Schneier on Security
OCTOBER 17, 2022
Suspected members of a European car-theft ring have been arrested : The criminals targeted vehicles with keyless entry and start systems, exploiting the technology to get into the car and drive away. As a result of a coordinated action carried out on 10 October in the three countries involved, 31 suspects were arrested. A total of 22 locations were searched, and over EUR 1 098 500 in criminal assets seized.
Krebs on Security
OCTOBER 20, 2022
On October 10, 2022, there were 576,562 LinkedIn accounts that listed their current employer as Apple Inc. The next day, half of those profiles no longer existed. A similarly dramatic drop in the number of LinkedIn profiles claiming employment at Amazon comes as LinkedIn is struggling to combat a significant uptick in the creation of fake employee accounts that pair AI-generated profile photos with text lifted from legitimate users.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Tech Republic Security
OCTOBER 17, 2022
A slew of new Asana capabilities are geared toward enhancing reporting, decreasing duplicate cross-functional work and costs, and strengthening security. The post Asana launches enterprise-level workplace tools for prioritization and planning appeared first on TechRepublic.
Bleeping Computer
OCTOBER 15, 2022
Almost 900 servers have been hacked using a critical Zimbra Collaboration Suite (ZCS) vulnerability, which at the time was a zero-day without a patch for nearly 1.5 months. [.].
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Schneier on Security
OCTOBER 18, 2022
Everyone visiting Qatar for the World Cup needs to install spyware on their phone. Everyone travelling to Qatar during the football World Cup will be asked to download two apps called Ehteraz and Hayya. Briefly, Ehteraz is an covid-19 tracking app, while Hayya is an official World Cup app used to keep track of match tickets and to access the free Metro in Qatar.
Krebs on Security
OCTOBER 18, 2022
When people banking in the United States lose money because their payment card got skimmed at an ATM , gas pump or grocery store checkout terminal , they may face hassles or delays in recovering any lost funds, but they are almost always made whole by their financial institution. Yet, one class of Americans — those receiving food assistance benefits via state-issued prepaid debit cards — are particularly exposed to losses from skimming scams, and usually have little recourse to do an
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
eSecurity Planet
OCTOBER 18, 2022
For any organization struck by ransomware , business leaders always ask “how do we decrypt the data ASAP, so we can get back in business?”. The good news is that ransomware files can be decrypted. The bad news is it doesn’t work most of the time: Paid ransom decryption tools and keys don’t always work. Free decryption tools don’t always work. Paid decryption tools don’t always work.
Schneier on Security
OCTOBER 21, 2022
Machine learning security is extraordinarily difficult because the attacks are so varied—and it seems that each new one is weirder than the next. Here’s the latest: a training-time attack that forces the model to exhibit a point of view: Spinning Language Models: Risks of Propaganda-As-A-Service and Countermeasures.” Abstract: We investigate a new threat to neural sequence-to-sequence (seq2seq) models: training-time attacks that cause models to “spin” their outputs
Krebs on Security
OCTOBER 15, 2022
AMLBot , a service that helps businesses avoid transacting with cryptocurrency wallets that have been sanctioned for cybercrime activity, said an investigation published by KrebsOnSecurity last year helped it shut down three dark web services that secretly resold its technology to help cybercrooks avoid detection by anti-money laundering systems. Antinalysis, as it existed in 2021.
Tech Republic Security
OCTOBER 17, 2022
Hybrid cloud has become a popular computing model in recent times. Find out all you need to know, including its features, pros and cons. The post What is hybrid cloud? appeared first on TechRepublic.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
We Live Security
OCTOBER 17, 2022
What can schools, which all too often make easy prey for cybercriminals, do to bolster their defenses and keep threats at bay? The post 5 steps to protect your school from cyberattacks appeared first on WeLiveSecurity.
Bleeping Computer
OCTOBER 15, 2022
Over 45,000 VMware ESXi servers inventoried by Lansweeper just reached end-of-life (EOL), with VMware no longer providing software and security updates unless companies purchase an extended support contract. [.].
Security Affairs
OCTOBER 15, 2022
Palo Alto Networks addressed a high-severity authentication bypass vulnerability affecting the PAN-OS 8.1 software. Palo Alto Networks released security patches to address a high-severity authentication bypass flaw, tracked as CVE-2022-0030 (CVSS score 8.1), impacting the PAN-OS 8.1 software. “An authentication bypass vulnerability in the Palo Alto Networks PAN-OS 8.1 web interface allows a network-based attacker with specific knowledge of the target firewall or Panorama appliance to imper
Tech Republic Security
OCTOBER 19, 2022
Consumer data compliance and privacy are growing in importance. Learn how to automate compliance efforts here. The post Consumers care about their data: Learn how to automate privacy and compliance efforts appeared first on TechRepublic.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
We Live Security
OCTOBER 20, 2022
APT-C-50’s Domestic Kitten campaign continues, targeting Iranian citizens with a new version of the FurBall malware masquerading as an Android translation app. The post Domestic Kitten campaign spying on Iranian citizens with new FurBall malware appeared first on WeLiveSecurity.
