Schneier on Security
SEPTEMBER 1, 2022
Brian Krebs is reporting on a clever PayPal phishing scam that uses legitimate PayPal messaging. Basically, the scammers use the PayPal invoicing system to send the email. The email lists a phone number to dispute the charge, which is not PayPal and quickly turns into a request to download and install a remote-access tool.
Security Boulevard
SEPTEMBER 1, 2022
Interview with Mike Manrod, CISO, and Christian Taillon, IT Security Engineer at Grand Canyon Education. The post DHS Calls for “Excellence in Software” in Log4j Report appeared first on Security Boulevard.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Digital Shadows
SEPTEMBER 1, 2022
Rising energy bills, inflation, skyrocketing interest rates; the world continues to suffer from a cost of living and economic crisis. The post “I’m tired of living in poverty” – Russian-Speaking Cyber Criminals Feeling the Economic Pinch first appeared on Digital Shadows.
Graham Cluley
SEPTEMBER 1, 2022
Amid a wave of hacks which has cost investors billions of dollars worth of cryptocurrency, the FBI is calling on decentralised finance (DeFi) platforms to improve their security. Read more in my article on the Tripwire State of Security blog.
Speaker: Erroll Amacker
Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.
Heimadal Security
SEPTEMBER 1, 2022
START (start.ru), a Russian media streaming platform, has confirmed the rumors that emerged on Sunday, August 28, about a data breach. The cybercriminals extracted a 2021 database from START network which translates into account details of 7,455,926 users. START assures via Telegram that the vulnerability has been fixed and the malicious actors no longer have […].
Graham Cluley
SEPTEMBER 1, 2022
Graham Cluley Security News is sponsored this week by the folks at Teleport. Thanks to the great team there for their support! Kubernetes is an amazing platform for managing containers at scale. However, a recent study found that over 900,000 Kubernetes clusters are vulnerable to attack because they are misconfigured! This means that your Kubernetes … Continue reading "Over 900K Kubernetes clusters are misconfigured!
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
|
Heimadal Security
SEPTEMBER 1, 2022
On Thursday night, August 25, TAP Air Portugal was the victim of a cyberattack claimed by the Ragnar Locker ransomware gang on their website. The largest airline in Portugal revealed the incident saying that the attack was stopped and the malicious actor leaked no customer information. “TAP was the target of a cyber-attack, now blocked. […]. The post A New Cyberattack on TAP Air Portugal appeared first on Heimdal Security Blog.
CyberSecurity Insiders
SEPTEMBER 1, 2022
Britain has re-amended a few of the cybersecurity guidelines for the telecom operators rendering services in the region. And the regulations seem to be highly stringent in the world- hmmm, at least of paper. National Cyber Security Centre (NCSC) a cyber arm of GCHQ, has devised Telecommunication Security Act in November 2021. Now, it has made some amendments that would come into effect from October this year and are as follows-. · It is the duty of the telecom services provider to track down thr
Dark Reading
SEPTEMBER 1, 2022
Apple continues a staged update process to address a WebKit vulnerability that allows attackers to craft malicious Web content to load malware on affected devices.
Security Boulevard
SEPTEMBER 1, 2022
Ok, now that you’ve done your homework on learning the basics and looked into some common tools and certifications to […]. The post How to Get Started in Cybersecurity: What Role is Right for You appeared first on Security Boulevard.
Advertisement
Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.
CyberSecurity Insiders
SEPTEMBER 1, 2022
Apple has made it official that it will be offering specialized hardware on its upcoming model of iPhone 14, which will have the capabilities of beaming internet directly from satellite services provider. Thus, iPhone 14 users can stay connected with their near and dear even when they are living or visiting remote areas like forests, deserts, highly restricted regions that are banned on travel.
IT Security Guru
SEPTEMBER 1, 2022
Although organisations appear to be highly concerned with cybersecurity, they often don’t follow the practices put into place to prevent a data leak. One of the reasons is that IT leaders and employees have completely different views on security measures, and another being the lack of emphasis on security risks, such as outbound threats, where data security training can often be out of date.
Dark Reading
SEPTEMBER 1, 2022
The insecurities exist in CI/CD pipelines and can be used by attackers to subvert modern development and roll out malicious code at deployment.
Security Affairs
SEPTEMBER 1, 2022
Researchers discovered 1,859 Android and iOS apps containing hard-coded Amazon Web Services (AWS) credentials. Researchers from Broadcom Symantec’s Threat Hunter team discovered 1,859 Android and iOS apps containing hard-coded Amazon Web Services (AWS) credentials that allowed access to private cloud services. The experts pointed out that most of the apps containing hard-coded Amazon Web Services were iOS apps (98%), this is a trend that the researchers have been tracking for years. 47% of
Advertisement
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
Dark Reading
SEPTEMBER 1, 2022
Cloud breaches are inevitable — and so is cloud ransomware. (Second of two parts.
Security Affairs
SEPTEMBER 1, 2022
Microsoft discovered a vulnerability in the TikTok app for Android that could lead to one-click account hijacking. Microsoft researchers discovered a high-severity flaw ( CVE-2022-28799 ) in the TikTok Android app, which could have allowed attackers to hijack users’ accounts with a single click. The experts state that the vulnerability would have required the chaining with other flaws to hijack an account.
Dark Reading
SEPTEMBER 1, 2022
"JuiceLedger" has escalated a campaign to distribute its information stealer by now going after developers who published code on the widely used Python code repository.
Security Boulevard
SEPTEMBER 1, 2022
There was a pretty significant statistic that was recently released in Mandiant’s M-Trends 2022 report. In it, they cite that the median number of days an attacker resides in a system before detection (the “dwell time”) fell from 24 days in 2020, to 21 days in 2021. On the surface, that statistic may seem encouraging, […]. The post Threat Hunting Program: 5 Best Practices for Success appeared first on Cyborg Security.
Speaker: Sierre Lindgren
Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.
Security Affairs
SEPTEMBER 1, 2022
Apple released new security updates for older iPhone and iPad devices addressing recently fixed WebKit zero-day. Apple has released new updates to backport patches released this month to older iPhone and iPad devices addressing the CVE-2022-32893 flaw. The CVE-2022-32893 flaw is an out-of-bounds issue that impacts WebKit. An attacker can trigger the flaw by tricking target devices into processing maliciously crafted web content to achieve arbitrary code execution.
The Hacker News
SEPTEMBER 1, 2022
Researchers have identified 1,859 apps across Android and iOS containing hard-coded Amazon Web Services (AWS) credentials, posing a major security risk. "Over three-quarters (77%) of the apps contained valid AWS access tokens allowing access to private AWS cloud services," Symantec's Threat Hunter team, a part of Broadcom Software, said in a report shared with The Hacker News.
Security Affairs
SEPTEMBER 1, 2022
The Ragnar Locker ransomware gang claims to have hacked the Portuguese state-owned flag carrier airline TAP Air Portugal and stolen customers’ data. The Ragnar Locker ransomware added the Portuguese state-owned flag carrier airline TAP Air Portugal to its leak site and claims to have stolen customers’ data. On August 26, the Portugues company announced via Twitter that it was hit by a cyber attack and that it was able to neutralize it.
Malwarebytes
SEPTEMBER 1, 2022
Apple has released a security update for iOS 12.5.6 to patch a remotely exploitable WebKit vulnerability that allows attackers to execute arbitrary code on unpatched devices. The WebKit zero-day that is known as CVE-2022-32893 was fixed for iOS 15.6.1, iPadOS 15.6, and macOS Monterey 12.5.1 on August 17, and for Safari in macOS Big Sur and macOS Catalina on August 18.
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
The Hacker News
SEPTEMBER 1, 2022
Microsoft on Wednesday disclosed details of a now-patched "high severity vulnerability" in the TikTok app for Android that could let attackers take over accounts when victims clicked on a malicious link.
WIRED Threat Level
SEPTEMBER 1, 2022
Researchers found that mobile applications contain keys that could provide access to both user information and private files from unconnected apps.
Security Boulevard
SEPTEMBER 1, 2022
Dario Forte, vice president and general manager for security orchestration at Sumo Logic, explains why the management of security is shifting to the cloud. The video is below followed by a transcript of the conversation. Mike Vizard: Hey, guys. Thanks for the throw. We’re here with Dario Forte, who is the vice-president and general manager. The post Security Management Shifting to the Cloud – Techstrong TV appeared first on Security Boulevard.
WIRED Threat Level
SEPTEMBER 1, 2022
The California Age-Appropriate Design Code would launch a huge online privacy experiment. And it won’t just affect children.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Security Boulevard
SEPTEMBER 1, 2022
A GitLab survey of more 5,500 DevOps professionals (including roughly 700 application security professionals) found 57% of those security respondents reported that responsibility for security has either already or soon will shift left toward developers. However, 43% of respondents said they still have full ownership of security, with another third reporting they are at least.
Malwarebytes
SEPTEMBER 1, 2022
The Federal Trade Commission (FTC) has sued data broker Kochava for allegedly selling information that would allow for individuals’ whereabouts to be traced to sensitive locations. The information included location data from hundreds of millions of phones, including sensitive locations that could be tied to an individual. And, while the name Kochava may not ring any bells, it actually has a sizeable footprint in the data collection industry.
Bleeping Computer
SEPTEMBER 1, 2022
The U.S. National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) have released guidance today with tips on how to secure the software supply chain. [.].
Security Boulevard
SEPTEMBER 1, 2022
Just as no man is an island, no organization is, either. Every entity, whether public or private sector, operates in an ecosystem of partners, suppliers, customers, regulators, governing bodies and everyone in between. And while we all have to be responsible for our own operations, we must do so in a way that takes into. The post How Government Regulations Can Aid Cybersecurity Defenses appeared first on Security Boulevard.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Expert insights. Personalized for you.
295 
Let's personalize your content