Schneier on Security

JULY 12, 2023

No surprise, but Google just changed its privacy policy to reflect broader uses of all the surveillance data it has captured over the years: Research and development : Google uses information to improve our services and to develop new products, features and technologies that benefit our users and the public. For example, we use publicly available information to help train Google’s AI models and build products and features like Google Translate, Bard, and Cloud AI capabilities.

Surveillance 246

Surveillance Technology Data collection Artificial Intelligence 246

The Last Watchdog

JULY 12, 2023

Tel Aviv, Israel– July 12, 2023 – Oxeye , the provider of an award-winning cloud-native application security platform, has uncovered two critical security vulnerabilities and recommending immediate action be taken to mitigate risk. The vulnerabilities were discovered in Owncast ( CVE-2023-3188 ) and EaseProbe ( CVE-2023-33967), two open-source platforms written in Go.

Risk 186

Risk Engineering Authentication Accountability 186

Tech Republic Security

JULY 12, 2023

Developing and implementing both preventive security protocols and effective response plans is complicated and requires a security architect with a clear vision. This hiring kit from TechRepublic Premium provides a workable framework you can use to find the best candidate for your organization. From the hiring kit: DETERMINING FACTORS, DESIRABLE PERSONALITY TRAITS AND SKILLSETS Depending.

152

152

The Last Watchdog

JULY 12, 2023

Toronto, Canada, July 12, 2023 – Asigra Inc., a leader in ultra-secure backup and recovery, is tackling the pressing data protection and security challenges faced by organizations utilizing the thousands of Software as a Service (SaaS) applications on the market today. Because of the increasing adoption of SaaS and the potential data recovery challenges they bring, Asigra is highlighting five major data protection challenges threatening SaaS application data, as well as the need for compr

Backups 183

Backups Marketing Threat Detection Ransomware 183

Speaker: Erroll Amacker

Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.

Risk

We Live Security

JULY 12, 2023

A story of how an analysis of a supposed game cheat turned into the discovery of a powerful UEFI threat The post ESET Research Podcast: Finding the mythical BlackLotus bootkit appeared first on WeLiveSecurity

98

98

Heimadal Security

JULY 12, 2023

Over the past couple of years, increasingly more sysadmins have abandoned the more “traditional”, hands-on, approach to access and identity management in favor of IAG (Identity and Access Governance). The switch from a hand-on approach to IAG means much more than taking advantage of emerging technologies; one would call it an authentic epistemological shift; an […] The post Access Governance Strategy and Technology: How to Plan It Well appeared first on Heimdal Security Blog.

Technology 98

Technology Government Authentication 98

eSecurity Planet

JULY 12, 2023

Microsoft’s Patch Tuesday for July 2023 includes nine critical flaws, and five are actively being exploited. Notably, one of those five remains unpatched at this point. “While some Patch Tuesdays focus on fixes for minor bugs or issues with features, these patches almost purely focus on security-related issues,” Cloud Range vice president of technology Tom Marsland said by email. “They should be pushed to vulnerable machines immediately.” The July 2023 fixes include

Encryption 98

Encryption Accountability VPN Engineering 98

Security Affairs

JULY 12, 2023

Citrix fixed a critical flaw affecting the Secure Access client for Ubuntu that could be exploited to achieve remote code execution. Citrix addressed a critical vulnerability, tracked as CVE-2023-24492 (CVSS score of 9.6), affecting the Secure Access client for Ubuntu that could be exploited to achieve remote code execution. An attacker can trigger the vulnerability by tricking the victim into opening a specially crafted link and accepting further prompts.

Hacking 98

Hacking Cybercrime Information Security 98

Trend Micro

JULY 12, 2023

An analysis of advanced persistent threat (APT) group Red Menshen’s different variants of backdoor BPFDoor as it evolves since it was first documented in 2021.

Cyber threats 98

Cyber threats IoT Malware 98

The Hacker News

JULY 12, 2023

A new fileless attack dubbed PyLoose has been observed striking cloud workloads with the goal of delivering a cryptocurrency miner, new findings from Wiz reveal. "The attack consists of Python code that loads an XMRig Miner directly into memory using memfd, a known Linux fileless technique," security researchers Avigayil Mechtinger, Oren Ofer, and Itamar Gilad said.

Cryptocurrency 98

Cryptocurrency 98

Advertisement

Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.

Cyber threats

Security Affairs

JULY 12, 2023

Fortinet warns of a critical vulnerability impacting FortiOS and FortiProxy that can allow remote attackers to perform arbitrary code execution. Fortinet has disclosed a critical vulnerability, tracked as CVE-2023-33308 (CVSS score 9.8), that impacts FortiOS and FortiProxy. A remote attacker can exploit the vulnerability to perform arbitrary code execution on vulnerable devices.

Firewall 98

Firewall Hacking Information Security 98

The Hacker News

JULY 12, 2023

Ransomware has emerged as the only cryptocurrency-based crime to grow in 2023, with cybercriminals extorting nearly $175.8 million more than they did a year ago, according to findings from Chainalysis. "Ransomware attackers are on pace for their second-biggest year ever, having extorted at least $449.

Ransomware 98

Ransomware Cryptocurrency 98

Security Boulevard

JULY 12, 2023

Complexity is the enemy of security. Akamai’s Steve Winterfeld explains what to do to combat complexity in cybersecurity. The post Cybersecurity Needs to Mitigate Complexity appeared first on Security Boulevard.

Cybersecurity 98

Cybersecurity CISO Risk Government 98

eSecurity Planet

JULY 12, 2023

Cloud security posture management (CSPM) tools continuously monitor, identify, score, and remediate security and compliance concerns across cloud infrastructures as soon as problems arise. CSPM is increasingly being combined with cloud workload protection platforms (CWPP) and cloud infrastructure entitlement management (CIEM) as part of comprehensive cloud-native application protection platforms (CNAPP) ; however, cloud security posture management’s ability to detect and remediate cloud mi

Threat Detection 98

Threat Detection Risk Software Government 98

Advertisement

The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.

Cybersecurity

Heimadal Security

JULY 12, 2023

HCA Healthcare, one of the largest health companies in the USA, announced on July 10th it was the target of a huge data breach. The cyberattack impacted 1,038 hospitals and physician clinics across 20 states. All in all, 11 million patients in 20 states, including California, Florida, Georgia, and Texas had their personal data stolen. […] The post 11 Million Patients` Data Stolen in HCA Healthcare Data Breach appeared first on Heimdal Security Blog.

Data breaches 98

Data breaches Healthcare Cybersecurity 98

Security Boulevard

JULY 12, 2023

NETSCOUT Systems is is dynamically applying machine learning algorithms to combat distributed denial-of-service (DDoS) attacks. The post NETSCOUT Uses Machine Learning to Help Thwart DDoS Attacks appeared first on Security Boulevard.

DDOS 98

DDOS Cybersecurity Network Security 98

Malwarebytes

JULY 12, 2023

An unpatched zero-day vulnerability is currently being abused in the wild , targeting those with an interest in Ukraine. Microsoft reports that CVE-2023-36884 is tied to reports of: …a series of remote code execution vulnerabilities impacting Windows and Office products. Microsoft is aware of targeted attacks that attempt to exploit these vulnerabilities by using specially-crafted Microsoft Office documents.

Telecommunications 98

Telecommunications Phishing Software Government 98

Security Affairs

JULY 12, 2023

Microsoft announced it has mitigated a cyber attack by a China-linked threat actor, tracked as Storm-0558, which targeted customer emails. Microsoft announced it has mitigated an attack conducted by a China-linked threat actor, tracked as Storm-0558, which targeted customer emails. Storm-0558 threat actors focus on government agencies in Western Europe and were observed conducting cyberespionage, data theft, and credential access attacks.

Authentication 98

Authentication Accountability Government Cyber Attacks 98

Speaker: Sierre Lindgren

Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.

Scams

The Hacker News

JULY 12, 2023

Cybersecurity researchers have unearthed a novel rootkit signed by Microsoft that's engineered to communicate with an actor-controlled attack infrastructure. Trend Micro has attributed the activity cluster to the same actor that was previously identified as behind the FiveSys rootkit, which came to light in October 2021.

Engineering 98

Engineering Cybersecurity 98

Duo's Security Blog

JULY 12, 2023

Applications have grown in variety and adoption for over two decades. SaaS (Software-as-a-Service) adoption is skyrocketing. It is estimated that by 2025, 85% of business apps will be SaaS-based. As a technology marketing professional, I use at least 20 applications every day - SaaS/cloud applications and on-premises apps - including email, web-browser based, chat/collaboration, corporate internal apps including Intranet, and mobile apps.

Mobile 98

Mobile Authentication Marketing Passwords 98

WIRED Threat Level

JULY 12, 2023

Microsoft says hackers somehow stole a cryptographic key, perhaps from its own network, that let them forge user identities and slip past cloud defenses.

Hacking 98

Hacking 98

The Hacker News

JULY 12, 2023

SonicWall on Wednesday urged customers of Global Management System (GMS) firewall management and Analytics network reporting engine software to apply the latest fixes to secure against a set of 15 security flaws that could be exploited by a threat actor to circumvent authentication and access sensitive information.

Network Security 98

Network Security Firewall Engineering Authentication 98

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

Veracode Security

JULY 12, 2023

A high-functioning security program leverages data to drive optimization – by satisfying governance, reporting, and compliance (GRC) requirements efficiently, creating visibility for risk-based prioritization, and leveraging automation throughout the software development lifecycle. Often, however, the data needed to drive these processes is spread across a complex ecosystem.

Government 98

Government Software Risk 98

Heimadal Security

JULY 12, 2023

Deutsche Bank, ING Bank, Postbank, and Comdirect recently announced they suffered customer data leaks. Reportedly, the four European giant banks were using the same third-party business vendor, who fell victim to a MOVEit data-theft attack. The Attack Revealed On July 3rd, Deutsche Bank and Postbank announced their customers about the data leak. The notice revealed that […] The post Deutsche Bank, ING, and Postbank Customers` Data Exposed in Breach appeared first on Heimdal Security Blog.

Banking 98

Banking Cybersecurity 98

Bleeping Computer

JULY 12, 2023

Microsoft announced that the latest Windows 11 build shipping to Insiders in the Canary channel comes with additional Windows Kernel components rewritten in the memory safety-focused Rust programming language. [.

98

98

Security Boulevard

JULY 12, 2023

Here's how CISOs can look at cybersecurity through a capital efficiency lens without unacceptably growing risk—to the organization and their own jobs. The post Four Steps to Cutting Cybersecurity Budgets Without Increasing Risk appeared first on Security Boulevard.

Risk 98

Risk Cybersecurity CISO Government 98

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

SecureWorld News

JULY 12, 2023

The landscape of cybersecurity is constantly evolving, with emerging technologies reshaping the way we protect our digital infrastructure. One such technology that has garnered significant attention is artificial intelligence (AI). As AI continues to advance, questions arise regarding its impact on cybersecurity and the role it plays in the hacker community.

Cybersecurity 98

Cybersecurity Artificial Intelligence Technology Hacking 98

The Hacker News

JULY 12, 2023

Artificial intelligence (AI) holds immense potential for optimizing internal processes within businesses. However, it also comes with legitimate concerns regarding unauthorized use, including data loss risks and legal consequences. In this article, we will explore the risks associated with AI implementation and discuss measures to minimize damages.

Artificial Intelligence 98

Artificial Intelligence Risk 98

Security Boulevard

JULY 12, 2023

Permalink The post Comic Agilé – Mikkel Noe-Nygaard, Luxshan Ratnarav – #250 Teams Without Agile Job Titles appeared first on Security Boulevard.

Software 98

Software 98

The Hacker News

JULY 12, 2023

Microsoft on Tuesday revealed that it repelled a cyber attack staged by a Chinese nation-state actor targeting two dozen organizations, some of which include government agencies, in a cyber espionage campaign designed to acquire confidential data.

Cyber Attacks 98

Cyber Attacks Government Accountability 98

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!