Tech Republic Security
MAY 27, 2022
The world of cybersecurity is constantly changing. Improve your DevSecOps knowledge with these critical concepts. The post DevSecOps glossary: 24 terms security professionals need to know appeared first on TechRepublic.
Security Affairs
MAY 27, 2022
Microsoft found several high-severity vulnerabilities in a mobile framework used in pre-installed Android System apps. The Microsoft 365 Defender Research Team discovered four vulnerabilities ( CVE-2021-42598 , CVE-2021-42599 , CVE-2021-42600 , and CVE-2021-42601 ) in a mobile framework, owned by mce Systems , that is used by several mobile carriers in pre-installed Android System apps.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Tech Republic Security
MAY 27, 2022
Only 104 critical vulnerabilities were reported in 2021, an all-time low for the world’s largest software company. The post Critical Microsoft vulnerabilities decreased 47% in 2021 appeared first on TechRepublic.
Security Affairs
MAY 27, 2022
Security researchers devised a technique, dubbed GhostTouch, to remotely control touchscreens using electromagnetic signals. A team of researchers from Zhejiang University and Technical University of Darmstadt devised a technique, dubbed GhostTouch, to remotely control capacitive touchscreens using electromagnetic signals. According to the experts, GhostTouch is the first active contactless attack against capacitive touchscreens.
Speaker: Erroll Amacker
Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.
Tech Republic Security
MAY 27, 2022
Cryptocurrency exchanges allow the transfer of crypto between buyers and sellers. Learn about the top crypto exchange options. The post Best cryptocurrency exchanges of 2022 appeared first on TechRepublic.
Security Affairs
MAY 27, 2022
A new version of the ERMAC Android banking trojan is able to target an increased number of apps. The ERMAC Android banking trojan version 2.0 can target an increasing number of applications, passing from 378 to 467 target applications to steal account credentials and crypto-wallets. ERMAC was first spotted by researchers from Threatfabric in July 2021, it is based on the popular banking trojan Cerberus.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
|
Security Affairs
MAY 27, 2022
The FBI warns organizations in the higher education sector of credentials sold on cybercrime forums that can allow threat actors to access their networks. The FBI issued an alert to inform the higher education sector about the availability of login credentials on dark web forums that can be used by threat actors to launch attacks against individuals and organizations in the industry.
The Hacker News
MAY 27, 2022
Researchers have demonstrated what they call the "first active contactless attack against capacitive touchscreens." GhostTouch, as it's called, "uses electromagnetic interference (EMI) to inject fake touch points into a touchscreen without the need to physically touch it," a group of academics from Zhejiang University and Technical University of Darmstadt said in a new research paper.
We Live Security
MAY 27, 2022
New and exacerbated cyber-risks following Russia’s invasion of Ukraine are fueling a new urgency towards enhancing resilience. The post Cybersecurity: A global problem that requires a global answer appeared first on WeLiveSecurity.
The Hacker News
MAY 27, 2022
Cloud-based repository hosting service GitHub on Friday shared additional details into the theft of GitHub integration OAuth tokens last month, noting that the attacker was able to access internal NPM data and its customer information.
Advertisement
Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.
Bleeping Computer
MAY 27, 2022
Microsoft has announced that it will force enable stricter secure default settings known as 'security defaults' on all existing Azure Active Directory (Azure AD) tenants starting in late June 2022. [.].
We Live Security
MAY 27, 2022
As with everything digital, there's someone, somewhere devising a method to steal the assets away from their rightful owners. The post Scams targeting NFT investors – Week in security with Tony Anscombe appeared first on WeLiveSecurity.
The Hacker News
MAY 27, 2022
Today's modern companies are built on data, which now resides across countless cloud apps. Therefore preventing data loss is essential to your success. This is especially critical for mitigating against rising ransomware attacks — a threat that 57% of security leaders expect to be compromised by within the next year. As organizations continue to evolve, in turn so does ransomware.
Dark Reading
MAY 27, 2022
The malware’s abuse of PowerShell makes it more dangerous, allowing for more advanced attacks such as ransomware, fileless malware, and malicious code memory injections.
Advertisement
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
Bleeping Computer
MAY 27, 2022
GitHub revealed today that an attacker stole the login details of roughly 100,000 npm accounts during a mid-April security breach with the help of stolen OAuth app tokens issued to Heroku and Travis-CI. [.].
Dark Reading
MAY 27, 2022
The Chaos ransomware-builder was known for creating destructor malware that overwrote files and made them unrecoverable -- but the new Yashma version finally generates binaries that can encrypt files of all sizes.
eSecurity Planet
MAY 27, 2022
Open source software libraries are frequent targets of hackers, who see them as an attractive path for stealing credentials and distributing malware. Hundreds of thousands of software projects depend on these open source packages – and each of these dependencies has its own dependencies, a complex web that some call “ dependency hell ” – so hackers know that any new version they successfully compromise will be downloaded by countless developers when they run npm, composer
Security Boulevard
MAY 27, 2022
We all know that cyberthreats have become more frequent, stealthier and more sophisticated. What’s more, the traditional, reactive approach to detecting threats by hunting indicators of compromise (IoCs) using markers like IP addresses, domains and file hashes is quickly becoming outdated—threats are only detected once a compromise is achieved and attackers are readily able to.
Speaker: Sierre Lindgren
Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.
SecureList
MAY 27, 2022
IT threat evolution in Q1 2022. IT threat evolution in Q1 2022. Non-mobile statistics. IT threat evolution in Q1 2022. Mobile statistics. Targeted attacks. MoonBounce: the dark side of UEFI firmware. Late last year, we became aware of a UEFI firmware-level compromise through logs from our firmware scanner (integrated into Kaspersky products at the start of 2019).
Heimadal Security
MAY 27, 2022
Zyxel is a trademark name that is used by both Zyxel Communications Corp. and Zyxel Networks, two companies that are involved in the production of networking equipment as well as the provision of services to communications service providers. Zyxel firms have their headquarters in Hsinchu, Taiwan, with branch offices all around the world, including in […].
SecureList
MAY 27, 2022
IT threat evolution in Q1 2022. IT threat evolution in Q1 2022. Non-mobile statistics. IT threat evolution in Q1 2022. Mobile statistics. These statistics are based on detection verdicts of Kaspersky products received from users who consented to providing statistical data. Quarterly figures. According to Kaspersky Security Network, in Q1 2022: 6,463,414 mobile malware, adware and riskware attacks were blocked.
Dark Reading
MAY 27, 2022
Space Force's Delta 6 cyber-defense group adds squadrons, updates legacy Satellite Control Network.
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
CyberSecurity Insiders
MAY 27, 2022
UK populace should know about a phishing scam that is taking place in the name of the Office of Gas and Electronics Markets, aka Ofgem. As hackers are sending Ofgem emails claiming to give rebates on the monthly bill and diverting them to a fake website that asks for bank account details for a reimbursement to be disbursed later. In reality, Ofgem is not sending such emails to any of the populace and has termed such scams as minting platforms to steal sensitive information.
CSO Magazine
MAY 27, 2022
It is a common refrain among senior folks in enterprise cybersecurity: “We have to learn to align with the business.” Unfortunately, it seems like we spend most of our time trying to get the business to “align with cybersecurity” and become frustrated when they don’t or can’t. Part of the reason is that we often don’t want to (or can’t) speak like the business.
Heimadal Security
MAY 27, 2022
Heimdal™ returns with the May edition of our threat hunting journal. As you might have expected, king trojan reigns unhindered with over 16,000 positive detections. There are a couple of newcomers, some of which may give our uncrowned monarch a run for his money. Stick around for more information and goodies. Enjoy! Top Malware(s) Detections: […].
Bleeping Computer
MAY 27, 2022
Austrian federal state Carinthia has been hit by the BlackCat ransomware gang, also known as ALPHV, who demanded a $5 million to unlock the encrypted computer systems. [.].
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Dark Reading
MAY 27, 2022
Organizations must ensure their kubelets and related APIs aren’t inadvertently exposed or lack proper access control, offering an easy access point for malicious actors.
Bleeping Computer
MAY 27, 2022
Cybercriminals are offering to sell for thousands of U.S. dollars network access credentials for higher education institutions based in the United States. [.].
Naked Security
MAY 27, 2022
Latest episode - listen now!
Security Boulevard
MAY 27, 2022
Unlike any other time in history, the past decade has shown us the power of technology to transform our working and personal lives. Technology-enabled shopping, banking and working from any location made the restrictions from COVID-19 more manageable. We are also getting a hint of the power that big data, AI and machine learning will. The post Making the Metaverse Safe For Everyone appeared first on Security Boulevard.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Expert insights. Personalized for you.
215 
Let's personalize your content