Schneier on Security
MARCH 23, 2022
The Office of Inspector General has audited NASA’s insider threat program: While NASA has a fully operational insider threat program for its classified systems, the vast majority of the Agency’s information technology (IT) systems — including many containing high-value assets or critical infrastructure — are unclassified and are therefore not covered by its current insider threat program.
Tech Republic Security
MARCH 23, 2022
Using social engineering rather than traditional ransomware tactics, the Lapsus$ group has already hit multiple organizations, says Microsoft. The post Microsoft warns of destructive attacks by Lapsus$ cybercrime group appeared first on TechRepublic.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
CyberSecurity Insiders
MARCH 23, 2022
Only solution to deliver integrated cloud-based SIEM, SOAR, and UEBA services directly to organizations of all sizes. Includes security for business-critical applications to protect the digital heart of businesses. COPENHAGEN, Denmark & BOSTON, March 22, 2022 — Logpoint is now making its Converged SIEM, combining SIEM, SOAR, UEBA, and security for business-critical applications generally available.
Tech Republic Security
MARCH 23, 2022
As the U.S. moves forward into infrastructure renovations, onboarding more electric vehicles and charging stations are major goals—but are we ready for cyberattacks? The post EV charging stations: Are they new targets for cyberattacks? appeared first on TechRepublic.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Security Boulevard
MARCH 23, 2022
Today’s businesses are no stranger to innovation. From enhancing products and services with cutting-edge technologies to honing productivity with cloud-based applications and new ways of networking, innovation has become a key differentiator across virtually every industry. In the vast majority of cases, that innovation is almost wholly dependent on a company’s IT capabilities.
Tech Republic Security
MARCH 23, 2022
By design, Signal and Wire offer better security than system-default messaging services. Learn about key distinctions between these two secure messaging apps. The post Signal vs. Wire: Compare messaging app privacy and security appeared first on TechRepublic.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Tech Republic Security
MARCH 23, 2022
Keep your laptop and other devices safe. Try the Deeper Connect Nano Decentralized Cybersecurity Hardware to take your VPN with you everywhere. The post Cybersecurity: Get this ultra-secure, portable, decentralized network VPN for one low price appeared first on TechRepublic.
Digital Shadows
MARCH 23, 2022
What we know about the Okta breach, Lapsus$ group, and what you can do today to protect your organization. The post The Okta breach: What we know so far first appeared on Digital Shadows.
Tech Republic Security
MARCH 23, 2022
The Lapsus$ cybercriminal group exposed screenshots and messages showing it had successfully breached identify platform Okta. Read about it and see how to protect yourself from this threat. The post Okta authentication company’s customer data targeted by the Lapsus$ gang appeared first on TechRepublic.
Graham Cluley
MARCH 23, 2022
AvosLocker is a ransomware-as-a-service (RaaS) gang which first appeared in mid-2021. It has since become notorious for its attacks targeting critical infrastructure in the United States, including the sectors of financial services, critical manufacturing, and government facilities. Read more in my article on the Tripwire State of Security blog.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
CyberSecurity Insiders
MARCH 23, 2022
All these days, nations like China, Russia, Iran and North Korea were countries indulging in the marketing and distribution of cyber threats. But according to a newly emerged security report from CrowdStrike, two new nations have joined the list. Turkey and Columbia are the two nations indulging in offensive activities and were caught red-handed by the security researchers from the threat monitoring company.
We Live Security
MARCH 23, 2022
ESET researchers have discovered Hodur, a previously undocumented Korplug variant spread by Mustang Panda, that uses phishing lures referencing current events in Europe, including the invasion of Ukraine. The post Mustang Panda’s Hodur: Old tricks, new Korplug variant appeared first on WeLiveSecurity.
IT Security Central
MARCH 23, 2022
When it comes time for an employee to leave your organization, you want it to be on friendly terms. But there are definitely limits to how friendly you want folks to be after they leave. Especially when it comes to accessing materials from their old position for their new endeavors. In a recent bizarre case, […]. The post How to Reduce the Risk of Former Employees Coordinating with Insider Threats first appeared on IT Security Central - Teramind Blog.
