Dark Reading
NOVEMBER 17, 2022
Researchers find current data protections strategies are failing to get the job done, and IT leaders are concerned, while a lack of qualified IT security talent hampers cyber-defense initiatives.
Schneier on Security
NOVEMBER 17, 2022
Twitter is having intermittent problems with its two-factor authentication system: Not all users are having problems receiving SMS authentication codes, and those who rely on an authenticator app or physical authentication token to secure their Twitter account may not have reason to test the mechanism. But users have been self-reporting issues on Twitter since the weekend, and WIRED confirmed that on at least some accounts, authentication texts are hours delayed or not coming at all.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Krebs on Security
NOVEMBER 17, 2022
Peter is an IT manager for a technology manufacturer that got hit with a Russian ransomware strain called “ Zeppelin ” in May 2020. He’d been on the job less than six months, and because of the way his predecessor architected things, the company’s data backups also were encrypted by Zeppelin. After two weeks of stalling their extortionists, Peter’s bosses were ready to capitulate and pay the ransom demand.
Troy Hunt
NOVEMBER 12, 2022
What a week to pick to be in Canberra. Planned well before things got cyber-crazy in Australia, I spent a few days catching up with folks in our capital and talking to the Australia Federal Police for scam awareness week. That it coincided with the dumping of Medibank customer health records made it an especially interesting time to talk with police, politicians and industry leaders.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Tech Republic Security
NOVEMBER 14, 2022
Next year, cybercriminals will be as busy as ever. Are IT departments ready? The post Top cybersecurity threats for 2023 appeared first on TechRepublic.
Schneier on Security
NOVEMBER 15, 2022
Last month, we were warned not to install Qatar’s World Cup app because it was spyware. This month, it’s Egypt’s COP27 Summit app : The app is being promoted as a tool to help attendees navigate the event. But it risks giving the Egyptian government permission to read users’ emails and messages. Even messages shared via encrypted services like WhatsApp are vulnerable, according to POLITICO’s technical review of the application, and two of the outside experts.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
eSecurity Planet
NOVEMBER 18, 2022
Every IT environment and cybersecurity strategy has vulnerabilities. To avoid damage or loss, organizations need to find and eliminate those vulnerabilities before attackers can exploit them. Some of those vulnerabilities will be found and fixed by vendors, who will provide patches and updates for their products. Other vulnerabilities cannot be patched and will require coordination between IT, cybersecurity, and app developers to protect those exposed vulnerabilities with additional resources th
Tech Republic Security
NOVEMBER 15, 2022
Windows 10 in S mode is an operating system option that prioritizes security and performance. Learn the pros and cons of Windows 10 in S mode here. The post Windows 10 in S mode: Pros and cons appeared first on TechRepublic.
Schneier on Security
NOVEMBER 16, 2022
Computer code developed by a company called Pushwoosh is in about 8,000 Apple and Google smartphone apps. The company pretends to be American when it is actually Russian. According to company documents publicly filed in Russia and reviewed by Reuters, Pushwoosh is headquartered in the Siberian town of Novosibirsk, where it is registered as a software company that also carries out data processing.
Krebs on Security
NOVEMBER 15, 2022
Vyacheslav “Tank” Penchukov , the accused 40-year-old Ukrainian leader of a prolific cybercriminal group that stole tens of millions of dollars from small to mid-sized businesses in the United States and Europe, has been arrested in Switzerland, according to multiple sources. Wanted Ukrainian cybercrime suspect Vyacheslav “Tank” Penchukov (right) was arrested in Geneva, Switzerland.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
eSecurity Planet
NOVEMBER 17, 2022
Public-facing cloud storage buckets are a data privacy nightmare, according to a study released today. Members of Laminar Labs’ research team recently found that one in five public-facing cloud storage buckets contains personally identifiable information (PII) – and the majority of that data isn’t even supposed to be online in the first place.
Tech Republic Security
NOVEMBER 14, 2022
With data breaches on the rise, encryption has never been more important for protecting companies against hackers and cyberattacks. The post Data encryption as a crucial step to manage data access and security appeared first on TechRepublic.
Schneier on Security
NOVEMBER 18, 2022
Time-triggered Ethernet (TTE) is used in spacecraft, basically to use the same hardware to process traffic with different timing and criticality. Researchers have defeated it : On Tuesday, researchers published findings that, for the first time, break TTE’s isolation guarantees. The result is PCspooF, an attack that allows a single non-critical device connected to a single plane to disrupt synchronization and communication between TTE devices on all planes.
Security Affairs
NOVEMBER 16, 2022
Researchers at cybersecurity firm Rapid7 have identified several vulnerabilities and other potential security issues affecting F5 products. Rapid7 researchers discovered several vulnerabilities in F5 BIG-IP and BIG-IQ devices running a customized distribution of CentOS. The experts also discovered several bypasses of security controls that the security vendor F5 does not recognize as exploitable vulnerabilities.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
We Live Security
NOVEMBER 18, 2022
Both Tor and a VPN can greatly help you keep prying eyes away from your online life, but they’re also two very different beasts. Which is better for you? The post Tor vs. VPN: Which should you choose? appeared first on WeLiveSecurity.
