Schneier on Security

MAY 25, 2022

Yet another adversarial ML attack: Most deep neural networks are trained by stochastic gradient descent. Now “stochastic” is a fancy Greek word for “random”; it means that the training data are fed into the model in random order. So what happens if the bad guys can cause the order to be not random? You guessed it— all bets are off. Suppose for example a company or a country wanted to have a credit-scoring system that’s secretly sexist, but still be able to pretend that its training was act

Engineering 357

Engineering 357

The Last Watchdog

MAY 25, 2022

According to recent data from Oracle and KPMG, organizations today employ over 100 cybersecurity products to secure their environments. These products play essential roles in detecting and preventing threats. Related: Taking a ‘risk-base’ approach to security compliance. However, because they generate thousands of alerts every day , this vast sprawl of security sources adds even more work to already over-stretched security teams.

Digital transformation 222

Digital transformation Threat Detection Architecture Cybersecurity 222

Tech Republic Security

MAY 25, 2022

Starting from scratch or maturing a cyber threat intelligence capability is a task that needs several different people with very different skills and competencies. Read more on what competencies can build and make CTI capability a success. The post How to develop competency in cyber threat intelligence capabilities appeared first on TechRepublic.

Cyber threats 206

Cyber threats 206

Security Affairs

MAY 25, 2022

US Critical Infrastructure Security Agency (CISA) adds 41 new vulnerabilities to its Known Exploited Vulnerabilities Catalog. The Cybersecurity & Infrastructure Security Agency (CISA) has added 41 flaws to its Known Exploited Vulnerabilities Catalog, including recently addressed issues in the Android kernel ( CVE-2021-1048 and CVE-2021-0920) and Cisco IOS XR ( CVE-2022-20821 ).

Software 145

Software Hacking Cybersecurity Risk 145

Speaker: Erroll Amacker

Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.

Risk

Tech Republic Security

MAY 25, 2022

Cybersecurity company Akamai has found one of their clients has suffered a DDoS attack at the hands of a group claiming to be REvil. The post Is REvil having a resurgence, or is there a copycat hacking group? appeared first on TechRepublic.

Hacking 174

Hacking DDOS Cybersecurity 174

Cisco Security

MAY 25, 2022

At Cisco Duo, we continually strive to enhance our products to make it easy for security practitioners to apply access policies based on the principles of zero trust. This blog highlights how Duo is achieving that goal by simplifying user and administrator experience and supporting data sovereignty requirements for customers around the world. Read on to get an overview of what we have been delivering to our customers in those areas in the past few months.

Authentication 145

Authentication Passwords Data privacy Mobile 145

Bleeping Computer

MAY 25, 2022

The Federal Trade Commission has fined Twitter $150 million for using phone numbers and email addresses collected to enable two-factor authentication for targeted advertising. [.].

Advertising 144

Advertising Authentication Technology 144

Security Affairs

MAY 25, 2022

The Nigeria Police Force has arrested the suspected leader of the SilverTerrier cybercrime group as a result of an international operation. The Nigeria Police Force has arrested the suspected leader of the SilverTerrier cybercrime gang (aka TMT ) after a year-long investigation codenamed “Operation Delilah.” SilverTerrier has been active since at least 2014 and focuses on BEC attacks, it is a collective of over hundreds of individual threat actors.

Cybercrime 144

Cybercrime Healthcare Cybersecurity Phishing 144

We Live Security

MAY 25, 2022

The landmark regulation changed everyone’s mindset on how companies worldwide collect and use the personal data of EU citizens. The post 5 reasons why GDPR was a milestone for data protection appeared first on WeLiveSecurity.

144

144

Malwarebytes

MAY 25, 2022

Microsoft says it’s recorded a massive increase in XorDDoS activity (254 percent) in the last six months. XorDDoS, a Linux Trojan known for its modularity and stealth, was first discovered in 2014 by the white hat research group, MalwareMustDie (MMD). MMD believed the Linux Trojan originated in China. Based on a case study in 2015 , Akamai strengthened the theory that the malware may be of Asian origin based on its targets.

Malware 143

Malware IoT DDOS DNS 143

Advertisement

Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.

Cyber threats

Cisco Security

MAY 25, 2022

Sometimes in order to move forward effectively, it’s good to take stock of where we’ve been. In this blog, we’ll review a concept that has been foundational to networking and cybersecurity from the beginning: the session. Why focus on the session? As the philosophy of Zero Trust is adopted more broadly in the security industry, it’s important to understand the building blocks of access.

Authentication 143

Authentication Internet Internet Architecture 143

Bleeping Computer

MAY 25, 2022

A new ransomware named 'Cheers' has appeared in the cybercrime space and has started its operations by targeting vulnerable VMware ESXi servers. [.].

Ransomware 141

Ransomware Cybercrime 141

eSecurity Planet

MAY 25, 2022

Encryption and the development of cryptography have been a cornerstone of IT security for decades and remain critical for data protection against evolving threats. While cryptology is thousands of years old, modern cryptography took off in the 1970s with the help of the Diffie-Hellman-Merkle and RSA encryption algorithms. As networks evolved and organizations adopted internet communications for critical business processes, these cryptographic systems became essential for protecting data.

Encryption 138

Encryption Computers and Electronics Password Management Passwords 138

CSO Magazine

MAY 25, 2022

The Chaos ransomware builder started out last year as a buggy and unconvincing impersonation of the notorious Ryuk ransomware kit. It has since gone through active development and rapid improvements that have convinced different attacker groups to adopt it. The latest version, dubbed Yashma, was first observed in the wild in mid-May and contains several enhancements.

Ransomware 137

Ransomware Malware 137

Advertisement

The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.

Cybersecurity

Bleeping Computer

MAY 25, 2022

Tails developers have warned users to stop using the portable Debian-based Linux distro until the next release if they're entering or accessing sensitive information using the bundled Tor Browser application. [.].

134

134

Security Affairs

MAY 25, 2022

An unknown APT group is targeting Russian government entities since the beginning of the Russian invasion of Ukraine. Researchers from Malwarebytes observed an unknown Advanced Persistent Threat (APT) group targeting Russian government entities with at least four separate spear-phishing campaigns since the beginning of the Russian invasion of Ukraine.

Government 133

Government Malware Phishing Hacking 133

Security Boulevard

MAY 25, 2022

Popular Python package compromised: Don’t ‘Blindly Trust Open Source’. brooke.crothers. Wed, 05/25/2022 - 17:24. 13 views. Python package compromise. The Python package ctx, which averages over 20,000 downloads per week, was compromised on the Python Package Index (PyPI), according to both forum and social media posts and a bevy of news reports. . “When we browse the release history tab, we can see various versions of ctx uploaded within the past few days,” the SANS Institute said on May 24.

Software 131

Software Media Accountability Risk 131

Bleeping Computer

MAY 25, 2022

The ChromeLoader malware is seeing an uptick in detections this month, following a relatively stable operation volume since the start of the year, which means that the malvertiser is now becoming a widespread threat. [.].

Malware 130

Malware 130

Speaker: Sierre Lindgren

Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.

Scams

Heimadal Security

MAY 25, 2022

Managing supply chain risk is critical for any company. But why, you may ask. What kinds of risks should be managed? Read on and find out everything you need to know about supply chain risk management. What Is Supply Chain Risk Management (SCRM)? Supply Chain Risk Management (SCRM) is a systematic approach to identifying and […]. The post Supply Chain Risk Management (SCRM) Explained appeared first on Heimdal Security Blog.

Risk 130

Risk Cybersecurity 130

The Hacker News

MAY 25, 2022

A group of academics has devised a system that can be used on a phone or a laptop to identify and locate Wi-Fi-connected hidden IoT devices in unfamiliar physical spaces. With hidden cameras being increasingly used to snoop on individuals in hotel rooms and Airbnbs, the goal is to be able to pinpoint such rogue devices without much of a hassle.

IoT 129

IoT 129

CSO Magazine

MAY 25, 2022

The total number of Microsoft vulnerabilities reported in 2021 dropped by 5%, reversing a five-year trend that saw such vulnerabilities rising sharply, according to a new report from identity management and security vendor BeyondTrust. A total of 1,212 new vulnerabilities were discovered in 2021, but their severity, as well as their location in the Microsoft family of software products, has changed substantially year over year.

Internet 129

Internet Internet Software 129

The Hacker News

MAY 25, 2022

Malicious actors can gain unauthorized access to users' online accounts via a new technique called "account pre-hijacking," new research has found. The attack takes aim at the account creation process that's ubiquitous in websites and other online platforms, enabling an adversary to perform a set of actions before an unsuspecting victim creates an account in a target service.

Accountability 128

Accountability 128

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

SecureList

MAY 25, 2022

Introduction. The recent story about the 19-year-old hacker who took control of several dozen Tesla cars has become something of a sensation. We already know that there was an issue with a third-party app that enabled access to data from Teslas. This made it possible for the security researcher to lock and unlock the cars, turn the lights on and off, and even enable keyless driving.

Mobile 127

Mobile B2B Manufacturing Passwords 127

CSO Magazine

MAY 25, 2022

In early December 2021, enterprise security teams around the world went on high alert because of a string of vulnerabilities in an open-source Java component, Log4j, that is used in millions of applications. The incident prompted warnings from CISA and other national CERTs and led to renewed discussion about security and the open-source software ecosystem and how developers consume and track their use of open-source components.

CSO 127

CSO Risk Software Government 127

SecureList

MAY 25, 2022

The Verizon 2022 Data Breach Investigations Report is out. We are proud to collaborate as a supporting contributor to this year’s data efforts once again and to have contributed for the past 8 years. The report provides interesting analysis of a full amount of global incident data. Several things stand out in the 2022 report: Ransomware challenges continue to mount — “Ransomware’s heyday continues, and is present in almost 70% of malware breaches this year.” Social engine

Social Engineering 122

Social Engineering Cybercrime Ransomware IoT 122

Security Boulevard

MAY 25, 2022

Guest Blog Post by Bryan Littlefair, CEO Cambridge Cyber Advisers former Global CISO of Vodafone. The post Moving From ‘the log dustbin’ to Effective Security Operations appeared first on Gurucul. The post Moving From ‘the log dustbin’ to Effective Security Operations appeared first on Security Boulevard.

CISO 122

CISO Risk Government 122

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

The Hacker News

MAY 25, 2022

If one word could sum up the 2021 infosecurity year (well, actually three), it would be these: "supply chain attack". A software supply chain attack happens when hackers manipulate the code in third-party software components to compromise the 'downstream' applications that use them.

Software 119

Software 119

CSO Magazine

MAY 25, 2022

During the past decade, the push-pull between security and developers led many organizations to build security earlier in the app development lifecycle. This new approach focuses on finding and remediating vulnerabilities earlier. Development teams want to build applications quickly. But that often puts them at odds with the need for testing. Developers might code up to the last minute, leaving almost no time to find and fix vulnerabilities before deadlines.

117

117

Security Boulevard

MAY 25, 2022

We all use email all day long. No matter what industry you’re in or where you are working around the globe, you’re more than likely using email to communicate, work and socialize. Most of us check our email multiple times a day – the average is eleven times per hour! If you’re like me, which […]. The post 10 Reasons Why Email Protection is Critical in 2022 first appeared on SlashNext.

116

116

CSO Magazine

MAY 25, 2022

Computer vision cybersecurity startup PIXM has expanded its line of antiphishing products with the launch of PIXM Mobile, a solution to protect individuals and enterprises from targeted and unknown phishing attacks on mobile devices. The cloud-based mobile product is aimed at identifying phishing attacks on mobile devices in real time, as a user clicks on a malicious link, using computer vision technology.

Mobile 115

Mobile Phishing Media Technology 115

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!