Schneier on Security

JUNE 17, 2022

We’ve always known that phones—and the people carrying them—can be uniquely identified from their Bluetooth signatures, and that we need security techniques to prevent that. This new research shows that that’s not enough. Computer scientists at the University of California San Diego proved in a study published May 24 that minute imperfections in phones caused during manufacturing create a unique Bluetooth beacon , one that establishes a digital signature or fingerprint di

Manufacturing 323

Manufacturing Technology 323

Krebs on Security

JUNE 14, 2022

Cybercrime groups that specialize in stealing corporate data and demanding a ransom not to publish it have tried countless approaches to shaming their victims into paying. The latest innovation in ratcheting up the heat comes from the ALPHV/BlackCat ransomware group, which has traditionally published any stolen victim data on the Dark Web. Today, however, the group began publishing individual victim websites on the public Internet, with the leaked data made available in an easily searchable form

Ransomware 273

Ransomware Internet Internet Cybercrime 273

Anton on Security

JUNE 17, 2022

Originally written for a new Chronicle blog. As security orchestration, automation and response (SOAR) adoption continues at a rapid pace , security operations teams have a greater need for a structured planning approach. My favorite approach has been a maturity model, vaguely modeled on the CMM approach. For example, in my analyst days, I built a maturity model for a SOC (2018) , a SIEM deployment (2018) and vulnerability management (2017).

Architecture 246

Architecture Technology Phishing 246

The Last Watchdog

JUNE 13, 2022

At the start of this year, analysts identified a number of trends driving the growth of cybersecurity. Among them: an expanding digital footprint, growing attack surfaces, and increasing government regulation. Related: Taking API proliferation seriously. Last year saw an unprecedented $21.8 billion in venture capital poured into cybersecurity companies globally.

Cybersecurity 257

Cybersecurity Artificial Intelligence Software Marketing 257

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Schneier on Security

JUNE 16, 2022

Interesting research: “ Sponge Examples: Energy-Latency Attacks on Neural Networks “: Abstract: The high energy costs of neural network training and inference led to the use of acceleration hardware such as GPUs and TPUs. While such devices enable us to train large-scale neural networks in datacenters and deploy them on edge devices, their designers’ focus so far is on average-case performance.

323

323

Krebs on Security

JUNE 15, 2022

Microsoft on Tuesday released software updates to fix 60 security vulnerabilities in its Windows operating systems and other software, including a zero-day flaw in all supported Microsoft Office versions on all flavors of Windows that’s seen active exploitation for at least two months now. On a lighter note, Microsoft is officially retiring its Internet Explorer (IE) web browser, which turns 27 years old this year.

Architecture 259

Architecture Internet Internet Software 259

Tech Republic Security

JUNE 16, 2022

Proofpoint says the piece of functionality allows ransomware to encrypt files stored on Microsoft SharePoint and OneDrive. The post ‘Potentially dangerous’ Office 365 flaw discovered appeared first on TechRepublic.

Encryption 197

Encryption Ransomware 197

Schneier on Security

JUNE 15, 2022

This is a new vulnerability against Apple’s M1 chip. Researchers say that it is unpatchable. Researchers from MIT’s Computer Science and Artificial Intelligence Laboratory, however, have created a novel hardware attack, which combines memory corruption and speculative execution attacks to sidestep the security feature. The attack shows that pointer authentication can be defeated without leaving a trace, and as it utilizes a hardware mechanism, no software patch can fix it.

Artificial Intelligence 257

Artificial Intelligence Authentication Software Malware 257

eSecurity Planet

JUNE 16, 2022

A cyberattack is any action taken by a cyber criminal in an attempt to illegally gain control of a computer, device, network, or system with malicious intent. Cyber criminals may damage, destroy, steal, encrypt, expose, or leak data as well as cause harm to a system. Cyberattacks are on the rise, with cyber criminal trends and techniques becoming increasingly sophisticated and creative.

Backups 145

Backups Ransomware Firewall Malware 145

Security Affairs

JUNE 11, 2022

Iran-linked Lyceum APT group uses a new.NET-based DNS backdoor to target organizations in the energy and telecommunication sectors. The Iran-linked Lyceum APT group, aka Hexane or Spilrin, used a new.NET-based DNS backdoor in a campaign aimed at companies in the energy and telecommunication sectors, ZScaler researchers warn. The activity of the Lyceum APT group was first documented earlier in August 2019 by researchers at ICS security firm Dragos which tracked it as Hexane.

DNS 145

DNS Telecommunications Malware Phishing 145

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Tech Republic Security

JUNE 17, 2022

In this step-by-step guide, learn how to enable the backup feature within the two-factor authentication application Authy. The post How to back up your Authy app appeared first on TechRepublic.

Backups 158

Backups Authentication Software Mobile 158

Schneier on Security

JUNE 14, 2022

Interesting vulnerability in Tesla’s NFC key cards: Martin Herfurt, a security researcher in Austria, quickly noticed something odd about the new feature: Not only did it allow the car to automatically start within 130 seconds of being unlocked with the NFC card, but it also put the car in a state to accept entirely new keys­with no authentication required and zero indication given by the in-car display. “The authorization given in the 130-second interval is too general… [it

Hacking 245

Hacking Authentication 245

Security Boulevard

JUNE 16, 2022

A survey published today suggests there is a disconnect between the perceived and actual level of security being applied to application programming interfaces (APIs). The survey polled 203 IT professionals in Europe, Asia and North America from organizations with more than 1,000 employees and was conducted by Enterprise Management Associates (EMA) on behalf of Radware, The post Radware Survey Reveals API Security Weaknesses appeared first on Security Boulevard.

Security Awareness 144

Security Awareness Malware Cybersecurity 144

CyberSecurity Insiders

JUNE 12, 2022

by Troye technical director Kurt Goodall. Businesses need to deliver apps with high reliability, deep visibility, and security across any network and cloud. They need to ensure that their workforce, whether in the office, at a branch or any remote business location, have uninterrupted access to all their applications from any device. Traditional networking and infrastructure solutions continue to pose challenges, as they may lack the necessary automation and visibility, present availability issu

Architecture 139

Architecture Firewall Encryption Authentication 139

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Tech Republic Security

JUNE 17, 2022

Is your VPN connected but not working? Learn four of the biggest trouble areas with VPN connections and how you can fix them today. The post How to fix the four biggest problems with failed VPN connections appeared first on TechRepublic.

VPN 158

VPN Network Security 158

We Live Security

JUNE 16, 2022

Emotet malware is back with ferocious vigor, according to ESET telemetry in the first four months of 2022. Will it survive the ever-tightening controls on macro-enabled documents? The post How Emotet is changing tactics in response to Microsoft’s tightening of Office macro security appeared first on WeLiveSecurity.

Malware 138

Malware 138

Security Boulevard

JUNE 16, 2022

Cybersecurity has been changing rapidly over the past couple of years, due in no small part to the COVID-19 pandemic. In response, organizations have digitized at an unprecedented rate and, in the process, created new opportunities for cybersecurity shortfalls. Here are four trends that, in addition to the anticipated rise in ransomware, should affect how.

Cybersecurity 141

Cybersecurity Ransomware Risk Government 141

CyberSecurity Insiders

JUNE 15, 2022

According to a study conducted by Blake, Cassels Graydon LLP, most of the cyber attacks that were targeted on Canadian companies were of ransomware genre and alarmingly there was an increase in frequency and complexity of attacks. Coming to ransomware payments, there was a 25% increase in such attacks exceeding USD $1 million on average. From now on, Canadian businesses will be required to report any kind of digital assaults within 72 hours under a new law introduced early this week.

Cyber Attacks 138

Cyber Attacks Ransomware Encryption Malware 138

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Tech Republic Security

JUNE 14, 2022

Most IT leaders are worried about passwords being stolen at their organization, according to a survey from Ping Identity. The post Half of IT leaders say passwords too weak for security purposes appeared first on TechRepublic.

Passwords 153

Passwords 153

Bleeping Computer

JUNE 12, 2022

Cybersecurity researchers report increased activity of the Hello XD ransomware, whose operators are now deploying an upgraded sample featuring stronger encryption. [.].

Encryption 141

Encryption Ransomware Cybersecurity 141

Security Boulevard

JUNE 17, 2022

A study shows many U.S. hospitals are leaking personal information to Facebook. Experts say it’s a HIPAA violation. The post HIPAA FAIL: ~33% of Hospital Websites Send PII to Facebook appeared first on Security Boulevard.

Accountability 136

Accountability Healthcare Risk Government 136

Security Affairs

JUNE 17, 2022

China-linked threat actors exploited the zero-day flaw CVE-2022-1040 in Sophos Firewall weeks before it was fixed by the security vendor. Volexity researchers discovered that the zero-day vulnerability, tracked as CVE-2022-1040 , in Sophos Firewall was exploited by Chinese threat actors to compromise a company and cloud-hosted web servers it was operating.

Firewall 144

Firewall DNS Authentication Malware 144

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

Tech Republic Security

JUNE 13, 2022

Threat actors originating from the People's Republic of China are exploiting known vulnerabilities to build a broad network infrastructure of compromised machines worldwide. Learn more about how to protect yourself from this threat. The post State-sponsored Chinese threat actors compromise telecommunications and network services providers appeared first on TechRepublic.

Telecommunications 153

Telecommunications 153

Bleeping Computer

JUNE 12, 2022

A new Google Chrome browser extension called Vytal prevents webpages from using programming APIs to find your geographic location leaked, even when using a VPN. [.].

VPN 142

VPN 142

Security Boulevard

JUNE 16, 2022

2022 has proved to be the year where it’s impossible to negate the consequences of a data breach. Data breaches have the potential to destroy businesses. A small company can shut down all operations within six months of a breach. Larger companies can withstand the pinch, but not without a hefty cost. Even multinationals can […]. The post What are the Consequences of a Data Breach?

Data breaches 136

Data breaches 136

The Hacker News

JUNE 16, 2022

For years, the two most popular methods for internal scanning: agent-based and network-based were considered to be about equal in value, each bringing its own strengths to bear. However, with remote working now the norm in most if not all workplaces, it feels a lot more like agent-based scanning is a must, while network-based scanning is an optional extra.

135

135

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

Tech Republic Security

JUNE 16, 2022

System Mechanic Ultimate Defense is a Windows utility intended to optimize system performance, secure the OS and user data/credentials and perform data recovery services. Learn more about how it works and how the features rate. The post Review: System Mechanic Ultimate Defense appeared first on TechRepublic.

Software 148

Software 148

The State of Security

JUNE 16, 2022

Law enforcement agencies around the world appear to have scored a major victory in the fight against fraudsters, in an operation which has seized tens of millions of dollars and seen more than 2000 people arrested. Read more in my article on the Tripwire State of Security blog.

Social Engineering 135

Social Engineering Scams Engineering 135

Heimadal Security

JUNE 15, 2022

Last month, security specialists found adware and info-stealing malware on the Google Play Store, with at least five threats still obtainable and with more than 2 million downloads. Adware infections showing unsolicited ads degrade the user experience, use up the battery, generate heat, and can even lead to fraudulent transactions. This software typically attempts to […].

Adware 135

Adware Malware Software Cybersecurity 135

Graham Cluley

JUNE 17, 2022

A critical vulnerability in a WordPress plugin used on over one million websites has been patched, after evidence emerged that malicious hackers were actively exploited in the wild.

133

133

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity