Sat.Nov 19, 2022 - Fri.Nov 25, 2022

article thumbnail

Holiday Shopping Online: Safety on Black Friday, Cyber Monday

Lohrman on Security

What are the latest online security tips as we head into another holiday season? What’s the best cyber advice, and what shopping trends should you watch out for?

241
241
article thumbnail

Apple’s Device Analytics Can Identify iCloud Users

Schneier on Security

Researchers claim that supposedly anonymous device analytics information can identify users: On Twitter , security researchers Tommy Mysk and Talal Haj Bakry have found that Apple’s device analytics data includes an iCloud account and can be linked directly to a specific user, including their name, date of birth, email, and associated information stored on iCloud.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Get Pwned, for 30% Less!

Troy Hunt

We've had great feedback from people who have gotten Pwned. Loads of people had told us how much they've enjoyed it and would like to get their friends Pwned too. Personally, I think everyone should get Pwned! Which is why we're making it possible for 30% less 😊 Ok, being more serious for a moment, I'm talking about Pwned the book which we launched a couple of months ago and it's chock full of over 800 pages worth of epic blog posts and more importantly, the stor

222
222
article thumbnail

FIRESIDE CHAT: Anchoring security on granular visibility, proactive management of all endpoints

The Last Watchdog

Endpoints are where all are the connectivity action is. Related: Ransomware bombardments. And securing endpoints has once more become mission critical. This was the focal point of presentations at Tanium’s Converge 2022 conference which I had the privilege to attend last week at the Fairmont Austin in the Texas capital. I had the chance to visit with Peter Constantine, Tanium’s Senior Vice President Product Management.

Internet 203
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Top 6 security risks associated with industrial IoT

Tech Republic Security

Industrial IoT is gaining adoption, but this comes with some security risks. Check out the dangers and how you can avoid them. The post Top 6 security risks associated with industrial IoT appeared first on TechRepublic.

IoT 198
article thumbnail

Breaking the Zeppelin Ransomware Encryption Scheme

Schneier on Security

Brian Krebs writes about how the Zeppelin ransomware encryption scheme was broken: The researchers said their break came when they understood that while Zeppelin used three different types of encryption keys to encrypt files, they could undo the whole scheme by factoring or computing just one of them: An ephemeral RSA-512 public key that is randomly generated on each machine it infects. “If we can recover the RSA-512 Public Key from the registry, we can crack it and get the 256-bit AES Key

More Trending

article thumbnail

Microsoft Warns of Surge in Token Theft, Bypassing MFA

eSecurity Planet

The Microsoft Detection and Response Team (DART) recently warned that attackers are increasingly using token theft to circumvent multi-factor authentication (MFA). “By compromising and replaying a token issued to an identity that has already completed multifactor authentication, the threat actor satisfies the validation of MFA and access is granted to organizational resources accordingly,” the team wrote in a blog post.

article thumbnail

14 PCI Compliance security best practices for your business

Tech Republic Security

Looking for more information on PCI Compliance security? Read 14 security best practices for PCI (Payment Card Industry) Compliance with our guide. The post 14 PCI Compliance security best practices for your business appeared first on TechRepublic.

188
188
article thumbnail

The US Has a Shortage of Bomb-Sniffing Dogs

Schneier on Security

Nothing beats a dog’s nose for detecting explosives. Unfortunately, there aren’t enough dogs : Last month, the US Government Accountability Office (GAO) released a nearly 100-page report about working dogs and the need for federal agencies to better safeguard their health and wellness. The GOA says that as of February the US federal government had approximately 5,100 working dogs, including detection dogs, across three federal agencies.

article thumbnail

Black Friday and Cyber Monday, crooks are already at work

Security Affairs

Every year during Black Friday and Cyber Monday, crooks take advantage of the bad habits of users with fraudulent schema. Researchers at Bitdefender Antispam Lab have analyzed during the last weeks the fraudulent activities associated with Black Friday and Cyber Monday. The experts noticed that between October 26 and November 6, the rate of unsolicited Black Friday emails peaked on Nov 9, when reached 26% of all Black Friday-related messages.

