Schneier on Security
APRIL 8, 2022
Ever since Apple introduced AirTags, security people have warned that they could be used for stalking. But while there have been a bunch of anecdotal stories, this is the first vaguely scientific survey: Motherboard requested records mentioning AirTags in a recent eight month period from dozens of the country’s largest police departments. We obtained records from eight police departments.
Troy Hunt
APRIL 7, 2022
Supporting national governments has been a major cornerstone of Have I Been Pwned for the last 4 years. Today, I'm very happy to welcome the 31st government on board, Serbia! The National CERT and the Gov-CERT of the Republic of Serbia now has free and complete access to query their government domains via API. Visibility into the exposure of government departments in data breaches remains a valuable service I'm glad to see continuing to be taken up by national CERTs.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Krebs on Security
APRIL 7, 2022
The U.S. Federal Bureau of Investigation (FBI) says it has disrupted a giant botnet built and operated by a Russian government intelligence unit known for launching destructive cyberattacks against energy infrastructure in the United States and Ukraine. Separately, law enforcement agencies in the U.S. and Germany moved to decapitate “ Hydra ,” a billion-dollar Russian darknet drug bazaar that also helped to launder the profits of multiple Russian ransomware groups.
Tech Republic Security
APRIL 6, 2022
The Washington Post has revealed details of a contract with a software company that will allow the FBI to track social media posts. The post FBI investing millions in software to monitor social media platforms appeared first on TechRepublic.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Schneier on Security
APRIL 5, 2022
Brian Krebs has a detailed post about hackers using fake police data requests to trick companies into handing over data. Virtually all major technology companies serving large numbers of users online have departments that routinely review and process such requests, which are typically granted as long as the proper documents are provided and the request appears to come from an email address connected to an actual police department domain name.
Security Boulevard
APRIL 6, 2022
Digital transformation advances all business areas, fundamentally optimizing business processes and delivering value to customers. Successful digital transformation demands speed and agility over a sustained period, necessitating that cybersecurity keeps pace and becomes equally robust and responsive to changes in business and technology. Spending on digital transformation is expected to reach $1.8 trillion in 2022.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Tech Republic Security
APRIL 8, 2022
A new malware has infiltrated AWS Lambda services, and investigators still aren’t sure how it happened. Here’s how it works and how to protect your organization. The post AWS Lambda sees its first malware attack with Denonia, and we don’t know how it got there appeared first on TechRepublic.
Schneier on Security
APRIL 6, 2022
FinFisher has shut down operations. This is the spyware company whose products were used, among other things, to spy on Turkish and Bahraini political opposition.
Security Boulevard
APRIL 5, 2022
Hackers have stolen a mother lode of personal data from Intuit’s email marketing operation, Mailchimp. The post Mailchimp Hack Causes Theft of Trezor Crypto Wallet ‘Money’ appeared first on Security Boulevard.
Bleeping Computer
APRIL 6, 2022
American cybersecurity company Palo Alto Networks warned customers on Wednesday that some of its firewall, VPN, and XDR products are vulnerable to a high severity OpenSSL infinite loop bug disclosed three weeks ago [.].
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Tech Republic Security
APRIL 5, 2022
A new report from CyberEdge group goes into detail on why businesses are more keen to pay off ransomware attackers and what can be done to increase cyber security. The post Nearly two-thirds of ransomware victims paid ransoms last year appeared first on TechRepublic.
Schneier on Security
APRIL 4, 2022
Wyze ignored a vulnerability in its home security cameras for three years. Bitdefender, who discovered the vulnerability, let the company get away with it. In case you’re wondering, no, that is not normal in the security community. While experts tell me that the concept of a “responsible disclosure timeline” is a little outdated and heavily depends on the situation, we’re generally measuring in days , not years. “The majority of researchers have policies where if th
CSO Magazine
APRIL 4, 2022
Botnet definition. A botnet is a collection of internet-connected devices that an attacker has compromised to carry out DDoS attacks and other tasks as a swarm. The idea is that each computer becomes a mindless robot in a larger network of identical robots, which gives the word botnet its meaning. "Malware infects an unsuspecting, legitimate computer, which communicates back to the botnet operator that the infected computer is now ready to follow orders blindly," explains Nasser Fattah, North Am
Malwarebytes
APRIL 5, 2022
On April 4 2022, the Cybersecurity & Infrastructure Security Agency (CISA) added CVE-2021-45382 to its known exploited vulnerabilities catalog. But since the affected products have reached end of life (EOL), the advice is to disconnect them, if still in use. CISA catalog. The CISA catalog of known exploited vulnerabilities was set up to list the most important vulnerabilities that have proven to pose the biggest risks.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Tech Republic Security
APRIL 5, 2022
In one type of phishing attack described by the IRS, scammers pose as IRS workers to try to coax employees into sharing social security numbers or bank account details. The post IRS warns consumers and businesses of common scams during tax season appeared first on TechRepublic.
Schneier on Security
APRIL 7, 2022
The Justice Department announced the disruption of a Russian GRU-controlled botnet: The Justice Department today announced a court-authorized operation, conducted in March 2022, to disrupt a two-tiered global botnet of thousands of infected network hardware devices under the control of a threat actor known to security researchers as Sandworm, which the U.S. government has previously attributed to the Main Intelligence Directorate of the General Staff of the Armed Forces of the Russian Federation
Graham Cluley
APRIL 3, 2022
Owners of physical Trezor cryptocurrency wallets should be on their guard after an email was sent out by thieves attempting to dupe them into downloading new software to their devices.
Bleeping Computer
APRIL 5, 2022
US chipmaker Intel announced Tuesday night that it had suspended all business operations in Russia, joining tech other companies who pulled out of the country due to the invasion of Ukraine. [.].
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Tech Republic Security
APRIL 7, 2022
The phony apps attempted to deliver malware designed to steal account credentials and banking information, Check Point Research says. The post Malicious Android apps found masquerading as legitimate antivirus tools appeared first on TechRepublic.
CSO Magazine
APRIL 5, 2022
I don’t know how many times I’ve heard cybersecurity professionals say something like, “Not having multi-factor authentication is a huge risk for our organization.” The truth is, that type of statement may illustrate a control weakness, but unless the unwanted outcome is a ding in an audit report where MFA is required, that is not the real risk. The real risk is the probability of a ransomware incident, for example, or the leak of personally identifiable information (PII) from a customer databas
Malwarebytes
APRIL 8, 2022
The US Department of Justice (DoJ) and Microsoft have taken the sting out of two operations believed to be controlled by the Russian Federation’s Main Intelligence Directorate (GRU). On Wednesday, the DOJ announced that it had disrupted GRU’s control over thousands of internet-connected firewall devices compromised by the Russian Sandworm group. One day later, Microsoft disclosed information about the steps it took to disrupt cyberattacks it had seen targeting Ukraine.
Bleeping Computer
APRIL 5, 2022
Security researchers have uncovered a long-running malicious campaign from hackers associated with the Chinese government who are using VLC Media Player to launch a custom malware loader. [.].
Advertisement
Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.
Tech Republic Security
APRIL 6, 2022
The scam was able to bypass Google and Microsoft’s email security filters after appearing to come from a legitimate email domain. The post Hackers employ voicemail phishing attacks on WhatsApp users appeared first on TechRepublic.
Security Affairs
APRIL 7, 2022
Experts discovered a vulnerability, tracked as CVE-2022-22292, which can be exploited to compromise Android 9, 10, 11, and 12 devices. Researchers from mobile cybersecurity firm Kryptowire discovered a vulnerability, tracked as CVE-2022-22292 , in Android 9, 10, 11, and 12 devices. The vulnerability resides in the pre-installed Phone app that executes with system privileges on Samsung devices.
We Live Security
APRIL 6, 2022
ESET researchers analyzed three malicious applications targeting customers of eight Malaysian banks. The post Fake e‑shops on the prowl for banking credentials using Android malware appeared first on WeLiveSecurity.
Bleeping Computer
APRIL 4, 2022
Email marketing firm MailChimp disclosed on Sunday that they had been hit by hackers who gained access to internal customer support and account management tools to steal audience data and conduct phishing attacks. [.].
Advertisement
Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!
Tech Republic Security
APRIL 5, 2022
Scams spotted by Tessian typically try to grab donations intended to support Ukrainian humanitarian efforts to combat Russia’s attack. See how these exploits work and how to avoid them. The post How phishing attacks are exploiting Russia’s invasion of Ukraine appeared first on TechRepublic.
Trend Micro
APRIL 3, 2022
We discovered a now-patched vulnerability in macOS SUHelper, designated as CVE-2022-22639. If exploited, the vulnerability could allow malicious actors to gain root privilege escalation.
CyberSecurity Insiders
APRIL 8, 2022
By Steve Moore, Chief Security Strategist, Exabeam. When you take a step back and consider these statistics, you will quickly realize the gravity of what is at stake for organizations when it comes to effectively securing their confidential information – and that there is still a lot more to be done to combat this growing trend. According to cybercrime prosecution statistics , 2022 is expected to see a worldwide annual spend of nearly $134 billion to both prevent and also deal with the aftermath
eSecurity Planet
APRIL 6, 2022
Spring4Shell ( CVE-2022-22965 ) is a remote code execution (RCE) vulnerability that affects Spring Core, a comprehensive framework for Java-based enterprise applications. Spring4Shell gets its name from the Log4Shell vulnerability , one of the most critical zero-day threats ever, which affected a Java software component called Log4j and allowed hackers to take control of web servers and networks.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Expert insights. Personalized for you.
328 
Let's personalize your content