Troy Hunt

JANUARY 23, 2022

I have been, and still remain, a massive proponent of "the cloud" I built Have I Been Pwned (HIBP) as a cloud-first service that took advantage of modern cloud paradigms such as Azure Table Storage to massively drive down costs at crazy levels of performance I never could have achieved before. I wrote many blog posts about doing big things for small dollars and did talks all over the world about the great success I'd had with these approaches.

Passwords 363

Passwords Accountability Firewall Risk 363

Schneier on Security

JANUARY 28, 2022

A German activist is trying to track down a secret government intelligence agency. One of her research techniques is to mail Apple AirTags to see where they actually end up: Wittmann says that everyone she spoke to denied being part of this intelligence agency. But what she describes as a “good indicator,” would be if she could prove that the postal address for this “federal authority” actually leads to the intelligence service’s apparent offices. “To understa

Telecommunications 341

Telecommunications Government 341

Joseph Steinberg

JANUARY 26, 2022

The FBI recently warned the public that many people are still falling prey to a Google Voice scam that the FTC warned about months ago. Here is what you need to know to keep yourself safe: What is the common Google Voice scam about which the FBI warned? The particular Google Voice scam that is presently wreaking havoc involves a fraudster contacting a would-be victim – for our case let’s assume that they are targeting you – perhaps in response to a post that you made offering something for sale

Scams 321

Scams Authentication Accountability Artificial Intelligence 321

Krebs on Security

JANUARY 28, 2022

In December 2021, researchers discovered a new ransomware-as-a-service named ALPHV (a.k.a. “ BlackCat “), considered to be the first professional cybercrime group to create and use a ransomware strain written in the Rust programming language. In this post, we’ll explore some of the clues left behind by a developer who was reputedly hired to code the ransomware variant.

Ransomware 309

Ransomware Accountability Cybercrime Malware 309

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

Lohrman on Security

JANUARY 23, 2022

Recent cyber attacks against Ukrainian websites have focused global attention on the potential for wider online conflict. So what are the new cyber threats and potential scenarios to be prepared for?

Cyber Attacks 268

Cyber Attacks Cyber threats 268

Schneier on Security

JANUARY 24, 2022

Crowdstrike is reporting that malware targeting Linux has increased considerably in 2021: Malware targeting Linux systems increased by 35% in 2021 compared to 2020. XorDDoS, Mirai and Mozi malware families accounted for over 22% of Linux-targeted threats observed by CrowdStrike in 2021. Ten times more Mozi malware samples were observed in 2021 compared to 2020.

Malware 315

Malware Accountability 315

Krebs on Security

JANUARY 25, 2022

What’s worse than finding out that identity thieves took out a 546 percent interest payday loan in your name? How about a 900 percent interest loan? Or how about not learning of the fraudulent loan until it gets handed off to collection agents? One reader’s nightmare experience spotlights what can happen when ID thieves and hackers start targeting online payday lenders.

Financial Services 225

Financial Services Banking Accountability Identity Theft 225

Tech Republic Security

JANUARY 24, 2022

Threat intelligence company Black Kite found that the majority of attacks were against healthcare providers, involved ransomware and succeeded thanks to software vulnerabilities.

Healthcare 192

Healthcare Ransomware Software 192

Schneier on Security

JANUARY 26, 2022

There’s a new ransomware that targets NAT devices made by QNAP: The attacks started today, January 25th, with QNAP devices suddenly finding their files encrypted and file names appended with a.deadbolt file extension. Instead of creating ransom notes in each folder on the device, the QNAP device’s login page is hijacked to display a screen stating, “WARNING: Your files have been locked by DeadBolt”… […].

Ransomware 265

Ransomware Firewall Encryption Internet 265

The Last Watchdog

JANUARY 24, 2022

Artificial intelligence (AI) is woven into the fabric of today’s business world. However, business model integration of AI is in its infancy and smaller companies often lack the resources to leverage AI. Related: Deploying human security sensors. Even so, AI is useful across a wide spectrum of industries. There already are many human work models augmented by AI.

Cybersecurity 250

Cybersecurity Artificial Intelligence Marketing 250

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Bleeping Computer

JANUARY 23, 2022

The Federal Bureau of Investigation (FBI) warned Americans this week that cybercriminals are using maliciously crafted Quick Response (QR) codes to steal their credentials and financial info. [.].

145

145

Tech Republic Security

JANUARY 26, 2022

Scammers are taking advantage of the focus on COVID-19 testing and the need for at-home test kits, says Barracuda Networks.

Phishing 190

Phishing 190

Schneier on Security

JANUARY 25, 2022

The insurance company Ace American has to pay for the losses: On 6th December 2021, the New Jersey Superior Court granted partial summary judgment (attached) in favour of Merck and International Indemnity, declaring that the War or Hostile Acts exclusion was inapplicable to the dispute. Merck suffered US$1.4 billion in business interruption losses from the Notpetya cyber attack of 2017 which were claimed against “all risks” property re/insurance policies providing coverage for losses

Insurance 192

Insurance Cyber Attacks Government Malware 192

The Hacker News

JANUARY 22, 2022

An active espionage campaign has been attributed to the threat actor known as Molerats that abuses legitimate cloud services like Google Drive and Dropbox to host malware payloads and for command-and-control and the exfiltration of data from targets across the Middle East.

