RSS Feeds: News and Views

KrebsOnSecurity

• Senators Urge FTC to Probe ID.me Over Selfie Data
• When Your Smart ID Card Reader Comes With Malware
• DEA Investigating Breach of Law Enforcement Data Portal
• Microsoft Patch Tuesday, May 2022 Edition
• Your Phone May Soon Replace Many of Your Passwords

Internet Security Alliance

• ISA Urges SEC To Take a Different Direction with Cybersecurity Reporting
• INGLIS PROPOSES CYBER SOCIAL CONTRACT: GREAT IDEA! NOW LET’S TALK TERMS
• Regulation of Cybersecurity Has Been Tried and It Doesn’t Work
• Playoffs Time: What Can Cyber Policymakers Learn from the NFL?
• New Year’s Cyber Resolution: Modernize Cyber Law Enforcement

Schneier on Security

• Malware-Infested Smart Card Reader
• Manipulating Machine-Learning Systems through the Order of the Training Data
• The Justice Department Will No Longer Charge Security Researchers with Criminal Hacking
• Forging Australian Driver’s Licenses
• Friday Squid Blogging: Squid Street Art

JMBM Cybersecurity Lawyer Forum

• Facing the Knowledge Gap
• The New Privacy Laws – What You Need to Do Now – Data Minimization
• The Supply Chain Risk Conundrum: Rethinking the Network and Its Risks
• Security Challenges – Three Thoughts for the New Year
• One Big Thing – Data Minimization

Steptoe Cyberblog

• Episode 408: But Was the Sex Viewpoint-Neutral?
• Episode 407: An End to End-to-End Encryption?
• Episode 406: Who Needs Cyberlaw When We Can Have Unicorns and Fairy Dust?
• Episode 405: Google’s Spamgate
• Episode 404: Why Does Google Hate Mothers?

Bank Info Security

Error: Feed has an error or is not valid.

CPO Magazine

• NSA: Sanctions on Russia Having a Positive Effect on Ransomware Attacks, Attempts Down Due to Difficulty Collecting Ransom Payments
• FBI: Hackers Injected Malicious PHP Code Into Online Checkout Pages to Scrape Credit Card Data
• 5 Ways Enterprises Can Protect Their Data, Time, Money, and Infrastructure
• New Data Shows Compliance Falls Short of Protecting Your Organization
• Bad Bot Traffic Report: Almost Half of All 2021 Internet Traffic Was Not Human

Omnistruct

• MSP News – April 1, 2022
• Small Business Entrepreneur Cybersecurity News – April 1, 2022
• Regulations, Frameworks, and Controls – April 1, 2022
• Enterprise Leadership News – April 1, 2022
• Enterprise Technical Security That Matters – April 1, 2022

WeLiveSecurity by eset

• ESET Research Podcast: UEFI in crosshairs of ESPecter bootkit
• 5 reasons why GDPR was a milestone for data protection
• Common NFT scams and how to avoid them
• Cryptocurrency: secure or not? – Week in security with Tony Anscombe
• Sandworm uses a new version of ArguePatch to attack targets in Ukraine

Security Intelligence by IBM

Error: Feed has an error or is not valid.

Naked Security by Sophos

• Who’s watching your webcam? The Screencastify Chrome extension story…
• Poisoned Python and PHP packages purloin passwords for AWS access
• Clearview AI face-matching service fined a lot less than expected
• Mozilla patches Wednesday’s Pwn2Own double-exploit… on Friday!
• Microsoft patches the Patch Tuesday patch that broke authentication

Threatpost

• Cybergang Claims REvil is Back, Executes DDoS Attacks
• Link Found Connecting Chaos, Onyx and Yashma Ransomware
• Zoom Patches ‘Zero-Click’ RCE Bug
• Verizon Report: Ransomware, Human Error Among Top Security Risks
• Fronton IOT Botnet Packs Disinformation Punch

Dark Reading

• Microsoft Unveils Dev Box, a Workstation-as-a-Service
• Broadcom Snaps Up VMware in $61B Deal
• Lacework Announces Layoffs, Restructuring
• Third-Party Scripts on Websites Present a 'Broad & Open' Attack Vector
• Twitter Fined $150M for Security Data Misuse

Ars Technica

• Omnipotent BMCs from Quanta remain vulnerable to critical Pantsdown threat
• Broadcom will pay $61 billion to become the latest company to acquire VMware
• Critical Zoom vulnerabilities fixed last week required no user interaction
• “Tough to forge” digital driver’s license is… easy to forge
• Why it’s hard to sanction ransomware groups

Tech Republic

• Old Python package comes back to life and delivers malicious payload
• Microsoft Defender vs Trellix: EDR software comparison
• NordLayer makes it easy for businesses to add VPN technology to remote workers
• Enjoy greater online freedom with Atlas VPN
• How to develop competency in cyber threat intelligence capabilities

CSHub

• Prevent your organization falling victim to a cloud misconfiguration breach
• Seven cyber hygiene best practices to implement now
• Move beyond basic endpoint detection and response with a managed XDR program
• What to expect from CS Hub’s Global Summit 2022
• Five ransomware attacks in 2022 so far you should know about

The Record

• Spain’s PM vows to reform intelligence services following phone hacking scandal
• Senate confirms Cyber Command deputy, new Navy cyber leader
• Ransomware attack disrupts a range of services in a New Jersey county
• Twitter fined $150 million by FTC for alleged privacy violations
• Conti leaks data stolen during January attack on Oregon county