Wed.Nov 30, 2022

article thumbnail

Facebook Fined $276M under GDPR

Schneier on Security

Facebook—Meta—was just fined $276 million (USD) for a data leak that included full names, birth dates, phone numbers, and location. Meta’s total fine by the Data Protection Commission is over $700 million. Total GDPR fines are over €2 billion (EUR) since 2018.

269
269
article thumbnail

Zero Trust Strategies for 2023: A Webinar With Renowned CyberSecurity Expert Joseph Steinberg

Joseph Steinberg

Zero Trust is becoming the new norm for securing corporate networks. The growing adoption of hybrid work models and the shift to the cloud have transformed the modern business network. No longer a well-defined and manageable set of edge locations, today’s corporate networks are an infinite web of users connecting from anywhere to resources hosted all over the globe.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Who’s swimming in South Korean waters? Meet ScarCruft’s Dolphin

We Live Security

ESET researchers uncover Dolphin, a sophisticated backdoor extending the arsenal of the ScarCruft APT group. The post Who’s swimming in South Korean waters? Meet ScarCruft’s Dolphin appeared first on WeLiveSecurity.

139
139
article thumbnail

Most Infrastructure as a Service Cloud providers hit by ransomware this year

CyberSecurity Insiders

Sophos has compiled a report and released it stating 67% of IaaS cloud providers were hit by ransomware this year and the numbers to increase by a double fold this year. Unpatched vulnerabilities and configuration errors made it easy for hackers to steal info and encrypt data on the servers related to the cloud. FYI, IaaS is a cloud computing server where an individual or a company offers computing, storage, and networking resources on demand and the user can pay-as-you use model, making it into

article thumbnail

How to Avoid Pitfalls In Automation: Keep Humans In the Loop

Speaker: Erroll Amacker

Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.

article thumbnail

Twitter isn’t going to stop people posting COVID-19 misinformation anymore

Graham Cluley

As of September 2022, Twitter had challenged 11.72 million accounts, suspended 11,230 accounts, and removed over 97,674 pieces of misleading content related to COVID-19 worldwide. Today? It’s not doing anything. As an update on the company’s COVID-19 misinformation report webpage notes: Effective November 23, 2022, Twitter is no longer enforcing the COVID-19 misleading information policy. … Continue reading "Twitter isn’t going to stop people posting COVID-19 misinformati

article thumbnail

43 Cloud Security Terms You Need to Know for 2023

Security Boulevard

Cloud security is broad and complex by nature – but it comes with a lot of specific terms and acronyms. That’s why we put together this continuously growing glossary of cloud security terms. Use this as a guide to help you unravel the nuances of cloud security and successfully navigate through the field. The post 43 Cloud Security Terms You Need to Know for 2023 appeared first on Security Boulevard.

126
126

LifeWorks

More Trending

article thumbnail

Google links three exploitation frameworks to Spanish commercial spyware vendor Variston

Security Affairs

Google’s Threat Analysis Group (TAG) linked three exploitation frameworks to a Spanish surveillance spyware vendor named Variston. While tracking the activities of commercial spyware vendors, Threat Analysis Group (TAG) spotted an exploitation framework likely linked Variston IT, a Spanish firm. Officially, Variston claims to provide custom security solutions and custom patches for embedded system.

Spyware 110
article thumbnail

Google discovers Windows exploit framework used to deploy spyware

Bleeping Computer

Google's Threat Analysis Group (TAG) has linked an exploit framework that targets now-patched vulnerabilities in the Chrome and Firefox web browsers and the Microsoft Defender security app to a Spanish software company. [.].

Spyware 108
article thumbnail

Insert Tokens to Play! OpenID Connect (OIDC) Support in Duo SSO Is Now in Early Access

Duo's Security Blog

We are in an ever-changing world where tens, hundreds, sometimes even tens of thousands of applications are being used to keep your business moving forward. We see this here at Duo and Cisco every single day! As organizations work tirelessly to adopt these new business-critical applications, the identity and security industries are doing the same to ensure that end users have secure, frictionless access to all of them.

B2C 105
article thumbnail

SASE: The Future of Cloud-Delivered Network Security

Security Boulevard

Secure access service edge, or SASE, is the latest cloud-based network security architecture that businesses are beginning to use. What makes SASE unique? SASE emphasizes a shift in the focus of data protection and data location. Traditionally, data is stored onsite and accessed through an enterprise-level centralized database. SASE flips this on its head and.

article thumbnail

Why Giant Content Libraries Do Nothing for Your Employees’ Cyber Resilience

Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.

article thumbnail

Cybersecurity researchers take down DDoS botnet by accident

Bleeping Computer

While analyzing its capabilities, Akamai researchers have accidentally taken down a cryptomining botnet that was also used for distributed denial-of-service (DDoS) attacks. [.].

DDOS 105
article thumbnail

New Exploit Broker on the Scene Pays Premium for Signal App Zero-Days

Dark Reading

Signal messaging app zero-day vulnerabilities have sparked a $1.5M bidding match, as gray-market exploit brokers flourish in today's geopolitical climate.

Marketing 105
article thumbnail

Lastpass says hackers accessed customer data in new breach

Bleeping Computer

LastPass says unknown attackers breached its cloud storage using information stolen during a previous security incident from August 2022. [.].

101
101
article thumbnail

Lastpass discloses the second security breach this year

Security Affairs

LastPass disclosed a new security breach, threat actors had access to its cloud storage using information stolen in the August 2022 breach. Password management solution LastPass disclosed a new security breach, the attackers had access to a third-party cloud storage service using information stolen in the August 2022 breach. The impacted cloud storage service is GoTo , it is currently shared by both LastPass and its affiliate.

article thumbnail

Zero Trust Mandate: The Realities, Requirements and Roadmap

The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.

article thumbnail

Researchers Find a Way Malicious NPM Libraries Can Evade Vulnerability Detection

The Hacker News

New findings from cybersecurity firm JFrog show that malware targeting the npm ecosystem can evade security checks by taking advantage of an "unexpected behavior" in the npm command line interface (CLI) tool.

Malware 100
article thumbnail

Attackers abused the popular TikTok Invisible Challenge to spread info-stealer

Security Affairs

Threat actors are exploiting interest in a popular TikTok challenge, dubbed Invisible Challenge , to trick users into downloading info-stealing malware. Threat actors are exploiting the popularity of a TikTok challenge, called Invisible Challenge , to trick users into downloading information-stealing malware, Checkmarx researchers warn. People participating in the Invisible Challenge have to apply a filter called Invisible Body that removes the character’s body from a video, in which they pose

Malware 100
article thumbnail

Low-Code/No-Code App Dev’s Inherent Security Risks

Security Boulevard

Many organizations now rely on low-code/no-code app development platforms to cost-efficiently address a variety of application needs in different aspects of business operations. A recent survey revealed that 47% of organizations are already using these technologies, while 20% of those who are not using them express intentions to adopt the tech in the next 12.

Risk 98
article thumbnail

ENC Security, the encryption provider for Sony and Lexar, leaked sensitive data for over a year

Security Affairs

CyberNews experts discovered that ENC Security, a Netherlands software company, had been leaking critical business data since May 2021. Original post at [link]. When you buy a Sony, Lexar, or Sandisk USB key or any other storage device, it comes with an encryption solution to keep your data safe. The software is developed by a third-party vendor – ENC Security.

article thumbnail

Next-Level Fraud Prevention: Strategies for Today’s Threat Landscape

Speaker: Sierre Lindgren

Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.

article thumbnail

Meta’s GDPR fine: Why your DevOps needs red teaming

Security Boulevard

The post Meta’s GDPR fine: Why your DevOps needs red teaming appeared first on Security Boulevard.

article thumbnail

China-linked UNC4191 APT relies on USB Devices in attacks against entities in the Philippines

Security Affairs

An alleged China-linked cyberespionage group, tracked as UNC4191, used USB devices in attacks aimed at Philippines entities. Mandiant researchers spotted an alleged China-linked cyberespionage group, tracked as UNC4191, leveraging USB devices as attack vectors in campaigns aimed at Philippines entities. This campaign has been active dates as far back as September 2021 and targeted public and private sector entities primarily in Southeast Asia, along with organizations in the U.S., Europe, and AP

Malware 100
article thumbnail

Application Security (AppSec) Predictions | Contrast Security

Security Boulevard

Cybersecurity mayhem is looming in the new year: Contrast Security’s SVP of Cyber Strategy Tom Kellermann is predicting more Denonia-like serverless malware and that Twitter will be turned into a cyberattack launching pad, among other 2023 doom-and-gloom predictions. . The post Application Security (AppSec) Predictions | Contrast Security appeared first on Security Boulevard.

Malware 98
article thumbnail

French Electricity Provider Fined for Storing Users’ Passwords with Weak MD5 Algorithm

The Hacker News

The French data protection watchdog on Tuesday fined electricity provider Électricité de France €600,000 for violating the European Union General Data Protection Regulation (GDPR) requirements.

article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Turning OSINT Into Action: How Monitor Helps Intel Analysts Tackle Data Overwhelm

Security Boulevard

Monitor—a new alerting and analysis capability from Flashpoint—helps intel analysts quickly and easily transform open-source data into actionable intelligence. The post Turning OSINT Into Action: How Monitor Helps Intel Analysts Tackle Data Overwhelm appeared first on Flashpoint. The post Turning OSINT Into Action: How Monitor Helps Intel Analysts Tackle Data Overwhelm appeared first on Security Boulevard.

98
article thumbnail

Drop What You're Doing and Update iOS, Android, and Windows

WIRED Threat Level

Plus: Major patches dropped this month for Chrome, Firefox, VMware, Cisco, Citrix, and SAP.

98
article thumbnail

Cybersecurity predictions for 2023 | Contrast Security

Security Boulevard

This is what Contrast Security experts see when they gaze into the cybersecurity crystal ball: Crooks will exploit the security and privacy vacuum at Twitter to turn it into a cyberattack platform. A major public cloud platform will be used to island hop so as to launch ransomware attacks on its customers. As you read this, more malware like the Denonia cryptominer is under development and will be unleashed on the serverless environment in the new year. .

article thumbnail

Meta Fined €265M for Data Leak Involving 530M Users

SecureWorld News

Ireland's Data Protection Commission (DPC) has announced that Facebook's parent company, Meta, will be fined €265 million ($273 million USD) for a 2021 data leak involving approximately 533 million users' information. Meta will also have to implement a "range of corrective measures" following the DPC's decision. This announcement marks the conclusion of an inquiry that began on April 14, 2021, after media reports surfaced that threat actors leaked a Facebook personal dataset on the Dark Web.

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Microsoft fixes Windows 11 22H2 file copy performance hit

Bleeping Computer

Microsoft has addressed a known issue leading to significant performance hits when copying large files over SMB after installing the Windows 11 2022 update. [.].

97
article thumbnail

What is Ransom Cartel? A ransomware gang focused on reputational damage

CSO Magazine

Ransom Cartel, a ransomware-as-a-service (RaaS) operation, has stepped up its attacks over the past year after the disbanding of prominent gangs such as REvil and Conti. Believed to have launched in December 2021, Ransom Cartel has made victims of organizations from among the education, manufacturing, utilities, and energy sectors with aggressive malware and tactics that resemble those used by REvil.

article thumbnail

This Malicious App Abused Hacked Devices to Create Fake Accounts on Multiple Platforms

The Hacker News

A malicious Android SMS application discovered on the Google Play Store has been found to stealthily harvest text messages with the goal of creating accounts on a wide range of platforms like Facebook, Google, and WhatsApp. The app, named Symoo (com.vanjan.

article thumbnail

Russian Links with US Govt apps raise mobile security alert

CyberSecurity Insiders

Mobile Applications that are being used by the US Army and Centre for Disease Control and Prevention(CDCP) are caught in a fresh brawl of mobile security. As an investigation carried out by Reuters claims that the application has links to Russian company named Pushwoosh, that once developed a spying malware and is now found transmitting information to the Military intelligence Agency GRU.

Mobile 95
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!