Krebs on Security
MARCH 20, 2023
A new breach involving data from nine million AT&T customers is a fresh reminder that your mobile provider likely collects and shares a great deal of information about where you go and what you do with your mobile device — unless and until you affirmatively opt out of this data collection. Here’s a primer on why you might want to do that, and how.
The Last Watchdog
MARCH 20, 2023
One common misconception is that scammers usually possess a strong command of computer science and IT knowledge. Related: How Google, Facebook enable snooping In fact, a majority of scams occur through social engineering. The rise of social media has added to the many user-friendly digital tools scammers, sextortionists, and hackers can leverage in order to manipulate their victims.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Tech Republic Security
MARCH 20, 2023
Learn how this cryptocurrency campaign operates and its scope. Then, get tips on protecting vulnerable Kubernetes instances from this cybersecurity threat. The post First Dero cryptojacking campaign targets unprotected Kubernetes instances appeared first on TechRepublic.
Daniel Miessler
MARCH 20, 2023
I want to call out our community for a second on AI. And this applies to me as well because I have many of the same feelings. I feel there are too many in the security community who believe that AI is a minefield, and that it’s our job to warn people not to walk into it. I think our job is quite different. It’s not that people are considering walking into this minefield.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Tech Republic Security
MARCH 20, 2023
A look at 4th quarter 2022, data suggests that new threat surfaces notwithstanding, low-code cybersecurity business email compromises including phishing, as well as MFA bombing are still the prevalent exploits favored by threat actors. The post BECs double in 2022, overtaking ransomware appeared first on TechRepublic.
CSO Magazine
MARCH 20, 2023
The emergence of effective natural language processing tools such as ChatGPT means it's time to begin understanding how to harden against AI-enabled cyberattacks. The natural language generation capabilities of large language models (LLMs) are a natural fit for one of cybercrime’s most important attack vectors: phishing. Phishing relies on fooling people and the ability to generate effective language and other content at scale is a major tool in the hacker’s kit.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
CyberSecurity Insiders
MARCH 20, 2023
Google’s dedicated team of cybersecurity researchers from ‘Project Zero’ have found a flaw in Samsung Exynos Modems that can give unauthorized data access to hackers, without the knowledge of users. And it’s discovered that the vulnerability allows a cyber criminal to compromise a smart phone at the Internet-to-baseband remote code execution level, giving access to sensitive data such as contacts, messages and even photos.
Security Boulevard
MARCH 20, 2023
Human error can be found at the root of the vast majority of cybersecurity breaches. According to Verizon’s 2022 Data Breach Investigations Report, 82% of global cybersecurity incidents included some level of human involvement. Security cannot only be the mandate of information security teams. Every member of an organization must take responsibility for good security.
CyberSecurity Insiders
MARCH 20, 2023
The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. News broke in early February that the ACN, Italy’s National Cybersecurity Agency, issued a warning regarding a VMware vulnerability discovered two years ago.
CSO Magazine
MARCH 20, 2023
Last week, the US Cybersecurity and Infrastructure Security Agency (CISA) announced the launch of the Ransomware Vulnerability Warning Pilot (RVWP) program to "proactively identify information systems that contain security vulnerabilities commonly associated with ransomware attacks." Once the program identifies vulnerable systems, regional CISA personnel will notify them so they can mitigate the flaws before attackers can cause too much damage.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
CyberSecurity Insiders
MARCH 20, 2023
Ferrari, the luxury car maker has made an official announcement that some of its systems were operating under control of hackers, resulting in a data breach. The company immediately pulled down the compromised servers from the corporate computer network and began remediation efforts. The Italian car maker has begun to send email notifications to its customers and mentioned in it that the hackers might have gained access to information such as names, addresses, email contacts and telephone number
We Live Security
MARCH 20, 2023
Twitter’s ditching of free text-message authentication doesn’t mean that you should forgo using 2FA. Instead, switch to another – and, indeed, better – 2FA option.
Bleeping Computer
MARCH 20, 2023
Leading Bitcoin ATM maker General Bytes disclosed that hackers stole cryptocurrency from the company and its customers using a zero-day vulnerability in its BATM management platform. [.
Security Boulevard
MARCH 20, 2023
The digital enterprise's perfect partners: Why IGA and GRC need to work togetherBusiness processes are increasingly dependent on IT systems to support their execution. This dependence amplifies the risks stemming from the lack of segregation of duties (SoD) analysis when granting users system access. And because SoD risks are notoriously problematic, […] The post The digital enterprise’s perfect partners: IGA and GRC appeared first on SafePaaS.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Bleeping Computer
MARCH 20, 2023
Windows 11 users report seeing widespread Windows Security warnings that Local Security Authority (LSA) Protection has been disabled even though it shows as being toggled on. [.
Security Boulevard
MARCH 20, 2023
The future of internet connectivity could diverge into two very different outcomes—aggressive monopolization by a few providers or a more diverse landscape that fosters innovation. The latter possibility is the better outcome, but it will require improved security to ensure that every entity can connect to each other safely. And one key to making this.
Trend Micro
MARCH 20, 2023
We break down the basic information of CVE-2023-23397, the zero-day, zero-touch vulnerability that was rated 9.8 on the Common Vulnerability Scoring System (CVSS) scale.
CyberSecurity Insiders
MARCH 20, 2023
By John E. Dunn Phishing attacks depend on creating huge numbers of lookalike ‘confusable’ domains. A new report has highlighted the most prevalent examples and suggested a way to detect phishing domains before they are used in anger. Ever since phishing attacks gathered steam two decades ago, the ability of criminals to create ‘confusable’ or typosquatting domains that look plausibly similar to real ones has been a thorn in everyone’s side.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Bleeping Computer
MARCH 20, 2023
File-sharing site Zippyshare has announced they are shutting down the site by the end of March 2023 after announcing they can no longer afford to keep the service running. [.
CSO Magazine
MARCH 20, 2023
Ransomware group BianLian has shifted the main focus of its attacks away from encrypting the files of its victims to focusing more on extortion as a means to extract payments from victims, according to cybersecurity firm Redacted. The shift in the operating model comes as a result of Avast’s release of a decryption tool that allowed a victim of the BianLian ransomware gang to decrypt and recover their files without paying any ransom.
Security Boulevard
MARCH 20, 2023
Learn how to articulate the value of your cybersecurity strategy while mitigating bad bots The job of a Chief Information Security Officer (CISO) sometimes feels like a zero-sum game. From ensuring the health and security of an enterprise’s network and systems, to advocating for more resources and navigating heavily matrixed, global structures, there are a […] The post CISO’s Guide to the ROI of Cybersecurity appeared first on Security Boulevard.
CyberSecurity Insiders
MARCH 20, 2023
This month, we asked women in the (ISC)² Blog Volunteers group to weigh in on a few questions from their perspective as a female working in cybersecurity. While t heir experience s in the industry ha ve varied, th is group unanimously responded that they currently receive equal pay to their male counterparts. T he se volunteers also feel that they receive the same opportunities for promotion and growth as the males on their teams.
Advertisement
The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.
The Hacker News
MARCH 20, 2023
Bitcoin ATM maker General Bytes disclosed that unidentified threat actors stole cryptocurrency from hot wallets by exploiting a zero-day security flaw in its software.
Malwarebytes
MARCH 20, 2023
Google’s Project Zero is warning of multiple significant vulnerabilities found across many models of mobile devices including Samsung Galaxy, Google Pixel, Vivo, and several forms of wearable and vehicles using certain types of components. Between late 2022 and early 2023, Project Zero reported 18 vulnerabilities in a chip powering those devices.
Security Boulevard
MARCH 20, 2023
It isn’t easy to imagine the process that brings all our things into being. Just think about the journey your computer made from parts in a The post Industry 4.0 vs. Smart Factory: What Will the Future Look Like? appeared first on FirstPoint. The post Industry 4.0 vs. Smart Factory: What Will the Future Look Like? appeared first on Security Boulevard.
The Hacker News
MARCH 20, 2023
A new piece of malware dubbed dotRunpeX is being used to distribute numerous known malware families such as Agent Tesla, Ave Maria, BitRAT, FormBook, LokiBot, NetWire, Raccoon Stealer, RedLine Stealer, Remcos, Rhadamanthys, and Vidar. "DotRunpeX is a new injector written in.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Naked Security
MARCH 20, 2023
As the misquote goes, "Once is misfortune." This is the second time, and you know what Lady Bracknell had to say about that.
Dark Reading
MARCH 20, 2023
There are a number of solutions that can help ensure security and compliance mandates are met in the cloud, but organizations should prioritize integration and policy-based management.
Bleeping Computer
MARCH 20, 2023
An 'Acropalypse' flaw in Google Pixel's Markup tool made it possible to partially recover edited or redacted screenshots and images, including those that have been cropped or had their contents masked, for the past five years. [.
Dark Reading
MARCH 20, 2023
Users of affected devices that want to mitigate risk from the security issues in the Exynos chipsets can turn off Wi-Fi and Voice-over-LTE settings, researchers from Google's Project Zero say.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Expert insights. Personalized for you.
275 
Let's personalize your content