Malware 145

Malware 145

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Bleeping Computer

JANUARY 22, 2022

This week, the Cybersecurity and Infrastructure Security Agency (CISA) added seventeen actively exploited vulnerabilities to the 'Known Exploited Vulnerabilities Catalog. [.].

Cybersecurity 145

Cybersecurity 145

Tech Republic Security

JANUARY 27, 2022

Data Privacy Day is a day to focus on best practices for ensuring private data remains that way. Learn insights and tips from security experts on the front lines.

Data privacy 180

Data privacy 180

Security Affairs

JANUARY 24, 2022

Experts warn Emotet malware campaign using “unconventional” IP address formats in an attempt to evade detection. Threat actors behind a recent Emotet malware campaign have been observed using using “unconventional” IP address formats to evade detection. Trend Micro researchers reported that threat actors are using hexadecimal and octal representations of the IP address. “We observed Emotet spam campaigns using hexadecimal and octal representations of IP addresses, l

Malware 143

Malware Social Engineering Ransomware Banking 143

The Hacker News

JANUARY 22, 2022

Latest analysis into the wiper malware that targeted dozens of Ukrainian agencies earlier this month has revealed "strategic similarities" to NotPetya malware that was unleashed against the country's infrastructure and elsewhere in 2017.

Malware 145

Malware Government 145

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Graham Cluley

JANUARY 26, 2022

Apple has released urgent security updates for its customers, following the discovery of zero-day vulnerabilities that can be used to hack into iPhones, iPads, and Macs.

Hacking 142

Hacking 142

Tech Republic Security

JANUARY 28, 2022

The critical remote code execution vulnerability in Apache's Log4j utility continues to be a popular tactic for cybercriminals. Consider this yet another plea to patch your systems.

175

175

eSecurity Planet

JANUARY 26, 2022

An easily exploited flaw in a program found in every major Linux distribution is the latest serious security issue that has arisen in the open-source space in recent weeks. Researchers at cybersecurity vendor Qualys this week disclosed the memory corruption vulnerability in polkit’s pkexec, which if exploited by a bad actor can enable an unprivileged user to gain full root privileges on a system, giving the unprivileged user administrative rights.

Manufacturing 142

Manufacturing IoT Software DDOS 142

The Hacker News

JANUARY 23, 2022

Social engineering campaigns involving the deployment of the Emotet malware botnet have been observed using "unconventional" IP address formats for the first time in a bid to sidestep detection by security solutions.

Social Engineering 143

Social Engineering Engineering Malware 143

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Security Boulevard

JANUARY 28, 2022

Today, the world is more connected than ever before. As a result, the rate at which data is being produced is growing exponentially every year. While many organizations have prioritized managing and securing this data, the topic of data privacy has also come into question particularly given the rise of connected devices and AI surveillance features.

Data privacy 141

Data privacy Surveillance Data collection 141

Tech Republic Security

JANUARY 26, 2022

Cisco's 2022 data privacy study finds that privacy budgets are up, and companies are seeing good return on these investments.

Data privacy 156

Data privacy 156

Security Affairs

JANUARY 23, 2022

OpenSubtitles has suffered a data breach, the maintainers confirmed that the incident impacted 7 Million subscribers. OpenSubtitles is a popular subtitles websites, it suffered a data breach that affected 6,783,158 subscribers. Exposed data include email and IP addresses, usernames, the country of the user and passwords stored as unsalted MD5 hashes.

Data breaches 141

Data breaches Passwords Hacking Accountability 141

The Hacker News

JANUARY 27, 2022

A financially-motivated malware campaign has compromised over 800 WordPress websites to deliver a banking trojan dubbed Chaes targeting Brazilian customers of Banco do Brasil, Loja Integrada, Mercado Bitcoin, Mercado Livre, and Mercado Pago.

Banking 142

Banking Engineering Malware 142

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

Security Boulevard

JANUARY 25, 2022

One way or another, cloud infrastructure has firmly entrenched itself as a crucial component for almost all organizations, and public cloud spending is expected to continue to skyrocket over the next five years. As with any organization-wide adoption program, cloud infrastructure initiatives require extensive planning to embrace and expand the scope successfully and securely.

Risk 141

Risk Cybersecurity Network Security 141

Tech Republic Security

JANUARY 27, 2022

Dubbed PwnKit, it's been sitting in a user policy module used in Linux distros for over a decade and can be used by anyone to gain root privileges. Here's what you can do to protect your systems.

148

148

CSO Magazine

JANUARY 24, 2022

The past few years have seen a dramatic shift in how organizations protect themselves against attackers. The hybrid working model, fast-paced digitalization, and increased number of ransomware incidents have changed the security landscape, making CISOs' jobs more complex than ever.

CISO 141

CISO Cybersecurity Ransomware 141

Malwarebytes

JANUARY 26, 2022

Microsoft is warning Office 365 users to watch out for a phishy emails asking you to install an app called Upgrade. The app requests multiple permissions which could cause problems on a network if granted: Creating inbox rules Read and write emails and calendar items Read contacts. This is only the beginning of a potentially very nasty scaling of the security ladders.

Phishing 139

Phishing Security Intelligence Scams Passwords 139

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity