Tech Republic Security
AUGUST 25, 2022
Mitiga says that MFA, even if improperly configured, is no panacea for preventing attackers from abusing compromised credentials. The post How a business email compromise attack exploited Microsoft’s multi-factor authentication appeared first on TechRepublic.
Lohrman on Security
AUGUST 21, 2022
2022 has brought a surge in distributed denial-of-service attacks as well as a dramatic rise in patriotic hacktivism. What’s ahead for these trends as the year continues?
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Schneier on Security
AUGUST 22, 2022
This is a dumb crypto mistake I had not previously encountered: A developer says it was possible to run their own software on the car infotainment hardware after discovering the vehicle’s manufacturer had secured its system using keys that were not only publicly known but had been lifted from programming examples. […]. “Turns out the [AES] encryption key in that script is the first AES 128-bit CBC example key listed in the NIST document SP800-38A [PDF]” […].
The Last Watchdog
AUGUST 22, 2022
Short-handed cybersecurity teams face a daunting challenge. Related: ‘ASM’ is cybersecurity’s new centerpiece. In an intensely complex, highly dynamic operating environment, they must proactively mitigate myriad vulnerabilities and at the same time curtail the harm wrought by a relentless adversary: criminal hacking collectives. In short, attack surface management has become the main tent pole of cybersecurity.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Tech Republic Security
AUGUST 25, 2022
Apple updates, cookie theft, tech tips and a 5G cheat sheet top this week’s most-read news on TechRepublic. The post Tech news you may have missed: August 18 – 25 appeared first on TechRepublic.
CSO Magazine
AUGUST 23, 2022
The cost of a data breach is not easy to define, but as more organizations fall victim to attacks and exposures, the potential financial repercussions are becoming clearer. For modern businesses of all shapes and sizes, the monetary impact of suffering a data breach is substantial. IBM’s latest Cost of a Data Breach report discovered that, in 2022, the average cost of a data breach globally reached an all-time high of $4.35 million.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Appknox
AUGUST 21, 2022
Mobile app security testing is expensive, and that’s a fact. For instance, a single quality penetration test costs around $20,000-$30,000. But do you essentially have to pay this high for the service?
Tech Republic Security
AUGUST 25, 2022
In a scam analyzed by Avanan, the victim received an email claiming to be from the CFO directing them to make a payment to their insurance company. The post How a business email compromise scam spoofed the CFO of a major corporation appeared first on TechRepublic.
Security Affairs
AUGUST 25, 2022
Password management software firm LastPass has suffered a data breach, threat actors have stole source code and other data. Password management software firm LastPass disclosed a security breach, threat actors had access to portions of the company development environment through a single compromised developer account and stole portions of source code and some proprietary technical information. “Two weeks ago, we detected some unusual activity within portions of the LastPass development env
Schneier on Security
AUGUST 24, 2022
Peiter Zatko, aka Mudge, has filed a whistleblower complaint with the SEC against Twitter, claiming that they violated an eleven-year-old FTC settlement by having lousy security. And he should know; he was Twitter’s chief security officer until he was fired in January. The Washington Post has the scoop (with documents) and companion backgrounder.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Trend Micro
AUGUST 23, 2022
We investigate mhyprot2.sys, a vulnerable anti-cheat driver for the popular role-playing game Genshin Impact. The driver is currently being abused by a ransomware actor to kill antivirus processes and services for mass-deploying ransomware.
Tech Republic Security
AUGUST 24, 2022
Analyzing over 100 prominent ransomware incidents, Barracuda found the top targeted sectors to be education, municipalities, healthcare, infrastructure and financial. The post How ransomware attacks target specific industries appeared first on TechRepublic.
Bleeping Computer
AUGUST 25, 2022
Password management firm LastPass was hacked two weeks ago, enabling threat actors to steal the company's source code and proprietary technical information. [.].
Schneier on Security
AUGUST 26, 2022
I’ve been saying that complexity is the worst enemy of security for a long time now. ( Here’s me in 1999.) And it’s been true for a long time. In 2018, Thomas Dullin of Google’s Project Zero talked about “cheap complexity.” Andrew Appel summarizes : The anomaly of cheap complexity. For most of human history, a more complex device was more expensive to build than a simpler device.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Trend Micro
AUGUST 24, 2022
A new ransomware written in the Go language has been targeting healthcare and education enterprises in Asia and Africa. This ransomware is called Agenda and is customized per victim.
Tech Republic Security
AUGUST 25, 2022
As the facial recognition market continues to grow, business leaders should consider these issues before deciding whether to implement the technology. The post Privacy and security issues associated with facial recognition software appeared first on TechRepublic.
Bleeping Computer
AUGUST 25, 2022
Microsoft has discovered a new malware used by the Russian hacker group APT29 (a.k.a. NOBELIUM, Cozy Bear) that enables authentication as anyone in a compromised network. [.].
Security Boulevard
AUGUST 25, 2022
It probably isn’t a surprise to any skeptics of the security practices of social media platforms—or who specifically remember Twitter’s previous security mishaps, including the hack of high-profile blue-check accounts—that Twitter’s cybersecurity practices are less than stellar and may even leave the platform open to attacks by nation-states. This, according to a former Twitter security.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Security Affairs
AUGUST 24, 2022
Threat actors are using the Tox peer-to-peer instant messaging service as a command-and-control server, Uptycs researchers reported. Tox is a peer-to-peer serverless instant messaging services that uses NaCl for encryption and decryption. Uptycs researchers reported that threat actors have started using the Tox peer-to-peer instant messaging service as a command-and-control server.
Tech Republic Security
AUGUST 22, 2022
RaaS kits are easy to find on the Dark Web, lowering the barrier of entry so that virtually any cybercriminal can launch successful ransomware attacks, says Microsoft. The post How to protect your organization from ransomware-as-a-service attacks appeared first on TechRepublic.
eSecurity Planet
AUGUST 25, 2022
The widely-used DevOps platform GitLab has released critical security updates for its Community Edition (CE) and Enterprise Edition (EE). The vulnerability was reported for a number of versions of GitLab CE/EE: all versions starting from 11.3.4 before 15.1.5 all versions starting from 15.2 before 15.2.3 all versions starting from 15.3 before 15.3.1.
Security Boulevard
AUGUST 25, 2022
This week: cybercriminals are continuing to target medical facilities, Twitter’s alleged lack of cybersecurity measures, and more. . The post The Week in Cybersecurity: French hospital hit with ransomware attack appeared first on Security Boulevard.
Advertisement
Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.
Security Affairs
AUGUST 25, 2022
Russia-linked APT group Nobelium is behind a new sophisticated post-exploitation malware tracked by Microsoft as MagicWeb. Microsoft security researchers discovered a post-compromise malware, tracked as MagicWeb, which is used by the Russia-linked NOBELIUM APT group to maintain persistent access to compromised environments. The NOBELIUM APT ( APT29 , Cozy Bear , and The Dukes) is the threat actor that conducted the supply chain attack against SolarWinds, which involved multiple families of impla
Tech Republic Security
AUGUST 26, 2022
Enterprise accounting software is designed for large companies and businesses. Here are the top eight enterprise accounting software suites. The post 8 best enterprise accounting software suites appeared first on TechRepublic.
eSecurity Planet
AUGUST 23, 2022
Linux has an extensive range of open-source distributions that pentesters, ethical hackers and network defenders can use in their work, whether for pentesting , digital forensics or other cybersecurity uses. Also known as “distros,” these distributions are variations of Linux that include the Linux kernel and usually a specific package manager. For example, Kali Linux, one of the most popular pentesting OSs, is Debian-based, which means it’s based on the Debian Project.
We Live Security
AUGUST 25, 2022
Doxing can happen to anyone – here’s how you can reduce the odds that your personal information will be weaponized against you. The post What is doxing and how to protect yourself appeared first on WeLiveSecurity.
Advertisement
Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!
CyberSecurity Insiders
AUGUST 24, 2022
Plex, an American Streaming platform, has officially sent out email notifications to all its users urging them to change their passwords. The entertainment offering company added in its update that the reason to send a notification to all its users was because of the discovery of suspicious activity on one of its IT databases. In the statement issued by Plex, the streaming media specified that the activity was discovered by it on August 23rd of this year and soon its IT staff, along with a third
Tech Republic Security
AUGUST 22, 2022
A lot of companies have deployed multi-factor authentication, yet attackers have some ways to bypass it—the most used one being cookie theft. The post Cookie theft threat: When Multi-Factor authentication is not enough appeared first on TechRepublic.
Security Affairs
AUGUST 25, 2022
GAIROSCOPE: An Israeli researcher demonstrated how to exfiltrate data from air-gapped systems using ultrasonic tones and smartphone gyroscopes. The popular researcher Mordechai Guri from the Ben-Gurion University of the Negev in Israel devise an attack technique, named GAIROSCOPE , to exfiltrate data from air-gapped systems using ultrasonic tones and smartphone gyroscopes.
SecureList
AUGUST 24, 2022
Introduction. In our crimeware reporting service, we analyze the latest crime-related trends we come across. Last month, we again posted a lot on ransomware, but we also covered other subjects, such as 1-day exploits. In this blogpost, we provide excerpts from these reports. For questions or more information about our crimeware reporting service, please contact crimewareintel@kaspersky.com.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Expert insights. Personalized for you.
169 
Let's personalize your content