Tech Republic Security
APRIL 17, 2023
New cloud-focused credential harvester available on encrypted messaging service Telegram is part of a trend of Python scrapers making it easier to bait multiple phishing hooks. The post Credential harvesting malware appears on deep web appeared first on TechRepublic.
Krebs on Security
APRIL 20, 2023
We learned some remarkable new details this week about the recent supply-chain attack on VoIP software provider 3CX. The lengthy, complex intrusion has all the makings of a cyberpunk spy novel: North Korean hackers using legions of fake executive accounts on LinkedIn to lure people into opening malware disguised as a job offer; malware targeting Mac and Linux users working at defense and cryptocurrency firms; and software supply-chain attacks nested within earlier supply chain attacks.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Schneier on Security
APRIL 21, 2023
This a good example of a security feature that can sometimes harm security: Apple introduced the optional recovery key in 2020 to protect users from online hackers. Users who turn on the recovery key, a unique 28-digit code, must provide it when they want to reset their Apple ID password. iPhone thieves with your passcode can flip on the recovery key and lock you out.
The Last Watchdog
APRIL 21, 2023
Adopting personas and rubbing elbows with criminal hackers and fraudsters is a tried-and-true way to glean intel in the Dark Web. Related: In pursuit of a security culture It’s not at all unusual to find law enforcement agents and private sector threat intelligence analysts concocting aliases that permit them to lurk in unindexed forums, vetted message boards and encrypted code repositories.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Lohrman on Security
APRIL 16, 2023
As a keynote speaker and multiday attendee at Europe’s largest cybersecurity conference, here are some of my top takeaways from a thought-provoking, global event with a distinctly European flare.
Krebs on Security
APRIL 18, 2023
For the past seven years, a malware-based proxy service known as “ Faceless ” has sold anonymity to countless cybercriminals. For less than a dollar per day, Faceless customers can route their malicious traffic through tens of thousands of compromised systems advertised on the service. In this post we’ll examine clues left behind over the past decade by the proprietor of Faceless, including some that may help put a face to the name.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Tech Republic Security
APRIL 19, 2023
Ransomware attacks skyrocketed last month according to the new monthly cybersecurity report by NCC Group. New threat group Cl0p is behind the increase as it exploited vulnerabilities in GoAnywhere file transfer manager. The post Ransomware attacks increased 91% in March, as threat actors find new vulnerabilities appeared first on TechRepublic.
We Live Security
APRIL 20, 2023
Similarities with newly discovered Linux malware used in Operation DreamJob corroborate the theory that the infamous North Korea-aligned group is behind the 3CX supply-chain attack The post Linux malware strengthens links between Lazarus and the 3CX supply‑chain attack appeared first on WeLiveSecurity
Security Boulevard
APRIL 17, 2023
It’s Help|About Time: Chrome’s “V8” JavaScript engine has high-severity vuln. Scrotes already exploiting it. The post Drop Everything: Update Chrome NOW — 0-Day Exploit in Wild appeared first on Security Boulevard.
Schneier on Security
APRIL 20, 2023
CitizenLab has identified three zero-click exploits against iOS 15 and 16. These were used by NSO Group’s Pegasus spyware in 2022, and deployed by Mexico against human rights defenders. These vulnerabilities have all been patched. One interesting bit is that Apple’s Lockdown Mode (part of iOS 16) seems to have worked to prevent infection.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Tech Republic Security
APRIL 21, 2023
Google Cloud and The Center for Internet Security, Inc., launched the Google Cloud Alliance this week with the goal of advancing digital security in the public sector. The Center for Internet Security, founded in 2000 to address growing cyber threats and establish a set of cybersecurity protocols and standards like CIS Critical Security Controls and.
Dark Reading
APRIL 20, 2023
A bug in how Google Cloud Platform handles OAuth tokens opened the door to Trojan apps that could access anything in users' personal or business Google Drives, Photos, Gmail, and more.
We Live Security
APRIL 18, 2023
When decommissioning their old hardware, many companies 'throw the baby out with the bathwater' The post Discarded, not destroyed: Old routers reveal corporate secrets appeared first on WeLiveSecurity
Schneier on Security
APRIL 19, 2023
EFF has a good explainer on the problems with the new UN Cybercrime Treaty, currently being negotiated in Vienna. The draft treaty has the potential to rewrite criminal laws around the world, possibly adding over 30 criminal offenses and new expansive police powers for both domestic and international criminal investigations. […] While we don’t think the U.N.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Tech Republic Security
APRIL 21, 2023
With Neosec acquisition, Akamai gains capabilities around API visibility, a security challenge for organizations, many of which have hundreds of integrated applications. The post API security becoming C-level cybersecurity concern appeared first on TechRepublic.
Bleeping Computer
APRIL 17, 2023
The Chinese state-sponsored hacking group APT41 was found abusing the GC2 (Google Command and Control) red teaming tool in data theft attacks against a Taiwanese media and an Italian job search company. [.
Graham Cluley
APRIL 20, 2023
I'm still encountering people who, even after all these years, believe that their Apple Mac computers are somehow magically invulnerable to ever being infected by malware. Maybe details of this new Mac malware will change their mind.
Schneier on Security
APRIL 18, 2023
I’m not sure there are good ways to build guardrails to prevent this sort of thing : There is growing concern regarding the potential misuse of molecular machine learning models for harmful purposes. Specifically, the dual-use application of models for predicting cytotoxicity18 to create new poisons or employing AlphaFold2 to develop novel bioweapons has raised alarm.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Tech Republic Security
APRIL 21, 2023
A report by GitLab finds that AI and ML in software development workflows show promise, but challenges like toolchain complexity and security concerns persist. The post DevSecOps: AI is reshaping developer roles, but it’s not all smooth sailing appeared first on TechRepublic.
Bleeping Computer
APRIL 18, 2023
The US, UK, and Cisco are warning of Russian state-sponsored APT28 hackers deploying a custom malware named 'Jaguar Tooth' on Cisco IOS routers, allowing unauthenticated access to the device. [.
CSO Magazine
APRIL 17, 2023
It’s no secret that cybersecurity jobs are burning people out. It’s a high-pressure environment that ever seems to be ratcheting up the daily demand on security professionals. There are many reasons for this, but underlying them all is the way we think about security. By consciously recognizing these mindsets we can change them and better position everyone for success.
Schneier on Security
APRIL 21, 2023
My latest book, A Hacker’s Mind , has a lot of sports stories. Sports are filled with hacks, as players look for every possible advantage that doesn’t explicitly break the rules. Here’s an example from pickleball, which nicely explains the dilemma between hacking as a subversion and hacking as innovation: Some might consider these actions cheating, while the acting player would argue that there was no rule that said the action couldn’t be performed.
Advertisement
Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.
Tech Republic Security
APRIL 18, 2023
Experts see the latest DDoS attacks against Israel as a case study in the effectiveness of simple, brute-force cybersecurity attacks, even against the most sophisticated targets. The post New DDoS attacks on Israel’s enterprises should be a wake-up call appeared first on TechRepublic.
Bleeping Computer
APRIL 19, 2023
The Play ransomware group has developed two custom tools in.NET, namely Grixba and VSS Copying Tool, which it uses to improve the effectiveness of its cyberattacks. [.
WIRED Threat Level
APRIL 19, 2023
The breach of the right-wing provocateur was simply a way of “stirring up some drama,” the attacker tells WIRED. But the damage could have been much worse.
CyberSecurity Insiders
APRIL 20, 2023
By Pat McGarry, CTO of ThreatBlockr There are two indisputable facts about the cybersecurity industry right now. One, we are still in the middle of a massive staffing crisis. Two, one of the biggest drivers of this staffing crisis is burnout of security professionals. A recent study indicates up to 84% of cybersecurity professionals are experiencing burnout.
Advertisement
Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!
Tech Republic Security
APRIL 20, 2023
As dwell times drop, and notifications of attack by third parties increase, organizations are getting better at defense while attackers evolve and malware proliferates. The post Malware is proliferating, but defenses are stronger: Mandiant appeared first on TechRepublic.
CSO Magazine
APRIL 17, 2023
Google has released Chrome version 112.0.5615.121 to address a vulnerability that can allow malicious code execution on Windows, Mac, and Linux systems.
Security Boulevard
APRIL 18, 2023
Enterprises already understand how important a role physical security plays in protecting their staff, work environments and privileged information from outsiders. Fences, walls, security guards and RFID-controlled doors all help organizations protect themselves, but these measures are far from sufficient when it comes to protecting critical infrastructure environments from cybersecurity incidents.
Dark Reading
APRIL 18, 2023
Researchers warn about a dangerous wave of unwiped, secondhand core-routers found containing corporate network configurations, credentials, and application and customer data.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Expert insights. Personalized for you.
175 
Let's personalize your content