Schneier on Security
JULY 5, 2023
I have mixed feelings about this class-action lawsuit against OpenAI and Microsoft, claiming that it “scraped 300 billion words from the internet” without either registering as a data broker or obtaining consent. On the one hand, I want this to be a protected fair use of public data. On the other hand, I want us all to be compensated for our uniquely human ability to generate language.
Tech Republic Security
JULY 5, 2023
Learn about the benefits and use cases of quantum computing. Also, get details about quantum cryptography from an expert. The post Is Quantum Computing Right for Your Business? appeared first on TechRepublic.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Bleeping Computer
JULY 5, 2023
A member of U.S. Navy's red team has published a tool called TeamsPhisher that leverages an unresolved security issue in Microsoft Teams to bypass restrictions for incoming files from users outside of a targeted organization, the so-called external tenants. [.
Tech Republic Security
JULY 5, 2023
Thales cloud security study shows that 79% of organizations have more than one cloud provider and 75% of companies said they store at least 40% of their sensitive data in the cloud. The post Thales: For Data Breaches, Cloud Assets are Biggest Cybersecurity Headache appeared first on TechRepublic.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Dark Reading
JULY 5, 2023
The "TeamsPhisher" cyberattack tool gives pentesters — and adversaries — a way to deliver malicious files directly to a Teams user from an external account, or tenant.
Bleeping Computer
JULY 5, 2023
The Port of Nagoya, the largest and busiest port in Japan, has been targeted in a ransomware attack that currently impacts the operation of container terminals. [.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Dark Reading
JULY 5, 2023
You can't encrypt a file you can't open — Microsoft could dramatically impact ransomware by slowing it down.
Security Boulevard
JULY 5, 2023
Discover how to enhance the security of your container registries using honeytokens. Learn the steps to secure Docker Registry, GitHub Container Registry, and GitLab Container Registry with honeytokens. Strengthen your DevOps pipeline and protect your valuable assets. The post How to Secure Your Container Registries With GitGuardian’s Honeytoken appeared first on Security Boulevard.
Malwarebytes
JULY 5, 2023
We often think of malvertising as being malicious ads that push malware or scams, and quite rightly so these are probably the most common payloads. However, malvertising is also a great vehicle for phishing attacks which we usually see more often via spam emails. Threat actors continue to abuse and impersonate brands, posing as verified advertisers whose only purpose is to smuggle rogue ads via popular search engines.
Security Boulevard
JULY 5, 2023
A data breach is when sensitive, protected, or confidential information is accessed, stolen, or exposed by an unauthorized individual or group. These incidents can occur in various ways, such as hacking, theft, or human error. Data breaches can have serious […] The post Data Breaches in June 2023 – Infographic appeared first on WeSecureApp :: Simplifying Enterprise Security.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
eSecurity Planet
JULY 5, 2023
A pentest framework, or penetration testing framework, is a standardized set of guidelines and suggested tools for structuring and conducting effective pentests across different networks and security environments. While it’s certainly possible to construct your own pentest framework that meets the specific security and compliance requirements of your organization, a number of existing methodologies and frameworks can be built upon to make the job easier for you.
Security Boulevard
JULY 5, 2023
The post Revving Up for Rev5: When Threats Evolve, FedRAMP Must Evolve appeared first on Anitian. The post Revving Up for Rev5: When Threats Evolve, FedRAMP Must Evolve appeared first on Security Boulevard.
Malwarebytes
JULY 5, 2023
In July’s update for the Android operating system (OS), Google has patched 43 vulnerabilities, three of which are actively exploited zero-day vulnerabilities. The security bulletin notes that there are indications that these three vulnerabilities may be under limited, targeted exploitation. If your Android phone is at patch level 2023-07-05 or later then the issues discussed below have been fixed.
Security Boulevard
JULY 5, 2023
Understanding how to overcome the challenges of interoperability in fuzz testing helps ensure efficient and comprehensive testing results. The post Challenges of interoperability in fuzz testing appeared first on Security Boulevard.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
The Hacker News
JULY 5, 2023
The npm registry for the Node.js JavaScript runtime environment is susceptible to what's called a manifest confusion attack that could potentially allow threat actors to conceal malware in project dependencies or perform arbitrary script execution during installation.
Security Boulevard
JULY 5, 2023
The era of cloud-native applications has arrived, and new security challenges have emerged for those developing cloud-native applications. Many modern business applications live in cloud native computing environments today because the cloud offers scalability, speed, and flexibility that are difficult or impossible to deliver in purely on-premises data centers.
Naked Security
JULY 5, 2023
No zero-days this month, so you’re patching to stay ahead, not merely to catch up!
Security Boulevard
JULY 5, 2023
via the respected Software Engineering expertise of Mikkel Noe-Nygaard as well as the lauded Software Engineering and Enterprise Agile Coaching talent of Luxshan Ratnara v at Comic Agilé ! Permalink The post Comic Agilé – Mikkel Noe-Nygaard, Luxshan Ratnarav – #249 — How to Become a Speaker at Conferences appeared first on Security Boulevard.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
SecureList
JULY 5, 2023
The higher the global popularity of cryptocurrencies and the more new ways of storing them, the wider the arsenal of tools used by malicious actors who are after digital money. Scammers tailor the complexity of technology they use and the thoroughness of their efforts to imitate legitimate websites to how well the target is protected and how large the amount is that they can steal if successful.
Security Boulevard
JULY 5, 2023
Our thanks to BSidesSF for publishing their presenter’s superlative BSidesSF 2023 content on the organizations’ YouTube channel. Permalink The post BSidesSF 2023 – Alex Toombs – WebAuthn, Yubikeys, And You: What We Wish We Knew Before Rolling Out WebAuthn For Internal Use appeared first on Security Boulevard.
WIRED Threat Level
JULY 5, 2023
The National Defense Authorization Act may include new language forbidding government entities from buying Americans' search histories, location data, and more.
Security Boulevard
JULY 5, 2023
In the third of this three-part series, we discuss how the 'sales transaction paradigm' can impact a software audit. The post Adventures in Software Audits, Part Three: The Paradigm Battle appeared first on Security Boulevard.
Advertisement
The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.
Security Affairs
JULY 5, 2023
The European Union Agency for Cybersecurity (ENISA) releases its first cyber threat landscape report for the health sector. The European Union Agency for Cybersecurity (ENISA) releases today its first cyber threat landscape report for the health sector. The report identifies prime threats, threat actors, and trends and covers a period of over 2 years.
Security Boulevard
JULY 5, 2023
Compliance audits and penetration testing play an important role in assessing, correcting and strengthening an organization’s security configuration. The post How Audits + Testing = Long-Term Savings appeared first on Security Boulevard.
Dark Reading
JULY 5, 2023
The startup, one of four finalists in Black Hat USA's 2023 startup competition, uses deterministic AI to optimize cloud security.
Security Boulevard
JULY 5, 2023
I have mixed feelings about this class-action lawsuit against OpenAI and Microsoft, claiming that it “scraped 300 billion words from the internet” without either registering as a data broker or obtaining consent. On the one hand, I want this to be a protected fair use of public data. On the other hand, I want us all to be compensated for our uniquely human ability to generate language.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Heimadal Security
JULY 5, 2023
The US Cybersecurity and Infrastructure Security Agency (CISA) added 6 flaws affecting Samsung smartphones to its Known Exploited Vulnerabilities Catalog. On the same day, CISA also added 2 other vulnerabilities impacting D-Link devices. Although security specialists released patches for all 8 CVEs back in 2021, researchers currently found evidence of active exploitation.
The Hacker News
JULY 5, 2023
A sophisticated stealer-as-a-ransomware threat dubbed RedEnergy has been spotted in the wild targeting energy utilities, oil, gas, telecom, and machinery sectors in Brazil and the Philippines through their LinkedIn pages.
Security Affairs
JULY 5, 2023
RedEnergy is a sophisticated stealer-as-a-ransomware that was employed in attacks targeting energy utilities, oil, gas, telecom, and machinery sectors. Zscaler ThreatLabz researchers discovered a new Stealer-as-a-Ransomware named RedEnergy used in attacks against energy utilities, oil, gas, telecom, and machinery sectors. The malware allows operators to steal information from various browsers, it also supports ransomware capabilities.
Dark Reading
JULY 5, 2023
Exposed and unpatched solar power monitoring systems have been exploited by both amateurs and professionals, including Mirai botnet hackers.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Expert insights. Personalized for you.
231 
Let's personalize your content