Accountability, CSO and Engineering - Cyber Security Informer

Facebook is firing three engineers per month for accessing user data

CyberSecurity Insiders

JULY 13, 2021

Now, news is out that the American tech giant has been firing over 3 engineers per month on an average for accessing user data fraudulently. Meaning, they were caught tracking the location of users, their names, their whereabouts, private messages, viewing deleted photos from their accounts, and what not!

Engineering

Engineering CSO Advertising Media

Critical flaw in AI testing framework MLflow can lead to server and data compromise

CSO Magazine

MARCH 24, 2023

"Basically, every organization that uses this tool is at risk of losing their AI models, having an internal server compromised, and having their AWS account compromised," Dan McInerney, a senior security engineer with cybersecurity startup Protect AI, told CSO. It's pretty brutal."

CSO

CSO Authentication Engineering Internet

Top Cybersecurity Accounts to Follow on Twitter

eSecurity Planet

DECEMBER 3, 2021

Here are the top Twitter accounts to follow for the latest commentary, research, and much-needed humor in the ever-evolving information security space. Lots of accounts including Bezos, Elon Musk, Joe Biden, Barack Obama, Bill Gates, Mr Beast, and a ton more getting hacked for a bitcoin scheme. Eugene Kaspersky | @e_kaspersky.

Accountability

Accountability Cybersecurity Penetration Testing InfoSec

Webinars

Human-Centered Cyber Security Training: Driving Real Impact on Security Culture

MORE WEBINARS

LW ROUNDTABLE: Cybersecurity takeaways of 2023 — and what’s ahead in 2024 ( part 2)

The Last Watchdog

DECEMBER 14, 2023

“Kerberoasting” and “Golden Ticket” attacks were both introduced in 2014 and yet enterprises continue to have hundreds of accounts configured with unconstrained delegation. Richard Bird , CSO, Traceable AI Bird The bad guys are showing no restraint in exploiting API security weakness to their advantage.

Cybersecurity

Cybersecurity Risk Cyber threats CSO

A Clear and Present Need: Bolster Your Identity Security with Threat Detection and Response

Duo's Security Blog

NOVEMBER 20, 2023

“It took nearly 11 months (328 days) to identity and contain data breaches resulting from stolen or compromised credentials.” – IBM’s Cost of Data Breach Report 2023 I recently came across a 2012 article from CSO Online , and realized that it has been more than 11 years since the phrase “Identity is the new perimeter” was coined!

Threat Detection

Threat Detection Authentication Accountability Data breaches

Okta revealed that its private GitHub repositories were hacked this month

Security Affairs

DECEMBER 21, 2022

“Upon investigation, we have concluded that such access was used to copy Okta code repositories,” writes David Bradbury, the Okta Chief Security Officer (CSO) in the mail. The Lapsus$ extortion group compromised the laptop of one of its support engineers that allowed them to reset passwords for some of its customers.

Hacking

Hacking CSO Data breaches Engineering

GitHub Discovers Authentication Issue

SecureWorld News

MARCH 10, 2021

Upon receiving the report, GitHub Security and Engineering immediately began investigating to understand the root cause, impact, and prevalence of this issue on GitHub.com. He also says that it is very important to note that this issue was not the result of compromised account passwords, SSH keys, or personal access tokens (PATs).

Authentication

Authentication CSO Accountability Engineering

10 dark web monitoring tools

CSO Magazine

FEBRUARY 21, 2023

It consists of sites that are not indexed by popular search engines such as Google, and the dark web includes marketplaces for data usually obtained as a result of a cyberattack such as compromised user accounts, identity information, or other confidential corporate information. To read this article in full, please click here

CISO

CISO Engineering Accountability

GUEST ESSAY: Leveraging ‘zero trust’ and ‘remote access’ strategies to mitigate ransomware risks

The Last Watchdog

MAY 5, 2022

Fun fact: 80% of these breaches occur at the endpoint , often via phishing or social engineering. From there, it’s possible to find devices with privileged accounts and take the attack further. So as investments go, checking device posture as part of your zero trust program is a huge win. Let’s talk VPNs. Food for thought, eh!

Ransomware

Ransomware Risk Internet Internet

Cybersecurity First: #BeCyberSmart at Work and Home

Security Through Education

OCTOBER 27, 2021

Social-Engineer, LLC saw an almost 350% increase in recognition of phishing emails when using a similar training platform in 2020. It is to these carefully crafted campaigns that Social-Engineer, LLC can attribute their success. The answer is simple; with simulated attacks and subsequent training.

Cybersecurity

Cybersecurity Social Engineering Firewall Engineering

China-aligned APT renews cyberattack on European diplomats, as war rages

CSO Magazine

MARCH 9, 2022

TA416 (aka RedDelta ) is known to have been targeting Europe for several years using web bugs to profile target accounts, according to a research report by Proofpoint. To read this article in full, please click here

Social Engineering

Social Engineering Accountability Engineering Cybersecurity

Darktrace/Email upgrade enhances generative AI email attack defense

CSO Magazine

APRIL 2, 2023

Darktrace has announced a new upgrade to its Darktrace/Email product with enhanced features that defend organizations from evolving cyberthreats including generative AI business email compromise (BEC) and novel social engineering attacks.

Social Engineering

Social Engineering Engineering Phishing Accountability

Uber responding to “cybersecurity incident” following reports of significant data breach

CSO Magazine

SEPTEMBER 16, 2022

Ride-hailing giant Uber has confirmed that it is responding to a cybersecurity incident as reports emerge that the firm has suffered a significant network data breach forcing it to shut down several internal communications and engineering systems. Attacker announces Uber breach through compromised Slack account.

Data breaches

Data breaches Cybersecurity Accountability Engineering

Hackers fool major tech companies into handing over data of women and minors to abuse

Malwarebytes

APRIL 28, 2022

This happened because they provided information in response to emergency data requests from legitimate law enforcement accounts that hackers had compromised. Third, victims can’t protect themselves from such attacks unless they completely delete their accounts. This tactic has become prevalent in recent months.

CSO

CSO Accountability Authentication Cybersecurity

Beyond Awareness: How to Cultivate the Human Side of Security

CyberSecurity Insiders

MAY 16, 2022

By Amanda Fennell, CSO and CIO, Relativity. Think about an individual on the product marketing team or in engineering, operations, communications or human resources. Security programs must shoulder accountability for setting employees in different roles up for success. What’s their typical day like? What are their goals?

CSO

CSO Passwords Password Management Accountability

Searchlight Cyber launches Stealth Browser for safe dark web access

CSO Magazine

APRIL 12, 2023

The dark web consists of sites that are not indexed by popular search engines such as Google, along with marketplaces for stolen data and cybercriminal services.

Engineering

Engineering Phishing Risk Accountability

Okta admits 366 customers may have been impacted by LAPSUS$ breach

Malwarebytes

MARCH 23, 2022

Both are saying that the criminal hacking group acquired access to a user account with access to some customer data. In an article on Okta’s website , CSO David Bradbury provided a timeline of the incidents which took place in January. A screeshot of the alleged Okta breach shared on the LAPSU$ Telegram channel.

CSO

CSO Engineering Passwords VPN

Fake LinkedIn CISO Profiles Target Top Companies

SecureWorld News

OCTOBER 3, 2022

KrebsOnSecurity reports that a large number of fake CISO profiles were created, and that the profiles were even confusing some search engine results for CISOs at large companies. Well, Google's search engine apparently lacked that reasoning. CISO profiles spoofed on LinkedIn. of spam and scam.".

CISO

CISO Engineering Healthcare Cryptocurrency

Camera tricks: Privacy concerns raised after massive surveillance cam breach

SC Magazine

MARCH 10, 2021

Making matters worse, the cameras employ facial recognition technology, which leads to questions as to whether an attacker could actually identify individuals caught on camera and then pursue them as targets for social engineering schemes or something even more nefarious. When surveillance leads to spying. What did Verkada do wrong?

Surveillance

Surveillance IoT Accountability Passwords

NEW TECH: Data Theorem helps inventory sprawling APIs — as the first step to securing them

The Last Watchdog

MARCH 25, 2019

If I go to a CSO and say, ‘We can secure your APIs,’ he’ll say, ‘Great, can you also find them for me?’ ” observed Dwivedi, Data Theorem’s founder. Instead, what it did was allow anyone with a usps.com account to modify a wildcard search without authentication permissions. And that’s just one phone. Velocity without security.

Digital transformation

Digital transformation Software Data breaches Authentication

Podcast Episode 134: The Deep Fake Threat to Authentication and analyzing the PEAR Compromise

The Security Ledger

FEBRUARY 19, 2019

And, in our second segment, Sam Bisbee the CSO of the firm ThreatStack joins us to talk about last month's hack of the PEAR open source package manager and why data deserialization attacks are a growing threat to projects that use open source components. Vijay Balasubramaniyan of Pindrop joins us to talk about it.

Authentication

Authentication CSO Artificial Intelligence Social Engineering

Podcast Episode 118: White Hat Eye on the Gaming Guy

The Security Ledger

OCTOBER 29, 2018

» Related Stories Podcast Episode 112: what it takes to be a top bug hunter Podcast Episode 113: SAP CSO Justin Somaini and Election Hacks – No Voting Machines Required! He’s joined by JP Villanueva, trust and security engineer, Dan Trauner, security engineer and Adam David, software engineer at BugCrowd.

Artificial Intelligence

Artificial Intelligence CSO Engineering Risk

Not-so-customary customer service: Experts offer tips on vendor best practices

SC Magazine

MAY 3, 2021

said Dan Meacham, vice president of global security and corporate operations and CSO/CISO at film production company Legendary Entertainment. Support engineers should also be available to assist with pre-sales and proof-of-concept deployments,” Ghazizadeh explained. “A This is not really about account management, just good business.”.

Software

Software Engineering Media CISO

Cybersecurity Awareness Month: Security Experts Reflect on Safety

CyberSecurity Insiders

NOVEMBER 1, 2021

At Forter, we’ve seen a marked uptick in Account Takeovers (ATO); a form of identity fraud in which a third-party steals credentials and / or gains access to user accounts. Fraudsters have been opportunistic in taking over these accounts. Wes Spencer, VP, External CSO, ConnectWise. How can that be? Let’s admit it.

Cybersecurity

Cybersecurity Backups Ransomware Passwords

Cyber Security Awareness and Risk Management

Spinone

DECEMBER 26, 2018

Social engineering attacks , including phishing, spam, and viruses introduced via clickable links within e-mail affected 80% of the banking institutions in 2016. VoIP phishing and impersonation also victimized millions of corporate employees across the world , contributing to an even greater cyber threat.

Security Awareness

Security Awareness Risk Cyber threats Cyber Risk

Cyber Security Informer

Facebook is firing three engineers per month for accessing user data

Critical flaw in AI testing framework MLflow can lead to server and data compromise

Webinars

Trending Sources

Top Cybersecurity Accounts to Follow on Twitter

Webinars

LW ROUNDTABLE: Cybersecurity takeaways of 2023 — and what’s ahead in 2024 ( part 2)

A Clear and Present Need: Bolster Your Identity Security with Threat Detection and Response

Okta revealed that its private GitHub repositories were hacked this month

GitHub Discovers Authentication Issue

10 dark web monitoring tools

GUEST ESSAY: Leveraging ‘zero trust’ and ‘remote access’ strategies to mitigate ransomware risks

Cybersecurity First: #BeCyberSmart at Work and Home

China-aligned APT renews cyberattack on European diplomats, as war rages

Darktrace/Email upgrade enhances generative AI email attack defense

Uber responding to “cybersecurity incident” following reports of significant data breach

Hackers fool major tech companies into handing over data of women and minors to abuse

Beyond Awareness: How to Cultivate the Human Side of Security

Searchlight Cyber launches Stealth Browser for safe dark web access

Okta admits 366 customers may have been impacted by LAPSUS$ breach

Fake LinkedIn CISO Profiles Target Top Companies

Camera tricks: Privacy concerns raised after massive surveillance cam breach

NEW TECH: Data Theorem helps inventory sprawling APIs — as the first step to securing them

Podcast Episode 134: The Deep Fake Threat to Authentication and analyzing the PEAR Compromise

Podcast Episode 118: White Hat Eye on the Gaming Guy

Not-so-customary customer service: Experts offer tips on vendor best practices

Cybersecurity Awareness Month: Security Experts Reflect on Safety

Cyber Security Awareness and Risk Management

Stay Connected