Troy Hunt
AUGUST 3, 2022
How best to punish spammers? I give this topic a lot of thought because I spend a lot of time sifting through the endless rubbish they send me. And that's when it dawned on me: the punishment should fit the crime - robbing me of my time - which means that I, in turn, need to rob them of their time. With the smallest possible overhead on my time, of course.
Schneier on Security
AUGUST 2, 2022
TheMarkup has an extensive analysis of connected vehicle data and the companies that are collecting it. The Markup has identified 37 companies that are part of the rapidly growing connected vehicle data industry that seeks to monetize such data in an environment with few regulations governing its sale or use. While many of these companies stress they are using aggregated or anonymized data, the unique nature of location and movement data increases the potential for violations of user privacy.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Krebs on Security
AUGUST 4, 2022
Email scammers sent an Uber to the home of an 80-year-old woman who responded to a well-timed email scam, in a bid to make sure she went to the bank and wired money to the fraudsters. In this case, the woman figured out she was being scammed before embarking for the bank, but her story is a chilling reminder of how far crooks will go these days to rip people off.
The Last Watchdog
AUGUST 1, 2022
After years of competitive jockeying, the leading tech giants have agreed to embrace a brand new open-source standard – called Matter – that will allow consumers to mix and match smart home devices and platforms. Related: The crucial role of ‘Digital Trust’ After numerous delays and course changes, the Matter protocol, is set to roll out this fall, in time for the 2022 holiday shopping season.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Lohrman on Security
JULY 31, 2022
Despite the lack of major headline-grabbing cyber attacks against U.S. critical infrastructure so far in 2022, our global cyber battles continue to increase.
Schneier on Security
AUGUST 1, 2022
Amazon has revealed that it gives police videos from its Ring doorbells without a warrant and without user consent. Ring recently revealed how often the answer to that question has been yes. The Amazon company responded to an inquiry from US Senator Ed Markey (D-Mass.), confirming that there have been 11 cases in 2022 where Ring complied with police “emergency” requests.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Troy Hunt
JULY 30, 2022
I didn't intend for a bunch of this week's vid to be COVID related, but between the breach of an anti-vaxxer website and the (unrelated) social comments directed at our state premier following some pretty simple advice, well, it just kinda turned out that way. But there's more on other breaches too, in particular the alleged Paytm one and the actual Customer.io one.
Tech Republic Security
AUGUST 1, 2022
A probable Chinese rootkit infects targeted computers and stays active even if the system is being reinstalled. The post New CosmicStrand rootkit targets Gigabyte and ASUS motherboards appeared first on TechRepublic.
Schneier on Security
AUGUST 4, 2022
SIKE is one of the new algorithms that NIST recently added to the post-quantum cryptography competition. It was just broken , really badly. We present an efficient key recovery attack on the Supersingular Isogeny Diffie-Hellman protocol (SIDH), based on a “glue-and-split” theorem due to Kani. Our attack exploits the existence of a small non-scalar endomorphism on the starting curve, and it also relies on the auxiliary torsion point information that Alice and Bob share during the pro
Security Affairs
JULY 31, 2022
A vulnerability, tracked as CVE-2022-30563, impacting Dahua IP Camera can allow attackers to seize control of IP cameras. The CVE-2022-30563 vulnerability impacting Dahua IP Camera can allow attackers to seize control of IP cameras. The issue affects Dahua’s implementation of the Open Network Video Interface Forum ( ONVIF ). ONVIF provides and promotes standardized interfaces for effective interoperability of IP-based physical security products.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Troy Hunt
AUGUST 5, 2022
A very early weekly update this time after an especially hectic week. The process with the couple of data breaches in particular was a real time sap and it shouldn't be this hard. Seriously, the amount of effort that goes into trying to get organisations to own their breach (or if they feel strongly enough about it, help attribute it to another party) is just nuts.
Tech Republic Security
AUGUST 4, 2022
With more people using their mobile devices for work and personal use, hackers are exploiting the vulnerabilities these activities create. The post Verizon: Mobile attacks up double digits from 2021 appeared first on TechRepublic.
Schneier on Security
AUGUST 3, 2022
Seems it’s now common to sneak contraband into prisons with a drone.
Security Boulevard
AUGUST 5, 2022
Cybersecurity is the number-one skills gap in 2022, surpassing cloud computing as the top-ranking area of focus for individuals and organizations, according to a Pluralsight survey of more than 700 tech professionals. Respondents with access to modern upskilling options demonstrated more confidence in their skills and trust in their organizations. These technologists had access to.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Bleeping Computer
AUGUST 5, 2022
Twitter has confirmed a recent data breach was caused by a now-patched zero-day vulnerability used to link email addresses and phone numbers to users' accounts, allowing a threat actor to compile a list of 5.4 million user account profiles. [.].
Tech Republic Security
AUGUST 4, 2022
More than 40% of IT pros surveyed by Menlo Security said they worry about ransomware evolving beyond their knowledge and skills. The post One in three organizations now hit by weekly ransomware attacks appeared first on TechRepublic.
Malwarebytes
AUGUST 1, 2022
Security researcher Derek Abdine has published an advisory about vulnerabilities that exist in the MIT-licensed muhttpd web server. This web server is present in Arris firmware which can be found in several router models. muhttpd web server. muhttpd (mu HTTP deamon) is a simple but complete web server written in portable ANSI C. It has three major goals: Be simple, be portable, and be secure.
Security Affairs
AUGUST 5, 2022
RapperBot is a new botnet employed in attacks since mid-June 2022 that targets Linux SSH servers with brute-force attacks. Researchers from FortiGuard Labs have discovered a new IoT botnet tracked as RapperBot which is active since mid-June 2022. The bot borrows a large portion of its code from the original Mirai botnet, but unlike other IoT malware families, it implements a built-in capability to brute force credentials and gain access to SSH servers instead of Telnet as implemented in Mirai.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Bleeping Computer
AUGUST 5, 2022
Slack notified roughly 0.5% of its users that it reset their passwords after fixing a bug exposing salted password hashes when creating or revoking shared invitation links for workspaces. [.].
Tech Republic Security
AUGUST 3, 2022
The theft of $190 million of cryptocurrencies owned by Nomad users highlights the challenges involved in securing digital assets. The post Hackers steal almost $200 million from crypto firm Nomad appeared first on TechRepublic.
eSecurity Planet
AUGUST 2, 2022
Linux malware is skyrocketing and now surpasses both macOS and Android, according to a new report, suggesting that cybercriminals are increasingly targeting the open source operating system. The Atlas VPN report said the number of new Linux malware samples collected soared by 646% from the first half of 2021 to the first half of 2022, from 226,334 samples to nearly 1.7 million.
Security Affairs
AUGUST 5, 2022
A threat actor, tracked as TAC-040, exploited Atlassian Confluence flaw CVE-2022-26134 to deploy previously undetected Ljl Backdoor. Cybersecurity firm Deepwatch reported that a threat actor, tracked as TAC-040, has likely exploited the CVE-2022-26134 flaw in Atlassian Confluence servers to deploy a previously undetected backdoor dubbed Ljl Backdoor.
Advertisement
Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.
Graham Cluley
AUGUST 5, 2022
Did Russian security Kaspersky really choose to send an email to its customers addressing them as "dear and lovely"? Had Kaspersky suffered a data breach? Had a hacker found a way to send messages to Kaspersky's customer base?
Tech Republic Security
AUGUST 5, 2022
Learn how to set up and sync Authy on all your devices for easy two-factor authentication. The post How to use Authy: A guide for beginners appeared first on TechRepublic.
Bleeping Computer
AUGUST 1, 2022
Cybersecurity researchers have uncovered a set of 3,207 mobile apps that are exposing Twitter API keys to the public, potentially enabling a threat actor to take over users' Twitter accounts that are associated with the app. [.].
Security Affairs
AUGUST 4, 2022
Cisco fixes critical remote code execution vulnerability, tracked as CVE-2022-20842, impacting Small Business VPN routers. Cisco addressed a critical security vulnerability, tracked as CVE-2022-20842, impacting Small Business VPN routers. The flaw resides in the web-based management interface of several Small Business VPN routers, including Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers.
Advertisement
Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!
Security Boulevard
AUGUST 5, 2022
Not too long ago, the consensus on the economy was that it was firing on all cylinders. Unemployment was low, investment across all sectors was through the roof, and within the cybersecurity vendor community, opportunities for career growth and change proliferated. Then, suddenly, the sentiment changed. Inflation skyrocketed, the stock market went into a tailspin, The post 8 Questions Cybersecurity Pros Should Ask Hiring Managers appeared first on Security Boulevard.
Tech Republic Security
AUGUST 3, 2022
Deloitte’s 2022 Connectivity and Mobile Trends Survey finds people are fine-tuning the balance between their virtual and physical activities. The post Consumers benefit from virtual experiences but are concerned about tech fatigue and security appeared first on TechRepublic.
CSO Magazine
AUGUST 4, 2022
In the world of espionage and intrigue, China has always played the long game, planning far beyond the next quarter, looking over the horizon at the next generation. For this reason, it should come as no surprise that China and Chinese government-supported companies like Huawei will look at every avenue to advance the long-term goals of the Chinese Communist Party (CCP).
Security Affairs
AUGUST 5, 2022
US Critical Infrastructure Security Agency (CISA) adds a recently disclosed flaw in the Zimbra email suite to its Known Exploited Vulnerabilities Catalog. The Cybersecurity & Infrastructure Security Agency (CISA) has added a recently disclosed flaw in the Zimbra email suite, tracked as CVE-2022-27924 , to its Known Exploited Vulnerabilities Catalog.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Expert insights. Personalized for you.
363 
Let's personalize your content