Cracked it! Highlights from KringleCon 5: Golden RingsLearning meets fun at the 2022 SANS Holiday Hack Challenge – strap yourself in for a crackerjack ride at...
Month: January 2023
StrongPity espionage campaign targeting Android users
StrongPity espionage campaign targeting Android usersESET researchers identified an active StrongPity campaign distributing a trojanized version of the Android Telegram app, presented as the Shagle app...
If governments are banning TikTok, why is it still on your corporate devices?
If governments are banning TikTok, why is it still on your corporate devices?TikTok, the viral app resident on millions of devices, was recently banned from executive...
Now you can legally repair your tech – sort of
Now you can legally repair your tech – sort ofA new law portends a future where (we hope) it will be easier for us all to...
India’s Digital Personal Data Protection Bill: What works, what it lacks
India’s Digital Personal Data Protection Bill: What works, what it lacksA new draft of India’s data protection bill is set to be debated in Parliament, but...
Introducing IPyIDA: A Python plugin for your reverse‑engineering toolkit
Introducing IPyIDA: A Python plugin for your reverse‑engineering toolkitESET Research announces IPyIDA 2.0, a Python plugin integrating IPython and Jupyter Notebook into IDA The post Introducing...
Intel boosts VM security, guards against stack attacks in new Xeon release
Intel boosts VM security, guards against stack attacks in new Xeon releaseIntel today announced the rollout of the fourth generation of its Xeon family of server...
Data leak exposes information of 10,000 French social security beneficiaries
Data leak exposes information of 10,000 French social security beneficiaries[Editor's note: This article originally appeared on the Le Monde Informatique website.] More than 10,000 beneficiaries of...
Study shows attackers can use ChatGPT to significantly enhance phishing and BEC scams
Study shows attackers can use ChatGPT to significantly enhance phishing and BEC scamsSecurity researchers have used the GPT-3 natural language generation model and the ChatGPT chatbot...
Cybercriminals bypass Windows security with driver-vulnerability exploit
Cybercriminals bypass Windows security with driver-vulnerability exploitThe Scattered Spider cybercrime group has recently been observed attempting to deploy a malicious kernel driver using a tactic called...
Cybersecurity spending and economic headwinds in 2023
Cybersecurity spending and economic headwinds in 2023Now that everyone, their brother, sister, and dog have chimed in on cybersecurity predictions for 2023, here are a few...
CloudSek launches free security tool that helps users win bug bounty
CloudSek launches free security tool that helps users win bug bountyCybersecurity firm CloudSek has launched BeVigil, a tool that can tell users how safe the apps...
How to prioritize effectively with threat modeling
How to prioritize effectively with threat modelingCrisis? What Crisis! Webinar How does your security team prioritize work? When a new attack from a state actor hits...
Multiple Global Car Brands Discovered to Have API Vulnerabilities
Multiple Global Car Brands Discovered to Have API VulnerabilitiesConnected cars are a way of life for millions, but that also means they provide additional attack vectors...
USENIX Security ’22 – Theresa Stadler, Bristena Oprisanu, Carmela Troncoso – ‘Synthetic Data – Anonymisation Groundhog Day’
USENIX Security ’22 – Theresa Stadler, Bristena Oprisanu, Carmela Troncoso – ‘Synthetic Data – Anonymisation Groundhog Day’Our thanks to USENIX for publishing their Presenter’s USENIX Security...
Why You Need Continuous Password Monitoring for True Protection
Why You Need Continuous Password Monitoring for True ProtectionSome free password policy tools out there tout password protection without actively monitoring if user credentials become compromised...
Why These CAPTCHAs Don’t Work
Why These CAPTCHAs Don’t WorkWhy These CAPTCHAs Just Don’t Work Over the past four years, I’ve been the lead technical artist here at Arkose Labs. It...
Data Security: Your Ultimate Duty to Your Online Customer
Data Security: Your Ultimate Duty to Your Online CustomerRetail business leaders deal with many risks that threaten their businesses' economic stability and viability. And while physical...
ReversingLabs Threat Analysis and Hunting Solution January 2023 Update: Driving SecOps Forward
ReversingLabs Threat Analysis and Hunting Solution January 2023 Update: Driving SecOps Forward Learn how your organization can reduce cyber risks (as well as operational workload and...
Best Practices in Dependency Management: Cooking a Meal of Gourmet Code
Best Practices in Dependency Management: Cooking a Meal of Gourmet Code The post Best Practices in Dependency Management: Cooking a Meal of Gourmet Code appeared...
Tesla “Solar Factory” Implicated in FSD Fraud: Workers Directed to Classify Images for Driving
Tesla “Solar Factory” Implicated in FSD Fraud: Workers Directed to Classify Images for DrivingElon Musk launched the Tesla concept for chargers as solar powered. He promised...
Digital Trust Digest: This Week’s Must-Know News
Digital Trust Digest: This Week’s Must-Know NewsThe Digital Trust Digest is a curated overview of the week’s top cybersecurity news. Here's what happened the week of...
Step on It: What to Know About TISAX Compliance in the Automotive Market
Step on It: What to Know About TISAX Compliance in the Automotive MarketThe automotive industry is one of the largest in the world, with sales estimated...
Naked Security 33 1/3 – Cybersecurity predictions for 2023 and beyond
Naked Security 33 1/3 – Cybersecurity predictions for 2023 and beyondThe problem with anniversaries is that there's an almost infinite number of them every day...Leer másNaked SecurityThe...
PyTorch: Machine Learning toolkit pwned from Christmas to New Year
PyTorch: Machine Learning toolkit pwned from Christmas to New YearThe bad news: the crooks have your SSH private keys. The good news: only users of the...
Inside a scammers’ lair: Ukraine busts 40 in fake bank call-centre raid
Inside a scammers’ lair: Ukraine busts 40 in fake bank call-centre raidWhen someone calls you up to warn you that your bank account is under attack...
S3 Ep116: Last straw for LastPass? Is crypto doomed? [Audio + Text]
S3 Ep116: Last straw for LastPass? Is crypto doomed? [Audio + Text]Lots of big issues this week: breaches, encryption, supply chains and patching problems. Listen now!...
Serious Security: How to improve cryptography, resist supply chain attacks, and handle data breaches
Serious Security: How to improve cryptography, resist supply chain attacks, and handle data breachesLessons for us all: improve cryptography, fight cybercrime, own your supply chain... and...
RSA crypto cracked? Or perhaps not!
RSA crypto cracked? Or perhaps not!Stand down from blue alert, it seems... but why not plan your cryptographic agility anyway?Leer másNaked SecurityStand down from blue alert,...
CircleCI – code-building service suffers total credential compromise
CircleCI – code-building service suffers total credential compromiseThey're saying "rotate secrets"... in plain English, they mean "change your credentials". The company has a tool to help...