Author: Security on TechRepublic

DevOps is speeding up software release cycles like never before. But according to GitLab’s latest survey, finger-pointing over who should be in charge of security remains an issue – as do some familiar old developer headaches.

Expert discusses the importance of keeping internal computer credentials as safe as your passwords. The need for security never goes away.

More than just passwords, internal computer credentials must also be secured.

Scientists find that blaming employees is counterproductive and suggest creating a safe environment for people to admit their mistakes and learn from them. One company already puts that into practice.

Jack Wallen walks you through the steps of installing both Linux Malware Detection and ClamAV for a reliable one-two punch of malware and virus prevention.

Patched on Qualcomm’s end, the flaw could allow attackers to access your call history and text messages and eavesdrop on your phone conversations, says Check Point Research.

On world password day, data from Onfido serves as a reminder that most people don’t follow password recommendations, probably never will, and that means it’s time to find a new security standard.

A survey from Blackberry finds that IT departments are worried about unpatched devices connecting to corporate networks as offices reopen.

The first Thursday in May is World Password Day. Keeping your data safe isn’t as difficult as you think. Here are some strategies.

Recently seized by the government, the site spoofed an actual company developing a coronavirus vaccine in an effort to steal personal data for malicious purposes.

Even though they both seek common ends, networking and security teams are often at odds with each other, slowing their companies down.

In addition to new blueprints, IBM Security also announced a partnership with the cloud and network security provider Zscaler.

Companies are accelerating their use of the cloud, but should slow down and make sure security is built in from the beginning.

The problem is not the cloud, one expert said. It’s the speed at which companies are moving items to the cloud without considering security controls.

Facebook says it wants to make E2EE the default across all of its messaging platforms, but this will be a gradual process.

Microsoft Research’s Project Freta aims to find invisible malware running on the cloud.

These popular banks are being spoofed in attacks targeting people filing taxes, getting stimulus checks and ordering deliveries, says Check Point.

Someone who knows how can obtain your phone number and email address when you try to share a file from your iPhone, say researchers at the University of Darmstadt.

Before you can use a camera app in Windows 10 you have to allow access to the camera itself. Only then can you allow access to the app. We walk you through it.

Turns out, even the most sci-fi-inspired passwords still need the occasional capital letter and special character splashed in.

Now that you have your Pritunl VPN server up and running, Jack Wallen shows you how to connect the client.

The latest update to Apple’s Big Sur includes critical security patches, which is why Cory Bohon advises upgrading your macOS devices now.

The attack was reportedly pulled off by the Babuk gang, which has already leaked screenshots of some of the stolen data.

The phishing emails use a Microsoft logo within an HTML table, which is not analyzed by security programs, says Inky.

Palo Alto Networks’ cloud-native security suite is getting a bundle of new features to automate VM security and add malware protection to CI/CD workflows, among others.

Sen. Mark Warner was on a panel at a webinar sponsored by the U.S. Chamber of Commerce Tuesday. He said he is optimistic that new legislation will pass making breach notification mandatory.

Security expert publishes coffee table book for cryptographers to explain the science of secrecy.

The spyware tries to steal passwords and other sensitive data and accesses your contact list, warns the U.K.’s National Cyber Security Centre.

Two email campaigns discovered by Armorblox impersonated Chase in an attempt to steal login credentials.

The targets of the latest attacks are C-suite executives in the video game industry, says BlackCloak.

Commentary: It’s not really very interesting that University of Minnesota researchers introduced bugs into the Linux kernel. What matters is what would have happened next.

The benefits of working remotely are numerous, but studies are finding there are significant hidden costs that need to be factored in.

Every new presidential administration brings change, one way or another. Learn what President Joseph Biden is facing on the cybersecurity front, along with some tips for government and businesses.

Gartner research finds that only 11% of companies have resumed travel or plan to within the next six months.

With a stalkerware app on your phone, another person can spy on your activities and view your personal information, Kaspersky says.

Jack Wallen tries out the Firewalla Gold to see if it’s worthy of serving as your work-from-home security device.

The Lazarus group had a busy 2020, and 2021 is shaping up to be another devastatingly productive year for one of the most dangerous hacking groups on the planet.

The now-patched vulnerability could have allowed attackers to scan a company’s internal network and gain access to sensitive data, says Positive Technologies.

The Stanford Internet Observatory alleged that the Chinese government may have had access to audio data from Clubhouse. Here’s what users should know.

Two developers, sponsored by Google, will dedicate their time to addressing vulnerabilities in the Linux kernel as part of a wider effort to improve the security of open-source software.

A new FlexJobs survey reveals 14 of the most common–and successful–job-search scams. Here’s how to identify them and not become a victim.

One in four remote workers reuses work credentials on consumer sites, but IT isn’t doing them any favors by reportedly failing to provide essential protection while away from the office.

To better combat cyberattacks, prevention is better than detection, says Check Point Software.

Understanding the nature of the latest threats can help you identify shifts in tactics and techniques, prioritize security resources and test the most likely scenarios, says IBM X-Force.

As more organizations migrate to the cloud, cybercriminals are taking advantage of the vulnerabilities in online apps, says Netskope.

Attackers used an outdated File Transfer Appliance from Accellion to gain access to data, the company said.

BlackBerry researchers see more double-extortion ransomware attacks, attackers demanding ransom from healthcare patients, and rising bitcoin prices driving the growth of ransomware.

A new survey of tech decision makers finds that security concerns are high and trust is low when it comes to artificial intelligence.

Protecting the U.S. power grid from serious outages, like the one following a 2021 winter storm in Texas, will require a better use of data analytics, modeling and policy making says industry expert.

Rob Robinson, client partner in utilities practice for Capgemini, talks with TechRepublic about what the catastrophic outages in Texas should teach us about predicting threats to U.S. the power grid.

DDoS, SQL injection, and man-in-the-middle are just a few of the attacks that can compromise your network. Tom Merritt lists five things to know about network attacks.

DDoS, SQL injection and man-in-the-middle are just a few of the attacks that can compromise your network. Tom Merritt lists five things to know about network attacks.

These eight online courses teach the fundamentals you need to pass various IT and cybersecurity certification exams from Cisco and CompTIA.

With the shift to remote learning, schools are facing greater security risks and smaller financial margins, says BlueVoyant.

Most organizations don’t give the same thought and attention to their non-human workers, such as bots, RPAs and service accounts, as they do human workers and identity lifecycles.

A study on CIO and CISO prioritization showed these two areas are most important this year. Cloud security is another area high on their lists.

Team8 surveyed cybersecurity leaders to find out where they will spend their money in 2021.

Known as Silver Sparrow, the malware’s intent is still unknown as it has yet to deliver an actual payload, says security firm Red Canary.

Enterprise VPNs are critical for connecting remote workers to company resources via reliable and secure links to foster communication and productivity. Read about six viable choices for businesses.

With the free version of LastPass now limiting where you can sync your passwords, here are a few other options.

Accurics analyzed cloud-native configurations over the last 7 months to identify ongoing and new threats.

A week-long outage for Kia is reportedly connected to a ransomware attack from the DoppelPaymer gang, says BleepingComputer.

Hackers are now sending messages that hide fake links in the HTTP prefix, bypassing email filters, says security firm GreatHorn.

If you need to gather information on user logins for your Linux servers, Jack Wallen has just the tool for you.

Scammers are impersonating the IRS with emails carrying the subject line “Verifying your EFIN before e-filing.”

According to Forrester, ZTE will be most helpful with securing and enabling remote workers while removing the difficult user VPNs.

Jack Wallen shows you how to gain a bit more security on your Linux servers by blocking users from adding cron jobs.

The Dark Web allows cybercriminals to create a Cyber Attacks-as-a-Service ecosystem that outmaneuvers security defenses. Here are tips on how businesses can try to thwart cybercrime.

In a webinar Wednesday, former US Homeland Security director Christopher Krebs also suggested organizations have COVID workforce coordinators and that cloud mail providers activate MFA by default.

This comprehensive guide covers everything you need to know about password management app LastPass, including recent restrictions on free accounts.

The security company found that 85% of workers spend up to five hours a week watching YouTube, listening to podcasts, or exercising during work hours.

Machine learning is helpful to many organizations in the tech industry, but it can have a downside. Tom Merritt lists five things to know about adversarial attacks.

Information protection makes sure that only people with permissions see data in Power BI, while retaining the ability to share top-level trends, balancing productivity and security.

Machine learning is helpful to many organizations in the tech industry, but it can have a downside. Tom Merritt lists five things to know about adversarial attacks.

A panel of experts considers the best methods for safe domestic and international air travel including proof of testing, vaccination passports, and digital health passes.

Analysts from Trend Micro rate DDoS attacks and electronic jamming as some of the highest cybersecurity risks for connected cars.

Spyware activity spiked in 2020, and the malware-as-a-service business model got more sophisticated.

To keep your Linux servers and desktops as secure as possible, you should check for (and remove) legacy communication services. Jack Wallen shows you how.

Multiple senators have demanded a hearing on what court officials know about the hackers’ access to sensitive filings. The effects could make accessing documents harder for lawyers.

Agile thinking is important in dealing with cyberattacks. Read one psychologist’s tips for cybersecurity professionals on how to adapt and stop the attackers.

Cybersecurity insurance can compensate you in the event of a cyberattack. But how do you determine the right policy for your needs?

When workers need to get things done in a dangerous locale, sometimes they have to be distant. This opens up plenty of cybersecurity hazards. We spoke with one expert about how to achieve that security.

Developers must stop saving secrets in code. One way to avoid that is to use HashiCorp’s Vault. Jack Wallen shows you how to install this tool and take your first steps in its usage.

21 of the 24 dating apps examined were tagged with the “*Privacy Not Included” warning label.

Malware designed to steal log-in information saved in browsers has infected 16 million computers and swiped credentials for up to 174,800 accounts.

Malicious Valentine’s Day-themed phishing campaigns are up 29% from last year, according to Check Point Research.

A new breach analysis from CI Security found that cybercriminals are going after medical billing and insurance companies.

While it’s logical to assume seniors would be primary targets, a new report revealed that millennials were actually the most targeted demographic group of the more than 50 billion spam calls made in 2020.

All users of Plex Media Server are urged to apply the hotfix, which directs their servers to respond to UDP requests only from the local network and not the public internet.

Local officials said someone took over their TeamViewer system and dangerously increased the levels of lye in the town’s water.

IT teams should look for services with automatic alerts about user behavior, logging, scalability, and central management.

Active accounts for people who have left your organization can make exploitation easy, according to Sophos.