Schneier on Security
JULY 28, 2022
Kaspersky is reporting on a new UFEI rootkit that survives reinstalling the operating system and replacing the hard drive. From an article : The firmware compromises the UEFI, the low-level and highly opaque chain of firmware required to boot up nearly every modern computer. As the software that bridges a PC’s device firmware with its operating system, the UEFI—short for Unified Extensible Firmware Interface—is an OS in its own right.
Krebs on Security
JULY 29, 2022
The 911 service as it existed until July 28, 2022. 911[.]re, a proxy service that since 2015 has sold access to hundreds of thousands of Microsoft Windows computers daily, announced this week that it is shutting down in the wake of a data breach that destroyed key components of its business operations. The abrupt closure comes ten days after KrebsOnSecurity published an in-depth look at 911 and its connections to shady pay-per-install affiliate programs that secretly bundled 911’s proxy so
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Lohrman on Security
JULY 24, 2022
Like other forms of cyber crime, business email compromise is growing and evolving. Here’s what you need to know.
Tech Republic Security
JULY 28, 2022
The search giant explained that it pushed back its timeline once again because it needs more time for testing to ensure users’ online privacy is protected. The post Google delays removal of third-party cookies in Chrome through 2024 appeared first on TechRepublic.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Schneier on Security
JULY 27, 2022
Good essay arguing that open-source software is a critical national-security asset and needs to be treated as such: Open source is at least as important to the economy, public services, and national security as proprietary code, but it lacks the same standards and safeguards. It bears the qualities of a public good and is as indispensable as national highways.
Krebs on Security
JULY 28, 2022
Microleaves , a ten-year-old proxy service that lets customers route their web traffic through millions of Microsoft Windows computers, recently fixed a vulnerability in their website that exposed their entire user database. Microleaves claims its proxy software is installed with user consent, but data exposed in the breach shows the service has a lengthy history of being supplied with new proxies by affiliates incentivized to distribute the software any which way they can — such as by sec
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Tech Republic Security
JULY 26, 2022
Keeping track of all of your passwords has never been easier. Learn how to fill and save passwords on your mobile device with 1Password. The post 1Password password manager: How it works with apps appeared first on TechRepublic.
Schneier on Security
JULY 29, 2022
Yet another article about cyber-weapons arms manufacturers and their particular supply chain. This one is about Windows and Adobe Reader zero-day exploits sold by an Austrian company named DSIRF. There’s an entire industry devoted to undermining all of our security. It needs to be stopped.
Bleeping Computer
JULY 29, 2022
The Federal Communications Commission (FCC) warned Americans of an increasing wave of SMS (Short Message Service) phishing attacks attempting to steal their personal information and money. [.].
Security Affairs
JULY 24, 2022
Threat actor leaked data of 5.4 million Twitter users that were obtained by exploiting a now patched flaw in the popular platform. A threat actor has leaked data of 5.4 million Twitter accounts that were obtained by exploiting a now-fixed vulnerability in the popular social media platform. The threat actor is now offering for sale the stolen data on a the popular hacking forum Breached Forums.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Tech Republic Security
JULY 29, 2022
With summer vacations taking employees out of the office, phishing attacks are on the rise. Here are three ways companies can stay prepared. The post Prevent email phishing attacks this summer with 3 defensive measures appeared first on TechRepublic.
Schneier on Security
JULY 26, 2022
I haven’t written about Apple’s Lockdown Mode yet, mostly because I haven’t delved into the details. This is how Apple describes it: Lockdown Mode offers an extreme, optional level of security for the very few users who, because of who they are or what they do, may be personally targeted by some of the most sophisticated digital threats, such as those from NSO Group and other private companies developing state-sponsored mercenary spyware.
CSO Magazine
JULY 26, 2022
ISAC and ISAO definition. [Editor's note: This article, originally published on July 3, 2019, has been updated with a directory of ISACs and ISAOs.] An Information Sharing and Analysis Center (ISAC) is an industry-specific organization that gathers and shares information on cyber threats to critical infrastructure. ISACs also facilitate the sharing of data between public and private sector groups. [ Learn what you need to know about defending critical infrastructure. | Get the latest from CSO by
CyberSecurity Insiders
JULY 29, 2022
. The next time you are firing an employee for their low performance or doing it for any other reason, please make sure that the data they possess has been handover to you perfectly, i.e. scientifically. Otherwise, they could get involved with threat actors and target your organization with a sophisticated cyber attack that can shut down your organization on a permanent note.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Tech Republic Security
JULY 27, 2022
Ducktail malware tries to hijack the accounts of individuals who use Facebook’s Business and Ads platforms, says WithSecure Intelligence. The post Infostealer malware targets Facebook business accounts to capture sensitive data appeared first on TechRepublic.
Security Boulevard
JULY 28, 2022
Google’s plan to kill third party cookies is delayed—yet again. And it’s probably not surprising. The post Google ‘Delays Making Less Money’ — Third-Party Cookie Ban on Hold appeared first on Security Boulevard.
eSecurity Planet
JULY 25, 2022
The domain name system (DNS) is basically a directory of addresses for the internet. Your browser uses DNS to find the IP for a specific service. For example, when you enter esecurityplanet.com, the browser queries a DNS service to reach the matching servers, but it’s also used when you send an email. It is handy for users, as they don’t have to remember the IP address for each service, but it does not come without security risks and vulnerabilities.
Security Affairs
JULY 23, 2022
The U.S. DoJ seized $500,000 worth of Bitcoin from North Korea-linked threat actors who are behind the Maui ransomware. The U.S. Department of Justice (DoJ) has seized $500,000 worth of Bitcoin from North Korean threat actors who used the Maui ransomware to target several organizations worldwide. “The Justice Department today announced a complaint filed in the District of Kansas to forfeit cryptocurrency paid as ransom to North Korean hackers or otherwise used to launder such ransom paymen
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Tech Republic Security
JULY 28, 2022
Since Microsoft’s shutdown of macros in Office apps, attackers are using container file types to deliver malware in one of the largest threat landscape shifts in recent history. The post How attackers are adapting to a post-macro world appeared first on TechRepublic.
Security Boulevard
JULY 29, 2022
DSIRF GmbH codenamed ‘Knotweed’ by Microsoft and RiskIQ. The post Solved: Subzero Spyware Secret — Austrian Firm Fingered appeared first on Security Boulevard.
CSO Magazine
JULY 27, 2022
Since the pandemic the cyber world has become a far riskier place. According to the Hiscox Cyber Readiness Report 2022 , almost half (48%) of organizations across the U.S. and Europe experienced a cyberattack in the past 12 months. Even more alarming is that these attacks are happening despite businesses doubling down on their cybersecurity spend. Cybersecurity is at a critical inflection point where five megatrends are making the threat landscape riskier, more complicated, and costlier to manag
Bleeping Computer
JULY 28, 2022
A US managed service provider NetStandard suffered a cyberattack causing the company to shut down its MyAppsAnywhere cloud services, consisting of hosted Dynamics GP, Exchange, Sharepoint, and CRM services. [.].
Advertisement
Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.
Tech Republic Security
JULY 27, 2022
If you're looking to get a powerful ERP solution up and running, Jack Wallen has the solution by way of Odoo and Docker. The post How to quickly deploy the Odoo ERP solution with Docker appeared first on TechRepublic.
We Live Security
JULY 27, 2022
It pays to be careful – here’s how you can stay safe from fake giveaways, money flipping scams and other cons that fraudsters use to trick payment app users out of their hard-earned cash. The post Cash App fraud: 10 common scams to watch out for appeared first on WeLiveSecurity.
CSO Magazine
JULY 25, 2022
Phishing , in which an attacker sends a deceptive email tricks the recipient into giving up information or downloading a file, is a decades-old practice that still is responsible for innumerable IT headaches. Phishing is the first step for all kinds of attacks, from stealing passwords to downloading malware that can provide a backdoor into a corporate network.
NSTIC
JULY 27, 2022
In providing a foundation for cybersecurity advancements over the years, NIST has taken the global context into account when determining priorities and approaches. Our participation in Standards Developing Organizations (SDOs) has expanded steadily, and we encourage international participation in the development of our own programs and resources. As we celebrate the 50th anniversary of cybersecurity at NIST, it is more important than ever that we work with our partners around the world.
Advertisement
Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!
Tech Republic Security
JULY 27, 2022
Beyond the immediate costs of a data breach, almost half of the total costs occur more than a year after the incident, says IBM Security. The post Average cost of data breach surpasses $4 million for many organizations appeared first on TechRepublic.
Digital Shadows
JULY 28, 2022
Recent reporting from Microsoft has shone light on the “HolyGhost” ransomware group, a cybercriminal outfit originating from North Korea. While. The post Holy Ghost’s Bargain Basement Approach to Ransomware first appeared on Digital Shadows.
CSO Magazine
JULY 25, 2022
To really secure software, you need to know what's inside its code. That's why a software bill of materials is essential today. It used to be that we didn't worry that much about our code's security. Bad binaries, sure. The code itself? Not so much. We were so foolish. Then came one security slap in the face after another: The SolarWinds software supply chain attack, the ongoing Log4j vulnerability , and the npm maintainer protest code gone wrong have made it clear that we must clean up our soft
Webroot
JULY 25, 2022
The RSA Conference 2022 – one of the world’s premier IT security conferences – was held June 6th-9th in San Francisco. The first in-person event for RSA since the global pandemic had a slightly lower turnout than in years past (26,000 compared to 36,000 attendees). But attendees and presenters alike made up for it with their eagerness to explore emerging IT security trends that have developed over the past year – a venue like RSA Conference 2022 delivered on tenfold.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Expert insights. Personalized for you.
323 
Let's personalize your content