Accountability, CSO and Internet - Cyber Security Informer

Critical flaw in AI testing framework MLflow can lead to server and data compromise

CSO Magazine

MARCH 24, 2023

The attacks can be executed remotely without authentication because MLflow doesn't implement authentication by default and an increasing number of MLflow deployments are directly exposed to the internet. It's pretty brutal." To read this article in full, please click here

CSO

CSO Authentication Engineering Internet

GUEST ESSAY: Leveraging ‘zero trust’ and ‘remote access’ strategies to mitigate ransomware risks

The Last Watchdog

MAY 5, 2022

As an enterprise security team, you could restrict internet access at your egress points, but this doesn’t do much when the workforce is remote. In short, anything accessible from the internet should be given extra attention. This disables peer-to-peer access, enabling internet-only access. Food for thought, eh!

Ransomware

Ransomware Risk Internet Internet

Podcast Episode 113: SAP CSO Justin Somaini and Election Hacks – No Voting Machines Required!

The Security Ledger

SEPTEMBER 25, 2018

SAP CSO Justin Somaini. For consumers, that means boning up on account security – maybe getting a password manager. Somaini has the distinction of being the first CSO at Yahoo and also at Symantec. October is Cybersecurity awareness month.

CSO

CSO Hacking Security Awareness Password Management

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

Facebook Removes Russia-based Internet Research Agency-Controlled Pages

Dark Reading

APRIL 4, 2018

CSO Alex Stamos explains why the company deleted 70 Facebook and 65 Instagram accounts, and 138 Facebook pages.

CSO

CSO Internet Internet Accountability

LW ROUNDTABLE: Cybersecurity takeaways of 2023 — and what’s ahead in 2024 ( part 2)

The Last Watchdog

DECEMBER 14, 2023

“Kerberoasting” and “Golden Ticket” attacks were both introduced in 2014 and yet enterprises continue to have hundreds of accounts configured with unconstrained delegation. Richard Bird , CSO, Traceable AI Bird The bad guys are showing no restraint in exploiting API security weakness to their advantage.

Cybersecurity

Cybersecurity Risk Cyber threats CSO

Malware disguised as ChatGPT apps are being used to lure victims, Meta says

CSO Magazine

MAY 4, 2023

Since March, Meta has discovered about 10 malware families using AI themes to compromise business accounts across the internet — including social media business accounts — and blocked over 1,000 unique ChatGPT-themed malicious URLs from being shared on its platforms. To read this article in full, please click here

Malware

Malware Media Accountability Internet

How API attacks work, and how to identify and prevent them

CSO Magazine

MAY 21, 2021

In early May, fitness company Peloton announced that it had exposed customer account data on the internet. Anyone could access users’ account data from Peloton’s servers, even if the users set their account profiles as private. The cause: a faulty API that permitted unauthenticated requests.

Accountability

Accountability Internet Internet

Resolving conflicts between security best practices and compliance mandates

CSO Magazine

AUGUST 31, 2022

So, you read a great tip on the internet and think it would improve your security posture. Before you bring that tip to management, it’s wise to determine if it’s allowed by your security compliance requirements or can become an acceptable exception to your compliance templates. To read this article in full, please click here

Insurance

Insurance Internet Internet Technology

An attacker was able to siphon audio feeds from multiple Clubhouse rooms

Security Affairs

FEBRUARY 22, 2021

In response to the malicious activity, the company permanently banned the account used by the attacker and deployed new “safeguards” to prevent similar attacks in the future, but ClubHouse was not able to ensure that it will not happen again. ” reported Bloomberg. Pierluigi Paganini. SecurityAffairs – hacking, Clubhouse).

CSO

CSO Internet Internet Surveillance

GAO warns government agencies: focus on IoT and OT within critical infrastructure

CSO Magazine

DECEMBER 15, 2022

The US Government Accounting Office (GAO) continues to highlight shortcomings in the cybersecurity posture of government entities responsible for the protection of United States infrastructure when it comes to internet of things (IoT) and operational technology (OT) devices and systems.

IoT

IoT Government Internet Internet

Task force proposes framework for combatting ransomware

CSO Magazine

APRIL 29, 2021

Ransomware, the " perfect crime " of the internet era, is spreading rapidly, growing according to some accounts by 150% or more in 2020. There are no signs of a slow-down in 2021.

Ransomware

Ransomware Internet Internet Accountability

VulnRecap 1/29/24 – Apple, Apache & VMware Under Attack

eSecurity Planet

JANUARY 29, 2024

“The most significant risk for enterprises isn’t the speed at which they are applying critical patches; it comes from not applying the patches on every asset,” noted Brian Contos, CSO of Sevco Security. As of January 24th, Shadowserver researchers still detected 5,300 older and internet-exposed GitLab accounts.

Software

Software Authentication CSO Accountability

Office 365 phishing campaign that can bypass MFA targets 10,000 organizations

CSO Magazine

JULY 12, 2022

Security researchers from Microsoft have uncovered a large-scale phishing campaign that uses HTTPS proxying techniques to hijack Office 365 accounts. According to the FBI's Internet Crime Complaint Center (IC3), BEC attacks have led to over $43 billion in losses between June 2016 and December 2021.

Phishing

Phishing Accountability Authentication Internet

Minnesota Passes Data Privacy Law, Joining Growing State Movement

SecureWorld News

MAY 21, 2024

Narrow consumer privacy bills that address a range of issues—including protecting biometric identifiers and health data or governing the activities of specific entities like data brokers or internet service providers—have been introduced in several states, as well. RELATED: Uber CSO Found Guilty: The Sky Is Not Falling.

Data privacy

Data privacy CISO Small Business CSO

FBI: Victims lost nearly $7 billion to cybercrime in 2021

CSO Magazine

MARCH 23, 2022

A new report released by the FBI's Internet Crime Complaint Center (IC3) shows that financial losses due to suspected cybercrime continued to rise sharply over the course of 2021, to a total of $6.9 Five years ago, the same report showed that internet-based crime accounted for $1.4 billion, on 301,580 complaints.

Cybercrime

Cybercrime Internet Internet Phishing

Cato Networks launches SSE system with customizable DLP capabilities

CSO Magazine

JULY 19, 2022

Traditional SSE architectures are mostly proxy-based solutions which have limited visibility and control over WAN traffic as they only take into account the traffic from users to the internet," says Boaz Avigad, director of product marketing at Cato Networks. However, at some point they’ll need to cover data centers, on-prem and cloud.

Architecture

Architecture Marketing Internet Internet

NIST's new cyber-resiliency guidance: 3 steps for getting started

CSO Magazine

FEBRUARY 1, 2022

Nearly everything you can think of is already or will soon be connected to networks and the internet. Sources such as the World Economic Forum project that soon digital platforms will account for nearly 60% of global GDP. Some metrics rate the broader IoT ecosystem to be over 12 billion devices.

IoT

IoT Internet Internet Accountability

Google disrupts major malware distribution network Glupteba

CSO Magazine

DECEMBER 8, 2021

Working with several internet infrastructure and hosting providers, including Cloudflare, Google disrupted the operation of an aggressive Windows botnet known as Glupteba that was being distributed through fake ads. It also served itself as a distribution network for additional malware.

Malware

Malware Backups Internet Internet

NEW TECH: Data Theorem helps inventory sprawling APIs — as the first step to securing them

The Last Watchdog

MARCH 25, 2019

Without APIs there would be no cloud computing, no social media, no Internet of Things. If I go to a CSO and say, ‘We can secure your APIs,’ he’ll say, ‘Great, can you also find them for me?’ ” observed Dwivedi, Data Theorem’s founder. APIs are the glue that keeps digital transformation intact and steamrolling forward. Talk more soon.

Digital transformation

Digital transformation Software Data breaches Authentication

Q&A: Researchers find evidence of emerging market for stolen, spoofed machine identities

The Last Watchdog

APRIL 17, 2019

Hudson : The Government Accountability Office examined the Equifax breach. At the end of the day the CSO the CIO and the CEO all left the company. Machine identities are foundational in our digital transformation, because everything that’s going onto the Internet is all built on machines.

Marketing

Marketing Digital transformation CSO Internet

Camera tricks: Privacy concerns raised after massive surveillance cam breach

SC Magazine

MARCH 10, 2021

A hacking collective compromised roughly 150,000 internet-connected surveillance cameras from Verkada, Inc., Kottmann also reportedly even posted some of the videos on Twitter, which later deleted the hacker’s account and their offending tweets. Pictured: a Dome Series security camera from Verkada. What did Verkada do wrong?

Surveillance

Surveillance IoT Accountability Passwords

The Rise of an Overlooked Crime – Cyberstalking

Security Affairs

AUGUST 29, 2018

The internet has been a blessing since its inception. The very concept of globalization has come into existence just because of the internet. The internet brought with it plenty of benefits, but accompanying these benefits came some evils that were previously not known of. They do this by following you on the internet.

Identity Theft

Identity Theft Internet Internet Surveillance

Cyber Security Awareness and Risk Management

Spinone

DECEMBER 26, 2018

The contemporary world has witnessed the rise of the Internet and global communication, and collaboration technologies, including mobile data use and the culture of bring your own device [BYOD]. VoIP phishing and impersonation also victimized millions of corporate employees across the world , contributing to an even greater cyber threat.

Security Awareness

Security Awareness Risk Cyber threats Cyber Risk

Cyber Security Informer

Critical flaw in AI testing framework MLflow can lead to server and data compromise

GUEST ESSAY: Leveraging ‘zero trust’ and ‘remote access’ strategies to mitigate ransomware risks

Webinars

Trending Sources

Podcast Episode 113: SAP CSO Justin Somaini and Election Hacks – No Voting Machines Required!

Webinars

Facebook Removes Russia-based Internet Research Agency-Controlled Pages

LW ROUNDTABLE: Cybersecurity takeaways of 2023 — and what’s ahead in 2024 ( part 2)

Malware disguised as ChatGPT apps are being used to lure victims, Meta says

How API attacks work, and how to identify and prevent them

Resolving conflicts between security best practices and compliance mandates

An attacker was able to siphon audio feeds from multiple Clubhouse rooms

GAO warns government agencies: focus on IoT and OT within critical infrastructure

Task force proposes framework for combatting ransomware

VulnRecap 1/29/24 – Apple, Apache & VMware Under Attack

Office 365 phishing campaign that can bypass MFA targets 10,000 organizations

Minnesota Passes Data Privacy Law, Joining Growing State Movement

FBI: Victims lost nearly $7 billion to cybercrime in 2021

Cato Networks launches SSE system with customizable DLP capabilities

NIST's new cyber-resiliency guidance: 3 steps for getting started

Google disrupts major malware distribution network Glupteba

NEW TECH: Data Theorem helps inventory sprawling APIs — as the first step to securing them

Q&A: Researchers find evidence of emerging market for stolen, spoofed machine identities

Camera tricks: Privacy concerns raised after massive surveillance cam breach

The Rise of an Overlooked Crime – Cyberstalking

Cyber Security Awareness and Risk Management

Stay Connected