News
-
DevSecOps plan process
In the DevOps and DevSecOps Introduction, What is DevOps, we reviewed how our security teams overlay onto DevOps for visibility and increased security throughout the software lifecycle. This article explores DevSecOps during the planning phase of the project and why it’s important for developers to be trained on how to help protect the software they…
-
Nearly $9bn Laundered in Cryptocurrency in 2021
Nearly $9bn Laundered in Cryptocurrency in 2021 Threat actors laundered $8.6bn in cryptocurrency last year, although the real figure could be much higher when “non-crypto” crimes are included, according to Chainalysis. The firm provides analysis and investigation software to help shine a light on the murky world of blockchains and decentralized finance (DeFi). Findings from an…
-
QNAP: Act Now to Mitigate DeadBolt Ransomware
QNAP: Act Now to Mitigate DeadBolt Ransomware A leading maker of network-attached storage (NAS) devices is urging customers to upgrade to the latest software version and reconfigure their systems in order to thwart a new ransomware campaign. Taiwan vendor QNAP released a statement yesterday in response to the mounting threat from a new variant known…
-
12 steps to take when there’s an active adversary on your network
CISOs know they must respond quickly and effectively to an incident, yet surveys point to continuing challenges to deliver on that goal. The State of Incident Response 2021 report, from tech companies Kroll, Red Canary and VMware, surveyed more than 400 IS professionals and 100 legal and compliance leaders and found that 45% of them…
-
IT and DevOps Staff More Likely to Click on Phishing Links
IT and DevOps Staff More Likely to Click on Phishing Links IT staff are more likely to click on phishing links and are often worse at reporting threats than their peers elsewhere in the organization, according to new research from F-Secure. The security vendor tested over 82,000 participants from four organizations to compile its study, To Click…
-
North Korea Loses Internet in Suspected Cyber-Attack
North Korea Loses Internet in Suspected Cyber-Attack North Korea has experienced an internet outage that may have been caused by a cyber-attack. The country lost internet access for approximately six hours on Wednesday morning local time. The incident was the second outage to hit North Korea in the past two weeks. Junade Ali, a cybersecurity researcher who…
-
Mac webcam hijack flaw wins man $100,500 from Apple
An independent researcher has received a $100,500 bug bounty from Apple after discovering a security hole in the company’s Safari browser for macOS that could allow a malicious website to hijack accounts and seize control of users’ webcams. Read more in my article on the Hot for Security blog. Read More
-
Mac webcam hijack flaw wins man $100,500 from Apple
An independent researcher has received a $100,500 bug bounty from Apple after discovering a security hole in the company’s Safari browser for macOS that could allow a malicious website to hijack accounts and seize control of users’ webcams. Read more in my article on the Hot for Security blog. Read More
-
2022 Cybersecurity Predictions to Watch Out For
As eventful as 2020 was, 2021 was equal to its predecessor. It was a year that bounced from hope to cautious optimism, then back to disquiet. While some of our cybersecurity predictions for 2021 were accurate, the year came to a close as organizations are forced to address the significant challenges of dealing with the…
-
Smashing Security podcast #259: Techquilibrium and mediocre linguistic escapades
Wordle – good or bad for the world? Whatever your opinion, at least someone wants to spoil players’ fun. Meanwhile, we take a look at the threat mobile phones can pose to your mental health. All this and more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans…