Schneier on Security

JUNE 12, 2023

New research suggests that AIs can produce perfectly secure steganographic images: Abstract: Steganography is the practice of encoding secret information into innocuous content in such a manner that an adversarial third party would not realize that there is hidden meaning. While this problem has classically been studied in security literature, recent advances in generative models have led to a shared interest among security and machine learning researchers in developing scalable steganography te

Artificial Intelligence 355

Artificial Intelligence Encryption 355

The Last Watchdog

JUNE 12, 2023

Information privacy and information security are two different things. Related: Tapping hidden pools of security talent Information privacy is the ability to control who (or what) can view or access information that is collected about you or your customers. Privacy controls allow you to say who or what can access a database of customer data or employee data.

Information Security 202

Information Security Data breaches CISO Encryption 202

Tech Republic Security

JUNE 12, 2023

Google’s ChromeOS is not just for Chromebooks. Thomas Riedl, the Google unit’s head of enterprise, sees big growth opportunities for the OS where security and versatility matter most. The post Google’s ChromeOS aims for enterprise with security and compatibility appeared first on TechRepublic.

167

167

The Last Watchdog

JUNE 12, 2023

The cybersecurity community is waiting for the next shoe to drop in the wake of the audacious MOVEit-Zellis hack orchestrated by the infamous Russian hacking collective, Clop. Related: SolarWinds-style supply chain attacks on the rise Clop operatives went live last week with an unusual ultimatum — written in broken English and posted in a Dark Web forum — giving the victimized organizations a June 14 th deadline to make direct contact with them under threat of having sensitive stol

Hacking 193

Hacking Risk Cyber threats Cybercrime 193

Speaker: Erroll Amacker

Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.

Risk

WIRED Threat Level

JUNE 12, 2023

A newly declassified report from the Office of the Director of National Intelligence reveals that the federal government is buying troves of data about Americans.

Government 145

Government 145

The Hacker News

JUNE 12, 2023

A fully undetectable (FUD) malware obfuscation engine named BatCloak is being used to deploy various malware strains since September 2022, while persistently evading antivirus detection. The samples grant "threat actors the ability to load numerous malware families and exploits with ease through highly obfuscated batch files," Trend Micro researchers said.

Engineering 145

Engineering Malware Antivirus 145

Duo's Security Blog

JUNE 12, 2023

Before we can discuss passkeys, we need to lay some groundwork and discuss authentication, Passwordless and WebAuthn. What is authentication? Authentication is the process of verifying your online identity. This ensures the right people get access to the right online resources. It also prevents bad actors from doing bad things to your company, including: Stealing (exfiltrating) important data, like user social security numbers Installing malware and holding intellectual property (like software c

Authentication 135

Authentication Passwords Password Management Phishing 135

Dark Reading

JUNE 12, 2023

The attack highlights growing interest among threat actors to target data from software-as-a-service providers.

Ransomware 131

Ransomware Software 131

Bleeping Computer

JUNE 12, 2023

Fortinet says a critical FortiOS SSL VPN vulnerability that was patched last week "may have been exploited" in attacks impacting government, manufacturing, and critical infrastructure organizations. [.

VPN 127

VPN Manufacturing Government 127

CSO Magazine

JUNE 12, 2023

In a campaign that exploits the relationships between different organizations, attackers managed to chain business email compromise (BEC) against four or more organizations jumping from one breached organization to the next by leveraging the relationships between them. The attack , which Microsoft researchers call multi-stage adversary-in-the-middle (AiTM) phishing, started with a compromise at a trusted vendor and targeted organizations from the banking and financial services sectors.

Scams 123

Scams Financial Services Banking Phishing 123

Advertisement

Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.

Cyber threats

Bleeping Computer

JUNE 12, 2023

Microsoft revealed in an update to the Azure status page that the preliminary root cause behind an outage that impacted the Azure Portal worldwide on Friday was what it described as a traffic "spike." [.

122

122

Graham Cluley

JUNE 12, 2023

More than ten years after the hack of the now-defunct Mt. Gox cryptocurrency exchange, the US Department of Justice says it has identified and charged two men it alleges stole customers' funds and the exchange's private keys. Read more in my article on the Tripwire State of Security blog.

Cryptocurrency 121

Cryptocurrency Hacking 121

Dark Reading

JUNE 12, 2023

Time and money are valuable and finite, but some actions are well worth spending those resources on.

121

121

CSO Magazine

JUNE 12, 2023

BlackBerry CISO Arvind Raman looks beyond job titles when he has open positions to fill and instead focuses on the key skills required to do the work. That mindset allows Raman to readily identify and recruit qualified professionals from outside the security field, instead of simply seeking candidates working their way up the typical chain of security roles.

CISO 120

CISO Marketing Cybersecurity Risk 120

Advertisement

The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.

Cybersecurity

SecureList

JUNE 12, 2023

Introduction Stealing cryptocurrencies is nothing new. For example, the Mt. Gox exchange was robbed of many bitcoins back in the beginning of 2010s. Attackers such as those behind the Coinvault ransomware were after your Bitcoin wallets , too. Since then, stealing cryptocurrencies has continued to occupy cybercriminals. One of the latest additions to this phenomenon is the multi-stage DoubleFinger loader delivering a cryptocurrency stealer.

Cryptocurrency 120

Cryptocurrency Encryption Malware Ransomware 120

Dark Reading

JUNE 12, 2023

The group appears to be targeting victims based on their proximity and involvement to and within pro-Ukraine organizations.

Healthcare 116

Healthcare 116

Security Boulevard

JUNE 12, 2023

An analysis of cyberattacks published by the Unit 42 research arm of Palo Alto Networks found a significant increase in attempts to mimic generative artificial intelligence (AI) sites on the web using typosquatting techniques. Cybercriminals are attempting to take advantage of the popularity of platforms like ChatGPT to distribute malware to end users that are.

Artificial Intelligence 115

Artificial Intelligence Malware IoT Cybersecurity 115

Bleeping Computer

JUNE 12, 2023

The Swiss government has disclosed that a recent ransomware attack on an IT supplier might have impacted its data, while today, it warns that it is now targeted in DDoS attacks. [.

DDOS 108

DDOS Government Ransomware 108

Speaker: Sierre Lindgren

Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.

Scams

Security Boulevard

JUNE 12, 2023

SaaS is driving the journey to digital transformation, with cloud application services dominating end-user spending. And by the end of 2023, Gartner predicts that spending for SaaS will top $195 billion. But while SaaS applications create efficiencies and boost productivity — especially for remote teams — the rapid growth of SaaS also brings with it.

Risk 114

Risk Digital transformation Software Government 114

CyberSecurity Insiders

JUNE 12, 2023

I. Introduction AI’s transformative power is reshaping business operations across numerous industries. Through Robotic Process Automation (RPA), AI is liberating human resources from the shackles of repetitive, rule-based tasks and directing their focus towards strategic, complex operations. Furthermore, AI and machine learning algorithms can decipher the huge sets of data at an unprecedented speed and accuracy, giving businesses insights that were once out of reach.

Risk 106

Risk Architecture Data privacy Encryption 106

Graham Cluley

JUNE 12, 2023

UK law firm Knights certainly has an interesting way of keeping its staff happy.

Phishing 106

Phishing 106

Dark Reading

JUNE 12, 2023

Active threat hunting is the best protection against supply chain attacks like MOVEit and 3CX, experts say.

106

106

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

The Hacker News

JUNE 12, 2023

Security researchers have warned about an "easily exploitable" flaw in the Microsoft Visual Studio installer that could be abused by a malicious actor to impersonate a legitimate publisher and distribute malicious extensions. "A threat actor could impersonate a popular publisher and issue a malicious extension to compromise a targeted system," Varonis researcher Dolev Taler said.

106

106

Dark Reading

JUNE 12, 2023

Surveillance malware targets Libyan government entities, with possible links to a 2019 Egypt attack campaign.

Surveillance 106

Surveillance Government Malware 106

Security Boulevard

JUNE 12, 2023

ESG FAIL: Patching alone won’t cut it. The post What a Mess: Barracuda Swaps Countless Appliances — Malware Can’t be Removed appeared first on Security Boulevard.

Malware 105

Malware Risk Government Cybersecurity 105

Naked Security

JUNE 12, 2023

Though the mills of the Law grind slowly/Yet they grind exceeding small/Though with patience they stand waiting/With exactness grind they all…

Cybercrime 105

Cybercrime Cryptocurrency 105

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

CSO Magazine

JUNE 12, 2023

In my last CSO article , I detailed cybersecurity professionals’ opinions on the characteristics of a mature cyber-threat intelligence (CTI) program. According to ESG research , the top attributes of a mature CTI program include dissemination of reports to a broad audience, analysis of massive amounts of threat data, and CTI integration with lots of security technologies.

CSO 105

CSO Cyber threats Technology Cybersecurity 105

CyberSecurity Insiders

JUNE 12, 2023

Ofcom, the UK based communications watchdog has issued a public statement that it could have become a victim of a Russian speaking Clop ransomware attack that exploited SQL Injec-tion Vulerability via MOVEit File transfer software. The Office of Communications (Ofcom) has confirmed that a limited amount of data related to employees working in companies might have been accessed by hackers.

Ransomware 104

Ransomware Backups Software Accountability 104

Heimadal Security

JUNE 12, 2023

Researchers discovered new critical SQL injection vulnerabilities in the MOVEit Transfer managed file transfer (MFT) solution. The flaws could enable threat actors to exfiltrate information from customers’ databases. In addition, they impact all MOVEit Transfer versions. An attacker could submit a crafted payload to a MOVEit Transfer application endpoint which could result in modification and […] The post Patching Required!

Cybersecurity 102

Cybersecurity 102

CyberSecurity Insiders

JUNE 12, 2023

For the past few hours, there are N number of reports in Indian and International media that da-ta related to vaccinated Indian populace was accessed by hackers and was leaked on a social media platform Telegram, which is owned by a Russian entity. It is unclear who is behind the attack. However, the BJP led government has announced that the breach news broadcasted on certain private news channels was not true and the data of all the vaccinated populace was totally secure from the access of thre

Data breaches 104

Data breaches Government Media Authentication 104

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!