Schneier on Security

JULY 12, 2023

No surprise, but Google just changed its privacy policy to reflect broader uses of all the surveillance data it has captured over the years: Research and development : Google uses information to improve our services and to develop new products, features and technologies that benefit our users and the public. For example, we use publicly available information to help train Google’s AI models and build products and features like Google Translate, Bard, and Cloud AI capabilities.

Surveillance 226

Surveillance Technology Data collection Artificial Intelligence 226

The Last Watchdog

JULY 12, 2023

Toronto, Canada, July 12, 2023 – Asigra Inc., a leader in ultra-secure backup and recovery, is tackling the pressing data protection and security challenges faced by organizations utilizing the thousands of Software as a Service (SaaS) applications on the market today. Because of the increasing adoption of SaaS and the potential data recovery challenges they bring, Asigra is highlighting five major data protection challenges threatening SaaS application data, as well as the need for compr

Backups 183

Backups Marketing Threat Detection Technology 183

Thales Cloud Protection & Licensing

JULY 12, 2023

World Youth Skills Day 2023: Engaging Youth with Cybersecurity madhav Thu, 07/13/2023 - 04:56 In 2014, the United Nations General Assembly declared 15 July as World Youth Skills Day to celebrate the strategic importance of equipping young people with skills for employment, decent work, and entrepreneurship. “Young people are drivers of change and must be fully engaged in decisions affecting their future,” said UN Secretary-General António Guterres.

Cybersecurity 115

Cybersecurity Education Technology Marketing 115

Tech Republic Security

JULY 12, 2023

Developing and implementing both preventive security protocols and effective response plans is complicated and requires a security architect with a clear vision. This hiring kit from TechRepublic Premium provides a workable framework you can use to find the best candidate for your organization. From the hiring kit: DETERMINING FACTORS, DESIRABLE PERSONALITY TRAITS AND SKILLSETS Depending.

97

97

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Bleeping Computer

JULY 12, 2023

Microsoft announced that the latest Windows 11 build shipping to Insiders in the Canary channel comes with additional Windows Kernel components rewritten in the memory safety-focused Rust programming language. [.

98

98

Security Boulevard

JULY 12, 2023

Complexity is the enemy of security. Akamai’s Steve Winterfeld explains what to do to combat complexity in cybersecurity. The post Cybersecurity Needs to Mitigate Complexity appeared first on Security Boulevard.

Cybersecurity 98

Cybersecurity CISO Risk Government 98

Security Boulevard

JULY 12, 2023

NETSCOUT Systems is is dynamically applying machine learning algorithms to combat distributed denial-of-service (DDoS) attacks. The post NETSCOUT Uses Machine Learning to Help Thwart DDoS Attacks appeared first on Security Boulevard.

DDOS 98

DDOS Cybersecurity Network Security 98

eSecurity Planet

JULY 12, 2023

Microsoft’s Patch Tuesday for July 2023 includes nine critical flaws, and five are actively being exploited. Notably, one of those five remains unpatched at this point. “While some Patch Tuesdays focus on fixes for minor bugs or issues with features, these patches almost purely focus on security-related issues,” Cloud Range vice president of technology Tom Marsland said by email. “They should be pushed to vulnerable machines immediately.” The July 2023 fixes include

Encryption 98

Encryption Accountability VPN Engineering 98

Security Boulevard

JULY 12, 2023

Here's how CISOs can look at cybersecurity through a capital efficiency lens without unacceptably growing risk—to the organization and their own jobs. The post Four Steps to Cutting Cybersecurity Budgets Without Increasing Risk appeared first on Security Boulevard.

Risk 98

Risk Cybersecurity CISO Government 98

The Security Ledger

JULY 12, 2023

New threats demand that we transform the way we think about securing the endpoints. Case in point: APIs, writes Ross Moore. The post Attacks on APIs demand a Security Re-Think appeared first on The Security Ledger with Paul F. Roberts.

Software 98

Software Cybersecurity 98

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Security Boulevard

JULY 12, 2023

Powerful combination of SAFE Platform’s industry defining AI capabilities coupled with the industry standard FAIR model for cyber risk quantification, that was pioneered by RiskLens, gives enterprises a one-stop-shop to address all their cyber risk quantification and management needs and paves a path to comply with impending SEC Cyber Guidelines The post Safe Security Acquires RiskLens to Become Undisputed Leader in the $4B Cyber Risk Quantification and Management (CRQM) Market appeared first on

Cyber Risk 98

Cyber Risk Marketing Risk 98

Heimadal Security

JULY 12, 2023

Over the past couple of years, increasingly more sysadmins have abandoned the more “traditional”, hands-on, approach to access and identity management in favor of IAG (Identity and Access Governance). The switch from a hand-on approach to IAG means much more than taking advantage of emerging technologies; one would call it an authentic epistemological shift; an […] The post Access Governance Strategy and Technology: How to Plan It Well appeared first on Heimdal Security Blog.

Technology 97

Technology Government Authentication 97

Security Boulevard

JULY 12, 2023

The Australian Prudential Regulation Authority (APRA) recently published findings from a study examining the level of cybersecurity resilience of its regulated entities, which revealed an alarming number of security gaps. In this blog we take a look at the identity protection aspects of these gaps, and discuss how identity and security teams can assess their.

Cybersecurity 98

Cybersecurity Risk Government 98

TrustArc

JULY 12, 2023

TrustArc’s privacy experts share an overview of the new Washington My Health, My Data Act, including a timeline for compliance with its strict rules on protection of personal information. The post Washington My Health, My Data Act: Background Brief appeared first on TrustArc Privacy Blog.

97

97

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Security Boulevard

JULY 12, 2023

Our thanks to BSides Knoxville for publishing their presenter’s outstanding BSides Knoxville 2023 content on the organizations’ YouTube channel. Permalink The post BSides Knoxville 2023 – Connor Gannon – Summoning Angels In The Modern Age: Digitizing The Methods Of Steganographia appeared first on Security Boulevard.

Architecture 98

Architecture CISO Education Risk 98

Bleeping Computer

JULY 12, 2023

Ghostscript, an open-source interpreter for PostScript language and PDF files widely used in Linux, has been found vulnerable to a critical-severity remote code execution flaw. [.

95

95

Security Boulevard

JULY 12, 2023

Dan Guido, CEO In March, I joined the Commodity Futures Trading Commission’s Technology Advisory Committee (TAC), helping the regulatory agency navigate the complexities of cybersecurity risks, particularly in emerging technologies like AI and blockchain. During the committee’s first meeting, I discussed how the rapidly changing and public nature of blockchain technology makes it uniquely susceptible […] The post What we told the CFTC about crypto threats appeared first on Security Boulevard.

Technology 97

Technology Risk Cybersecurity 97

Bleeping Computer

JULY 12, 2023

SonicWall warned customers today to urgently patch multiple critical vulnerabilities impacting the company's Global Management System (GMS) firewall management and Analytics network reporting engine software suites. [.

Firewall 96

Firewall Engineering Software 96

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Security Boulevard

JULY 12, 2023

TrustCloud teamed up with Dansa D’Arata Soucia on our Risk Rodeo webinar, to discuss everything you need to know to wrangle up risks with confidence. Our panelists weighed in on the four things that auditors look for in risk management processes: Clear Process Documentation & Monitoring Rationalization Over Time Executive Responsibility Read on to see […] The post What Your Auditor Looks for in Your Risk Management Process first appeared on TrustCloud.

Risk 97

Risk CISO Government 97

Bleeping Computer

JULY 12, 2023

Fortinet has disclosed a critical severity flaw impacting FortiOS and FortiProxy, allowing a remote attacker to perform arbitrary code execution on vulnerable devices. [.

97

97

Security Boulevard

JULY 12, 2023

Organizations need to manage technical debt, but why, and what is the best process for successful mitigation? Technical debt is a term that comes from software development, but its significance extends far beyond the developer’s desk. It carries ramifications for business operations, security, and long-term strategy. But what exactly is technical debt, how can it.

Software 97

Software Cybersecurity 97

The Hacker News

JULY 12, 2023

A new fileless attack dubbed PyLoose has been observed striking cloud workloads with the goal of delivering a cryptocurrency miner, new findings from Wiz reveal. "The attack consists of Python code that loads an XMRig Miner directly into memory using memfd, a known Linux fileless technique," security researchers Avigayil Mechtinger, Oren Ofer, and Itamar Gilad said.

Cryptocurrency 96

Cryptocurrency 96

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

Security Boulevard

JULY 12, 2023

If you have been pwned - this is what you should do next! Fight email compromise with the following easy methods. The post Have You Been Pwned? – What is it and how to prevent it appeared first on Security Boulevard.

Passwords 97

Passwords Cybersecurity 97

The Hacker News

JULY 12, 2023

Ransomware has emerged as the only cryptocurrency-based crime to grow in 2023, with cybercriminals extorting nearly $175.8 million more than they did a year ago, according to findings from Chainalysis. "Ransomware attackers are on pace for their second-biggest year ever, having extorted at least $449.

Ransomware 96

Ransomware Cryptocurrency 96

Security Boulevard

JULY 12, 2023

Learn how OAuth works and the risks of improper OAuth implementation that may introduce attack vectors on your SaaS estate. The post OAuth Token: What It Is, How It Works, and Its Vulnerabilities appeared first on AppOmni. The post OAuth Token: What It Is, How It Works, and Its Vulnerabilities appeared first on Security Boulevard.

Risk 97

Risk 97

Security Affairs

JULY 12, 2023

Microsoft warned today that an unpatched zero-day in multiple Windows and Office products was actively exploited in the wild. Microsoft disclosed an unpatched zero-day vulnerability in multiple Windows and Office products that has been actively exploited in the wild. The issue, tracked as CVE-2023-36884 , was exploited by nation-state actors and cybercriminals to gain remote code execution via malicious Office documents.

Phishing 90

Phishing Cybercrime Hacking Government 90

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Security Boulevard

JULY 12, 2023

Employees are your biggest cybersecurity risk. Here’s how to implement effective data protection and confidentiality training for your team. The post 10 Best Practices for Data Protection & Confidentiality Training appeared first on Security Boulevard.

Risk 95

Risk Cybersecurity 95

Malwarebytes

JULY 12, 2023

An unpatched zero-day vulnerability is currently being abused in the wild , targeting those with an interest in Ukraine. Microsoft reports that CVE-2023-36884 is tied to reports of: …a series of remote code execution vulnerabilities impacting Windows and Office products. Microsoft is aware of targeted attacks that attempt to exploit these vulnerabilities by using specially-crafted Microsoft Office documents.

Telecommunications 92

Telecommunications Phishing Software Government 92

Security Affairs

JULY 12, 2023

Citrix fixed a critical flaw affecting the Secure Access client for Ubuntu that could be exploited to achieve remote code execution. Citrix addressed a critical vulnerability, tracked as CVE-2023-24492 (CVSS score of 9.6), affecting the Secure Access client for Ubuntu that could be exploited to achieve remote code execution. An attacker can trigger the vulnerability by tricking the victim into opening a specially crafted link and accepting further prompts.

Hacking 90

Hacking Cybercrime Information Security 90

Graham Cluley

JULY 12, 2023

A British IT worker who exploited a ransomware attack against the company he worked for, in an attempt to extort money from them for himself, has been sentenced to jail for three years and seven months.

Ransomware 92

Ransomware Malware 92

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.