February, 2022

7 Steps to Take Right Now to Prepare for Cyberattacks by Russia

Dark Reading

A lot of the recommended preparation involves measures organizations should have in place already

114
114

How Phishers Are Slinking Their Links Into LinkedIn

Krebs on Security

If you received a link to LinkedIn.com via email, SMS or instant message, would you click it?

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

GUEST ESSAY: 5 steps all SMBs should take to minimize IAM exposures in the current enviroment

The Last Watchdog

Which topics should CEOs, CIOs and CISOs have on their radar when it comes to Identity and Access Management ( IAM ) and cyber security risks in 2022? Related: How IAM authenticates users. Here are a few important issues that relate to the changes in today’s working environment. Reduce manual processes. Automation can help get rid of manual processes. Every company has a certain employee turnaround, and how they handle it can directly affect their bottom line.

North Korea Hacked Him. So He Took Down Its Internet

WIRED Threat Level

Disappointed with the lack of US response to the Hermit Kingdom's attacks against US security researchers, one hacker took matters into his own hands. Security Security / Cyberattacks and Hacks

IT 114

The Top 5 Business Outcomes Companies Can Achieve From Monitoring Consolidation

In this eBook, learn what the top five business outcomes are that organizations see when leveraging Datadog's end-to-end monitoring tool.

Anonymous hit Russian Nuclear Institute and leak stolen data

Security Affairs

Anonymous and other hacker groups that responded to the call to war against Russia continue to launch cyberattacks on gov organizations and businesses.

More Trending

Ukrainian Troops Targeted in Phishing Attacks by Suspected Belarusian APT

Dark Reading

Ukraine's Computer Emergency Response Team calls out UNIC1151 nation-state hacking group out of Belarus as behind the attacks

Report: Missouri Governor’s Office Responsible for Teacher Data Leak

Krebs on Security

Missouri Governor Mike Parson made headlines last year when he vowed to criminally prosecute a journalist for reporting a security flaw in a state website that exposed personal information of more than 100,000 teachers.

GUEST ESSAY – A primer on ‘WAAP’ – an approach to securing APIs at the web app layer

The Last Watchdog

One could make the argument that Application Programming Interfaces — APIs – are a vital cornerstone of digital transformation. Related: How a dynamic WAF can help protect SMBs. APIs interconnect the underlying components of modern digital services in a very flexible, open way. This has resulted in astounding innovations in cloud services, mobile computing, IoT systems and agile software development.

IoT 195

The DOJ’s $3.6B Seizure Shows How Hard It Is to Launder Crypto

WIRED Threat Level

A couple allegedly used a “laundry list” of technical measures to cover their tracks. They didn’t work. Security Security / Security News

IT 114

Modernizing Workloads with the Cloud: How to Improve Performance & Reduce Costs

In this eBook, you’ll learn how to migrate workloads to Azure and optimize performance for your serverless and containerized applications in Azure.

Threat actors leverage Microsoft Teams to spread malware

Security Affairs

Attackers compromise Microsoft Teams accounts to attach malicious executables to chat and spread them to participants in the conversation. While the popularity of Microsoft Teams continues to grow, with roughly 270 million monthly active users , threat actors started using it as an attack vector.

Breaking 256-bit Elliptic Curve Encryption with a Quantum Computer

Schneier on Security

Researchers have calculated the quantum computer size necessary to break 256-bit elliptic curve public-key cryptography: Finally, we calculate the number of physical qubits required to break the 256-bit elliptic curve encryption of keys in the Bitcoin network within the small available time frame in which it would actually pose a threat to do so.

Could Biology Hold the Clue to Better Cybersecurity?

Dark Reading

Sophisticated malware attacks underscore the need for a more dynamic security framework, inspired by biological concepts

Russia Sanctions May Spark Escalating Cyber Conflict

Krebs on Security

President Biden joined European leaders this week in enacting economic sanctions against Russia in response to its invasion of Ukraine.

Prioritizing Customer Experience Using SLIs & SLOs: A Case Study from The Telegraph

Service Level Indicators (SLIs) and Service Level Objectives (SLOs) are a key pillar of Site Reliability Engineering (SRE) and are the principal tool for eliminating needless alerts and focusing on what really matters to the business.

GUEST ESSAY: The case for shifting to ‘personal authentication’ as the future of identity

The Last Watchdog

I currently have over 450 accounts that use passwords combined with a variety of two-factor authentication methods. Related: How the Fido Alliance enables password-less authentication. I don’t know every password; indeed, each password is long, complex and unique. In effect, my passwords are now “keys” — and I must authenticate across many accounts, multiple times per day, on a variety of device platforms.

DDoS Attempts Hit Russia as Ukraine Conflict Intensifies

WIRED Threat Level

Plus: Hacker recruits, NFT thefts, and more of the week’s top security news. Security Security / Security News

Anonymous hacked the Russian Defense Ministry and is targeting Russian companies

Security Affairs

Anonymous collective has hacked the Russian Defense Ministry and leaked the data of its employees in response to the Ukraine invasion.

A New Cybersecurity “Social Contract”

Schneier on Security

The US National Cyber Director Chris Inglis wrote an essay outlining a new social contract for the cyber age: The United States needs a new social contract for the digital age — one that meaningfully alters the relationship between public and private sectors and proposes a new set of obligations for each.

Detect and Respond to Threats Across Your Applications, Networks, and Infrastructure

Understand how to solve cloud complexity challenges with threat detection tools, analyze security threats anywhere in your stack, and deploy turnkey detection rules mapped to the MITRE ATT&CK framework with Datadog Security Monitoring.

Ransomware Adds New Wrinkle in Russian Cybercrime Market

Dark Reading

Government crackdowns may destabilize Russian crime rings and strengthen their ties to Chinese allies

Red Cross Hack Linked to Iranian Influence Operation?

Krebs on Security

A network intrusion at the International Committee for the Red Cross (ICRC) in January led to the theft of personal information on more than 500,000 people receiving assistance from the group.

GUEST ESSAY: Can Apple’s pricey ‘Business Essentials’ truly help SMBs secure their endpoints?

The Last Watchdog

Today’s operating system battleground has long been defined by the warfare between the top three players—Microsoft’s Windows, Google’s Android, and Apple’s iOS. Related: Co ok vs. Zuckerberg on privacy. While each of them has its distinguishing features, Apple’s privacy and security are what makes it the typical enterprise’s pick.

MDM 161

Russia’s Sandworm Hackers Have Built a Botnet of Firewalls

WIRED Threat Level

Western intelligence services are raising alarms about Cyclops Blink, the latest tool at the notorious group’s disposal. Security Security / Cyberattacks and Hacks

Optimize the Performance of Your Serverless Functions

Run mission-critical applications on serverless without sacrificing visibility.

Xenomorph Android banking trojan distributed via Google Play Store

Security Affairs

Xenomorph Android trojan has been observed distributed via the official Google Play Store targeting 56 European banks. Researchers from ThreatFabric have spotted a new Android banking trojan, dubbed Xenomorph , distributed via the official Google Play Store that has over 50,000 installations.

9 cyber security predictions for 2022

IT Governance

Everybody wants to know what the future holds. Those who are a step ahead of the rest can foresee challenges and avoid falling into pitfalls, or they can spot opportunities and ride to success. This is as true in the cyber security landscape as it is in any other. But predictions are difficult.

Hidden Costs of a Data Breach

Dark Reading

Don't consider just the initial costs. Hidden factors include remediation, revenue loss, reputational harm, national security — even human life

IRS: Selfies Now Optional, Biometric Data to Be Deleted

Krebs on Security

The U.S. Internal Revenue Service (IRS) said Monday that taxpayers are no longer required to provide facial scans to create an account online at irs.gov.

The 5 Stages of Account-Based Marketing — and How to Win Them All

Successfully complete the five stages of ABM: define, identify, engage, convert, and connect. We’ll show you how to create a unified system with your sales team to help them land more qualified opportunities and connect with prospects like never before.

GUEST ESSAY: Successful tactics threat actors leverage to probe, compromise vulnerable networks

The Last Watchdog

When new vulnerabilities re announced or flaws are discovered in public or “off the shelf” applications, several things happen. News spreads of the risks while attackers and security professionals alike begin searching for potential attack targets for the purpose of exploiting or protecting them. Related: How GraphQLs expanded the attack surface. When Log4Shell first hit the street, we immediately saw attacks against almost every one of our customers.

Cryptocurrency Is Funding Ukraine's Defense—and Its Hacktivists

WIRED Threat Level

As Russia continues to amass troops at the border, resistance groups have seen a surge in crypto donations. Security Security / Security News

IT 104

CISA compiled a list of free cybersecurity tools and services

Security Affairs

The U.S. CISA has created a list of free cybersecurity tools and services that can help organizations increase their resilience. The U.S.