Troy Hunt

JANUARY 23, 2022

I have been, and still remain, a massive proponent of "the cloud" I built Have I Been Pwned (HIBP) as a cloud-first service that took advantage of modern cloud paradigms such as Azure Table Storage to massively drive down costs at crazy levels of performance I never could have achieved before. I wrote many blog posts about doing big things for small dollars and did talks all over the world about the great success I'd had with these approaches.

Passwords 363

Passwords Accountability Firewall Risk 363

Schneier on Security

JANUARY 28, 2022

A German activist is trying to track down a secret government intelligence agency. One of her research techniques is to mail Apple AirTags to see where they actually end up: Wittmann says that everyone she spoke to denied being part of this intelligence agency. But what she describes as a “good indicator,” would be if she could prove that the postal address for this “federal authority” actually leads to the intelligence service’s apparent offices. “To understa

Telecommunications 333

Telecommunications Government 333

Joseph Steinberg

JANUARY 26, 2022

The FBI recently warned the public that many people are still falling prey to a Google Voice scam that the FTC warned about months ago. Here is what you need to know to keep yourself safe: What is the common Google Voice scam about which the FBI warned? The particular Google Voice scam that is presently wreaking havoc involves a fraudster contacting a would-be victim – for our case let’s assume that they are targeting you – perhaps in response to a post that you made offering something for sale

Scams 321

Scams Authentication Accountability Artificial Intelligence 321

Krebs on Security

JANUARY 28, 2022

In December 2021, researchers discovered a new ransomware-as-a-service named ALPHV (a.k.a. “ BlackCat “), considered to be the first professional cybercrime group to create and use a ransomware strain written in the Rust programming language. In this post, we’ll explore some of the clues left behind by a developer who was reputedly hired to code the ransomware variant.

Ransomware 295

Ransomware Accountability Cybercrime Malware 295

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Lohrman on Security

JANUARY 23, 2022

Recent cyber attacks against Ukrainian websites have focused global attention on the potential for wider online conflict. So what are the new cyber threats and potential scenarios to be prepared for?

Cyber Attacks 268

Cyber Attacks Cyber threats 268

Schneier on Security

JANUARY 24, 2022

Crowdstrike is reporting that malware targeting Linux has increased considerably in 2021: Malware targeting Linux systems increased by 35% in 2021 compared to 2020. XorDDoS, Mirai and Mozi malware families accounted for over 22% of Linux-targeted threats observed by CrowdStrike in 2021. Ten times more Mozi malware samples were observed in 2021 compared to 2020.

Malware 306

Malware Accountability 306

Tech Republic Security

JANUARY 24, 2022

Threat intelligence company Black Kite found that the majority of attacks were against healthcare providers, involved ransomware and succeeded thanks to software vulnerabilities.

Healthcare 181

Healthcare Ransomware Software 181

Bleeping Computer

JANUARY 23, 2022

The Federal Bureau of Investigation (FBI) warned Americans this week that cybercriminals are using maliciously crafted Quick Response (QR) codes to steal their credentials and financial info. [.].

145

145

Schneier on Security

JANUARY 26, 2022

There’s a new ransomware that targets NAT devices made by QNAP: The attacks started today, January 25th, with QNAP devices suddenly finding their files encrypted and file names appended with a.deadbolt file extension. Instead of creating ransom notes in each folder on the device, the QNAP device’s login page is hijacked to display a screen stating, “WARNING: Your files have been locked by DeadBolt”… […].

Ransomware 247

Ransomware Firewall Encryption Internet 247

eSecurity Planet

JANUARY 26, 2022

An easily exploited flaw in a program found in every major Linux distribution is the latest serious security issue that has arisen in the open-source space in recent weeks. Researchers at cybersecurity vendor Qualys this week disclosed the memory corruption vulnerability in polkit’s pkexec, which if exploited by a bad actor can enable an unprivileged user to gain full root privileges on a system, giving the unprivileged user administrative rights.

Manufacturing 145

Manufacturing IoT Software DDOS 145

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Tech Republic Security

JANUARY 28, 2022

The critical remote code execution vulnerability in Apache's Log4j utility continues to be a popular tactic for cybercriminals. Consider this yet another plea to patch your systems.

164

164

Bleeping Computer

JANUARY 22, 2022

This week, the Cybersecurity and Infrastructure Security Agency (CISA) added seventeen actively exploited vulnerabilities to the 'Known Exploited Vulnerabilities Catalog. [.].

Cybersecurity 145

Cybersecurity 145

The Hacker News

JANUARY 22, 2022

An active espionage campaign has been attributed to the threat actor known as Molerats that abuses legitimate cloud services like Google Drive and Dropbox to host malware payloads and for command-and-control and the exfiltration of data from targets across the Middle East.

Malware 144

Malware 144

Security Boulevard

JANUARY 28, 2022

Today, the world is more connected than ever before. As a result, the rate at which data is being produced is growing exponentially every year. While many organizations have prioritized managing and securing this data, the topic of data privacy has also come into question particularly given the rise of connected devices and AI surveillance features.

Data privacy 141

Data privacy Surveillance Data collection 141

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Tech Republic Security

JANUARY 27, 2022

Data Privacy Day is a day to focus on best practices for ensuring private data remains that way. Learn insights and tips from security experts on the front lines.

Data privacy 170

Data privacy 170

Graham Cluley

JANUARY 26, 2022

Apple has released urgent security updates for its customers, following the discovery of zero-day vulnerabilities that can be used to hack into iPhones, iPads, and Macs.

Hacking 144

Hacking 144

CSO Magazine

JANUARY 24, 2022

The past few years have seen a dramatic shift in how organizations protect themselves against attackers. The hybrid working model, fast-paced digitalization, and increased number of ransomware incidents have changed the security landscape, making CISOs' jobs more complex than ever.

CISO 141

CISO Cybersecurity Ransomware 141

Security Boulevard

JANUARY 25, 2022

One way or another, cloud infrastructure has firmly entrenched itself as a crucial component for almost all organizations, and public cloud spending is expected to continue to skyrocket over the next five years. As with any organization-wide adoption program, cloud infrastructure initiatives require extensive planning to embrace and expand the scope successfully and securely.

Risk 141

Risk Cybersecurity Network Security 141

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Tech Republic Security

JANUARY 27, 2022

Dubbed PwnKit, it's been sitting in a user policy module used in Linux distros for over a decade and can be used by anyone to gain root privileges. Here's what you can do to protect your systems.

148

148

The Hacker News

JANUARY 22, 2022

Latest analysis into the wiper malware that targeted dozens of Ukrainian agencies earlier this month has revealed "strategic similarities" to NotPetya malware that was unleashed against the country's infrastructure and elsewhere in 2017.

Malware 136

Malware Government 136

Security Affairs

JANUARY 24, 2022

Experts warn Emotet malware campaign using “unconventional” IP address formats in an attempt to evade detection. Threat actors behind a recent Emotet malware campaign have been observed using using “unconventional” IP address formats to evade detection. Trend Micro researchers reported that threat actors are using hexadecimal and octal representations of the IP address. “We observed Emotet spam campaigns using hexadecimal and octal representations of IP addresses, l

Malware 141

Malware Social Engineering Ransomware Banking 141

Security Boulevard

JANUARY 24, 2022

Two cybersecurity experts identified the top security threats for 2022 during an online Predict 2022 conference hosted by Techstrong Live, an arm of Techstrong Group, the parent company of Security Boulevard. Both Mike Jones, host of the H4unt3d Hacker podcast and a former anonymous hacktivist, and Donovan Farrow, CEO of Alias Forensics, a cybersecurity forensics.

Cybersecurity 137

Cybersecurity Security Awareness Ransomware Malware 137

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

Tech Republic Security

JANUARY 26, 2022

Scammers are taking advantage of the focus on COVID-19 testing and the need for at-home test kits, says Barracuda Networks.

Phishing 180

Phishing 180

eSecurity Planet

JANUARY 28, 2022

Microsoft in November fended off a massive distributed denial-of-service (DDoS) attack in its Azure cloud that officials said was the largest ever recorded, the latest in a wave of record attacks that washed over the IT industry in the second half of 2021. The enterprise software and cloud giant said in a blog post this week that during the last six months of the year, there was a 40 percent increase in the number of DDoS attacks worldwide over the first half of 2021, with an average of 1,955 at

DDOS 136

DDOS IoT Engineering DNS 136

CyberSecurity Insiders

JANUARY 26, 2022

Tesla company owner Elon Musk announced last year that his SpaceX Starlink internet service will reach to the remote places on continents like Africa and Asia providing connectivity to the people in rural areas who lack at least the basic communication services. China is all set to follow the same path as it has applied for a license to access spectrum for a ‘national network of satellites’ dubbed “Mega Constellation” in 2020.

Internet 134

Internet Internet Mobile Cybersecurity 134

Security Boulevard

JANUARY 24, 2022

A popular maker of WordPress plugins and themes was hacked—93 of AccessPress’s offerings were modified to give the hackers “full access” to users’ sites. The post WordPress Supply Chain Attack—93 Add-Ons Infected for Months appeared first on Security Boulevard.

Hacking 137

Hacking Software Malware Cybersecurity 137

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

Tech Republic Security

JANUARY 26, 2022

Cisco's 2022 data privacy study finds that privacy budgets are up, and companies are seeing good return on these investments.

Data privacy 150

Data privacy 150

Graham Cluley

JANUARY 25, 2022

Four US states have launched a law suit against Google, claiming that the technology giant continued to track users' location, even when they users had asked it not to.

Technology 136

Technology 136

eSecurity Planet

JANUARY 27, 2022

It seems like a week doesn’t go by without a new vulnerability demonstrating the fragility of the software interdependencies that make up the software supply chain. A large part of software development leverages the benefits of open-source platforms and third-party vendors to deliver results on time. A wide range of people and organizations maintain those code bases.

Software 134

Software Risk Authentication Government 134

Security Boulevard

JANUARY 28, 2022

Cybertechnology has always been an issue in the drone industry, but its reach is expanding and evolving in multiple dimensions. Traditional cybersecurity concerns in the drone world referred either to the vulnerability of drone data and operations to cyberattacks, or the role that drones played in perpetrating cyberattacks themselves. But a new challenge has appeared, The post From Drone to Counter-Drone: The Shifting Role of Cybersecurity appeared first on Security Boulevard.

Cybersecurity 136

Cybersecurity IoT Risk Government 136

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity