Troy Hunt
APRIL 14, 2022
For many years now, I've lamented about how much of my time is spent attempting to disclose data breaches to impacted companies. It's by far the single most time-consuming activity in processing breaches for Have I Been Pwned (HIBP) and frankly, it's about the most thankless task I can imagine. Finding contact details is hard. Getting responses is hard.
Schneier on Security
APRIL 14, 2022
This is a current list of where and when I am scheduled to speak: I’m speaking at Future Summits in Antwerp, Belgium on May 18, 2022. I’m speaking at IT-S Now 2022 in Vienna on June 2, 2022. I’m speaking at the 14th International Conference on Cyber Conflict, CyCon 2022, in Tallinn, Estonia on June 3, 2022. I’m speaking at the RSA Conference 2022 in San Francisco, June 6-9, 2022.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Troy Hunt
APRIL 14, 2022
Bit of a long one this week, just due to a bunch of stuff all coinciding at the same time. The drone is obviously the coolest one and it was interesting to hear other people's experiences with theirs. This is just super cool tech and I can't remember the last time I looked at a consumer product and thought "wow, I didn't know they could do that!
Schneier on Security
APRIL 14, 2022
The Department of Energy, CISA, the FBI, and the NSA jointly issued an advisory describing a sophisticated piece of malware called Pipedream that’s designed to attack a wide range of industrial control systems. This is clearly from a government, but no attribution is given. There’s also no indication of how the malware was discovered. It seems not to have been used yet.
Speaker: Erroll Amacker
Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.
The Last Watchdog
APRIL 14, 2022
It’s no secret that cyberattacks can happen to any business, and we should all be suspicious of messages from unfamiliar senders appearing in our email inboxes. Related: Deploying human sensors. But surely, we can feel confident in email communications and requests from our organization’s executives and fellow coworkers, right? The short answer: Not always.
Tech Republic Security
APRIL 14, 2022
A new SaaS survey finds that IT teams don’t know what software business units are using or who has access to security settings. The post Business teams increase cybersecurity risk due to poor SaaS management appeared first on TechRepublic.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
|
Tech Republic Security
APRIL 14, 2022
Cybersecurity is more important than ever. Safeguard data from web trawling with this WordPress plugin. The post This WordPress plugin protects the emails displayed on your website appeared first on TechRepublic.
Malwarebytes
APRIL 14, 2022
After having tracked stalkerware for years, Malwarebytes can reveal that in 2021, detections for apps that can non-consensually monitor another person’s activity reached their highest peak ever, but that, amidst the record-setting numbers, the volume of detections actually began to significantly decrease in the second half of the year. This decrease in stalkerware-type activity never reached the lower levels in 2019 that Malwarebytes recorded before the start of the global coronavirus pand
Tech Republic Security
APRIL 14, 2022
Hackers are using a technique known as Quoted-printable to trick security defenses into thinking a malicious link is legitimate, says Avanan. The post How cybercriminals are creating malicious hyperlinks that bypass security software appeared first on TechRepublic.
Security Boulevard
APRIL 14, 2022
An analysis of more than 680,000 identities across 18,000 cloud accounts from 200 different organizations published this week by Palo Alto Networks found nearly all (99%) cloud users, roles, services and resources were granted excessive permissions that were unused for 60 days or more. Nathaniel Quist, a principal researcher for the Unit 42 security research.
Advertisement
Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.
Tech Republic Security
APRIL 14, 2022
Malware, phishing attacks and data breaches are the most common threats for small and medium-sized businesses, says a survey from Intuit QuickBooks. The post More than 40% of SMBs surveyed have been hit with a cybersecurity breach appeared first on TechRepublic.
Security Affairs
APRIL 14, 2022
The US government agencies warned of threat actors that are targeting ICS and SCADA systems from various vendors. The Department of Energy (DOE), the Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), and the Federal Bureau of Investigation (FBI) published a joint Cybersecurity Advisory (CSA) to warn of offensive capabilities developed by APT actors that could allow them to compromise multiple industrial control system (ICS)/supervisory control and data
Tech Republic Security
APRIL 14, 2022
New research highlights IAM security issues that could be reduced or solved with proper measures. Learn how to effectively configure IAM for better cloud infrastructure security. The post Research reveals that IAM is too often permissive and misconfigured appeared first on TechRepublic.
Bleeping Computer
APRIL 14, 2022
A popular Windows 11 ToolBox script used to add the Google Play Store to the Android Subsystem has secretly infected users with malicious scripts, Chrome extensions, and potentially other malware. [.].
Advertisement
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
Tech Republic Security
APRIL 14, 2022
Almost half of customers say they would discontinue using a service if a cyberattack happens to an organization. The post Consumers have dwindling trust in companies to keep user information safe appeared first on TechRepublic.
Malwarebytes
APRIL 14, 2022
Microsoft has announced that its Digital Crimes Unit (DCU) has taken legal and technical action to disrupt a malicious botnet called Zloader. Zloader or Zbot are common names used to refer to any malware related to the ZeuS family. There are a lot of those because the ZeuS banking Trojan source code was leaked in 2011, and so there’s been plenty of time for several new variants to emerge.
