Schneier on Security
MAY 24, 2023
It’s been a big month for US data privacy. Indiana, Iowa, and Tennessee all passed state privacy laws, bringing the total number of states with a privacy law up to eight. No private right of action in any of those, which means it’s up to the states to enforce the laws.
The Last Watchdog
MAY 24, 2023
Zero trust networking architecture (ZTNA) is a way of solving security challenges in a cloud-first world. Related: The CMMC sea change NIST SP 800-207A (SP 207A), the next installment of Zero Trust guidance from the National Institute of Standards and Technology (NIST), has been released for public review. This special publication was written for security architects and infrastructure designers; it provides useful guidance when designing ZTNA for cloud-native application platforms, especially th
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Tech Republic Security
MAY 24, 2023
Barracuda Networks found that spearphishing exploits last year worked to great effect and took days to detect. The post Spearphishing report: 50% of companies were impacted in 2022 appeared first on TechRepublic.
The Last Watchdog
MAY 24, 2023
Hackers can hurt your business or organization in many ways. First and foremost, cyberattacks can lead to data breaches in which sensitive information is stolen. If a cyber-criminal uses you as a way to get at your customers, suppliers, or employees, these vital business relationships can turn sour. Related: Tapping hidden pools of security talent Sometimes hackers can encrypt your systems, holding them hostage and asking you to pay money to regain access to them.
Speaker: William Hord, Senior VP of Risk & Professional Services
Enterprise Risk Management (ERM) is critical for industry growth in today’s fast-paced and ever-changing risk landscape. When building your ERM program foundation, you need to answer questions like: Do we have robust board and management support? Do we understand and articulate our bank’s risk appetite and how that impacts our business units? How are we measuring and rating our risk impact, likelihood, and controls to mitigate our risk?
Tech Republic Security
MAY 24, 2023
Cloudflare One has a new suite of AI zero-trust security tools. Read our article to learn more about Cloudflare's latest announcement and release. The post Cloudflare releases new AI security tools with Cloudflare One appeared first on TechRepublic.
Anton on Security
MAY 24, 2023
I am not an AI security expert (I hear there are very few of those around ). I am essentially a motivated amateur learner in AI security … and I would even trust Bard advice on Artificial Intelligence security (well, that’s a joke — still, you can see what it says anyhow) (Bard, 5/2023) However I was a pretty good analyst , and some say that this is kinda a minor superpower :-) So, in this post, I will share some things that puzzle me in this emerging domain, and I will use the 3 podcast episode
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Bleeping Computer
MAY 24, 2023
Ongoing attacks are targeting an Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability in a WordPress cookie consent plugin named Beautiful Cookie Consent Banner with more than 40,000 active installs. [.
Tech Republic Security
MAY 24, 2023
Enterprise VPNs are critical for connecting remote workers to company resources via reliable and secure links to foster communication and productivity. Read about six viable choices for businesses. The post The top 6 enterprise VPN solutions to use in 2023 appeared first on TechRepublic.
Bleeping Computer
MAY 24, 2023
Microsoft says a Chinese cyberespionage group it tracks as Volt Typhoon has been targeting critical infrastructure organizations across the United States, including Guam, since at least mid-2021. [.
The Hacker News
MAY 24, 2023
The infamous Lazarus Group actor has been targeting vulnerable versions of Microsoft Internet Information Services (IIS) servers as an initial breach route to deploy malware on targeted systems. The findings come from the AhnLab Security Emergency response Center (ASEC), which detailed the advanced persistent threat's (APT) continued abuse of DLL side-loading techniques to deploy malware.
Speaker: William Hord, Vice President of ERM Services
A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.
Bleeping Computer
MAY 24, 2023
GitLab has released an emergency security update, version 16.0.1, to address a maximum severity (CVSS v3.1 score: 10.0) path traversal flaw tracked as CVE-2023-2825. [.
CSO Magazine
MAY 24, 2023
A commercial malware tool called Legion that hackers deploy on compromised web servers has recently been updated to extract credentials for additional cloud services to authenticate over SSH. The main goal of this Python-based script is to harvest credentials stored in configuration files for email providers, cloud service providers, server management systems, databases, and payment systems.
Bleeping Computer
MAY 24, 2023
A new PowerShell-based malware dubbed PowerExchange was used in attacks linked to APT34 Iranian state hackers to backdoor on-premise Microsoft Exchange servers. [.
The Hacker News
MAY 24, 2023
An updated version of the commodity malware called Legion comes with expanded features to compromise SSH servers and Amazon Web Services (AWS) credentials associated with DynamoDB and CloudWatch.
Speaker: Dr. Karen Hardy, CEO and Chief Risk Officer of Strategic Leadership Advisors LLC
Communication is a core component of a resilient organization's risk management framework. However, risk communication involves more than just reporting information and populating dashboards, and we may be limiting our skillset. Storytelling is the ability to express ideas and convey messages to others, including stakeholders. When done effectively, it can help interpret complex risk environments for leaders and inform their decision-making.
Bleeping Computer
MAY 24, 2023
Barracuda, a company known for its email and network security solutions, warned customers today that some of their Email Security Gateway (ESG) appliances were breached last week by targeting a now-patched zero-day vulnerability. [.
CyberSecurity Insiders
MAY 24, 2023
In a recent advisory, Microsoft has called upon critical infrastructure companies operating in the United States to enhance their cyber defenses in order to safeguard communication infrastructure from potential disruptions. The announcement highlights a significant conspiracy aimed at severing communication channels between the Biden administration and Asia.
CSO Magazine
MAY 24, 2023
Advanced persistent threat (APT) attacks were once mainly a concern for large corporations in industries that presented cyberespionage interest. That's no longer the case and over the past year in particular, the number of such state-sponsored attacks against small- and medium-sized businesses (SMBs) has increased significantly. Cybersecurity firm Proofpoint analyzed its telemetry data more than 200,000 SMB customers over the past year and saw a rise in phishing campaigns originating from APT gr
CyberSecurity Insiders
MAY 24, 2023
Recent reports have revealed a shocking truth about the inadvertent sharing of prenatal NIFTY blood test data by thousands of pregnant British women with a Chinese company called BGI Group. This company, allegedly affiliated with the People’s Liberation Army, has raised concerns among Members of Parliament in the United Kingdom, prompting calls for a swift investigation into the £350 blood screening tests, as it appears that the data is being secretly transmitted to Chinese soil.
Speaker: Ronald Eddings, Cybersecurity Expert and Podcaster
So, you’ve accomplished an organization-wide SaaS adoption. It started slow, and now just a few team members might be responsible for running Salesforce, Slack, and a few others applications that boost productivity, but it’s all finished. Or is it? Through all the benefits offered by SaaS applications, it’s still a necessity to onboard providers as quickly as possible.
CSO Magazine
MAY 24, 2023
SuperMailer, a legitimate email newsletter program, has been found abused by threat actors to conduct a high-volume credential harvesting campaign, according to network security firm Cofense. “The SuperMailer-generated emails have been reaching inboxes at an increasingly remarkable volume,” Brah Haas, cyber threat intelligence analyst at Cofense, said in a blog post.
Security Boulevard
MAY 24, 2023
Or, at least, OLDER phones: SPI/TEE MITM FAIL The post ‘BrutePrint’ Unlocks Android Phones — Chinese Researchers appeared first on Security Boulevard.
CSO Magazine
MAY 24, 2023
CyberArk has announced plans to launch an enterprise browser, dubbed CyberArk Secure Browser, at the end of 2023 as part of its CyberArk Identity Security Platform. The identity security vendor decided to create a new enterprise browser based on trends impacting hybrid work environments and its own research, which found an increase in post-multifactor authentication (MFA) attacks targeting session cookies.
Dark Reading
MAY 24, 2023
Any new cybersecurity technology should be not just a neutral addition to a security stack but a benefit to the other technologies or people managing them.
Speaker: Ryan McInerny, CAMS, FRM, MSBA - Principal, Product Strategy
Cryptocurrency and non-fungible tokens (NFTs) - what are they and why should you care? With 20% of Americans owning cryptocurrencies, speaking "fluent crypto" in the financial sector ensures you are prepared to discuss growth and risk management strategies when the topic arises. Join this exclusive webinar with Ryan McInerny to learn: Cryptocurrency asset market trends How to manage risk and compliance to serve customers safely Best practices for identifying crypto transactions and companies Rev
CSO Magazine
MAY 24, 2023
The US Department of Treasury has imposed sanctions on four entities and one individual involved in illicit revenue generation and malicious online activities to generate revenue for the Democratic People’s Republic of Korea’s (North Korea) activities. The entities and individuals sanctioned are the Pyongyang University of Automation, the RGB’s Technical Reconnaissance Bureau, the 110th Research Center cybersecurity unit, Chinyong Information Technology Cooperation Company, and North Korean nati
Security Boulevard
MAY 24, 2023
Oracle E-Business Suite (EBS) is a popular ERP tool for business and financial operations that uses a combination of usernames and passwords to authenticate users. This form of authentication has known weaknesses that attackers can exploit since, by default, Oracle EBS does not provide any added security measures like multifactor authentication (MFA).
CyberSecurity Insiders
MAY 24, 2023
TEL AVIV, Israel, May 24 , 2023 — Memcyco , the real-time website impersonation detection and prevention solution, has completed a $10 million seed round led by Capri Ventures and Venture Guides. Brandjacking is among the most common forms of cyberattacks globally. Twenty percent of consumers collectively lost more than $2.6 billion in 2022 due to imposter scams, according to U.S.
Dark Reading
MAY 24, 2023
The company's ESG appliances were breached, but their other services remain unaffected by the compromise.
Speaker: Karl Camilleri, Cloud Services Product Manager at phoenixNAP
Did you know that 2021 was a record-breaking year for ransomware? The days of a “once in a while” attack against businesses and organizations are over. Cyberthreats have become a serious issue. With 495.1 million attacks, the threat marked a 148% increase compared to 2020 and was the most expensive year on record! As a result, data protection needs to be a concern for most banks, businesses, and information technology specialists.
Google Security
MAY 24, 2023
Brandon Lum and Mihai Maruseac, Google Open Source Security Team Today, we are announcing the launch of the v0.1 version of Graph for Understanding Artifact Composition (GUAC). Introduced at Kubecon 2022 in October, GUAC targets a critical need in the software industry to understand the software supply chain. In collaboration with Kusari , Purdue University , Citi , and community members , we have incorporated feedback from our early testers to improve GUAC and make it more useful for security p
The Hacker News
MAY 24, 2023
Google has removed a screen recording app named "iRecorder - Screen Recorder" from the Play Store after it was found to sneak in information stealing capabilities nearly a year after the app was published as an innocuous app. The app (APK package name "com.tsoft.app.iscreenrecorder"), which accrued over 50,000 installations, was first uploaded on September 19, 2021.
Dark Reading
MAY 24, 2023
According to Microsoft and researchers, the state-sponsored threat actor could very well be setting up a contingency plan for disruptive attacks on the US in the wake of an armed conflict in the South China Sea.
Security Boulevard
MAY 24, 2023
Shopify has made it incredibly easy for businesses to build an online store with a sleek and streamlined dashboard that allows the sale of products via social media, digital marketplaces, blogs, emails, and other public forums. But since this degree of reach requires the collection of user data, Shopify stores are subject to data regulations […] The post Shopify Stores Privacy Policy: What you need to know?
Speaker: Alex Jiménez, Managing Principal, Financial Service Consulting for EPAM
Global economic conditions are soft at best. From a budget standpoint, US banks are feeling the pinch. Many US banks are bracing for increased defaults and lower demand for mortgages and other loans as interest rates have increased. The largest banks have increased reserves to protect against deteriorating economic conditions. Should banks delay their digital transformation investments and focus on cost reductions?
Expert insights. Personalized for you.
219 
Let's personalize your content