Trending Articles

The Internet is Held Together With Spit & Baling Wire

Krebs on Security

A visualization of the Internet made using network routing data. Image: Barrett Lyon, opte.org. Imagine being able to disconnect or redirect Internet traffic destined for some of the world’s biggest companies — just by spoofing an email.

GUEST ESSAY: The shock waves of mental illness have begun exacerbating cybersecurity exposures

The Last Watchdog

Mental health at work is undergoing a rapid transformation. Even before the COVID-19 pandemic, which has caused an increase in feelings of loneliness and isolation, workers’ mental health was under pressure. Related: Capital One hacker demonstrated ‘erratic behavior’ According to a recent workforce health survey, 40% of workers experienced mental health issues this past year , double the year before.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

GUEST ESSAY: Until we eliminate passwords, follow these 4 sure steps to password hygiene

The Last Watchdog

More Americans than ever are working remotely and seeking out entertainment online, and this increase of internet activity has fueled a dramatic spike in cybercrime. With so much critical data now stored in the cloud, how can people protect their accounts? Related: Training human sensors. Until biometrics or a quantum solution change our everyday approach to encryption, passwords remain our first line of defense against data breaches, hackers, and thieves.

Exclusive: Resecurity discovered 0-day vulnerability in TP-Link Wi-Fi 6 devices

Security Affairs

Resecurity researchers found a zero-day vulnerability in the TP-Link enterprise device with model number TL-XVR1800L.

Migrating Oracle to PostgreSQL

Considering migrating away from Oracle? Learn why PostgreSQL is the right move.

How Threat Actors Get Into OT Systems

Dark Reading

The convergence and integration of OT and IT has resulted in a growing number of cyber-risks for critical infrastructure. Here are some of the ways attackers are targeting operational technology systems

Risk 114

More Trending

Arrest in ‘Ransom Your Employer’ Email Scheme

Krebs on Security

In August, KrebsOnSecurity warned that scammers were contacting people and asking them to unleash ransomware inside their employer’s network, in exchange for a percentage of any ransom amount paid by the victim company.

IKEA hit by a cyber attack that uses stolen internal reply-chain emails

Security Affairs

Threat actors are targeting IKEA employees in an internal phishing campaign leveraging stolen reply-chain emails. According to BleepingComputer, threat actors are targeting IKEA employees in phishing attacks using stolen reply-chain emails.

When Will Security Frameworks Catch Up With the New Cybersecurity Normal?

Dark Reading

Standards need to reflect that most endpoints will be remote and/or wireless

Devious ‘Tardigrade’ Malware Hits Biomanufacturing Facilities

WIRED Threat Level

The surprisingly sophisticated attack is “actively spreading” throughout the industry. Security Security / Cyberattacks and Hacks

The Modern Software Checklist: The Secret to Understanding Your Data Security Needs

Understanding your data security needs is tough enough, but what can be even more difficult is choosing the right software to fit your company. This checklist will help you evaluate the scope of services offered by various encryption solutions on the market.

“Crypto” Means “Cryptography,” not “Cryptocurrency”

Schneier on Security

I have long been annoyed that the word “crypto” has been co-opted by the blockchain people, and no longer refers to “cryptography.” ” I’m not the only one

Top 5 Cloud security challenges, risks and threats

IT Governance

Cloud services are an integral part of modern business. They provide a cost-effective way to store data; and with the rise in hybrid workforces, they deliver a reliable way for employees to access information remotely.

Risk 87

Threat actors target crypto and NFT communities with Babadeda crypter

Security Affairs

Morphisec researchers spread cryptocurrency malware dubbed Babadeda in attacks aimed at crypto and NFT communities. Morphisec researchers spotted a new crypto-malware strain, tracked as Babadeda, targeting cryptocurrency, non-fungible token (NFT), and DeFi passionates through Discord channels.

Mining 112

Holiday Scams Drive SMS Phishing Attacks

Dark Reading

Attackers typically target consumers with malicious text messages containing obfuscated links, but experts say businesses are threatened as well

The Importance of PCI Compliance and Data Ownership When Issuing Payment Cards

This eBook provides a practical explanation of the different PCI compliance approaches that payment card issuers can adopt, as well as the importance of both protecting user PII and gaining ownership and portability of their sensitive data.

What Is a Watering Hole Attack?

WIRED Threat Level

It's a technique that can hit thousands of victims—through no fault of their own. Security Security / Security News

IT 81

Proposed UK Law Bans Default Passwords

Schneier on Security

Following California’s lead, a new UK law would ban default passwords in IoT devices

IoT 88

HONG KONG: New anti-doxxing provisions now in force

DLA Piper Privacy Matters

With the coming into effect of the Personal Data (Privacy) (Amendment) Ordinance 2021 (“ Amendment Ordinance ”) on 8 October 2021, a new anti-doxxing law is now in force in Hong Kong. The below sets out a summary of the key aspects of the anti-doxxing law: New offences of doxxing; new penalties.

New Linux CronRAT hides in cron jobs to evade detection in Magecart attacks

Security Affairs

Security researchers discovered a new Linux RAT, tracked as CronRAT, that hides in scheduled cron jobs to avoid detection.

Make Payment Optimization a Part of Your Core Payment Strategy

Everything you need to know about payment optimization – an easy-to-integrate, PCI-compliant solution that enables companies to take control of their PSPs, minimize processing costs, maximize approval rates, and keep control over their payments data.

How Sun Tzu's Wisdom Can Rewrite the Rules of Cybersecurity

Dark Reading

The ancient Chinese military strategist Sun Tzu would agree: The best defense is to avoid an attack in the first place

The Pentagon Has Set Up a UFO Office

WIRED Threat Level

Plus: An Apple lawsuit, a GoDaddy breach, and more of the week's top security news. Security Security / Security News

Apple Sues NSO Group

Schneier on Security

Piling more on NSO Group’s legal troubles, Apple is suing it : The complaint provides new information on how NSO Group infected victims’ devices with its Pegasus spyware.

IT 87

Federal Bank Regulators Require Notifications For Material Cybersecurity Incidents

Data Matters

On November 18, 2021, a group of federal bank regulators announced a final rule requiring banks to notify their primary federal regulator of any “significant computer-security incidents.”

Open Source is Quickly—and Rightfully— Becoming Enterprise’s First Choice

Open source is not just a community, it’s a movement. And while its popularity has, of course, existed for decades, its accelerating growth in today’s enterprise is unmistakable. Find out why enterprises are going all-in on their open source strategy.

FBI warns of crooks targeting online shoppers during the holiday season

Security Affairs

The Federal Bureau of Investigation (FBI) warns of cybercriminals targeting online shoppers during the holiday season. The FBI warns of cyber criminals targeting online shoppers during the holiday season.

Retail 112

10 Stocking Stuffers for Security Geeks

Dark Reading

Check out our list of gifts with a big impact for hackers and other techie security professionals

Amazon wages secret war on Americans’ privacy, documents show via Reuters

IG Guru

Amazon launched a “watering the flowers” program to cultivate a “well-tended garden” of VIPs (Very Important Policymakers) through carefully tracked political donations, meetings and Amazon site tours.

GoDaddy Breach Widens to Include Reseller Subsidiaries

Threatpost

Customers of several brands that resell GoDaddy Managed WordPress have also been caught up in the big breach, in which millions of emails, passwords and more were stolen. Breach Hacks Privacy Web Security

Cassandra Data Modeling Guide to Best Practices

Are you a developer, database architect, or database administrator that's new to Cassandra but have been tasked with developing a Cassandra schema design? Learn the basic rules to keep in mind when designing your schema for Cassandra.

MITRE Expands Security Testing to Services, Deception Tools & More

eSecurity Planet

MITRE is moving beyond its well-regarded endpoint security evaluations and will soon be testing other security services and products.

Android.Cynos.7.origin trojan infected +9 million Android devices

Security Affairs

Researchers spotted dozens of games on Huawei’s AppGallery catalog containing the Android.Cynos.7.origin trojan. Researchers from Dr. Web AV discovered 190 games on Huawei’s AppGallery catalog (i.e.

Bug Bounties Surge as Firms Compete for Talent

Dark Reading

Companies such as GItLab, which today increased its payment for critical bugs by 75%, are raising bounties and bonuses to attract top-notch researchers

IT 109