Schneier on Security

FEBRUARY 23, 2023

The Aspen Institute has published a good analysis of the successes, failures, and absences of cyberattacks as part of the current war in Ukraine: “ The Cyber Defense Assistance Imperative ­ Lessons from Ukraine.” Its conclusion: Cyber defense assistance in Ukraine is working. The Ukrainian government and Ukrainian critical infrastructure organizations have better defended themselves and achieved higher levels of resiliency due to the efforts of CDAC and many others.

Government 334

Government 334

Troy Hunt

FEBRUARY 19, 2023

I found myself going down a previously unexplored rabbit hole recently, or more specifically, what I thought was "a" rabbit hole but in actual fact was an ever-expanding series of them that led me to what I refer to in the title of this post as "6 rabbits deep" It's a tale of firewalls, APIs and sifting through layers and layers of different services to sniff out the root cause of something that seemed very benign, but actually turned out to be highly impactful.

Firewall 333

Firewall Internet Internet Risk 333

Krebs on Security

FEBRUARY 24, 2023

A security firm has discovered that a six-year-old crafty botnet known as Mylobot appears to be powering a residential proxy service called BHProxies , which offers paying customers the ability to route their web traffic anonymously through compromised computers. Here’s a closer look at Mylobot, and a deep dive into who may be responsible for operating the BHProxies service.

Accountability 269

Accountability Advertising Marketing Malware 269

Tech Republic Security

FEBRUARY 21, 2023

A new study from IBM Security suggests cyberattackers are taking side routes that are less visible, and they are getting much faster at infiltrating perimeters. The post IBM: Most ransomware blocked last year, but cyberattacks are moving faster appeared first on TechRepublic.

Ransomware 217

Ransomware Malware Cybersecurity 217

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

Schneier on Security

FEBRUARY 24, 2023

This is really interesting research from a few months ago: Abstract: Given the computational cost and technical expertise required to train machine learning models, users may delegate the task of learning to a service provider. Delegation of learning has clear benefits, and at the same time raises serious concerns of trust. This work studies possible abuses of power by untrusted learners.We show how a malicious learner can plant an undetectable backdoor into a classifier.

353

353

Lohrman on Security

FEBRUARY 19, 2023

Almost every day, online media sources proclaim new layoffs for tech workers. So how are federal, state and local governments trying to attract these talented pros now?

Government 209

Government Media 209

Tech Republic Security

FEBRUARY 23, 2023

There are too few cybersecurity experts to fill jobs, but a new study sees the crunch increasing through 2025 as cybersecurity experts head for the hills. The post Report: Stress will drive a quarter of cyber defenders out the door appeared first on TechRepublic.

Cybersecurity 198

Cybersecurity 198

Schneier on Security

FEBRUARY 22, 2023

Here’s a story about a hacker who reprogrammed a device called “Flipper Zero” to mimic Opticom transmitters—to turn traffic lights in his path green. As mentioned earlier, the Flipper Zero has a built-in sub-GHz radio that lets the device receive data (or transmit it, with the right firmware in approved regions) on the same wireless frequencies as keyfobs and other devices.

Wireless 63

Wireless Firmware Mobile Technology 63

Bleeping Computer

FEBRUARY 24, 2023

Brave Software, the developer of the privacy-focused web browser, has announced some plants for the upcoming version 1.49 that will block everyday browsing annoyances like "open in app" prompts and add better protections against pool-party attacks, [.

Software 144

Software 144

Security Boulevard

FEBRUARY 23, 2023

In this blog, we will discuss what GDPR compliance entails and provide tips on how to create an effective GDPR data protection policy. The post How to Create a GDPR Data Protection Policy appeared first on Scytale. The post How to Create a GDPR Data Protection Policy appeared first on Security Boulevard.

Risk 145

Risk Government 145

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Tech Republic Security

FEBRUARY 24, 2023

A new State of Enterprise DFIR survey covers findings related to automation, hiring, data and regulations and more. The post Digital forensics and incident response: The most common DFIR incidents appeared first on TechRepublic.

Cybersecurity 194

Cybersecurity 194

Schneier on Security

FEBRUARY 21, 2023

The Intercept has a long article on the insecurity of photo cropping: One of the hazards lies in the fact that, for some of the programs, downstream crop reversals are possible for viewers or readers of the document, not just the file’s creators or editors. Official instruction manuals, help pages, and promotional materials may mention that cropping is reversible, but this documentation at times fails to note that these operations are reversible by any viewers of a given image or document.

236

236

Google Security

FEBRUARY 22, 2023

Posted by Sarah Jacobus, Vulnerability Rewards Team It has been another incredible year for the Vulnerability Reward Programs (VRPs) at Google! Working with security researchers throughout 2022, we have been able to identify and fix over 2,900 security issues and continue to make our products more secure for our users around the world. We are thrilled to see significant year over year growth for our VRPs, and have had yet another record breaking year for our programs!

Manufacturing 141

Manufacturing Internet Internet Hacking 141

Security Boulevard

FEBRUARY 24, 2023

Earlier this month, Jen Easterly and Eric Goldstein of the Cybersecurity and Infrastructure Security Agency (CISA) at the Department of Homeland Security signaled a major shift in the federal government’s approach to cybersecurity risk and responsibility. In their Foreign Affairs article Stop Passing the Buck on Cybersecurity, Easterly and Goldstein make a strong case for.

Cybersecurity 144

Cybersecurity Risk CISO Security Awareness 144

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Tech Republic Security

FEBRUARY 21, 2023

Explore search services beyond Google and Bing for a wider range of results, customization and privacy options. The post How to expand your search sources appeared first on TechRepublic.

Engineering 179

Engineering Software 179

Schneier on Security

FEBRUARY 20, 2023

Tile has an interesting security solution to make its tracking tags harder to use for stalking: The Anti-Theft Mode feature will make the devices invisible to Scan and Secure, the company’s in-app feature that lets you know if any nearby Tiles are following you. But to activate the new Anti-Theft Mode, the Tile owner will have to verify their real identity with a government-issued ID, submit a biometric scan that helps root out fake IDs, agree to let Tile share their information with law e

Surveillance 225

Surveillance Government 225

Graham Cluley

FEBRUARY 23, 2023

Malicious hackers are taking advantage of people searching the internet for free access to ChatGPT in order to direct them to malware and phishing sites. Read more in my article on the Hot for Security blog.

Malware 141

Malware Phishing Internet Internet 141

Security Boulevard

FEBRUARY 22, 2023

Sensitive military data found on unprotected Microsoft Azure server. Defense Department email store left insecure for at least 11 days. The post Surprise! US DoD Server Had no Password — 3TB of Sensitive Data Leaked appeared first on Security Boulevard.

Passwords 144

Passwords CISO Security Awareness Government 144

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Tech Republic Security

FEBRUARY 24, 2023

Studies from Bitdefender and Arctic Wolf show that new tactics are using twists on concealment in social media and old vulnerabilities in third-party software. The post DLL sideloading and CVE attacks show diversity of threat landscape appeared first on TechRepublic.

Media 175

Media Software Network Security 175

Bleeping Computer

FEBRUARY 24, 2023

American TV giant and satellite broadcast provider, Dish Network has mysteriously gone offline with its websites and apps ceasing to function over the past 24 hours. [.

140

140

Graham Cluley

FEBRUARY 22, 2023

Russian media has blamed hackers after commercial radio stations in the country broadcast bogus warnings about air raids and missile strikes, telling listeners to head to shelters.

Media 140

Media 140

Security Boulevard

FEBRUARY 20, 2023

GoDaddy’s web hosting service breached yet again. This time, the perps were redirecting legit websites to malware. The post GoDaddy Hosting Hacked — for FOURTH Time in 4 Years appeared first on Security Boulevard.

Hacking 143

Hacking Malware Social Engineering CISO 143

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

CyberSecurity Insiders

FEBRUARY 20, 2023

IBM Chief felt ChatGPT, an OpenAI developed a platform of Microsoft, has the potential to replace white-collar jobs such as insurance consultants, lawyers, accountants, computer programmers and admin roles. Arvind Krishna, the lead of the technology at IBM, predicts that some sort of jobs will replace by AI models and so job steal is predictably possible.

Insurance 137

Insurance Engineering Accountability Technology 137

Bleeping Computer

FEBRUARY 24, 2023

American TV giant and satellite broadcast provider, Dish Network has mysteriously gone offline with its websites and apps ceasing to function over the past 24 hours. [.

139

139

Dark Reading

FEBRUARY 24, 2023

With the right kind of exploit, there's hardly any function, app, or bit of data an attacker couldn't access on your Mac, iPad, or iPhone.

136

136

Trend Micro

FEBRUARY 23, 2023

Trend Micro’s Managed Extended Detection and Response (MxDR) team discovered that a file called x32dbg.exe was used to sideload a malicious DLL we identified as a variant of PlugX.

Malware 136

Malware 136

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

We Live Security

FEBRUARY 23, 2023

The targeted region, and overlap in behavior and code, suggest the tool is used by the infamous North Korea-aligned APT group The post WinorDLL64: A backdoor from the vast Lazarus arsenal?

133

133

Tech Republic Security

FEBRUARY 21, 2023

The Modern Tech Skills Bundle from CyberTraining 365 offers lifetime access to over 2,000 video lectures that introduce students to today’s most compelling technologies. The post Gain an understanding of AI, cybersecurity and more with this $69 resource appeared first on TechRepublic.

Cybersecurity 132

Cybersecurity Technology Artificial Intelligence 132

Graham Cluley

FEBRUARY 20, 2023

Many Twitter users have been presented with a message telling them that SMS-based two-factor authentication (2FA) will be removed next month. According to Twitter, only subscribers to its premium Twitter Blue service will be able to use text message-based 2FA to protect their accounts. Is that such a good idea?

Authentication 132

Authentication Accountability Mobile 132

Dark Reading

FEBRUARY 23, 2023

At the inaugural CloudNativeSecurityCon, DevSecOps practitioners discussed how to shore up the software supply chain.

Software 130

Software 130

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity