Tue.Nov 22, 2022

article thumbnail

Appleā€™s Device Analytics Can Identify iCloud Users

Schneier on Security

Researchers claim that supposedly anonymous device analytics information can identify users: On Twitter , security researchers Tommy Mysk and Talal Haj Bakry have found that Apple’s device analytics data includes an iCloud account and can be linked directly to a specific user, including their name, date of birth, email, and associated information stored on iCloud.

article thumbnail

FIRESIDE CHAT: Anchoring security on granular visibility, proactive management of all endpoints

The Last Watchdog

Endpoints are where all are the connectivity action is. Related: Ransomware bombardments. And securing endpoints has once more become mission critical. This was the focal point of presentations at Taniumā€™s Converge 2022 conference which I had the privilege to attend last week at the Fairmont Austin in the Texas capital. I had the chance to visit with Peter Constantine, Taniumā€™s Senior Vice President Product Management.

Internet 203
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Know thy enemy: thinking like a hacker can boost cybersecurity strategy

CSO Magazine

As group leader for Cyber Adversary Engagement at MITRE Corp., Maretta Morovitz sees value in getting to know the enemy ā€“ she can use knowledge about cyber adversaries to distract, trick, and deflect them and develop strategies to help keep threat actors from getting whatever theyā€™re after. That could mean placing decoys and lures that exploit their expectations for what an attacker will find when they first hack into an environment, she says.

article thumbnail

Ouch! Ransomware gang says it wonā€™t attack AirAsia again due to the ā€œchaotic organisationā€ and sloppy security of hacked companyā€™s network

Graham Cluley

The Daixin ransomware gang has given a humiliating slap in the face to Air Asia, which lost the personal data of five million passengers and all of its employees earlier this month.

article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeperā€™s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Whatā€™s NEXT with Michael Ebel at Atmosfy

Cisco Security

Throughout my career, I have noticed the way we ā€œfuturizeā€ technology. Often, we are thinking of technology in five-to-ten-year increments. But the fact of the matter is ā€“ technology is moving faster than we can keep up. The minute we think we understand it, itā€™s already onto something new. Thatā€™s why here at Cisco, weā€™re focused on whatā€™s NEXT. We all know technology will continue to grow at a rapid pace, our goal is to remain at the forefront of these changes.

article thumbnail

5 API Vulnerabilities That Get Exploited by Criminals

Security Affairs

Let’s give a look at API vulnerabilities by reading the API Security Top 10 published by the Open Web Application Security Project (OWASP). Itā€™s no secret that cyber security has become a leading priority for most organizations ā€” especially those in industries that handle sensitive customer information. And as these businesses work towards building robust security strategies, itā€™s vital that they account for various threat vectors and vulnerabilities.

More Trending

article thumbnail

How to hack an unpatched Exchange server with rogue PowerShell code

Naked Security

Review your servers, your patches and your authentication policies - there's a proof-of-concept out.

Hacking 131
article thumbnail

Cybersecurity Pros Put Mastodon Flaws Under the Microscope

Dark Reading

As the open source social media network blows up due to Twitter's troubles, researchers caution about vulnerabilities within the application.

Media 127
article thumbnail

Are Retailers Shopping for a Cybersecurity Breach?

Thales Cloud Protection & Licensing

Are Retailers Shopping for a Cybersecurity Breach? divya. Wed, 11/23/2022 - 07:07. Have you ever walked into your favorite store or restaurant, and when you tried to finalize your purchase, you were told that they could not process any credit cards? Have you ever thought that this might be the result of a successful breach and not because of a point-of sale (POS) malfunctioning?

Retail 127
article thumbnail

Adapt and overcome: What the story of the Tardigrade can teach us about resilience

Cisco Security

When you think about the most resilient creatures in the animal kingdom, what comes to mind? Perhaps the camel, which can survive for 6 months with no food or water. Or maybe itā€™s the honey badger, which tends to drink snake venom like cranberry juice. Or how about the immortal jellyfish? This is one of the most fascinating (and oldest) creatures on Planet Earth.

Risk 123
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, youā€™ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Policy trends: where are we today on regulation in cyberspace?

SecureList

This is the first edition of our policy analysis and observations of trends in the regulation of cyberspace, and cybersecurity, within the Kaspersky Security Bulletin. This year so far has been very challenging: increased tensions in international relations have had a huge impact on both cyberspace and cybersecurity. Further to this, we share below our key observations regarding the trends we believe have been the highlights of this year and have the potential to shape the future of cyberspace i

article thumbnail

Security fatigue is real: Hereā€™s how to overcome it

We Live Security

Do your own organizationā€™s employees take more risks with valuable data because theyā€™ve become desensitized to security guidance? Spot the symptoms before itā€™s too late. The post Security fatigue is real: Hereā€™s how to overcome it appeared first on WeLiveSecurity.

Risk 119
article thumbnail

Researcher warns that Cisco Secure Email Gateways can easily be circumvented

Security Affairs

A researcher revealed how to bypass some of the filters in Cisco Secure Email Gateway appliance and deliver malware using specially crafted emails. An anonymous researcher publicly disclosed a series of techniques to bypass some of the filters in Cisco Secure Email Gateway appliance and deliver malware using specially crafted emails. The researcher pointed out that the attack complexity is low, it also added that working exploits have already been published by a third party.

article thumbnail

Google Blocks 231B Spam, Phishing Emails in Past 2 Weeks

Dark Reading

Google Workspace's team is seeing a spike in phishing and spam hitting Gmail ā€” up 10% in just the last two weeks.

Phishing 115
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out whatā€™s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Ransomware gang repents for spreading ransomware to AirAsia

CyberSecurity Insiders

Daixin, the Ransomware spreading group that hacked into the servers of AirAsia now seems to repent for its deeds, as it released a press statement that confirms that the victimized firmā€™s IT infrastructure, staff, and security are so poorly aligned that the said group of cyber criminals do not want to strike the same victim twice. What the press update means that the Malaysiaā€™s largest air carrier is so frustrated with the way AirAsia was responding to its negotiation filled talks that it doesnā€™

article thumbnail

Microsoft Azure launches DDoS IP protection for SMBs

CSO Magazine

Microsoft is extending the Azure DDoS Protection family with a new product focusing on small and medium-size businesses (SMBs). The product, DDoS IP Protection for SMBs, was announced at Microsoft's Ignite conference and is now in public preview. DDoS IP Protection for SMBs is designed to provide enterprise-grade DDoS (distributed denial of service) protection at a price that's attractive to SMBs, Microsoft said.

DDOS 110
article thumbnail

Russian Killnet targets UK Royal Family websites

CyberSecurity Insiders

Killnet, the hacking group that works for Russian interests, is targeting UKā€™s Royal Family websites from the past few days. The attacks are of ā€˜Distributed Denial of Service (DDoS)ā€™ variant and supposedly seem to take revenge digitally. It is already known to the entire world that the UK is supplying weapons, essentials and finances to Ukraine to sustain the 2-3 years long of intense war with Kremlin.

DDOS 110
article thumbnail

For two years security experts kept secret that they were helping Zeppelin ransomware victims decrypt their files

Graham Cluley

Researchers at cybersecurity firm Unit 221B have revealed that they have been secretly helping victims of the Zeppelin ransomware decrypt their computer systems since 2020.

article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

UK populace should be extra cautious about Cyber Frauds in this Christmas season

CyberSecurity Insiders

UK Populace has reportedly lost Ā£1000 last year on an average and the figure is said to double up this year, as Christmas shopping period has arrived a week before. So, security experts are urging online shoppers to be extra cautious while buying products online and not fall for cyber frauds or Ponzi schemes. National Cyber Security Centre (NCSC) has issued a playbook on how the shoppers should browse on websites and what to do and what not, while buying gifts for their near and dear ones.

Passwords 107
article thumbnail

Crimeware and financial cyberthreats in 2023

SecureList

A look back on the year 2022 and what to expect in 2023. Every year, as part of the Kaspersky Security Bulletin, we predict which major trends will be followed in the coming year by attackers, who target financial organizations. The predictions, based on our extensive experience, help individuals and businesses improve their cybersecurity and prevent the vast range of possible risks.

article thumbnail

How Can College Students Avoid Identity Theft?

Identity IQ

How Can College Students Avoid Identity Theft? IdentityIQ. College students have many different things competing for their attention, from classes to school activities to an active social life. With all these demands, fighting identity theft might not seem like a pressing matter. But students are prime targets for identity theft, which can cause long-term damage to their finances and credit.

article thumbnail

Emotet is back and delivers payloads like IcedID and Bumblebee

Security Affairs

The Emotet malware is back and experts warn of a high-volume malspam campaign delivering payloads like IcedID and Bumblebee. Proofpoint researchers warn of the return of the Emotet malware, in early November the experts observed a high-volume malspam campaign delivering payloads like IcedID and Bumblebee. The Emotet banking trojan has been active at least since 2014, the botnet is operated by a threat actor tracked as TA542.

Malware 104
article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

article thumbnail

Nighthawk Likely to Become Hackers' New Post-Exploitation Tool After Cobalt Strike

The Hacker News

A nascent and legitimate penetration testing framework known as Nighthawk is likely to gain threat actors' attention for its Cobalt Strike-like capabilities. Enterprise security firm Proofpoint said it detected the use of the software in mid-September 2022 with a number of test emails sent using generic subject lines such as "Just checking in" and "Hope this works2.

article thumbnail

Aurora Stealer Malware is becoming a prominent threat in the cybercrime ecosystem

Security Affairs

Researchers warn of threat actors employing a new Go-based malware dubbed Aurora Stealer in attacks in the wild. Aurora Stealer is an info-stealing malware that was first advertised on Russian-speaking underground forums in April 2022. Aurora was offered as Malware-as-a-Service (MaaS) by a threat actor known as Cheshire. It is a multi-purpose botnet with data stealing and remote access capabilities.

article thumbnail

Qualys QSC Wrap-Up: Risk and Simplicity

Security Boulevard

For many organizations, the complexity of security and compliance is still beyond their reach. Also, striking a balance between security and people, process and technology versus the risk/reward was something that both security leaders and business leaders need to confront and deal with every day. Earlier this month in Las Vegas, Qualys held its annual.

Risk 98
article thumbnail

Two Estonian citizens arrested in $575M cryptocurrency fraud scheme

Security Affairs

Two Estonian citizens were arrested in Tallinn for allegedly running a $575 million cryptocurrency fraud scheme. Two Estonian nationals were arrested in Tallinn, Estonia, after being indicted in the US for running a fraudulent cryptocurrency Ponzi scheme that caused more than $575 million in losses. According to the indictment, Sergei Potapenko and Ivan TurƵgin, both 37, allegedly defrauded hundreds of thousands of victims through a crypto Ponzi scheme.

article thumbnail

Introducing CDEs to Your Enterprise

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

article thumbnail

Surge of Fake FIFA World Cup Streaming Sites Targets Virtual Fans

Security Boulevard

Zscaler ThreatLabz is always on the lookout for threat actors trying to take advantage of major world news and events. The FIFA World Cup 2022 has brought with it a spike in cyber attacks targeting football fans through fake streaming sites and lottery scams, leveraging the rush and excitement around these uncommon events to infect users with malware.

Scams 98
article thumbnail

What is the Virginia Consumer Data Protection Act?

Digital Guardian

Learn why organizations will need to implement security practices to protect sensitive data under the Virginia Consumer Data Protection Act (VCDPA), set to go into effect in 2013.

98
article thumbnail

Windows Subsystem for Linux generally available via Microsoft Store

Bleeping Computer

Microsoft announced today that the Store version of Windows Subsystem for Linux (WSL) is generally available for Windows 10 and 11 customers. [.].

98
article thumbnail

The US Has a Bomb-Sniffing Dog Shortage

WIRED Threat Level

Finding high-quality detection canines is hard enoughā€”and the pandemic only dug a deeper hole.

97
article thumbnail

IT Leadership Agrees AI is Here, but Now What?

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.