Schneier on Security
JANUARY 23, 2023
I can’t remember the last time I thought about the US no-fly list: the list of people so dangerous they should never be allowed to fly on an airplane, yet so innocent that we can’t arrest them. Back when I thought about it a lot, I realized that the TSA’s practice of giving it to every airline meant that it was not well protected, and it certainly ended up in the hands of every major government that wanted it.
Tech Republic Security
JANUARY 23, 2023
A new report from Kaspersky details what their digital forensics and incident response teams predict as the main 2023 threats to corporations and government agencies. Learn more about it. The post Kaspersky releases 2023 predictions appeared first on TechRepublic.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Trend Micro
JANUARY 23, 2023
In this blog entry, we’d like to highlight our findings on Vice Society, which includes an end-to-end infection diagram that we were able to create using Trend Micro internal telemetry.
Tech Republic Security
JANUARY 23, 2023
The National Cybersecurity Alliance's second annual Data Privacy Week is January 22-28, 2023. Learn how you can participate in virtual events. The post Data Privacy Week 2023: Virtual events and webinars to attend appeared first on TechRepublic.
Speaker: Erroll Amacker
Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.
Security Boulevard
JANUARY 23, 2023
Enterprises might want to spend the next few months checking and bolstering their boards’ cybersecurity chops—because by the end of 2023, the Security and Exchange Commission (SEC) is expected to finalize its proposal requiring them to attest to their boards’ cybersecurity acumen—as well as disclose their cybersecurity oversight efforts and information on attacks.
Tech Republic Security
JANUARY 23, 2023
A possible Chinese cyberespionage actor has exploited a FortiOS vulnerability to successfully compromise companies. The post Report: Cyberespionage threat actor exploits CVE-2022-42475 FortiOS vulnerability appeared first on TechRepublic.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
|
Security Boulevard
JANUARY 23, 2023
An unsecured Jenkins server contained secret credentials for more than 40 public-cloud storage buckets. In today’s SB Blogwatch, we say hello to our old friend maia arson crimew. The post US No-Fly List Leaked via Airline Dev Server by @_nyancrimew appeared first on Security Boulevard.
CSO Magazine
JANUARY 23, 2023
The metaverse is coming; businesses and government agencies are already building virtual worlds to support city services, meetings and conferences, community building, and commerce. They’re also rendering spatial apps around travel, car sales, manufacturing, and architecture in what Citi predicts will be a $13-trillion market with 5 billion users by 2030.
We Live Security
JANUARY 23, 2023
Does VALORANT’s approach to cheating signal a turning point in how we deal with the continued hacks afflicting our hybrid world of work and play?
CyberSecurity Insiders
JANUARY 23, 2023
A few days ago, the servers of car dealer ‘Arnold Clark’ were breached by hackers and the information of 1000sof motorists was stolen that can lead to identity thefts and online frauds. The threat actors are adamant in their demand for charging cryptocurrency in millions and are not ready to entertain any negotiation of hackers. As the company failed to pay them the demanded ransom, the cyber crooks have leaked addresses, passports, and national insurance numbers and are threatening to leak more
Advertisement
Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.
Dark Reading
JANUARY 23, 2023
Use threat intelligence to reduce chance of success for malicious insider and Dark Web threats.
SecureList
JANUARY 23, 2023
As the role of cybersecurity in large businesses increases remarkably year over year, the importance of Security Operations Centers (SOCs) is becoming paramount. This year’s Kaspersky Security Bulletin ends with tailored predictions for SOCs – from external and internal points of view. The first part of this report is devoted to the most current threats any SOC is likely to face in 2023.
Naked Security
JANUARY 23, 2023
It's a really cool and super-simple trick. The question is, "Will it help?
Graham Cluley
JANUARY 23, 2023
Graham Cluley Security News is sponsored this week by the folks at Kolide. Thanks to the great team there for their support!
Advertisement
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
Dark Reading
JANUARY 23, 2023
Devices running Android 12 and below are at risk of attackers downloading apps that direct users to a malicious domain.
Bleeping Computer
JANUARY 23, 2023
Apple released iOS 16.3 today with long-awaited support for hardware security keys to provide extra protection against phishing attacks and unauthorized access to your devices. [.
Dark Reading
JANUARY 23, 2023
A Swiss hacker poking around in an unprotected Jenkins development server belonging to CommuteAir accessed the names and birthdates of some 1.5 million people on a TSA no-fly list from 2019.
Heimadal Security
JANUARY 23, 2023
An “expansive” adware operation that spoofs over 1,700 apps from 120 publishers and affects around 11 million devices has been stopped by researchers. Dubbed VASTFLUX, the malvertising attack injected malicious JavaScript code into digital ad creatives and allowed threat actors to stack invisible ad videos behind one another to register ad revenue.
Speaker: Sierre Lindgren
Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.
Dark Reading
JANUARY 23, 2023
Amid all the NFL playoff action, FanDuel has sent an email warning to gamblers that their data was exposed in its third-party breach, putting them at risk for phishing attacks.
The Hacker News
JANUARY 23, 2023
Meta Platforms on Monday announced that it has started to expand global testing of end-to-end encryption (E2EE) in Messenger chats by default. "Over the next few months, more people will continue to see some of their chats gradually being upgraded with an extra layer of protection provided by end-to-end encryption," Meta's Melissa Miranda said.
Security Affairs
JANUARY 23, 2023
Apple has backported the security updates for the zero-day vulnerability CVE-2022-42856 to older iPhones and iPads. On December 2022, Apple released security updates to address a new zero-day vulnerability, tracked as CVE-2022-42856 , that is actively exploited in attacks against iPhones. The IT giant released security bulletins for iOS/iPadOS 15.7.2 , Safari 16.2 , tvOS 16.2 , and macOS Ventura 13.1.
Security Boulevard
JANUARY 23, 2023
It made the headlines in early January; Russia is targeting U.S. nuclear scientists and research facilities. While certainly not a news flash—given that Russia’s (and the USSR’s) history of targeting U.S. nuclear technologies dates back more than 75 years. But the tools used in the latest foray remind us of the need to pay more. The post Russia-Linked Attackers Target US Nuclear Research Facilities appeared first on Security Boulevard.
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
Security Affairs
JANUARY 23, 2023
Researchers found two flaws in Samsung Galaxy Store that could be exploited to install applications or achieve code execution on the devices. Researchers from cybersecurity firm NCC Group published technical details on two vulnerabilities, tracked as CVE-2023-21433 and CVE-2023-21434, in Samsung Galaxy Store that could be exploited to install applications or execute malicious JavaScript code.
SecureWorld News
JANUARY 23, 2023
The U.S. National Institute of Standards and Technology (NIST) has announced plans to update its Cybersecurity Framework (CSF) to reflect changes in the evolving cybersecurity landscape. The CSF, which was first published in 2014 and last updated in 2018, is widely used by organizations of all shapes and sizes to identify, assess, and manage cybersecurity risks.
Security Affairs
JANUARY 23, 2023
The recent Mailchimp data breach has impacted multiple organizations, some of them are already notifying their customers. The popular email marketing and newsletter platform Mailchimp recently disclosed a news data breach , the incident exposed the data of 133 customers. Threat actors targeted the company’s employees and contractors to gain access to an internal support and account admin tool.
Security Boulevard
JANUARY 23, 2023
Cryptocurrencies have now been around for over a decade. Since their inception, they’ve been gaining traction as a legitimate form of currency. However, along with the rise in popularity of cryptocurrencies, there has also been a rise in the use of cryptocurrencies for cybercrime. Why is that? The post Cryptocurrencies: How have they influenced cybercrime?
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Security Affairs
JANUARY 23, 2023
Researchers dismantled a sophisticated ad fraud scheme, dubbed VASTFLUX, that targeted more than 11 million devices. HUMAN’s Satori Threat Intelligence and Research Team dismantled a sophisticated ad fraud operation dubbed VASTFLUX. The name VASTFLUX comes from the evasion technique “ fast flux ” and VAST, the Digital Video Ad Serving Template that was abused by threat actors in this fraudulent scheme.
GlobalSign
JANUARY 23, 2023
Digital identity is a hot topic right now, with the recent changes to Twitters blue tick verification. Enter the discussion on what the future of digital identity will look like!
Security Boulevard
JANUARY 23, 2023
From financial gain to hacktivism, we examine the top five motives for data breaches and outline ways companies can protect data against them. | Eureka Security The post Why do Hackers Steal? 5 Motives Behind Data Breaches | Eureka Security appeared first on Security Boulevard.
The Hacker News
JANUARY 23, 2023
Two security flaws have been disclosed in Samsung's Galaxy Store app for Android that could be exploited by a local attacker to stealthily install arbitrary apps or direct prospective victims to fraudulent landing pages on the web. The issues, tracked as CVE-2023-21433 and CVE-2023-21434, were discovered by NCC Group and notified to the South Korean chaebol in November and December 2022.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Expert insights. Personalized for you.
335 
Let's personalize your content