Trending Articles

NSA Employee Charged with Espionage

Schneier on Security

An ex-NSA employee has been charged with trying to sell classified data to the Russians (but instead actually talking to an undercover FBI agent). It’s a weird story, and the FBI affidavit raises more questions than it answers.

Glut of Fake LinkedIn Profiles Pits HR Against the Bots

Krebs on Security

A recent proliferation of phony executive profiles on LinkedIn is creating something of an identity crisis for the business networking site, and for companies that rely on it to hire and screen prospective employees.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Detecting Deepfake Audio by Modeling the Human Acoustic Tract

Schneier on Security

This is interesting research : In this paper, we develop a new mechanism for detecting audio deepfakes using techniques from the field of articulatory phonetics.

Fake CISO Profiles on LinkedIn Target Fortune 500s

Krebs on Security

Someone has recently created a large number of fake LinkedIn profiles for Chief Information Security Officer (CISO) roles at some of the world’s largest corporations. It’s not clear who’s behind this network of fake CISOs or what their intentions may be.

CISO 254

Successful Change Management with Enterprise Risk Management

Speaker: William Hord, Vice President of ERM Services

Join us as we discuss the various tangents of data and the change management process that will help you make better risk-based business decisions to save time and money for your organization.

Why We Should Make Time to Brainstorm New, Innovative Ideas

Lohrman on Security

How can we better plan, strategize and come up with new innovative ideas in our post-COVID world

174
174

Former Uber CISO Faces Prison Time For Mishandling Cyberattack: Justice, Scapegoating, or Both?

Joseph Steinberg

A jury yesterday found former Uber security chief Joe Sullivan guilty of covering up a massive data breach; the conviction makes Sullivan likely to become the first executive to face prison time over the mishandling of a cyberattack.

CISO 132

More Trending

Differences in App Security/Privacy Based on Country

Schneier on Security

Depending on where you are when you download your Android apps, it might collect more or less data about you. The apps we downloaded from Google Play also showed differences based on country in their security and privacy capabilities.

Endings and Beginnings

Jane Frankland

The world is going through rapid change what with climate change (exceptional droughts, floods hurricanes) high inflation, economic slowdowns, recessions, tech company layoffs, supply chain problems, wars, protests, and a stock market crash.

ProxyNotShell – the New Proxy Hell?

The Hacker News

Nicknamed ProxyNotShell, a new exploit used in the wild takes advantage of the recently published Microsoft Server-Side Request Forgery (SSRF) vulnerability CVE-2022-41040 and a second vulnerability, CVE-2022-41082 that allows Remote Code Execution (RCE) when PowerShell is available to unidentified attackers.

Risk 111

Bumblebee Malware Loader's Payloads Significantly Vary by Victim System

Dark Reading

On some systems the malware drops infostealers and banking Trojans; on others it installs sophisticated post-compromise tools, new analysis shows

Cover Your SaaS: How to Overcome Security Challenges and Risks For Your Organization

Speaker: Ronald Eddings, Cybersecurity Expert and Podcaster

In this webinar, Ronald Eddings, Cybersecurity Expert, will outline the relationship between SaaS apps and IT & security teams, along with several actionable solutions to overcome the new difficulties facing your organization.

Security Vulnerabilities in Covert CIA Websites

Schneier on Security

Back in 2018, we learned that covert system of websites that the CIA used for communications was compromised by —at least—China and Iran, and that the blunder caused a bunch of arrests, imprisonments, and executions.

Microsoft: Two New 0-Day Flaws in Exchange Server

Krebs on Security

Microsoft Corp. is investigating reports that attackers are exploiting two previously unknown vulnerabilities in Exchange Server , a technology many organizations rely on to send and receive email. Microsoft says it is expediting work on software patches to plug the security holes.

The High Cost of Living Your Life Online

WIRED Threat Level

Constantly posting content on social media can erode your privacy—and sense of self. Security Security / Privacy

Media 113

6 Ways Enterprises Can Secure Private Blockchains

Security Boulevard

There has been significant growth in organizations deploying private blockchain technology. But despite its reputation, it is essential not to assume blockchain is secure just because it relies on cryptography.

How Preparation and Strategy Can Be Used to Fight and Defeat Any Ransomware Attack

Speaker: Karl Camilleri, Cloud Services Product Manager at phoenixNAP

Through a detailed analysis of major attacks and their consequences, Karl Camilleri, Cloud Services Product Manager at phoenixNAP, will discuss the state of ransomware and future predictions, as well as provide best practices for attack prevention and recovery.

First 72 Hours of Incident Response Critical to Taming Cyberattack Chaos

Dark Reading

Responding to cyberattacks is extraordinarily stressful, but better planning, frequent practice, and the availability of mental health services can help IR professionals, a survey finds

110
110

LinkedIn being targeted by fake CISO Profile Positions in Large Companies

CyberSecurity Insiders

LinkedIn has publicly announced that for some reasons, its servers are being targeted by fake CISO Profiles that disclose vacant positions at large multinational companies.

CISO 107

The Upcoming UK Telecoms (Security) Act Part One: What, Why, Who, When and How

Cisco CSR

In November 2020, the Telecommunications (Security) Bill was formally introduced to the UK’s House of Commons by the department for Digital, Culture, Media & Sport.

LayerX Platform Secures Browsers Using Machine Learning

Security Boulevard

LayerX this week emerged from stealth to launch a modern browser extension that leverages machine learning algorithms to ensure connections made to applications are secure.

How to Avoid the Pain and Cost of PCI Compliance While Optimizing Payments

Speaker: P. Andrew Sjogren, Sr. Product Marketing Manager at Very Good Security, Matt Doka, Co-Founder and CTO of Fivestars, and Steve Andrews, President & CEO of the Western Bankers Association 

In this webinar, we have a great set of panelists who will take you through how Zero Data strategies can be used as part of a well-rounded compliance and security approach, and get you to market much sooner by also allowing for payment optimization. They’ll share how to grow your business faster and minimize costs for both security and compliance

Microsoft Updates Mitigation for Exchange Server Zero-Days

Dark Reading

Researchers had discovered that Microsoft's original mitigation steps for the so-called "ProxyNotShell" flaws was easily bypassed

107
107

October Is Cybersecurity Awareness Month

Schneier on Security

For the past nineteen years, October has been Cybersecurity Awareness Month here in the US, and that event that has always been part advice and part ridicule. I tend to fall on the apathy end of the spectrum; I don’t think I’ve ever mentioned it before. But the memes can be funny.

Back to Basics: Cybersecurity's Weakest Link

The Hacker News

A big promise with a big appeal. You hear that a lot in the world of cybersecurity, where you're often promised a fast, simple fix that will take care of all your cybersecurity needs, solving your security challenges in one go.

Ransomware Attack on Ferrari

CyberSecurity Insiders

Ferrari, the luxury car maker, was recently hit by a ransomware attack that apparently led to data leak that is now being posted online on an installment basis.

Back to the Office: Privacy and Security Solutions to Compliance Issues for 2021 and Beyond

Speaker: Mike Cramer, Director of HIPAA & Data Security at The Word & Brown Companies

Now that companies are slowly allowing employees to return to work at the office, it's time to re-evaluate your company’s posture towards privacy and security. Join Mike Cramer, Director of HIPAA & Data Security at The Word & Brown Companies, for a discussion that will focus on compliance and the types of privacy and security measures your company should be aware of, as well as tips and methods for implementing these measures.

Microsoft confirms Exchange zero-day flaws actively exploited in the wild

Security Affairs

Microsoft confirmed that two recently disclosed zero-day flaws in Microsoft Exchange are being actively exploited in the wild.

Vice Society Publishes LA Public School Student Data, Psych Evals

Dark Reading

After a flat refusal to pay the ransom, Los Angeles Unified School District's stolen data has been dumped on the Dark Web by a ransomware gang

Romance scammer and BEC fraudster sent to prison for 25 years

Naked Security

Two years of scamming + $10 million leeched = 25 years in prison. Just in time for #Cybermonth. Law & order Privacy #Cybermonth BEC bust romance scam

Scams 99

Experts Warn of New RatMilad Android Spyware Targeting Enterprise Devices

The Hacker News

A novel Android malware called RatMilad has been observed targeting a Middle Eastern enterprise mobile device by concealing itself as a VPN and phone number spoofing app.

Warning: N. Korean Job Scams Push Trojans via LinkedIn

Security Boulevard

Hey, hey, DPRK, how many people will you scam today? The post Warning: N. Korean Job Scams Push Trojans via LinkedIn appeared first on Security Boulevard.

Scams 107

Finnish intelligence warns of Russia’s cyberespionage activities

Security Affairs

The Finnish Security Intelligence Service ( SUPO ) warns Russia will highly likely intensify its cyber activity over the winter.

Ransomware 3.0: The Next Frontier

Dark Reading

Attackers are already circling back to reselling stolen data instead of — and in addition to — extortion

Kim Kardashian gets caught in a Cyber Investment Fraud

CyberSecurity Insiders

Kim Kardashian, the reality TV star, was slapped with a fine of $1.26 million by the SEC as she failed to disclose the amount she earned for promoting a product related to cryptocurrency.

Cyber Attacks Against Middle East Governments Hide Malware in Windows logo

The Hacker News

An espionage-focused threat actor has been observed using a steganographic trick to conceal a previously undocumented backdoor in a Windows logo in its attacks against Middle Eastern governments.

Weaponizing Open Source Through Job Recruiting

Security Boulevard

Over the last week, troubling new reports have arisen about state-sponsored threat actors leveraging modified open source applications to compromise employees' machines at technology companies, governments, and non-profit organizations.