Schneier on Security

JUNE 24, 2022

Earlier this month, I and others wrote a letter to Congress, basically saying that cryptocurrencies are an complete and total disaster, and urging them to regulate the space. Nothing in that letter is out of the ordinary, and is in line with what I wrote about blockchain in 2019. In response, Matthew Green has written —not really a rebuttal—but a “a general response to some of the more common spurious objections …people make to public blockchain systems.” In it, he

Cryptocurrency 364

Cryptocurrency Technology Scams Government 364

Lohrman on Security

JUNE 19, 2022

The United States and the European Union are planning to work together to secure digital infrastructure in developing countries. Here’s why this is vitally important.

Cybersecurity 354

Cybersecurity 354

Krebs on Security

JUNE 20, 2022

Check out this handmade sign posted to the front door of a shuttered Jimmy John’s sandwich chain shop in Missouri last week. See if you can tell from the store owner’s message what happened. If you guessed that someone in the Jimmy John’s store might have fallen victim to a Business Email Compromise (BEC) or “CEO fraud” scheme — wherein the scammers impersonate company executives to steal money — you’d be in good company.

Scams 345

Scams Media 345

Troy Hunt

JUNE 24, 2022

First up, I'm really sorry about the audio quality on this one. It's the exact same setup I used last week (and carefully tested first) but it's obviously just super sensitive to the wind. If you look at the trees in the background you can see they're barely moving, but inevitably that was enough to really mess with the audio quality.

Data breaches 253

Data breaches Hacking 253

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Schneier on Security

JUNE 22, 2022

Interesting : What makes Symbiote different from other Linux malware that we usually come across, is that it needs to infect other running processes to inflict damage on infected machines. Instead of being a standalone executable file that is run to infect a machine, it is a shared object (SO) library that is loaded into all running processes using LD_PRELOAD (T1574.006), and parasitically infects the machine.

Malware 349

Malware 349

Anton on Security

JUNE 23, 2022

Let’s play a game and define a hypothetical market called Cloud Detection and Response (CDR). Note that it is no longer my job to define markets , so I am doing it for fun here (yes, people find the weirdest things to be fun! ) So, let’s define CDR as a type of a security tool primarily focused on detecting, confirming and investigating suspicious activities and other security problems in various public cloud environments , including, but not limited to IaaS, PaaS, SaaS.

Threat Detection 246

Threat Detection Marketing Technology 246

The Last Watchdog

JUNE 20, 2022

The Deep & Dark Web is a mystery to most in the mainstream today: many have heard about it, but few understand just a fraction of what’s going on there. Related: ‘IABs’ spread ransomware. Planning your roadmap, executing your projects, and keeping an eye on the barrage of ransomware headlines, it’s understandable if you and your team are feeling some anxiety.

Ransomware 260

Ransomware Marketing Data collection VPN 260

Schneier on Security

JUNE 21, 2022

Two bills attempting to reduce the power of Internet monopolies are currently being debated in Congress: S. 2992, the American Innovation and Choice Online Act ; and S. 2710, the Open App Markets Act. Reducing the power to tech monopolies would do more to “fix” the Internet than any other single action, and I am generally in favor of them both.

Internet 326

Internet Internet Encryption Backups 326

Tech Republic Security

JUNE 24, 2022

Solidify your skills as a cybersecurity professional by becoming certified. Here is a list of some of the best cybersecurity certifications available today. The post Best cybersecurity certifications in 2022 appeared first on TechRepublic.

Cybersecurity 212

Cybersecurity 212

The State of Security

JUNE 23, 2022

The UK's National Health Service has warned the public about a spate of fake messages, sent out as SMS text messages, fraudulently telling recipients that they have been exposed to the Omicron variant of COVID-19. Read more in my article on the Tripwire State of Security blog.

Scams 145

Scams Phishing 145

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

The Last Watchdog

JUNE 23, 2022

The U.S. Securities and Exchange Commission (SEC) is taking steps to crack down on insufficient cyber risk reporting. Related : Making third-party risk audits actionable. Seeking to minimize cybersecurity threat effects, the SEC has proposed several amendments requiring organizations to report on cyber risk in a “fast, comparable, and decision-useful manner.”.

Cyber Risk 252

Cyber Risk Risk Cybersecurity Cyber threats 252

Schneier on Security

JUNE 20, 2022

Hartzbleed is a new side-channel attack that works against a variety of microprocressors. Deducing cryptographic keys by analyzing power consumption has long been an attack, but it’s not generally viable because measuring power consumption is often hard. This new attack measures power consumption by measuring time, making it easier to exploit.

Manufacturing 253

Manufacturing Encryption 253

Tech Republic Security

JUNE 22, 2022

The cybersecurity company went into great detail on some of the sweeping cybersecurity changes anticipated over the next four years. The post Gartner reveals 8 cybersecurity predictions for the next 4 years appeared first on TechRepublic.

Cybersecurity 184

Cybersecurity 184

Bleeping Computer

JUNE 23, 2022

CISA warned today that threat actors including state-backed hacking groups are still targeting VMware Horizon and Unified Access Gateway (UAG) servers using the Log4Shell (CVE-2021-44228) remote code execution vulnerability. [.].

Hacking 145

Hacking 145

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Security Boulevard

JUNE 19, 2022

A new IoT malware was detected in October 2021 with as many as 30 exploit mechanisms that were coded into it. This malware called BotenaGo was able to seek out and attack vulnerable targets by itself without having to rely on any human intervention. Once it infects a device, it creates two backdoor ports viz., […]. The post The future of IoT ransomware – targeted multi-function bots and more cyberattacks appeared first on Security Boulevard.

IoT 144

IoT Ransomware Malware 144

Schneier on Security

JUNE 23, 2022

Nadiya Kostyuk and Susan Landau wrote an interesting paper: “ Dueling Over DUAL_EC_DRBG: The Consequences of Corrupting a Cryptographic Standardization Process “: Abstract: In recent decades, the U.S. National Institute of Standards and Technology (NIST), which develops cryptographic standards for non-national security agencies of the U.S. government, has emerged as the de facto international source for cryptographic standards.

Government 250

Government Technology 250

Tech Republic Security

JUNE 23, 2022

CEO Alexander García-Tobar advises IT professionals on addressing the cybersecurity shortage. The post The current cybersecurity shortage and how to resolve it appeared first on TechRepublic.

Cybersecurity 184

Cybersecurity 184

Bleeping Computer

JUNE 21, 2022

Cloudflare says a massive outage that affected more than a dozen of its data centers and hundreds of major online platforms and services today was caused by a change that should have increased network resilience. [.].

Technology 144

Technology 144

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

SecureList

JUNE 23, 2022

These days ransomware analysis gets a lot of coverage in commercial and public reports, with vendors issuing dozens of ransomware-related publications each year. These reports provide analysis on specific malware families or new samples, describe the activities of a particular ransomware group, give general tips on how to prevent ransomware from working, and so on.

Ransomware 144

Ransomware Malware Backups Accountability 144

Security Affairs

JUNE 22, 2022

Cyber Spetsnaz is targeting government resources and critical infrastructure in Lithuania after the ban of Russian railway goods. Cyber Spetsnaz is targeting Lithuanian government resources and critical infrastructure – the recent ban on Russian railway goods has caused a new spike of hacktivist activity on the Dark Web. Today the group has announced multiple targets for coordinated DDoS attacks – the resources to be attacked are distributed between so-called “units” who are based on members and

Cyber Attacks 145

Cyber Attacks DDOS Media Government 145

Tech Republic Security

JUNE 21, 2022

A new banking Trojan dubbed "Malibot" pretends to be a cryptomining application to spread between Android phones. While only active now in Spain and Italy, it could begin targeting Americans. The post New Android banking malware disguises as crypto app to spread appeared first on TechRepublic.

Banking 184

Banking Malware 184

Malwarebytes

JUNE 21, 2022

A researcher has found a way to generate a fingerprint of your device from your installed Google Chrome extensions, and then use that fingerprint to track you online. Fingerprinting is a way of figuring out what makes your device unique and then using that to identify you as you move around the internet. Websites you visit receive a huge amount of information when you land on their portal—it’s a lot more than “just” which web browser you use to load up someone’s site.

VPN 142

VPN Media Internet Internet 142

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

SecureList

JUNE 21, 2022

ToddyCat is a relatively new APT actor that we have not been able to relate to other known actors, responsible for multiple sets of attacks detected since December 2020 against high-profile entities in Europe and Asia. We still have little information about this actor, but we know that its main distinctive signs are two formerly unknown tools that we call ‘Samurai backdoor’ and ‘Ninja Trojan’ The group started its activities in December 2020, compromising selected Exchang

Encryption 144

Encryption Malware Technology Internet 144

Security Affairs

JUNE 20, 2022

The Attorney General has issued an arrest warrant for a hacker who targeted a NATO think tank in Germany for the Russia-linked APT28. The Attorney General has issued an arrest warrant for the Russian hacker Nikolaj Kozachek (aka “blabla1234565” and “kazak”) who is accused to have carried out a cyber espionage attack against the NATO think tank Joint Air Power Competence Center in Germany.

Hacking 144

Hacking Accountability Malware Cybersecurity 144

Tech Republic Security

JUNE 24, 2022

The group has targeted 50 businesses from English speaking countries since April 2022. The post Black Basta may be an all-star ransomware gang made up of former Conti and REvil members appeared first on TechRepublic.

Ransomware 175

Ransomware 175

Graham Cluley

JUNE 21, 2022

Have you received an email notification that there is a voicemail waiting to be listened to by you? Maybe you would be wise to think carefully before clicking on the attachment.

Phishing 137

Phishing 137

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

Bleeping Computer

JUNE 20, 2022

This month's Windows Server updates are causing a wide range of issues for administrators, including VPN and RDP connectivity problems on servers with Routing and Remote Access Service (RRAS) enabled. [.].

VPN 138

VPN 138

Malwarebytes

JUNE 24, 2022

Microsoft’s PowerShell is a useful, flexible tool that is as popular with criminals as it is with admins. Cybercrooks like it becasue PowerShell is powerful, available almost everywhere, and doesn’t look out of place running on a company network. In most places it isn’t practical to block PowerShell completely, which raises the question: How do you stop the bad stuff without disrupting the good stuff?

Cybersecurity 138

Cybersecurity Malware Firewall System Administration 138

Tech Republic Security

JUNE 22, 2022

Most organizations surveyed by Banyan Security consider zero trust a priority, but many see it as difficult and expensive to implement. The post Why organizations are keen on zero trust but are slow to adopt it appeared first on TechRepublic.

153

153

CSO Magazine

JUNE 21, 2022

Cybersecurity researchers work hard to keep the digital world safe, but every once in a while their own physical security is at risk. Anyone who has been in this field long enough has stumbled upon stories of infosec professionals receiving threats or has experienced incidents themselves. A security expert who wanted to remain anonymous to protect his family says that "several people focusing on cybercrime have received death threats" in the past few years, and some of them even decided to fly u

Cybersecurity 137

Cybersecurity InfoSec Cybercrime Risk 137

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity