The proportion of employees with low or very low competence in IT security is rising significantly. Only 27 percent consider themselves to have a high or very high level of competence.
TECHNOLOGY POWERING BUSINESS
Security
Secure Self-Hacking For Vulnerability Detection
Free tool for vulnerability and risk detection of data exfiltrations via DNS.
Twitter: Data Leak Not Due to System Error
However, a small part of the currently offered data originates from an earlier security incident. Twitter assumes that the leak was compiled from sources already publicly available.
Crypto-Inspired Magecart Skimmer
Malwarebytes has discovered a skimmer that uses the "Mr.SNIFFA" framework and targets e-commerce websites and their customers.
Vulnerabilities in the Medical IT Infrastructure
Serious security vulnerabilities in the medical sector. Hospitals are increasingly falling victim to cyberattacks.
LastPass: Hackers Also Capture Customers’ Password Safes
The safes also contain non-encrypted data. However, these are in a proprietary format. LastPass emphasizes that all passwords are secured by 256-bit AES encryption.
How Companies Accelerate Detection and Response
After a network intrusion, it usually takes cybercriminals eleven days to capture or encrypt data, warns Wolfgang Kurz of indevis.
High-Security, Quantum-Resistant Networks
Munich Quantum Network at the University of the Federal Armed Forces Munich achieves milestone with newly developed key management system.
The Most Popular German Password 2022 is: 123456
The Hasso Plattner Institute (HPI) has been warning about the risks of weak passwords for years, and every year it produces a ranking of the most commonly used passwords.
Microsoft Closes Six Critical Security Gaps
The December patchday also brings a fix for a zero-day vulnerability. In total, Microsoft eliminates 56 vulnerabilities. Windows, Edge, Office, SharePoint, Azure and Hyper-V are among those affected.
Trends Episode 8: Security by Design and Deepfakes
Hybrid work models will become the gateway for criminals to enter corporate networks.
Trends Episode 7: Even Attackers Make Mistakes
2023 is a good year to start a cybercrime career. Internet marketplaces offer stolen credentials and ready-made ransomware.
Cyber Deception – One of the Most Powerful IT Security Approaches
Cyber-Deception is one of the most effective and powerful approaches the computer security industry has perhaps ever seen.
Apple Announces New Privacy Features for the Cloud
In the future, Apple will also offer end-to-end encryption for backups and photos. In addition, the Apple ID will support hardware security keys starting next year.
Europe Faces a New Wave of Cyber Attacks in 2023
Mandiant forecast assumes cyber operations due to energy crisis and Russian war of aggression.
Cybersicherheit: Unternehmen schätzen Verbraucher falsch ein
Umfrage zeigt, wie unterschiedlich Endnutzer und IT-Entscheider in puncto Datensicherheit ticken – und was daraus für die IT-Security folgt.
The Cloud in Crisis Mode
How are the current crises affecting the cloud and its security? An interview with Soeren von Varchmin, Chairman of the Advisory Board CloudFest.
BlackByte: Ransomware Disables Security Software
The cyber extortionists exploit a known vulnerability in a Windows graphics driver. They then manipulate drivers of anti-virus software. This way, the BlackByte group can access systems of its victims undisturbed.
13 Million Installs: Malicious Apps Discovered in Play Store and App Store
They are part of a large-scale malvertising campaign. 75 apps find their way into the Play Store. 10 more apps make it into the Play Store.
Hacker Penetrates Uber IT Systems
The hacker gained access to vulnerability reports and shared screenshots of internal systems, the email dashboard, and Slack server.
Risks and Side Effects of Missing Security Measures
Recent study by Mimecast highlights level of security threats in healthcare.
Forced to Use Original Printer Cartridges: HP Compensates Customers
A security function blocks third-party printer cartridges. HP is retrofitting the function to some printers via a firmware update. So far, only customers in Belgium, Italy, Spain and Portugal are receiving compensation.
Know Your Opponent
In his guest article, Yaroslav Rosomakho from Netskope explains how cybercriminals work and how companies can arm themselves against them.
Microsoft Warns of Possible Data Loss on Windows Systems with Current CPUs
Windows computers that support the VAES instruction set are affected. An update temporarily reduces the performance of AES-based operations significantly.
CISA and ASCS Publish the Most Important Malware Variants in 2021
The top malware strains include remote access Trojans (RATs), banking Trojans, info stealers and ransomware.
The Awakening of LNK Files
HP Wolf Security Report reveals new techniques and phishing lures used to deceive employees.
Sophos: Automotive Supplier Falls Victim to Cyber Extortionists Three Times
Groups LockBit, Hive and BlackCat compromised the network within about two weeks. Apparently, they each use the same hacked RDP connection. Only after the third attack the company approached Sophos for help.
Cisco Reports Hacker Attack
Unknown persons penetrate the company's network. Beforehand, they hacked the Google account of a Cisco employee and obtained VPN access data. The ransomware group Yanluowang claims responsibility for the attack.
Google Patches 77 Security Holes in Android
The August patchday brings fixes for five critical vulnerabilities. All supported Android versions up to and including Android 12 and 12L are vulnerable. Samsung starts distributing the August updates already in July.
Mobile Security Index: Cyber Risk Increases Due to Hybrid, Mobile Working
Three quarters of respondents believe recent changes in working practices have had a negative impact on their company's cyber security.