Tech Republic Security
NOVEMBER 16, 2022
Prevent cybercriminals from stealing your identity by acting on this great deal for IDX, which will monitor the Dark Web, your social media accounts and more for suspicious activity and help you recover your identity, if needed. The post Get elite identity theft protection from a top-rated provider appeared first on TechRepublic.
Schneier on Security
NOVEMBER 14, 2022
The International Committee of the Red Cross wants some digital equivalent to the iconic red cross, to alert would-be hackers that they are accessing a medical network. The emblem wouldn’t provide technical cybersecurity protection to hospitals, Red Cross infrastructure or other medical providers, but it would signal to hackers that a cyberattack on those protected networks during an armed conflict would violate international humanitarian law, experts say, Tilman Rodenhäuser, a legal adviser to
eSecurity Planet
NOVEMBER 18, 2022
John Jay Ray III is one of the world’s top bankruptcy lawyers. He has worked on cases like Enron and Nortel. But his latest gig appears to be the most challenging. On November 11, he took the helm at FTX, a massive crypto platform, which has plunged into insolvency. His Chapter 11 filing reads more like a Netflix script. In it, he notes : “Never in my career have I seen such a complete failure of corporate controls and such a complete absence of trustworthy financial information as occurred here
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
CyberSecurity Insiders
NOVEMBER 14, 2022
We’re all aware that cybercrime is everywhere. FUD to the max. When things become commonplace, we start to become numb to the news. We are no longer surprised or shocked that these things happen, or who they happen to. There is no instruction manual to perfect security. All businesses run differently and no product is impenetrable. Plus, humans work at our companies.
Tech Republic Security
NOVEMBER 14, 2022
TechRepublic readers can get this tiny mesh router that blocks security threats for only $79. The post Get instant malware filtering with Gryphon Guardian appeared first on TechRepublic.
Graham Cluley
NOVEMBER 15, 2022
Twitter is in chaos. I'd rather delete my Direct Messages one-by-one than one day find that they are in the hands of a hacker or a disgruntled Twitter employee who goes rogue.
We Live Security
NOVEMBER 14, 2022
An overview of the activities of selected APT groups investigated and analyzed by ESET Research in T2 2022. The post ESET APT Activity Report T2 2022 appeared first on WeLiveSecurity.
Advertisement
Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.
Bleeping Computer
NOVEMBER 17, 2022
Microsoft has released optional out-of-band (OOB) updates to fix a known issue triggering Kerberos sign-in failures and other authentication problems on enterprise Windows domain controllers after installing cumulative updates released during November's Patch Tuesday. [.].
SecureList
NOVEMBER 15, 2022
Introduction. DTrack is a backdoor used by the Lazarus group. Initially discovered in 2019 , the backdoor remains in use three years later. It is used by the Lazarus group against a wide variety of targets. For example, we’ve seen it being used in financial environments where ATMs were breached, in attacks on a nuclear power plant and also in targeted ransomware attacks.
Security Boulevard
NOVEMBER 16, 2022
Privacy on social media has taken a hit this month, which should surprise no one. Just days after Elon Musk took over Twitter, the platform’s chief privacy officer resigned, as did others germane to the company’s safety and security. That was on the heels of reports that TikTok’s privacy policy shows that Chinese staff can. The post Privacy Hits a Low at TikTok, Twitter appeared first on Security Boulevard.
Graham Cluley
NOVEMBER 15, 2022
Healthcare organisations in the United States are being warned to be on their guard once again, this time against a family of ransomware known as Venus. Read more in my article on the Tripwire State of Security blog.
Advertisement
Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!
CyberSecurity Insiders
NOVEMBER 15, 2022
By Kathy Quashie, Chief Growth Officer at Capita . It’s well known that cracks are beginning to show in the workforce of today. Demand for digital skills, permeating each and every industry, is not being met with supply. This digital skills gap is harming UK productivity – and will continue to do so until it is addressed by employers up and down the country.
Security Affairs
NOVEMBER 17, 2022
Public schools in two Michigan counties were forced to halt their activities, including the lessons, after a ransomware attack. Public schools in Jackson and Hillsdale counties, Michigan, reopen after a closure of two days caused by a ransomware attack that hit its systems. The public schools started experiencing a systems outage affecting critical operating systems on Monday, the outage occurred because they were victims of a ransomware attack detected over the weekend.
We Live Security
NOVEMBER 16, 2022
The convenience with which you manage all your financial wants and needs may come at a cost. The post Open banking: Tell me what you buy, and I’ll tell you who you are appeared first on WeLiveSecurity.
eSecurity Planet
NOVEMBER 17, 2022
Speakers at last week’s MITRE ResilienCyCon conference had a surprisingly candid message for attendees: You will likely be breached at some point so focus on the controls and response capabilities your organization needs to survive a cyber attack. The conference’s focus on cyber resilience doesn’t mean that organizations should abandon core security defenses like EDR , access control and firewalls , but they should be prepared for the advanced threats that will, at some point,
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Expert insights. Personalized for you.
129 
Let's personalize your content