Bleeping Computer
OCTOBER 20, 2022
A major Internet cable in the South of France was severed yesterday at 20:30 UTC, impacting subsea cable connectivity to Europe, Asia, and the United States and causing data packet losses and increased website response latency. [.].
Security Affairs
OCTOBER 20, 2022
Cybersecurity researchers warn of a new PowerShell backdoor that disguises itself as part of the Windows update process to avoid detection. Cybersecurity researchers from SafeBreach a warning of a new PowerShell backdoor masqueraded as a Windows update process to avoid detection. The backdoor spreads via weaponized Word documents (“ Apply Form.docm.”) posing as a LinkedIn-based job application.
Tech Republic Security
OCTOBER 17, 2022
Gartner analysts outline the steps CIOs need to take to “revolutionize work” for the next stage of digital and detail how to power sustainability outcomes during a keynote address at the Gartner IT Symposium/Xpo Monday. The post Gartner: IT force multipliers for sustainable growth, cyber resiliency and responsible investment appeared first on TechRepublic.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Digital Shadows
OCTOBER 19, 2022
Ransomware activity decreased in the third quarter of 2022 (Q3 2022), as actors regrouped and refocused after a busy start. The post Ransomware In Q3 2022 first appeared on Digital Shadows.
Bleeping Computer
OCTOBER 15, 2022
Fortinet urges customers to urgently patch their appliances against a critical authentication bypass FortiOS, FortiProxy, and FortiSwitchManager vulnerability exploited in attacks. [.].
Security Affairs
OCTOBER 18, 2022
Fortinet confirmed that many systems are still vulnerable to attacks exploiting the CVE-2022-40684 zero-day vulnerability. Fortinet is urging customers to address the recently discovered CVE-2022-40684 zero-day vulnerability. Unfortunately, the number of devices that have yet to be patched is still high. “After multiple notifications from Fortinet over the past week, there are still a significant number of devices that require mitigation, and following the publication by an outside party o
Tech Republic Security
OCTOBER 18, 2022
Mike Arrowsmith, chief trust officer at NinjaOne, makes the case for a permanent shift in the way businesses conduct remote security. The post Plugging holes remote work punched through security appeared first on TechRepublic.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
CyberSecurity Insiders
OCTOBER 21, 2022
Advocate Aurora Health(AAH), a medical services provider serving Wisconsin and Illinois populace, was hit by a data breach affecting over 3,000,000 patients. According to the information available to Cybersecurity Insiders, AAH websites are loaded by Meta Pixel, and hackers used a vulnerability in the software tool to access information. Technically, Meta Pixel is a Facebook researchers supplied JavaScript code based analytics tool that assists website owners to gain insights on user interaction
Bleeping Computer
OCTOBER 19, 2022
A remote code execution flaw in the open-source Apache Commons Text library has some people worried that it could turn into the next Log4Shell. However, most cybersecurity researchers say it is nowhere near as concerning. [.].
Digital Shadows
OCTOBER 20, 2022
Note: This blog is part of a series of articles related to the use of Structured Analytic Techniques in Cyber. The post Alternative Future Analysis: Pro-Russian Hacktivism first appeared on Digital Shadows.
Tech Republic Security
OCTOBER 21, 2022
BlackByte is using Exbyte, a new custom exfiltration tool, to steal data. Learn how to protect your organization from this ransomware. The post BlackByte Ransomware Picks Up Where Conti and Sodinokibi Left Off appeared first on TechRepublic.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Security Affairs
OCTOBER 17, 2022
Black Lotus is a new, powerful Windows UEFI rootkit advertised on underground criminal forums, researcher warns. Cybersecurity researcher Scott Scheferman reported that a new Windows UEFI rootkit, dubbed Black Lotus, is advertised on underground criminal forums. The powerful malware is offered for sale at $5,000, with $200 payments per new updates. The researcher warns that the availability of this rootkit in the threat landscape represents a serious threat for organizations due to its evasion a
Bleeping Computer
OCTOBER 20, 2022
Advocate Aurora Health (AAH), a 26-hospital healthcare system in the states of Wisconsin and Illinois, is notifying its patients of an unintentional data breach that impacts 3,000,000 individuals. [.].
CSO Magazine
OCTOBER 20, 2022
The vast majority of organizations lack confidence in securing their data in cloud, while many companies acknowledge they lack sufficient security even for their most sensitive data, according to a new report by the Cloud Security Alliance (CSA). The CSA report surveyed 1,663 IT and security professionals from organizations of various sizes and in various locations.
Tech Republic Security
OCTOBER 21, 2022
Vulnerability intelligence tools can be very useful to prioritize the key threats security professionals need to take action on for their organization, but it’s important to remember that some are better than others. The post Top 3 tips to identify quality vulnerability intelligence appeared first on TechRepublic.
Speaker: William Hord, Vice President of ERM Services
A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.
Expert insights. Personalized for you.
339 
Let's personalize your content