Lohrman on Security

APRIL 9, 2023

From Lloyd’s of London to the new National Cybersecurity Strategy, the future of cyber insurance is evolving fast. What do you need to watch?

Cyber Insurance 266

Cyber Insurance Insurance Cybersecurity 266

Schneier on Security

APRIL 12, 2023

The FBI is warning people against using public phone-charging stations, worrying that the combination power-data port can be used to inject malware onto the devices: Avoid using free charging stations in airports, hotels, or shopping centers. Bad actors have figured out ways to use public USB ports to introduce malware and monitoring software onto devices that access these ports.

Malware 327

Malware Software Risk 327

Krebs on Security

APRIL 14, 2023

KrebsOnSecurity received a nice bump in traffic this week thanks to tweets from the Federal Bureau of Investigation (FBI) and the Federal Communications Commission (FCC) about “ juice jacking ,” a term first coined here in 2011 to describe a potential threat of data theft when one plugs their mobile device into a public charging kiosk. It remains unclear what may have prompted the alerts, but the good news is that there are some fairly basic things you can do to avoid having to worry

Mobile 298

Mobile Software Backups Technology 298

Tech Republic Security

APRIL 14, 2023

A new report from cyberthreat intelligence company Cybersixgill sees threat actors swarming to digital bazaars to collaborate, buy and sell malware and credentials. The post For cybercriminal mischief, it’s dark web vs deep web appeared first on TechRepublic.

Malware 200

Malware Cybercrime Ransomware Cybersecurity 200

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Bleeping Computer

APRIL 11, 2023

Microsoft and Citizen Lab discovered commercial spyware made by an Israel-based company QuaDream used to compromise the iPhones of high-risk individuals using a zero-click exploit named ENDOFDAYS. [.

Spyware 144

Spyware Hacking Risk 144

Schneier on Security

APRIL 11, 2023

Car thieves are injecting malicious software into a car’s network through wires in the headlights (or taillights) that fool the car into believing that the electronic key is nearby. News articles.

Hacking 313

Hacking Software Malware 313

Tech Republic Security

APRIL 13, 2023

Android infections are also prevalent on the dark web, according to Kaspersky. Learn how to keep your workforce safe from these mobile and BYOD security threats. The post Google Play threats on the dark web are big business appeared first on TechRepublic.

Mobile 186

Mobile Cybersecurity 186

The Hacker News

APRIL 10, 2023

Over one million WordPress websites are estimated to have been infected by an ongoing campaign to deploy malware called Balada Injector since 2017. The massive campaign, per GoDaddy's Sucuri, "leverages all known and recently discovered theme and plugin vulnerabilities" to breach WordPress sites. The attacks are known to play out in waves once every few weeks.

Malware 141

Malware 141

Schneier on Security

APRIL 10, 2023

Here’s an experiment being run by undergraduate computer science students everywhere: Ask ChatGPT to generate phishing emails, and test whether these are better at persuading victims to respond or click on the link than the usual spam. It’s an interesting experiment, and the results are likely to vary wildly based on the details of the experiment.

Phishing 307

Phishing Scams Surveillance Internet 307

Bleeping Computer

APRIL 10, 2023

Yum! Brands, the brand owner of the KFC, Pizza Hut, and Taco Bell fast food chains, is now sending data breach notification letters to an undisclosed number of individuals whose personal information was stolen in a January 13 ransomware attack. [.

Data breaches 139

Data breaches Ransomware 139

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Tech Republic Security

APRIL 10, 2023

With PingOne Neo, PingIdentity aims to accelerate “speed to trust”, supercharge identity management and put control of a user’s identity in the user’s pocket. The post PingIdentity launches decentralized identity management appeared first on TechRepublic.

Passwords 171

Passwords Cybersecurity 171

Security Boulevard

APRIL 10, 2023

CAN You Not? Toyota RAV4 and many others vulnerable to CAN bus injection attack. Cars need zero-trust too. The post Yes, You CAN Steal This Car — by Opening the Fender appeared first on Security Boulevard.

IoT 138

IoT Security Awareness Mobile Malware 138

Schneier on Security

APRIL 14, 2023

You can beat the game without a computer : On a perfect [roulette] wheel, the ball would always fall in a random way. But over time, wheels develop flaws, which turn into patterns. A wheel that’s even marginally tilted could develop what Barnett called a ‘drop zone.’ When the tilt forces the ball to climb a slope, the ball decelerates and falls from the outer rim at the same spot on almost every spin.

Software 248

Software 248

SecureList

APRIL 12, 2023

The Lazarus group is a high-profile Korean-speaking threat actor with multiple sub-campaigns. We have previously published information about the connections of each cluster of this group. In this blog, we’ll focus on an active cluster that we dubbed DeathNote because the malware responsible for downloading additional payloads is named Dn.dll or Dn64.dll.

Malware 138

Malware Cryptocurrency Software Encryption 138

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Tech Republic Security

APRIL 12, 2023

In the face of growing risks from open-source software dependencies, Google Cloud is releasing its Assured Open Source Software (Assured OSS) service for Java and Python ecosystems at no cost. The post Google Cloud offers Assured Open Source Software for free appeared first on TechRepublic.

Software 159

Software Risk 159

CyberSecurity Insiders

APRIL 13, 2023

Quantum computing, while still in its infancy, is developing rapidly and holds tremendous potential for solving complex computational problems. However, its growth also presents significant challenges to cybersecurity, as it has the potential to render traditional cryptographic algorithms obsolete. This guide aims to provide a comprehensive understanding of the implications of quantum computing on cybersecurity, review the most notable quantum security technologies and vendors, and offer real-wo

Cybersecurity 135

Cybersecurity Encryption Technology Authentication 135

Schneier on Security

APRIL 13, 2023

Thieves cut through the wall of a coffee shop to get to an Apple store, bypassing the alarms in the process. I wrote about this kind of thing in 2000, in Secrets and Lies (page 318): My favorite example is a band of California art thieves that would break into people’s houses by cutting a hole in their walls with a chainsaw. The attacker completely bypassed the threat model of the defender.

236

236

Bleeping Computer

APRIL 11, 2023

Microsoft has patched a zero-day vulnerability in the Windows Common Log File System (CLFS), actively exploited by cybercriminals to escalate privileges and deploy Nokoyawa ransomware payloads. [.

Ransomware 135

Ransomware 135

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Tech Republic Security

APRIL 12, 2023

Graymail, phishing, vendor impersonation, and other BECs clogging up security teams’ time. The post Cybersecurity leaders see risk from email attacks, hybrid work appeared first on TechRepublic.

Risk 152

Risk Cybersecurity Phishing 152

CSO Magazine

APRIL 10, 2023

Will artificial intelligence become clever enough to upend computer security? AI is already surprising the world of art by producing masterpieces in any style on demand. It’s capable of writing poetry while digging up arcane facts in a vast repository. If AIs can act like a bard while delivering the comprehensive power of the best search engines, why can’t they shatter security protocols, too?

Artificial Intelligence 135

Artificial Intelligence Cybersecurity Engineering 135

CyberSecurity Insiders

APRIL 12, 2023

By Jaye Tillson, Director of Strategy, Axis Security The iconic 1986 film “Top Gun” is one of my favorite films. In the movie, a group of elite fighter pilots train to become the best of the best. The film depicts a world of intense competition and high stakes, where the pilots must constantly prove themselves in order to earn their place among the elite.

CISO 134

CISO Cybersecurity Authentication Internet 134

Security Boulevard

APRIL 14, 2023

Your Cloud — But For How Long? WD’s My Cloud service is finally back online, but ransomware scrotes demand “eight figures.” The post Western Digital Redux: My Cloud Alive Again, Ransom is $10M+ appeared first on Security Boulevard.

Ransomware 133

Ransomware Social Engineering IoT Engineering 133

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

Tech Republic Security

APRIL 10, 2023

There are courses in this bundle for all skill levels; several require no previous tech background whatsoever. The post Learn what you need to protect your business with ethical hacking for just $45 appeared first on TechRepublic.

Hacking 143

Hacking 143

Bleeping Computer

APRIL 14, 2023

Google has released an emergency Chrome security update to address the first zero-day vulnerability exploited in attacks since the start of the year. [.

143

143

CSO Magazine

APRIL 14, 2023

The European Data Protection Board (EDPB) plans to launch a dedicated task force to investigate ChatGPT after a number of European privacy watchdogs raised concerns about whether the technology is compliant with the EU's General Data Protection Regulation (GDPR). Europe's national privacy regulators said on Thursday that the decision came following discussions about recent enforcement action undertaken by the Italian data protection authority against OpenAI regarding its ChatGPT service.

Technology 132

Technology 132

Thales Cloud Protection & Licensing

APRIL 13, 2023

Post-Quantum Cryptography (PQC): Three Easy Ways to Prepare madhav Fri, 04/14/2023 - 06:05 The infamous Y2K “disaster” was successfully averted because people paid heed and prepared well in advance. Likewise, many Post-Quantum Computing (PCQ) security concerns can be addressed ahead of time with proper planning. Organizations that rely on data security and protection need to start preparing and refining strategies immediately.

IoT 127

IoT Marketing Risk Encryption 127

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

Tech Republic Security

APRIL 11, 2023

The service previously won the BestVPN.com Fastest VPN Award. The post Protect your company data with an Ivacy VPN lifetime subscription for $18 appeared first on TechRepublic.

VPN 137

VPN 137

Naked Security

APRIL 10, 2023

That double-whammy Apple browser-to-kernel spyware bug combo we wrote up last week? Turns out it applies to all supported Macs and iDevices - patch now!

Spyware 143

Spyware 143

SecureList

APRIL 11, 2023

In February 2023, Kaspersky technologies detected a number of attempts to execute similar elevation-of-privilege exploits on Microsoft Windows servers belonging to small and medium-sized businesses in the Middle East, in North America, and previously in Asia regions. These exploits were very similar to already known Common Log File System (CLFS) driver exploits that we analyzed previously, but we decided to double check and it was worth it – one of the exploits turned out to be a zero-day, suppo

Ransomware 131

Ransomware Malware Engineering Technology 131

CyberSecurity Insiders

APRIL 12, 2023

StormWall , a premier cybersecurity firm specializing in the defense of websites, networks, and online services from Distributed Denial of Service (DDoS) attacks, has published an in-depth report on the DDoS landscape during the first quarter of 2023. The report stems from a detailed analysis of attacks targeting StormWall’s clientele, which spans various sectors such as finance, e-commerce, telecommunications, entertainment, transportation, education, and logistics.

DDOS 129

DDOS Telecommunications Data breaches DNS 129

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity