Tech Republic Security
AUGUST 25, 2022
Mitiga says that MFA, even if improperly configured, is no panacea for preventing attackers from abusing compromised credentials. The post How a business email compromise attack exploited Microsoft’s multi-factor authentication appeared first on TechRepublic.
Lohrman on Security
AUGUST 21, 2022
2022 has brought a surge in distributed denial-of-service attacks as well as a dramatic rise in patriotic hacktivism. What’s ahead for these trends as the year continues?
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Schneier on Security
AUGUST 22, 2022
This is a dumb crypto mistake I had not previously encountered: A developer says it was possible to run their own software on the car infotainment hardware after discovering the vehicle’s manufacturer had secured its system using keys that were not only publicly known but had been lifted from programming examples. […]. “Turns out the [AES] encryption key in that script is the first AES 128-bit CBC example key listed in the NIST document SP800-38A [PDF]” […].
The Last Watchdog
AUGUST 22, 2022
Short-handed cybersecurity teams face a daunting challenge. Related: ‘ASM’ is cybersecurity’s new centerpiece. In an intensely complex, highly dynamic operating environment, they must proactively mitigate myriad vulnerabilities and at the same time curtail the harm wrought by a relentless adversary: criminal hacking collectives. In short, attack surface management has become the main tent pole of cybersecurity.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Tech Republic Security
AUGUST 25, 2022
Apple updates, cookie theft, tech tips and a 5G cheat sheet top this week’s most-read news on TechRepublic. The post Tech news you may have missed: August 18 – 25 appeared first on TechRepublic.
CSO Magazine
AUGUST 23, 2022
The cost of a data breach is not easy to define, but as more organizations fall victim to attacks and exposures, the potential financial repercussions are becoming clearer. For modern businesses of all shapes and sizes, the monetary impact of suffering a data breach is substantial. IBM’s latest Cost of a Data Breach report discovered that, in 2022, the average cost of a data breach globally reached an all-time high of $4.35 million.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Bleeping Computer
AUGUST 25, 2022
Microsoft has discovered a new malware used by the Russian hacker group APT29 (a.k.a. NOBELIUM, Cozy Bear) that enables authentication as anyone in a compromised network. [.].
Tech Republic Security
AUGUST 25, 2022
In a scam analyzed by Avanan, the victim received an email claiming to be from the CFO directing them to make a payment to their insurance company. The post How a business email compromise scam spoofed the CFO of a major corporation appeared first on TechRepublic.
Trend Micro
AUGUST 23, 2022
We investigate mhyprot2.sys, a vulnerable anti-cheat driver for the popular role-playing game Genshin Impact. The driver is currently being abused by a ransomware actor to kill antivirus processes and services for mass-deploying ransomware.
Schneier on Security
AUGUST 24, 2022
Peiter Zatko, aka Mudge, has filed a whistleblower complaint with the SEC against Twitter, claiming that they violated an eleven-year-old FTC settlement by having lousy security. And he should know; he was Twitter’s chief security officer until he was fired in January. The Washington Post has the scoop (with documents) and companion backgrounder.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Bleeping Computer
AUGUST 25, 2022
Password management firm LastPass was hacked two weeks ago, enabling threat actors to steal the company's source code and proprietary technical information. [.].
Tech Republic Security
AUGUST 24, 2022
Analyzing over 100 prominent ransomware incidents, Barracuda found the top targeted sectors to be education, municipalities, healthcare, infrastructure and financial. The post How ransomware attacks target specific industries appeared first on TechRepublic.
Security Boulevard
AUGUST 25, 2022
It probably isn’t a surprise to any skeptics of the security practices of social media platforms—or who specifically remember Twitter’s previous security mishaps, including the hack of high-profile blue-check accounts—that Twitter’s cybersecurity practices are less than stellar and may even leave the platform open to attacks by nation-states. This, according to a former Twitter security.
Schneier on Security
AUGUST 26, 2022
I’ve been saying that complexity is the worst enemy of security for a long time now. ( Here’s me in 1999.) And it’s been true for a long time. In 2018, Thomas Dullin of Google’s Project Zero talked about “cheap complexity.” Andrew Appel summarizes : The anomaly of cheap complexity. For most of human history, a more complex device was more expensive to build than a simpler device.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Bleeping Computer
AUGUST 25, 2022
Threat analysts have discovered the phishing kit responsible for thousands of attacks against 136 high-profile organizations that have compromised 9,931 accounts. [.].
Tech Republic Security
AUGUST 25, 2022
As the facial recognition market continues to grow, business leaders should consider these issues before deciding whether to implement the technology. The post Privacy and security issues associated with facial recognition software appeared first on TechRepublic.
Security Boulevard
AUGUST 25, 2022
This week: cybercriminals are continuing to target medical facilities, Twitter’s alleged lack of cybersecurity measures, and more. . The post The Week in Cybersecurity: French hospital hit with ransomware attack appeared first on Security Boulevard.
Trend Micro
AUGUST 24, 2022
A new ransomware written in the Go language has been targeting healthcare and education enterprises in Asia and Africa. This ransomware is called Agenda and is customized per victim.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
eSecurity Planet
AUGUST 25, 2022
The widely-used DevOps platform GitLab has released critical security updates for its Community Edition (CE) and Enterprise Edition (EE). The vulnerability was reported for a number of versions of GitLab CE/EE: all versions starting from 11.3.4 before 15.1.5 all versions starting from 15.2 before 15.2.3 all versions starting from 15.3 before 15.3.1.
Tech Republic Security
AUGUST 22, 2022
RaaS kits are easy to find on the Dark Web, lowering the barrier of entry so that virtually any cybercriminal can launch successful ransomware attacks, says Microsoft. The post How to protect your organization from ransomware-as-a-service attacks appeared first on TechRepublic.
We Live Security
AUGUST 25, 2022
Doxing can happen to anyone – here’s how you can reduce the odds that your personal information will be weaponized against you. The post What is doxing and how to protect yourself appeared first on WeLiveSecurity.
Security Affairs
AUGUST 24, 2022
Threat actors are using the Tox peer-to-peer instant messaging service as a command-and-control server, Uptycs researchers reported. Tox is a peer-to-peer serverless instant messaging services that uses NaCl for encryption and decryption. Uptycs researchers reported that threat actors have started using the Tox peer-to-peer instant messaging service as a command-and-control server.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
eSecurity Planet
AUGUST 23, 2022
Linux has an extensive range of open-source distributions that pentesters, ethical hackers and network defenders can use in their work, whether for pentesting , digital forensics or other cybersecurity uses. Also known as “distros,” these distributions are variations of Linux that include the Linux kernel and usually a specific package manager. For example, Kali Linux, one of the most popular pentesting OSs, is Debian-based, which means it’s based on the Debian Project.
Tech Republic Security
AUGUST 26, 2022
Enterprise accounting software is designed for large companies and businesses. Here are the top eight enterprise accounting software suites. The post 8 best enterprise accounting software suites appeared first on TechRepublic.
CyberSecurity Insiders
AUGUST 24, 2022
Plex, an American Streaming platform, has officially sent out email notifications to all its users urging them to change their passwords. The entertainment offering company added in its update that the reason to send a notification to all its users was because of the discovery of suspicious activity on one of its IT databases. In the statement issued by Plex, the streaming media specified that the activity was discovered by it on August 23rd of this year and soon its IT staff, along with a third
Heimadal Security
AUGUST 23, 2022
Last weekend, DESFA, a natural gas transmission system operator in Greece, revealed that a cyberattack led to “a limited scope data breach and IT system outage.” What Happened? According to a public statement made by the natural gas distributor, the threat actors tried to breach its system, but the swift actions of its IT team […].
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
CSO Magazine
AUGUST 24, 2022
Cybersecurity spending in the coming year may not be recession-proof, but it's likely to be recession-resistant. Still, pressure remains on security leaders to prioritize technologies that generate the most bang for the buck. Forrester released a report Tuesday to help organizations do just that. "It's hard to assess what 2023 budgets will look like because most companies are in their budget planning for 2023 now, but I think most companies are taking a cautious approach," says Forrester Vice Pr
Tech Republic Security
AUGUST 22, 2022
A lot of companies have deployed multi-factor authentication, yet attackers have some ways to bypass it—the most used one being cookie theft. The post Cookie theft threat: When Multi-Factor authentication is not enough appeared first on TechRepublic.
Bleeping Computer
AUGUST 25, 2022
Hackers are abusing an anti-cheat system driver for the immensely popular Genshin Impact game to disable antivirus software while conducting ransomware attacks. [.].
Security Affairs
AUGUST 25, 2022
Russia-linked APT group Nobelium is behind a new sophisticated post-exploitation malware tracked by Microsoft as MagicWeb. Microsoft security researchers discovered a post-compromise malware, tracked as MagicWeb, which is used by the Russia-linked NOBELIUM APT group to maintain persistent access to compromised environments. The NOBELIUM APT ( APT29 , Cozy Bear , and The Dukes) is the threat actor that conducted the supply chain attack against SolarWinds, which involved multiple families of impla
Speaker: William Hord, Vice President of ERM Services
A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.
Expert insights. Personalized for you.
162 
Let's personalize your content