Schneier on Security

MAY 11, 2022

Georgetown has a new report on the highly secretive bulk surveillance activities of ICE in the US: When you think about government surveillance in the United States, you likely think of the National Security Agency or the FBI. You might even think of a powerful police agency, such as the New York Police Department. But unless you or someone you love has been targeted for deportation, you probably don’t immediately think of Immigration and Customs Enforcement (ICE).

Surveillance 290

Surveillance Government 290

Tech Republic Security

MAY 11, 2022

In our digital age, you need to protect your business against advanced fraud techniques. Here's how. The post Protecting payments in an era of deepfakes and advanced AI appeared first on TechRepublic.

218

218

Security Boulevard

MAY 11, 2022

With more people looking to cash in on hype surrounding the cryptocurrency market than ever before and an increasing digital workforce which may lack awareness of network security set-ups, cybercriminal activity remains rampant. Bitcoin’s enduring popularity and peak valuation in 2021 has only encouraged heists on crypto exchanges, the use of cryptomining malware, cryptocurrency-related scams , and malware targeting cryptocurrency wallets.

Scams 145

Scams Phishing Cryptocurrency Marketing 145

Tech Republic Security

MAY 11, 2022

Companies need one person in charge of creating a consistent user experience that is strong on safety and trust. The post Why you need to add a trust and safety officer to the leadership team appeared first on TechRepublic.

185

185

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Security Boulevard

MAY 11, 2022

It shouldn’t be news to anyone that people sharing information online are concerned about the safety of their data. Imperva recently conducted a study with YouGov plc regarding consumers’ attitudes towards data, whether they feel in control of their personal data, and if they trust the organizations tasked with protecting this sensitive information.

Cybersecurity 134

Cybersecurity Phishing 134

Malwarebytes

MAY 11, 2022

Microsoft has released patches for 74 security problems, including fixes for seven “critical” vulnerabilities, and an actively exploited zero-day vulnerability that affects all supported versions of Windows. First, we’ll look at the actively exploited zero-day. Then we’ll discuss two zero-days that are publicly disclosed, but so far no in the wild exploits have been reported.

Authentication 133

Authentication Internet Internet 133

Malwarebytes

MAY 11, 2022

Think of all the really common, very mundane things you search for of a tech nature. Drivers. Scanners. Printers. A broken photocopier. USB sticks not recognised. Activating a streaming service which refuses to play ball. Some of the above have many issues already with bogus search engine results and tech support scams. Streaming and other internet based viewing options have their own support related perils to contend with.

Scams 123

Scams Internet Internet Cryptocurrency 123

Zero Day

MAY 11, 2022

Here is a step-by-step guide to reducing your digital footprint online, whether you want to lock down data or vanish entirely.

Internet 145

Internet Internet 145

Security Boulevard

MAY 11, 2022

Nowadays cyber crimes are increasing day by day. Most criminals increased in the cyber field. every one adapting to technology. With the help of technology, cybercriminals are doing crimes effectively without caught by police. Identifying cybercriminals is a very complicated process and time taken and sometimes unable to trace. To secure organizations from these types […].

Technology 120

Technology 120

CSO Magazine

MAY 11, 2022

At its annual Summit event, Red Hat is rolling out new edge-computing features for the company’s well-known enterprise Linux distribution, and security features for its Advanced Cluster Security for Kubernetes platform.

119

119

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Security Boulevard

MAY 11, 2022

Exploring the industry-defining concepts of consolidation and Aggregation Theory within cybersecurity. The post An Intro to Consolidation and Aggregation in Cybersecurity appeared first on Security Boulevard.

Cybersecurity 120

Cybersecurity 120

CSO Magazine

MAY 11, 2022

As the fallout from the Apache Log4J vulnerabilities earlier this year shows, the biggest risks in enterprise software today are not necessarily with insecure code written directly by in-house software development teams. The flaws of the components, libraries and other open-source code that makes up the bulk of today’s software code bases are the underwater part of the insecurity iceberg.

Software 119

Software Architecture Engineering Risk 119

PCI perspectives

MAY 11, 2022

The Fintech market in India is rapidly growing and changing the entire ecosystem of the Indian banking system and the economy. On this blog we talk about payment security from the perspective of India with two leading Indian FinTech service providers – CRED and In Solution Global Pvt Ltd. Here we talk with Nitin Bhatnagar, Associate Director, India, PCI SSC, Himanshu Kumar Das, Head of Security, Risk & Compliance, CRED, and Adelia Castelino Co-founder Managing Director, In Solution Global Pv

Marketing 113

Marketing Cyber threats Banking Risk 113

Cisco Security

MAY 11, 2022

We have come a long way from making our first sourdough starter batch to exploring new hobbies — or in my case exhausting the Netflix library! We have craved human connection and insightful conversations. It was just over two years ago that we were together at the RSA Conference in San Francisco promising the next leap in cybersecurity with Cisco’s introduction of SecureX.

Firewall 113

Firewall Threat Detection Risk Engineering 113

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Bleeping Computer

MAY 11, 2022

HP has released BIOS updates today to fix two high-severity vulnerabilities affecting a wide range of PC and notebook products, which might allow arbitrary code execution. [.].

Firmware 112

Firmware 112

TrustArc

MAY 11, 2022

What's the Current State of the US Privacy Landscape? To develop an efficient compliance strategy, prioritize your efforts and address the most relevant nuances of the US privacy landscape in the following core areas.

111

111

CSO Magazine

MAY 11, 2022

A novel post-exploitation framework that allows the activity of its malicious actors to persist on their targets was exposed Wednesday by Crowdsrike's Falcon OverWatch threat hunters. Dubbed IceApple, the.NET-based framework has been observed since late 2021 in multiple victim environments in geographically diverse locations with targets spanning the technology, academic and government sectors, according to CrowdStrike’s report.

Internet 110

Internet Internet Government Technology 110

Bleeping Computer

MAY 11, 2022

Microsoft says multiple editions of Windows 10 20H2 and Windows 10 1909 have reached their end of service (EOS) on this month's Patch Tuesday, on May 10, 2022. [.].

110

110

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

CSO Magazine

MAY 11, 2022

Malware researchers warn about a stealthy backdoor program that has been used by a Chinese threat actor to compromise Linux servers at government and private organizations around the world. While the backdoor is not new and variants have been in use for the past five years, it has managed to fly under the radar and have very low detection rates. One reason for its success is that it leverages a feature called the Berkeley Packet Filter (BPF) on Unix-based systems to hide malicious traffic.

Threat Reports 108

Threat Reports Government Malware 108

Heimadal Security

MAY 11, 2022

If you’ve lately used Windows Print Spooler, here’s some bad news: you may have been hacked. Between July 2021 and April 2022, threat actors carried out nearly 65,000 cyberattacks through Windows’ Print Spooler application, according to a new analysis from cybersecurity firm Kaspersky. Furthermore, about half of the attacks (31,000) occurred in the first four […].

Hacking 104

Hacking Cybersecurity 104

CSO Magazine

MAY 11, 2022

ForgeRock, a global identity and access management company, has introduced ForgeRock Autonomous Access, a new application that uses AI to prevent identity-based cyberattacks and fraud. The application monitors login requests in real-time to block malicious attempts and add authentication steps for anomalous behavior, while streamlining access for authorized users.

Authentication 106

Authentication Accountability Risk 106

Security Boulevard

MAY 11, 2022

Award winning NextGen SIEM platform was crucial in empowering Salvation Army Australia achieve game-changing cybersecurity posture SINGAPORE – 12 May 2022 – LogRhythm, the company that helps busy and lean security operations teams save the day, has won the award…. The post LogRhythm’s partnership with Salvation Army Australia wins Best SIEM – Computer Software at the SBR Technology Excellence Awards 2022 appeared first on LogRhythm.

Technology 104

Technology Software Cybersecurity 104

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

Bleeping Computer

MAY 11, 2022

Windows 11 users are receiving 0xc0000135 errors when attempting to launch applications after installing the recent Windows 11 KB5013943 cumulative update. [.].

109

109

Google Security

MAY 11, 2022

Posted by Eugene Liderman and Sara N-Marandi, Android Security and Privacy Team Every year at I/O we share the latest on privacy and security features on Android. But we know some users like to go a level deeper in understanding how we’re making the latest release safer, and more private, while continuing to offer a seamless experience. So let’s dig into the tools we’re building to better secure your data, enhance your privacy and increase trust in the apps and experiences on your devices.

Mobile 101

Mobile Phishing Encryption Data privacy 101

Bleeping Computer

MAY 11, 2022

A new remote access trojan called Nerbian RAT has been discovered that includes a rich set of features, including the ability to evade detection and analysis by researchers. [.].

Malware 99

Malware 99

Google Security

MAY 11, 2022

Posted by Daniel Margolis, Software Engineer, Google Account Security Team Every year, security technologies improve: browsers get better , encryption becomes ubiquitous on the Web , authentication becomes stronger. But phishing persistently remains a threat (as shown by a recent phishing attack on the U.S. Department of Labor ) because users retain the ability to log into their online accounts, often with a simple password, from anywhere in the world.

Phishing 100

Phishing Scams Authentication Accountability 100

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Graham Cluley

MAY 11, 2022

Graham Cluley Security News is sponsored this week by the folks at Keeper Security. Thanks to the great team there for their support! The mass migration to distributed work has given IT and DevOps teams the new challenge of performing infrastructure monitoring and management remotely. IT and DevOps personnel need a secure, reliable, and scalable … Continue reading "Keeper Connection Manager: Privileged access to remote infrastructure with zero-trust and zero-knowledge security".

99

99

Bleeping Computer

MAY 11, 2022

Members of the Five Eyes (FVEY) intelligence alliance today warned managed service providers (MSPs) and their customers that they're increasingly targeted by supply chain attacks. [.].

Government 99

Government 99

Security Boulevard

MAY 11, 2022

Today, Sonatype announced “InnerSource Insight,” an industry-first capability within Nexus Lifecycle that makes it easier and safer for developers to use components developed by others within their organization. The post Take Control of Your InnerSource Components with InnerSource Insight appeared first on Security Boulevard.

98

98

CSO Magazine

MAY 11, 2022

It’s that time that I fill out the annual cyber insurance policy application. Each year it gives me an insight into what insurance vendors are using to rate the risks and threats to our business and what they are stressing I should have as best practices. Not having them in place could affect insurance rates and whether I qualify for cyber insurance at all.

Cyber Insurance 98

Cyber Insurance Insurance Ransomware Authentication 98

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.