Thu.May 18, 2023

article thumbnail

What is IBM Hybrid Cloud Mesh?

Tech Republic Security

Learn what the expanded cloud offerings mean for potentially smoothing out the line between DevOps and SecOps. The post What is IBM Hybrid Cloud Mesh? appeared first on TechRepublic.

article thumbnail

RSAC Fireside Chat: Deploying Hollywood-tested content protection to improve mobile app security

The Last Watchdog

Your go-to mobile apps aren’t nearly has hackproof as you might like to believe. Related: Fallout of T-Mobile hack Hackers of modest skill routinely bypass legacy security measures, even two-factor authentication, with techniques such as overlay attacks. And hard data shows instances of such breaches on the rise. I had an evocative conversation about this at RSA Conference 2023 with Asaf Ashkenazi , CEO of Verimatrix , a cybersecurity company headquartered in southern France.

Mobile 202
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Okta’s Security Center opens window to customer insights, including threats and friction

Tech Republic Security

The single sign-on market leader’s Security Center, now generally available, uses Okta Customer Identity Cloud for insights into authentication activity for insights into anomalies, threats and security friction. The post Okta’s Security Center opens window to customer insights, including threats and friction appeared first on TechRepublic.

Marketing 167
article thumbnail

Escalating China-Taiwan Tensions Fuel Alarming Surge in Cyber Attacks

The Hacker News

The rising geopolitical tensions between China and Taiwan in recent months have sparked a noticeable uptick in cyber attacks on the East Asian island country.

article thumbnail

How to Avoid Pitfalls In Automation: Keep Humans In the Loop

Speaker: Erroll Amacker

Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.

article thumbnail

How to scan container images with Docker Scout

Tech Republic Security

Jack Wallen demonstrates how to scan container images for vulnerabilities and dependencies with the new Docker Scout feature. The post How to scan container images with Docker Scout appeared first on TechRepublic.

article thumbnail

KeePass exploit helps retrieve cleartext master password, fix coming soon

Bleeping Computer

The popular KeePass password manager is vulnerable to extracting the master password from the application's memory, allowing attackers who compromise a device to retrieve the password even with the database is locked. [.

Passwords 144

LifeWorks

More Trending

article thumbnail

Hackers target vulnerable Wordpress Elementor plugin after PoC released

Bleeping Computer

Hackers are now actively probing for vulnerable Essential Addons for Elementor plugin versions on thousands of WordPress websites in massive Internet scans, attempting to exploit a critical account password reset flaw disclosed earlier in the month. [.

Passwords 138
article thumbnail

3 Ways Hackers Use ChatGPT to Cause Security Headaches

Dark Reading

As ChatGPT adoption grows, the industry needs to proceed with caution. Here's why.

136
136
article thumbnail

Apple fixes three new zero-days exploited to hack iPhones, Macs

Bleeping Computer

Apple has addressed three new zero-day vulnerabilities exploited in attacks to hack into iPhones, Macs, and iPads. [.

Hacking 133
article thumbnail

When ChatGPT Goes Phishing

Security Boulevard

ChatGPT has become a powerful tool for security professionals seeking to enrich their work. However, its widespread use has raised concerns about the potential for bad actors to misuse the technology. Experts are worried that ChatGPT’s ability to source recent data about an organization could make social engineering and phishing attacks more effective than ever.

Phishing 130
article thumbnail

Why Giant Content Libraries Do Nothing for Your Employees’ Cyber Resilience

Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.

article thumbnail

KeePass Vulnerability Imperils Master Passwords

Dark Reading

A newly discovered bug in the open source password manager, if exploited, lets attackers retrieve a target's master password — and proof-of-concept code is available.

Passwords 127
article thumbnail

Cybercrime gang pre-infects millions of Android devices with malware

Bleeping Computer

A cybercriminal tracked as the "Lemon Group" has been infecting millions of Android-based smartphones, watches, TVs, and TV boxes, with a malware strain named 'Guerilla.' [.

Malware 123
article thumbnail

25 Years Later: Reflecting on L0pht’s 1998 Congress Testimonial and the Evolution of Cybersecurity

Veracode Security

I look back on L0pht’s testimony before Congress in 1998 with a mix of pride and reflection. It’s been twenty-five years since our group of hackers (or vulnerability researchers, if you will) stepped up to raise awareness about the importance of internet security in front of some of the world’s most powerful lawmakers. This event marked the beginning of a long journey towards increased cybersecurity awareness and implementation of measures to protect our digital world.

article thumbnail

Once Again, Malware Discovered Hidden in npm

Dark Reading

Turkorat-poisoned packages sat in the npm development library for months, researchers say.

Malware 120
article thumbnail

Zero Trust Mandate: The Realities, Requirements and Roadmap

The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.

article thumbnail

Rust-Based Info Stealers Abuse GitHub Codespaces

Trend Micro

This is the first part of our security analysis of an information stealer targeting GitHub Codespaces (CS) that discusses how attackers can abuse these cloud services for a variety of malicious activities.

article thumbnail

Trojan-Rigged Phishing Attacks Pepper China-Taiwan Conflict

Dark Reading

Plug X and other information-stealing remote-access Trojans are among the malware targeting networking, manufacturing, and logistics companies in Taiwan.

Phishing 119
article thumbnail

Beware of ChatGPT and Midjourney imposters

CyberSecurity Insiders

To all those who are eagerly searching for ChatGPT login and Midjourney web pages, here’s an alert that needs your immediate attention. A threat actor named BatLoader has started a campaign of hosting fake ChatGPT and Midjourney webpages on Google ads. So, next time when you search for the said web portals, be sure of what you’re clicking on and do not input your login credentials blindly!

Malware 119
article thumbnail

S3 Ep135: Sysadmin by day, extortionist by night

Naked Security

Laugh (sufficiently), learn (efficiently), and then let us know what you think in our comments (anonymously, if you wish).

115
115
article thumbnail

Next-Level Fraud Prevention: Strategies for Today’s Threat Landscape

Speaker: Sierre Lindgren

Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.

article thumbnail

Eight Steps to Take Toward PCI DSS v4.0

PCI perspectives

The clock is ticking on PCI DSS v3.2.1. On 31 March 2024, PCI DSS v3.2.1 will be retired, making the transition to PCI DSS v4.0 essential for organizations involved in payment data security. To help with this transition, PCI SSC has identified eight steps you should take on your journey to PCI DSS v4.0.

115
115
article thumbnail

5 useful search engines for internet?connected devices and services

We Live Security

A roundup of some of the handiest tools that security professionals can use to search for and monitor devices that are accessible from the internet The post 5 useful search engines for internet‑connected devices and services appeared first on WeLiveSecurity

Internet 115
article thumbnail

WebKit Under Attack: Apple Issues Emergency Patches for 3 New Zero-Day Vulnerabilities

The Hacker News

Apple on Thursday rolled out security updates to iOS, iPadOS, macOS, tvOS, watchOS, and the Safari web browser to address three new zero-day flaws that it said are being actively exploited in the wild. The three security shortcomings are listed below - CVE-2023-32409 - A WebKit flaw that could be exploited by a malicious actor to break out of the Web Content sandbox.

114
114
article thumbnail

10 Types of AI Attacks CISOs Should Track

Dark Reading

Risk from artificial intelligence vectors presents a growing concern among security professionals in 2023.

article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Searching for AI Tools? Watch Out for Rogue Sites Distributing RedLine Malware

The Hacker News

Malicious Google Search ads for generative AI services like OpenAI ChatGPT and Midjourney are being used to direct users to sketchy websites as part of a BATLOADER campaign designed to deliver RedLine Stealer malware. "Both AI services are extremely popular but lack first-party standalone apps (i.e.

Malware 113
article thumbnail

Apple’s secret is out: 3 zero-days fixed, so be sure to patch now!

Naked Security

All Apple users have zero-days that need patching, though some have more zero-days than others.

111
111
article thumbnail

Organizations reporting cyber resilience are hardly resilient: Study

CSO Magazine

While most organizations have a cyber resilience program in place, more than half of them lack a comprehensive approach to assessing resilience, according to a study by Immersive Labs. The study aimed at understanding business preparedness amidst growing incidents found a strong intent to strengthen cybersecurity capabilities driven by external threats.

article thumbnail

Microsoft VMs hijacked in cloud Cyber Attack

CyberSecurity Insiders

A threat actor with a history of targeting Microsoft servers has recently gained control over virtual machines (VMs) and installed third-party remote management software within clients’ cloud environments. The Mandiant Intelligence team has identified this actor, known as UNC3844, evading security software detections on Azure cloud platforms. Their primary objective is to exploit cloud storage spaces, steal valuable data for financial gain, and potentially threaten victims through data ext

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

“VAPT: The Shield Your Organization Needs Against Cyber Threats”

Security Boulevard

Introduction Making sure our internet systems and data are secure has become crucial in today’s digital world, as technology is ingrained in every part of our lives. Organizations of all sizes are frequently vulnerable to a variety of cyber dangers. A thorough strategy that incorporates Vulnerability Assessment and Penetration Testing (VAPT) is essential for reducing […] The post “VAPT: The Shield Your Organization Needs Against Cyber Threats” appeared first on Kratikal Blogs.

article thumbnail

This Cybercrime Syndicate Pre-Infected Over 8.9 Million Android Phones Worldwide

The Hacker News

A cybercrime enterprise known as Lemon Group is leveraging millions of pre-infected Android smartphones worldwide to carry out their malicious operations, posing significant supply chain risks.

article thumbnail

The Vital Importance of Cybersecurity for Profit-Making Organizations

CyberSecurity Insiders

In today’s digital age, profit-making organizations across industries are increasingly reliant on technology and the internet to conduct their operations. While this technological advancement brings numerous benefits, it also exposes businesses to various cybersecurity risks. Protecting sensitive data, customer information, financial records, and intellectual property has become a critical priority.

article thumbnail

Phishing Attacks Shift to IT, Online Services-Related Campaigns 

Security Boulevard

More IT and online services-related email subjects are being used as a phishing lure, as phishing emails continue to be one of the most common methods to perpetuate malicious attacks on organizations worldwide. These were among the key findings of KnowBe4’s latest phishing report, which also found tax-related email subjects became more popular as the.

Phishing 104
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!