Schneier on Security
SEPTEMBER 1, 2022
Brian Krebs is reporting on a clever PayPal phishing scam that uses legitimate PayPal messaging. Basically, the scammers use the PayPal invoicing system to send the email. The email lists a phone number to dispute the charge, which is not PayPal and quickly turns into a request to download and install a remote-access tool.
Security Boulevard
SEPTEMBER 1, 2022
Interview with Mike Manrod, CISO, and Christian Taillon, IT Security Engineer at Grand Canyon Education. The post DHS Calls for “Excellence in Software” in Log4j Report appeared first on Security Boulevard.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Digital Shadows
SEPTEMBER 1, 2022
Rising energy bills, inflation, skyrocketing interest rates; the world continues to suffer from a cost of living and economic crisis. The post “I’m tired of living in poverty” – Russian-Speaking Cyber Criminals Feeling the Economic Pinch first appeared on Digital Shadows.
Graham Cluley
SEPTEMBER 1, 2022
Amid a wave of hacks which has cost investors billions of dollars worth of cryptocurrency, the FBI is calling on decentralised finance (DeFi) platforms to improve their security. Read more in my article on the Tripwire State of Security blog.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Security Boulevard
SEPTEMBER 1, 2022
The pace of technological growth understandably excites people and businesses alike. In the realm of investments and banking, an app-driven world coupled with the emergence of cryptocurrency opens up many new avenues for investments and opportunities for financial institutions to provide mobile banking and investment services via mobile apps. The excitement generated by these changes also extends to cybercriminals.
Graham Cluley
SEPTEMBER 1, 2022
Graham Cluley Security News is sponsored this week by the folks at Teleport. Thanks to the great team there for their support! Kubernetes is an amazing platform for managing containers at scale. However, a recent study found that over 900,000 Kubernetes clusters are vulnerable to attack because they are misconfigured! This means that your Kubernetes … Continue reading "Over 900K Kubernetes clusters are misconfigured!
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Security Boulevard
SEPTEMBER 1, 2022
Ok, now that you’ve done your homework on learning the basics and looked into some common tools and certifications to […]. The post How to Get Started in Cybersecurity: What Role is Right for You appeared first on Security Boulevard.
CyberSecurity Insiders
SEPTEMBER 1, 2022
Apple has made it official that it will be offering specialized hardware on its upcoming model of iPhone 14, which will have the capabilities of beaming internet directly from satellite services provider. Thus, iPhone 14 users can stay connected with their near and dear even when they are living or visiting remote areas like forests, deserts, highly restricted regions that are banned on travel.
Dark Reading
SEPTEMBER 1, 2022
Apple continues a staged update process to address a WebKit vulnerability that allows attackers to craft malicious Web content to load malware on affected devices.
IT Security Guru
SEPTEMBER 1, 2022
Although organisations appear to be highly concerned with cybersecurity, they often don’t follow the practices put into place to prevent a data leak. One of the reasons is that IT leaders and employees have completely different views on security measures, and another being the lack of emphasis on security risks, such as outbound threats, where data security training can often be out of date.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Bleeping Computer
SEPTEMBER 1, 2022
A new Instagram phishing campaign is underway, attempting to scam users of the popular social media platform by luring them with a blue-badge offer. [.].
Security Boulevard
SEPTEMBER 1, 2022
There was a pretty significant statistic that was recently released in Mandiant’s M-Trends 2022 report. In it, they cite that the median number of days an attacker resides in a system before detection (the “dwell time”) fell from 24 days in 2020, to 21 days in 2021. On the surface, that statistic may seem encouraging, […]. The post Threat Hunting Program: 5 Best Practices for Success appeared first on Cyborg Security.
Bleeping Computer
SEPTEMBER 1, 2022
Security researchers are raising the alarm about mobile app developers relying on insecure practices that expose Amazon Web Services (AWS) credentials, making the supply chain vulnerable. [.].
Security Boulevard
SEPTEMBER 1, 2022
Dario Forte, vice president and general manager for security orchestration at Sumo Logic, explains why the management of security is shifting to the cloud. The video is below followed by a transcript of the conversation. Mike Vizard: Hey, guys. Thanks for the throw. We’re here with Dario Forte, who is the vice-president and general manager. The post Security Management Shifting to the Cloud – Techstrong TV appeared first on Security Boulevard.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Bleeping Computer
SEPTEMBER 1, 2022
The U.S. National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) have released guidance today with tips on how to secure the software supply chain. [.].
Security Boulevard
SEPTEMBER 1, 2022
A GitLab survey of more 5,500 DevOps professionals (including roughly 700 application security professionals) found 57% of those security respondents reported that responsibility for security has either already or soon will shift left toward developers. However, 43% of respondents said they still have full ownership of security, with another third reporting they are at least.
The Hacker News
SEPTEMBER 1, 2022
Researchers have identified 1,859 apps across Android and iOS containing hard-coded Amazon Web Services (AWS) credentials, posing a major security risk. "Over three-quarters (77%) of the apps contained valid AWS access tokens allowing access to private AWS cloud services," Symantec's Threat Hunter team, a part of Broadcom Software, said in a report shared with The Hacker News.
Security Boulevard
SEPTEMBER 1, 2022
Just as no man is an island, no organization is, either. Every entity, whether public or private sector, operates in an ecosystem of partners, suppliers, customers, regulators, governing bodies and everyone in between. And while we all have to be responsible for our own operations, we must do so in a way that takes into. The post How Government Regulations Can Aid Cybersecurity Defenses appeared first on Security Boulevard.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
The Hacker News
SEPTEMBER 1, 2022
Microsoft on Wednesday disclosed details of a now-patched "high severity vulnerability" in the TikTok app for Android that could let attackers take over accounts when victims clicked on a malicious link.
Security Boulevard
SEPTEMBER 1, 2022
Shrav Mehta, CEO and Founder of Secureframe, talks about Secureframe’s platform for security compliance automation. They automate the compliance process for certifications like SOC 2, ISO 27001, HIPAA, and PCI DSS. The video is below followed by a transcript of the conversation. Alan Shimel: Hey, everyone. Welcome to another Techstrong TV episode.
Dark Reading
SEPTEMBER 1, 2022
"JuiceLedger" has escalated a campaign to distribute its information stealer by now going after developers who published code on the widely used Python code repository.
Security Boulevard
SEPTEMBER 1, 2022
Welcome to the latest edition of The Week in Cybersecurity , which brings you the newest headlines from both the world and our team about the most pressing topics in cybersecurity. This week: a China-linked cyber espionage campaign targets critical entities in Australia and the South China Sea, password manager LastPass gets hacked (again), and more. .
Advertisement
The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.
Malwarebytes
SEPTEMBER 1, 2022
Apple has released a security update for iOS 12.5.6 to patch a remotely exploitable WebKit vulnerability that allows attackers to execute arbitrary code on unpatched devices. The WebKit zero-day that is known as CVE-2022-32893 was fixed for iOS 15.6.1, iPadOS 15.6, and macOS Monterey 12.5.1 on August 17, and for Safari in macOS Big Sur and macOS Catalina on August 18.
Security Affairs
SEPTEMBER 1, 2022
Researchers discovered 1,859 Android and iOS apps containing hard-coded Amazon Web Services (AWS) credentials. Researchers from Broadcom Symantec’s Threat Hunter team discovered 1,859 Android and iOS apps containing hard-coded Amazon Web Services (AWS) credentials that allowed access to private cloud services. The experts pointed out that most of the apps containing hard-coded Amazon Web Services were iOS apps (98%), this is a trend that the researchers have been tracking for years. 47% of
Heimadal Security
SEPTEMBER 1, 2022
On Thursday night, August 25, TAP Air Portugal was the victim of a cyberattack claimed by the Ragnar Locker ransomware gang on their website. The largest airline in Portugal revealed the incident saying that the attack was stopped and the malicious actor leaked no customer information. “TAP was the target of a cyber-attack, now blocked. […]. The post A New Cyberattack on TAP Air Portugal appeared first on Heimdal Security Blog.
CSO Magazine
SEPTEMBER 1, 2022
A proposed California law which passed the state senate this week could drastically boost online privacy protection for minors, but major platforms like Google and Meta have called the bill “too broad,” warning that the work involved in complying with the law would be onerous and have unintended consequences. The essence of the bill, called the California Age-Appropriate Design Code Act , is that tech companies that collect data on children would be required to treat that data differently than d
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Heimadal Security
SEPTEMBER 1, 2022
START (start.ru), a Russian media streaming platform, has confirmed the rumors that emerged on Sunday, August 28, about a data breach. The cybercriminals extracted a 2021 database from START network which translates into account details of 7,455,926 users. START assures via Telegram that the vulnerability has been fixed and the malicious actors no longer have […].
Dark Reading
SEPTEMBER 1, 2022
The insecurities exist in CI/CD pipelines and can be used by attackers to subvert modern development and roll out malicious code at deployment.
The Hacker News
SEPTEMBER 1, 2022
So far 2022 confirms that passwords are not dead yet. Neither will they be anytime soon. Even though Microsoft and Apple are championing passwordless authentication methods, most applications and websites will not remove this option for a very long time.
Malwarebytes
SEPTEMBER 1, 2022
The Federal Trade Commission (FTC) has sued data broker Kochava for allegedly selling information that would allow for individuals’ whereabouts to be traced to sensitive locations. The information included location data from hundreds of millions of phones, including sensitive locations that could be tied to an individual. And, while the name Kochava may not ring any bells, it actually has a sizeable footprint in the data collection industry.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Expert insights. Personalized for you.
219 
Let's personalize your content