Jane Frankland

FEBRUARY 10, 2023

The term “influencer” gets thrown around a lot these days, but what does it actually mean? This was a question I was asked by journalists and analysts when I was engaged as an “influencer” for a huge vendor conference recently. In short, an influencer is someone who has the ability to affect the purchasing decisions of others because of their authority, knowledge, position, or relationship with their audience.

Cybersecurity 100

Cybersecurity Marketing Media Education 100

Troy Hunt

FEBRUARY 9, 2023

I think I've pretty much captured it all in the title of this post but as of about a day ago, Pwned Passwords now has full parity between the SHA-1 hashes that have been there since day 1 and NTLM hashes. We always had both as a downloadable corpus but as of just over a year ago with the introduction of the FBI data feed , we stopped maintaining downloadable behemoths of data.

Passwords 308

Passwords 308

Lohrman on Security

FEBRUARY 5, 2023

A lot has happened in the past 12 months regarding human microchip implants. Here’s your roundup of recent developments.

301

301

Schneier on Security

FEBRUARY 7, 2023

Criminals using Google search ads to deliver malware isn’t new, but Ars Technica declared that the problem has become much worse recently. The surge is coming from numerous malware families, including AuroraStealer, IcedID, Meta Stealer, RedLine Stealer, Vidar, Formbook, and XLoader. In the past, these families typically relied on phishing and malicious spam that attached Microsoft Word documents with booby-trapped macros.

Malware 262

Malware Phishing Cybercrime 262

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

Krebs on Security

FEBRUARY 5, 2023

Julius “Zeekill” Kivimäki, a 25-year-old Finnish man charged with extorting a local online psychotherapy practice and leaking therapy notes for more than 22,000 patients online, was arrested this week in France. A notorious hacker convicted of perpetrating tens of thousands of cybercrimes, Kivimäki had been in hiding since October 2022, when he failed to show up in court and Finland issued an international warrant for his arrest.

Cybercrime 259

Cybercrime DDOS Hacking Accountability 259

Troy Hunt

FEBRUARY 10, 2023

Did I really need to get a connected BBQ? No more than I needed to connect most of the other things in the house which is to say "a bit useful but not entirely necessary" But it's a fascinating process when looked at through the lens of how accessible the technology is to your average person given it's embedded in a consumer-orientated product.

VPN 223

VPN Passwords Data breaches Technology 223

Schneier on Security

FEBRUARY 6, 2023

The field of machine learning (ML) security—and corresponding adversarial ML—is rapidly advancing as researchers develop sophisticated techniques to perturb, disrupt, or steal the ML model or data. It’s a heady time; because we know so little about the security of these systems, there are many opportunities for new researchers to publish in this field.

Encryption 254

Encryption Hacking Software Social Engineering 254

Krebs on Security

FEBRUARY 7, 2023

KrebsOnSecurity will likely have a decent amount of screen time in an upcoming Hulu documentary series about the 2015 megabreach at marital infidelity site Ashley Madison. While I can’t predict what the producers will do with the video interviews we shot, it’s fair to say the series will explore compelling new clues as to who may have been responsible for the attack.

Media 251

Media 251

Tech Republic Security

FEBRUARY 9, 2023

A new Kaspersky report sheds light on why some tech pros look for jobs on the dark web and how to spot suspicious and likely illegal positions from recruiters in that environment. The post How IT jobs and recruiting on the dark web might trick you appeared first on TechRepublic.

Cybersecurity 207

Cybersecurity 207

The Last Watchdog

FEBRUARY 8, 2023

Arguably one of the biggest leaps forward an enterprise can make in operational reliability, as well as security, is to shore up its implementations of the Public Key Infrastructure. Related: Why the ‘Matter’ standard matters Companies have long relied on PKI to deploy and manage the digital certificates and cryptographic keys that authenticate and protect just about every sensitive digital connection you can name.

Encryption 42

Encryption Authentication Internet Internet 42

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Schneier on Security

FEBRUARY 10, 2023

The tax code isn’t software. It doesn’t run on a computer. But it’s still code. It’s a series of algorithms that takes an input—financial information for the year—and produces an output: the amount of tax owed. It’s incredibly complex code; there are a bazillion details and exceptions and special cases. It consists of government laws, rulings from the tax authorities, judicial decisions, and legal opinions.

Hacking 244

Hacking Artificial Intelligence Government Software 244

Krebs on Security

FEBRUARY 9, 2023

Authorities in the United States and United Kingdom today levied financial sanctions against seven men accused of operating “ Trickbot ,” a cybercrime-as-a-service platform based in Russia that has enabled countless ransomware attacks and bank account takeovers since its debut in 2016. The U.S. Department of the Treasury says the Trickbot group is associated with Russian intelligence services, and that this alliance led to the targeting of many U.S. companies and government entities.

Hacking 208

Hacking Cybercrime Ransomware Government 208

Tech Republic Security

FEBRUARY 8, 2023

Ransomware was down last year, though LockBit led threat actors and employees opened a third of the toxic emails in the last six months of 2022. The post New cybersecurity data reveals persistent social engineering vulnerabilities appeared first on TechRepublic.

Social Engineering 207

Social Engineering Engineering Cybersecurity Ransomware 207

The Last Watchdog

FEBRUARY 6, 2023

The decision by the House of Representatives to ban TikTok from federal devices is noteworthy, especially as the Chinese spy balloon crisis unfolds. Related: The Golden Age of cyber espionage On December 23, 2022, Congress, in a bipartisan spending bill, banned TikTok from all government devices. The White House, the Pentagon, the Department of Homeland Security, and the State Department have already banned the social media app, as have more than a dozen other states.

Media 189

Media Government Accountability Mobile 189

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Schneier on Security

FEBRUARY 9, 2023

This is a neat piece of historical research. The team of computer scientist George Lasry, pianist Norbert Biermann and astrophysicist Satoshi Tomokiyo—all keen cryptographers—initially thought the batch of encoded documents related to Italy, because that was how they were filed at the Bibliothèque Nationale de France. However, they quickly realised the letters were in French.

Encryption 224

Encryption 224

SecureList

FEBRUARY 7, 2023

There is a vast number of trackers , which gather information about users’ activities online. For all intents and purposes, we have grown accustomed to online service providers, marketing agencies, and analytical companies tracking our every mouse click, our social posts, browser and streaming services history. The collected data can be used for improving their user interfaces or the overall user experience, or to personalize ads.

Advertising 145

Advertising Marketing Internet Internet 145

Tech Republic Security

FEBRUARY 10, 2023

A new Linux version of Royal ransomware is targeting VMware ESXi virtual machines. Learn more about this security threat and how to protect from it. The post Royal ransomware spreads to Linux and VMware ESXi appeared first on TechRepublic.

Ransomware 192

Ransomware Malware 192

Security Boulevard

FEBRUARY 9, 2023

Implementing modern cryptography standards on tiny IoT devices is hard. They’re underpowered, need to sip battery charge and something like AES is often overkill. The post Amazing Fast Crypto for IoT — US NIST Fingers ASCON appeared first on Security Boulevard.

IoT 144

IoT Internet Internet Mobile 144

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Schneier on Security

FEBRUARY 8, 2023

In early 2021, IEEE Security and Privacy asked a number of board members for brief perspectives on the SolarWinds incident while it was still breaking news. This was my response. The penetration of government and corporate networks worldwide is the result of inadequate cyberdefenses across the board. The lessons are many, but I want to focus on one important one we’ve learned: the software that’s managing our critical networks isn’t secure, and that’s because the market doesn’t reward that secur

Marketing 43

Marketing Software Government Hacking 43

The Hacker News

FEBRUARY 9, 2023

The OpenSSL Project has released fixes to address several security flaws, including a high-severity bug in the open source encryption toolkit that could potentially expose users to malicious attacks. Tracked as CVE-2023-0286, the issue relates to a case of type confusion that may permit an adversary to "read memory contents or enact a denial-of-service," the maintainers said in an advisory.

Encryption 133

Encryption 133

Tech Republic Security

FEBRUARY 7, 2023

These ransomware infections on VMware ESXi software are due to a vulnerability that has existed since 2021. Find out the most targeted countries and how to secure your organization. The post Massive ransomware operation targets VMware ESXi: How to protect from this security threat appeared first on TechRepublic.

Ransomware 189

Ransomware Software Cybersecurity Network Security 189

Security Boulevard

FEBRUARY 6, 2023

Police in the Netherlands broke open alleged drugs gangs by hacking an encrypted messenger service, Exclu. Lives were saved and alleged perps arrested. The post Dutch Cops Bust ‘Exclu’ Messaging Service, Arrest 42 appeared first on Security Boulevard.

Encryption 142

Encryption Hacking Social Engineering Engineering 142

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Schneier on Security

FEBRUARY 10, 2023

Tuesday was the official publication date of A Hacker’s Mind: How the Powerful Bend Society’s Rules, and How to Bend them Back. It broke into the 2000s on the Amazon best-seller list. Reviews in the New York Times , Cory Doctorow’s blog , Science , and the Associated Press. I wrote essays related to the book for CNN and John Scalzi’s blog.

194

194

Dark Reading

FEBRUARY 7, 2023

A broken access control vulnerability could have led to dangerous follow-on attacks for users of the money-management app.

132

132

Tech Republic Security

FEBRUARY 7, 2023

With more companies investing in Web 3.0 this year, including blockchain, gaming and the metaverse, the cat and mouse game will continue, but with more dimensions. The post Metaverse adds new dimensions to Web 3.0 cybersecurity appeared first on TechRepublic.

Cybersecurity 178

Cybersecurity 178

Security Boulevard

FEBRUARY 8, 2023

Considering the effectiveness of an endpoint security solution when a firewall is already in place is a valid concern for any organization looking to run lean. On the surface, they can look like two solutions doing very much the same thing. However, they are as different as a guard fence and an internal alarm system, The post Do You Need EDR if You Already Have a Firewall?

Firewall 136

Firewall Security Awareness Cybersecurity Network Security 136

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

CSO Magazine

FEBRUARY 6, 2023

If there’s an intrusion or a ransomware attack on your company, will your security team come out swinging, ready for a real fight? CISOs may feel their staff is always primed with the technical expertise and training they need, but there’s still a chance they might freeze up when the pressure is on, says Bec McKeown, director of human science at cybersecurity training platform Immersive Labs.

CISO 132

CISO Ransomware Cybersecurity 132

We Live Security

FEBRUARY 6, 2023

As children’s safety and privacy online becomes a matter of increasing urgency, lawmakers around the world push ahead on new regulations in the digital realm The post Online safety laws: What’s in store for children’s digital playgrounds?

128

128

Tech Republic Security

FEBRUARY 10, 2023

As cybersecurity threats increase in complexity and volume, the Department of Defense is turning to new technologies for help. The post New virtual data fabric to support DoD cyber testing appeared first on TechRepublic.

Technology 169

Technology Cybersecurity Big data Artificial Intelligence 169

Trend Micro

FEBRUARY 6, 2023

In this investigation, we analyzed several prominent "passive income" applications and found out that there may be security risks upon participating in these programs.

Risk 127

Risk 127

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity