Naked Security

APRIL 21, 2021

No IT technology feels quite as much of a double-edged sword as encryption.

Malware 117

Malware Encryption Technology 117

Security Affairs

APRIL 22, 2021

The importance of carrying out a careful risk and impact assessment in order to safeguard the security of the information and the data privacy. In order to reduce as much as possible the vulnerabilities and programming errors that can affect not only the quality of the product itself but can also be exploited to launch increasingly sophisticated and growing computer attacks, it’s necessary to guarantee the protection parameters of computer security in terms of integrity, confidentiality and auth

Software 135

Software Data privacy Architecture Risk 135

Daniel Miessler

APRIL 20, 2021

Casey Ellis (of Bugcrowd fame) had a great post on Twitter today about security terminology. Casey also added that Acceptable Risk would be being willing to get punched in the face. threat actor = someone who wants to punch you in the face threat = the punch being thrown vulnerability = your inability to defend against the punch risk = the likelihood of getting punched in the face — cje (@caseyjohnellis) April 19, 2021.

Risk 335

Risk Information Security 335

Schneier on Security

APRIL 21, 2021

Developers have discovered a backdoor in the Codecov bash uploader. It’s been there for four months. We don’t know who put it there. Codecov said the breach allowed the attackers to export information stored in its users’ continuous integration (CI) environments. This information was then sent to a third-party server outside of Codecov’s infrastructure,” the company warned.

Hacking 334

Hacking 334

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Troy Hunt

APRIL 17, 2021

Geez I'm glad the Facebook stuff was the week before this one! With that (mostly) out of the way, we headed off to Thredbo for a couple of days of mountain biking, hitting trails I've only ever snowboarded down before (yes, we get snow in Australia). Back to normality (I think we can start calling it that now), Rob and I did our book editing session, the Facebook scraping incident (let's stop calling it a "data breach") continued to consume time and in a case of very fortuitous timing, they're c

Data breaches 287

Data breaches 287

Tech Republic Security

APRIL 20, 2021

As the use of cryptocurrency increases, so does the risk of being a target for scammers. Tom Merritt offers five tips for defending against cryptocurrency scams.

Cryptocurrency 216

Cryptocurrency Scams Risk 216

Schneier on Security

APRIL 20, 2021

On April 15, the Biden administration both formally attributed the SolarWinds espionage campaign to the Russian Foreign Intelligence Service (SVR), and imposed a series of sanctions designed to punish the country for the attack and deter future attacks. I will leave it to those with experience in foreign relations to convince me that the response is sufficient to deter future operations.

Hacking 331

Hacking 331

Trend Micro

APRIL 19, 2021

What happens in Carbanak and FIN7 attacks? Here are some techniques used by these financially motivated threat groups that target banks, retail stores, and other establishments.

Retail 145

Retail Banking 145

Tech Republic Security

APRIL 20, 2021

A former pro baseball player and coach turned sports psychologist believes there is much cybersecurity pros can learn from sports mental conditioning. He wants to help them hit more home runs.

Cybersecurity 186

Cybersecurity 186

Security Boulevard

APRIL 22, 2021

If cybersecurity leaders and teams think this year will be quieter and easier than 2020, they are mistaken. The remote work trend launched by COVID-19 is morphing into a new hybrid environment that has some employees working at home full time, others at corporate facilities and many working at either location depending on the day. The post Navigating Cybersecurity Gaps in Uncertain Times appeared first on Security Boulevard.

Cybersecurity 145

Cybersecurity CISO IoT Mobile 145

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Schneier on Security

APRIL 19, 2021

The Washington Post has published a long story on the unlocking of the San Bernardino Terrorist’s iPhone 5C in 2016. We all thought it was an Israeli company called Cellebrite. It was actually an Australian company called Azimuth Security. Azimuth specialized in finding significant vulnerabilities. Dowd, a former IBM X-Force researcher whom one peer called “the Mozart of exploit design,” had found one in open-source code from Mozilla that Apple used to permit accessories to be

Software 292

Software Hacking 292

Hot for Security

APRIL 22, 2021

The bad news. Attackers are exploiting the COVID-19 vaccine apps to deploy malware to Android devices. Since the outburst of the pandemic, they haven’t missed any opportunity to spread malware via Covid19-themed emails, apps, websites and social media. But now, Bitdefender researchers have found multiple apps taking advantage of mobile users looking for information about the vaccines or seeking an appointment to get the jab.

Adware 145

Adware Mobile Banking Antivirus 145

Tech Republic Security

APRIL 23, 2021

Organizations are increasing investments in cybersecurity and their dependence on third parties—even in light of disruptions, according to PwC's Cyber Trust report.

Cybersecurity 185

Cybersecurity 185

Bleeping Computer

APRIL 21, 2021

Linux kernel project maintainers have imposed a ban on the University of Minnesota (UMN) from contributing to the open-source Linux project after a group of UMN researchers were caught submitting a series of malicious code commits, or patches that deliberately introduced security vulnerabilities in the official Linux project. [.].

Software 145

Software 145

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Schneier on Security

APRIL 22, 2021

Excellent New Yorker article on North Korea’s offensive cyber capabilities.

Cybercrime 303

Cybercrime 303

Security Boulevard

APRIL 19, 2021

Here at Tripwire, we, like many others, recently surpassed the one-year anniversary of working from home due to the COVID-19 pandemic. Since March of 2020, we have converted kitchens, spare bedrooms and garages into office spaces. Our pets and children have become our coworkers, and companies are reporting a sudden increase in shirt sales as […]… Read More.

Cybersecurity 145

Cybersecurity Security Awareness 145

Tech Republic Security

APRIL 22, 2021

Security professionals would be well-served with this Linux distribution that offers a wide range of penetration and vulnerability testing tools.

198

198

Security Affairs

APRIL 19, 2021

Avast researchers analyzed the activity of a simple cryptocurrency malware dubbed HackBoss that allowed its operators to earn over $560K. While the value of major cryptocurrencies continues to increase, cybercriminals and malware authors focus their efforts on cryptocurrency miners and malicious code that could empty the wallets of the victims. The antivirus company Avast analyzed the case of a simple malware dubbed HackBoss and how it allowed its operators to earn more $560K worth of cryptocurr

Cryptocurrency 145

Cryptocurrency Hacking Malware Banking 145

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Bleeping Computer

APRIL 23, 2021

Click Studios, the company behind the Passwordstate password manager, notified customers that attackers compromised the app's update mechanism to deliver malware in a supply-chain attack after breaching its networks. [.].

Password Management 145

Password Management Passwords Hacking Malware 145

Security Boulevard

APRIL 18, 2021

Like most technology workforce segments, the cybersecurity diversity issue is a very acute problem: there simply isn’t nearly enough representation of diverse backgrounds in cybersecurity roles, from security operations center (SOC) analysts all the way up through enterprise-level CISOs and board members. Erkang Zheng, founder and CEO of JupiterOne, said the primary issue that comes.

Cybersecurity 145

Cybersecurity CISO Technology 145

Tech Republic Security

APRIL 22, 2021

While the software solutions have made it easier to work from home, they've also made it easier to launch malware.

Software 210

Software Risk Malware 210

The Hacker News

APRIL 20, 2021

An ongoing malvertising campaign tracked as "Tag Barnakle" has been behind the breach of more than 120 ad servers over the past year to sneakily inject code in an attempt to serve malicious advertisements that redirect users to rogue websites, thus exposing victims to scamware or malware.

Internet 145

Internet Internet Advertising Malware 145

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

Bleeping Computer

APRIL 17, 2021

A large BGP routing leak that occurred last night disrupted the connectivity for thousands of major networks and websites around the world. Although the BGP routing leak occurred in Vodafone's autonomous network (AS55410) based in India, it has impacted U.S. companies, including Google, according to sources. [.].

145

145

Security Boulevard

APRIL 20, 2021

As we head deeper into 2021, it’s beginning to feel like there’s a light at the end of the tunnel and we can all take a deep breath. 2020 was a tumultuous year, one marked by a global pandemic, natural disasters and civil unrest. Last year also saw record number cybercrime complaints, with the FBI […]. The post Ransomware 2021 has evolved. Are you keeping up with network security?

Network Security 145

Network Security Ransomware Cybercrime Phishing 145

Tech Republic Security

APRIL 21, 2021

Hackers claim to have infiltrated the networks of Quanta Computer Inc., which makes Macbooks and hardware for HP, Facebook and Google.

Ransomware 189

Ransomware 189

eSecurity Planet

APRIL 23, 2021

Cybersecurity podcasts are an easy way to immerse yourself in the world of SecOps. Depending on your interests, you can catch up on the latest news and hear analysis from experts in the field, or you can take a deep-dive into a major cybersecurity story or concept. The best part? You can listen while doing tasks that require little concentration such as washing dishes or folding laundry.

Cybersecurity 144

Cybersecurity InfoSec Cybercrime Hacking 144

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

Hot for Security

APRIL 23, 2021

Users of Apple products have long loved the ability to wirelessly share files with each other, using AirDrop to transmit files between their iPhones and Macbooks. But researchers at the Technical University of Darmstadt in Germany have discovered that security weaknesses could allow an attacker to obtain a victim’s phone number and even email address.

Wireless 144

Wireless Authentication Data breaches 144

Security Boulevard

APRIL 22, 2021

HackerOne announced today that the portfolio of tools it makes available to white hat hackers is extended now includes a video capture capability that makes it easier to demonstrate how a vulnerability might be exploited. At the same time, the HackerOne platform is making it simpler for cybersecurity teams to directly ingest and incorporate vulnerability.

Cybersecurity 144

Cybersecurity Security Awareness Network Security 144

Tech Republic Security

APRIL 19, 2021

Using Washington State's proposed law as a guide, New York, Texas and many other states are inching their way toward a data privacy law.

Data privacy 166

Data privacy 166

We Live Security

APRIL 20, 2021

The malware sends automated replies to messages on WhatsApp and other major chat apps. The post WhatsApp in pink? Watch out for this fake update appeared first on WeLiveSecurity.

Malware 143

Malware Mobile 143

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity