Tue.Nov 22, 2022

article thumbnail

Data Breach Misattribution, Acxiom & Live Ramp

Troy Hunt

If you find your name and home address posted online, how do you know where it came from? Let's assume there's no further context given, it's just your legitimate personal data and it also includes your phone number, email address. and over 400 other fields of data. Where on earth did it come from? Now, imagine it's not just your record, but it's 246 million records.

article thumbnail

Apple’s Device Analytics Can Identify iCloud Users

Schneier on Security

Researchers claim that supposedly anonymous device analytics information can identify users: On Twitter , security researchers Tommy Mysk and Talal Haj Bakry have found that Apple’s device analytics data includes an iCloud account and can be linked directly to a specific user, including their name, date of birth, email, and associated information stored on iCloud.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

FIRESIDE CHAT: Anchoring security on granular visibility, proactive management of all endpoints

The Last Watchdog

Endpoints are where all are the connectivity action is. Related: Ransomware bombardments. And securing endpoints has once more become mission critical. This was the focal point of presentations at Tanium’s Converge 2022 conference which I had the privilege to attend last week at the Fairmont Austin in the Texas capital. I had the chance to visit with Peter Constantine, Tanium’s Senior Vice President Product Management.

article thumbnail

What’s NEXT with Michael Ebel at Atmosfy

Cisco Security

Throughout my career, I have noticed the way we “futurize” technology. Often, we are thinking of technology in five-to-ten-year increments. But the fact of the matter is – technology is moving faster than we can keep up. The minute we think we understand it, it’s already onto something new. That’s why here at Cisco, we’re focused on what’s NEXT. We all know technology will continue to grow at a rapid pace, our goal is to remain at the forefront of these changes.

article thumbnail

From Complexity to Clarity: Strategies for Effective Compliance and Security Measures

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

article thumbnail

Know thy enemy: thinking like a hacker can boost cybersecurity strategy

CSO Magazine

As group leader for Cyber Adversary Engagement at MITRE Corp., Maretta Morovitz sees value in getting to know the enemy – she can use knowledge about cyber adversaries to distract, trick, and deflect them and develop strategies to help keep threat actors from getting whatever they’re after. That could mean placing decoys and lures that exploit their expectations for what an attacker will find when they first hack into an environment, she says.

article thumbnail

Adapt and overcome: What the story of the Tardigrade can teach us about resilience

Cisco Security

When you think about the most resilient creatures in the animal kingdom, what comes to mind? Perhaps the camel, which can survive for 6 months with no food or water. Or maybe it’s the honey badger, which tends to drink snake venom like cranberry juice. Or how about the immortal jellyfish? This is one of the most fascinating (and oldest) creatures on Planet Earth.

Risk 139

More Trending

article thumbnail

Are Retailers Shopping for a Cybersecurity Breach?

Thales Cloud Protection & Licensing

Are Retailers Shopping for a Cybersecurity Breach? divya. Wed, 11/23/2022 - 07:07. Have you ever walked into your favorite store or restaurant, and when you tried to finalize your purchase, you were told that they could not process any credit cards? Have you ever thought that this might be the result of a successful breach and not because of a point-of sale (POS) malfunctioning?

article thumbnail

ICS cyberthreats in 2023 – what to expect

SecureList

Cybersecurity incidents were plentiful in 2022, causing many problems for industrial infrastructure owners and operators. However, luckily, we did not see any sudden or catastrophic changes in the overall threat landscape – none that were difficult to handle, despite many colorful headlines in the media. As we see it, the coming year looks to be much more complicated.

Phishing 124
article thumbnail

Cybersecurity Pros Put Mastodon Flaws Under the Microscope

Dark Reading

As the open source social media network blows up due to Twitter's troubles, researchers caution about vulnerabilities within the application.

article thumbnail

5 API Vulnerabilities That Get Exploited by Criminals

Security Affairs

Let’s give a look at API vulnerabilities by reading the API Security Top 10 published by the Open Web Application Security Project (OWASP). It’s no secret that cyber security has become a leading priority for most organizations — especially those in industries that handle sensitive customer information. And as these businesses work towards building robust security strategies, it’s vital that they account for various threat vectors and vulnerabilities.

article thumbnail

Successful Change Management with Enterprise Risk Management

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

article thumbnail

Policy trends: where are we today on regulation in cyberspace?

SecureList

This is the first edition of our policy analysis and observations of trends in the regulation of cyberspace, and cybersecurity, within the Kaspersky Security Bulletin. This year so far has been very challenging: increased tensions in international relations have had a huge impact on both cyberspace and cybersecurity. Further to this, we share below our key observations regarding the trends we believe have been the highlights of this year and have the potential to shape the future of cyberspace i

article thumbnail

Enterprises Pay $1,200 Per Employee Annually to Fight Cyberattacks Against Cloud Collab Apps

Dark Reading

Orgs are in the middle of a rapid increase in the use of new collaboration tools to serve the needs of an increasingly dispersed workforce — and they're paying a very real security price.

113
113
article thumbnail

Crimeware and financial cyberthreats in 2023

SecureList

A look back on the year 2022 and what to expect in 2023. Every year, as part of the Kaspersky Security Bulletin, we predict which major trends will be followed in the coming year by attackers, who target financial organizations. The predictions, based on our extensive experience, help individuals and businesses improve their cybersecurity and prevent the vast range of possible risks.

article thumbnail

Ransomware gang repents for spreading ransomware to AirAsia

CyberSecurity Insiders

Daixin, the Ransomware spreading group that hacked into the servers of AirAsia now seems to repent for its deeds, as it released a press statement that confirms that the victimized firm’s IT infrastructure, staff, and security are so poorly aligned that the said group of cyber criminals do not want to strike the same victim twice. What the press update means that the Malaysia’s largest air carrier is so frustrated with the way AirAsia was responding to its negotiation filled talks that it doesn’

article thumbnail

ERM Program Fundamentals for Success in the Banking Industry

Speaker: William Hord, Senior VP of Risk & Professional Services

Enterprise Risk Management (ERM) is critical for industry growth in today’s fast-paced and ever-changing risk landscape. When building your ERM program foundation, you need to answer questions like: Do we have robust board and management support? Do we understand and articulate our bank’s risk appetite and how that impacts our business units? How are we measuring and rating our risk impact, likelihood, and controls to mitigate our risk?

article thumbnail

Microsoft Azure launches DDoS IP protection for SMBs

CSO Magazine

Microsoft is extending the Azure DDoS Protection family with a new product focusing on small and medium-size businesses (SMBs). The product, DDoS IP Protection for SMBs, was announced at Microsoft's Ignite conference and is now in public preview. DDoS IP Protection for SMBs is designed to provide enterprise-grade DDoS (distributed denial of service) protection at a price that's attractive to SMBs, Microsoft said.

DDOS 110
article thumbnail

Russian Killnet targets UK Royal Family websites

CyberSecurity Insiders

Killnet, the hacking group that works for Russian interests, is targeting UK’s Royal Family websites from the past few days. The attacks are of ‘Distributed Denial of Service (DDoS)’ variant and supposedly seem to take revenge digitally. It is already known to the entire world that the UK is supplying weapons, essentials and finances to Ukraine to sustain the 2-3 years long of intense war with Kremlin.

article thumbnail

How Can College Students Avoid Identity Theft?

Identity IQ

How Can College Students Avoid Identity Theft? IdentityIQ. College students have many different things competing for their attention, from classes to school activities to an active social life. With all these demands, fighting identity theft might not seem like a pressing matter. But students are prime targets for identity theft, which can cause long-term damage to their finances and credit.

article thumbnail

UK populace should be extra cautious about Cyber Frauds in this Christmas season

CyberSecurity Insiders

UK Populace has reportedly lost £1000 last year on an average and the figure is said to double up this year, as Christmas shopping period has arrived a week before. So, security experts are urging online shoppers to be extra cautious while buying products online and not fall for cyber frauds or Ponzi schemes. National Cyber Security Centre (NCSC) has issued a playbook on how the shoppers should browse on websites and what to do and what not, while buying gifts for their near and dear ones.

Passwords 107
article thumbnail

Cover Your SaaS: How to Overcome Security Challenges and Risks For Your Organization

Speaker: Ronald Eddings, Cybersecurity Expert and Podcaster

So, you’ve accomplished an organization-wide SaaS adoption. It started slow, and now just a few team members might be responsible for running Salesforce, Slack, and a few others applications that boost productivity, but it’s all finished. Or is it? Through all the benefits offered by SaaS applications, it’s still a necessity to onboard providers as quickly as possible.

article thumbnail

Security fatigue is real: Here’s how to overcome it

We Live Security

Do your own organization’s employees take more risks with valuable data because they’ve become desensitized to security guidance? Spot the symptoms before it’s too late. The post Security fatigue is real: Here’s how to overcome it appeared first on WeLiveSecurity.

Risk 103
article thumbnail

Hackers breach energy orgs via bugs in discontinued web server

Bleeping Computer

Microsoft said today that security vulnerabilities found to impact a web server discontinued since 2005 have been used to target and compromise organizations in the energy sector. [.].

100
100
article thumbnail

For two years security experts kept secret that they were helping Zeppelin ransomware victims decrypt their files

Graham Cluley

Researchers at cybersecurity firm Unit 221B have revealed that they have been secretly helping victims of the Zeppelin ransomware decrypt their computer systems since 2020.

article thumbnail

What is the Virginia Consumer Data Protection Act?

Digital Guardian

Learn why organizations will need to implement security practices to protect sensitive data under the Virginia Consumer Data Protection Act (VCDPA), set to go into effect in 2013.

98
article thumbnail

The Power of Storytelling in Risk Management

Speaker: Dr. Karen Hardy, CEO and Chief Risk Officer of Strategic Leadership Advisors LLC

Communication is a core component of a resilient organization's risk management framework. However, risk communication involves more than just reporting information and populating dashboards, and we may be limiting our skillset. Storytelling is the ability to express ideas and convey messages to others, including stakeholders. When done effectively, it can help interpret complex risk environments for leaders and inform their decision-making.

article thumbnail

Google Blocks 231B Spam, Phishing Emails in Past 2 Weeks

Dark Reading

Google Workspace's team is seeing a spike in phishing and spam hitting Gmail — up 10% in just the last two weeks.

Phishing 126
article thumbnail

Android file manager apps infect thousands with Sharkbot malware

Bleeping Computer

A new collection of malicious Android apps posing as harmless file managers had infiltrated the official Google Play app store, infecting users with the Sharkbot banking trojan. [.].

Malware 99
article thumbnail

Qualys QSC Wrap-Up: Risk and Simplicity

Security Boulevard

For many organizations, the complexity of security and compliance is still beyond their reach. Also, striking a balance between security and people, process and technology versus the risk/reward was something that both security leaders and business leaders need to confront and deal with every day. Earlier this month in Las Vegas, Qualys held its annual.

Risk 98
article thumbnail

How Work From Home Shaped the Road to SASE for Enterprises

Dark Reading

As SASE adoption grows, with its allure of simplified protection via one network and security experience for hybrid workers, remember: Have an overall plan, integrate and migrate to scale usage, and start small.

98
article thumbnail

How Preparation and Strategy Can Be Used to Fight and Defeat Any Ransomware Attack

Speaker: Karl Camilleri, Cloud Services Product Manager at phoenixNAP

Did you know that 2021 was a record-breaking year for ransomware? The days of a “once in a while” attack against businesses and organizations are over. Cyberthreats have become a serious issue. With 495.1 million attacks, the threat marked a 148% increase compared to 2020 and was the most expensive year on record! As a result, data protection needs to be a concern for most banks, businesses, and information technology specialists.

article thumbnail

Surge of Fake FIFA World Cup Streaming Sites Targets Virtual Fans

Security Boulevard

Zscaler ThreatLabz is always on the lookout for threat actors trying to take advantage of major world news and events. The FIFA World Cup 2022 has brought with it a spike in cyber attacks targeting football fans through fake streaming sites and lottery scams, leveraging the rush and excitement around these uncommon events to infect users with malware.

Scams 98
article thumbnail

Emotet is back and delivers payloads like IcedID and Bumblebee

Security Affairs

The Emotet malware is back and experts warn of a high-volume malspam campaign delivering payloads like IcedID and Bumblebee. Proofpoint researchers warn of the return of the Emotet malware, in early November the experts observed a high-volume malspam campaign delivering payloads like IcedID and Bumblebee. The Emotet banking trojan has been active at least since 2014, the botnet is operated by a threat actor tracked as TA542.

Malware 98
article thumbnail

How to hack an unpatched Exchange server with rogue PowerShell code

Naked Security

Review your servers, your patches and your authentication policies - there's a proof-of-concept out.

Hacking 131
article thumbnail

DraftKings Account Takeovers Frame Sports-Betting Cybersecurity Dilemma

Dark Reading

Cybercrooks have drained DraftKings accounts of $300K in the past few days thanks to credential stuffing, just as the 2022 FIFA World Cup starts up.

article thumbnail

Everything You Need to Know About Crypto

Speaker: Ryan McInerny, CAMS, FRM, MSBA - Principal, Product Strategy

Cryptocurrency and non-fungible tokens (NFTs) - what are they and why should you care? With 20% of Americans owning cryptocurrencies, speaking "fluent crypto" in the financial sector ensures you are prepared to discuss growth and risk management strategies when the topic arises. Join this exclusive webinar with Ryan McInerny to learn: Cryptocurrency asset market trends How to manage risk and compliance to serve customers safely Best practices for identifying crypto transactions and companies Rev