Sat.Jan 22, 2022 - Fri.Jan 28, 2022

article thumbnail

How I Got Pwned by My Cloud Costs

Troy Hunt

I have been, and still remain, a massive proponent of "the cloud" I built Have I Been Pwned (HIBP) as a cloud-first service that took advantage of modern cloud paradigms such as Azure Table Storage to massively drive down costs at crazy levels of performance I never could have achieved before. I wrote many blog posts about doing big things for small dollars and did talks all over the world about the great success I'd had with these approaches.

Passwords 363
article thumbnail

Tracking Secret German Organizations with Apple AirTags

Schneier on Security

A German activist is trying to track down a secret government intelligence agency. One of her research techniques is to mail Apple AirTags to see where they actually end up: Wittmann says that everyone she spoke to denied being part of this intelligence agency. But what she describes as a “good indicator,” would be if she could prove that the postal address for this “federal authority” actually leads to the intelligence service’s apparent offices. “To understa

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

The FBI Warns About A Google Voice Scam That Is Not New, But Still Finding Plenty Of Victims

Joseph Steinberg

The FBI recently warned the public that many people are still falling prey to a Google Voice scam that the FTC warned about months ago. Here is what you need to know to keep yourself safe: What is the common Google Voice scam about which the FBI warned? The particular Google Voice scam that is presently wreaking havoc involves a fraudster contacting a would-be victim – for our case let’s assume that they are targeting you – perhaps in response to a post that you made offering something for sale

Scams 321
article thumbnail

Who Wrote the ALPHV/BlackCat Ransomware Strain?

Krebs on Security

In December 2021, researchers discovered a new ransomware-as-a-service named ALPHV (a.k.a. “ BlackCat “), considered to be the first professional cybercrime group to create and use a ransomware strain written in the Rust programming language. In this post, we’ll explore some of the clues left behind by a developer who was reputedly hired to code the ransomware variant.

article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Will the Ukraine Conflict Lead to More Global Cyber Attacks?

Lohrman on Security

Recent cyber attacks against Ukrainian websites have focused global attention on the potential for wider online conflict. So what are the new cyber threats and potential scenarios to be prepared for?

article thumbnail

Linux-Targeted Malware Increased by 35%

Schneier on Security

Crowdstrike is reporting that malware targeting Linux has increased considerably in 2021: Malware targeting Linux systems increased by 35% in 2021 compared to 2020. XorDDoS, Mirai and Mozi malware families accounted for over 22% of Linux-targeted threats observed by CrowdStrike in 2021. Ten times more Mozi malware samples were observed in 2021 compared to 2020.

Malware 304

More Trending

article thumbnail

Personal identifying information for 1.5 billion users was stolen in 2021, but from where?

Tech Republic Security

Threat intelligence company Black Kite found that the majority of attacks were against healthcare providers, involved ransomware and succeeded thanks to software vulnerabilities.

article thumbnail

Introducing Cisco Responsible AI – Enhancing Technology Transparency and Customer Trust

Cisco Security

Artificial Intelligence (AI) is increasingly part of our everyday lives, and this transformation requires a thoughtful approach to innovation. Cisco is committed to delivering technologies and services by managing AI development in a way that augments our security, data privacy, and human rights focus – fostering a more inclusive future for all. Today, I am proud to announce Cisco’s Responsible AI initiative, a governance framework that guides internal development and provides a vital communicat

article thumbnail

FBI warns of malicious QR codes used to steal your money

Bleeping Computer

The Federal Bureau of Investigation (FBI) warned Americans this week that cybercriminals are using maliciously crafted Quick Response (QR) codes to steal their credentials and financial info. [.].

145
145
article thumbnail

Easily Exploitable Linux Flaw Exposes All Distributions: Qualys

eSecurity Planet

An easily exploited flaw in a program found in every major Linux distribution is the latest serious security issue that has arisen in the open-source space in recent weeks. Researchers at cybersecurity vendor Qualys this week disclosed the memory corruption vulnerability in polkit’s pkexec, which if exploited by a bad actor can enable an unprivileged user to gain full root privileges on a system, giving the unprivileged user administrative rights.

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Kaspersky stopped more than 30,000 attempts to use the Log4Shell exploit in January

Tech Republic Security

The critical remote code execution vulnerability in Apache's Log4j utility continues to be a popular tactic for cybercriminals. Consider this yet another plea to patch your systems.

159
159
article thumbnail

Emotet spam uses unconventional IP address formats to evade detection

Security Affairs

Experts warn Emotet malware campaign using “unconventional” IP address formats in an attempt to evade detection. Threat actors behind a recent Emotet malware campaign have been observed using using “unconventional” IP address formats to evade detection. Trend Micro researchers reported that threat actors are using hexadecimal and octal representations of the IP address. “We observed Emotet spam campaigns using hexadecimal and octal representations of IP addresses, l

Malware 140
article thumbnail

CISA adds 17 vulnerabilities to list of bugs exploited in attacks

Bleeping Computer

This week, the Cybersecurity and Infrastructure Security Agency (CISA) added seventeen actively exploited vulnerabilities to the 'Known Exploited Vulnerabilities Catalog. [.].

article thumbnail

Understanding APIs Role in Data Privacy

Security Boulevard

Today, the world is more connected than ever before. As a result, the rate at which data is being produced is growing exponentially every year. While many organizations have prioritized managing and securing this data, the topic of data privacy has also come into question particularly given the rise of connected devices and AI surveillance features.

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Data Privacy Day: Security experts' tips for 2022

Tech Republic Security

Data Privacy Day is a day to focus on best practices for ensuring private data remains that way. Learn insights and tips from security experts on the front lines.

article thumbnail

Molerats Hackers Hiding New Espionage Attacks Behind Public Cloud Infrastructure

The Hacker News

An active espionage campaign has been attributed to the threat actor known as Molerats that abuses legitimate cloud services like Google Drive and Dropbox to host malware payloads and for command-and-control and the exfiltration of data from targets across the Middle East.

Malware 143
article thumbnail

Update now! Apple pushes out security patches for iPhone and Mac zero-day vulnerabilities

Graham Cluley

Apple has released urgent security updates for its customers, following the discovery of zero-day vulnerabilities that can be used to hack into iPhones, iPads, and Macs.

Hacking 144
article thumbnail

3 Common Cloud Misconfigurations to Avoid

Security Boulevard

One way or another, cloud infrastructure has firmly entrenched itself as a crucial component for almost all organizations, and public cloud spending is expected to continue to skyrocket over the next five years. As with any organization-wide adoption program, cloud infrastructure initiatives require extensive planning to embrace and expand the scope successfully and securely.

Risk 141
article thumbnail

The Importance of User Roles and Permissions in Cybersecurity Software

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

article thumbnail

Patch now: A newly discovered critical Linux vulnerability probably affects your systems

Tech Republic Security

Dubbed PwnKit, it's been sitting in a user policy module used in Linux distros for over a decade and can be used by anyone to gain root privileges. Here's what you can do to protect your systems.

147
147
article thumbnail

22 cybersecurity myths organizations need to stop believing in 2022

CSO Magazine

The past few years have seen a dramatic shift in how organizations protect themselves against attackers. The hybrid working model, fast-paced digitalization, and increased number of ransomware incidents have changed the security landscape, making CISOs' jobs more complex than ever.

CISO 141
article thumbnail

OpenSubtitles data breach impacted 7 million subscribers

Security Affairs

OpenSubtitles has suffered a data breach, the maintainers confirmed that the incident impacted 7 Million subscribers. OpenSubtitles is a popular subtitles websites, it suffered a data breach that affected 6,783,158 subscribers. Exposed data include email and IP addresses, usernames, the country of the user and passwords stored as unsalted MD5 hashes.

article thumbnail

Predict 2022: Top Cybersecurity Threats for 2022

Security Boulevard

Two cybersecurity experts identified the top security threats for 2022 during an online Predict 2022 conference hosted by Techstrong Live, an arm of Techstrong Group, the parent company of Security Boulevard. Both Mike Jones, host of the H4unt3d Hacker podcast and a former anonymous hacktivist, and Donovan Farrow, CEO of Alias Forensics, a cybersecurity forensics.

article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

Cybercriminals exploiting COVID-19 tests in phishing attacks

Tech Republic Security

Scammers are taking advantage of the focus on COVID-19 testing and the need for at-home test kits, says Barracuda Networks.

Phishing 174
article thumbnail

Microsoft Fights Off Another Record DDoS Attack as Incidents Soar

eSecurity Planet

Microsoft in November fended off a massive distributed denial-of-service (DDoS) attack in its Azure cloud that officials said was the largest ever recorded, the latest in a wave of record attacks that washed over the IT industry in the second half of 2021. The enterprise software and cloud giant said in a blog post this week that during the last six months of the year, there was a 40 percent increase in the number of DDoS attacks worldwide over the first half of 2021, with an average of 1,955 at

DDOS 136
article thumbnail

China to spy through satellites over internet

CyberSecurity Insiders

Tesla company owner Elon Musk announced last year that his SpaceX Starlink internet service will reach to the remote places on continents like Africa and Asia providing connectivity to the people in rural areas who lack at least the basic communication services. China is all set to follow the same path as it has applied for a license to access spectrum for a ‘national network of satellites’ dubbed “Mega Constellation” in 2020.

Internet 134
article thumbnail

WordPress Supply Chain Attack—93 Add-Ons Infected for Months

Security Boulevard

A popular maker of WordPress plugins and themes was hacked—93 of AccessPress’s offerings were modified to give the hackers “full access” to users’ sites. The post WordPress Supply Chain Attack—93 Add-Ons Infected for Months appeared first on Security Boulevard.

Hacking 137
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

Is Google tracking your location even when you think you’ve turned it off? US states sue over “deception”

Graham Cluley

Four US states have launched a law suit against Google, claiming that the technology giant continued to track users' location, even when they users had asked it not to.

article thumbnail

How Hackers Compromise the Software Supply Chain

eSecurity Planet

It seems like a week doesn’t go by without a new vulnerability demonstrating the fragility of the software interdependencies that make up the software supply chain. A large part of software development leverages the benefits of open-source platforms and third-party vendors to deliver results on time. A wide range of people and organizations maintain those code bases.

Software 134
article thumbnail

How Will 5G Technology Alter IoT Security And How Can We Prepare?

CyberSecurity Insiders

The 5G technology appears to be perfect from a distance, with its grand claims of fostering efficient interconnectivity and speedy data transfers between people, objects, and devices. From this claim alone, everything seems too good to be true. Despite the massive inclination that we might have to believe these claims, we must scrutinize the legitimacy of the claims being made by 5G providers and get to the reality of the situation to maintain a robust cybersecurity landscape for the long run.

IoT 131
article thumbnail

From Drone to Counter-Drone: The Shifting Role of Cybersecurity

Security Boulevard

Cybertechnology has always been an issue in the drone industry, but its reach is expanding and evolving in multiple dimensions. Traditional cybersecurity concerns in the drone world referred either to the vulnerability of drone data and operations to cyberattacks, or the role that drones played in perpetrating cyberattacks themselves. But a new challenge has appeared, The post From Drone to Counter-Drone: The Shifting Role of Cybersecurity appeared first on Security Boulevard.

article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!