

141
141
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

Russia’s second-largest bank VTB Bank under DDoS attack

Security Affairs

Russia’s second-largest bank VTB Bank reveals it is facing the largest DDoS (distributed denial of service) attack in its history. State-owned VTB Bank, the second-largest financial institution in Russia, says it is facing the largest DDoS (distributed denial of service) attack in its history. The pro-Ukraine collective IT Army of Ukraine has claimed responsibility for the DDoS attacks against the bank.

Banking 141
article thumbnail

TikTok Ban: Texas is Fourth State to Join; Indiana Sues

Security Boulevard

Four U.S. states have now banned TikTok on government workers’ devices. Plus, Indiana has sued the app’s owner. The post TikTok Ban: Texas is Fourth State to Join; Indiana Sues appeared first on Security Boulevard.

article thumbnail

6 Ways to Create an Incident Response Plan That’s Actually Effective

CyberSecurity Insiders

By Mike Wilkinson. Mike Tyson famously said, “Everyone has a plan until they get punched in the mouth.” That applies to the world of boxing—and to the world of cyberattacks. Many companies have an Incident Response (IR) plan in place. But those plans don’t always hold up when an actual cyberattack occurs. At Avertium , we carry out hundreds of IR engagements a year, so I’m highly familiar with what makes IR plans useful—and what doesn’t.

Insurance 139
article thumbnail

Explorations in the spam folder–Holiday Edition

Cisco Security

Watch ThreatWise TV: Explorations in the spam folder. The spam folder: that dark and disregarded corner of every email account, full of too-good-to-be-true offers, unexpected shipments, and supposedly free giveaways. You’re right to ignore this folder; few good things come from exploring it. But every once in a while one of these misleading, and sometimes malicious, emails manages to evade the filters that normally siphon them off, landing them in your inbox instead.

Scams 140
article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!