Is OTP a Viable Alternative to NIST's Post-Quantum Algorithms?
The quantum threat to RSA-based encryption is deemed to be so pressing that NIST is seeking a quantum safe alternative
04-10-2022 16:06

Critical Packagist Vulnerability Opened Door for PHP Supply Chain Attack
Code security company SonarSource today published details on a severe vulnerability impacting Packagist, which could have been abused to mount supply chain attacks targeting the PHP community.
04-10-2022 15:14

DHS Tells Federal Agencies to Improve Asset Visibility, Vulnerability Detection
The Cybersecurity and Infrastructure Security Agency (CISA) this week published Binding Operational Directive 23-01 (BOD 23-01), which requires federal agencies to take the necessary steps to improve their asset visibility and vulnerability detection cap
04-10-2022 15:09

Firmware Security Company Eclypsium Raises $25 Million in Series B Funding
Firmware and hardware security company Eclypsium announced on Tuesday that it has raised $25 million in a Series B funding round, which brings the total invested in the firm to $50 million.
04-10-2022 14:04

Webinar Today: The Ultimate Insider's Guide to DDoS Mitigation Strategies
04-10-2022 13:40

How Oso’s security-as-code approach to authorization might change how you think about security
Most developers aren’t particularly good at building authorization into their applications, but would they trust a third-party provider like Oso? The post appeared first on .
04-10-2022 13:30

Web Security Company Detectify Raises $10 Million
Sweden-based domain and web application security firm Detectify has received a $10 million investment from Insight Partners, bringing the total raised by the company to $42 million.
04-10-2022 13:04

Critical Vulnerabilities Expose Parking Management System to Hacker Attacks
Nearly a dozen vulnerabilities have been found in a car parking management system made by Italian company Carlo Gavazzi, which makes electronic control components for building and industrial automation.
04-10-2022 12:16

Top 5 trends to watch in cloud security
Cloud security solutions continue to emerge as threats to cloud resources evolve. However, what are the common trends to look out for in cloud security in the coming years? Let's find out. The post appeared first on .
04-10-2022 11:18

Mitigation for ProxyNotShell Exchange Vulnerabilities Easily Bypassed
A mitigation proposed by Microsoft and others for the new Exchange Server zero-day vulnerabilities named ProxyNotShell can be easily bypassed, researchers warn. The security holes, officially tracked as CVE-2022-41040 and CVE-2022-41082, can allow an att
04-10-2022 10:46

Cybersecurity M&A Roundup: 39 Deals Announced in September 2022
04-10-2022 10:15

Keep your business totally secure with this decentralized VPN
The pocket-sized Deeper Connect Pico can help you tap into a worldwide security network. The post appeared first on .
04-10-2022 09:00

Report: Mexico Continued to Use Spyware Against Activists
The Mexican government or army has allegedly continued to use spyware designed to hack into the cellphones of activists, despite a pledge by President Andrés Manuel López Obrador to end such practices.
04-10-2022 01:10

How ransomware gangs operate like legitimate businesses
Today’s ransomware groups act like regular businesses with PR and advertising, escrow services and even customer support, says Cybersixgill. The post appeared first on .
03-10-2022 19:30

LayerX Raises $7.5M Seed Funding to Tackle Secure Web Browsing
Israeli startup LayerX has joined the list of companies scoring investor interest in the tricky enterprise browser market. LayerX, based in Tel Aviv, came out of the shadows Monday with $7.5 million in seed funding and ambitious plans to build technology
03-10-2022 19:20

TechRepublic Premium editorial calendar: IT policies, checklists, toolkits, and research for download
TechRepublic Premium content helps you solve your toughest IT issues and jump-start your career or next project. The post appeared first on .
03-10-2022 16:30

Supply Chain Attack Targets Customer Engagement Firm Comm100
CrowdStrike is warning of a recently identified supply chain attack involving Canada-based customer engagement software provider Comm100.
03-10-2022 15:03

Optus Says ID Numbers of 2.1 Million Compromised in Data Breach
Australian telecommunications company Optus says that 2.1 million of its customers had numbers associated with their identification documents compromised in a recent data breach.
03-10-2022 13:14

Cloudflare shows flair with new products for mobile and IoT security
Cloudflare celebrates its 12th anniversary with the launch of a Zero Trust SIM, an IoT security platform and a Botnet Threat Feed. The post appeared first on .
03-10-2022 12:50

CISA Warns of Attacks Exploiting Recent Atlassian Bitbucket Vulnerability
The United States Cybersecurity and Infrastructure Security Agency (CISA) is warning of the active exploitation of a recent Atlassian Bitbucket vulnerability and two Microsoft Exchange zero-days. Atlassian Bitbucket is a Git-based repository management s
03-10-2022 10:49

North Korean Hackers Exploit Dell Driver Vulnerability to Disable Windows Security
North Korean state-sponsored hacking group Lazarus was seen exploiting a Dell DBUtil driver vulnerability to disable the security mechanisms on the targeted Windows machines.
03-10-2022 10:29

Microsoft Links Exploitation of Exchange Zero-Days to State-Sponsored Hacker Group
Microsoft has been investigating the attacks exploiting the new Exchange Server zero-day vulnerabilities and believes that a single state-sponsored threat group has been using them in highly targeted attacks.
03-10-2022 10:13

8 questions to ask yourself before getting a home security camera
As each new smart home device may pose a privacy and security risk, do you know what to look out for before inviting a security camera into your home? The post appeared first on
03-10-2022 09:30

Shangri-La hotels Customer Database Hacked
The Shangri-La hotel group has said a database containing the personal information of customers at eight of its Asian properties between May and July has been hacked. The breach covered hotels in Hong Kong, Singapore, Chiang Mai, Taipei and Tokyo but the
01-10-2022 11:35

Hack Puts Latin American Security Agencies on Edge
A massive trove of emails from Mexico’s Defense Department is among electronic communications taken by a group of hackers from military and police agencies across several Latin American countries, Mexico’s president confirmed Friday.
01-10-2022 01:05

This cloud storage with NAS support costs less than you think
The ElephantDrive cloud solution offers two years of 1TB storage for just $38.99. The post appeared first on .
30-09-2022 19:47

15 highest-paying certifications for 2022
Number one on Skillsoft's 2022 list of top-paying IT certs is AWS Certified Solutions Architect Professional, with an annual salary of $168,080. The post appeared first on .
30-09-2022 19:36

Canon Medical Product Vulnerabilities Expose Patient Information
Trustwave is warning healthcare organizations of two cross-site scripting (XSS) vulnerabilities in Canon Medical’s popular medical imaging sharing tool Vitrea View.
30-09-2022 14:59

What's Going on With Cybersecurity VC Investments?
30-09-2022 14:18

ESET Research into new attacks by Lazarus – Week in security with Tony Anscombe
The attack involved the first recorded abuse of a security vulnerability in a Dell driver that was patched in May 2021 The post appeared first on
30-09-2022 14:10

CISA Issues Guidance on Transitioning to TLP 2.0
The US Cybersecurity and Infrastructure Security Agency (CISA) this week published a user guide to help organizations prepare for the November 1, 2022, move from Traffic Light Protocol (TLP) version 1.0 to TLP 2.0.
30-09-2022 13:10

DoD Announces Final Results of 'Hack US' Bug Bounty Program
The US Department of Defense (DoD) and HackerOne this week announced the results of the one-week bug bounty challenge that ran from July 4 to July 11, 2022.
30-09-2022 12:54

Microsoft Confirms Exploitation of Two Exchange Server Zero-Days
Microsoft has confirmed that it’s aware of two Exchange Server zero-day vulnerabilities that have been exploited in targeted attacks. The tech giant is working on patches.
30-09-2022 12:05

Chinese Cyberespionage Group 'Witchetty' Updates Toolset in Recent Attacks
Chinese cyberespionage group Witchetty has been observed updating its toolset in recent attacks targeting entities in the Middle East and Africa, Symantec reports. Also referred to as LookingFrog, Witchetty is believed to be part of Cicada, the Chinese a
30-09-2022 11:22

Cisco Patches High-Severity Vulnerabilities in Networking Software
Cisco this week announced IOS and IOS XE software updates that address 12 vulnerabilities, including 10 high-severity security flaws.
30-09-2022 11:05

Amazon‑themed campaigns of Lazarus in the Netherlands and Belgium
ESET researchers have discovered Lazarus attacks against targets in the Netherlands and Belgium that use spearphishing emails connected to fake job offers The post appeared first on
30-09-2022 10:00

Microsoft Exchange Attacks: Zero-Day or New ProxyShell Exploit?
A cybersecurity company based in Vietnam has reported seeing attacks exploiting a new Microsoft Exchange zero-day vulnerability, but it may just be a variation of the old ProxyShell exploit.
30-09-2022 09:27

How Multilayered Security Features Help Protect Modern Devices from New Threats
Cybersecurity threats and attacks are on an upswing with no end in sight. It’s clear that organizations must do more to protect their data and employees. AMD and Microsoft have worked together to integrate hardware and software security features to help
30-09-2022 00:00

NSA Cyber Specialist, Army Doctor Charged in US Spying Cases
A cyber specialist who worked at the US National Security Agency and an army doctor and his wife were charged Thursday in separate cases with seeking to sell US secrets to foreign governments.
29-09-2022 21:47

New Chaos malware spreads over multiple architectures
A new malware named Chaos raises concerns as it spreads on multiple architectures and operating systems. The post appeared first on .
29-09-2022 21:37

Report finds women are declining CISO/CSO roles
Professional risk factors into career decisions, and successful women need to encourage other women to accept the risks, says Accenture. The post appeared first on .
29-09-2022 20:52

North Korean Gov Hackers Caught Rigging Legit Software
Threat hunters at Microsoft have intercepted a notorious North Korean government hacking group lacing legitimate open source software with custom malware capable of data theft, espionage, financial gain and network destruction.
29-09-2022 17:05

Investors Bet on Ox Security to Guard Software Supply Chains
The funding frenzy in the software supply chain space now includes Ox Security, an early-stage Israeli startup that just raised a whopping $34 million in seed-stage financing.
29-09-2022 15:54

More Than Half of Security Pros Say Risks Higher in Cloud Than On Premise
Report shows that forty-five percent of companies have had four or more cloud incidents in the last year
29-09-2022 15:05

Details Disclosed After Schneider Electric Patches Critical Flaw Allowing PLC Hacking
Schneider Electric in recent months released patches for its EcoStruxure platform and some Modicon programmable logic controllers (PLCs) to address a critical vulnerability that was disclosed more than a year ago.
29-09-2022 14:48

Australia Flags Tough New Data Protection Laws This Year
Australia could have tough new data protection laws in place this year in an urgent response to a cyberattack that stole from a telecommunications company the, the attorney-general said Thursday.
29-09-2022 14:40

Drupal Updates Patch Vulnerability in Twig Template Engine
Updates announced for Drupal this week address a severe vulnerability in Twig that could lead to the leakage of sensitive information. Drupal is a PHP-based open source web content management system that has been using Twig as its default templating engi
29-09-2022 13:16

Hackers Possibly From China Using New Method to Deploy Persistent ESXi Backdoors
Hackers possibly from China have been using a new technique to install persistent backdoors in VMware ESXi hypervisors, giving them significant capabilities while making detection more difficult.
29-09-2022 13:09

Auth0 Finds No Breach Following Source Code Compromise
Okta-owned Auth0 this week announced that it has not identified an intrusion into its environment after a third-party said they were in the possession of older source code repositories.
29-09-2022 12:37

Multi-Cloud Networks Require Cloud-Native Protection
By integrating with native security services on major cloud platforms, a CNP solution can correlate security findings to pinpoint risks and recommend mitigations
29-09-2022 10:30

Kaiji Botnet Successor 'Chaos' Targeting Linux, Windows Systems
Black Lotus Labs, Lumen Technologies’ threat intelligence team, has issued a warning on Chaos, the new variant of the Kaiji distributed denial-of-service (DDoS) botnet, targeting enterprises and large organizations.
29-09-2022 10:18

Launch an IT career after taking these eight courses for under $50
Get a great deal on 110 hours of IT training in these online courses focused on tech basics in the CompTIA and Microsoft certification exams. The post appeared first on .
28-09-2022 17:48

Fast Company Hack Impacts Website, Apple News Account
American business magazine Fast Company has confirmed that its Apple News account was hijacked after hackers compromised its content management system (CMS). The monthly magazine focuses on business, technology, and design. In addition to its online vers
28-09-2022 15:29

Report Shows How Long It Takes Ethical Hackers to Execute Attacks
A survey of more than 300 ethical hackers conducted by cybersecurity companies Bishop Fox and SANS Institute found that many could execute an end-to-end attack in less than a day.
28-09-2022 15:07

L2 Network Security Control Bypass Flaws Impact Multiple Cisco Products
Cisco this week has confirmed that tens of its enterprise routers and switches are impacted by bypass vulnerabilities in the Layer-2 (L2) network security controls.
28-09-2022 14:12

CloudBees CEO: Software delivery is now ‘release orchestration’
Enterprise software delivery company CloudBees has a new SaaS offering to discuss, and the firm's CEO gets philosophical. The post appeared first on .
28-09-2022 13:30

High-Profile Hacks Show Effectiveness of MFA Fatigue Attacks
What are MFA fatigue attacks and how can they be prevented?
28-09-2022 12:12

Cyber Warfare Rife in Ukraine, But Impact Stays in Shadows
28-09-2022 11:03

Chrome 106 Patches High-Severity Vulnerabilities
Google this week announced the release of Chrome 106 to the stable channel with patches for 20 vulnerabilities, including 16 reported by external researchers. Of the externally reported security bugs, five are rated ‘high’ severity, eight are ‘medium’ se
28-09-2022 10:06

Protecting teens from sextortion: What parents should know
Online predators increasingly trick or coerce youth into sharing explicit videos and photos of themselves before threatening to post the content online The post appeared first on
28-09-2022 09:30

Meta Disables Russian Propaganda Network Targeting Europe
A sprawling disinformation network originating in Russia sought to use hundreds of fake social media accounts and dozens of sham news websites to spread Kremlin talking points about the invasion of Ukraine, Meta revealed Tuesday.
28-09-2022 00:31

Researchers Crowdsourcing Effort to Identify Mysterious Metador APT
Cybersecurity sleuths at SentinelLabs are calling on the wider threat hunting community to help decipher a new mysterious malware campaign hitting telcos, ISPs and universities in the Middle East and Africa.
27-09-2022 18:44

Malicious Oauth app enables attackers to send spam through corporate cloud tenants
Microsoft investigated a new kind of attack where malicious OAuth applications were deployed on compromised cloud tenants before being used for mass spamming. The post appeared first on .
27-09-2022 15:40

Google, Apple Remove 'Scylla' Mobile Ad Fraud Apps After 13 Million Downloads
Cybersecurity firm Human has discovered and disrupted a mobile ad fraud campaign involving 89 mobile applications with a total download count of 13 million.
27-09-2022 14:25

Senators Push to Reform Police's Cellphone Tracking Tools
Civil rights lawyers and Democratic senators are pushing for legislation that would limit U.S. law enforcement agencies’ ability to buy cellphone tracking tools to follow people’s whereabouts, including back years in time, and sometimes without a search
27-09-2022 14:03

GuidePoint Security Launches ICS/OT Security Services
Virginia-based cybersecurity consulting services company GuidePoint Security has announced the launch of new offerings focusing on industrial control systems (ICS) and other operational technology (OT).
27-09-2022 13:43

New Infostealer Malware 'Erbium' Offered as MaaS for Thousands of Dollars
Security researchers are warning of a new information stealer named Erbium being distributed under the Malware-as-a-Service (MaaS) model. The threat made its initial appearance in late July, when a Russian speaking threat actor started advertising it on
27-09-2022 13:24

Defense Giant Elbit Confirms Data Breach After Ransomware Gang Claims Hack
Elbit Systems of America, a subsidiary of Israeli defense giant Elbit Systems, has confirmed suffering a data breach, a few months after a ransomware gang claimed to have hacked the company’s systems.
27-09-2022 12:24

Samsung Sued Over Recent Data Breaches
Represented by Clarkson Law Firm, two Samsung users have filed a class action lawsuit against the electronics manufacturer over the two data breaches the company has suffered in 2022.
27-09-2022 11:01

Two Remote Code Execution Vulnerabilities Patched in WhatsApp
WhatsApp has patched two serious vulnerabilities that could be exploited for remote code execution.
27-09-2022 10:45

Australian Police Probe Purported Hacker's Ransom Demand
Australian police were investigating a purported hacker’s release of the stolen personal data of 10,000 Optus customers and demand for a $1 million ransom in cryptocurrency, the telecommunications company’s chief executive said Tuesday.
27-09-2022 10:19

Russia Gives Citizenship to Ex-NSA Contractor Edward Snowden
Russian President Vladimir Putin has granted Russian citizenship to former U.S. security contractor , according to a decree signed Monday by the Russian leader.
26-09-2022 18:11

Ukraine Says Russia Planning 'Massive Cyberattacks' on Critical Infrastructure
The Ukrainian government says it is bracing to deal with “massive cyberattacks” from Russian hackers against critical infrastructure targets in the energy sector.
26-09-2022 16:18

Hackers Leak French Hospital Patient Data in Ransom Fight
Hackers who crippled a French hospital and stole a trove of data last month have released personal records of patients online, officials have confirmed. The cyberattackers demanded a multimillion dollar ransom from the Corbeil-Essonnes hospital near
26-09-2022 15:23

Australia Mulls Tougher Cybersecurity Laws After Data Breach
The Australian government said on Monday it is considering tougher cybersecurity rules for telecommunications companies and blamed Optus, the nation’s second-largest wireless carrier, for an from 9.8 million customers.
26-09-2022 13:46

Breached American Airlines Email Accounts Abused for Phishing
American Airlines discovered it was breached after receiving reports of employee email accounts being used in phishing attacks. Last week, the airline started informing some of its customers that their personal data was likely compromised in a data breac
26-09-2022 13:44

Why 2FA is failing and what should be done about it
Jack Wallen details a recent hack and why he believes one aspect of two-factor authentication is part of the problem. The post appeared first on .
26-09-2022 13:22

UK Teen Arrested Over Rockstar Games, Uber Hacks
The City of London Police announced on Friday that a 17-year-old had been arrested on suspicion of hacking, and there are some reports that the suspect is believed to have been involved in the recent cyberattacks targeting Uber and Rockstar Games.
26-09-2022 12:39

Ukraine Cracks Down on Group Selling Hacked Accounts to Pro-Russia Propagandists
Ukrainian authorities take down cybercrime group that hacked 30 million accounts Ukrainian authorities say they have taken down a pro-Russia hacking group that compromised user accounts and then sold them for profit on dark web portals.
26-09-2022 11:33

Microsoft Dismantles Spam Campaign Abusing OAuth Applications
Microsoft says it has dismantled a malicious campaign relying on a network of single-tenant OAuth applications for the distribution of spam messages.
26-09-2022 11:14

Hacktivist Attacks Show Ease of Hacking Industrial Control Systems
26-09-2022 10:50

Sophos Firewall Zero-Day Exploited in Attacks on South Asian Organizations
UK-based cybersecurity company Sophos has warned customers that a new zero-day vulnerability affecting some of its firewall products has been exploited in attacks.
26-09-2022 10:24

What happens with a hacked Instagram account – and how to recover it
Had your Instagram account stolen? Don’t panic – here’s how to get your account back and how to avoid getting hacked (again) The post appeared first on
26-09-2022 09:30

Training the next generation of cybersecurity experts to close the crisis gap
The biggest threat to cybersecurity departments could be the lack of qualified employees, leaving companies vulnerable. The post appeared first on .
23-09-2022 21:42

Colonial Pipeline ransomware group using new tactics to become more dangerous
Dubbed Coreid, the group has adopted a new version of its data exfiltration tool and is offering more advanced capabilities to profitable affiliates, says Symantec. The post appeared first on .
23-09-2022 21:28

What to consider before disposing of personal data – Week in security with Tony Anscombe
A major financial services company has learned the hard way about the importance of proper disposal of customers' personal data The post appeared first on
23-09-2022 19:20

SentinelOne Announces $100 Million Venture Fund
Endpoint security firm SentinelOne (NYSE: S) this week announced a $100 million venture fund that the publicly-traded company will use to invest other security startups.
23-09-2022 15:40

Microsoft Issues Out-of-Band Patch for Flaw Allowing Lateral Movement, Ransomware Attacks
Microsoft this week released an out-of-band security update for its Endpoint Configuration Manager solution to patch a vulnerability that could be useful to malicious actors for moving around in a targeted organization’s network.
23-09-2022 15:03

LogicGate Risk Cloud: Product review
Now you can see your institution's fraud and security risks in a new way, with LogicGate Risk Cloud. Read our review here. The post appeared first on .
23-09-2022 14:35

New 'Wolfi' Linux Distro Focuses on Software Supply Chain Security
Chainguard this week announced Wolfi, a stripped-down Linux OS distribution designed to improve the security of the software supply chain.
23-09-2022 14:11

BIND Updates Patch High-Severity Vulnerabilities
The Internet Systems Consortium (ISC) this week announced the availability of patches for six vulnerabilities in the widely deployed BIND DNS software, all remotely exploitable.
23-09-2022 14:01

"Left and Right of Boom" - Having a Winning Strategy
As security practitioners are painfully aware, it is not a matter of if but when their organization will come under cyberattack. Given this year’s geopolitical events, the likelihood of falling victim to an attack has exponentially increased. And while t
23-09-2022 13:45

CISA Warns of Zoho ManageEngine RCE Vulnerability Exploitation
The US Cybersecurity and Infrastructure Security Agency (CISA) on Thursday warned of cyberattacks targeting a recently addressed vulnerability in Zoho ManageEngine.
23-09-2022 13:11

New Firmware Vulnerabilities Affecting Millions of Devices Allow Persistent Access
Firmware security company Binarly has discovered another round of potentially serious firmware vulnerabilities that could allow an attacker to gain persistent access to any of the millions of affected devices.
23-09-2022 12:50

NSA, CISA Explain How Threat Actors Plan and Execute Attacks on ICS/OT
US government agencies have shared a new cybersecurity resource that can help organizations defend critical control systems against threat actors.
23-09-2022 10:40

5 tips to help children navigate the internet safely
The online world provides children with previously unimagined opportunities to learn and socialize, but it also opens them up to a range of hazards. How can you steer kids toward safe internet habits? The post appeared first on
23-09-2022 09:30

Cyberattack Steals Passenger Data From Portuguese Airline
Portugal’s national airline TAP Air Portugal says hackers obtained the personal data of some of its customers and have published the information on the dark web.
23-09-2022 01:24

Maak van elke plek een slimme ruimte
Door het combineren van IT, IoT en fysieke omgevingen kunnen IT-teams geautomatiseerde slimme ruimten opzetten voor hun organisatie. Leer hoe u: Connectiviteit en sensoren kan inzetten om prioriteiten te bepalen voor de schoonmaak van locaties en het beh
23-09-2022 00:00

Smart Spaces Experience Guide – Transform Any Place into a Smart Space
Transform rooms, buildings, and spaces into assets that inform new insights, inspire collaboration, and drive efficiencies through automation and analytics. With our best-in-class, cloud-first technologies, Cisco Meraki removes complexity so you can focu
23-09-2022 00:00

Transformez n’importe quel endroit en un espace intelligent
Grâce à ses technologies basées sur le cloud, Cisco Meraki vous apporte de la simplicité. Nous réunissons IT, IoT et environnements physiques pour permettre aux équipes informatiques de déployer des espaces intelligents automatisés. Découvrez comment : u
23-09-2022 00:00

source : hackernews, securityweek, techrepublicsecurity, welivesecurity