Software and Technology - Cyber Security Informer

Govt. Services Firm Tyler Technologies Hit in Apparent Ransomware Attack

Krebs on Security

SEPTEMBER 23, 2020

Tyler Technologies , a Texas-based company that bills itself as the largest provider of software and technology services to the United States public sector, is battling a network intrusion that has disrupted its operations. Tyler Technologies declined to say how the intrusion is affecting its customers.

Technology

Technology Ransomware Software Government

FBI Raids Chinese Point-of-Sale Giant PAX Technology

Krebs on Security

OCTOBER 26, 2021

federal investigators today raided the Florida offices of PAX Technology , a Chinese provider of point-of-sale devices used by millions of businesses and retailers globally. FBI agents entering PAX Technology offices in Jacksonville today. Headquartered in Shenzhen, China, PAX Technology Inc. organizations. Source: WOKV.com.

Technology

Technology Retail Computers and Electronics Malware

Intel is Maintaining Legacy Technology for Security Research

Schneier on Security

NOVEMBER 30, 2021

Interesting : Intel’s issue reflects a wider concern: Legacy technology can introduce cybersecurity weaknesses. The warehouse stores around 3,000 pieces of hardware and software, going back about a decade. This creates a long tail of old products that remain in widespread use, vulnerable to attacks.

Technology

Technology Engineering Software Cybersecurity

Using Google Search to Find Software Can Be Risky

Krebs on Security

JANUARY 25, 2024

Google continues to struggle with cybercriminals running malicious ads on its search platform to trick people into downloading booby-trapped copies of popular free software applications. And by most accounts, the threat from bad ads leading to backdoored software has subsided significantly compared to a year ago. com , filezillasoft[.]com

Software

Software Advertising Malware Accountability

Enhance Innovation and Governance Through the Cloud Development Maturity Model

Leverage the Cloud Development Environment Maturity Model to elevate your software development practices with scalable, secure cloud-based workspaces. This model offers a structured approach to modernizing development, aligning technology, developer experience, security, and workflows.

Government

Kaseya Left Customer Portal Vulnerable to 2015 Flaw in its Own Software

Krebs on Security

JULY 8, 2021

The attackers exploited a vulnerability in software from Kaseya , a Miami-based company whose products help system administrators manage large networks remotely. Mandiant notified Kaseya after hearing about it from Alex Holden , founder and chief technology officer of Milwaukee-based cyber intelligence firm Hold Security.

Software

Software Ransomware System Administration Authentication

RSAC insights: Software tampering escalates as bad actors take advantage of ‘dependency confusion’

The Last Watchdog

JUNE 3, 2022

If that wasn’t bad enough, the attack surface companies must defend is expanding inwardly, as well – as software tampering at a deep level escalates. This now includes paying much closer attention to the elite threat actors who are moving inwardly to carve out fresh vectors taking them deep inside software coding. Obfuscated tampering.

Software

Software Internet Internet System Administration

GUEST ESSAY: Where we stand on mitigating software risks associated with fly-by-wire jetliners

The Last Watchdog

AUGUST 29, 2023

Related: Pushing the fly-by-wire envelope This is especially true because systems are more interconnected and use more complex commercial software than ever before, meaning a vulnerability in one system could lead to a malicious actor gaining access to more important systems. Risks delineated Still, there have been many other incidents since.

Software

Software Risk Artificial Intelligence Engineering

The CrowdStrike Outage and Market-Driven Brittleness

Schneier on Security

JULY 25, 2024

As we experienced last week, a single problem in a small piece of software can take large swaths of the internet and global economy offline. In information technology, brittleness also results from the fact that hundreds of companies, none of which you;ve heard of, each perform a small but essential role in keeping the internet running.

Marketing

Marketing Software Internet Internet

Monetization Monitor: Monetization Models and Pricing 2020

Advertiser: Revenera

Customers demand—and suppliers offer—a diverse mix of monetization models for Software and Digital Services related to IoT Devices. Approximately a third (34%) of respondents in this year’s annual software and IoT monetization survey still rely on homegrown solutions. Reliable insights aren’t getting easier as technology evolves.

IoT

3CX Breach Was a Double Supply Chain Compromise

Krebs on Security

APRIL 20, 2023

We learned some remarkable new details this week about the recent supply-chain attack on VoIP software provider 3CX. “This is the first time Mandiant has seen a software supply chain attack lead to another software supply chain attack,” reads the April 20 Mandiant report. Microsoft Corp.

Malware

Malware Software Technology Accountability

Hacking Automobile Keyless Entry Systems

Schneier on Security

OCTOBER 17, 2022

Suspected members of a European car-theft ring have been arrested : The criminals targeted vehicles with keyless entry and start systems, exploiting the technology to get into the car and drive away. Among those arrested feature the software developers, its resellers and the car thieves who used this tool to steal vehicles.

Hacking

Hacking Manufacturing Marketing Software

Black Hat Fireside Chat: Why grasping the context of code is a recipe for keeping software secure

The Last Watchdog

AUGUST 19, 2024

President Biden’s call for the mainstreaming of Software Bill of Materials (SBOMs) is a major step forward. He drew a vivid parallel between food safety and software security. The post Black Hat Fireside Chat: Why grasping the context of code is a recipe for keeping software secure first appeared on The Last Watchdog.

Software

Software Internet Internet Accountability

National Security Risks of Late-Stage Capitalism

Schneier on Security

MARCH 1, 2021

Early in 2020, cyberspace attackers apparently working for the Russian government compromised a piece of widely used network management software made by a company called SolarWinds. For a while, in 2019, the update server’s password for SolarWinds’s network management software was reported to be “solarwinds123.”

Risk

Risk Government Marketing Software

Software Composition Analysis: The New Armor for Your Cybersecurity

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. All of these stats beg the question, “Do you know what’s in your software?”

Cybersecurity

On Not Fixing Old Vulnerabilities

Schneier on Security

MARCH 9, 2021

…26% of companies Positive Technologies tested were vulnerable to WannaCry, which was a threat years ago, and some even vulnerable to Heartbleed. “The most frequent vulnerabilities detected during automated assessment date back to 20132017, which indicates a lack of recent software updates,” the reported stated.

Technology

Technology Software Malware

Another Event-Related Spyware App

Schneier on Security

NOVEMBER 15, 2022

The app also provides Egypt’s Ministry of Communications and Information Technology, which created it, with other so-called backdoor privileges, or the ability to scan people’s devices. It can also track people’s locations via smartphone’s built-in GPS and Wi-Fi technologies, according to two of the analysts.

Spyware

Spyware Technology Encryption Government

Ted Chiang on the Risks of AI

Schneier on Security

MAY 12, 2023

as a broad set of technologies being marketed to companies to help them cut their costs, the question becomes: how do we keep those technologies from working as “capital’s willing executioners”? Yet such software could easily still cause as much harm as McKinsey has. If you think of A.I. Alternatively, if you imagine A.I.

Risk

Risk Software Technology Marketing

News Alert: Protect AI raises $35M in Series A financing to secure AI, ML software supply chain

The Last Watchdog

JULY 26, 2023

He brings more than three decades of investment, operational and entrepreneurial experience in cybersecurity, enterprise software and data analytics to the Board. The company has the vision, technology and expertise to capture a lion’s share of this new market category.”

Software

Software Digital transformation Marketing Artificial Intelligence

Making Software Pirates Pay: An E-Commerce Playbook

Advertiser: Revenera

Vendors large and small have been using software intelligence to understand who is using unlicensed versions of their software so they can develop data-driven strategies to identify and convert unpaid users, generating new license revenue.

Software

Google Mending Another Crack in Widevine

Krebs on Security

OCTOBER 26, 2020

For the second time in as many years, Google is working to fix a weakness in its Widevine digital rights management (DRM) technology used by online streaming sites like Disney , Hulu and Netflix to prevent their content from being pirated. ” Google called the weakness a circumvention that would be fixed. .”

Software

Software Technology Mobile Media

AIs as Computer Hackers

Schneier on Security

FEBRUARY 2, 2023

It’s a controlled setting for what computer hackers do in real life: finding and fixing vulnerabilities in their own systems and exploiting them in others’ It’s the software vulnerability lifecycle. The competition occurred in a specially designed test environment filled with custom software that had never been analyzed or tested.

Artificial Intelligence

Artificial Intelligence Technology Software Hacking

The NSA Has a Long-Lost Lecture by Adm. Grace Hopper

Schneier on Security

JULY 12, 2024

Grace Hopper titled “Future Possibilities: Data, Hardware, Software, and People.” With digital obsolescence threatening many early technological formats, the dilemma surrounding Admiral Hopper’s lecture underscores the critical need for and challenge of digital preservation. So they won’t do anything.

Technology

Technology Software

Identity Theft from 1965 Uncovered through Face Recognition

Schneier on Security

AUGUST 29, 2023

The facial recognition technology is used by the Maine Bureau of Motor Vehicles to ensure no one obtains multiple credentials or credentials under someone else’s name, said Emily Cook, spokesperson for the secretary of state’s office.

Identity Theft

Identity Theft Technology Software

LW ROUNDTABLE: CrowdStrike outage reveals long road ahead to achieve digital resiliency

The Last Watchdog

JULY 25, 2024

Related: Microsoft blames outage on EU A flawed update to CrowdStrike’s Falcon security software caused millions of computers running Microsoft Windows to display the infamous blue screen of death. In the latter, a threat actor purposefully identified and exploited a soft spot in SolarWinds’ automated software update service.

Technology

Technology Ransomware Software Cyber Attacks

U.S. Treasury, Commerce Depts. Hacked Through SolarWinds Compromise

Krebs on Security

DECEMBER 14, 2020

In a security advisory , Austin, Texas based SolarWinds acknowledged its systems “experienced a highly sophisticated, manual supply chain attack on SolarWinds Orion Platform software builds for versions 2019.4 HF 5 through 2020.2.1, released between March 2020 and June 2020.” ”

Hacking

Hacking Antivirus Software Accountability

MY TAKE: Black Hat USA 2024’s big takeaway – GenAI factors into the quest for digital resiliency

The Last Watchdog

AUGUST 12, 2024

This is all part of Generative AI and Large Language Models igniting the next massive technological disruption globally. Highlights of what I learned: Coding level The continual monitoring and hardening of business software as it is being rapidly developed, tested and deployed in the field has become a foundational best practice.

Software

Software Technology Mobile Cybersecurity

On the Zero-Day Market

Schneier on Security

MAY 24, 2024

The last ten years have seen a global market emerge for ready-made software that lets governments surveil their citizens and foreign adversaries alike and to do so more easily than when such work required tradecraft. The last ten years have also been marked by stark failures to control spyware and its precursors and components.

Marketing

Marketing Spyware Surveillance Government

Sealed U.S. Court Records Exposed in SolarWinds Breach

Krebs on Security

JANUARY 7, 2021

The ongoing breach affecting thousands of organizations that relied on backdoored products by network software firm SolarWinds may have jeopardized the privacy of countless sealed court documents on file with the U.S. federal court system, according to a memo released Wednesday by the Administrative Office (AO) of the U.S.

Computers and Electronics

Computers and Electronics Software Engineering Accountability

Newsweek Op-Ed: Banning Tik Tok And Other Chinese Apps Is Distracting Us From The Bigger Danger China Poses To American CyberSecurity

Joseph Steinberg

APRIL 25, 2023

It is hardly a secret that, for nearly 30 years, I have been warning about the danger posed to US national security by the simultaneous combination of our growing reliance on Chinese technology, and our general indifference to China’s huge technological “leaps forward” in the realm of cybersecurity.

Cybersecurity

Cybersecurity Artificial Intelligence Software Manufacturing

AI vs AI: Next front in phishing wars

Tech Republic Security

JUNE 16, 2023

Threat intelligence firm Abnormal Software is seeing cybercriminals using generative AI to go phishing; the same technology is part of the defense. The post AI vs AI: Next front in phishing wars appeared first on TechRepublic.

Phishing

Phishing Technology Software Artificial Intelligence

A Security Vulnerability in the KmsdBot Botnet

Schneier on Security

DECEMBER 15, 2022

Security researchers found a software bug in the KmsdBot cryptomining botnet: With no error-checking built in, sending KmsdBot a malformed command—like its controllers did one day while Akamai was watching—created a panic crash with an “index out of range” error.

Technology

Technology Software

ChatGPT-Written Malware

Schneier on Security

JANUARY 10, 2023

…within a few weeks of ChatGPT going live, participants in cybercrime forums—some with little or no coding experience—were using it to write software and emails that could be used for espionage, ransomware, malicious spam, and other malicious tasks. And the technology will only get better.

Malware

Malware Encryption Cybercrime Passwords

RSAC insights: Why vulnerability management absolutely must shift to a risk-assessment approach

The Last Watchdog

MAY 31, 2022

Microsoft’s Patch Tuesday speaks to the never-ending flow of freshly discovered software flaws — and the software giant’s best efforts ease the burden of mitigating them. This results from companies chasing after agile software development and cloud-centric innovations, above all else.

Risk

Risk Digital transformation Software Technology

Crickets from Chirp Systems in Smart Lock Key Leak

Krebs on Security

APRIL 15, 2024

.” Using those hard-coded credentials, Brown found an attacker could then connect to an application programming interface (API) that Chirp uses which is managed by smart lock vendor August.com , and use that enumerate and remotely lock or unlock any door in any building that uses the technology.

Software

Software Mobile Marketing Engineering

Calendar Meeting Links Used to Spread Mac Malware

Krebs on Security

FEBRUARY 28, 2024

Doug then messaged the Mr. Lee account on Telegram, who said there was some kind of technology issue with the video platform, and that their IT people suggested using a different meeting link. MacOS computers include X-Protect , Apple’s built-in antivirus technology. “We are actively working on fixing these problems. .”

Malware

Malware Cryptocurrency Software Phishing

MY TAKE: Businesses gravitate to ‘passwordless’ authentication — widespread consumer use up next

The Last Watchdog

MAY 24, 2022

Passwordless technology is certainly ready for prime time; innovative solutions from suppliers like Cisco’s Duo, Hypr, OneLogin and Veridium have been steadily gaining traction in corporate settings for the past few years. This was accomplished by using web cameras at each terminal tied into Veridium facial recognition software.

Authentication

Authentication Passwords Banking Digital transformation

Data Enrichment, People Data Labs and Another 622M Email Addresses

Troy Hunt

NOVEMBER 22, 2019

i speak at conferences around the world and run workshops on how to build more secure software within organisations. i speak at conferences around the world and run workshops on how to build more secure software within organisations. i'm also the creator of the data breach aggregation service known as "have i been pwned".

Data breaches

Data breaches Technology Software Accountability

Microsoft: Attackers Exploiting Windows Zero-Day Flaw

Krebs on Security

SEPTEMBER 8, 2021

This year has been a tough one for Windows users and so-called “zero day” threats, which refers to vulnerabilities that are not patched by current versions of the software in question, and are being actively exploited to break into vulnerable computers.

Software

Software Engineering Internet Internet

The Security Failures of Online Exam Proctoring

Schneier on Security

NOVEMBER 11, 2020

But asking students to install software to monitor them during a test raises a host of fairness issues, experts say. “There’s a big gulf between what this technology promises, and what it actually does on the ground,” said Audrey Watters, a researcher on the edtech industry who runs the website Hack Education.

Artificial Intelligence

Artificial Intelligence Education Technology Hacking

How Outsourcing Cybersecurity Crashed the World’s IT: A Webinar With Columbia University Faculty

Joseph Steinberg

JULY 23, 2024

On July 19th, 2024, a faulty software update issued by the cybersecurity firm, CrowdStrike, took down over 8.5 Columbia’s panel of security experts and Columbia University Technology Management faculty will include Cristina Dolan Christy Fernandez-Cull Joseph Steinberg …and will be moderated by Program Director, Alexis Wichowski.

Artificial Intelligence

Artificial Intelligence Cybersecurity Government Technology

NEW TECH SNAPHOT: Can ‘CAASM’ help slow, perhaps reverse, attack surface expansion?

The Last Watchdog

MAY 17, 2022

The good news is that a long-overdue transition to a new attack surface and security paradigm is well underway, one built on a fresh set of cloud-native security frameworks and buttressed by software-defined security technologies.

Technology

Technology Software Cybersecurity Internet

Vulnerabilities in Weapons Systems

Schneier on Security

JUNE 8, 2021

Military software is unlikely to be any more secure than commercial software. And since military software is vulnerable to the same cyberattacks as commercial software, military supply chains have many of the same risks. This is just one of many risks to our normal civilian computer supply chains. weapons systems.

Software

Software Cybersecurity Backups Manufacturing

GUEST ESSAY: Introducing ‘killware’ — malware designed to contaminate, disrupt critical services

The Last Watchdog

DECEMBER 20, 2021

This is an important step, but it is also up to organizations to ensure they have the right technology and security protocols to defend themselves. To effectively prevent spearphishing, organizations should look to intelligent technology. water and wastewater systems.

Malware

Malware Phishing Technology Ransomware

Govt. Services Firm Tyler Technologies Hit in Apparent Ransomware Attack

FBI Raids Chinese Point-of-Sale Giant PAX Technology

Trending Sources

Intel is Maintaining Legacy Technology for Security Research

Using Google Search to Find Software Can Be Risky

Enhance Innovation and Governance Through the Cloud Development Maturity Model

Kaseya Left Customer Portal Vulnerable to 2015 Flaw in its Own Software

RSAC insights: Software tampering escalates as bad actors take advantage of ‘dependency confusion’

GUEST ESSAY: Where we stand on mitigating software risks associated with fly-by-wire jetliners

The CrowdStrike Outage and Market-Driven Brittleness

Monetization Monitor: Monetization Models and Pricing 2020

3CX Breach Was a Double Supply Chain Compromise

Hacking Automobile Keyless Entry Systems

Black Hat Fireside Chat: Why grasping the context of code is a recipe for keeping software secure

National Security Risks of Late-Stage Capitalism

Software Composition Analysis: The New Armor for Your Cybersecurity

On Not Fixing Old Vulnerabilities

Another Event-Related Spyware App

Ted Chiang on the Risks of AI

News Alert: Protect AI raises $35M in Series A financing to secure AI, ML software supply chain

Making Software Pirates Pay: An E-Commerce Playbook

Google Mending Another Crack in Widevine

AIs as Computer Hackers

The NSA Has a Long-Lost Lecture by Adm. Grace Hopper

Identity Theft from 1965 Uncovered through Face Recognition

LW ROUNDTABLE: CrowdStrike outage reveals long road ahead to achieve digital resiliency

U.S. Treasury, Commerce Depts. Hacked Through SolarWinds Compromise

MY TAKE: Black Hat USA 2024’s big takeaway – GenAI factors into the quest for digital resiliency

On the Zero-Day Market

Sealed U.S. Court Records Exposed in SolarWinds Breach

Newsweek Op-Ed: Banning Tik Tok And Other Chinese Apps Is Distracting Us From The Bigger Danger China Poses To American CyberSecurity

AI vs AI: Next front in phishing wars

A Security Vulnerability in the KmsdBot Botnet

ChatGPT-Written Malware

RSAC insights: Why vulnerability management absolutely must shift to a risk-assessment approach

Crickets from Chirp Systems in Smart Lock Key Leak

Calendar Meeting Links Used to Spread Mac Malware

MY TAKE: Businesses gravitate to ‘passwordless’ authentication — widespread consumer use up next

Data Enrichment, People Data Labs and Another 622M Email Addresses

Microsoft: Attackers Exploiting Windows Zero-Day Flaw

The Security Failures of Online Exam Proctoring

How Outsourcing Cybersecurity Crashed the World’s IT: A Webinar With Columbia University Faculty

NEW TECH SNAPHOT: Can ‘CAASM’ help slow, perhaps reverse, attack surface expansion?

Vulnerabilities in Weapons Systems

GUEST ESSAY: Introducing ‘killware’ — malware designed to contaminate, disrupt critical services

Stay Connected