Archive for the ‘Information Security’ Category

Many security engineers are already one foot out the door

Many security engineers are already one foot out the door. Why? The position of security engineer has become a pivotal role for modern security teams. Practitioners are responsible for critical monitoring of networks and systems to identify threats or intrusions that could cause immense harm to an organization. They must analyze troves of security-related data, detect immediate […]

Leave a Comment

Hackers can steal your Tesla Model 3, Y using new Bluetooth attack

https://www.bleepingcomputer.com/news/security/hackers-can-steal-your-tesla-model-3-y-using-new-bluetooth-attack/ Security researchers at the NCC Group have developed a tool to carry out a Bluetooth Low Energy (BLE) relay attack that bypasses all existing protections to authenticate on target devices. BLE technology is used in a wide spectrum of products, from electronics like laptops, mobile phones, smart locks, and building access control systems to cars like Tesla […]

Leave a Comment

Undetectable Backdoors in Machine-Learning Models

https://www.schneier.com/crypto-gram/archives/2022/0515.html#cg1 New paper: “Planting Undetectable Backdoors in Machine Learning Models“: Abstract: Given the computational cost and technical expertise required to train machine learning models, users may delegate the task of learning to a service provider. We show how a malicious learner can plant an undetectable backdoor into a classifier. On the surface, such a backdoored classifier […]

Leave a Comment

Zero-day bug in uClibc library could leave IoT devices vulnerable to DNS poisoning attacks

A zero-day vulnerability in uClibc and uClibc-ng, a popular C standard library, could enable a malicious actor to launch DNS poisoning attacks on vulnerable IoT devices. The bug, tracked as ICS-VU-638779, which has yet to be patched, could leave users exposed to attack, researchers have warned. DNS poisoning In a DNS poisoning attack, the target domain name […]

Leave a Comment

Nation-state Hackers Target Journalists with Goldbackdoor Malware

A campaign by APT37 used a sophisticated malware to steal information about sources , which appears to be a successor to Bluelight. Sophisticated hackers believed to be tied to the North Korean government are actively targeting journalists with novel malware dubbed Goldbackdoor. Attacks have consisted of multistage infection campaign with the ultimate goal of stealing […]

Leave a Comment

Hackers Are Getting Caught Exploiting New Bugs

Leave a Comment

Free Infographic: What is ransomware and how can I protect my business?

Ransomware is a type of malicious program that demands payment after launching a cyber attack on a computer system. This type of malware has become increasingly popular among criminals, costing organizations millions each year. Security experts recognise that ransomware is one of the fastest-growing forms of cyber attack. Its prevalence and reach was emphasised when WannaCry, […]

Leave a Comment

How vx-underground is building a hacker’s dream library

Editor’s Note: When malware repository vx-underground launched in 2019, it hardly made a splash in the hacking world. “I had no success really,” said its founder, who goes by the online moniker smelly_vx. But over the last couple of years, the site’s popularity has soared thanks in part to its robust Twitter presence that mixes […]

Leave a Comment

The importance of understanding cloud native security risks

In this video for Help Net Security, Paul Calatayud, CISO at Aqua Security, talks about cloud native security and the problem with the lack of understanding of risks to this environment. A recent survey of over 100 cloud professionals revealed that often businesses lead the charge in cloud, they see the opportunity, they move forward, but more and […]

Leave a Comment

Morgan Stanley Client Accounts Breached in Social Engineering Attacks

Morgan-Stanley-Client-Accounts-Breached-in-Social-Engineering-Attacks-1Download

Leave a Comment

FCC adds Kaspersky to Covered List due to unacceptable risks to national security

The Federal Communications Commission (FCC) added Kaspersky to its Covered List because it poses unacceptable risks to U.S. national security. The Federal Communications Commission (FCC) added multiple Kaspersky products and services to its Covered List saying that they pose unacceptable risks to U.S. national security. “The Federal Communications Commission’s Public Safety and Homeland Security Bureau today added […]

Leave a Comment

Biden signs cyber incident reporting bill into law

President Joe Biden on Tuesday signed into law a $1.5 million government funding bill that includes legislation mandating critical infrastructure owners report if their organization has been hacked or made a ransomware payment. Biden signed the legislation during a White House ceremony that was attended by administration officials and top Democratic lawmakers, including including House […]

Leave a Comment

Integrating Cybersecurity and Enterprise Risk Management (ERM)

Source: https:// doi.org /10.6028/NIST.IR.8286-draft2 ISO 31000: 2018 Enterprise Risk Management (CERM Academy Series on Enterprise Risk Management)

Leave a Comment

Network Infrastructure Security Guidance

Building a Future-Proof Cloud Infrastructure: A Unified Architecture for Network, Security, and Storage Services

Leave a Comment

Take a dev-centric approach to cloud-native AppSec testing

While some applications are still being built on a monolithic (all-in-one) architecture – i.e., all components in a single code base, on a single server, connected to the internet – an increasing number of them is now based on the microservices architecture, with each application microservice a self-contained functionality, “housed” in a container managed by […]

Leave a Comment

Ukraine: Belarusian APT group UNC1151 targets military personnel with spear phishing

The CERT of Ukraine (CERT-UA) warned of a spear-phishing campaign targeting Ukrainian armed forces personnel. The Computer Emergency Response Team of Ukraine (CERT-UA) is warning of an ongoing spear-phishing campaign targeting private email accounts belonging to Ukrainian armed forces personnel. The Ukrainian agency attributes the campaign to the Belarus-linked cyberespionage group tracked as UNC1151. In mid-January, […]

Leave a Comment

New Book: Advanced Security Testing with Kali Linux!

In Advanced Security Testing with Kali Linux you will learn topics like: The MITRE ATT@CK Framework Command & Control (C2) Frameworks Indepth Network Scanning Web App Pentesting Advanced Techniques like “Living off the Land” AV Bypass Tools Using IoT Devices in Security and much, much more!! Learning attacker Tactics, Techniques and Procedures (TTPs) are imperative in defending […]

Leave a Comment

50 Key Stats About Freedom of the Internet Around the World

Almost every part of our everyday lives is closely connected to the internet – we depend on it for communication, entertainment, information, running our households, even running our cars. Not everyone in the world has access to the same features and content on the internet, though, with some governments imposing restrictions on what you can […]

Leave a Comment

Master decryption keys for Maze, Egregor, and Sekhmet ransomware leaked online

The master decryption keys for the Maze, Egregor, and Sekhmet ransomware families were released on the BleepingComputer forums by the alleged malware developer. The Maze group was considered one of the most prominent ransomware operations since it began operating in May 2019. The gang was the first to introduce a double-extortion model in the cybercrime landscape at the […]

Leave a Comment

3 key elements of a strong cybersecurity program

The world relies on technology. So, a strong cybersecurity program is more important than ever. The challenge of achieving good cyber hygiene can be especially acute for small- and medium-sized businesses. This is particularly true for those with fully remote or hybrid work environments. Add to the mix limited resources and limited talent focused on cybersecurity, and […]

Leave a Comment