Tech Republic Security
APRIL 14, 2022
Remote work has become the norm for many people, resulting in more interest in home security devices. Don’t miss this Door-Ringer Package Deal. The post Tighten your home security with this affordable video doorbell appeared first on TechRepublic.
Heimadal Security
APRIL 14, 2022
Five serious vulnerabilities in hospital robots that served for the transportation of medical supplies have been patched by vendor Aethon. Vulnerabilities Found in Hospital Robots: More Details As recently reported in Cynerio’s public report of Jekyllbot:5, five significant zero-day vulnerabilities in Aethon TUG robots and medical equipment can fall short of adequate security safeguards.
Speaker: Sierre Lindgren
Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.
eSecurity Planet
APRIL 14, 2022
Critical infrastructure , industrial control (ICS) and supervisory control and data acquisition (SCADA) systems are under increasing threat of cyber attacks, according to a number of recent warnings from government agencies and private security researchers. CERT-UA (Computer Emergency Response Team of Ukraine) reported a major attack on Ukrainian energy infrastructure last week.
Security Affairs
APRIL 14, 2022
Threat actors are actively exploiting a critical vulnerability in VMware Workspace ONE Access and Identity Manager recently patched by the vendor. Threat actors are actively exploiting a critical flaw, tracked as CVE-2022-22954 , in VMware Workspace ONE Access and Identity Manager recently patched by the vendor. Researchers from cyber threat intelligence BadPackets also reported that the vulnerability is actively exploited in the wild.
Bleeping Computer
APRIL 14, 2022
The Conti ransomware operation has claimed responsibility for a cyberattack on wind turbine giant Nordex, which was forced to shut down IT systems and remote access to the managed turbines earlier this month. [.].
Heimadal Security
APRIL 14, 2022
A rapidly expanding malware is entrapping routers, DVRs, and servers all over the web in order to launch Distributed Denial-of-Service (DDoS) attacks on over 100 victims every day. CNCERT and Qihoo 360’s Network Security Research Lab (360 Netlab) worked together and found this botnet they dubbed Fodcha. According to a report by 360 Netlab, between […].
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
CSO Magazine
APRIL 14, 2022
As an infosec professional, you’ve likely heard about using a cyber kill chain to help identify and prevent intrusions. Attackers are evolving their methods, which might require that you look at the cyber kill chain differently. What follows is an explanation of the cyber kill chain and how you might employ it in your environment. Cyber kill chain definition.
Bleeping Computer
APRIL 14, 2022
Google has released Chrome 100.0.4896.127 for Windows, Mac, and Linux, to fix a high-severity zero-day vulnerability actively used by threat actors in attacks. [.].
CSO Magazine
APRIL 14, 2022
In the second major industrial control system (ICS) threat development this week, the U.S. Department of Energy (DOE), the Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), and the Federal Bureau of Investigation (FBI) issued a Cybersecurity Advisory (CSA) warning of a complex and dangerous ICS threat. The CSA says that specific unnamed advanced persistent threat (APT) actors have exhibited the capability to gain complete system access to multiple ICS a
Malwarebytes
APRIL 14, 2022
The deadline for filing your taxes in the US is nearly upon us. April 18 is the very last date that you can afford to hand your tax returns in to the IRS. People will naturally gravitate toward all manner of filing tools to get the job done. But it’s worth noting that sites are lurking in search engine results to potentially make it harder to file, not easier.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
The Hacker News
APRIL 14, 2022
Microsoft and a consortium of cybersecurity companies took legal and technical steps to disrupt the ZLoader botnet, seizing control of 65 domains that were used to control and communicate with the infected hosts.
CSO Magazine
APRIL 14, 2022
A new system recovery offering from former IBM division and current managed infrastructure service provider Kyndryl incorporates air-gapped data vaulting technology from Dell for faster recovery from major cybersecurity incidents like ransomware attacks. The Cyber Incident Recovery service is a four-part system, says Kyndryl global security and resiliency practice leader Kris Lovejoy.
Security Affairs
APRIL 14, 2022
The U.S. CISA added the CVE-2022-24521 Microsoft Windows CLFS Driver Privilege Escalation Vulnerability to its Known Exploited Vulnerabilities Catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the CVE-2022-24521 privilege escalation vulnerability in Microsoft Windows Common Log File System (CLFS) Driver. According to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities , FCEB agencies have to address the ident
Heimadal Security
APRIL 14, 2022
Remcos is a Remote Access Software that allows you to operate computers from a distance. Remcos, creates a backdoor on the computer, allowing the remote user complete access to the machine. This RAT can be used for a variety of reasons, including surveillance and penetration testing, and has even been employed in hacking campaigns in […]. The post RemcosRAT Malware Is Targeting African Banks appeared first on Heimdal Security Blog.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Expert insights. Personalized for you.
355 
Let's personalize your content