Hacker Combat
MARCH 23, 2022
Amid Russia’s war with Ukraine, Russian state-backed businesses continue to face attacks and data leaks from hackers. A website famous for hosting leaks released a link to around 79 gigabytes of allegedly stolen emails from Transneft, a government-controlled Russian oil pipeline company. Transneft, which has its headquarters in Moscow, is the largest pipeline company globally.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Tech Republic Security
MARCH 23, 2022
Choosing a SIEM platform for your organization requires a close look at how well various solutions deliver what you need. Learn about the relative merits of two solid options: IBM QRadar and Splunk. The post QRadar vs. Splunk: SIEM tool comparison appeared first on TechRepublic.
Naked Security
MARCH 23, 2022
Some tips on how to keep your network safe - even (or perhaps especially!) if you think you're safe already.
Tech Republic Security
MARCH 23, 2022
Malware analysis sandboxes let users determine if a file or URL is malicious, suspicious or legitimate. For daily use, two good solutions are ANY.RUN and Joe Sandbox. Let’s compare their features. The post ANY.RUN vs. Joe Sandbox: Malware analysis tools comparison appeared first on TechRepublic.
The Hacker News
MARCH 23, 2022
Vulnerable routers from MikroTik have been misused to form what cybersecurity researchers have called one of the largest botnet-as-a-service cybercrime operations seen in recent years.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Identity IQ
MARCH 23, 2022
Why Identity Theft Protection is an Important Employee Benefit. IdentityIQ. Employees are a company’s most valuable asset. According to Consumer Affairs, between 2019 and 2020, there was a 311% rise in identity theft victims. An employer can help keep their employees safe by providing identity theft protection. Identity theft protection as an employee benefit protects employees and protects the employer.
Security Boulevard
MARCH 23, 2022
Do you find it challenging to have meaningful conversations with your organization’s senior executives and board members about cyber security risk? If you answered yes, it may be that you’re not speaking in terms that your CFO, CEO and board understand, or more importantly, care about. As a security leader, you need your stakeholders and …. Read More.
Bleeping Computer
MARCH 23, 2022
Roskomnadzor, Russia's telecommunications regulator, has banned Alphabet's news aggregator service Google News and blocked access to the news.google.com domain for providing access to "unreliable information" on the ongoing war in Ukraine. [.].
The Hacker News
MARCH 23, 2022
A China-based advanced persistent threat (APT) known as Mustang Panda has been linked to an ongoing cyberespionage campaign using a previously undocumented variant of the PlugX remote access trojan on infected machines. Slovak cybersecurity firm ESET dubbed the new version Hodur, owing to its resemblance to another PlugX (aka Korplug) variant called THOR that came to light in July 2021.
Advertisement
The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.
Bleeping Computer
MARCH 23, 2022
A Russian national has been indicted by the US DOJ and added to the FBI's Cyber Most Wanted list for allegedly creating and managing a cybercrime marketplace. [.].
The Hacker News
MARCH 23, 2022
Researchers have disclosed details of a newly discovered macOS variant of a malware implant developed by a Chinese espionage threat actor known to strike attack organizations across Asia.
Bleeping Computer
MARCH 23, 2022
Security analysts from two companies have spotted a new case of hackers targeting hackers via clipboard stealers disguised as cracked RATs and malware building tools. [.].
The Hacker News
MARCH 23, 2022
VMware on Wednesday released software updates to plug two critical security vulnerabilities affecting its Carbon Black App Control platform that could be abused by a malicious actor to execute arbitrary code on affected installations in Windows systems. Tracked as CVE-2022-22951 and CVE-2022-22952, both the flaws are rated 9.1 out of a maximum of 10 on the CVSS vulnerability scoring system.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Bleeping Computer
MARCH 23, 2022
An unknown Chinese-speaking threat actor has been targeting betting companies in Taiwan, Hong Kong, and the Philippines, leveraging a vulnerability in WPS Office to plant a backdoor on the targeted systems. [.].
Trend Micro
MARCH 23, 2022
We provide an overview of the diverse range of NFT- and cryptocurrency-related scams that malicious actors use to steal assets worldwide.
Bleeping Computer
MARCH 23, 2022
Researchers have conducted a technical experiment, testing ten ransomware variants to determine how fast they encrypt files and evaluate how feasible it would be to timely respond to their attacks. [.].
Security Affairs
MARCH 23, 2022
The provider of access management systems Okta confirmed the data breach and revealed that 2.5% of its customers were impacted. This week Lapsus$ extortion group claimed to have stolen sensitive data from the identity and access management giant Okta solutions. The gang announced the alleged hack through its Telegram channel and shared a series of screenshots as proof of the hack.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Expert insights. Personalized for you.
226 
Let's personalize your content