Krebs on Security

MARCH 8, 2022

Lumen Technologies , an American company that operates one of the largest Internet backbones and carries a significant percentage of the world’s Internet traffic, said today it will stop routing traffic for organizations based in Russia. Lumen’s decision comes just days after a similar exit by backbone provider Cogent , and amid a news media crackdown in Russia that has already left millions of Russians in the dark about what is really going on with their president’s war in Ukr

Military 332

Military Government Risk Business Services 332

The Last Watchdog

MARCH 7, 2022

As companies accelerate their reliance on agile software development, cloud-hosted IT infrastructure and mobile applications, vulnerability management (VM) has an increasingly vital security role to play. Related: Log4j vulnerability translates into vast exposures. Not only does VM contribute to the safety and security of an organization’s network and infrastructure, it also helps ensure infrastructure performance is optimized.

Data breaches 229

Data breaches Cloud Risk Cybersecurity 229

Dark Reading

MARCH 8, 2022

In a deal worth $5.4 billion, Google would expand its security portfolio with managed detection and response (MDR) and threat intelligence, with an increasing focus on automation.

Security 91

Security IT 91

Data Matters

MARCH 9, 2022

Yesterday DOJ announced its first settlement under the Department’s new “Cyber-Fraud Initiative.” This initiative, announced in October 2021 , aims to “utilize the False Claims Act to pursue cybersecurity related fraud by government contractors and grant recipients.” However, as discussed further here , in addition to targeting traditional government contractors, the initiative presents broader opportunities for DOJ to use the FCA to address data protection practices by healthcare providers.

Cybersecurity 158

Cybersecurity Government Privacy IT 158

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

Krebs on Security

MARCH 11, 2022

As their cities suffered more intense bombardment by Russian military forces this week, Ukrainian Internet users came under renewed cyberattacks, with one Internet company providing service there saying they blocked ten times the normal number of phishing and malware attacks targeting Ukrainians. John Todd is general manager of Quad9 , a free “anycast” DNS platform.

Phishing 312

Phishing Military Government Data collection 312

Security Affairs

MARCH 10, 2022

The U.S. CISA has updated the alert on Conti ransomware and added 98 domain names used by the criminal gang. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has updated the alert on Conti ransomware operations, the agency added 100 domain names used by the group. The joint report published by CISA, the Federal Bureau of Investigation (FBI), and the National Security Agency (NSA) in September warned of an increased number of Conti ransomware attacks against US organizations.

Ransomware 145

Ransomware Cybersecurity Security Access 145

IT Governance

MARCH 8, 2022

Welcome to our March 2022 review of phishing attacks, in which we explore the latest email scams and the tactics that cyber criminals use to trick people into handing over their personal information. This month, we look at a phishing attack targeting Ukrainian citizens, the latest campaign imitating Tesco and a warning from HSBC. Ukrainian citizens targeted by phishing attacks.

Phishing 143

Phishing Military Access Education 143

Krebs on Security

MARCH 7, 2022

Three stories here last week pored over several years’ worth of internal chat records stolen from the Conti ransomware group, the most profitable ransomware gang in operation today. The candid messages revealed how Conti evaded law enforcement and intelligence agencies , what it was like on a typical day at the Conti office , and how Conti secured the digital weaponry used in their attacks.

Ransomware 247

Ransomware Mining Blockchain Sales 247

Schneier on Security

MARCH 7, 2022

An Alexa can respond to voice commands it issues. This can be exploited : The attack works by using the device’s speaker to issue voice commands. As long as the speech contains the device wake word (usually “Alexa” or “Echo”) followed by a permissible command, the Echo will carry it out, researchers from Royal Holloway University in London and Italy’s University of Catania found.

Paper 140

Paper Access IT 140

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Cloud

Security Affairs

MARCH 5, 2022

Anonymous and its affiliates continue to target Russia and Belarus, it is also targeting the Russian disinformation machine. Anonymous announced to have hacked more than 2,500 websites linked to the Russian and Belarusian governments, state-owned media outlets spreading disinformation, Russian private organizations, banks, hospitals, airports. The attacks were conducted as part of the #OpRussia launched by the collective after the violent and illegitimate invasion of Ukraine.

