The Last Watchdog
JANUARY 4, 2022
APIs are putting business networks at an acute, unprecedented level of risk – a dynamic that has yet to be fully acknowledged by businesses. Related: ‘SASE’ framework extends security to the network edge. That said, APIs are certain to get a lot more attention by security teams — and board members concerned about cyber risk mitigation — in 2022.
Joseph Steinberg
JANUARY 4, 2022
Cyber Security Expert, Joseph Steinberg, who joined Newsweek’s Expert Forum last year, will continue serving as a member throughout 2022. In 2021, based on Steinberg’s proven expertise in the fields of cybersecurity, privacy, and artificial intelligence, the premier news outlet invited him to join its community of pioneering thinkers and industry leaders, and to provide input related to his areas of expertise.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Tech Republic Security
JANUARY 4, 2022
Google says Manifest V3 is focused on security, privacy and performance, but it could also break Chrome browser extensions used by millions of people.
Bleeping Computer
JANUARY 4, 2022
Hackers used a cloud video hosting service to perform a supply chain attack on over one hundred real estate sites that injected malicious scripts to steal information inputted in website forms. [.].
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Tech Republic Security
JANUARY 4, 2022
Commentary: The privacy-oriented search engine keeps winning fans. Will it spur Google to improve its own privacy?
Security Boulevard
JANUARY 4, 2022
There was no shortage of cybersecurity headlines in 2021. From REvil’s attacks, disappearance and resurgence to a brewing “cyber cold war” sweeping the world, 2021 was one of the most hectic years yet for the cybersecurity industry. And 2022 looks like it is going to be just as challenging, if not more so. A complex. The post What’s Ahead for AI and Cybersecurity in 2022 appeared first on Security Boulevard.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Security Boulevard
JANUARY 4, 2022
This time of year is traditionally for either looking back at the previous year or looking forward to the year ahead. While there have been great advances over the years with respect to information security tools, technologies, training and awareness, significant challenges remain. What follows are my estimations of the top information security challenges for.
CyberSecurity Insiders
JANUARY 4, 2022
A Cyber Attack that took place on UK’s Defence Academy early last year was brought to light by Air Marshall Edward Stringer through an interview given to Sky News. The Former Director of the academy stated that the attack went unnoticed by the media as it was not given priority as its consequences were not severe. However, Stringer felt that the attack proved super-sophisticated to the staff dealing with the aftermath of consequences, thus spending immense time and money to recover from the inci
Bleeping Computer
JANUARY 4, 2022
UScellular, self-described as the fourth-largest wireless carrier in the US, has disclosed a data breach after the company's billing system was hacked in December 2021. [.].
Dark Reading
JANUARY 4, 2022
Microsoft says vulnerabilities present a "real and present" danger, citing high volume of scanning and attack activity targeting the widely used Apache logging framework.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Bleeping Computer
JANUARY 4, 2022
The cracked passwords for almost 7.5 million DatPiff members is being sold online, and users can check if they are part of the data breach through the Have I Been Pwned notification service. [.].
CSO Magazine
JANUARY 4, 2022
Matthew Miller, a principal in Cyber Services at KPMG, had a first-of-its-kind request from a client CISO this past year: To read this article in full, please click here (Insider Story)
Bleeping Computer
JANUARY 4, 2022
Microsoft has released an emergency out-of-band update to address a Windows Server bug leading to Remote Desktop connection and performance issues. [.].
CyberSecurity Insiders
JANUARY 4, 2022
A new malware developed by China is on the prowl on the web and is seen targeting Japanese companies for now. According to a research carried out by NTT Security, Flagpro is in the wild from Oct’20 and was found targeting companies operating in defense technologies, media and communication sectors. BlackTech Cyber Espionage APT group linked to Chinese intelligence was found distributing Flagpro in two stages via Phishing emails.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Heimadal Security
JANUARY 4, 2022
A new hacking method is standing out on the cyberthreat landscape. People who use to copy-paste commands from webpages into a console or terminals like programmers, sysadmins, security researchers, and people interested in tech subjects should pay attention as these might result in their system being compromised. This warning comes after a demonstration of a […].
Bleeping Computer
JANUARY 4, 2022
The US Federal Trade Commission (FTC) has warned today that it will go after any US company that fails to protect its customers' data against ongoing Log4J attacks. [.].
InfoWorld on Security
JANUARY 4, 2022
If 2020 was the year that we became acutely aware of the consumer goods supply chain (toilet paper, anyone? Anyone ?), then 2021 was the year that the software supply chain rose in our collective consciousness. In perhaps the most infamous attack of the year , thousands of customers, including several US government agencies, downloaded compromised SolarWinds updates.
Dark Reading
JANUARY 4, 2022
Security Pro File: The years at the National Security Agency shaped Vinnie Liu's views on security. "We're missionaries, not mercenaries," he says.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
CSO Magazine
JANUARY 4, 2022
Humans are simultaneously the biggest source of strength and the perennial weak point in any security program. The leadership of security includes things like awareness campaigns, advising and training in the wake of incidents, and doing user experience reviews on things like phishing tools to reduce the threat to the company. For all of that, sometimes the tools and processes that we surround our teams and our organization with can be difficult to operate.
Dark Reading
JANUARY 4, 2022
If the CISO is responsible for the security of the organization, then that same person also should be responsible for both security and IT infrastructure.
Naked Security
JANUARY 4, 2022
The finder of this bug insists it "poses a serious risk". We're not so sure, but we recommend you take steps to avoid it anyway.
Heimadal Security
JANUARY 4, 2022
Researchers have noticed that the APT group dubbed BlackTech started to target Japanese organizations in a malicious campaign that employs the Flagpro malware. How the Attack Unfolds NTT researchers published a report about this topic. According to them, the initial stage of the cyberattack involves BlackTech leveraging Flagpro malware. This focuses on activities like network […].
Advertisement
The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.
Security Affairs
JANUARY 4, 2022
UScellular, one of the largest wireless carriers in the US, has disclosed a data breach after the hack suffered in December 2021. UScellular has disclosed a data breach after the attack that compromised the company’s billing system in December 2021. United States Cellular Corporation, is the fourth-largest wireless carrier in the United States, with over 4.9 million customers in 426 markets in 23 states as of the second quarter of 2020.
The Hacker News
JANUARY 4, 2022
A persistent denial-of-service (DoS) vulnerability has been discovered in Apple's iOS mobile operating system that's capable of sending affected devices into a crash or reboot loop upon connecting to an Apple Home-compatible appliance.
CyberSecurity Insiders
JANUARY 4, 2022
China has made a new amendment to its data security law that will bar companies with over 1 million users from publicly listing themselves on foreign soil-if they do not pass all the acts in the Cybersecurity review law. In simple words, online companies that have over one million users should go through a data processing activity taken up by Cyberspace Administration of China where it needs to submit details on how it collects, stores, uses, processes, transmits and discloses data to other gove
The Hacker News
JANUARY 4, 2022
Trojanized installers of the Telegram messaging application are being used to distribute the Windows-based Purple Fox backdoor on compromised systems. That's according to new research published by Minerva Labs, describing the attack as different from intrusions that typically take advantage of legitimate software for dropping malicious payloads.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
PCI perspectives
JANUARY 4, 2022
It is said that change is the only constant in life. And the last 21 months have been a time of unprecedented change in the way we live, work and travel. These changes have brought with them a wave of changes as many companies and individuals reevaluate their opportunities and family responsibilities in the new way of working.
The Hacker News
JANUARY 4, 2022
A group of academics from the University of California, Santa Barbara, has demonstrated what it calls a "scalable technique" to vet smart contracts and mitigate state-inconsistency bugs, discovering 47 zero-day vulnerabilities on the Ethereum blockchain in the process.
Dark Reading
JANUARY 4, 2022
Many of last year's largest app breaches could have been prevented with testing, training, and the will to take app security seriously.
Security Affairs
JANUARY 4, 2022
Hospitality chain McMenamins disclosed a data breach after a recent ransomware attack. Hospitality chain McMenamins discloses a data breach after a ransomware attack that took place on December 12. McMenamins is a family-owned chain of brewpubs, breweries, music venues, historic hotels, and theater pubs in Oregon and Washington. . According to the company, threat actors have stolen data of individuals employed between July 1, 2010, and December 12, 2021.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Expert insights. Personalized for you.
242 
Let's personalize your content