Schneier on Security
NOVEMBER 30, 2022
Facebook—Meta—was just fined $276 million (USD) for a data leak that included full names, birth dates, phone numbers, and location. Meta’s total fine by the Data Protection Commission is over $700 million. Total GDPR fines are over €2 billion (EUR) since 2018.
Joseph Steinberg
NOVEMBER 30, 2022
Zero Trust is becoming the new norm for securing corporate networks. The growing adoption of hybrid work models and the shift to the cloud have transformed the modern business network. No longer a well-defined and manageable set of edge locations, today’s corporate networks are an infinite web of users connecting from anywhere to resources hosted all over the globe.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
We Live Security
NOVEMBER 30, 2022
ESET researchers uncover Dolphin, a sophisticated backdoor extending the arsenal of the ScarCruft APT group. The post Who’s swimming in South Korean waters? Meet ScarCruft’s Dolphin appeared first on WeLiveSecurity.
CyberSecurity Insiders
NOVEMBER 30, 2022
Sophos has compiled a report and released it stating 67% of IaaS cloud providers were hit by ransomware this year and the numbers to increase by a double fold this year. Unpatched vulnerabilities and configuration errors made it easy for hackers to steal info and encrypt data on the servers related to the cloud. FYI, IaaS is a cloud computing server where an individual or a company offers computing, storage, and networking resources on demand and the user can pay-as-you use model, making it into
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Security Boulevard
NOVEMBER 30, 2022
Cloud security is broad and complex by nature – but it comes with a lot of specific terms and acronyms. That’s why we put together this continuously growing glossary of cloud security terms. Use this as a guide to help you unravel the nuances of cloud security and successfully navigate through the field. The post 43 Cloud Security Terms You Need to Know for 2023 appeared first on Security Boulevard.
Bleeping Computer
NOVEMBER 30, 2022
While analyzing its capabilities, Akamai researchers have accidentally taken down a cryptomining botnet that was also used for distributed denial-of-service (DDoS) attacks. [.].
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Bleeping Computer
NOVEMBER 30, 2022
Google's Threat Analysis Group (TAG) has linked an exploit framework that targets now-patched vulnerabilities in the Chrome and Firefox web browsers and the Microsoft Defender security app to a Spanish software company. [.].
Security Boulevard
NOVEMBER 30, 2022
Secure access service edge, or SASE, is the latest cloud-based network security architecture that businesses are beginning to use. What makes SASE unique? SASE emphasizes a shift in the focus of data protection and data location. Traditionally, data is stored onsite and accessed through an enterprise-level centralized database. SASE flips this on its head and.
Bleeping Computer
NOVEMBER 30, 2022
The Keralty multinational healthcare organization suffered a RansomHouse ransomware attack on Sunday, disrupting the websites and operations of the company and its subsidiaries. [.].
Security Affairs
NOVEMBER 30, 2022
Google’s Threat Analysis Group (TAG) linked three exploitation frameworks to a Spanish surveillance spyware vendor named Variston. While tracking the activities of commercial spyware vendors, Threat Analysis Group (TAG) spotted an exploitation framework likely linked Variston IT, a Spanish firm. Officially, Variston claims to provide custom security solutions and custom patches for embedded system.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Security Boulevard
NOVEMBER 30, 2022
Many organizations now rely on low-code/no-code app development platforms to cost-efficiently address a variety of application needs in different aspects of business operations. A recent survey revealed that 47% of organizations are already using these technologies, while 20% of those who are not using them express intentions to adopt the tech in the next 12.
Bleeping Computer
NOVEMBER 30, 2022
Security researchers found a previously unknown backdoor they call Dophin that's been used by North Korean hackers in highly targeted operations for more than a year to steal files and send them to Google Drive storage. [.].
Security Boulevard
NOVEMBER 30, 2022
Cybersecurity mayhem is looming in the new year: Contrast Security’s SVP of Cyber Strategy Tom Kellermann is predicting more Denonia-like serverless malware and that Twitter will be turned into a cyberattack launching pad, among other 2023 doom-and-gloom predictions. . The post Application Security (AppSec) Predictions | Contrast Security appeared first on Security Boulevard.
Bleeping Computer
NOVEMBER 30, 2022
NVIDIA has released a security update for its GPU display driver for Windows, containing a fix for a high-severity flaw that threat actors can exploit to perform, among other things, code execution and privilege escalation. [.].
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Security Boulevard
NOVEMBER 30, 2022
Monitor—a new alerting and analysis capability from Flashpoint—helps intel analysts quickly and easily transform open-source data into actionable intelligence. The post Turning OSINT Into Action: How Monitor Helps Intel Analysts Tackle Data Overwhelm appeared first on Flashpoint. The post Turning OSINT Into Action: How Monitor Helps Intel Analysts Tackle Data Overwhelm appeared first on Security Boulevard.
Dark Reading
NOVEMBER 30, 2022
Signal messaging app zero-day vulnerabilities have sparked a $1.5M bidding match, as gray-market exploit brokers flourish in today's geopolitical climate.
Security Boulevard
NOVEMBER 30, 2022
This is what Contrast Security experts see when they gaze into the cybersecurity crystal ball: Crooks will exploit the security and privacy vacuum at Twitter to turn it into a cyberattack platform. A major public cloud platform will be used to island hop so as to launch ransomware attacks on its customers. As you read this, more malware like the Denonia cryptominer is under development and will be unleashed on the serverless environment in the new year. .
The Hacker News
NOVEMBER 30, 2022
New findings from cybersecurity firm JFrog show that malware targeting the npm ecosystem can evade security checks by taking advantage of an "unexpected behavior" in the npm command line interface (CLI) tool.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
CSO Magazine
NOVEMBER 30, 2022
Ransom Cartel, a ransomware-as-a-service (RaaS) operation, has stepped up its attacks over the past year after the disbanding of prominent gangs such as REvil and Conti. Believed to have launched in December 2021, Ransom Cartel has made victims of organizations from among the education, manufacturing, utilities, and energy sectors with aggressive malware and tactics that resemble those used by REvil.
The Hacker News
NOVEMBER 30, 2022
The French data protection watchdog on Tuesday fined electricity provider Électricité de France €600,000 for violating the European Union General Data Protection Regulation (GDPR) requirements.
Security Affairs
NOVEMBER 30, 2022
Threat actors are exploiting interest in a popular TikTok challenge, dubbed Invisible Challenge , to trick users into downloading info-stealing malware. Threat actors are exploiting the popularity of a TikTok challenge, called Invisible Challenge , to trick users into downloading information-stealing malware, Checkmarx researchers warn. People participating in the Invisible Challenge have to apply a filter called Invisible Body that removes the character’s body from a video, in which they pose
Security Boulevard
NOVEMBER 30, 2022
Do you believe in psychics? Many people turn to psychics and mediums for advice or to communicate with dead loved […]. The post The Psychic and the Social Engineer appeared first on Security Boulevard.
Advertisement
The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.
Thales Cloud Protection & Licensing
NOVEMBER 30, 2022
A New Era: Cybersecurity Implications of Quantum Computing. divya. Thu, 12/01/2022 - 06:12. Rapid developments in quantum computing, such as IBM's Quantum Condor processor with a 1000 qubit capacity, have prompted experts to declare that the fourth industrial revolution is about to make a “quantum leap”. The exponential processing capability of a quantum computer is already being welcomed by governments and corporations.
Bleeping Computer
NOVEMBER 30, 2022
Remote access and collaboration company GoTo disclosed today that they suffered a security breach where threat actors gained access to their development environment and third-party cloud storage service. [.].
CyberSecurity Insiders
NOVEMBER 30, 2022
Mobile Applications that are being used by the US Army and Centre for Disease Control and Prevention(CDCP) are caught in a fresh brawl of mobile security. As an investigation carried out by Reuters claims that the application has links to Russian company named Pushwoosh, that once developed a spying malware and is now found transmitting information to the Military intelligence Agency GRU.
Bleeping Computer
NOVEMBER 30, 2022
Microsoft has addressed a known issue leading to significant performance hits when copying large files over SMB after installing the Windows 11 2022 update. [.].
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Security Affairs
NOVEMBER 30, 2022
An alleged China-linked cyberespionage group, tracked as UNC4191, used USB devices in attacks aimed at Philippines entities. Mandiant researchers spotted an alleged China-linked cyberespionage group, tracked as UNC4191, leveraging USB devices as attack vectors in campaigns aimed at Philippines entities. This campaign has been active dates as far back as September 2021 and targeted public and private sector entities primarily in Southeast Asia, along with organizations in the U.S., Europe, and AP
Graham Cluley
NOVEMBER 30, 2022
As of September 2022, Twitter had challenged 11.72 million accounts, suspended 11,230 accounts, and removed over 97,674 pieces of misleading content related to COVID-19 worldwide. Today? It’s not doing anything. As an update on the company’s COVID-19 misinformation report webpage notes: Effective November 23, 2022, Twitter is no longer enforcing the COVID-19 misleading information policy. … Continue reading "Twitter isn’t going to stop people posting COVID-19 misinformati
Bleeping Computer
NOVEMBER 30, 2022
The Australian parliament has approved a bill to amend the country's privacy legislation, significantly increasing the maximum penalties to AU$50 million for companies and data controllers who suffered large-scale data breaches. [.].
The Hacker News
NOVEMBER 30, 2022
A malicious Android SMS application discovered on the Google Play Store has been found to stealthily harvest text messages with the goal of creating accounts on a wide range of platforms like Facebook, Google, and WhatsApp. The app, named Symoo (com.vanjan.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Expert insights. Personalized for you.
228 
Let's personalize your content