Scams 145
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Ransomware threats grow as new vulnerabilities and threat actors are identified

CyberSecurity Insiders

Researchers at Cyber Security Works, Ivanti, and Cyware identify new vulnerabilities, blindspots in popular network scanners, and emerging Advanced Persistent Threat (APT) groups in a joint ransomware report. By Aaron Sandeen, CEO and co-founder of Cyber Security Works. Since our last ransomware report earlier this year, both the severity and complexity of attacker tactics continue to grow as we head into the final quarter of 2022.

article thumbnail

DDoS protection from OVHcloud

Tech Republic Security

Distributed denial-of-service protection from OVHcloud takes the complexity out of avoiding denial of service attacks for your business. The post DDoS protection from OVHcloud appeared first on TechRepublic.

DDOS 148
article thumbnail

Know thy enemy: thinking like a hacker can boost cybersecurity strategy

CSO Magazine

As group leader for Cyber Adversary Engagement at MITRE Corp., Maretta Morovitz sees value in getting to know the enemy – she can use knowledge about cyber adversaries to distract, trick, and deflect them and develop strategies to help keep threat actors from getting whatever they’re after. That could mean placing decoys and lures that exploit their expectations for what an attacker will find when they first hack into an environment, she says.

article thumbnail

New improved versions of LodaRAT spotted in the wild

Security Affairs

Cisco Talos spotted multiple updated versions of LodaRAT that were deployed alongside other malware families, including RedLine and Neshta. Researchers from Cisco Talos have monitored the LodaRAT malware over the course of 2022 and recently discovered multiple updated versions that have been deployed alongside other malware families, including RedLine and Neshta.

Malware 145
article thumbnail

The Importance of User Roles and Permissions in Cybersecurity Software

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

article thumbnail

‘This is Appalling’ — Tax-Prep Sites Leak PII to Facebook

Security Boulevard

Some incredibly personal details are being sent to Facebook, without your consent, using the “Meta Pixel.”. The post ‘This is Appalling’ — Tax-Prep Sites Leak PII to Facebook appeared first on Security Boulevard.

CISO 138
article thumbnail

9 VOIP security best practices to consider for your business

Tech Republic Security

Is VOIP secure? Can VOIP be hacked? Learn about why VOIP security is important and the best practices for your business to consider with our guide. The post 9 VOIP security best practices to consider for your business appeared first on TechRepublic.

Hacking 147
article thumbnail

Ouch! Ransomware gang says it won’t attack AirAsia again due to the “chaotic organisation” and sloppy security of hacked company’s network

Graham Cluley

The Daixin ransomware gang has given a humiliating slap in the face to Air Asia, which lost the personal data of five million passengers and all of its employees earlier this month.

article thumbnail

Experts claim that iPhone’s analytics data is not anonymous

Security Affairs

Researchers discovered that analytics data associated with iPhone include Directory Services Identifier (DSID) that could allow identifying users. Researchers at software company Mysk discovered that analytics data collected by iPhone include the Directory Services Identifier (DSID), which could allow identifying users. Apple collects both DSID and Apple ID, which means that it can use the former to identify the user and retrieve associated personal information, including full name, phone number

article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

Bahamut cybermercenary group targets Android users with fake VPN apps

We Live Security

Malicious apps used in this active campaign exfiltrate contacts, SMS messages, recorded phone calls, and even chat messages from apps such as Signal, Viber, and Telegram. The post Bahamut cybermercenary group targets Android users with fake VPN apps appeared first on WeLiveSecurity.

VPN 137
article thumbnail

14 PCI compliance security best practices for your business

Tech Republic Security

Looking for more information on PCI Compliance security? Read 14 security best practices for PCI (Payment Card Industry) Compliance with our guide. The post 14 PCI compliance security best practices for your business appeared first on TechRepublic.

129
129
article thumbnail

How Phishing Attacks Ruin Microsoft 365 and Google Workspace

Security Boulevard

Cyberthreats adversely impact your SaaS applications and data. Here’s a look at how phishing affects your Microsoft 365 and Google Workspace environment. The post How Phishing Attacks Ruin Microsoft 365 and Google Workspace appeared first on Security Boulevard.

Phishing 137
article thumbnail

DEV-0569 group uses Google Ads to distribute Royal Ransomware

Security Affairs

Microsoft warns that a threat actor, tracked as DEV-0569, is using Google Ads to distribute the recently discovered Royal ransomware. Researchers from the Microsoft Security Threat Intelligence team warned that a threat actor, tracked as DEV-0569, is using Google Ads to distribute various payloads, including the recently discovered Royal ransomware.

article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

What’s NEXT with Michael Ebel at Atmosfy

Cisco Security

Throughout my career, I have noticed the way we “futurize” technology. Often, we are thinking of technology in five-to-ten-year increments. But the fact of the matter is – technology is moving faster than we can keep up. The minute we think we understand it, it’s already onto something new. That’s why here at Cisco, we’re focused on what’s NEXT. We all know technology will continue to grow at a rapid pace, our goal is to remain at the forefront of these changes.

article thumbnail

Are Retailers Shopping for a Cybersecurity Breach?

Thales Cloud Protection & Licensing

Are Retailers Shopping for a Cybersecurity Breach? divya. Wed, 11/23/2022 - 07:07. Have you ever walked into your favorite store or restaurant, and when you tried to finalize your purchase, you were told that they could not process any credit cards? Have you ever thought that this might be the result of a successful breach and not because of a point-of sale (POS) malfunctioning?

Retail 127
article thumbnail

Details of Google going against Glupteba Botnet Operators

CyberSecurity Insiders

In December 2021, Google’s Threat Analysis Group (TAG) discovered the intense activities being conducted by Glupteba Botnet on the internet and filed a lawsuit in a district court of New York. A report was submitted, and it was clearly mentioned in it that two Russian nations were operating this botnet group that works differently from the other conventional groups of botnets.

IoT 128
article thumbnail

Expert published PoC exploit code for macOS sandbox escape flaw

Security Affairs

A researcher published details and proof-of-concept (PoC) code for High-Severity macOS Sandbox escape vulnerability tracked as CVE-2022-26696. Researcher Wojciech Regu?a (@_r3ggi) of SecuRing published technical details and proof-of-concept (PoC) code for a macOS sandbox escape vulnerability tracked as CVE-2022-26696 (CVSS score of 7.8). In a wrap-up published by Regula, the researcher observed that the problem is caused by a strange behavior he observed in a sandboxed macOS app that may launc

Hacking 139
article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

article thumbnail

Identity-Based Attacks Increase, MFA-Thwarting Tactics Rise 

Security Boulevard

Multifactor authentication (MFA) push notification fatigue attacks are increasing and are proving more effective, according to Expel’s quarterly threat report, based on data from the company’s customer base. The report also indicated that automated orchestration is proving to be a big advantage, with the median time to perform a remediation action automated via orchestration dropping.

article thumbnail

DUCKTAIL malware campaign targeting Facebook business and ads accounts is back

CSO Magazine

A group of attackers, likely based in Vietnam, that specializes in targeting employees with potential access to Facebook business and ads management accounts, has re-emerged with changes to its infrastructure, malware, and modus operandi after being initially outed a few months ago. Dubbed DUCKTAIL by researchers from WithSecure, the group uses spear phishing to target individuals on LinkedIn who have job descriptions that could suggest they have access to manage Facebook business accounts.

article thumbnail

Russia stole the passwords of 50 million users

CyberSecurity Insiders

For the past seven to eight months, we have been constantly reading or listening to Russia’s negative involvement in cybersecurity. Now, the latest that has been published by Group-IB claims Moscow’s involvement in the password stealing of over 50 million users. Yes, according to a report compiled after analyzing over 34 telegram groups’ involvement in cybercrime, researchers from Group-IB have confirmed the involvement of hacking groups linked to the Kremlin stealing 50m passwords from about 89

Passwords 127
article thumbnail

5 API Vulnerabilities That Get Exploited by Criminals

Security Affairs

Let’s give a look at API vulnerabilities by reading the API Security Top 10 published by the Open Web Application Security Project (OWASP). It’s no secret that cyber security has become a leading priority for most organizations — especially those in industries that handle sensitive customer information. And as these businesses work towards building robust security strategies, it’s vital that they account for various threat vectors and vulnerabilities.

article thumbnail

Cybersecurity Predictions for 2024

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.