Security News > 2022 > June

Hertzbleed is a new side-channel attack that works against a variety of microprocressors. Deducing cryptographic keys by analyzing power consumption has long been an attack, but it's not generally viable because measuring power consumption is often hard.

Hartzbleed is a new side-channel attack that works against a variety of microprocressors. Deducing cryptographic keys by analyzing power consumption has long been an attack, but it's not generally viable because measuring power consumption is often hard.

Taiwan-based QNAP Systems is warning consumers and organizations using their network-attached storage appliances of a new DeadBolt ransomware campaign. Since NAS devices are often accessible remotely via the internet, criminals usually leverage software/firmware vulnerabilities or brute-force admin account passwords to gain access to them, pilfer and encrypt the files on them, then ask for a ransom to restore them.

Have you got a few of those special people who can deal quickly and efficiently with any "Incident", preventing it escalating into a full-blown crisis. The fact is you can't rely on a few heroes to keep your organization running when an incident occurs.

Bitwarden announced the results of a global survey of enterprise security decision makers, conducted by 451 Research, which explores enterprise password management practices and intent. Weak passwords are vulnerable to password theft or compromise, which has led the enterprise to complement passwords with strategies such as OTP, email verification codes, SMS, or biometric factors.

Insurance exists to protect the insured party against catastrophe, but the insurer needs protection so that its policies are not abused - and that's where the fine print comes in. In the case of ransomware insurance, the fine print is becoming contentious and arguably undermining the usefulness of ransomware insurance.

Kubernetes is a very important technology in the marketplace because vendors, ISVs, end users and enterprises are all able to come together and use this common infrastructure substrate to build their product on. In this video for Help Net Security, Alex Jones, Director of Kubernetes Engineering at Canonical, talks about properly adopting and managing Kubernetes in production.

Considering the increase in attacks on nonprofits and the level of classified information such organizations handle, one would expect board members to be fully aware of and to embrace best practices for digital projects and transformation and to mitigate operational risk. The solution is modern governance, which empowers organizations with the tools they need to safeguard data, streamline collaboration, and ultimately, drive better decision-making.

SMEs are most commonly using MSPs to support their internal IT team, though almost one-third use one to completely manage the IT program. SMEs rely most heavily on MSPs for cloud storage, system security, system management, and system monitoring.

India's government last week issued confidential information security guidelines to the 30 million plus workers it employs - and as if to prove a point, the document quickly leaked on a government website. The document, and the measures it contains, suggest infosec could be somewhat loose across India's government sector.