Dark Reading
OCTOBER 4, 2022
Responding to cyberattacks is extraordinarily stressful, but better planning, frequent practice, and the availability of mental health services can help IR professionals, a survey finds.
Schneier on Security
OCTOBER 3, 2022
This is interesting research : In this paper, we develop a new mechanism for detecting audio deepfakes using techniques from the field of articulatory phonetics. Specifically, we apply fluid dynamics to estimate the arrangement of the human vocal tract during speech generation and show that deepfakes often model impossible or highly-unlikely anatomical arrangements.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Krebs on Security
OCTOBER 5, 2022
A recent proliferation of phony executive profiles on LinkedIn is creating something of an identity crisis for the business networking site, and for companies that rely on it to hire and screen prospective employees. The fabricated LinkedIn identities — which pair AI-generated profile photos with text lifted from legitimate accounts — are creating major headaches for corporate HR departments and for those managing invite-only LinkedIn groups.
Joseph Steinberg
OCTOBER 6, 2022
A jury yesterday found former Uber security chief Joe Sullivan guilty of covering up a massive data breach; the conviction makes Sullivan likely to become the first executive to face prison time over the mishandling of a cyberattack. According to The New York Times , in 2016, while the Federal Trade Commission (FTC) was investigating an earlier breach of Uber’s computer systems, Sullivan learned of a subsequent compromise that affected more than 57 million Uber accounts.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Troy Hunt
OCTOBER 7, 2022
Geez it's nice to be home 😊 It's nice to live in a home that makes you feel that way when returning from a place as beautiful as Bali 😊 This week's video is dominated by the whole discussion around this tweet: I love that part of the Microsoft Security Score for Identity in Azure improves your score if you *don't* enforce password rotation, what a sign of the times!
Schneier on Security
OCTOBER 4, 2022
An ex-NSA employee has been charged with trying to sell classified data to the Russians (but instead actually talking to an undercover FBI agent). It’s a weird story, and the FBI affidavit raises more questions than it answers. The employee only worked for the NSA for three weeks—which is weird in itself. I can’t figure out how he linked up with the undercover FBI agent.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Tech Republic Security
OCTOBER 7, 2022
SecureWorks found that business email compromise still generates huge revenues for cybercriminals, while cyberespionage activities tend not to change so much. The post 2022 State of the Threat: Ransomware is still hitting companies hard appeared first on TechRepublic.
Bleeping Computer
OCTOBER 3, 2022
Microsoft has shared mitigations for two new Microsoft Exchange zero-day vulnerabilities tracked as CVE-2022-41040 and CVE-2022-41082, but researchers warn that the mitigation for on-premise servers is far from enough. [.].
Security Boulevard
OCTOBER 1, 2022
There has been significant growth in organizations deploying private blockchain technology. But despite its reputation, it is essential not to assume blockchain is secure just because it relies on cryptography. An appropriate security design with controls that addresses an organization’s acceptable risk should be applied and reviewed before deploying blockchain to a production environment.
CSO Magazine
OCTOBER 4, 2022
Employees are often warned about the data exposure risks associated with the likes of phishing emails, credential theft, and using weak passwords. However, they can risk leaking or exposing sensitive information about themselves, the work they do, or their organization without even realizing. This risk frequently goes unexplored in cybersecurity awareness training, leaving employees oblivious to the risks they can pose to the security of data which, if exposed, could be exploited both directly a
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Tech Republic Security
OCTOBER 4, 2022
Today’s ransomware groups act like regular businesses with PR and advertising, escrow services and even customer support, says Cybersixgill. The post How ransomware gangs operate like legitimate businesses appeared first on TechRepublic.
Bleeping Computer
OCTOBER 4, 2022
The U.S. Government today released an alert about state-backed hackers using a custom CovalentStealer malware and the Impacket framework to steal sensitive data from a U.S. organization in the Defense Industrial Base (DIB) sector. [.].
SecureList
OCTOBER 7, 2022
Targeted attack attribution is always a tricky thing, and in general, we believe that attribution is best left to law enforcement agencies. The reason is that, while in 90%, it is possible to understand a few things about the attackers, such as their native language or even location, the remaining 10% can lead to embarrassing attribution errors or worse.
Security Affairs
OCTOBER 3, 2022
The Finnish Security Intelligence Service ( SUPO ) warns Russia will highly likely intensify its cyber activity over the winter. The Finnish Security Intelligence Service ( Suojelupoliisi or SUPO ) warn of a highly likely intensification of cyberespionage activities conducted by Russia-linked threat actors over the winter. According to the SUPO, future NATO membership will make the country a privileged target for Russian intelligence and influence operations.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Tech Republic Security
OCTOBER 1, 2022
Number one on Skillsoft's 2022 list of top-paying IT certs is AWS Certified Solutions Architect Professional, with an annual salary of $168,080. The post 15 highest-paying certifications for 2022 appeared first on TechRepublic.
Bleeping Computer
OCTOBER 1, 2022
Germany's Bundeskriminalamt (BKA), the country's federal criminal police, carried out raids on the homes of three individuals yesterday suspected of orchestrating large-scale phishing campaigns that defrauded internet users of €4,000,000. [.].
SecureList
OCTOBER 4, 2022
While performing regular threat hunting activities, we identified multiple downloads of previously unclustered malicious Tor Browser installers. According to our telemetry, all the victims targeted by these installers are located in China. As the Tor Browser website is blocked in China, individuals from this country often resort to downloading Tor from third-party websites.
eSecurity Planet
OCTOBER 1, 2022
Vietnamese security firm GTSC published a blog post this week warning of a new zero-day remote code execution (RCE) flaw in Microsoft Exchange Server, which it said has been actively exploited at least since early August. GTSC submitted the vulnerability to the Zero Day Initiative , which verified two flaws on September 8 and 9: ZDI-CAN-18333 and ZDI-CAN-18802, with CVSS scores of 8.8 and 6.3, respectively.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Tech Republic Security
OCTOBER 6, 2022
Targeting more than 21,000 users, the phishing email managed to bypass Microsoft Exchange email security, says Armorblox. The post Phishing attack spoofs Zoom to steal Microsoft user credentials appeared first on TechRepublic.
Bleeping Computer
OCTOBER 5, 2022
Microsoft has updated the mitigation for the latest Exchange zero-day vulnerabilities tracked as CVE-2022-41040 and CVE-2022-41082, also referred to ProxyNotShell. [.].
CyberSecurity Insiders
OCTOBER 3, 2022
LinkedIn has publicly announced that for some reasons, its servers are being targeted by fake CISO Profiles that disclose vacant positions at large multinational companies. However, the profiles when probed are found to be fake and being targeted from Asian & African countries that have nothing to do with the company operations or vacancies. Krebs On Security received this update from the professional social media giant and initiated an inquiry along with the public disclosure.
Security Boulevard
OCTOBER 4, 2022
With modern software development reliant on third-party sources — and attacks surging on that supply chain — Gartner expects adoption of software bills of material (SBOM) to go from less than 5% now to 60% in 2025. . The post Gartner explains why SBOMs are critical to software supply chain security management appeared first on Security Boulevard.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Tech Republic Security
OCTOBER 3, 2022
Cloudflare celebrates its 12th anniversary with the launch of a Zero Trust SIM, an IoT security platform and a Botnet Threat Feed. The post Cloudflare shows flair with new products for mobile and IoT security appeared first on TechRepublic.
Bleeping Computer
OCTOBER 4, 2022
Scammers are impersonating security researchers to sell fake proof-of-concept ProxyNotShell exploits for newly discovered Microsoft Exchange zero-day vulnerabilities. [.].
Quick Heal Antivirus
OCTOBER 6, 2022
SOVA is an Android banking Trojan with significant capabilities like credential theft, capturing keystrokes, taking screenshots, etc., The post Beware: SOVA Android Banking Trojan emerges more powerful with new capabilities appeared first on Quick Heal Blog | Latest computer security news, tips, and advice.
Security Boulevard
OCTOBER 1, 2022
Software supply chains are vital, especially in the modern economy where businesses must compete against each other to ensure continuous delivery for end users and clients. Without a secure and efficient software supply chain, your company will find it difficult to keep up with competitors, produce software on time and protect itself (and end users).
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Tech Republic Security
OCTOBER 4, 2022
Cloud security solutions continue to emerge as threats to cloud resources evolve. However, what are the common trends to look out for in cloud security in the coming years? Let's find out. The post Top 5 trends to watch in cloud security appeared first on TechRepublic.
Thales Cloud Protection & Licensing
OCTOBER 4, 2022
Cybersecurity Awareness Month: Resilient Multi-factor Authentication (MFA) and Strong Passwords. divya. Tue, 10/04/2022 - 05:20. Historically, October has always been an important month for the cybersecurity community and a month of major cybersecurity events. So in 2004, the President of the United States designated October as Cybersecurity Awareness Month.
CSO Magazine
OCTOBER 5, 2022
Every entity should have an information technology asset disposal (ITAD) program as part of its information security process and procedure. Indeed, every time an IT asset is purchased, the eventual disposal of that asset should already be defined within an ITAD. When one doesn’t exist, data becomes exposed, compromises occur, and in many cases, fines are levied.
Security Affairs
OCTOBER 1, 2022
Microsoft confirmed that two recently disclosed zero-day flaws in Microsoft Exchange are being actively exploited in the wild. Microsoft confirmed that two zero-day vulnerabilities in Microsoft Exchange recently disclosed by researchers at cybersecurity firm GTSC are being actively exploited in the wild. The IT giant has promptly started the investigation into the two zero-day vulnerabilities that impacts Microsoft Exchange Server 2013, 2016, and 2019.
Speaker: William Hord, Vice President of ERM Services
A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.
Expert insights. Personalized for you.
132 
Let's personalize your content