Schneier on Security

NOVEMBER 22, 2021

I have long been annoyed that the word “crypto” has been co-opted by the blockchain people, and no longer refers to “cryptography.” I’m not the only one.

Cryptocurrency 329

Cryptocurrency 329

Lohrman on Security

NOVEMBER 21, 2021

As global travel returns, airline rules, checks and tests are hard to track. But get ready for more as travel returns for the holidays and 2022. Here’s the latest.

317

317

Krebs on Security

NOVEMBER 22, 2021

In August, KrebsOnSecurity warned that scammers were contacting people and asking them to unleash ransomware inside their employer’s network, in exchange for a percentage of any ransom amount paid by the victim company. This week, authorities in Nigeria arrested a suspect in connection with the scheme — a young man who said he was trying to save up money to help fund a new social network.

Scams 289

Scams Cybercrime Banking Identity Theft 289

The Last Watchdog

NOVEMBER 22, 2021

More Americans than ever are working remotely and seeking out entertainment online, and this increase of internet activity has fueled a dramatic spike in cybercrime. With so much critical data now stored in the cloud, how can people protect their accounts? Related: Training human sensors. Until biometrics or a quantum solution change our everyday approach to encryption, passwords remain our first line of defense against data breaches, hackers, and thieves.

Passwords 244

Passwords Password Management Accountability Data breaches 244

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Schneier on Security

NOVEMBER 24, 2021

Piling more on NSO Group’s legal troubles, Apple is suing it : The complaint provides new information on how NSO Group infected victims’ devices with its Pegasus spyware. To prevent further abuse and harm to its users, Apple is also seeking a permanent injunction to ban NSO Group from using any Apple software, services, or devices. NSO Group’s Pegasus spyware is favored by totalitarian governments around the world, who use it to hack Apple phones and computers.

Spyware 315

Spyware Hacking Government Malware 315

Tech Republic Security

NOVEMBER 23, 2021

Third-party app trackers have become a real problem on Android, and DuckDuckGo is doing something about it. Find out why Jack Wallen believes this is the browser you need to use.

218

218

Bleeping Computer

NOVEMBER 26, 2021

Interpol has coordinated the arrest of 1,003 individuals linked to various cyber-crimes such as romance scams, investment frauds, online money laundering, and illegal online gambling. [.].

Scams 145

Scams 145

Schneier on Security

NOVEMBER 26, 2021

Following California’s lead, a new UK law would ban default passwords in IoT devices.

Passwords 291

Passwords IoT 291

Tech Republic Security

NOVEMBER 23, 2021

Though the feds haven't identified any specific known threats, criminals are prone to strike when key employees are traveling or spending time with family and friends.

Government 216

Government Ransomware 216

Security Boulevard

NOVEMBER 23, 2021

Although the vast majority of businesses are making multi-cloud a strategic priority in 2022 and keeping security top-of-mind, many feel they lack the tools and skills needed to execute on these plans. In fact, additional security complexities have prevented IT leaders from moving to multiple cloud platforms, even though the majority of organizations know that.

Cybersecurity 145

Cybersecurity Network Security 145

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Bleeping Computer

NOVEMBER 22, 2021

GoDaddy said in a data breach notification published today that the data of up to 1.2 million of its customers was exposed after hackers gained access to the company's Managed WordPress hosting environment. [.].

Data breaches 145

Data breaches Hacking 145

The Hacker News

NOVEMBER 22, 2021

Weaknesses in e-commerce portals are being exploited to deploy a Linux backdoor as well as a credit card skimmer that's capable of stealing payment information from compromised websites. "The attacker started with automated e-commerce attack probes, testing for dozens of weaknesses in common online store platforms," researchers from Sansec Threat Research said in an analysis.

eCommerce 145

eCommerce Malware 145

Tech Republic Security

NOVEMBER 22, 2021

Despite nearly unanimous agreement, there's still a lack of clarity on who is accountable for security incidents and whether previous security investments have paid off, a Gartner survey finds.

Risk 209

Risk Cybersecurity Accountability 209

We Live Security

NOVEMBER 22, 2021

Receiving a breach notification doesn’t mean you’re doomed – here’s what you should consider doing in the hours and days after learning that your personal data has been exposed. The post What to do if you receive a data breach notice appeared first on WeLiveSecurity.

Data breaches 145

Data breaches 145

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Bleeping Computer

NOVEMBER 22, 2021

A security researcher has publicly disclosed an exploit for a new Windows zero-day local privilege elevation vulnerability that gives admin privileges in Windows 10, Windows 11, and Windows Server. [.].

145

145

Security Affairs

NOVEMBER 26, 2021

Resecurity researchers found a zero-day vulnerability in the TP-Link enterprise device with model number TL-XVR1800L. Resecurity, a Los Angeles-based cybersecurity company has identified an active a zero-day vulnerability in the TP-Link device with model number TL-XVR1800L (Enterprise AX1800 Dual Band Gigabit Wi-Fi 6 Wireless VPN Router), which is primarily suited to enterprises.

IoT 145

IoT Wireless DDOS VPN 145

Tech Republic Security

NOVEMBER 22, 2021

The hosting company has revealed a security incident that exposed the email addresses and customer numbers of 1.2 million Managed WordPress customers.

215

215

Malwarebytes

NOVEMBER 24, 2021

Gamers are a hot target for scammers, especially in the run up to Christmas. Major games are released throughout the last few months of any year, and the FOMO (fear of missing out) is strong. Especially if said titles offer pre-order exclusive bonuses, or deals and discounts for a few weeks after the game launches. There’s a lot of big titles hitting digital storefronts at the moment.

Malware 144

Malware Scams Passwords Cryptocurrency 144

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Bleeping Computer

NOVEMBER 20, 2021

Threat actors are hacking Microsoft Exchange servers using ProxyShell and ProxyLogon exploits to distribute malware and bypass detection using stolen internal reply-chain emails. [.].

Hacking 145

Hacking Malware 145

Security Affairs

NOVEMBER 21, 2021

A malware campaign aimed at Microsoft Exchange servers exploits ProxyShell and ProxyLogon issues and uses stolen internal reply-chain emails. A malware campaign aimed at Microsoft Exchange servers exploits ProxyShell and ProxyLogon issues and uses stolen internal reply-chain emails to avoid detection. The campaign was uncovered by TrendMicro researchers that detailed the technique used to trick victims opening the malicious email used as the attack vector.

Malware 144

Malware Hacking Cybercrime Information Security 144

Tech Republic Security

NOVEMBER 22, 2021

When you don't want to give out your personal or work email address, but still need to sign up for an account, Mozilla might have an answer for you with Firefox Relay.

Accountability 201

Accountability 201

CyberSecurity Insiders

NOVEMBER 23, 2021

The digital operations of the multinational company Bureau Veritas(BV) was brought to a halt when hackers launched a cyber attack on the IT infrastructure of the company that offers lab testing, inspection and certification services. In what is known to our Cybersecurity insiders, the security breach occurred on November 20 of this year and the company took down the servers and data offline in order to prevent any untoward incident such as data leak in the future.

Cyber Attacks 143

Cyber Attacks Artificial Intelligence Encryption Manufacturing 143

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

Bleeping Computer

NOVEMBER 21, 2021

The Securities and Exchange Commission (SEC) has warned US investors of scammers impersonating SEC officials in government impersonator schemes via phone calls, voicemails, emails, and letters. [.].

Government 144

Government 144

Security Affairs

NOVEMBER 21, 2021

Researchers discovered 11 malicious Python packages in the PyPI repository that can steal Discord access tokens, passwords, and conduct attacks. JFrog researchers have discovered 11 malicious Python packages in the Python Package Index (PyPI) repository that can steal Discord access tokens, passwords, and even carry out dependency confusion attacks.

DNS 145

DNS Passwords Malware Hacking 145

Tech Republic Security

NOVEMBER 24, 2021

Safari is a good browser, but it could be better. Unfortunately, one area that requires improvement is the un-Mac-ifying of the privacy settings. Find out what Jack Wallen means by this.

186

186

We Live Security

NOVEMBER 25, 2021

‘Tis the season to avoid getting played by scammers hijacking Twitter accounts and promoting fake offers for PlayStation 5 consoles and other red-hot products. The post The triangle of holiday shopping: Scams, social media and supply chain woes appeared first on WeLiveSecurity.

Scams 143

Scams Media Accountability 143

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

Malwarebytes

NOVEMBER 23, 2021

Domain name registrar giant and hosting provider GoDaddy yesterday disclosed to the Securities and Exchange Commission (SEC) that it had suffered a security breach. In the notice, it explained it had been compromised via an “unauthorized third-party access to our Managed WordPress hosting environment.” The unknown culprit behind the attack stole up to 1.2 million active and inactive customer data, including email addresses, original WordPress admin passwords, Secure File Transfer Pro

Passwords 143

Passwords Accountability CISO Banking 143

The Hacker News

NOVEMBER 26, 2021

Researchers have unearthed a new remote access trojan (RAT) for Linux that employs a never-before-seen stealth technique that involves masking its malicious actions by scheduling them for execution on February 31st, a non-existent calendar day.

Malware 141

Malware 141

Tech Republic Security

NOVEMBER 23, 2021

Proofpoint finds that bad actors are using SMS messages about package deliveries as the bait in new scams.

Scams 214

Scams 214

Security Boulevard

NOVEMBER 22, 2021

BSIMM12 reports increased attention on software security due to recent supply chain disruptions. Get recommendations for managing supply chain risks. The post Effective software security activities for managing supply chain risks appeared first on Software Integrity Blog. The post Effective software security activities for managing supply chain risks appeared first on Security Boulevard.

Software 141

Software Risk 141

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity