Schneier on Security
MARCH 4, 2022
Researchers have found a major encryption flaw in 100 million Samsung Galaxy phones. From the abstract: In this work, we expose the cryptographic design and implementation of Android’s Hardware-Backed Keystore in Samsung’s Galaxy S8, S9, S10, S20, and S21 flagship devices. We reversed-engineered and provide a detailed description of the cryptographic design and code structure, and we unveil severe design flaws.
Krebs on Security
MARCH 1, 2022
A Ukrainian security researcher this week leaked several years of internal chat logs and other sensitive data tied to Conti , an aggressive and ruthless Russian cybercrime group that focuses on deploying its ransomware to companies with more than $100 million in annual revenue. The chat logs offer a fascinating glimpse into the challenges of running a sprawling criminal enterprise with more than 100 salaried employees.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
The Last Watchdog
FEBRUARY 28, 2022
One could make the argument that Application Programming Interfaces — APIs – are a vital cornerstone of digital transformation. Related: How a dynamic WAF can help protect SMBs. APIs interconnect the underlying components of modern digital services in a very flexible, open way. This has resulted in astounding innovations in cloud services, mobile computing, IoT systems and agile software development.
Tech Republic Security
MARCH 1, 2022
The vulnerability lies in how Samsung implemented a portion of the Android Trusted Execution Environment, leading to devices as new as the S21 being vulnerable to initialization vector reuse attacks. The post 100 million Samsung phones affected by encryption weakness appeared first on TechRepublic.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Schneier on Security
MARCH 1, 2022
Nice piece of research : Abstract: Among the many types of malicious codes, ransomware poses a major threat. Ransomware encrypts data and demands a ransom in exchange for decryption. As data recovery is impossible if the encryption key is not obtained, some companies suffer from considerable damage, such as the payment of huge amounts of money or the loss of important data.
Approachable Cyber Threats
MARCH 1, 2022
It’s here! Our 2022 update to our famous password table that’s been shared across the news, internet, social media, and organizations worldwide. So what’s new, and what’s the methodology behind it? Keep reading! Looking for a high resolution version to download? Download the table now. Password Strength in 2022 It’s been two years since we first shared our (now famous) password table.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Tech Republic Security
MARCH 1, 2022
A new type of malware attack is hitting Ukraine, and it renders the victim's machine useless. The post Destructive “HermeticWiper” malware strikes Ukraine appeared first on TechRepublic.
Schneier on Security
FEBRUARY 28, 2022
Tarah Wheeler and Josephine Wolff analyze a recent court decision that the NotPetya attacks are not considered an act of war under the wording of Merck’s insurance policy, and that the insurers must pay the $1B+ claim. Wheeler and Wolff argue that the judge “did the right thing for the wrong reasons.
Security Affairs
FEBRUARY 28, 2022
Anonymous and other hacker groups that responded to the call to war against Russia continue to launch cyberattacks on gov organizations and businesses. Anonymous and numerous hacker groups linked to the popular collective continue to launch cyber attacks against Russian and Belarussian government organizations and private businesses. In the last few days massive DDoS attacks have taken offline numerous websites of Russian government entities, including the Duma and Ministry of Defense.
eSecurity Planet
MARCH 4, 2022
The U.S. National Security Agency (NSA) released comprehensive network security guidance on March 3, on the same day that the Cybersecurity and Infrastructure Security Agency (CISA) released its longest-ever list of exploited vulnerabilities. With organizations around the world on heightened alert in the wake of Russia’s unprovoked war against Ukraine, government agencies have stepped up efforts too.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Tech Republic Security
MARCH 2, 2022
Eighty-four percent of organizations were phishing victims last year, 59% of whom were hit with ransomware. Why, then, do less than a quarter of boards think ransomware is a top priority? The post Ransomware infections top list of the most common results of phishing attacks appeared first on TechRepublic.
Schneier on Security
MARCH 3, 2022
Pangu Lab in China just published a report of a hacking operation by the Equation Group (aka the NSA). It noticed the hack in 2013, and was able to map it with Equation Group tools published by the Shadow Brokers (aka some Russian group). …the scope of victims exceeded 287 targets in 45 countries, including Russia, Japan, Spain, Germany, Italy, etc.
SecureList
MARCH 1, 2022
Executive summary. On February 24, 2022, Avast Threat Research published a tweet announcing the discovery of new Golang ransomware, which they called HermeticRansom. This malware was found around the same time the HermeticWiper was found, and based on publicly available information from security community it was used in recent cyberattacks in Ukraine.
Bleeping Computer
MARCH 1, 2022
A Ukrainian researcher continues to deal devastating blows to the Conti ransomware operation, leaking further internal conversations, as well as the source for their ransomware, administrative panels, and more. [.].
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Tech Republic Security
MARCH 1, 2022
If you're using WordPress, you need to consider one or more of these security plugins to keep your website safe from attack. The post 5 WordPress plugins to bolster security appeared first on TechRepublic.
Security Boulevard
MARCH 1, 2022
In one of the most impactful European conflicts since World War II, Russian troops have invaded neighboring Ukraine, a sovereign nation. While the effects of this war on world peace and stability remain to be seen and while a larger conflict involving other nations including the U.S. could soon become a reality, the uncomfortable truth. The post Ignoring US Cybersecurity Vulnerabilities No Longer an Option appeared first on Security Boulevard.
The Hacker News
MARCH 2, 2022
Details of a new nation-state sponsored phishing campaign have been uncovered setting its sights on European governmental entities in what's seen as an attempt to obtain intelligence on refugee and supply movement in the region.
Bleeping Computer
FEBRUARY 26, 2022
A small team of researchers at the Darmstadt University in Germany have published a report illustrating how their AirGuard app for Android provides better protection from stealthy AirTag stalking than other apps. [.].
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Tech Republic Security
MARCH 4, 2022
TechRepublic Premium content helps you solve your toughest IT issues and jumpstart your career or next project. The post TechRepublic Premium editorial calendar: IT policies, checklists, toolkits, and research for download appeared first on TechRepublic.
Security Boulevard
MARCH 2, 2022
A survey of more than 250 security, application and DevOps executives and professionals published today by Salt Security found 95% of respondents experienced a security incident involving application programming interfaces (APIs) in the last 12 months, with 62% reporting they slowed down the rollout of an application because of API security concerns.
CSO Magazine
MARCH 2, 2022
Since Russia launched a full-scale military invasion into Ukraine on February 23, a series of cyberattacks have been detected targeting Ukrainian businesses, websites and government agencies amid the ongoing conflict. Meanwhile, organizations in the cybersecurity sector have begun taking action to provide help and support to those directly and subsequently impacted by cyber incidents relating to the Ukraine-Russia crisis.
InfoWorld on Security
MARCH 1, 2022
Want to know who has the most stressful job in the enterprise these days? It’s the CISO, or chief information security officer. This is typically a senior-level executive responsible for developing and implementing information security programs and the person first on the hook if a breach occurs. Many of these brave men and women took on the role prior to the pandemic when vulnerable applications and data could be placed within a secure domain—typically, a well-defined firewall. [ Also on InfoWo
Advertisement
Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.
Tech Republic Security
MARCH 4, 2022
Commentary: For years we’ve tried tackling security at the company or organizational level. The new Alpha-Omega Project seems to be taking a true industry-wide approach, and that’s promising. The post New OpenSSF project may finally be doing security right appeared first on TechRepublic.
Bleeping Computer
MARCH 1, 2022
Microsoft has started rolling out its new endpoint security solution for small and medium-sized businesses (SMBs) known as Microsoft Defender for Business to Microsoft 365 Business Premium customers worldwide starting today, March 1st. [.].
Security Boulevard
MARCH 3, 2022
Beyond the disturbing images of the invasion of Ukraine that began February 24 are the invisible cyberattacks that preceded it and continue to be waged on Ukraine by Russian state-sponsored and other threat actors, which also threaten the West. Vedere Labs, Forescout’s threat intelligence and research team, is closely monitoring the evolution of cyber activities […].
CyberSecurity Insiders
FEBRUARY 26, 2022
With everyone living online these days, web traffic to the online channels is on the upsurge. However, if you delve into the traffic, you’ll see that most of the traffic is not from legitimate users. Only less than half of the traffic is actual humans, the rest are bots including both good and bad bots. In the early days, the bots were used only for spamming or small scraping attempts.
Advertisement
Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!
Tech Republic Security
MARCH 4, 2022
Coro’s report details a growing number of attacks on mid-sized businesses and the steps that need to be taken in order to be prepared. The post Cyberattacks on SMBs are increasing, will your business be ready? appeared first on TechRepublic.
CSO Magazine
MARCH 1, 2022
Corporate boards are asking their CISOs to inform them more often about cybersecurity risks. This gives security leaders an opportunity to help senior business stakeholders better understand security’s value and makes them more likely to support and strengthen security strategies. However, talking to the board about cybersecurity in a way that is productive can be a significant challenge, and failing to do so effectively can result in confusion, disillusionment, and a lack of cohesion among dire
Security Boulevard
MARCH 2, 2022
Why we need to clarify the ideal and acceptable outcomes If you want to deliver value faster, you need to know more than the problem you’re trying to solve. You also need to know what success looks like. Start by asking people to define and explain the ideal outcome. The ideal outcome is without restriction, […]. The post How to define outcomes to deliver value faster appeared first on Security Boulevard.
Heimadal Security
FEBRUARY 28, 2022
According to threat analysts, the year 2022 will mark the beginning of a change in hackers’ attention from huge corporations to individuals. Researchers base their prediction on a number of variables that point out how consumers are now more valuable to hackers than in the past. What Happened in 2021 and What Will Happen in 2022? […]. The post Hackers Might Shift Focus to Consumers Instead of Businesses in 2022 appeared first on Heimdal Security Blog.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Expert insights. Personalized for you.
313 
Let's personalize your content