WIRED Threat Level

DECEMBER 28, 2022

The password manager's most recent data breach is so concerning, users need to take immediate steps to protect themselves.

Data breaches 144

Data breaches Passwords IT Security 144

Data Breach Today

DECEMBER 26, 2022

APT Groups Use 500 Decoy Domains of Popular NFT, DeFi Platforms North Korean attackers are using phishing websites to impersonate popular NFT platforms and DeFi marketplaces to steal digital assets worth hundreds of thousands of dollars. They set up nearly 500 decoy sites, including that of a project associated with the World Cup and NFT marketplace OpenSea.

Phishing 130

Phishing 130

Dark Reading

DECEMBER 29, 2022

How CISOs handle the ethical issues around data breaches can make or break their careers. Don't wait until a breach happens to plot the course forward.

Data breaches 102

Data breaches 102

Security Affairs

DECEMBER 25, 2022

Threat actors are actively exploiting a critical flaw in the YITH WooCommerce Gift Cards Premium WordPress plugin installed by over 50,000 websites. Hackers are actively exploiting a critical vulnerability, tracked as CVE-2022-45359 (CVSS v3: 9.8), affecting the WordPress plugin YITH WooCommerce Gift Cards Premium. The YITH WooCommerce Gift Cards Premium plugin allows websites of online stores to sell gift cards, a WordPress plugin used on over 50,000 websites.

Passwords 98

Passwords Access IT Security 98

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

WIRED Threat Level

DECEMBER 29, 2022

The year was marked by sinister new twists on cybersecurity classics, including phishing, breaches, and ransomware attacks.

Phishing 122

Phishing Ransomware Cybersecurity Security 122

Krebs on Security

DECEMBER 29, 2022

KrebsOnSecurity turns 13 years old today. That’s a crazy long time for an independent media outlet these days, but then again I’m bound to keep doing this as long as they keep letting me. Heck, I’ve been doing this so long I briefly forgot which birthday this was! Thanks to your readership and support, I was able to spend more time in 2022 on some deep, meaty investigative stories — the really satisfying kind with the potential to affect positive change.

Passwords 270

Passwords Ransomware Computer and Electronics Access 270

Schneier on Security

DECEMBER 30, 2022

Yet another smartphone side-channel attack: “ EarSpy: Spying Caller Speech and Identity through Tiny Vibrations of Smartphone Ear Speakers “: Abstract: Eavesdropping from the user’s smartphone is a well-known threat to the user’s safety and privacy. Existing studies show that loudspeaker reverberation can inject speech into motion sensor readings, leading to speech eavesdropping.

Manufacturing 143

Manufacturing Privacy IT Paper 143

KnowBe4

DECEMBER 27, 2022

Impersonating Facebook using its own platform against them, a new phishing attack takes advantage of victim’s inability to distinguish legitimate from illegitimate.

Phishing 131

Phishing Security IT 131

Data Breach Today

DECEMBER 30, 2022

Website Remains Down Following Christmas Day Attack One of Europe's busiest ports is added to the list of LockBit ransomware victims. The hacking group targeted Portugal's Port of Lisbon on Christmas day, giving the facility a deadline of Jan.18 to pay a ransom of $1.5 million in exchange for their data deletion.

Ransomware 147

Ransomware 147

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Cloud

Dark Reading

DECEMBER 29, 2022

Attackers are harvesting credentials from compromised systems. Here's how some commonly used tools can enable this.

Encryption 130

Encryption 130

Schneier on Security

DECEMBER 27, 2022

This is one way of ensuring that IT keeps up with patches : Albanian prosecutors on Wednesday asked for the house arrest of five public employees they blame for not protecting the country from a cyberattack by alleged Iranian hackers. Prosecutors said the five IT officials of the public administration department had failed to check the security of the system and update it with the most recent antivirus software.

IT 26

IT Security 26

KnowBe4

DECEMBER 28, 2022

By Roger A. Grimes. KnowBe4 recommends that everyone use a password manager to create and use strong passwords as a part of their password policy [link].

Phishing 128

Phishing Passwords 128

Data Breach Today

DECEMBER 30, 2022

Agency Says It Has Temporary 'Exclusive Control' of Assets for Safe Custody The Bahamas Securities Commission seized digital assets worth $3.5 billion from local firm FTX Digital Markets. The regulator says the funds were at risk of "imminent dissipation" due to hack attacks, and will temporarily remain under its exclusive control, stored in secure digital wallets.

Marketing 147

Marketing Risk Security IT 147

Advertisement

Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?

Dark Reading

DECEMBER 30, 2022

The effectiveness of attacks largely depends on organizations' distributed denial-of-service defenses.

123

123

Schneier on Security

DECEMBER 28, 2022

An enterprising individual made fake parking tickets with a QR code for easy payment.

117

117

KnowBe4

DECEMBER 27, 2022

QBot malware phishing campaigns have adopted a new distribution method using SVG files to perform HTML smuggling that locally creates a malicious installer for Windows.

Phishing 123

Phishing 123

Data Breach Today

DECEMBER 29, 2022

Global Cyber Alliance CEO Philip Reitinger Shares Updates, Challenges Global Cyber Alliance CEO Philip Reitinger shares updates on the alliance's Internet Integrity and Capacity & Resilience programs, which tackle key challenges of internet infrastructure, privacy and safety. Success is measured by the number of partners and "who is using the platform," he says.

Government 147

Government Privacy 147

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

IT

Dark Reading

DECEMBER 27, 2022

The unfettered collaboration of the GitHub model creates a security headache. Follow these seven principles to help relieve the pain.

Security 115

Security IT 115

Schneier on Security

DECEMBER 26, 2022

Last August, LastPass reported a security breach, saying that no customer information—or passwords—were compromised. Turns out the full story is worse : While no customer data was accessed during the August 2022 incident, some source code and technical information were stolen from our development environment and used to target another employee, obtaining credentials and keys which were used to access and decrypt some storage volumes within the cloud-based storage service. […].

Passwords 117

Passwords Encryption Cloud Metadata 117

KnowBe4

DECEMBER 29, 2022

New data focused on cyberattacks in the second half of the year-to-date shows phishing taking the overwhelming lead as the initial attack vector of choice.

Phishing 116

Phishing 116

Data Breach Today

DECEMBER 26, 2022

Effective testing of incident response plans continues to be a major weakness for many healthcare sector entities, especially those facing ransomware and other disruptive incidents, says Van Steel, a partner at consultancy LBMC Information Security.

Ransomware 147

Ransomware Information Security Security 147

Speaker: Anindo Banerjea, CTO at Civio & Tony Karrer, CTO at Aggregage

When developing a Gen AI application, one of the most significant challenges is improving accuracy. This can be especially difficult when working with a large data corpus, and as the complexity of the task increases. The number of use cases/corner cases that the system is expected to handle essentially explodes. 💥 Anindo Banerjea is here to showcase his significant experience building AI/ML SaaS applications as he walks us through the current problems his company, Civio, is solving.

Dark Reading

DECEMBER 28, 2022

According to the FBI and Internet Crime Complaint Center, 25% of ransomware complaints involve healthcare providers.

Ransomware 114

Ransomware 114

Troy Hunt

DECEMBER 30, 2022

We made it! That's 2022 done and dusted, and what a year it was, both professionally and personally. It feels great to get to the end of the year with all the proverbial ducks lined up, some massive achievements now behind us (not least of which was the wedding), and a clean slate coming into 2023 to do amazing things. I'm super excited about next year and can't wait to share a whole bunch of new stuff over the coming 52 Fridays.

Passwords 103

Passwords IT Security 103

KnowBe4

DECEMBER 30, 2022

Analysis of the year’s breaches shows Finance and Insurance businesses are the most targeted and have lost a material count of records as a result.

Insurance 111

Insurance Data breaches Security awareness Security 111

Data Breach Today

DECEMBER 25, 2022

Regulatory Pressure over Security, Privacy Mounts on Beleaguered Social Media Firm A member of a criminal data breach forum says he's selling email addresses and phone numbers of 400 million Twitter users. If verified, the data breach would be a further blow to Twitter and its beleaguered chief executive as regulators increase pressure over the firm's security practices.

Data breaches 147

Data breaches Privacy Security IT 147

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Cloud

Dark Reading

DECEMBER 30, 2022

Dark Reading's panel of security experts deliver a magnum of bubbly hot takes on what 2023 will look like, featuring evil AIs, WWIII, wild workplace soon-to-be-norms, and more.

Cybersecurity 109

Cybersecurity Security 109

WIRED Threat Level

DECEMBER 28, 2022

The Kremlin’s aggression in Ukraine is following a dangerous playbook that began to unfold years ago.

Security 101

Security 101

KnowBe4

DECEMBER 28, 2022

Dec. 27, 2022, The Ohio Supreme Court ruled in favor of an insurance company, determining that its contract to cover any direct physical loss or damage to property did not encompass ransom payments made when a hacker illegally gained access to medical billing software company EMOIs systems and data.

Insurance 110

Insurance Ransomware Access IT 110