Krebs on Security

OCTOBER 31, 2021

Virtually all compilers — programs that transform human-readable source code into computer-executable machine code — are vulnerable to an insidious attack in which an adversary can introduce targeted vulnerabilities into any software without being detected, new research released today warns. The vulnerability disclosure was coordinated with multiple organizations, some of whom are now releasing updates to address the security weakness.

Software 363

Software Information Security Encryption Government 363

Schneier on Security

NOVEMBER 1, 2021

Really interesting research demonstrating how to hide vulnerabilities in source code by manipulating how Unicode text is displayed. It’s really clever, and not the sort of attack one would normally think about. From Ross Anderson’s blog : We have discovered ways of manipulating the encoding of source code files so that human viewers and compilers see different logic.

Engineering 324

Engineering 324

The Last Watchdog

NOVEMBER 3, 2021

Last Watchdog’s mission is to foster useful understanding about emerging cybersecurity and privacy exposures. Related article: The road to a Pulitzer. While I no longer concern myself with seeking professional recognition for doing this, it’s, of course, always terrific to receive peer validation that we’re steering a good course. That’s why I’m thrilled to point out that Last Watchdog has been recognized, once again, as a trusted source of information on cybersecurity and privacy topics.

Cybersecurity 278

Cybersecurity Data breaches Mobile Internet 278

Tech Republic Security

NOVEMBER 1, 2021

Attackers will vow to publicly release the stolen data, try to delete any backups and even deploy DDoS attacks to convince victims to give in to the ransom demands, says Sophos.

DDOS 217

DDOS Backups Ransomware 217

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Krebs on Security

NOVEMBER 4, 2021

The holiday shopping season always means big business for phishers, who tend to find increased success this time of year with a lure about a wayward package that needs redelivery. Here’s a look at a fairly elaborate SMS-based phishing scam that spoofs FedEx in a bid to extract personal and financial information from unwary recipients. One of dozens of FedEx-themed phishing sites currently being advertised via SMS spam.

Phishing 332

Phishing Scams Mobile DNS 332

Schneier on Security

NOVEMBER 4, 2021

The Israeli cyberweapons arms manufacturer — and human rights violator , and probably war criminal — NSO Group has been added to the US Department of Commerce’s trade blacklist. US companies and individuals cannot sell to them. Aside from the obvious difficulties this causes, it’ll make it harder for them to buy zero-day vulnerabilities on the open market.

Manufacturing 311

Manufacturing Marketing Spyware 311

Tech Republic Security

NOVEMBER 4, 2021

Ping Identity executive advisor Aubrey Turner warns that eager cybercriminals are ready to exploit the current chaotic state of the world, and preparation is essential going into the holidays.

Cybersecurity 217

Cybersecurity 217

Krebs on Security

NOVEMBER 2, 2021

A number of publications in September warned about the emergence of “ Groove ,” a new ransomware group that called on competing extortion gangs to unite in attacking U.S. government interests online. It now appears that Groove was all a big hoax designed to toy with security firms and journalists. “An appeal to business brothers!” reads the Oct. 22 post from Groove calling for attacks on the United States government sector.

Ransomware 280

Ransomware Cybercrime VPN Media 280

Schneier on Security

NOVEMBER 3, 2021

It turns out that it’s surprisingly easy to create a fake Harvard student and get a harvard.edu email account. Scammers are using that prestigious domain name to shill brands : Basically, it appears that anyone with $300 to spare can ­– or could, depending on whether Harvard successfully shuts down the practice — advertise nearly anything they wanted on Harvard.edu, in posts that borrow the university’s domain and prestige while making no mention of the fact that it in reality

Accountability 303

Accountability Advertising Scams 303

Security Boulevard

NOVEMBER 4, 2021

This week, the Department of Commerce (DoC) amended its export administrative regulations (EAR) with the addition of four companies onto the entity list, effective November 4, 2021. The four companies—one from Singapore, two from Israel and one from Russia—were all engaged in activities which the U.S. government determined were “contrary to the foreign policy and.

Government 145

Government Social Engineering Engineering Mobile 145

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Tech Republic Security

NOVEMBER 4, 2021

IoT tech will help reduce emissions, satellite internet will challenge 5G, the chip shortage will continue and more will happen in 2022 as pandemic recovery continues to move slowly forward.

IoT 207

IoT Internet Internet 207

Security Affairs

NOVEMBER 4, 2021

Cisco fixed critical flaws that could have allowed unauthenticated attackers to access its devices with hard-coded credentials or default SSH keys. Cisco has released security updates to address two critical vulnerabilities that could have allowed unauthenticated attackers to log in to affected devices using hard-coded credentials or default SSH keys.

Authentication 145

Authentication Passwords Accountability Hacking 145

Schneier on Security

NOVEMBER 2, 2021

Interesting Twitter thread on how cell phone metadata can be used to identify and track people who don’t want to be identified and tracked.

304

304

The Hacker News

NOVEMBER 4, 2021

Cybersecurity researchers have disclosed a security flaw in the Linux Kernel's Transparent Inter Process Communication (TIPC) module that could potentially be leveraged both locally as well as remotely to execute arbitrary code within the kernel and take control of vulnerable machines.

Cybersecurity 145

Cybersecurity 145

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Tech Republic Security

NOVEMBER 4, 2021

The Cybersecurity and Infrastructure Security Agency is maintaining a database of known security flaws with details on how and when federal agencies and departments should patch them.

Government 205

Government Cybersecurity 205

Security Boulevard

NOVEMBER 1, 2021

It’s not just that there is a lot of data generated today; it’s how quickly that data is generated. The hourly increase in data makes meeting regulatory compliance difficult enough, but adding to the challenge is the ever-changing regulatory landscape. How do you continue to stay compliant when you are overrun with data while trying. The post Staying Current in an Ever-Changing Regulatory Landscape appeared first on Security Boulevard.

CISO 145

CISO Security Awareness Risk Government 145

Security Affairs

NOVEMBER 5, 2021

US officials believe that a drone was employed in an attempted attack on a power substation in Pennsylvania last year. . US officials believe threat actors used a drone in an attempted attack on a power substation in Pennsylvania last year. The attackers used a DJI Mavic 2 quadcopter-type drone, with a thick copper wire attached underneath it via nylon cords.

Hacking 145

Hacking Information Security 145

The Hacker News

NOVEMBER 1, 2021

Cybersecurity researchers disclosed details of what they say is the "largest botnet" observed in the wild in the last six years, infecting over 1.6 million devices primarily located in China, with the goal of launching distributed denial-of-service (DDoS) attacks and inserting advertisements into HTTP websites visited by unsuspecting users.

DDOS 145

DDOS Malware Advertising Cybersecurity 145

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Tech Republic Security

NOVEMBER 5, 2021

With cybercrime becoming more frequent and severe, there's no question that the demand for cybersecurity skills will remain high well into the future, and now you can learn them easily.

Cybersecurity 186

Cybersecurity Cybercrime 186

Security Boulevard

NOVEMBER 2, 2021

Trojan Source “threatens the security of all code,” screams a widely shared article. Poppycock. There’s nothing new here. The post ‘Trojan Source’ Makes Scary Headlines—But it’s Not New appeared first on Security Boulevard.

Social Engineering 144

Social Engineering IoT Engineering Security Awareness 144

Bleeping Computer

OCTOBER 31, 2021

The Microsoft Detection and Response Team (DART) says it detected an increase in password spray attacks targeting privileged cloud accounts and high-profile identities such as C-level executives. [.].

Passwords 144

Passwords Accountability 144

The Hacker News

NOVEMBER 1, 2021

A novel class of vulnerabilities could be leveraged by threat actors to inject visually deceptive malware in a way that's semantically permissible but alters the logic defined by the source code, effectively opening the door to more first-party and supply chain risks.

Malware 143

Malware Risk 143

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

Tech Republic Security

NOVEMBER 5, 2021

Impersonating an Amazon order notification, the attackers end up calling victims to try to obtain their credit card details, says Avanan.

Phishing 214

Phishing 214

Security Boulevard

NOVEMBER 4, 2021

Ransomware attacks are ubiquitous, and the insurance markets are chaotic. That, at least, seems to be the state of cybersecurity and risk mitigation since the COVID-19 pandemic began. It also isn’t far from the truth: Ransomware attacks have markedly increased, placing significant pressure on insurance markets to provide organizations with affordable options to minimize risk.

Ransomware 144

Ransomware Insurance Marketing Risk 144

CSO Magazine

NOVEMBER 2, 2021

Cybersecurity buzzwords and buzz phrases are a dime a dozen. Used to simplify complex terminology or boost sales and marketing campaigns, buzzwords are an inescapable reality for an innovative and fast-paced industry like information security. However, such terms are not always helpful and can be inaccurate, outdated, misleading, or even risk causing harm.

Cybersecurity 143

Cybersecurity CSO Marketing Information Security 143

Security Affairs

OCTOBER 30, 2021

MITRE and CISA announced the release of the “2021 Common Weakness Enumeration (CWE) Most Important Hardware Weaknesses” list. MITRE and the DHS’s Cybersecurity and Infrastructure Security Agency (CISA) have announced the release of the “2021 Common Weakness Enumeration (CWE) Most Important Hardware Weaknesses” list. The list was published with the intent of raising awareness of common hardware weaknesses through CWE and educating designers and programmers on how to address them as part of the pr

Firmware 145

Firmware Manufacturing Education Engineering 145

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

Tech Republic Security

NOVEMBER 5, 2021

The $10 million is for intel that leads to the identification or location of anyone who holds a leadership position in the DarkSide group.

Government 208

Government Ransomware 208

Bleeping Computer

NOVEMBER 1, 2021

Microsoft Defender for Windows is getting a massive overhaul allowing home network admins to deploy Android, iOS, and Mac clients to monitor antivirus, phishing, compromised passwords, and identity theft alerts from a single security dashboard. [.].

Identity Theft 142

Identity Theft Antivirus Phishing Passwords 142

Quick Heal Antivirus

NOVEMBER 2, 2021

What is WSL? The Windows Subsystem for Linux (WSL) is a resource inside the Windows operating system that. The post Stay Alert – Malware Authors Deploy ELF as Windows Loaders to Exploit WSL feature appeared first on Quick Heal Blog | Latest computer security news, tips, and advice.

Malware 142

Malware Cybersecurity 142

Threatpost

NOVEMBER 5, 2021

CISA is urging vendors to patch, given the release of public exploit code & a proof of concept tool for bugs that open billions of devices – phones, PCs, toys, etc. – to DoS & code execution.

Mobile 141

Mobile 141

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity