Schneier on Security
MAY 24, 2023
It’s been a big month for US data privacy. Indiana, Iowa, and Tennessee all passed state privacy laws, bringing the total number of states with a privacy law up to eight. No private right of action in any of those, which means it’s up to the states to enforce the laws.
The Last Watchdog
MAY 24, 2023
Zero trust networking architecture (ZTNA) is a way of solving security challenges in a cloud-first world. Related: The CMMC sea change NIST SP 800-207A (SP 207A), the next installment of Zero Trust guidance from the National Institute of Standards and Technology (NIST), has been released for public review. This special publication was written for security architects and infrastructure designers; it provides useful guidance when designing ZTNA for cloud-native application platforms, especially th
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Tech Republic Security
MAY 24, 2023
Barracuda Networks found that spearphishing exploits last year worked to great effect and took days to detect. The post Spearphishing report: 50% of companies were impacted in 2022 appeared first on TechRepublic.
The Last Watchdog
MAY 24, 2023
Hackers can hurt your business or organization in many ways. First and foremost, cyberattacks can lead to data breaches in which sensitive information is stolen. If a cyber-criminal uses you as a way to get at your customers, suppliers, or employees, these vital business relationships can turn sour. Related: Tapping hidden pools of security talent Sometimes hackers can encrypt your systems, holding them hostage and asking you to pay money to regain access to them.
Speaker: Erroll Amacker
Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.
Tech Republic Security
MAY 24, 2023
Cloudflare One has a new suite of AI zero-trust security tools. Read our article to learn more about Cloudflare's latest announcement and release. The post Cloudflare releases new AI security tools with Cloudflare One appeared first on TechRepublic.
Bleeping Computer
MAY 24, 2023
GitLab has released an emergency security update, version 16.0.1, to address a maximum severity (CVSS v3.1 score: 10.0) path traversal flaw tracked as CVE-2023-2825. [.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
|
Bleeping Computer
MAY 24, 2023
Ongoing attacks are targeting an Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability in a WordPress cookie consent plugin named Beautiful Cookie Consent Banner with more than 40,000 active installs. [.
Tech Republic Security
MAY 24, 2023
Enterprise VPNs are critical for connecting remote workers to company resources via reliable and secure links to foster communication and productivity. Read about six viable choices for businesses. The post The top 6 enterprise VPN solutions to use in 2023 appeared first on TechRepublic.
Bleeping Computer
MAY 24, 2023
A new PowerShell-based malware dubbed PowerExchange was used in attacks linked to APT34 Iranian state hackers to backdoor on-premise Microsoft Exchange servers. [.
Dark Reading
MAY 24, 2023
The company's ESG appliances were breached, but their other services remain unaffected by the compromise.
Advertisement
Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.
Bleeping Computer
MAY 24, 2023
Microsoft says a Chinese cyberespionage group it tracks as Volt Typhoon has been targeting critical infrastructure organizations across the United States, including Guam, since at least mid-2021. [.
The Hacker News
MAY 24, 2023
The infamous Lazarus Group actor has been targeting vulnerable versions of Microsoft Internet Information Services (IIS) servers as an initial breach route to deploy malware on targeted systems. The findings come from the AhnLab Security Emergency response Center (ASEC), which detailed the advanced persistent threat's (APT) continued abuse of DLL side-loading techniques to deploy malware.
Security Boulevard
MAY 24, 2023
Or, at least, OLDER phones: SPI/TEE MITM FAIL The post ‘BrutePrint’ Unlocks Android Phones — Chinese Researchers appeared first on Security Boulevard.
Anton on Security
MAY 24, 2023
I am not an AI security expert (I hear there are very few of those around ). I am essentially a motivated amateur learner in AI security … and I would even trust Bard advice on Artificial Intelligence security (well, that’s a joke — still, you can see what it says anyhow) (Bard, 5/2023) However I was a pretty good analyst , and some say that this is kinda a minor superpower :-) So, in this post, I will share some things that puzzle me in this emerging domain, and I will use the 3 podcast episode
Advertisement
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
Naked Security
MAY 24, 2023
Another traitorous sysadmin story, this one busted by system logs that gave his game away.
CyberSecurity Insiders
MAY 24, 2023
Recent reports have revealed a shocking truth about the inadvertent sharing of prenatal NIFTY blood test data by thousands of pregnant British women with a Chinese company called BGI Group. This company, allegedly affiliated with the People’s Liberation Army, has raised concerns among Members of Parliament in the United Kingdom, prompting calls for a swift investigation into the £350 blood screening tests, as it appears that the data is being secretly transmitted to Chinese soil.
Security Boulevard
MAY 24, 2023
Oracle E-Business Suite (EBS) is a popular ERP tool for business and financial operations that uses a combination of usernames and passwords to authenticate users. This form of authentication has known weaknesses that attackers can exploit since, by default, Oracle EBS does not provide any added security measures like multifactor authentication (MFA).
Bleeping Computer
MAY 24, 2023
Barracuda, a company known for its email and network security solutions, warned customers today that some of their Email Security Gateway (ESG) appliances were breached last week by targeting a now-patched zero-day vulnerability. [.
Speaker: Sierre Lindgren
Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.
We Live Security
MAY 24, 2023
Nobody wants to spend their time dealing with the fallout of a security incident instead of building up their business The post Digital security for the self‑employed: Staying safe without an IT team to help appeared first on WeLiveSecurity
CSO Magazine
MAY 24, 2023
A commercial malware tool called Legion that hackers deploy on compromised web servers has recently been updated to extract credentials for additional cloud services to authenticate over SSH. The main goal of this Python-based script is to harvest credentials stored in configuration files for email providers, cloud service providers, server management systems, databases, and payment systems.
The Hacker News
MAY 24, 2023
An updated version of the commodity malware called Legion comes with expanded features to compromise SSH servers and Amazon Web Services (AWS) credentials associated with DynamoDB and CloudWatch.
Security Boulevard
MAY 24, 2023
Shopify has made it incredibly easy for businesses to build an online store with a sleek and streamlined dashboard that allows the sale of products via social media, digital marketplaces, blogs, emails, and other public forums. But since this degree of reach requires the collection of user data, Shopify stores are subject to data regulations […] The post Shopify Stores Privacy Policy: What you need to know?
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
Heimadal Security
MAY 24, 2023
Threat actors breached Apria`s Healthcare LLC system and stole the credit card data of 1,869,598 patients and employees. Apria is one of the top US home medical equipment delivery and clinical support provider companies. Although the company discovered the attack back in 2021, they only notified the affected persons on May 22nd, 2023. According to […] The post Apria Loses Financial Data of Nearly Two Million Customers Due to Cyberattack appeared first on Heimdal Security Blog.
Security Boulevard
MAY 24, 2023
Learn how the Synopsys Polaris Software Integrity Platform® is easy to scale for AppSec teams of any size. The post AppSec Decoded: Easy to scale with Polaris appeared first on Security Boulevard.
eSecurity Planet
MAY 24, 2023
The DomainKeys Identified Mail (DKIM) email authentication standard enables email servers to check incoming emails to verify the sender and detect email message alterations. This standard solves the problem of determining if emails have been intercepted and modified in transit and helps to detect SPAM and spoofed emails. By implementing DKIM, an organization improves the reputation of its own emails and enables receiving email servers to improve their own email security.
CSO Magazine
MAY 24, 2023
Advanced persistent threat (APT) attacks were once mainly a concern for large corporations in industries that presented cyberespionage interest. That's no longer the case and over the past year in particular, the number of such state-sponsored attacks against small- and medium-sized businesses (SMBs) has increased significantly. Cybersecurity firm Proofpoint analyzed its telemetry data more than 200,000 SMB customers over the past year and saw a rise in phishing campaigns originating from APT gr
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Security Boulevard
MAY 24, 2023
The Department of Justice’s recent revelation that it dismantled the Turla cybercriminal network was met with surprise—not that the authorities had taken it down and neutralized the Snake malware, but that Snake was still in use in the first place. “I’m surprised that the FSB was still using Snake until the takedown. The Snake backdoor. The post Turla’s Snake May be Down, But its Legacy Lives On appeared first on Security Boulevard.
The Hacker News
MAY 24, 2023
Google has removed a screen recording app named "iRecorder - Screen Recorder" from the Play Store after it was found to sneak in information stealing capabilities nearly a year after the app was published as an innocuous app. The app (APK package name "com.tsoft.app.iscreenrecorder"), which accrued over 50,000 installations, was first uploaded on September 19, 2021.
Trend Micro
MAY 24, 2023
This blog entry features three case studies that show how malicious actors evade the antispam, antibot, and antiabuse measures of online web services via residential proxies and CAPTCHA-breaking services.
The Hacker News
MAY 24, 2023
Google on Wednesday announced the 0.1 Beta version of GUAC (short for Graph for Understanding Artifact Composition) for organizations to secure their software supply chains. To that end, the search giant is making available the open source framework as an API for developers to integrate their own tools and policy engines.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Expert insights. Personalized for you.
283 
Let's personalize your content