Schneier on Security
AUGUST 1, 2022
Amazon has revealed that it gives police videos from its Ring doorbells without a warrant and without user consent. Ring recently revealed how often the answer to that question has been yes. The Amazon company responded to an inquiry from US Senator Ed Markey (D-Mass.), confirming that there have been 11 cases in 2022 where Ring complied with police “emergency” requests.
The Last Watchdog
AUGUST 1, 2022
After years of competitive jockeying, the leading tech giants have agreed to embrace a brand new open-source standard – called Matter – that will allow consumers to mix and match smart home devices and platforms. Related: The crucial role of ‘Digital Trust’ After numerous delays and course changes, the Matter protocol, is set to roll out this fall, in time for the 2022 holiday shopping season.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Tech Republic Security
AUGUST 1, 2022
A probable Chinese rootkit infects targeted computers and stays active even if the system is being reinstalled. The post New CosmicStrand rootkit targets Gigabyte and ASUS motherboards appeared first on TechRepublic.
Malwarebytes
AUGUST 1, 2022
Security researcher Derek Abdine has published an advisory about vulnerabilities that exist in the MIT-licensed muhttpd web server. This web server is present in Arris firmware which can be found in several router models. muhttpd web server. muhttpd (mu HTTP deamon) is a simple but complete web server written in portable ANSI C. It has three major goals: Be simple, be portable, and be secure.
Speaker: Erroll Amacker
Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.
WIRED Threat Level
AUGUST 1, 2022
Keep your logins locked down with our favorite apps for PC, Mac, Android, iPhone, and web browsers.
Security Affairs
AUGUST 1, 2022
The ALPHV/BlackCat ransomware gang claims to have breached the European gas pipeline Creos Luxembourg S.A. The ALPHV/BlackCat ransomware gang claims to have hacked the European gas pipeline Creos Luxembourg S.A. Creos Luxembourg S.A. owns and manages electricity networks and natural gas pipelines in the Grand Duchy of Luxembourg. In this capacity, the company plans, constructs and maintains high, medium and low-voltage electricity networks and high, medium and low-pressure natural gas pipelines,
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
|
Bleeping Computer
AUGUST 1, 2022
Cybersecurity researchers have uncovered a set of 3,207 mobile apps that are exposing Twitter API keys to the public, potentially enabling a threat actor to take over users' Twitter accounts that are associated with the app. [.].
Dark Reading
AUGUST 1, 2022
"Bruggling" emerges as a novel technique for pilfering data out from a compromised environment — or for sneaking in malicious code and attack tools.
Bleeping Computer
AUGUST 1, 2022
Winamp has released its first release candidate after four years in development, officially bringing the popular media player out of beta. [.].
CSO Magazine
AUGUST 1, 2022
The global average cost of data breaches reached an all-time high of $4.35 million in 2022 compared with $4.24 million in 2021, according to a new IBM Security report. About 60% of the breached organizations raised product and services prices due to the breaches. The annual report, conducted by Ponemon Institute and analyzed and sponsored by IBM Security, is based on the analysis of real-world data breaches experienced by 550 organizations globally between March 2021 and March 2022.
Advertisement
Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.
Bleeping Computer
AUGUST 1, 2022
The ransomware group known as ALPHV (aka BlackCat) has assumed over the weekend responsibility for the cyberattack that hit Creos Luxembourg last week, a natural gas pipeline and electricity network operator in the central European country. [.].
Heimadal Security
AUGUST 1, 2022
The independent agency of the United States federal government Federal Communications Commission (FCC) alerted mobile users to an uptick in SMS (Short Message Service) phishing campaigns that aim to steal their money and snatch their private data. Threat actors behind these types of attacks, also known as smishing or robotexts, may employ a variety of […].
CyberSecurity Insiders
AUGUST 1, 2022
Security researchers from the consumer group ‘Which?’ have discovered that smart home products such as Google Nest and Amazon Echo smart speaker can be hacked at any moment as security patch updates have been stopped to such devices from the past three years and so they are or might have already fallen prey to hackers. Mentioning some device names, Which?
Dark Reading
AUGUST 1, 2022
Tech companies play a vital role in global communication, which has profound effects on how politics, policies, and human rights issues play out.
Advertisement
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
CyberSecurity Insiders
AUGUST 1, 2022
While verification and authentication are terms that are often used interchangeably, they are in fact two separate operations. Although they both work towards a mutual goal, they exist at different stages of the identity-checking process and use different methods for identity validation. Digital verification and authentication play a critical role in preventing fraud and cyberattacks.
Security Boulevard
AUGUST 1, 2022
After many long lockdowns, the information technology industry woke up to a new reality. Cyber crime was too widespread and heavily resourced. Hybrid architectures had grown too complex to be able to provide adequate defense, resulting in new larger threat surfaces. To make matters worse, there was a lack of skilled security professionals who could […].
CyberSecurity Insiders
AUGUST 1, 2022
Security research carried out by CloudSEK has found that over 3000+ mobile applications were exposing Twitter’s API keys, thus providing access to twitter accounts fraudulently. The research also found that among those, over 230 of them belonged to newly started companies that were found leaking authentication related credentials, allowing a complete takeover of twitter accounts.
Security Boulevard
AUGUST 1, 2022
Backup encryption is the process of converting backups from plaintext to ciphertext using mathematical algorithms and encryption keys for maximum data security. The post Backup Encryption: What It Is and Why It’s Important for Data Security appeared first on Security Boulevard.
Speaker: Sierre Lindgren
Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.
CyberSecurity Insiders
AUGUST 1, 2022
After analyzing many situations like the Uvalde Texas Shooting attack that killed 19 people including 17 children and 2 adults(teachers) T Mobile has come up with a new data priority strategy applicable to all first responders across the United States. The telecom company announced that it will offer a free network upgrade to all those people acting as first responders, all for free.
Security Boulevard
AUGUST 1, 2022
Microsoft’s announcement that it would block macros in Microsoft Office apps by default didn’t stop threat actors—they have simply resorted to new tricks. “Threat actors across the landscape responded by shifting away from macro-based threats,” Proofpoint researchers noted in a blog post. In fact, an analysis of campaign data, “which include threats manually analyzed and.
Javvad Malik
AUGUST 1, 2022
Group-IB have published a very well researched report on fake investment scams in Europe. The scam follows a well-established set of steps:1. The bogus come-on is published on social media. 2. The victim is taken to a phony investment website. 3. The victim enters personal information in a form on the scam site. 4. A call center contacts the victim, offering more information about the fraudulent investment prospectus. 5.
Security Boulevard
AUGUST 1, 2022
Before the pandemic, small and midsize businesses (SMBs) were often inconsistent in their willingness and ability to adopt the latest Read More. The post 2022 IT Operations Survey Highlights: Good, Bad and Ugly appeared first on Kaseya. The post 2022 IT Operations Survey Highlights: Good, Bad and Ugly appeared first on Security Boulevard.
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
Malwarebytes
AUGUST 1, 2022
Last week on Malwarebytes Labs: Update Google Chrome now! New version includes 11 important security patches Lightning Framework, modular Linux malware Malware spent months hoovering up credit card details from 300 US restaurants Lock down your Neopets account: Data breach being investigated Demo: Your data has been encrypted! Stopping ransomware attacks with Malwarebytes EDR Microsoft clamps down on RDP brute-force attacks in Windows 11 SonicWall urges customers to patch critical SQL injection
Dark Reading
AUGUST 1, 2022
Come up with a clever caption, and our panel of experts will reward the winner with a $25 Amazon gift card.
CSO Magazine
AUGUST 1, 2022
Every time a user opens an app on their device, it seems they are being asked to provide both information necessary to engage with the app and far too often additional information that falls into the nice-to-have or marketing niche. Having CISOs participating in the discussions on what data is necessary for an app to function is table stakes. They should have a say in how that data is parsed to determine how it must be protected to remain in compliance with privacy laws.
Heimadal Security
AUGUST 1, 2022
COPENHAGEN, August 1st, 2022 – Heimdal™ today announces the opening of a new office in London, United Kingdom. This expansion enables Heimdal™ to continue its evolution as an already emerging market leader in the region. Tied to its spectacular year-over-year advancement, it was only natural for the company to enlarge and strengthen its presence in […].
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Duo's Security Blog
AUGUST 1, 2022
The Payment Card Industry Data Security Standard (PCI DSS) recently updated their standards from PCI DSS 3.2.1 to PCI DSS 4.0. It is the first major revision in some time. There is more flexibility built into 4.0 for companies to implement security that works security framework. There were 60 changes made, with new rules around multi-factor (MFA) being one of the most significant.
SecureBlitz
AUGUST 1, 2022
In this post, I will show you how to identify if a clock is a camera. A security camera can. Read more. The post How Do You Tell If A Clock Is A Camera? appeared first on SecureBlitz Cybersecurity.
Security Boulevard
AUGUST 1, 2022
Even organizations that are fully dedicated to software development don’t want to spend their time and competitive energy chasing software compliance. But ignoring changing legal requirements is dangerous. The post Open source licensing shift: Fedora blocks Creative Commons CC0 appeared first on Security Boulevard.
SecureBlitz
AUGUST 1, 2022
Want to learn more about cybersecurity technical writing? Read on! Cybersecurity is an exciting field that offers many opportunities to. Read more. The post Cybersecurity Technical Writing: Main Points appeared first on SecureBlitz Cybersecurity.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Expert insights. Personalized for you.
344 
Let's personalize your content