Schneier on Security
FEBRUARY 28, 2022
Tarah Wheeler and Josephine Wolff analyze a recent court decision that the NotPetya attacks are not considered an act of war under the wording of Merck’s insurance policy, and that the insurers must pay the $1B+ claim. Wheeler and Wolff argue that the judge “did the right thing for the wrong reasons.
Troy Hunt
MARCH 4, 2022
With travel now behind me, I'm back to a stable schedule and doing these on time again. Mind you, I came home to some of the wildest weather I've ever seen here, but it was kinda cool to watch and the kids didn't complain getting days off school. Oh - and I also loaded a bunch of new data breaches this week, the Robinhood one from earlier today being particularly noteworthy with more than 5M unique email addresses.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Krebs on Security
MARCH 1, 2022
A Ukrainian security researcher this week leaked several years of internal chat logs and other sensitive data tied to Conti , an aggressive and ruthless Russian cybercrime group that focuses on deploying its ransomware to companies with more than $100 million in annual revenue. The chat logs offer a fascinating glimpse into the challenges of running a sprawling criminal enterprise with more than 100 salaried employees.
The Last Watchdog
FEBRUARY 28, 2022
One could make the argument that Application Programming Interfaces — APIs – are a vital cornerstone of digital transformation. Related: How a dynamic WAF can help protect SMBs. APIs interconnect the underlying components of modern digital services in a very flexible, open way. This has resulted in astounding innovations in cloud services, mobile computing, IoT systems and agile software development.
Advertisement
Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.
Schneier on Security
MARCH 4, 2022
Researchers have found a major encryption flaw in 100 million Samsung Galaxy phones. From the abstract: In this work, we expose the cryptographic design and implementation of Android’s Hardware-Backed Keystore in Samsung’s Galaxy S8, S9, S10, S20, and S21 flagship devices. We reversed-engineered and provide a detailed description of the cryptographic design and code structure, and we unveil severe design flaws.
Troy Hunt
FEBRUARY 26, 2022
A little late this week as the tail end of travel bites into my time, but it's nice to be home again (albeit amidst a period of record rainfall). I'll get back on a normal schedule next week but for now, here's all the usual stuff in number 284, complete with a super cool "ransomwear" hoodie from this week's sponsor, Varonis 😎 References The Messaging Malware Mobile Anti-Abuse Working Group Mary Litynski Award (seeing industry recognition for HIBP is enormousl
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
|
Tech Republic Security
MARCH 1, 2022
A new type of malware attack is hitting Ukraine, and it renders the victim's machine useless. The post Destructive “HermeticWiper” malware strikes Ukraine appeared first on TechRepublic.
Schneier on Security
MARCH 1, 2022
Nice piece of research : Abstract: Among the many types of malicious codes, ransomware poses a major threat. Ransomware encrypts data and demands a ransom in exchange for decryption. As data recovery is impossible if the encryption key is not obtained, some companies suffer from considerable damage, such as the payment of huge amounts of money or the loss of important data.
Anton on Security
MARCH 3, 2022
Great old blog posts are sometimes hard to find (especially on Medium) , so I decided to do a periodic list blog with my favorite posts of the past quarter or so. Here is the next one. The posts below are ranked by lifetime views. This covers both Anton on Security and my posts from Google Cloud blog , and our Cloud Security Podcast too ( subscribe ).
Lohrman on Security
FEBRUARY 27, 2022
Vitaliy Panych, the California chief information security officer, discusses cyber defenses and government strategic plans, plus his his career and tech priorities.
Advertisement
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
Tech Republic Security
MARCH 1, 2022
The vulnerability lies in how Samsung implemented a portion of the Android Trusted Execution Environment, leading to devices as new as the S21 being vulnerable to initialization vector reuse attacks. The post 100 million Samsung phones affected by encryption weakness appeared first on TechRepublic.
Schneier on Security
MARCH 3, 2022
Pangu Lab in China just published a report of a hacking operation by the Equation Group (aka the NSA). It noticed the hack in 2013, and was able to map it with Equation Group tools published by the Shadow Brokers (aka some Russian group). …the scope of victims exceeded 287 targets in 45 countries, including Russia, Japan, Spain, Germany, Italy, etc.
Doctor Chaos
FEBRUARY 28, 2022
Did you know your printer could be spying on you? This isn’t a crazy conspiracy theory or some unsubstantiated insider leak from within a printer company. The threat is real according to the Electronic Frontier Foundation (EFF). We have also heard some occasional rumblings around this issue, so let’s have a quick look at something exciting. Printer dots.
Approachable Cyber Threats
MARCH 1, 2022
It’s here! Our 2022 update to our famous password table that’s been shared across the news, internet, social media, and organizations worldwide. So what’s new, and what’s the methodology behind it? Keep reading! Looking for a high resolution version to download? Download the table now. Password Strength in 2022 It’s been two years since we first shared our (now famous) password table.
