Schneier on Security
MARCH 4, 2022
Researchers have found a major encryption flaw in 100 million Samsung Galaxy phones. From the abstract: In this work, we expose the cryptographic design and implementation of Android’s Hardware-Backed Keystore in Samsung’s Galaxy S8, S9, S10, S20, and S21 flagship devices. We reversed-engineered and provide a detailed description of the cryptographic design and code structure, and we unveil severe design flaws.
Krebs on Security
MARCH 1, 2022
A Ukrainian security researcher this week leaked several years of internal chat logs and other sensitive data tied to Conti , an aggressive and ruthless Russian cybercrime group that focuses on deploying its ransomware to companies with more than $100 million in annual revenue. The chat logs offer a fascinating glimpse into the challenges of running a sprawling criminal enterprise with more than 100 salaried employees.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Troy Hunt
MARCH 4, 2022
With travel now behind me, I'm back to a stable schedule and doing these on time again. Mind you, I came home to some of the wildest weather I've ever seen here, but it was kinda cool to watch and the kids didn't complain getting days off school. Oh - and I also loaded a bunch of new data breaches this week, the Robinhood one from earlier today being particularly noteworthy with more than 5M unique email addresses.
The Last Watchdog
FEBRUARY 28, 2022
One could make the argument that Application Programming Interfaces — APIs – are a vital cornerstone of digital transformation. Related: How a dynamic WAF can help protect SMBs. APIs interconnect the underlying components of modern digital services in a very flexible, open way. This has resulted in astounding innovations in cloud services, mobile computing, IoT systems and agile software development.
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
Schneier on Security
MARCH 1, 2022
Nice piece of research : Abstract: Among the many types of malicious codes, ransomware poses a major threat. Ransomware encrypts data and demands a ransom in exchange for decryption. As data recovery is impossible if the encryption key is not obtained, some companies suffer from considerable damage, such as the payment of huge amounts of money or the loss of important data.
Tech Republic Security
MARCH 1, 2022
The vulnerability lies in how Samsung implemented a portion of the Android Trusted Execution Environment, leading to devices as new as the S21 being vulnerable to initialization vector reuse attacks. The post 100 million Samsung phones affected by encryption weakness appeared first on TechRepublic.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Krebs on Security
MARCH 2, 2022
Earlier this week, a Ukrainian security researcher leaked almost two years’ worth of internal chat logs from Conti , one of the more rapacious and ruthless ransomware gangs in operation today. Tuesday’s story examined how Conti dealt with its own internal breaches and attacks from private security firms and governments. In Part II of this series we’ll explore what it’s like to work for Conti, as described by the Conti employees themselves.
Schneier on Security
FEBRUARY 28, 2022
Tarah Wheeler and Josephine Wolff analyze a recent court decision that the NotPetya attacks are not considered an act of war under the wording of Merck’s insurance policy, and that the insurers must pay the $1B+ claim. Wheeler and Wolff argue that the judge “did the right thing for the wrong reasons.
Tech Republic Security
MARCH 1, 2022
A new type of malware attack is hitting Ukraine, and it renders the victim's machine useless. The post Destructive “HermeticWiper” malware strikes Ukraine appeared first on TechRepublic.
Anton on Security
MARCH 3, 2022
Great old blog posts are sometimes hard to find (especially on Medium) , so I decided to do a periodic list blog with my favorite posts of the past quarter or so. Here is the next one. The posts below are ranked by lifetime views. This covers both Anton on Security and my posts from Google Cloud blog , and our Cloud Security Podcast too ( subscribe ).
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Lohrman on Security
FEBRUARY 27, 2022
Vitaliy Panych, the California chief information security officer, discusses cyber defenses and government strategic plans, plus his his career and tech priorities.
Schneier on Security
MARCH 3, 2022
Pangu Lab in China just published a report of a hacking operation by the Equation Group (aka the NSA). It noticed the hack in 2013, and was able to map it with Equation Group tools published by the Shadow Brokers (aka some Russian group). …the scope of victims exceeded 287 targets in 45 countries, including Russia, Japan, Spain, Germany, Italy, etc.
Tech Republic Security
MARCH 2, 2022
Eighty-four percent of organizations were phishing victims last year, 59% of whom were hit with ransomware. Why, then, do less than a quarter of boards think ransomware is a top priority? The post Ransomware infections top list of the most common results of phishing attacks appeared first on TechRepublic.
Doctor Chaos
FEBRUARY 28, 2022
Did you know your printer could be spying on you? This isn’t a crazy conspiracy theory or some unsubstantiated insider leak from within a printer company. The threat is real according to the Electronic Frontier Foundation (EFF). We have also heard some occasional rumblings around this issue, so let’s have a quick look at something exciting. Printer dots.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Approachable Cyber Threats
MARCH 1, 2022
It’s here! Our 2022 update to our famous password table that’s been shared across the news, internet, social media, and organizations worldwide. So what’s new, and what’s the methodology behind it? Keep reading! Looking for a high resolution version to download? Download the table now. Password Strength in 2022 It’s been two years since we first shared our (now famous) password table.
Schneier on Security
MARCH 2, 2022
TechCrunch is reporting — but not describing in detail — a vulnerability in a series of stalkerware apps that exposes personal information of the victims. The vulnerability isn’t in the apps installed on the victims’ phones, but in the website the stalker goes to view the information the app collects. The article is worth reading, less for the description of the vulnerability and more for the shadowy string of companies behind these stalkerware apps.
Tech Republic Security
MARCH 1, 2022
If you're using WordPress, you need to consider one or more of these security plugins to keep your website safe from attack. The post 5 WordPress plugins to bolster security appeared first on TechRepublic.
SecureList
MARCH 1, 2022
Executive summary. On February 24, 2022, Avast Threat Research published a tweet announcing the discovery of new Golang ransomware, which they called HermeticRansom. This malware was found around the same time the HermeticWiper was found, and based on publicly available information from security community it was used in recent cyberattacks in Ukraine.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
The Hacker News
MARCH 2, 2022
Details of a new nation-state sponsored phishing campaign have been uncovered setting its sights on European governmental entities in what's seen as an attempt to obtain intelligence on refugee and supply movement in the region.
Security Affairs
FEBRUARY 28, 2022
Anonymous and other hacker groups that responded to the call to war against Russia continue to launch cyberattacks on gov organizations and businesses. Anonymous and numerous hacker groups linked to the popular collective continue to launch cyber attacks against Russian and Belarussian government organizations and private businesses. In the last few days massive DDoS attacks have taken offline numerous websites of Russian government entities, including the Duma and Ministry of Defense.
Tech Republic Security
MARCH 4, 2022
TechRepublic Premium content helps you solve your toughest IT issues and jumpstart your career or next project. The post TechRepublic Premium editorial calendar: IT policies, checklists, toolkits, and research for download appeared first on TechRepublic.
Graham Cluley
FEBRUARY 28, 2022
A game, developed by the so-called IT Army of Ukraine, makes it easy for anyone around the world to contribute to the overloading of Russian websites while playing a version of the simple sliding puzzle "2048.".
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Malwarebytes
MARCH 2, 2022
Toyota suspended the operation of 28 lines at 14 plants in Japan on Tuesday, March 1, after a cyberattack on supplier Kojima Industries Corp. Some plants operated by Toyota’s affiliates Hino Motors and Daihatsu are included in the shutdown. Hino suspended all operations at its Koga facility, which manufactures large and midsize trucks for export and domestic sale, and its Hamura plant, which makes small trucks and handles production for Toyota.
Naked Security
FEBRUARY 28, 2022
Instagram scams don't seem to be dying out - we're seeing more variety and trickiness than ever.
Tech Republic Security
MARCH 4, 2022
Commentary: For years we’ve tried tackling security at the company or organizational level. The new Alpha-Omega Project seems to be taking a true industry-wide approach, and that’s promising. The post New OpenSSF project may finally be doing security right appeared first on TechRepublic.
Bleeping Computer
MARCH 1, 2022
A Ukrainian researcher continues to deal devastating blows to the Conti ransomware operation, leaking further internal conversations, as well as the source for their ransomware, administrative panels, and more. [.].
Advertisement
Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.
eSecurity Planet
MARCH 4, 2022
The U.S. National Security Agency (NSA) released comprehensive network security guidance on March 3, on the same day that the Cybersecurity and Infrastructure Security Agency (CISA) released its longest-ever list of exploited vulnerabilities. With organizations around the world on heightened alert in the wake of Russia’s unprovoked war against Ukraine, government agencies have stepped up efforts too.
Dark Reading
MARCH 4, 2022
Nearly 65% of security operations center (SOC) analysts are likely to change jobs in the next year, survey shows.
Tech Republic Security
MARCH 4, 2022
Coro’s report details a growing number of attacks on mid-sized businesses and the steps that need to be taken in order to be prepared. The post Cyberattacks on SMBs are increasing, will your business be ready? appeared first on TechRepublic.
Security Affairs
FEBRUARY 26, 2022
Global internet monitor working group NetBlocks reported that Twitter has been restricted in Russia amid conflict with Ukraine. Global internet monitor working organization NetBlocks shared its metrics confirming the restriction of Twitter in Russia from early morning amid conflict with Ukraine. Multiple local providers (Rostelecom, MTS, Beeline and MegaFon) were blocking access to the popular platform to prevent the vision of videos and images of the attacks carried out by Russian army in Ukrai
Advertisement
Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!
Expert insights. Personalized for you.
325 
Let's personalize your content