Passwords 145

Passwords Government Military Authentication 145

Troy Hunt

MARCH 9, 2022

I have lots of little ideas for various pet projects, most of which go nowhere ( Have I Been Pwned being the exception), so I'm always looking for the fastest, cheapest way to get up and running. Last month as part of my blog post on How Everything We're Told About Website Identity Assurance is Wrong , I spun up a Cloudflare Pages website for the first time and hosted digicert-secured.com there (the page has a seal on it so you know you can trust it).

Passwords 138

Passwords Access IT Cybersecurity 138

Krebs on Security

MARCH 9, 2022

Microsoft on Tuesday released software updates to plug at least 70 security holes in its Windows operating systems and related software. For the second month running, there are no scary zero-day threats looming for Windows users, and relatively few “critical” fixes. And yet we know from experience that attackers are already trying to work out how to turn these patches into a roadmap for exploiting the flaws they fix.

Authentication 40

Authentication Ransomware Phishing Passwords 40

eSecurity Planet

MARCH 7, 2022

A SaaS security company says a spike in cyber attacks from Russia and China in recent weeks suggests the two countries may be coordinating their cyber efforts. SaaS Alerts, which helps managed service providers (MSPs) manage and protect customers’ SaaS apps, mentioned the finding in conjunction with the release of its annual SaaS Application Security Insights (SASI) report. “Over the last several weeks, SaaS Alerts has seen a sharp rise in activity from countries with consistently hi

Security 134

Security Risk Military Cybersecurity 134

Advertisement

Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?

Security Affairs

MARCH 10, 2022

Vodafone is investigating a recently suffered cyberattack, after a ransomware gang Lapsus$ claimed to have stolen its source code. Vodafone announced to have launched an investigation after the Lapsus$ cybercrime group claimed to have stolen its source code. The Lapsus$ gang claims to have stolen approximately 200 GB of source code files, allegedly contained in 5,000 GitHub repositories.

Data breaches 133

Data breaches Communications Ransomware IT 133

Jamf

MARCH 8, 2022

Introducing Jamf School of Thought, a monthly "blogcast" for educators featuring interviews with key leaders in K-12 and higher education. Listen and participate live or catch up with on-demand installments to learn about new solutions and workflows transforming the presence of Jamf + Apple in the classroom.

Education 131

Education 131

Schneier on Security

MARCH 8, 2022

Yet another method of surveillance : Radar can detect you moving closer to a computer and entering its personal space. This might mean the computer can then choose to perform certain actions, like booting up the screen without requiring you to press a button. This kind of interaction already exists in current Google Nest smart displays , though instead of radar, Google employs ultrasonic sound waves to measure a person’s distance from the device.

Privacy 126

Privacy IT 126

eSecurity Planet

MARCH 8, 2022

The average internet user has somewhere around 100 accounts, according to NordPass research, meaning they have to track 100 different passwords or risk using the same one over and over. Users looking to increase their security without the burden of remembering all those passwords typically turn to password managers to keep their accounts secure. In the last year, we’ve taken an extensive look at the market for password managers, and here we’ll compare Bitwarden and 1Password to help

Passwords 131

Passwords Encryption GDPR Compliance 131

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

IT

Security Affairs

MARCH 11, 2022

The Anonymous collective continues to launch attacks against Russian entities, this is a summary of recent offensives. Anonymous announced to have hacked the Russian Federal Service for Supervision of Communications, Information Technology and Mass Media, also known as Roskomnadzor. The agency is responsible for monitoring, controlling and censoring Russian mass media and according to Anonymous, it is controlling the disinformation campaign about the ongoing invasion of Ukraine.

Authentication 126

Authentication Communications IT Security 126

KnowBe4

MARCH 11, 2022

New analysis of attacks in 2021 show massive increases across the board, painting a very concerning picture for this year around cyberattacks of all types.

Phishing 119

Phishing 119

Schneier on Security

MARCH 10, 2022

It has been interesting to notice how unimportant and ineffective cyber operations have been in the Russia-Ukraine war. Russia launched a wiper against Ukraine at the beginning, but it was found and neutered. Near as I can tell, the only thing that worked was the disabling of regional KA-SAT SATCOM terminals. It’s probably too early to reach any conclusions, but people are starting to write about this, with varying theories.