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
Tech Republic Security
MARCH 1, 2022
If you're using WordPress, you need to consider one or more of these security plugins to keep your website safe from attack. The post 5 WordPress plugins to bolster security appeared first on TechRepublic.
Schneier on Security
MARCH 2, 2022
TechCrunch is reporting — but not describing in detail — a vulnerability in a series of stalkerware apps that exposes personal information of the victims. The vulnerability isn’t in the apps installed on the victims’ phones, but in the website the stalker goes to view the information the app collects. The article is worth reading, less for the description of the vulnerability and more for the shadowy string of companies behind these stalkerware apps.
Graham Cluley
FEBRUARY 28, 2022
A game, developed by the so-called IT Army of Ukraine, makes it easy for anyone around the world to contribute to the overloading of Russian websites while playing a version of the simple sliding puzzle "2048.".
SecureList
MARCH 1, 2022
Executive summary. On February 24, 2022, Avast Threat Research published a tweet announcing the discovery of new Golang ransomware, which they called HermeticRansom. This malware was found around the same time the HermeticWiper was found, and based on publicly available information from security community it was used in recent cyberattacks in Ukraine.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Tech Republic Security
MARCH 2, 2022
Eighty-four percent of organizations were phishing victims last year, 59% of whom were hit with ransomware. Why, then, do less than a quarter of boards think ransomware is a top priority? The post Ransomware infections top list of the most common results of phishing attacks appeared first on TechRepublic.
The Hacker News
MARCH 2, 2022
Details of a new nation-state sponsored phishing campaign have been uncovered setting its sights on European governmental entities in what's seen as an attempt to obtain intelligence on refugee and supply movement in the region.
Security Affairs
FEBRUARY 28, 2022
Anonymous and other hacker groups that responded to the call to war against Russia continue to launch cyberattacks on gov organizations and businesses. Anonymous and numerous hacker groups linked to the popular collective continue to launch cyber attacks against Russian and Belarussian government organizations and private businesses. In the last few days massive DDoS attacks have taken offline numerous websites of Russian government entities, including the Duma and Ministry of Defense.
Heimadal Security
FEBRUARY 28, 2022
According to threat analysts, the year 2022 will mark the beginning of a change in hackers’ attention from huge corporations to individuals. Researchers base their prediction on a number of variables that point out how consumers are now more valuable to hackers than in the past. What Happened in 2021 and What Will Happen in 2022? […]. The post Hackers Might Shift Focus to Consumers Instead of Businesses in 2022 appeared first on Heimdal Security Blog.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Tech Republic Security
MARCH 4, 2022
Commentary: For years we’ve tried tackling security at the company or organizational level. The new Alpha-Omega Project seems to be taking a true industry-wide approach, and that’s promising. The post New OpenSSF project may finally be doing security right appeared first on TechRepublic.
Cisco Security
FEBRUARY 28, 2022
In today’s digital-first world having enterprise grade information, services, and workloads in the cloud is becoming increasingly important for success. Nonetheless the lack of asset visibility that haunted private networks has not disappeared in the cloud era; it has been transferred, or some may say even aggravated. In its Hype Cycle for Security Operations, Gartner has defined Cyber Assets Attack Surface Management (CAASM) as “an emerging technology focused on enabling security teams to solve
SecureBlitz
FEBRUARY 28, 2022
IT risk management plans help administrators and workers identify possible risks that threaten the network and connecting systems. The administrators are responsible for managing the entire network and working with data systems administrators to protect customer and business data. By reviewing the 5 steps for these management systems, businesses can mitigate more risks and avoid.
eSecurity Planet
MARCH 4, 2022
The U.S. National Security Agency (NSA) released comprehensive network security guidance on March 3, on the same day that the Cybersecurity and Infrastructure Security Agency (CISA) released its longest-ever list of exploited vulnerabilities. With organizations around the world on heightened alert in the wake of Russia’s unprovoked war against Ukraine, government agencies have stepped up efforts too.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Tech Republic Security
MARCH 4, 2022
TechRepublic Premium content helps you solve your toughest IT issues and jumpstart your career or next project. The post TechRepublic Premium editorial calendar: IT policies, checklists, toolkits, and research for download appeared first on TechRepublic.
Naked Security
FEBRUARY 28, 2022
Instagram scams don't seem to be dying out - we're seeing more variety and trickiness than ever.
Bleeping Computer
MARCH 1, 2022
A Ukrainian researcher continues to deal devastating blows to the Conti ransomware operation, leaking further internal conversations, as well as the source for their ransomware, administrative panels, and more. [.].
Dark Reading
MARCH 4, 2022
Nearly 65% of security operations center (SOC) analysts are likely to change jobs in the next year, survey shows.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Expert insights. Personalized for you.
328 
Let's personalize your content