Ex-CIA security boss predicts coming crackdown on spyware

The Register - Thu, 11/08/2022 - 20:15
Plus, spoiler alert: ransomware is gonna get a lot worse

Black Hat  It turns out that ex-CIA chief information security officers don't spill secrets at bars in Vegas. Or via Zoom, while pretending to be at a Black Hat cocktail party.…

Categories: News

Sonatype spots another PyPI package behaving badly

The Register - Thu, 11/08/2022 - 19:30
Identity of a real person was used to lend credence to a package that dropped cryptominer in memory

Sonatype has unearthed yet more malware lurking on PyPI, this time a fileless Linux nasty designed to mine Monero and using the identity of a real person to lend credibility to the package.…

Categories: News

Keeping the enemy at the gate

The Register - Thu, 11/08/2022 - 18:21
Stop ransomware with Zero Trust security networks in place

Webinar  Faced with relentless cyberattacks organizations need the kind of defenses usually reserved for small states. And everything that Zero Trust principles can pull into play will help safeguard against the nimble nastiness of the dark actors intent on doing harm.…

Categories: News

Don't be surprised if your organization suffers multiple cyberattacks

The Register - Thu, 11/08/2022 - 17:15
Failing to fix flaws, a crowded threat group scene, RaaS, and dependencies among crooks are fueling the trend

Security experts spent years warning enterprises to expect cyberattacks and to plan their defenses accordingly, now Sophos researchers are saying organizations shouldn't be surprised if they get attacked multiple times.…

Categories: News

Making the cloud a safer place with SANS

The Register - Thu, 11/08/2022 - 12:01
Get advice from experts on how to nail cloud native security in a multi-cloud world

Sponsored Post  Protecting sensitive data and mission critical applications spread across multiple on- and off-prem cloud environments and different service providers is a tough gig for busy security professionals. So a chance to hear from experts and peers on how best to stop hackers from making hay will be welcome.…

Categories: News

Cisco admits corporate network compromised by gang with links to Lapsus$

The Register - Thu, 11/08/2022 - 06:59
Voice-phished their way in, but Switchzilla claims no damage done

Cisco disclosed on Wednesday that its corporate network was accessed by cyber-criminals in May after an employee's personal Google account was compromised – an act a ransomware gang named "Yanluowang" has now claimed as its work.…

Categories: News

Meta privacy red team lead: Does your business know its privacy adversaries?

The Register - Thu, 11/08/2022 - 02:15
Ethical hackers, but for privacy programs

Black Hat  Miscreants aren't only working to exploit flaws in an enterprise's security posture, they're also looking for holes in organizations' privacy programs to steal user data, according to Meta's Scott Tenaglia.…

Categories: News

Boffins rate npm and PyPI package security and it's not good

The Register - Thu, 11/08/2022 - 01:54
Guess what? Open source security still has gaps

The Open Source Security Foundation (OpenSSF), as its name plainly states, aims to help make open source software more secure, but improvements flowing from its efforts are hard to find.…

Categories: News

Ex-CISA chief Krebs calls for US to get serious on security

The Register - Thu, 11/08/2022 - 00:26
Black Hat kicks off with call for single infosec agency with real clout and less confused crossover

Black Hat  It's time to reorganize the US government and create a new agency focused solely on on digital risk management services, according to former CISA director Chris Krebs.…

Categories: News

As Black Hat kicks off, the US government is getting the message on hiring security talent

The Register - Wed, 10/08/2022 - 21:58
Katie Moussouris tells it like it is

Black Hat interview  With the world's largest collection of security folk gathering in Las Vegas for Black hat there are encouraging signs that the US government might actually be getting smarter about hiring.…

Categories: News

Maui ransomware linked to North Korean group Andariel

The Register - Wed, 10/08/2022 - 19:14
Attack origins point to April 2021 first strike on Japanese target

The Maui ransomware that has been used against US healthcare operations has been linked to Andariel, a North Korean state-sponsored threat with links to the notorious Lazarus Group.…

Categories: News

Google's bug bounty boss: Finding and patching vulns? 'Totally useless'

The Register - Wed, 10/08/2022 - 17:00
Disclosing exploits, however, will earn you $100k

Simply finding vulnerabilities and patching them "is totally useless," according to Google's Eduardo Vela, who heads the cloud giant's product security response team.…

Categories: News

Cloudflare: Someone tried to pull the Twilio phishing tactic on us too

The Register - Wed, 10/08/2022 - 15:23
Attack was foiled by content delivery network's hardware security keys

Cloudflare says it was subject to a similar attack to one made on comms company Twilio last week, but in this case it was thwarted by hardware security keys that are required to access applications and services.…

Categories: News

Businesses should dump Windows for the Linux desktop

The Register - Wed, 10/08/2022 - 11:32
It makes perfect sense for enterprises as well as enthusiasts. Just ask GitLab

Opinion  I've been preaching the gospel of the Linux desktop for more years than some of you have been alive. However, unless you argue that the Linux desktop includes Android smartphones and ChromeOS laptops, there will be no year of the Linux desktop.…

Categories: News

Patch Tuesday: Yet another Microsoft RCE bug under active exploit

The Register - Tue, 09/08/2022 - 22:51
Oh, and that critical VMware auth bypass vuln? Miscreants found it, too

August Patch Tuesday clicks off the week of hacker summer camp in Las Vegas this year, so it's basically a code cracker's holiday too. …

Categories: News

APIC fail: Intel 'Sunny Cove' chips with SGX spill secrets

The Register - Tue, 09/08/2022 - 18:00
AMD Zen chips, meanwhile, are vulnerable to side-channel data scrying

A group of computer scientists has identified an architectural error in certain recent Intel CPUs that can be abused to expose SGX enclave data like private encryption keys.…

Categories: News

Malicious deepfakes used in attacks up 13% from last year, VMware finds

The Register - Tue, 09/08/2022 - 16:11
Plus: Crooks swimming around your network, looking for a way in, says Incident Response Threat Report

Security teams are facing down more cyberattacks following Russia's invasion of Ukraine, and sophisticated crooks are using double-extortion techniques and, increasingly, deepfakes in their strikes.…

Categories: News

Microsoft's fix for 'data damage' risk hits PC performance

The Register - Tue, 09/08/2022 - 14:30
'AES-based operations might be two times slower' without latest updates

Microsoft has warned that Windows devices with the newest supported processors might be susceptible to data damage, noting the initial fix might have slowed operations down for some.…

Categories: News

Chinese scammers target kids with promise of extra gaming hours

The Register - Tue, 09/08/2022 - 03:45
Cyberspace regulator's fraud report finds all is not well behind the Great Firewall

Fraudsters in China have targeted a child with promises of allowing them to get around the nation's time limits on playing computer games – for a mere $560, according to the nation's cyberspace administration. Yesterday the CAC detailed some of the 12,000 acts of online fraud perpetrated against minors it handled this year.…

Categories: News

China-linked spies used six backdoors to steal info from defense, industrial enterprise orgs

The Register - Tue, 09/08/2022 - 01:23
We're 'highly likely' to see similar attacks, Kaspersky warned

Beijing-backed cyberspies used specially crafted phishing emails and six different backdoors to break into and then steal confidential data from military and industrial groups, government agencies and other public institutions, according to Kaspersky researchers.…

Categories: News


Subscribe to Sec Tec Limited aggregator - News