IT 126

IT 126

eSecurity Planet

MARCH 9, 2022

A major Linux vulnerability dubbed “Dirty Pipe” could allow even the least privileged users to perform malicious actions. Researcher Max Kellermann of Ionos revealed the new vulnerability earlier this week. The name is reminiscent of the “Dirty Cow” vulnerability discovered in 2016 that allowed attackers to gain root access on any Android Phone regardless of the OS version, but Dirty Pipe could be even easier to exploit than its predecessor.

Access 123

Access Libraries Passwords IT 123

Speaker: Anindo Banerjea, CTO at Civio & Tony Karrer, CTO at Aggregage

When developing a Gen AI application, one of the most significant challenges is improving accuracy. This can be especially difficult when working with a large data corpus, and as the complexity of the task increases. The number of use cases/corner cases that the system is expected to handle essentially explodes. 💥 Anindo Banerjea is here to showcase his significant experience building AI/ML SaaS applications as he walks us through the current problems his company, Civio, is solving.

Security Affairs

MARCH 11, 2022

Lapsus$ Ransomware gang is looking for insiders willing to sell remote access to major technology corporations and ISPs. Thursday, March 10, Lapsus$ ransomware gang announced they’re starting to recruit insiders employed within major technology giants and ISPs, such companies include Microsoft, Apple, EA Games and IBM. Their scope of interests include – major telecommunications companies such as Claro, Telefonica and AT&T.

Ransomware 126

Ransomware IT Cybersecurity Access 126

Data Matters

MARCH 7, 2022

On 23 February 2022, the European Commission ( Commission ) proposed a draft of a regulation on harmonised rules on fair access to and use of data – also known as the Data Act. The Data Act is intended to “ ensure fairness in the digital environment, stimulate a competitive data market, open opportunities for data-driven innovation and make data more accessible for all ”.

Big data 117

Big data Artificial Intelligence Cloud Manufacturing 117

Schneier on Security

MARCH 9, 2022

Zelle is rife with fraud : Zelle’s immediacy has also made it a favorite of fraudsters. Other types of bank transfers or transactions involving payment cards typically take at least a day to clear. But once crooks scare or trick victims into handing over money via Zelle, they can siphon away thousands of dollars in seconds. There’s no way for customers — and in many cases, the banks themselves — to retrieve the money. […].

Security 115

Security IT 115

eSecurity Planet

MARCH 10, 2022

Even using a password with special characters, numbers, and both upper and lower case letters, an attacker can crack an eight-character password in as little as 39 minutes with brute force attacks. And if you use the same password for all of your online accounts, you’re giving attackers access to a ton of information with very little work. Password managers , like Keeper and 1Password, make it easy for users to secure their online accounts without having to remember a different password for each

Passwords 113

Passwords Encryption Compliance Authentication 113

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Cloud

Security Affairs

MARCH 8, 2022

Microsoft March 2022 Patch Tuesday security updates address 89 vulnerabilities in multiple products, including 3 zero-days. Microsoft March 2022 Patch Tuesday security updates address 89 vulnerabilities in multiple products, including Microsoft Windows components, Azure and Azure DevOps, Azure Sphere, Internet Explorer and Edge (EdgeHTML), Exchange Server, Office and Office Services and Web Apps, SharePoint Server, Visual Studio, and Windows Hyper-V.

Libraries 126

Libraries IoT Security Cloud 126

WIRED Threat Level

MARCH 8, 2022

War in Ukraine and Western sanctions against Russia have made cryptocurrency a hot potato for international politics.

Security 112

Security 112

OpenText Information Management

MARCH 7, 2022

On International Women’s Day, we recognize and celebrate all the ways women have brought their insight, strategy and commitment to the opportunities and challenges we face as a planet. Women have broken barriers this year. The United States nominated the first Black woman to the Supreme Court, while the first woman Vice President finished her … The post International Women’s Day 2022–Break the Bias appeared first on OpenText Blogs.

111

111