Trending Articles

Apple’s Device Analytics Can Identify iCloud Users

Schneier on Security

Data Breach Misattribution, Acxiom & Live Ramp

Troy Hunt

If you find your name and home address posted online, how do you know where it came from? Let's assume there's no further context given, it's just your legitimate personal data and it also includes your phone number, email address. and over 400 other fields of data.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Holiday Shopping Online: Safety on Black Friday, Cyber Monday

Lohrman on Security

What are the latest online security tips as we head into another holiday season? What’s the best cyber advice, and what shopping trends should you watch out for

191
191

FIRESIDE CHAT: Anchoring security on granular visibility, proactive management of all endpoints

The Last Watchdog

Endpoints are where all are the connectivity action is. Related: Ransomware bombardments. And securing endpoints has once more become mission critical. This was the focal point of presentations at Tanium’s Converge 2022 conference which I had the privilege to attend last week at the Fairmont Austin in the Texas capital. I had the chance to visit with Peter Constantine, Tanium’s Senior Vice President Product Management.

Successful Change Management with Enterprise Risk Management

Speaker: William Hord, Vice President of ERM Services

Join us as we discuss the various tangents of data and the change management process that will help you make better risk-based business decisions to save time and money for your organization.

$1200 for acceleration on a Merc

Javvad Malik

Mercedes is one of the latest car companies to think, “hey, what do we do in a global downturn when new sales are low… I know, let’s limit some features on our car, then when people buy them, charge them extra to unlock it via a subscription model. If it’s worked for SaaS, it can work for us!” ” According to their site , a mere $1200 a month can give you a “noticeable improvement in acceleration of 0.8

Successful Hack of Time-Triggered Ethernet

Schneier on Security

Time-triggered Ethernet (TTE) is used in spacecraft, basically to use the same hardware to process traffic with different timing and criticality. Researchers have defeated it : On Tuesday, researchers published findings that, for the first time, break TTE’s isolation guarantees.

More Trending

Get Pwned, for 30% Less!

Troy Hunt

We've had great feedback from people who have gotten Pwned. Loads of people had told us how much they've enjoyed it and would like to get their friends Pwned too. Personally, I think everyone should get Pwned!

182
182

Expert published PoC exploit code for macOS sandbox escape flaw

Security Affairs

A researcher published details and proof-of-concept (PoC) code for High-Severity macOS Sandbox escape vulnerability tracked as CVE-2022-26696. Researcher Wojciech Regu?a

Top 6 security risks associated with industrial IoT

Tech Republic Security

Industrial IoT is gaining adoption, but this comes with some security risks. Check out the dangers and how you can avoid them. The post Top 6 security risks associated with industrial IoT appeared first on TechRepublic.

IoT 149

The US Has a Shortage of Bomb-Sniffing Dogs

Schneier on Security

Nothing beats a dog’s nose for detecting explosives. Unfortunately, there aren’t enough dogs : Last month, the US Government Accountability Office (GAO) released a nearly 100-page report about working dogs and the need for federal agencies to better safeguard their health and wellness.

Cover Your SaaS: How to Overcome Security Challenges and Risks For Your Organization

Speaker: Ronald Eddings, Cybersecurity Expert and Podcaster

In this webinar, Ronald Eddings, Cybersecurity Expert, will outline the relationship between SaaS apps and IT & security teams, along with several actionable solutions to overcome the new difficulties facing your organization.

GUEST ESSAY: The rising need to defend against super hackers, master thieves and digital ghosts

The Last Watchdog

Consider what might transpire if malicious hackers began to intensively leverage Artificial Intelligence (AI) to discover and exploit software vulnerabilities systematically? Related: Cyber spying on the rise. Cyber-attacks would become much more dangerous and much harder to detect. Currently, human hackers often discover security holes by chance; AI could make their hacking tools faster and the success of their tactics and techniques much more systematic.

Weekly Update 322

Troy Hunt

It's very strange to have gone 1,051 days without spending more than a few hours apart, but here we are.

Experts claim that iPhone’s analytics data is not anonymous

Security Affairs

Researchers discovered that analytics data associated with iPhone include Directory Services Identifier (DSID) that could allow identifying users.

Email Servers and Satellites will become key cyber-attack targets in 2023

CyberSecurity Insiders

Kaspersky, a security firm having roots in Russia, has released a prediction filled report stating email servers and satellites becoming key cyber attack targets in the year 2023.

How Preparation and Strategy Can Be Used to Fight and Defeat Any Ransomware Attack

Speaker: Karl Camilleri, Cloud Services Product Manager at phoenixNAP

Through a detailed analysis of major attacks and their consequences, Karl Camilleri, Cloud Services Product Manager at phoenixNAP, will discuss the state of ransomware and future predictions, as well as provide best practices for attack prevention and recovery.

Breaking the Zeppelin Ransomware Encryption Scheme

Schneier on Security

Identity-Based Attacks Increase, MFA-Thwarting Tactics Rise 

Security Boulevard

Multifactor authentication (MFA) push notification fatigue attacks are increasing and are proving more effective, according to Expel’s quarterly threat report, based on data from the company’s customer base.

Google Blocks 231B Spam, Phishing Emails in Past 2 Weeks

Dark Reading

Google Workspace's team is seeing a spike in phishing and spam hitting Gmail — up 10% in just the last two weeks

5 API Vulnerabilities That Get Exploited by Criminals

Security Affairs

Let’s give a look at API vulnerabilities by reading the API Security Top 10 published by the Open Web Application Security Project (OWASP).

B2B 106

How to Avoid the Pain and Cost of PCI Compliance While Optimizing Payments

Speaker: P. Andrew Sjogren, Sr. Product Marketing Manager at Very Good Security, Matt Doka, Co-Founder and CTO of Fivestars, and Steve Andrews, President & CEO of the Western Bankers Association 

In this webinar, we have a great set of panelists who will take you through how Zero Data strategies can be used as part of a well-rounded compliance and security approach, and get you to market much sooner by also allowing for payment optimization. They’ll share how to grow your business faster and minimize costs for both security and compliance

How to hack an unpatched Exchange server with rogue PowerShell code

Naked Security

Review your servers, your patches and your authentication policies - there's a proof-of-concept out. Microsoft Uncategorized Vulnerability 0 day :ProxyNotShell CVE-2022-41040 CVE-2022-41082 Zero Day

First Review of A Hacker’s Mind

Schneier on Security

Kirkus reviews A Hacker’s Mind : A cybersecurity expert examines how the powerful game whatever system is put before them, leaving it to others to cover the cost. Schneier, a professor at Harvard Kennedy School and author of such books as Data and Goliath and Click Here To Kill Everybody , regularly challenges his students to write down the first 100 digits of pi, a nearly impossible task­—but not if they cheat, concerning which he admonishes, “Don’t get caught.”

GUEST ESSAY — Security practices companies must embrace to stop AI-infused cyber attacks

The Last Watchdog

Consider what might transpire if malicious hackers began to intensively leverage Artificial Intelligence (AI) to discover and exploit software vulnerabilities systematically? Related: Bio digital twin can eradicate heart failure. Cyber-attacks would become much more dangerous and much harder to detect. Currently, human hackers often discover security holes by chance; AI could make their hacking tools faster and the success of their tactics and techniques much more systematic.

Cybersecurity Pros Put Mastodon Flaws Under the Microscope

Dark Reading

As the open source social media network blows up due to Twitter's troubles, researchers caution about vulnerabilities within the application

Media 102

Back to the Office: Privacy and Security Solutions to Compliance Issues for 2021 and Beyond

Speaker: Mike Cramer, Director of HIPAA & Data Security at The Word & Brown Companies

Now that companies are slowly allowing employees to return to work at the office, it's time to re-evaluate your company’s posture towards privacy and security. Join Mike Cramer, Director of HIPAA & Data Security at The Word & Brown Companies, for a discussion that will focus on compliance and the types of privacy and security measures your company should be aware of, as well as tips and methods for implementing these measures.

Ducktail information stealer continues to evolve

Security Affairs

The operators behind the Ducktail information stealer continue to improve their malicious code, operators experts warn.

Most popular passwords are 123456 and ILoveYou

CyberSecurity Insiders

Every year, NordPass makes it a point to release a report on the most popular passwords that are being used in the UK and as usual, it released a report even in this year as well.

‘This is Appalling’ — Tax-Prep Sites Leak PII to Facebook

Security Boulevard

Some incredibly personal details are being sent to Facebook, without your consent, using the “Meta Pixel.”. The post ‘This is Appalling’ — Tax-Prep Sites Leak PII to Facebook appeared first on Security Boulevard.

CISO 94

Vulnerability Patching: How to Prioritize and Apply Patches

eSecurity Planet

Every IT environment and cybersecurity strategy has vulnerabilities. To avoid damage or loss, organizations need to find and eliminate those vulnerabilities before attackers can exploit them.

Microsoft: Popular IoT SDKs Leave Critical Infrastructure Wide Open to Cyberattack

Dark Reading

Chinese threat actors have already used the vulnerable and pervasive Boa server to infiltrate the electrical grid in India, in spate of malicious incidents

IoT 96

Black Friday and Cyber Monday, crooks are already at work

Security Affairs

Every year during Black Friday and Cyber Monday, crooks take advantage of the bad habits of users with fraudulent schema. Researchers at Bitdefender Antispam Lab have analyzed during the last weeks the fraudulent activities associated with Black Friday and Cyber Monday.

Retail 106

Details of Google going against Glupteba Botnet Operators

CyberSecurity Insiders

In December 2021, Google’s Threat Analysis Group (TAG) discovered the intense activities being conducted by Glupteba Botnet on the internet and filed a lawsuit in a district court of New York.

Microsoft Defender protects Mac and Linux from malicious websites

Tech Republic Security

Now that attackers can phish employees on any device and try to extract credentials, endpoint protection has to cover more than just Windows. The post Microsoft Defender protects Mac and Linux from malicious websites appeared first on TechRepublic. Microsoft Security Software security software

BSidesKC 2022 – Dale Hollis’ ‘Frustrating The PenTester With Active Directory’

Security Boulevard

Our sincere thanks to BSidesKC 2022 for publishing their outstanding conference videos on the organization's YouTube channel. Permalink. The post BSidesKC 2022 – Dale Hollis’ ‘Frustrating The PenTester With Active Directory’ appeared first on Security Boulevard.

'Patch Lag' Leaves Millions of Android Devices Vulnerable

Dark Reading

Months after a fix was issued by a vendor, downstream Android device manufacturers still haven't patched, highlighting a troubling trend