Sat.Mar 12, 2022 - Fri.Mar 18, 2022

article thumbnail

GUEST ESSAY: Few consumers read privacy policies — tools can now do this for them

The Last Watchdog

When was the last time you read an online privacy policy in its entirety? Perhaps, never? Yet our world has moved online. We have on average 67 applications on our mobile phones, seven social media accounts and more than 120 online accounts. But these accounts are not all about networking and games. Related: What happened to privacy in 2021. COVID crisis has forced us to work remotely.

Privacy 223
article thumbnail

Free Cybersecurity Tools Offered to Hospitals and Utilities

Data Breach Today

Critical Infrastructure Defense Project From Cloudflare, CrowdStrike, Ping Identity As Western cybersecurity officials warn that Russia's Ukraine invasion poses an elevated cybersecurity risk to all, kudos to Cloudflare, CrowdStrike and Ping Identity for offering free endpoint security and other defenses to the healthcare sector and power sectors, for at least four months.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Mobile App Developers Leave Behind 2,100 Open Databases

Dark Reading

A simple request to the VirusTotal scanning service reveals thousands of mobile-application databases left open to the public by developers in a three-month period.

101
101
article thumbnail

Pro-Ukraine ‘Protestware’ Pushes Antiwar Ads, Geo-Targeted Malware

Krebs on Security

Researchers are tracking a number of open-source “ protestware ” projects on GitHub that have recently altered their code to display “Stand with Ukraine” messages for users, or basic facts about the carnage in Ukraine. The group also is tracking several code packages that were recently modified to erase files on computers that appear to be coming from Russian or Belarusian Internet addresses.

Libraries 351
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Picking parameters

Imperial Violet

When taking something from cryptographic theory into practice, it's very important to pick parameters. I don't mean picking the right parameters — although that certainly helps. I mean picking parameters at all. That might seem obvious, but there are pressures pushing towards abdication: what if you get it wrong? Why not hedge bets and add another option?

IT 154

More Trending

article thumbnail

Anonymous continues to support Ukraine against the Russia

Security Affairs

The collective Anonymous and its affiliated groups continue to target the Russian government and private organizations. The collective Anonymous, and other groups in its ecosystem, continue to target the Russian government and private organizations. Let’s summarize the most interesting attacks observed in the last few days. Yesterday Anonymous announced the hack of the website of the Ministry of Emergencies of Russia, the hackers defaced them and published the message: “Don’t t

Military 145
article thumbnail

Conti Leaks Reveal the Ransomware Group's Links to Russia

WIRED Threat Level

Members of the Conti ransomware group may act in Russia’s interest, but their links to the FSB and Cozy Bear hackers appear ad hoc.

article thumbnail

How to Analyze a Business Process

AIIM

There are some chores I love, many I don’t mind, and a few that sap my will to live. Folding laundry falls into the soul-crushing category. I’ve tried doing it while I watch the Price is Right or rock out to Taylor Swift (yes, she’s my guilty pleasure!), but nothing distracts me from the monotony of that task. And my least favorite part about it has always been trying to match the socks.

IT 139
article thumbnail

Ukraine's 'IT Army' Call-Up: Don't Try This at Home

Data Breach Today

Despite Russian Aggression, Distributed Denial-of-Service Attacks Remain Illegal With Ukraine having called on the world to join its "IT Army" and help it hack Russia and ally Belarus, what could possibly go wrong? For starters, launching distributed denial-of-service attacks - at least from outside Ukraine - remains illegal and risks triggering an escalation by Moscow.

IT 353
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

CVE-2022-0778 DoS flaw in OpenSSL was fixed

Security Affairs

OpenSSL addressed a high-severity denial-of-service (DoS) vulnerability, tracked as CVE-2022-0778, related to certificate parsing. OpenSSL released updates to address a high-severity denial-of-service (DoS) vulnerability, tracked as CVE-2022-0778 , that affects the BN_mod_sqrt() function used when certificate parsing. The flaw was discovered by the popular Google Project Zero researchers Tavis Ormandy.

IT 145
article thumbnail

6 Reasons Not to Pay Ransomware Attackers

Dark Reading

Paying a ransom might appear to be the best option, but it comes with its own costs.

article thumbnail

How Cobalt Strike Became a Favorite Tool of Hackers

eSecurity Planet

Cobalt Strike was created a decade ago by Raphael Mudge as a tool for security professionals. It’s a comprehensive platform that emulates very realistic attacks. Indeed, the tool can assess vulnerabilities and run penetration tests , while most tools on the market cannot do both. Vulnerability assessment and pentesting are two different things. The first consists of identifying vulnerabilities that could be used by hackers, not exploiting them.

article thumbnail

Anonymous Reportedly Hacked Russian Energy Firm Rosneft

Data Breach Today

Report: Business Operations Unaffected, Despite Some Disruption International hacking collective Anonymous reportedly hacked the German subsidiary of Russian energy company Rosneft on Monday, die Welt newspaper says, citing the country's cybersecurity watchdog, the Federal Office for Information Security.

article thumbnail

15 Modern Use Cases for Enterprise Business Intelligence

Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?

article thumbnail

B1txor20 Linux botnet use DNS Tunnel and Log4J exploit

Security Affairs

Researchers uncovered a new Linux botnet, tracked as B1txor20, that exploits the Log4J vulnerability and DNS tunnel. Researchers from Qihoo 360’s Netlab have discovered a new backdoor used to infect Linux systems and include them in a botnet tracked as B1txor20. The malware was first spotted on February 9, 2022, when 360Netlab’s honeypot system captured an unknown ELF file that was spreading by exploiting the Log4J vulnerability.

Honeypots 145
article thumbnail

Cybercrime-as-a-Service: Its Evolution and What You Can Do to Fight Back

KnowBe4

The cybercrime market has skyrocketed in a frightening way. With threats such as ransomware to Business Email Compromise (BEC), the stakes are higher than ever for organizations across all industries.

article thumbnail

Why Vaccine Cards Are So Easily Forged

Schneier on Security

My proof of COVID-19 vaccination is recorded on an easy-to-forge paper card. With little trouble, I could print a blank form, fill it out, and snap a photo. Small imperfections wouldn’t pose any problem; you can’t see whether the paper’s weight is right in a digital image. When I fly internationally, I have to show a negative COVID-19 test result. That, too, would be easy to fake.

Paper 126
article thumbnail

Russia Says It's Seen 'Unprecedented' Level of Cyberattacks

Data Breach Today

Also: Anonymous Continues Its Cyberwar Against the Russian Government As the Ukrainian military resists Russian advances toward its major population centers, its IT security teams are contending with record cyber incidents - although the same is true of their eastern neighbors, with Russia reporting "unprecedented" cyberattacks on its networks.

Military 264
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Caketap, a new Unix rootkit used to siphon ATM banking data

Security Affairs

Experts spotted a new Unix rootkit, called Caketap, that was used to steal ATM banking data. Mandiant researchers discovered a new Unix rootkit named Caketap, which is used to steal ATM banking data, while investigating the activity of the LightBasin cybercrime group (aka UNC1945 ). The China-linked hacking group has been active since at least 2016, according to the CrowdStrike researchers it is using a very sophisticated toolset.

article thumbnail

What is Cyber Threat Management?

IT Governance

Cyber threat management is the process of identifying, analysing, evaluating and addressing an organisation’s cyber security requirements. With more than a 1,000 publicly disclosed security incidents last year – and countless others that weren’t reported – cyber security is a growing priority. It’s only by actively monitoring threats throughout their lifecycle that organisations can identify the risks that they face and the steps they should take to mitigate them.

Risk 125
article thumbnail

Breaking RSA through Insufficiently Random Primes

Schneier on Security

Basically, the SafeZone library doesn’t sufficiently randomize the two prime numbers it used to generate RSA keys. They’re too close to each other, which makes them vulnerable to recovery. There aren’t many weak keys out there, but there are some: So far, Böck has identified only a handful of keys in the wild that are vulnerable to the factorization attack.

article thumbnail

Russia May Have Caused Widespread Satellite Network Outage

Data Breach Today

Feds Issue Satellite Network Security Alert; Viasat Saw 'Deliberate' Cyberattack If Russia uses hack attacks to support its invasion, would Western governments want to immediately attribute those attacks or disruptions? Enter a Thursday alert from the U.S. government warning that it is "aware of possible threats to U.S. and international satellite communication networks.

article thumbnail

Improving the Accuracy of Generative AI Systems: A Structured Approach

Speaker: Anindo Banerjea, CTO at Civio & Tony Karrer, CTO at Aggregage

When developing a Gen AI application, one of the most significant challenges is improving accuracy. This can be especially difficult when working with a large data corpus, and as the complexity of the task increases. The number of use cases/corner cases that the system is expected to handle essentially explodes. 💥 Anindo Banerjea is here to showcase his significant experience building AI/ML SaaS applications as he walks us through the current problems his company, Civio, is solving.

article thumbnail

Hacker breaches key Russian ministry in blink of an eye

Security Affairs

In mere seconds, a hacker remotely accessed a computer belonging to a regional Russian Ministry of Health, taking advantage of sloppy cybersecurity practices to expose its entire network. Original post at [link]. Spielerkid89, who wished to remain anonymous, did not intend to harm the organization and left its systems intact. However, his experiment is a perfect example of how poor cyber hygiene can leave organizations vulnerable to cyber attacks.

article thumbnail

New Phishing Method Uses VNC to Bypass MFA Measures and Gives Cybercriminals Needed Access

KnowBe4

Despite cloud vendors like Google detecting reverse proxies or man-in-the-middle (MiTM) attacks and halting logons to thwart malicious actions, a new method easily gains access.

Access 124
article thumbnail

Code-Sabotage Incident in Protest of Ukraine War Exposed Open Source Risks

Dark Reading

The maintainer of a widely used npm module served up an unwelcome surprise for developers.

Risk 124
article thumbnail

Sanctions Against Russia and Belarus Affect Bug Hunters

Data Breach Today

This report analyzes how sanctions levied against Russia and Belarus for the invasion of Ukraine are affecting security researchers in those countries who participate in bug bounty programs. It also examines lessons to be learned from data breaches and developments in passwordless authentication.

article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

Critical flaws affect Veeam Data Backup software

Security Affairs

Veeam addressed two critical vulnerabilities impacting the Backup & Replication product for virtual environments. Veeam has released security patches to fix two critical vulnerabilities, tracked as CVE-2022-26500 and CVE-2022-26501 (CVSS score of 9.8), impacting the Backup & Replication solution for virtual environments. The solution implements data backup and restore capabilities for virtual machines running on Hyper-V, vSphere, VMware, Windows & Linux servers, laptops, NAS and more

article thumbnail

Ransomware-Related Data Leaks Increase 82% as the Number of Cybercriminal Groups Nearly Triples

KnowBe4

New insight into the state of the attacks and threats paints a picture where the cybercriminals are growing in number, sophistication and successes, while victims just sit back seemingly helpless.

article thumbnail

Written IT Security Policies: Why You Need Them & How to Create Them

eSecurity Planet

Many security professionals think that if they have done the hard work of securing their organization, that should be enough. There is, however, a next step: Documenting policies. Even though drafting IT security policies can be a pain, formal policies provide a valuable resource to protect both the IT team and their organization. In this article, we’ll briefly touch on what policies are; tips for writing them; and the advantages policies provide for compliance, transitions, and IT team liabilit

IT 122