Schneier on Security
JULY 5, 2023
I have mixed feelings about this class-action lawsuit against OpenAI and Microsoft, claiming that it “scraped 300 billion words from the internet” without either registering as a data broker or obtaining consent. On the one hand, I want this to be a protected fair use of public data. On the other hand, I want us all to be compensated for our uniquely human ability to generate language.
Tech Republic Security
JULY 5, 2023
Thales cloud security study shows that 79% of organizations have more than one cloud provider and 75% of companies said they store at least 40% of their sensitive data in the cloud. The post Thales: For Data Breaches, Cloud Assets are Biggest Cybersecurity Headache appeared first on TechRepublic.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Dark Reading
JULY 5, 2023
The "TeamsPhisher" cyberattack tool gives pentesters — and adversaries — a way to deliver malicious files directly to a Teams user from an external account, or tenant.
Tech Republic Security
JULY 5, 2023
Learn about the benefits and use cases of quantum computing. Also, get details about quantum cryptography from an expert. The post Is Quantum Computing Right for Your Business? appeared first on TechRepublic.
Speaker: Erroll Amacker
Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.
Bleeping Computer
JULY 5, 2023
A member of U.S. Navy's red team has published a tool called TeamsPhisher that leverages an unresolved security issue in Microsoft Teams to bypass restrictions for incoming files from users outside of a targeted organization, the so-called external tenants. [.
Naked Security
JULY 5, 2023
No zero-days this month, so you’re patching to stay ahead, not merely to catch up!
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
|
SecureList
JULY 5, 2023
The higher the global popularity of cryptocurrencies and the more new ways of storing them, the wider the arsenal of tools used by malicious actors who are after digital money. Scammers tailor the complexity of technology they use and the thoroughness of their efforts to imitate legitimate websites to how well the target is protected and how large the amount is that they can steal if successful.
Dark Reading
JULY 5, 2023
You can't encrypt a file you can't open — Microsoft could dramatically impact ransomware by slowing it down.
Heimadal Security
JULY 5, 2023
The US Cybersecurity and Infrastructure Security Agency (CISA) added 6 flaws affecting Samsung smartphones to its Known Exploited Vulnerabilities Catalog. On the same day, CISA also added 2 other vulnerabilities impacting D-Link devices. Although security specialists released patches for all 8 CVEs back in 2021, researchers currently found evidence of active exploitation.
Security Boulevard
JULY 5, 2023
AppSec and Software Supply Chain Security are two terms more frequently used as part of DevOps, as well as when considering how to develop a security strategy. Software supply chain attacks are on the rise and organizations must brace for the strong possibility that their software supply chain will be a target–so much so that Gartner. AppSec and Software Supply Chain Security: How Do They Go Together?
Advertisement
Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.
Heimadal Security
JULY 5, 2023
In today’s interconnected world, where cyber threats loom large, the traditional password-based authentication method has shown its limitations and ceased to provide adequate security. Passwords pose serious challenges as they are difficult to remember, often reused across different apps, and are prone to be easily misplaced, putting sensitive information at risk.
Security Boulevard
JULY 5, 2023
Discover how to enhance the security of your container registries using honeytokens. Learn the steps to secure Docker Registry, GitHub Container Registry, and GitLab Container Registry with honeytokens. Strengthen your DevOps pipeline and protect your valuable assets. The post How to Secure Your Container Registries With GitGuardian’s Honeytoken appeared first on Security Boulevard.
Dark Reading
JULY 5, 2023
The startup, one of four finalists in Black Hat USA's 2023 startup competition, uses deterministic AI to optimize cloud security.
Trend Micro
JULY 5, 2023
To combat complexity and achieve optimal security outcomes, there are four key factors an organization should consider when evaluating their endpoint security.
Advertisement
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
Security Boulevard
JULY 5, 2023
A data breach is when sensitive, protected, or confidential information is accessed, stolen, or exposed by an unauthorized individual or group. These incidents can occur in various ways, such as hacking, theft, or human error. Data breaches can have serious […] The post Data Breaches in June 2023 – Infographic appeared first on WeSecureApp :: Simplifying Enterprise Security.
Dark Reading
JULY 5, 2023
Exposed and unpatched solar power monitoring systems have been exploited by both amateurs and professionals, including Mirai botnet hackers.
Security Boulevard
JULY 5, 2023
The post Revving Up for Rev5: When Threats Evolve, FedRAMP Must Evolve appeared first on Anitian. The post Revving Up for Rev5: When Threats Evolve, FedRAMP Must Evolve appeared first on Security Boulevard.
WIRED Threat Level
JULY 5, 2023
Vulnerabilities in electric vehicle charging stations and a lack of broad standards threaten drivers—and the power grid.
Speaker: Sierre Lindgren
Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.
The Hacker News
JULY 5, 2023
A sophisticated stealer-as-a-ransomware threat dubbed RedEnergy has been spotted in the wild targeting energy utilities, oil, gas, telecom, and machinery sectors in Brazil and the Philippines through their LinkedIn pages.
Dark Reading
JULY 5, 2023
Dark Reading's latest publication looks at a missing, but necessary, ingredient to effective third-party risk management.
The Hacker News
JULY 5, 2023
The npm registry for the Node.js JavaScript runtime environment is susceptible to what's called a manifest confusion attack that could potentially allow threat actors to conceal malware in project dependencies or perform arbitrary script execution during installation.
WIRED Threat Level
JULY 5, 2023
The National Defense Authorization Act may include new language forbidding government entities from buying Americans' search histories, location data, and more.
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
The Hacker News
JULY 5, 2023
Instagram Threads, the upcoming Twitter competitor from Meta, will not be launched in the European Union due to privacy concerns, according to Ireland's Data Protection Commission (DPC). The development was reported by the Irish Independent, which said the watchdog has been in contact with the social media giant about the new product and confirmed the release won't extend to the E.U.
Malwarebytes
JULY 5, 2023
We often think of malvertising as being malicious ads that push malware or scams, and quite rightly so these are probably the most common payloads. However, malvertising is also a great vehicle for phishing attacks which we usually see more often via spam emails. Threat actors continue to abuse and impersonate brands, posing as verified advertisers whose only purpose is to smuggle rogue ads via popular search engines.
Security Affairs
JULY 5, 2023
The European Union Agency for Cybersecurity (ENISA) releases its first cyber threat landscape report for the health sector. The European Union Agency for Cybersecurity (ENISA) releases today its first cyber threat landscape report for the health sector. The report identifies prime threats, threat actors, and trends and covers a period of over 2 years.
SecureWorld News
JULY 5, 2023
A tool labeled TeamsPhisher was published recently on GitHub by a member of the U.S. Navy red team in an attempt to highlight and resolve a security issue within the business communication platform Microsoft Teams. The tool works to bypass and exploit Microsoft Teams to allow unsolicited external files to be sent, allowing hackers to send messages to anyone despite not being a part of the recipient's organization.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Malwarebytes
JULY 5, 2023
In July’s update for the Android operating system (OS), Google has patched 43 vulnerabilities, three of which are actively exploited zero-day vulnerabilities. The security bulletin notes that there are indications that these three vulnerabilities may be under limited, targeted exploitation. If your Android phone is at patch level 2023-07-05 or later then the issues discussed below have been fixed.
Security Affairs
JULY 5, 2023
RedEnergy is a sophisticated stealer-as-a-ransomware that was employed in attacks targeting energy utilities, oil, gas, telecom, and machinery sectors. Zscaler ThreatLabz researchers discovered a new Stealer-as-a-Ransomware named RedEnergy used in attacks against energy utilities, oil, gas, telecom, and machinery sectors. The malware allows operators to steal information from various browsers, it also supports ransomware capabilities.
eSecurity Planet
JULY 5, 2023
A pentest framework, or penetration testing framework, is a standardized set of guidelines and suggested tools for structuring and conducting effective pentests across different networks and security environments. While it’s certainly possible to construct your own pentest framework that meets the specific security and compliance requirements of your organization, a number of existing methodologies and frameworks can be built upon to make the job easier for you.
Security Affairs
JULY 5, 2023
A vulnerability in SolarView product can be exploited in attacks targeting organizations in the energy sector. Researchers from the cybersecurity firm VulnCheck reported that the vulnerability CVE-2022-29303 in the solar power monitoring Contec SolarView product can be exploited in attacks targeting organizations in the energy sector. CVE-2022-29303 is an unauthenticated and remote command injection vulnerability impacting the Contec SolarView Series.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Expert insights. Personalized for you.
286 
Let's personalize your content