Schneier on Security
JULY 7, 2022
Report by Georgetown’s Center on Privacy and Technology published a comprehensive report on the surprising amount of mass surveillance conducted by Immigration and Customs Enforcement (ICE). Our two-year investigation, including hundreds of Freedom of Information Act requests and a comprehensive review of ICE’s contracting and procurement records, reveals that ICE now operates as a domestic surveillance agency.
Javvad Malik
JULY 7, 2022
Over here in the UK we’ve had dozens of MPs (members of parliament) tender their resignation over the last day or so. While I’m not interested in politics, seeing so many resignation letters did provide me with the template to create the perfect letter. It consists of a few steps. 1. Yellow paper (not the white one peasants write on). 2.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Joseph Steinberg
JULY 7, 2022
A mischievous hacker, or group of hackers, took over Disneyland’s official Instagram and Facebook accounts earlier today, and, apparently, defaced them both with a series of profane and racist posts. Walt Disney Company has confirmed the breach, which appears to have occurred around 7 AM US Eastern time. The entertainment giant stated that it responded to the incident with zeal: “We worked quickly to remove the reprehensible content, secure our accounts, and our security teams are conducting an
Anton on Security
JULY 7, 2022
This is my completely informal, uncertified, unreviewed and otherwise completely unofficial blog inspired by my reading of our third Threat Horizons Report ( full version ) that we just released ( the official blog for #1 report , my unofficial blog for #2 ). My favorite quotes from the report follow below: “Another common tactic that continues to be observed is when bad actors actively impersonate legitimate sounding organizations (especially in journalism or education) with the objective of in
Speaker: Erroll Amacker
Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.
Tech Republic Security
JULY 7, 2022
Cybercriminals found a way into a Shanghai National Police database, in the largest exploit of personal information in the country’s history. The post China suffers massive cybersecurity breach affecting over 1 billion people appeared first on TechRepublic.
Bleeping Computer
JULY 7, 2022
While Microsoft announced earlier this year that it would block VBA macros on downloaded documents by default, Redmond said on Thursday that it will roll back this change based on "feedback" until further notice. [.].
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
|
Malwarebytes
JULY 7, 2022
Apple has announced a new feature of iOS 16 called Lockdown Mode. This new feature is designed to provide a safer environment on iOS for people at high risk of what Apple refers to as “mercenary spyware.” This includes people like journalists and human rights advocates, who are often targeted by oppressive regimes using malware like NSO Groups’ Pegasus spyware.
Tech Republic Security
JULY 7, 2022
Barracuda Networks found that HTML attachments were malicious more than double than the next leading type of file. The post HTML attachments found to be the most malicious type of file appeared first on TechRepublic.
Heimadal Security
JULY 7, 2022
The recent incident at Marriott is not the first time the company has been the victim of a massive data breach. An incident that occurred in 2014 but was not discovered until September 2018 led to a fine of £14.4 million ($24 million) from the Information Commissioner’s Office in the United Kingdom. Names, mailing addresses, […]. The post Marriott Confirms Data Breach appeared first on Heimdal Security Blog.
Tech Republic Security
JULY 7, 2022
Cybersecurity is a more significant concern nowadays as hackers have become more sophisticated and aggressive. Train for the fight against cybercrime with this training bundle. The post Train for some of today’s top cybersecurity credentials for $39 appeared first on TechRepublic.
Advertisement
Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.
Security Affairs
JULY 7, 2022
US authorities have issued a joint advisory warning of North Korea-linked APTs using Maui ransomware in attacks against the Healthcare sector. The FBI, CISA, and the U.S. Treasury Department issued a joint advisory that warn of North-Korea-linked threat actors using Maui ransomware in attacks aimed at organizations in the Healthcare sector. “The Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and the Department of the Treasury (Treasury) are
Tech Republic Security
JULY 7, 2022
The ransomware has expanded its arsenal of extortion techniques, adding a search engine for cybercriminals. The post ALPHV’s ransomware makes it easy to search data from targets who do not pay appeared first on TechRepublic.
Security Affairs
JULY 7, 2022
Researchers uncovered a large-scale cryptocurrency mining campaign targeting the NPM JavaScript package repository. Checkmarx researchers spotted a new large-scale cryptocurrency mining campaign, tracked as CuteBoi , that is targeting the NPM JavaScript package repository. Threat actors behind the campaign published 1,283 malicious modules in the repository and used over 1,000 different user accounts.
The Hacker News
JULY 7, 2022
Disclaimer: This article is meant to give insight into cyber threats as seen by the community of users of CrowdSec. What can tens of thousands of machines tell us about illegal hacker activities?
Advertisement
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
Security Affairs
JULY 7, 2022
Cybersecurity researchers warn of new malware, tracked as OrBit, which is a fully undetected Linux threat. Cybersecurity researchers at Intezer have uncovered a new Linux malware, tracked as OrBit, that is still undetected. The malware can be installed as a volatile implant either by achieving persistence on the compromised systems. The malware implements advanced evasion techniques and hooks key functions to maintain persistence on the infected systems.
TrustArc
JULY 7, 2022
Don't gamble with third-party vendor risk. Your organization needs to build a foundational vendor risk management program.
Security Affairs
JULY 7, 2022
The development team behind the OpenSSL project fixed a high-severity bug in the library that could potentially lead to remote code execution. The maintainers of the OpenSSL project fixed a high-severity heap memory corruption issue , tracked as CVE-2022-2274 , affecting the popular library. This bug makes the RSA implementation with 2048 bit private keys incorrect on such machines and triggers a memory corruption during the computation.
Threatpost
JULY 7, 2022
A radio control system for drones is vulnerable to remote takeover, thanks to a weakness in the mechanism that binds transmitter and receiver.
Speaker: Sierre Lindgren
Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.
Dark Reading
JULY 7, 2022
It's time to tap the large reservoir of talent with analytical skills to help tackle cybersecurity problems. Train workers in cybersecurity details while using their ability to solve problems.
CyberSecurity Insiders
JULY 7, 2022
T Mobile’s Executive Vice President Mike Katz issued an update on his LinkedIn page, a sophisticated cyber attack resulting in data breach that apparently occurred last week targeting some of the business customers of his company. The consequences of the attack are yet to be estimated. However, Mr. Katz told that the impact of the data breach could vary by business and individual.
Bleeping Computer
JULY 7, 2022
Professional Finance Company Inc. (PFC), a full-service accounts receivables management company, says that a ransomware attack in late February led to a data breach affecting over 600 healthcare organizations. [.].
The State of Security
JULY 7, 2022
Apple has previewed a new feature which aims to harden high-risk users from the serious threat of being spied upon by enemy states and intelligence agencies. Read more in my article on the Tripwire State of Security blog.
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
Bleeping Computer
JULY 7, 2022
A newly discovered Linux malware is being used to stealthily steal information from backdoored Linux systems and infect all running processes on the machine. [.].
The Hacker News
JULY 7, 2022
Cisco on Wednesday rolled out patches for 10 security flaws spanning multiple products, one of which is rated Critical in severity and could be weaponized to conduct absolute path traversal attacks.
Dark Reading
JULY 7, 2022
Improper implementations of authentication APIs at a global crypto wallet service provider could have resulted in the loss of account control — and millions of dollars — from personal and business accounts.
Security Boulevard
JULY 7, 2022
You’ve done your research and looked at the various ways you can map, prioritize and remediate vulnerabilities. You clearly see that a risk-based vulnerability management (RBVM) approach is the only reasonable way to address the tsunami of vulnerabilities your organization encounters and provide the context needed for risk-based remediation decisions.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
CSO Magazine
JULY 7, 2022
The company is introducing Lockdown Mode to protect high-risk individuals against corrosive surveillance and attacks, and investing millions to improve protection on its devices.
Bleeping Computer
JULY 7, 2022
Security researchers are warning that hackers can abuse online programming learning platforms to remotely launch cyberattacks, steal data, and scan for vulnerable devices, simply by using a web browser. [.].
CSO Magazine
JULY 7, 2022
You only need to consider that more than 4.4 million distributed denial-of-service (DDoS) attacks occurred in the second half of 2021, to know with certainty that such attacks are always happening. It’s not a matter of if a company will be impacted by a DDoS attack, it’s a matter of when. But enterprises don’t have to cower and wait for the inevitable to occur.
Naked Security
JULY 7, 2022
Listen now! Or read if you prefer.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Expert insights. Personalized for you.
338 
Let's personalize your content