Tech Republic Security

APRIL 27, 2021

Two email campaigns discovered by Armorblox impersonated Chase in an attempt to steal login credentials.

Banking 216

Banking Phishing 216

Threatpost

APRIL 29, 2021

The perp faces jail time, but the incident highlights the growing cyber-abuse of QR codes.

Mobile 102

Mobile Malware 102

Schneier on Security

APRIL 26, 2021

If you don’t have enough to worry about already, consider a world where AIs are hackers. Hacking is as old as humanity. We are creative problem solvers. We exploit loopholes, manipulate systems, and strive for more influence, power, and wealth. To date, hacking has exclusively been a human activity. Not for long. As I lay out in a report I just published , artificial intelligence will eventually find vulnerabilities in all sorts of social, economic, and political systems, and then exploit

Hacking 362

Hacking Artificial Intelligence Government Engineering 362

Krebs on Security

APRIL 28, 2021

Big-three consumer credit bureau Experian just fixed a weakness with a partner website that let anyone look up the credit score of tens of millions of Americans just by supplying their name and mailing address, KrebsOnSecurity has learned. Experian says it has plugged the data leak, but the researcher who reported the finding says he fears the same weakness may be present at countless other lending websites that work with the credit bureau.

Insurance 361

Insurance Identity Theft Accountability Technology 361

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Troy Hunt

APRIL 29, 2021

Today I'm very happy to announce the arrival of the 15th government to Have I Been Pwned, Romania. As of now, CERT-RO has access to query all Romanian government domains across HIBP and subscribe them for future notifications when subsequent data breaches affect aliases on those domains. Romania joins a steadily growing number of governments across the globe to have free and unrestricted access to API-based domain searches for their assets in HIBP.

Government 357

Government Data breaches 357

Tech Republic Security

APRIL 26, 2021

A former IT pro turned end user explains why blending your work and personal tech was, is and always will be a bad idea for you and your employer.

207

207

Krebs on Security

APRIL 26, 2021

In 2017, KrebsOnSecurity showed how easy it is for identity thieves to undo a consumer’s request to freeze their credit file at Experian , one of the big three consumer credit bureaus in the United States. Last week, KrebsOnSecurity heard from a reader who had his freeze thawed without authorization through Experian’s website, and it reminded me of how truly broken authentication and security remains in the credit bureau space.

Authentication 339

Authentication Accountability Identity Theft Account Security 339

Troy Hunt

APRIL 26, 2021

Earlier this year, the FBI in partnership with the Dutch National High Technical Crimes Unit (NHTCU), German Federal Criminal Police Office (BKA) and other international law enforcement agencies brought down what Europol rereferred to as the world's most dangerous malware: Emotet. This strain of malware dates back as far as 2014 and it became a gateway into infected machines for other strains of malware ranging from banking trojans to credential stealers to ransomware.

Malware 344

Malware Passwords Banking Password Management 344

Tech Republic Security

APRIL 28, 2021

Palo Alto Networks' cloud-native security suite is getting a bundle of new features to automate VM security and add malware protection to CI/CD workflows, among others.

Malware 157

Malware 157

Schneier on Security

APRIL 30, 2021

Apple just patched a MacOS vulnerability that bypassed malware checks. The flaw is akin to a front entrance that’s barred and bolted effectively, but with a cat door at the bottom that you can easily toss a bomb through. Apple mistakenly assumed that applications will always have certain specific attributes. Owens discovered that if he made an application that was really just a script—code that tells another program what do rather than doing it itself—and didn’t include a standard ap

Internet 307

Internet Internet Malware 307

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Hot for Security

APRIL 30, 2021

DigitalOcean, the popular cloud-hosting provider, has told some of its customers that their billing details were exposed due to what it described as a “flaw.” In an email sent out to affected users, DigitalOcean explained that an unauthorised party had managed to exploit the flaw to gain access to billing information between April 9 and April 22, 2021.

Data breaches 145

Data breaches Banking Accountability 145

Security Boulevard

APRIL 29, 2021

Neurodiversity, the term for the range of differences in individual brain function and behavioral traits, with regard to sociability, learning, attention, mood and other mental functions in a non-pathological sense, is important to foster in any industry, but the security space in particular has always welcomed a range of neurodiverse groups. Whether professionals are diagnosed.

Cybersecurity 145

Cybersecurity 145

Tech Republic Security

APRIL 28, 2021

The phishing emails use a Microsoft logo within an HTML table, which is not analyzed by security programs, says Inky.

Phishing 189

Phishing 189

Schneier on Security

APRIL 29, 2021

In this entertaining story of French serial criminal Rédoine Faïd and his jailbreaking ways, there’s this bit about cell phone surveillance: After Faïd’s helicopter breakout, 3,000 police officers took part in the manhunt. According to the 2019 documentary La Traque de Rédoine Faïd , detective units scoured records of cell phones used during his escape, isolating a handful of numbers active at the time that went silent shortly thereafter.

Surveillance 253

Surveillance 253

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

CyberSecurity Insiders

APRIL 28, 2021

Cancer treatment services across the United States have taken a big hit as a cyber attack is said to have disrupted the software services operating in the High-tech radiation machines used to treat the malign disease. Elekta is the company in discussion that was hit by a cyber attack and as it supplies software meant to operate radiation treatment systems, most of the medical treatments were cancelled or postponed across North America.

Cyber Attacks 145

Cyber Attacks Healthcare Data privacy Software 145

Graham Cluley

APRIL 28, 2021

Apple has released a brand new update for its macOS Big Sur operating system, and you really should install it. Amongst other fixes, Big Sur 11.3 patches a zero-day vulnerability that could allow an attacker to craft malicious payloads that will not be checked by Gatekeeper, the security check built into Apple's operating system that is supposed to block the execution of software from untrusted sources.

Malware 145

Malware Software 145

Tech Republic Security

APRIL 27, 2021

The spyware tries to steal passwords and other sensitive data and accesses your contact list, warns the U.K.'s National Cyber Security Centre.

Spyware 156

Spyware Passwords 156

Security Boulevard

APRIL 27, 2021

Research that’s done on malicious breaches of data presents a unique conundrum for the security professionals who are doing the investigating: should access to sets of breached raw data become available to public users and, if so, how? In light of the pandemic, the acceleration toward location-distributed work has the potential to raise similar questions.

Data breaches 145

Data breaches Security Awareness Risk Government 145

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Security Affairs

APRIL 24, 2021

The cybersecurity community has lost its star, the popular hacker Dan Kaminsky has passed away. The popular cyber security researcher Dan Kaminsky (42) has passed away. Dan is a star, a myth, and a beacon for us. At the moment the causes of death are not known, but it does not matter. Dan has left us an immense emptiness, the silence after his death is deafening.

Cybersecurity 145

Cybersecurity InfoSec DNS Hacking 145

Graham Cluley

APRIL 28, 2021

Police in South Australia have arrested a man for allegedly tampering with Covid-19 QR codes, replacing them with fake codes that could take the public to anti-vaxxer websites.

144

144

The Hacker News

APRIL 29, 2021

Hackers are scanning the internet for weaknesses all the time, and if you don't want your organization to fall victim, you need to be the first to find these weak spots. In other words, you have to adopt a proactive approach to managing your vulnerabilities, and a crucial first step in achieving this is performing a vulnerability assessment.

Internet 145

Internet Internet 145

Security Boulevard

APRIL 28, 2021

All business industries have seen increasing pressure to digitize their services in recent years, particularly over the past 12 months in response to COVID-19. But few industries have felt this pressure more than the financial sector, where customers have grown to expect high-quality digital services, particularly since so many financial organizations are unable to provide.

Financial Services 145

Financial Services Risk Government Cybersecurity 145

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

CyberSecurity Insiders

APRIL 30, 2021

By Thomas Hazel. Is your organization prepared to mitigate Distributed Denial of Service (DDoS) attacks against mission-critical cloud-based applications? A DDoS attack is a cyber attack that uses bots to flood the targeted server or application with junk traffic, exhausting its resources and disrupting service for real human users. DDoS attacks are on the rise, with over 4.83 million attacks reported in the first half of 2020 – an increase of more than 250% compared to the same period i

DDOS 144

DDOS Cyber Attacks DNS Threat Detection 144

Security Affairs

APRIL 26, 2021

Apple addresses a zero-day in macOS exploited by Shlayer malware to bypass Apple’s security features and deliver second-stage malicious payloads. Apple has addressed a zero-day flaw in macOS that was exploited by Shlayer malware to bypass Apple’s File Quarantine, Gatekeeper, and Notarization security checks and download second-stage malicious payloads.

Malware 145

Malware Software Engineering Hacking 145

Bleeping Computer

APRIL 28, 2021

A recently discovered Linux malware with backdoor capabilities has flown under the radar for years, allowing attackers to harvest and exfiltrate sensitive information from compromised devices. [.].

Malware 144

Malware 144

Security Boulevard

APRIL 29, 2021

One of our memes was reposted by The Cyber Security Hub, an infosec community with greater than 1 million (yes, it’s MILLION) followers on LinkedIn. The meme (see below) was on the topic of cybersecurity budgets and it was our tongue-in-cheek way to start a discussion. But we were blown away by the response it …. Read More. The post The Infosec Meme That Touched a Raw Nerve appeared first on Security Boulevard.

InfoSec 145

InfoSec Cybersecurity CISO 145

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

CyberSecurity Insiders

APRIL 28, 2021

This blog was written by an independent guest blogger. On December 8, 2020, Kubernetes released version 1.20—the third and final release of the popular container orchestration platform in 2020. Kubernetes noted in a blog post that the version contained 42 enhancements. Of those enhancements, 16 entered into alpha, while the remainder moved to beta or graduated to stable at 15 and 11, respectively.

Cybersecurity 144

Cybersecurity Cyber threats 144

CSO Magazine

APRIL 29, 2021

The adoption of edge computing and cloud infrastructure over the past decade combined with the recent surge in remote work, have seriously challenged traditional network architectures and security models. Large enterprises have been better able to adapt to this new reality, having access to larger IT budgets and skilled employees, but small and medium-sized businesses are struggling to keep up with the access control, monitoring and threat detection technologies needed to defend their local and

Architecture 143

Architecture Threat Detection Technology 143

Bleeping Computer

APRIL 30, 2021

Hackers suspected to work for the Chinese government have used a new malware called PortDoor to infiltrate the systems of an engineering company that designs submarines for the Russian Navy. [.].

Engineering 142

Engineering Government Malware 142

Security Boulevard

APRIL 29, 2021

Over six months on, the Schrems II verdict is proving to be a difficult obstacle for many businesses when it comes to data management. Find out why here. The post What is Schrems II and how does it affect your data protection in 2021? appeared first on Security Boulevard.

Data privacy 142

Data privacy Risk Government Cybersecurity 142

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity