Schneier on Security
OCTOBER 20, 2022
Long and interesting interview with Signal’s new president, Meredith Whittaker: WhatsApp uses the Signal encryption protocol to provide encryption for its messages. That was absolutely a visionary choice that Brian and his team led back in the day - and big props to them for doing that. But you can’t just look at that and then stop at message protection.
Krebs on Security
OCTOBER 20, 2022
On October 10, 2022, there were 576,562 LinkedIn accounts that listed their current employer as Apple Inc. The next day, half of those profiles no longer existed. A similarly dramatic drop in the number of LinkedIn profiles claiming employment at Amazon comes as LinkedIn is struggling to combat a significant uptick in the creation of fake employee accounts that pair AI-generated profile photos with text lifted from legitimate users.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Anton on Security
OCTOBER 20, 2022
Why Your Security Data Lake Project Will … Well, Actually … Long story why but I decided to revisit my 2018 blog titled “Why Your Security Data Lake Project Will FAIL!” That post was very fun to write and it continued to generate reactions over the years (like this one ). Just as I did when I revisited my 2015 SOC nuclear triad blog in 2020 , I wanted to check if my opinions, views and positions from that time are still correct (spoiler: not exactly…) As a reminder, the post stated that most org
Tech Republic Security
OCTOBER 20, 2022
A new report from Zerto finds that only half of the companies surveyed focus on both recovery and prevention. The post Incomplete ransomware strategies still dog organizations appeared first on TechRepublic.
Speaker: Erroll Amacker
Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.
Cisco Security
OCTOBER 20, 2022
Security resilience requires strong, user-friendly defenses. The concept of zero trust is not a new one, and some may even argue that the term is overused. In reality, however, its criticality is growing with each passing day. Why? Because many of today’s attacks begin with the user. According to Verizon’s Data Breach Investigations Report , 82% of breaches involve the human element — whether it’s stolen credentials, phishing, misuse or error.
Security Affairs
OCTOBER 20, 2022
Cybersecurity researchers warn of a new PowerShell backdoor that disguises itself as part of the Windows update process to avoid detection. Cybersecurity researchers from SafeBreach a warning of a new PowerShell backdoor masqueraded as a Windows update process to avoid detection. The backdoor spreads via weaponized Word documents (“ Apply Form.docm.”) posing as a LinkedIn-based job application.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
|
Bleeping Computer
OCTOBER 20, 2022
A major Internet cable in the South of France was severed yesterday at 20:30 UTC, impacting subsea cable connectivity to Europe, Asia, and the United States and causing data packet losses and increased website response latency. [.].
Security Affairs
OCTOBER 20, 2022
Healthcare system Advocate Aurora Health (AAH) disclosed a data breach that exposed the personal data of 3,000,000 patients. The US-based hospital healthcare system Advocate Aurora Health (AAH) disclosed a data breach that exposed the personal data of 3,000,000 patients. The company is notifying the impacted individuals. The healthcare system operates 26 hospitals in Wisconsin and Illinois.
Digital Shadows
OCTOBER 20, 2022
Note: This blog is part of a series of articles related to the use of Structured Analytic Techniques in Cyber. The post Alternative Future Analysis: Pro-Russian Hacktivism first appeared on Digital Shadows.
Security Affairs
OCTOBER 20, 2022
Microsoft disclosed a data leak, sensitive data of some of its customers were exposed by a misconfigured Microsoft server accessible online. Microsoft announced that sensitive data belonging to some of its customers were exposed on the Internet due to a misconfigured Microsoft server. The data leak was discovered by the security threat intelligence firm SOCRadar which notified the IT giant on September 24, 2022. “On September 24, 2022, SOCRadar’s built-in Cloud Security Module detect
Advertisement
Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.
CyberSecurity Insiders
OCTOBER 20, 2022
By Jason Dover, VP of Product Strategy at Progress. With the growing complexity and sophistication of modern security threats, organizations must make suitable investments and develop comprehensive strategies to keep their digital assets secure. This is not a new challenge, but the frequency of attacks is certainly on the rise. The 2022 IBM Cost of a Data Breach Report showed that 83% of the groups studied have had more than one data breach.
CSO Magazine
OCTOBER 20, 2022
The vast majority of organizations lack confidence in securing their data in cloud, while many companies acknowledge they lack sufficient security even for their most sensitive data, according to a new report by the Cloud Security Alliance (CSA). The CSA report surveyed 1,663 IT and security professionals from organizations of various sizes and in various locations.
Dark Reading
OCTOBER 20, 2022
Achieving basic IT hygiene is 99% of the game.
CyberSecurity Insiders
OCTOBER 20, 2022
Australian Bureau of Statistics has made an official confirmation that it has defended its IT infrastructure from over a billion cyber-attacks. Dr David Gruen, a senior statistician, confirmed the news and added that the digital abuse on ABS was being carried since 2016, when a massive distributed denial of service attack led to downtime of digital census board for well over 40 hours.
Advertisement
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
Joseph Steinberg
OCTOBER 20, 2022
For the next few days, US Savings Bonds offer a tremendous deal for Americans seeking to park their cash for at least a year – people can lock in a rate of 9.62% interest for the next six months by purchasing inflation-adjusted type “I” bonds; a rate of nearly ten percent is several times higher than most competing ways to save money in a government-guaranteed account or instrument.
eSecurity Planet
OCTOBER 20, 2022
Cloud security builds off of the same IT infrastructure and security stack principles of a local data center. However, a cloud vendor offering provides a pre-packaged solution that absorbs some operational and security responsibilities from the customer. Exactly which responsibilities the cloud vendor absorbs depends upon the type of solution. While cloud security offerings provide a wide spectrum of choices, there are three generalized situations to compare against on-premises data centers: inf
Graham Cluley
OCTOBER 20, 2022
Microsoft says that it accidentally exposed sensitive customer data after failing to configure a server securely. But it's far from happy with the security researchers who told them about the problem.
CyberSecurity Insiders
OCTOBER 20, 2022
By Prashanth Nanjundappa, VP of Product Management, Progress. The Need for Compliance. The need for security is well understood by almost every business. If data and systems aren’t secure, they could be compromised and important information could end up in the hands of bad actors. The job of security teams is to put in place a secure architecture that defends against all different kinds of threats.
Speaker: Sierre Lindgren
Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.
Heimadal Security
OCTOBER 20, 2022
Microsoft confirms that they have been the victim of a data breach, which allowed threat actors to gain access to the personal information of some customers. The cause of the breach seems to be a misconfigured Microsoft server accessible over the Internet, security researchers claim. Details on the Breach In a statement released on October […].
Bleeping Computer
OCTOBER 20, 2022
Advocate Aurora Health (AAH), a 26-hospital healthcare system in the states of Wisconsin and Illinois, is notifying its patients of an unintentional data breach that impacts 3,000,000 individuals. [.].
Heimadal Security
OCTOBER 20, 2022
1.9 million.git folders containing critical project data are open to the public, discovered the Cybernews research team. The exposed folders are located mainly in the US (31%), followed by China (8%) and Germany (6.5%). Git is a free and open-source distributed version control system (VCS) designed to coordinate work among programmers who create source […].
Security Boulevard
OCTOBER 20, 2022
As a school district, you have a responsibility to protect student data from unauthorized access. But with increasingly sophisticated hackers targeting the education sector at an unprecedented rate, cyber security isn’t so simple. You need to know exactly what security threats you’re up against, where your district may be vulnerable, and how you can better […].
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
CSO Magazine
OCTOBER 20, 2022
The number of ransomware attacks observed over the previous three months declined compared to the previous quarter, according to reports from two threat intelligence companies. However, the gap left by the Conti gang has been filled by other players, with LockBit cementing itself in the top position and likely to serve as a future source for ransomware spin-offs.
CyberSecurity Insiders
OCTOBER 20, 2022
Microsoft has suffered a data breach that leads to leak of sensitive information of some of its customers. The technical blunder reportedly occurred on September 24th of this year because of a configuration error that made the server accessible to everyone on the internet, albeit with some technical knowledge. Prima facie revealed that the free to access data wasn’t misused till date and all affected customers were notified about the incident in the first week of Oct’22.
Security Boulevard
OCTOBER 20, 2022
Time to Accept the Risk of Open Source? Where is the real risk? Accepting Open Source Risk. Accepting cybersecurity risk has become the norm for organizations. Even with extensive firewalls, IDS, email security, zero-trust, ransomware, identity threat, and business email compromise protection, attacks still have a substantial financial impact on organizations.
The Hacker News
OCTOBER 20, 2022
Google on Thursday announced that it's seeking contributors to a new open source initiative called Graph for Understanding Artifact Composition, also known as GUAC, as part of its ongoing efforts to beef up the software supply chain.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Security Boulevard
OCTOBER 20, 2022
The post Careers in Cybersecurity: Cameron Mancini appeared first on Fidelis Cybersecurity. The post Careers in Cybersecurity: Cameron Mancini appeared first on Security Boulevard.
Security Affairs
OCTOBER 20, 2022
While the Russian army is conducting coordinated missile and drone strikes in Ukraine experts observed Internet disruptions in the country. Starting on the morning of Monday, October 10, the Russian army is targeting several cities in Ukraine with coordinated missile and drone strikes. The escalation is a retaliation for the bombing of a bridge connecting Crimea to Russia.
CSO Magazine
OCTOBER 20, 2022
Losses to imposter scams based on synthetic identities—identities that only exist as figments in a credit reporting bureau’s records—will rise from a reported $1.2 billion in 2020 to $2.48 billion by 2024 in the US, according to an analysis published Thursday by identity verification vendor Socure. Synthetic identities became a common concern for businesses and financial institutions in the mid-2010s, Socure’s report said.
CyberSecurity Insiders
OCTOBER 20, 2022
In February this year, Check Point researchers revealed that a new malware named ‘Ducktail’ was behind the Facebook (FB) employees who were taking care of ad campaigns and their motive was to take hold of the direct payments made to them by customers or to hijack the ad campaigns to place their advertisements. Now, a new campaign of similar type has emerged on the dark web and it is taking a step ahead in malevolent behavior as it is found stealing browser data, currency from cryptocurrency wall
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Expert insights. Personalized for you.
66 
Let's personalize your content