Trending Now
LATEST
Oracle spent 6 months to fix ‘Mega’ flaws in the Fusion Middleware
Researchers disclose technical details of a critical flaw in Fusion Middleware, tracked as CVE-2022–21445, that Oracle took six months to patch.
Security researchers have published technical details of a critical Fusion Middleware vulnerability, tracked as CVE-2022–21445, that was reported to...
Multiple malicious packages in PyPI repository found stealing AWS secrets
Researchers discovered multiple malicious Python packages in the official PyPI repository stealing AWS credentials and other info.
Sonatype researchers discovered multiple Python packages in the official PyPI repository that have been developed to steal secrets (i.e. AWS credentials and environment...
We’re now truly in the era of ransomware as pure extortion without the encryption
Why screw around with cryptography and keys when just stealing the info is good enough Feature US and European cops, prosecutors, and NGOs recently convened a two-day workshop in the Hague to discuss how to respond to the growing...
Learn NIST Inside Out With 21 Hours of Training @ 86% OFF
In cybersecurity, many of the best jobs involve working on government projects. To get a security clearance, you need to prove that you meet NIST standards. Cybersecurity firms are particularly interested in people who understand the RMF, or Risk Management...
EXCLUSIVE: Meta Failed To Protect Instagram’s Child Models From Pedophiles
A photographer accused of selling photos to pedophiles is allowed back on Instagram. Forbes alerts Meta to over a dozen accounts with over half a million followers sexualizing child and teenage models. Now the tech giant is coming under...
Lazarus Targets Chemical Sector With 'Dream Job.' [Research Saturday]
Alan Neville, a Threat Intelligence Analyst from Symantec Broadcom, joins Dave to discuss their research "Lazarus Targets Chemical Sector." Symantec has observed the North Korea-linked threat group known as Lazarus conducting...
Weekly Update 301
Presently sponsored by: Varonis for Salesforce. Protect Salesforce data from overexposure and cyberthreats. Try it free!First up, I'm really sorry about the audio quality on this one. It's the exact same setup I used last week (and carefully tested...
A Man of Action: Meet Callum Carney
Hidden Talents: He was a competitive swimmer for many years. Instrument of Choice: His fingers were made for the keyboard, but he used to play the trumpet. 5 pieces of entertainment for the rest of his life: The Office,...
Threat Intelligence Services Are Universally Valued by IT Staff
Most of those surveyed are concerned about AI-based attacks and deepfakes, but suggest that their organization is ready.
More than $100m in cryptocurrency stolen from blockchain biz
'A humbling and unfortunate reminder' that monsters lurk under bridges Blockchain venture Harmony offers bridge services for transferring crypto coins across different blockchains, but something has gone badly wrong.…
Why We're Getting Vulnerability Management Wrong
Security is wasting time and resources patching low or no risk bugs. In this post, we examine why security practitioners need to rethink vulnerability management.
Friday Squid Blogging: Squid Cubes
Researchers thaw squid frozen into a cube and often make interesting discoveries. (Okay, this is a weird story.)
As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.
Read...
Lithuania warns of DDoS. Some limited Russian success in cyber phases of its hybrid war. Spyware infestations in Italy and Kazakstan. Tabletop exercises. Ransomware as misdirection
Lithuania's NKSC warns of increased DDoS threat. Limited Russian success in the cyber phases of its hybrid war. Another warning of spyware in use against targets in Italy and Kazakhstan. Hey,...
#InfosecurityEurope2022: Preparing for Future Challenges and Opportunities
The closing keynote panel explored how we can anticipate the future of cybercrime
APT Groups Swarming on VMware Servers with Log4Shell
CISA tells organizations running VMware servers without Log4Shell mitigations to assume compromise.
Mitek launches MiVIP platform to fight identity theft
A new easy-to-deploy identity platform was announced this week to help address growing concerns about identity theft. The Mitek Verified Identity Platform (MiVIP) melds the company's mobile technologies with those of its recent acquisitions to give its customers flexible...
Black Basta may be an all-star ransomware gang made up of former Conti and REvil members
The group has targeted 50 businesses from English speaking countries since April 2022.
The post Black Basta may be an all-star ransomware gang made up of former Conti and REvil members appeared first on TechRepublic.
The surveillance-as-a-service industry needs to be brought to heel
Here we go again: another example of government surveillance involving smartphones from Apple and Google has emerged, and it shows how sophisticated government-backed attacks can become and why there's justification for keeping mobile platforms utterly locked down.What has happened?
I...
Best cybersecurity certifications in 2022
Solidify your skills as a cybersecurity professional by becoming certified. Here is a list of some of the best cybersecurity certifications available today.
The post Best cybersecurity certifications in 2022 appeared first on TechRepublic.
Only 3% of Open Source Software Bugs Are Actually Attackable, Researchers Say
A new study says 97% of open source vulnerabilities linked to software supply chain risks are not attackable — but is "attackability" the best method for prioritizing bugs?
Italian spyware firm is hacking into iOS and Android devices, Google says
Google's Threat Analysis Group (TAG) has identified Italian vendor RCS Lab as a spyware offender, developing tools that are being used to exploit zero-day vulnerabilities to effect attacks on iOS and Android mobile users in Italy and Kazakhstan.According to a...
OpenSSL issues a bugfix for the previous bugfix
Fortunately, it's not a major bugfix, which means it's easy to patch and can teach us all some useful lessons.
#InfosecurityEurope2022: The Interactivity Between Nation-State Attackers and Organized Crime Gangs
Geoff White also touched upon the emerging world of cryptocurrency theft
Threat actors continue to exploit Log4Shell in VMware Horizon Systems
The U.S. CISA and the Coast Guard Cyber Command (CGCYBER) warn of attacks exploiting the Log4Shell flaw in VMware Horizon servers.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA), along with the Coast Guard Cyber Command (CGCYBER), published a joint...
#InfosecurityEurope2022: Security awareness must be in the moment
Annual or quarterly security training will not protect organizations from phishing and other human threats