Krebs on Security

OCTOBER 31, 2021

Virtually all compilers — programs that transform human-readable source code into computer-executable machine code — are vulnerable to an insidious attack in which an adversary can introduce targeted vulnerabilities into any software without being detected, new research released today warns. The vulnerability disclosure was coordinated with multiple organizations, some of whom are now releasing updates to address the security weakness.

Software 363

Software Information Security Encryption Government 363

Schneier on Security

NOVEMBER 1, 2021

Really interesting research demonstrating how to hide vulnerabilities in source code by manipulating how Unicode text is displayed. It’s really clever, and not the sort of attack one would normally think about. From Ross Anderson’s blog : We have discovered ways of manipulating the encoding of source code files so that human viewers and compilers see different logic.

Engineering 333

Engineering 333

The Last Watchdog

NOVEMBER 3, 2021

Last Watchdog’s mission is to foster useful understanding about emerging cybersecurity and privacy exposures. Related article: The road to a Pulitzer. While I no longer concern myself with seeking professional recognition for doing this, it’s, of course, always terrific to receive peer validation that we’re steering a good course. That’s why I’m thrilled to point out that Last Watchdog has been recognized, once again, as a trusted source of information on cybersecurity and privacy topics.

Cybersecurity 278

Cybersecurity Data breaches Mobile Internet 278

Troy Hunt

NOVEMBER 5, 2021

Where does the time go? Feels like not a lot happening then three quarters of an hour later. But there are so many cool, interesting angles to this industry that there's always something or other happening. This week, it's new (still broken) tech courtesy of RØDE, the old Coinhive site still not dying, a super nasty data breach in Israel and Pwned Passwords absolutely powering along in both volume and the open source initiative with the FBI.

Data breaches 240

Data breaches Passwords Ransomware 240

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

Krebs on Security

NOVEMBER 4, 2021

The holiday shopping season always means big business for phishers, who tend to find increased success this time of year with a lure about a wayward package that needs redelivery. Here’s a look at a fairly elaborate SMS-based phishing scam that spoofs FedEx in a bid to extract personal and financial information from unwary recipients. One of dozens of FedEx-themed phishing sites currently being advertised via SMS spam.

Phishing 345

Phishing Scams Mobile DNS 345

Schneier on Security

NOVEMBER 4, 2021

The Israeli cyberweapons arms manufacturer — and human rights violator , and probably war criminal — NSO Group has been added to the US Department of Commerce’s trade blacklist. US companies and individuals cannot sell to them. Aside from the obvious difficulties this causes, it’ll make it harder for them to buy zero-day vulnerabilities on the open market.

Manufacturing 322

Manufacturing Marketing Spyware 322

Javvad Malik

NOVEMBER 3, 2021

I’ve seen VC’s fund many security and tech startups. Lots of the ideas are rubbish, so I’ve come up with my own ideas that aren’t rubbish so VC’s can fund me instead. Don’t steal any of my ideas or I will sue you! Take a human skull and 3D print an eyeball on it, add Linux to the inside where the brain would be. Website uses photo of person looking out from screen with windows environment running, call this cyberSURVIVOR.

Cybersecurity 235

Cybersecurity 235

Krebs on Security

NOVEMBER 2, 2021

A number of publications in September warned about the emergence of “ Groove ,” a new ransomware group that called on competing extortion gangs to unite in attacking U.S. government interests online. It now appears that Groove was all a big hoax designed to toy with security firms and journalists. “An appeal to business brothers!” reads the Oct. 22 post from Groove calling for attacks on the United States government sector.

Ransomware 293

Ransomware Cybercrime VPN Media 293

Schneier on Security

NOVEMBER 3, 2021

It turns out that it’s surprisingly easy to create a fake Harvard student and get a harvard.edu email account. Scammers are using that prestigious domain name to shill brands : Basically, it appears that anyone with $300 to spare can ­– or could, depending on whether Harvard successfully shuts down the practice — advertise nearly anything they wanted on Harvard.edu, in posts that borrow the university’s domain and prestige while making no mention of the fact that it in reality

Accountability 319

Accountability Advertising Scams 319

Tech Republic Security

NOVEMBER 1, 2021

Attackers will vow to publicly release the stolen data, try to delete any backups and even deploy DDoS attacks to convince victims to give in to the ransom demands, says Sophos.

DDOS 218

DDOS Backups Ransomware 218

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Thales Cloud Protection & Licensing

NOVEMBER 2, 2021

Quantum Resistant Encryption – Are You Ready? madhav. Tue, 11/02/2021 - 09:10. . Some good news and a couple of tips for being prepared. Over the past few months, a handful of Thales CPL clients have mentioned their concern regarding the future threat of quantum computing to their data security frameworks. If you take a good hard look at the risks arising from Quantum, there is bad news and good news.

Encryption 156

Encryption Risk CISO Cybersecurity 156

The Last Watchdog

NOVEMBER 1, 2021

It doesn’t matter if you want to learn a new language or figure out how to fix your broken clothes dryer; the tools, tutorials, and templates you need are available online. Related: Enlisting ‘human sensors’ Unfortunately, with crime-as-a-service, the same is true for people interested in trying their hand at cybercrime. The dark web provides virtually everything potential attackers need to make their move.

Phishing 150

Phishing Cybercrime Technology Hacking 150

Schneier on Security

NOVEMBER 2, 2021

Interesting Twitter thread on how cell phone metadata can be used to identify and track people who don’t want to be identified and tracked.

313

313

Tech Republic Security

NOVEMBER 4, 2021

Ping Identity executive advisor Aubrey Turner warns that eager cybercriminals are ready to exploit the current chaotic state of the world, and preparation is essential going into the holidays.

