Schneier on Security

FEBRUARY 9, 2022

Researchers have calculated the quantum computer size necessary to break 256-bit elliptic curve public-key cryptography: Finally, we calculate the number of physical qubits required to break the 256-bit elliptic curve encryption of keys in the Bitcoin network within the small available time frame in which it would actually pose a threat to do so. It would require 317 × 10 6 physical qubits to break the encryption within one hour using the surface code, a code cycle time of 1 μ s, a reaction

Encryption 361

Encryption 361

Troy Hunt

FEBRUARY 5, 2022

I feel like perfect audio remains an unsolved problem for me. Somehow, a low "hiss" has slipped in over the last couple of weeks and messing around trying to solve it before recording this video only served to leave me without any audio at all on the first attempt, and the status quo remaining on the second attempt. And I still can't use my Apollo Twin DAC as an input device almost a year on from when I bought it.

307

307

The Last Watchdog

FEBRUARY 8, 2022

Today’s operating system battleground has long been defined by the warfare between the top three players—Microsoft’s Windows, Google’s Android, and Apple’s iOS. Related: Co ok vs. Zuckerberg on privacy. While each of them has its distinguishing features, Apple’s privacy and security are what makes it the typical enterprise’s pick.

Marketing 245

Marketing Mobile Small Business Backups 245

Krebs on Security

FEBRUARY 7, 2022

The Internal Revenue Service (IRS) said today it will be transitioning away from requiring biometric data from taxpayers who wish to access their records at the agency’s website. The reversal comes as privacy experts and lawmakers have been pushing the IRS and other federal agencies to find less intrusive methods for validating one’s identity with the U.S. government online.

Insurance 234

Insurance Government Authentication Accountability 234

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

Schneier on Security

FEBRUARY 11, 2022

A detailed report of the 2021 ransomware attack against Ireland’s Health Services Executive lists some really bad security practices : The report notes that: The HSE did not have a Chief Information Security Officer (CISO) or a “single responsible owner for cybersecurity at either senior executive or management level to provide leadership and direction.

Antivirus 318

Antivirus Hacking Ransomware CISO 318

Tech Republic Security

FEBRUARY 11, 2022

The federal agency says hundreds of victims have lost money due to scams over a two-year span. The post FBI: Criminals escalating SIM swap attacks to steal millions of dollars appeared first on TechRepublic.

Scams 214

Scams 214

Krebs on Security

FEBRUARY 8, 2022

Microsoft today released software updates to plug security holes in its Windows operating systems and related software. This month’s relatively light patch batch is refreshingly bereft of any zero-day threats, or even scary critical vulnerabilities. But it does fix four dozen flaws, including several that Microsoft says will likely soon be exploited by malware or malcontents.

Authentication 204

Authentication Internet Internet System Administration 204

Schneier on Security

FEBRUARY 10, 2022

Bunnie Huang has created a Plausibly Deniable Database. Most security schemes facilitate the coercive processes of an attacker because they disclose metadata about the secret data, such as the name and size of encrypted files. This allows specific and enforceable demands to be made: “Give us the passwords for these three encrypted files with names A, B and C, or else…”.

Passwords 197

Passwords Encryption Authentication 197

Tech Republic Security

FEBRUARY 11, 2022

Code42’s study goes into detail about the risks facing cybersecurity leaders and practitioners in the wake of the Great Resignation. The post Hybrid work and the Great Resignation lead to cybersecurity concerns appeared first on TechRepublic.

Cybersecurity 208

Cybersecurity Risk 208

Anton on Security

FEBRUARY 8, 2022

This post is a somewhat random exploration of the cloud shared responsibility model relationship to cloud threat detection. Funny enough, some popular shared responsibility model visuals don’t even include detection, response or security operations. Mildly embarrassing, that. Anyhow, let’s start here: a naïve view of shared responsibility model and detection is simply the following: the cloud provider (CSP) is responsible for detecting threats to their backend systems while the customer is respo

Threat Detection 189

Threat Detection Cloud Migration Technology Engineering 189

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Malwarebytes

FEBRUARY 11, 2022

Apple has released a security fix for a zero-day vulnerability ( CVE-2022-22620 ) that it says “may have been actively exploited.” According to the security update information provided by Apple the vulnerability exists in WebKit—the HTML rendering engine component of its Safari browser—and can be used by an attacker to create web content that may lead to arbitrary code execution.

Engineering 145

Engineering 145

Schneier on Security

FEBRUARY 8, 2022

Amy Zegart has a new book: Spies, Lies, and Algorithms: The History and Future of American Intelligence. Wired has an excerpt : In short, data volume and accessibility are revolutionizing sensemaking. The intelligence playing field is leveling­ — and not in a good way. Intelligence collectors are everywhere, and government spy agencies are drowning in data.

Internet 196

Internet Internet Technology Government 196

Tech Republic Security

FEBRUARY 11, 2022

iPhones, iPads and the iPod Touch are all at risk, and it doesn’t matter what web browser you use: All of them could let an attacker execute arbitrary code on an infected device. The post iOS users: Patch now to avoid falling prey to this WebKit vulnerability appeared first on TechRepublic.

Risk 197

Risk Mobile 197

We Live Security

FEBRUARY 10, 2022

A trip into the dark corners of Telegram, which has become a magnet for criminals peddling everything from illegal drugs to fake money and COVID-19 vaccine passes. The post Hidden in plain sight: How the dark web is spilling onto social media appeared first on WeLiveSecurity.

Media 145

Media Cybercrime 145

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Malwarebytes

FEBRUARY 10, 2022

If you’re unfortunate enough to be caught out by ransomware, the consequences can be devastating. You may be able to get rid of the infection, but the all-important files affected by such an attack will still be under lock and key. Without backups, which is more common than you may think, the files may be gone forever. A tiny slice of good fortune. Occasionally, we all catch the proverbial break.

Ransomware 145

Ransomware Malware Backups Cryptocurrency 145

Bleeping Computer

FEBRUARY 5, 2022

The Federal Bureau of Investigation (FBI) has released technical details and indicators of compromise associated with Lockbit ransomware attacks in a new flash alert published this Friday. [.].

Ransomware 145

Ransomware 145

Tech Republic Security

FEBRUARY 5, 2022

Cybersecurity incident response is not only about handling an incident – it’s also about preparing for any possible incident and learning from it. Here are six steps for a successful and efficient cybersecurity incident response. The post Cybersecurity incident response: The 6 steps to success appeared first on TechRepublic.

Cybersecurity 192

Cybersecurity 192

Security Affairs

FEBRUARY 11, 2022

The U.S. CISA has added to the catalog of vulnerabilities another 15 security vulnerabilities actively exploited in the wild. The US Cybersecurity & Infrastructure Security Agency (CISA) has added fifteen more flaws to the Known Exploited Vulnerabilities Catalog. The ‘ Known Exploited Vulnerabilities Catalog ‘ is a list of known vulnerabilities that threat actors have abused in attacks and that are required to be addressed by Federal Civilian Executive Branch (FCEB) agencies.

IoT 143

IoT Accountability Authentication Hacking 143

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Google Security

FEBRUARY 10, 2022

Posted by Sarah Jacobus, Vulnerability Rewards Team Last year was another record setter for our Vulnerability Reward Programs (VRPs). Throughout 2021, we partnered with the security researcher community to identify and fix thousands of vulnerabilities – helping keep our users and the internet safe. Thanks to these incredible researchers, Vulnerability Reward Programs across Google continued to grow, and we are excited to report that in 2021 we awarded a record breaking $8,700,000 in vulnerabilit

Internet 143

Internet Internet Manufacturing Hacking 143

CyberSecurity Insiders

FEBRUARY 10, 2022

Security Event and Information Management platforms (SIEMs) collect data from security logs and in doing so are supposed to identify blind spots, reduce noise and alert fatigue, and simplify detection and response to complex cyberattacks. However, SIEMs have not lived up to these promises. Now, the new idea is XDR – what are its advantages, and should it coexist with or replace a SIEM ?

Cybersecurity 143

Cybersecurity Firewall Data breaches Risk 143

Tech Republic Security

FEBRUARY 7, 2022

IBM developer advocate and the founder of Snyk talk about changing the way developers think about cybersecurity. The post IBM and Snyk: Developers must lead the charge on cybersecurity appeared first on TechRepublic.

Cybersecurity 172

Cybersecurity 172

The Hacker News

FEBRUARY 5, 2022

Users of the Argo continuous deployment (CD) tool for Kubernetes are being urged to push through updates after a zero-day vulnerability was found that could allow an attacker to extract sensitive information such as passwords and API keys. The flaw, tagged as CVE-2022-24348 (CVSS score: 7.7), affects all versions and has been addressed in versions 2.3.0, 2.2.4, and 2.1.9.

Passwords 143

Passwords 143

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

eSecurity Planet

FEBRUARY 11, 2022

Machine learning (ML) and artificial intelligence (AI) have emerged as critical tools for dealing with the ever-growing volume and complexity of cybersecurity threats. Machines can recognize patterns to detect malware and unusual activity better than humans and classic software. The technology also predicts potential attacks and automatically responds to threats by identifying specific trends and cycles.

Cybersecurity 142

Cybersecurity Phishing Risk Artificial Intelligence 142

WIRED Threat Level

FEBRUARY 9, 2022

A couple allegedly used a “laundry list” of technical measures to cover their tracks. They didn’t work.

140

140

Tech Republic Security

FEBRUARY 9, 2022

To keep your Facebook Messenger conversations private and secured, you should start using the new end-to-end encryption feature. Jack Wallen shows you how. The post How to enable end-to-end encryption in Facebook Messenger appeared first on TechRepublic.

Encryption 166

Encryption Software 166

The Hacker News

FEBRUARY 10, 2022

French data protection regulators on Thursday found the use of Google Analytics a breach of the European Union's General Data Protection Regulation (GDPR) laws in the country, almost a month after a similar decision was reached in Austria. To that end, the National Commission on Informatics and Liberty (CNIL) ruled that the transatlantic movement of Google Analytics data to the U.S.

142

142

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

Naked Security

FEBRUARY 11, 2022

Sudden update! Zero-day browser hole! Drive-by malware danger! Patch Apple laptops and phones now.

Malware 140

Malware 140

CyberSecurity Insiders

FEBRUARY 9, 2022

By: Amit Kandpal, Director of Customer Experience, Netskope. The number one question I get from professionals in this field, and from executives or other stakeholders that are trying to build customer success programs for the first time, is how do I get to value creation/realization fastest. As a Customer Success leader, the below would be my key recommendations to any organization venturing into a security transformation exercise.

Risk 140

Risk Marketing Accountability Technology 140

Tech Republic Security

FEBRUARY 8, 2022

Proofpoint researchers have found that “phish kits” available for purchase online are beginning to adapt to MFA by adding transparent reverse proxies to their list of tools. The post Hackers have begun adapting to wider use of multi-factor authentication appeared first on TechRepublic.

Authentication 164

Authentication Phishing 164

The Hacker News

FEBRUARY 9, 2022

An advanced persistent threat (APT) group with ties to Iran has refreshed its malware toolset to include a new backdoor dubbed Marlin as part of a long-running espionage campaign that started in April 2018.

Malware 142

Malware Cybersecurity 142

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity