Krebs on Security
MARCH 20, 2023
A new breach involving data from nine million AT&T customers is a fresh reminder that your mobile provider likely collects and shares a great deal of information about where you go and what you do with your mobile device — unless and until you affirmatively opt out of this data collection. Here’s a primer on why you might want to do that, and how.
The Last Watchdog
MARCH 20, 2023
One common misconception is that scammers usually possess a strong command of computer science and IT knowledge. Related: How Google, Facebook enable snooping In fact, a majority of scams occur through social engineering. The rise of social media has added to the many user-friendly digital tools scammers, sextortionists, and hackers can leverage in order to manipulate their victims.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Tech Republic Security
MARCH 20, 2023
Learn how this cryptocurrency campaign operates and its scope. Then, get tips on protecting vulnerable Kubernetes instances from this cybersecurity threat. The post First Dero cryptojacking campaign targets unprotected Kubernetes instances appeared first on TechRepublic.
CSO Magazine
MARCH 20, 2023
The emergence of effective natural language processing tools such as ChatGPT means it's time to begin understanding how to harden against AI-enabled cyberattacks. The natural language generation capabilities of large language models (LLMs) are a natural fit for one of cybercrime’s most important attack vectors: phishing. Phishing relies on fooling people and the ability to generate effective language and other content at scale is a major tool in the hacker’s kit.
Speaker: Erroll Amacker
Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.
Tech Republic Security
MARCH 20, 2023
A look at 4th quarter 2022, data suggests that new threat surfaces notwithstanding, low-code cybersecurity business email compromises including phishing, as well as MFA bombing are still the prevalent exploits favored by threat actors. The post BECs double in 2022, overtaking ransomware appeared first on TechRepublic.
Daniel Miessler
MARCH 20, 2023
I want to call out our community for a second on AI. And this applies to me as well because I have many of the same feelings. I feel there are too many in the security community who believe that AI is a minefield, and that it’s our job to warn people not to walk into it. I think our job is quite different. It’s not that people are considering walking into this minefield.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
|
CyberSecurity Insiders
MARCH 20, 2023
Google’s dedicated team of cybersecurity researchers from ‘Project Zero’ have found a flaw in Samsung Exynos Modems that can give unauthorized data access to hackers, without the knowledge of users. And it’s discovered that the vulnerability allows a cyber criminal to compromise a smart phone at the Internet-to-baseband remote code execution level, giving access to sensitive data such as contacts, messages and even photos.
We Live Security
MARCH 20, 2023
Twitter’s ditching of free text-message authentication doesn’t mean that you should forgo using 2FA. Instead, switch to another – and, indeed, better – 2FA option.
CyberSecurity Insiders
MARCH 20, 2023
Ferrari, the luxury car maker has made an official announcement that some of its systems were operating under control of hackers, resulting in a data breach. The company immediately pulled down the compromised servers from the corporate computer network and began remediation efforts. The Italian car maker has begun to send email notifications to its customers and mentioned in it that the hackers might have gained access to information such as names, addresses, email contacts and telephone number
Security Boulevard
MARCH 20, 2023
Human error can be found at the root of the vast majority of cybersecurity breaches. According to Verizon’s 2022 Data Breach Investigations Report, 82% of global cybersecurity incidents included some level of human involvement. Security cannot only be the mandate of information security teams. Every member of an organization must take responsibility for good security.
Advertisement
Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.
CSO Magazine
MARCH 20, 2023
Last week, the US Cybersecurity and Infrastructure Security Agency (CISA) announced the launch of the Ransomware Vulnerability Warning Pilot (RVWP) program to "proactively identify information systems that contain security vulnerabilities commonly associated with ransomware attacks." Once the program identifies vulnerable systems, regional CISA personnel will notify them so they can mitigate the flaws before attackers can cause too much damage.
Naked Security
MARCH 20, 2023
As the misquote goes, "Once is misfortune." This is the second time, and you know what Lady Bracknell had to say about that.
Bleeping Computer
MARCH 20, 2023
Leading Bitcoin ATM maker General Bytes disclosed that hackers stole cryptocurrency from the company and its customers using a zero-day vulnerability in its BATM management platform. [.
Security Boulevard
MARCH 20, 2023
The digital enterprise's perfect partners: Why IGA and GRC need to work togetherBusiness processes are increasingly dependent on IT systems to support their execution. This dependence amplifies the risks stemming from the lack of segregation of duties (SoD) analysis when granting users system access. And because SoD risks are notoriously problematic, […] The post The digital enterprise’s perfect partners: IGA and GRC appeared first on SafePaaS.
Advertisement
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
Heimadal Security
MARCH 20, 2023
A cancer patient whose naked medical photos and records were stolen by a ransomware gang and posted online has sued her healthcare provider for allowing the “preventable” and “seriously damaging” data leak. The proposed class-action lawsuit stems from a February intrusion in which ransomware crew BlackCat (also known as ALPHV) broke into one of the […] The post A Cancer Patient’s Fight for Justice Against a Hospital Ransomware Attack appeared first on Heimdal
Trend Micro
MARCH 20, 2023
We break down the basic information of CVE-2023-23397, the zero-day, zero-touch vulnerability that was rated 9.8 on the Common Vulnerability Scoring System (CVSS) scale.
SecureWorld News
MARCH 20, 2023
A U.S. federal agency fell victim to a cyberattack last year after threat actors exploited a critical vulnerability in the Progress Telerik UI for ASP.NET AJAX component. The attackers used the CVE-2019-18935 bug to access the agency's Microsoft Internet Information Services (IIS) web server. According to a joint advisory issued by the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Multi-State Information Sharing and Analysis Cent
The Hacker News
MARCH 20, 2023
Bitcoin ATM maker General Bytes disclosed that unidentified threat actors stole cryptocurrency from hot wallets by exploiting a zero-day security flaw in its software.
Speaker: Sierre Lindgren
Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.
Security Boulevard
MARCH 20, 2023
The future of internet connectivity could diverge into two very different outcomes—aggressive monopolization by a few providers or a more diverse landscape that fosters innovation. The latter possibility is the better outcome, but it will require improved security to ensure that every entity can connect to each other safely. And one key to making this.
Dark Reading
MARCH 20, 2023
The basketball playoffs are around the corner and convincing social-engineering attacks on fans using NBA-themed lures could be too.
Bleeping Computer
MARCH 20, 2023
File-sharing site Zippyshare has announced they are shutting down the site by the end of March 2023 after announcing they can no longer afford to keep the service running. [.
The Hacker News
MARCH 20, 2023
A new piece of malware dubbed dotRunpeX is being used to distribute numerous known malware families such as Agent Tesla, Ave Maria, BitRAT, FormBook, LokiBot, NetWire, Raccoon Stealer, RedLine Stealer, Remcos, Rhadamanthys, and Vidar. "DotRunpeX is a new injector written in.
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
CSO Magazine
MARCH 20, 2023
Ransomware group BianLian has shifted the main focus of its attacks away from encrypting the files of its victims to focusing more on extortion as a means to extract payments from victims, according to cybersecurity firm Redacted. The shift in the operating model comes as a result of Avast’s release of a decryption tool that allowed a victim of the BianLian ransomware gang to decrypt and recover their files without paying any ransom.
Security Affairs
MARCH 20, 2023
The Acropalypse flaw in the Markup tool of Google Pixel allowed the partial recovery of edited or redacted screenshots and images. Security researchers Simon Aarons and David Buchanan have discovered a vulnerability, named ‘Acropalypse,’ in the Markup tool of Google Pixel. The Markup tool is a built-in Markup utility, released with Android 9 Pie that allows Google Pixel users to edit (crop, add text, draw, and highlight) screenshots.
Security Boulevard
MARCH 20, 2023
Microsoft Dynamics 365 is a Cloud-based business application platform that combines Enterprise Resource Planning (ERP) and Customer Relationship Management (CRM) functionality into a single integrated solution. It is designed to help businesses of all sizes and industries manage their operations, finances, sales, and customer service more efficiently and effectively.
Security Affairs
MARCH 20, 2023
The infamous Emotet malware is back after a short hiatus, threat actors are spreading it via Microsoft OneNote email attachments. The Emotet malware returns after a three-month hiatus and threat actors are distributing it via Microsoft OneNote email attachments to avoid detection. The Emotet banking trojan has been active at least since 2014, the botnet is operated by a threat actor tracked as TA542.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Malwarebytes
MARCH 20, 2023
Google’s Project Zero is warning of multiple significant vulnerabilities found across many models of mobile devices including Samsung Galaxy, Google Pixel, Vivo, and several forms of wearable and vehicles using certain types of components. Between late 2022 and early 2023, Project Zero reported 18 vulnerabilities in a chip powering those devices.
Security Boulevard
MARCH 20, 2023
Learn how to articulate the value of your cybersecurity strategy while mitigating bad bots The job of a Chief Information Security Officer (CISO) sometimes feels like a zero-sum game. From ensuring the health and security of an enterprise’s network and systems, to advocating for more resources and navigating heavily matrixed, global structures, there are a […] The post CISO’s Guide to the ROI of Cybersecurity appeared first on Security Boulevard.
Security Affairs
MARCH 20, 2023
Threat actors are abusing the legitimate Adobe Acrobat Sign service to distribute the RedLine information stealer. Avast researchers reported that threat actors are abusing the legitimate Adobe Acrobat Sign service to distribute the RedLine information stealer. Adobe Acrobat Sign allows registered users to sign documents online and send a document signature request to anyone.
Heimadal Security
MARCH 20, 2023
Emotet malware returns after three months break and uses Microsoft OneNote attachments to avoid macro-based security restrictions. Threat actors initially tried to use Word and Excel docs for deploying the malware. But since Microsoft currently blocks macros by default for that kind of file, only a few people risked infection. So, hackers switched to using […] The post Emotet Malware Spreads Out Through Malicious Microsoft OneNote Attachments appeared first on Heimdal Security Blog.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Expert insights. Personalized for you.
314 
Let's personalize your content