Cybersecurity 217

Cybersecurity 217

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Security Affairs

NOVEMBER 5, 2021

US officials believe that a drone was employed in an attempted attack on a power substation in Pennsylvania last year. . US officials believe threat actors used a drone in an attempted attack on a power substation in Pennsylvania last year. The attackers used a DJI Mavic 2 quadcopter-type drone, with a thick copper wire attached underneath it via nylon cords.

Hacking 145

Hacking Information Security 145

WIRED Threat Level

NOVEMBER 5, 2021

DDoSecrets published the trove Friday afternoon. Privacy advocates say it shows how pervasive law enforcement's eye has become, and how lax its data protection can be.

Surveillance 145

Surveillance 145

The Hacker News

NOVEMBER 5, 2021

Ukraine's premier law enforcement and counterintelligence agency on Thursday disclosed the real identities of five individuals allegedly involved in cyberattacks attributed to a cyber-espionage group named Gamaredon, linking the members to Russia's Federal Security Service (FSB).

Hacking 145

Hacking 145

Tech Republic Security

NOVEMBER 5, 2021

Impersonating an Amazon order notification, the attackers end up calling victims to try to obtain their credit card details, says Avanan.

Phishing 217

Phishing 217

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Security Affairs

NOVEMBER 5, 2021

A new threat actor is exploiting ProxyShell flaws in attacks aimed at Microsoft Exchange servers to deploy the Babuk Ransomware in corporate networks. Talos researchers warn of a new threat actor that is hacking Microsoft Exchange servers by exploiting ProxyShell flaws to gain access to corporate and deploy the Babuk Ransomware. Over the past months, other ransomware gangs, including Conti and Lockfile , exploited ProxyShell flaws to deliver their malware.

Ransomware 145

Ransomware Backups Encryption DNS 145

Security Boulevard

NOVEMBER 4, 2021

This week, the Department of Commerce (DoC) amended its export administrative regulations (EAR) with the addition of four companies onto the entity list, effective November 4, 2021. The four companies—one from Singapore, two from Israel and one from Russia—were all engaged in activities which the U.S. government determined were “contrary to the foreign policy and.

Government 145

Government Social Engineering Engineering Mobile 145

The Hacker News

NOVEMBER 4, 2021

Cybersecurity researchers have disclosed a security flaw in the Linux Kernel's Transparent Inter Process Communication (TIPC) module that could potentially be leveraged both locally as well as remotely to execute arbitrary code within the kernel and take control of vulnerable machines.

Cybersecurity 145

Cybersecurity 145

Tech Republic Security

NOVEMBER 5, 2021

The $10 million is for intel that leads to the identification or location of anyone who holds a leadership position in the DarkSide group.

Government 214

Government Ransomware 214

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Security Affairs

NOVEMBER 4, 2021

Cisco fixed critical flaws that could have allowed unauthenticated attackers to access its devices with hard-coded credentials or default SSH keys. Cisco has released security updates to address two critical vulnerabilities that could have allowed unauthenticated attackers to log in to affected devices using hard-coded credentials or default SSH keys.

Authentication 145

Authentication Passwords Accountability Hacking 145

Security Boulevard

NOVEMBER 1, 2021

It’s not just that there is a lot of data generated today; it’s how quickly that data is generated. The hourly increase in data makes meeting regulatory compliance difficult enough, but adding to the challenge is the ever-changing regulatory landscape. How do you continue to stay compliant when you are overrun with data while trying. The post Staying Current in an Ever-Changing Regulatory Landscape appeared first on Security Boulevard.

CISO 145

CISO Security Awareness Risk Government 145

The Hacker News

NOVEMBER 5, 2021

The U.S. government on Thursday announced a $10 million reward for information that may lead to the identification or location of key individuals who hold leadership positions in the DarkSide ransomware group or any of its rebrands.

Ransomware 145

Ransomware Government 145

Tech Republic Security

NOVEMBER 4, 2021

IoT tech will help reduce emissions, satellite internet will challenge 5G, the chip shortage will continue and more will happen in 2022 as pandemic recovery continues to move slowly forward.

IoT 213

IoT Internet Internet 213

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

Security Affairs

NOVEMBER 2, 2021

Researchers devised a new attack method called ‘Trojan Source’ that allows hide vulnerabilities into the source code of a software project. Trojan Source is a new attack technique demonstrated by a group of Cambridge researchers that can allow threat actors to hide vulnerabilities in the source code of a software project. The technique could be exploited to inject stealth malware without impacting the semantics of the source code while changing its logic. “We present a new type

Software 145

Software Cybercrime Malware Hacking 145

Malwarebytes

NOVEMBER 3, 2021

This blog post was authored by Jérôme Segura. There are many techniques threat actors use to slow down analysis or, even better, evade detection. Perhaps the most popular method is to detect virtual machines commonly used by security researchers and sandboxing solutions. Reverse engineers are accustomed to encountering code snippets that check certain registry keys, looking for specific values indicating the presence of VMware or Virtual Box, two of the most popular virtualization software.

Software 145

Software Engineering Passwords Accountability 145

The Hacker News

NOVEMBER 1, 2021

Cybersecurity researchers disclosed details of what they say is the "largest botnet" observed in the wild in the last six years, infecting over 1.6 million devices primarily located in China, with the goal of launching distributed denial-of-service (DDoS) attacks and inserting advertisements into HTTP websites visited by unsuspecting users.

DDOS 145

DDOS Malware Advertising Cybersecurity 145

Tech Republic Security

NOVEMBER 4, 2021

The Cybersecurity and Infrastructure Security Agency is maintaining a database of known security flaws with details on how and when federal agencies and departments should patch them.

Government 209

Government Cybersecurity 209

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity