security.didici.cc

RSA 2022: Omdia Research Take Aways

ago

The RSA conference in San Francisco always feels like drinking from a fire hose but especially this year at the first in-person RSA since the pandemic began.

Trio accused of selling $88m of pirated Avaya licenses

2 hours ago

Rogue insider generated keys, resold them to blow the cash on gold, crypto, and more, prosecutors say Three people accused of selling pirate software licenses worth more than $88 million have been charged with fraud.…

Uber ex-security chief must face fraud charges

4 hours ago

Accused of hacking cover up.

Crypto crash threatens North Korea's stolen funds

4 hours ago

Hackers' plunder drops substantially in value.

Walmart accused of turning blind eye to transfer fraud totaling millions of dollars

5 hours ago

Store giant brands watchdog's lawsuit 'factually misguided, legally flawed' The FTC has sued Walmart, claiming it turned a blind eye to fraudsters using its money transfer services to con folks out of "hundreds of millions of dollars."…

Facebook Business Pages Targeted via Chatbot in Data-Harvesting Campaign

9 hours ago

The clever, interactive phishing campaign is a sign of increasingly complex social-engineering attacks, researchers warn.

Mastercard passes first of three Australian TDIF accreditations

9 hours ago

Can act as digital ID exchange.

The Good Guys pauses facial recognition trial

9 hours ago

Over privacy complaint.

Google Analytics Continues to Lose SEO Visibility as Bans Continue

10 hours ago

Google Analytics has been found to be in violation of GDPR privacy laws by Italy — the third country to ban it.

'Raccoon Stealer' Scurries Back on the Scene After Hiatus

10 hours ago

Researchers this week said they had observed criminals using a new and improved version of the prolific malware, barely three months after its authors announced they were quitting.

China-Backed APT Pwns Building-Automation Systems with ProxyLogon

11 hours ago

The previously unknown state-sponsored group is compromising industrial targets with the ShadowPad malware before burrowing deeper into networks.

Atlassian Confluence Exploits Peak at 100K Daily

12 hours ago

Swarms of breach attempts against the Atlassian Confluence vulnerability are likely to continue for years, researchers say, averaging 20,000 attempts daily as of this week.

Can Zero-Knowledge Crypto Solve Our Password Problems?

12 hours ago

Creating temporary keys that are not stored in central repositories and time out automatically could improve security for even small businesses.

A WAF Is Not a Free Lunch: Teaching the Shift-Left Security Mindset

13 hours ago

Developers need to think like WAF operators for security. Start with secure coding and think of Web application firewalls not as a prophylactic but as part of the secure coding test process.

Ransomware Volume Nearly Doubles 2021 Totals in a Single Quarter

14 hours ago

Like a hydra, every time one ransomware gang drops out (REvil or Conti), plenty more step up to fill the void (Black Basta).

Customized malware coded to target OT systems

16 hours ago

Protection starts with having the right network design, says Rockwell Automation Sponsored Feature  Malware targeting operational technology (OT) and industrial controls systems (ICS) doesn't come along very often. But when it does, it's worth paying clo ...

AMD targeted by RansomHouse, cybercrims claim to have '450Gb' in stolen data

16 hours ago

Relatively cybercrime newbies not clear on whether it's alleging to have gigabits or gigabytes of chip biz's data If claims hold true, AMD has been targeted by the extortion group RansomHouse, which says it is sitting on a trove of data stolen from the pr ...

Dragonbridge influencers targets rare earth miners, encourages protests to disrupt production

16 hours ago

Researchers say that China has 'crossed the line' again with the new online campaign.

How to Find New Attack Primitives in Microsoft Azure

16 hours ago

Abuse primitives have a longer shelf life than bugs and zero-days and are cheaper to maintain. They're also much harder for defenders to detect and block.

Codenotary introduces Software Bill of Materials service for Kubernetes

16 hours ago

Codenotary's new service enables you to monitor what's running in your Kubernetes-managed container clusters -- vital knowledge for security.

Have you modelled the attack paths into your organization? Because an attacker already has

17 hours ago

Join this webinar to find out how to block them Webinar  What does your tech infrastructure look like to the outside world? You might think it looks like an impenetrable fortress or a black box. You're probably wrong.…

Top Six Security Bad Habits, and How to Break Them

17 hours ago

Shrav Mehta, CEO, Secureframe, outlines the top six bad habits security teams need to break to prevent costly breaches, ransomware attacks and prevent phishing-based endpoint attacks.

New Vulnerability Database Catalogs Cloud Security Issues

17 hours ago

Researchers have created a new community website for reporting and tracking security issues in cloud platforms and services — plus fixes for them where available.

Mitel VoIP Bug Exploited in Ransomware Attacks

17 hours ago

Researchers warn threat actors are using a novel remote code execution exploit to gain initial access to victim’s environments.

‘Killnet’ Adversary Pummels Lithuania with DDoS Attacks Over Blockade

18 hours ago

Cyber collective Killnet claims it won’t let up until the Baltic country opens trade routes to and from the Russian exclave of Kaliningrad.

Ransomware attacks are the biggest global cyber threat and still evolving, warns cybersecurity chief

18 hours ago

Ransomware attacks 'strike hard and fast', warns NCSC chief.

Log4Shell Vulnerability Targeted in VMware Servers to Exfiltrate Data

18 hours ago

CISA warns that threat actors are ramping up attacks against unpatched Log4Shell vulnerability in VMware servers.

When Security Locks You Out of Everything

19 hours ago

Thought experiment story of someone of someone who lost everything in a house fire, and now can’t log into anything: But to get into my cloud, I need my password and 2FA. And even if I could convince the cloud provider to bypass that and let me in, the ...

How can I improve my Windows laptop's battery life? [Ask ZDNet]

19 hours ago

Got a tech question? Ed Bott and ZDNet's squad of editors and experts probably have the answer.

Tencent admits to poisoned QR code attack on QQ chat platform

1 day ago

Could it be Beijing was right about games being bad for China? Chinese web giant Tencent has admitted to a significant account hijack attack on its QQ.com messaging and social media platform.…

Carnival Cruises torpedoed by US states, agrees to pay $6m after waves of cyber attacks

1 day ago

Now those are some phishing boats Carnival Cruise Lines will cough up more than $6 million to end two separate lawsuits filed by 46 states in the US after sensitive personal information on customers and employees was accessed in a string of cyber attacks. ...

India extends deadline for compliance with infosec logging rules by 90 days

1 day ago

Helpfully announced extension on deadline day India's Ministry of Electronics and Information Technology (MeitY) and the local Computer Emergency Response Team (CERT-In) have extended the deadline for compliance with the Cyber Security Directions introduc ...

Collins Foods puts IT focus on security controls, cloud services

1 day ago

Creates three-year strategy to improve control 'maturity'.

OpenSSL subject to remote memory corruption

1 day ago

Researcher discovery sparks vulnerability controversy.

Origin Energy goes public with bug bounty program

1 day ago

Bugcrowd now open to all.

NIST Finalizes macOS Security Guidance

1 day ago

NIST SP800-219 introduces the macOS Security Compliance Project (mSCP) to assist organizations with creating security baselines and defining controls to protect macOS endpoints.

OpenSSL 3.0.5 awaits release to fix potential worse-than-Heartbleed flaw

1 day ago

Though severity up for debate, and limited chips affected, broken tests hold back previous patch from distribution The latest version of OpenSSL v3, a widely used open-source library for secure networking using the Transport Layer Security (TLS) protocol, ...

LGBTQ+ folks warned of dating app extortion scams

1 day ago

Uncle Sam tells of crooks exploiting Pride Month The FTC is warning members of the LGBTQ+ community about online extortion via dating apps such as Grindr and Feeld.…

Federal, State Agencies' Aid Programs Face Synthetic Identity Fraud

1 day ago

Balancing public service with fraud prevention requires rule revisions and public trust.

LockBit 3.0 Debuts with Ransomware Bug Bounty Program

1 day ago

LockBit 3.0 promises to 'Make Ransomware Great Again!' with a side of cybercrime crowdsourcing.

Australian retailers named in facial recognition complaint

1 day ago

Retailers dispute 'characterisation�
39; of technology.

Shadow IT Spurs 1 in 3 Cyberattacks

1 day ago

Cerby platform emerges from stealth mode to let users automate security for applications outside of the standard IT purview.

Best cybersecurity schools and programs

1 day ago

Explore the best cybersecurity schools and programs that outrank the competition with acceptance rates, graduation rate performance, and graduation and retention rates.

Thrive Acquires DSM

1 day ago

DSM is now the third acquisition by Thrive in Florida in the past six months.

It's a Race to Secure the Software Supply Chain — Have You Already Stumbled?

1 day ago

If you haven't properly addressed the issue, you're already behind. But even if you've had a false start, it's never too late to get back up.

Hacking gets dangerously real: 8 cybersecurity predictions to watch out for

1 day ago

Zero trust troubles and more ransomware regulation also make tech analyst Gartner's list of factors you need to plan for.

2022 Workshop on Economics and Information Security (WEIS)

1 day ago

I did not attend WEIS this year, but Ross Anderson was there and liveblogged all the talks.

Contractor loses entire Japanese city's personal data in USB fail

1 day ago

Also, Chrome add-ons are great for fingerprinting, and hacked hot tubs splurge details In brief  A Japanese contractor working in the city of Amagasaki, near Osaka, reportedly mislaid a USB drive containing personal data on the metropolis's 460,000 resid ...

Beijing probes security at academic journal database

2 days ago

It's easy to see why – the question is, why now? China's internet regulator has launched an investigation into the security regime protecting academic journal database China National Knowledge Infrastructure (CNKI), citing national security concerns.…

Carnival fined US$5m for cyber security violations

2 days ago

Exposed substantial amounts of sensitive customer data.

Singapore promises 'brutal and unrelentingly hard' action on dodgy crypto players

2 days ago

But welcomes fast cross-border payments in central bank digital currencies In the same week that it welcomed the launch of a local center of excellence focused on crypto-inspired central bank digital currencies, Singapore's Monetary Authority (MAS) has wa ...

Study for certified cybersecurity expert exams with this $49 training

2 days ago

Start your training here for a career in penetration testing and "white hat" hacking.

Launch a cybersecurity career with this $39 boot camp on risk management

2 days ago

These tutorials cover NIST and all the best practices for government cybersecurity.

The top of the whale

4 days ago

Posted by Dave Aitel via Dailydave on Jun 24People think that finding vulnerabilities is about finding holes in code. But at some level it's not really about that. It's about understanding that the code itself is a hole in the swirling chaos of the world ...

Threat Intelligence Services Are Universally Valued by IT Staff

4 days ago

Most of those surveyed are concerned about AI-based attacks and deepfakes, but suggest that their organization is ready.

More than $100m in cryptocurrency stolen from blockchain biz

4 days ago

'A humbling and unfortunate reminder' that monsters lurk under bridges Blockchain venture Harmony offers bridge services for transferring crypto coins across different blockchains, but something has gone badly wrong.…

Why We're Getting Vulnerability Management Wrong

4 days ago

Security is wasting time and resources patching low or no risk bugs. In this post, we examine why security practitioners need to rethink vulnerability management.

Friday Squid Blogging: Squid Cubes

4 days ago

Researchers thaw squid frozen into a cube and often make interesting discoveries. (Okay, this is a weird story.) As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guide ...

APT Groups Swarming on VMware Servers with Log4Shell

4 days ago

CISA tells organizations running VMware servers without Log4Shell mitigations to assume compromise.

Only 3% of Open Source Software Bugs Are Actually Attackable, Researchers Say

4 days ago

A new study says 97% of open source vulnerabilities linked to software supply chain risks are not attackable — but is "attackability" the best method for prioritizing bugs?

US watchdog is worried cyber insurance won't cover 'catastrophic cyberattacks'

4 days ago

The US government's cyber insurance only covers certain events and maybe not ones that could destroy IT systems.

7 Steps to Stronger SaaS Security

4 days ago

Continuous monitoring is key to keeping up with software-as-a-service changes, but that's not all you'll need to get better visibility into your SaaS security.

Google details commercial spyware that targets both Android and iOS devices

4 days ago

Hermit highlights a wider issue concerning our privacy and freedom.

The Cybersecurity Talent Shortage Is a Myth

4 days ago

We have a tech innovation problem, not a staff retention (or recruitment) problem.

Scalper bots are snapping up appointments for government services in Israel

4 days ago

Scalpers are snapping up public service appointments and selling them on.

Without Conti On The Scene, LockBit 2.0 Leads Ransomware Attacks

4 days ago

Analysts say an 18% drop in ransomware attacks seen in May is likely fleeting, as Conti actors regroup.

CISA: Hackers are still using Log4Shell to breach networks, so patch your systems

4 days ago

Patch your systems, says cybersecurity agency, because attackers are using these flaws.

On the Dangers of Cryptocurrencies and the Uselessness of Blockchain

4 days ago

Earlier this month, I and others wrote a letter to Congress, basically saying that cryptocurrencies are an complete and total disaster, and urging them to regulate the space. Nothing in that letter is out of the ordinary, and is in line with what I wrote ...

Google Warns Spyware Being Deployed Against Android, iOS Users

4 days ago

The company is warning victims in Italy and Kazakhstan that they have been targeted by the malware from Italian firm RCS Labs.

When I reset my Windows PC, I ended up with Home edition. How do I get my Pro upgrade back? [Ask ZDNet]

4 days ago

Got a tech question? Ed Bott and ZDNet's squad of editors and experts probably have the answer.

Google: How we tackled this iPhone, Android spyware

4 days ago

Watching people's every move and collecting their info – not on our watch, says web ads giant Spyware developed by Italian firm RCS Labs was used to target cellphones in Italy and Kazakhstan — in some cases with an assist from the victims' cellular ne ...

iPhone users: Google Chrome browser on iOS is getting these five new features

4 days ago

Google offers up better password management for Chrome on iOS to appeal to iPhone users who stick with Safari.

Qld gov proposes mandatory data breach reporting for agencies

4 days ago

Asks for feedback on state-based scheme.

Beijing-backed attackers use ransomware as a decoy while they conduct espionage

4 days ago

They're not lying when they say 'We stole your data' – the lie is about which data they lifted A state-sponsored Chinese threat actor has used ransomware as a distraction to help it conduct electronic espionage, according to security software vendor Sec ...

Critical Splunk bug propagates code execution

5 days ago

Patch now, because all endpoints are vulnerable.

Researchers hacked Oracle servers to demo serious vulnerability

5 days ago

The "Miracle Exploit" left unpatched for six months.

Don't remove PowerShell: US, UK and NZ security agencies

5 days ago

Powerful command line interface essential to securing Windows.

Threat actors worked with ISPs to plant malware from Italian spyware vendor

5 days ago

EU Parliamentary hears how RCS Labs tactics are used to target victims.

Chinese APT Group Likely Using Ransomware Attacks as Cover for IP Theft

5 days ago

Bronze Starlight’s use of multiple ransomware families and its victim-targeting suggest there’s more to the group’s activities than just financial gain, security vendor says.

Johnson Controls Acquires Tempered Networks to Bring Zero Trust Cybersecurity to Connected Buildings

5 days ago

Johnson Controls will roll out the Tempered Networks platform across deployments of its OpenBlue AI-enabled platform.

ShiftLeft: Focus On 'Attackability' To Better Prioritize Vulnerabilities

5 days ago

ShiftLeft's Manesh Gupta join Dark Reading's Terry Sweeney at Dark Reading News Desk during RSA Conference to talk about looking at vulnerability management through the lens of "attackability."
;

Pair of Brand-New Cybersecurity Bills Become Law

5 days ago

Bipartisan legislation allows cybersecurity experts to work across multiple agencies and provides federal support for local governments.

The Rise, Fall, and Rebirth of the Presumption of Compromise

5 days ago

The concept might make us sharp and realistic, but it's not enough on its own.

Reinventing How Farming Equipment Is Remotely Controlled and Tracked

5 days ago

Farmers are incorporating high-tech solutions like IoT and drones to address new challenges facing agriculture.

Cyberattackers Abuse QuickBooks Cloud Service in 'Double-Spear' Campaign

5 days ago

Malicious invoices coming from the accounting software's legitimate domain are used to harvest phone numbers and carry out fraudulent credit-card transactions.

$6b mega contract electronics vendor Sanmina jumps into zero trust

5 days ago

The Fortune 500 electronics manufacturer was an early adopter of Google Cloud, which led to a search for a new security architecture Matt Ramberg is the vice president of information security at Sanmina, a sprawling electronics manufacturer with close to ...

Palo Alto Networks Bolsters Its Cloud Native Security Offerings With Out-of-Band WAAS

5 days ago

Latest Prisma Cloud platform updates help organizations continuously monitor and secure web applications with maximum flexibility.

How APTs Are Achieving Persistence Through IoT, OT, and Network Devices

5 days ago

To prevent these attacks, businesses must have complete visibility into, and access and management over, disparate devices.

CISA warns over software flaws in industrial control systems

5 days ago

Weaknesses in operational technology systems need to be addressed.

These hackers are spreading ransomware as a distraction - to hide their cyber spying

5 days ago

Five ransomware strains have been linked to Bronze Starlight activities.

80% of Legacy MSSP Users Planning MDR Upgrade

5 days ago

False positives and staff shortages are inspiring a massive managed detection and response (MDR) services migration, research finds.

Fancy Bear Uses Nuke Threat Lure to Exploit 1-Click Bug

5 days ago

The APT is pairing a known Microsoft flaw with a malicious document to load malware that nabs credentials from Chrome, Firefox and Edge browsers.

MetaMask Crypto-Wallet Theft Skates Past Microsoft 365 Security

5 days ago

The credential-phishing attack leverages social engineering and brand impersonation techniques to lead users to a spoofed MetaMask verification page.

On the Subversion of NIST by the NSA

5 days ago

Nadiya Kostyuk and Susan Landau wrote an interesting paper: “Dueling Over DUAL_EC_DRBG: The Consequences of Corrupting a Cryptographic Standardization Process“: Abstract: In recent decades, the U.S. National Institute of Standards and Technology (NIST ...

NSA, CISA say: Don't block PowerShell, here's what to do instead

5 days ago

PowerShell is often abused by attackers but defenders should not switch off the Windows command-line tool, warn cybersecurity agencies.

Your email is a major source of security risks and it's getting worse

5 days ago

Criminals still like using email to phish credentials but ransomware delivered by email has tapered off.

Halfords suffers a puncture in the customer details department

5 days ago

I like driving in my car, hope my data's not gone far UK automobile service and parts seller Halfords has shared the details of its customers a little too freely, according to the findings of a security researcher.…

Don't ditch PowerShell to improve security, say infosec agencies from UK, US, and NZ

5 days ago

Use it sensibly instead – which means turning on the useful bits Microsoft doesn't enable by default Windows PowerShell is enormously useful, extremely prevalent, and often targeted by crooks because it offers an express route into the heart of Windows ...

Europol arrests nine suspected of stealing 'several million' euros via phishing

5 days ago

Victims lured into handing over online banking logins, police say Europol cops have arrested nine suspected members of a cybercrime ring involved in phishing, internet scams, and money laundering.…

Organizations Battling Phishing Malware, Viruses the Most

6 days ago

Organizations may not encounter malware targeting cloud systems or networking equipment frequently, but the array of malware they encounter just occasionally are no less disruptive or damaging. That is where the focus needs to be.

Mega's unbreakable encryption proves to be anything but

6 days ago

Boffins devise five attacks to expose private files Mega, the New Zealand-based file-sharing biz co-founded a decade ago by Kim Dotcom, promotes its "privacy by design" and user-controlled encryption keys to claim that data stored on Mega's servers can on ...

Microsoft 365 Users in US Face Raging Spate of Attacks

6 days ago

A voicemail-themed phishing campaign is hitting specific industry verticals across the country, bent on scavenging credentials that can be used for a range of nefarious purposes.

Synopsys Completes Acquisition of WhiteHat Security

6 days ago

Addition of WhiteHat Security provides Synopsys with SaaS capabilities and dynamic application security testing (DAST) technology.

Cisco warns of security holes in its security appliances

6 days ago

Bugs potentially useful for rogue insiders, admin account hijackers Cisco has alerted customers to four vulnerabilities in its products, including a high-severity flaw in its email and web security appliances. …

Aqua Security Collaborates With Center for Internet Security to Create Guide for Software Supply Chain Security

6 days ago

In addition, Aqua Security unveiled a new open source tool, Chain-Bench, for auditing the software supply chain to ensure compliance with the new CIS guidelines.

Neustar Security Services Launches Public UltraDNS Health Check Site

6 days ago

Open service generates free report detailing potential gaps in compliance, configuration, and security for a user’s multiple domain names.

What, exactly, is cybersecurity? And why does it matter?

6 days ago

Cyberattacks steal data and cause millions in economic costs. Learn what cybersecurity professionals do and how to protect your data with our guide.

Russia's APT28 Launches Nuke-Themed Follina Exploit Campaign

6 days ago

Researchers have spotted the threat group, also known as Fancy Bear and Sofacy, using the Windows MSDT vulnerability to distribute information stealers to users in Ukraine.

Blind trust in open source security is hurting us: Report

6 days ago

The Linux Foundation and Snyk's report, The State of Open Source Security, finds open source security faces hard challenges even as it becomes more popular than ever.

Fresh Magecart Skimmer Attack Infrastructure Flagged by Analysts

6 days ago

Don't sleep on Magecart attacks, which security teams could miss by relying solely on automated crawlers and sandboxes, experts warn.

Israeli air raid sirens triggered in possible cyberattack

6 days ago

Source remains unclear, plenty suspect Iran Air raid sirens sounded for over an hour in parts of Jerusalem and southern Israel on Sunday evening – but bombs never fell, leading some to blame Iran for compromising the alarms. …

Getting a Better Handle on Identity Management in the Cloud

6 days ago

Treat identity management as a first-priority problem, not something to figure out later while you get your business up and running in the cloud.

Tanium Partners With ScreenMeet to Enable Employees to Securely Connect to Their Remote Desktops

6 days ago

partnership lets users access one-click ScreenMeet sessions from the Tanium platform.

Zscaler and AWS Expand Relationship

6 days ago

Zscaler also announced innovations built on Zscaler’s Zero Trust architecture and AWS.

Zscaler Launches Posture Control Solution

6 days ago

Enables DevOps and security teams to prioritize and remediate risks in cloud-native applications earlier in the development life cycle.

Zscaler Adds New AI/ML Capabilities for the Zscaler Zero Trust Exchange

6 days ago

Organizations can strengthen their network defense with a number of intelligent security innovations.

Evolving Beyond the Password: Vanquishing the Password

6 days ago

Using WebAuthn, physical keys, and biometrics, organizations can adopt more advanced passwordless MFA and true passwordless systems. (Part 2 of 2)

The Risk of Multichannel Phishing Is on the Horizon

6 days ago

The cybersecurity community is buzzing with concerns of multichannel phishing attacks, particularly on smishing and business text compromise, as hackers turn to mobile to launch attacks.

Ukrainian organizations warned of hacking attempts using CredoMap malware, Cobalt Strike beacons

6 days ago

Russian hackers continue their attempts to break into the systems of Ukrainian organisations, this time with phishing and fake emails.

GitHub's MFA Plans Should Spur Rest of Industry to Raise the Bar

6 days ago

We as industry leaders should be building on what individual platforms like GitHub are doing in two critical ways: demanding third parties improve security and creating more interoperable architectures.

80% of Firms Suffered Identity-Related Breaches in Last 12 Months

6 days ago

With almost every business experiencing growth in human and machine identities, firms have made securing those identities a priority.

DARPA study challenges assumptions about distributed ledger (and Bitcoin) security

6 days ago

Blockchain not as decentralised as many assume, finds Pentagon sponsored research US government sponsored research is casting new light on the security of blockchain technology, including the assertion that a subset of a distributed ledger's participants ...

Gamification of Ethical Hacking and Hacking Esports

6 days ago

Joseph Carson, Chief Security Scientist and Advisory CISO at Delinea, explores why gamified platforms and hacking esports are the future.