Schneier on Security

SEPTEMBER 26, 2022

Sometimes browser spellcheckers leak passwords : When using major web browsers like Chrome and Edge, your form data is transmitted to Google and Microsoft, respectively, should enhanced spellcheck features be enabled. Depending on the website you visit, the form data may itself include PII­—including but not limited to Social Security Numbers (SSNs)/Social Insurance Numbers (SINs), name, address, email, date of birth (DOB), contact information, bank and payment information, and so on.

Passwords 325

Passwords Insurance Banking 325

The Last Watchdog

SEPTEMBER 26, 2022

Today’s enterprises are facing more complexities and challenges than ever before. Related: Replacing VPNs with ZTNA. Thanks to the emergence of today’s hybrid and multi-cloud environments and factors like remote work, ransomware attacks continue to permeate each industry. In fact, the 2022 Verizon Data Breach Investigation Report revealed an alarming 13 percent increase in ransomware attacks overall – greater than past five years combined – and the inability to properly manage identities and pri

Ransomware 220

Ransomware Passwords Data breaches Accountability 220

Tech Republic Security

SEPTEMBER 26, 2022

Jack Wallen details a recent hack and why he believes one aspect of two-factor authentication is part of the problem. The post Why 2FA is failing and what should be done about it appeared first on TechRepublic.

Authentication 200

Authentication Hacking Accountability 200

We Live Security

SEPTEMBER 26, 2022

Had your Instagram account stolen? Don’t panic – here’s how to get your account back and how to avoid getting hacked (again). The post What happens with a hacked Instagram account – and how to recover it appeared first on WeLiveSecurity.

Accountability 145

Accountability Hacking 145

Speaker: Erroll Amacker

Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.

Risk

Security Affairs

SEPTEMBER 26, 2022

A previously undetected hacking group, tracked as Metador, has been targeting telecommunications, internet services providers (ISPs), and universities for about two years. SentinelLabs researchers uncovered a never-before-seen threat actor, tracked as Metador, that primarily targets telecommunications, internet service providers, and universities in several countries in the Middle East and Africa.

Telecommunications 145

Telecommunications Authentication Malware Internet 145

Cisco Security

SEPTEMBER 26, 2022

As Technology Audit Director at Cisco, Jacob Bolotin focuses on assessing Cisco’s technology, business, and strategic risk. Providing assurance that residual risk posture falls within business risk tolerance is critical to Cisco’s Audit Committee and executive leadership team, especially during the mergers and acquisitions (M&A) process. . Bolotin champions the continued advancement of the technology audit profession and received a master’s degree in cybersecurity from the University of Cali

Risk 145

Risk Cybersecurity Technology InfoSec 145

CSO Magazine

SEPTEMBER 26, 2022

In August, Patrick Hillman, chief communications officer of blockchain ecosystem Binance, knew something was off when he was scrolling through his full inbox and found six messages from clients about recent video calls with investors in which he had allegedly participated. “Thanks for the investment opportunity,” one of them said. “I have some concerns about your investment advice,” another wrote.

Cryptocurrency 143

Cryptocurrency Scams 143

The State of Security

SEPTEMBER 26, 2022

For the record, it should be acknowledged from the start that there is no question that the cybersecurity landscape has improved over time, mostly courtesy of persistent increases in cyber spending year after year. Gartner estimates that the U.S. and the rest of the world will invest $172 billion in cybersecurity this year, up from $150 […]… Read More.

Cybersecurity 140

Cybersecurity Security Awareness 140

Graham Cluley

SEPTEMBER 26, 2022

Users of Revolut, the popular banking app, would be wise to be on their guard - as scammers are sending out barrages of SMS text messages, posing as official communications from the financial firm.

Scams 135

Scams Banking Phishing Mobile 135

The Hacker News

SEPTEMBER 26, 2022

Cybersecurity today matters so much because of everyone's dependence on technology, from collaboration, communication and collecting data to e-commerce and entertainment. Every organisation that needs to deliver services to their customers and employees must protect their IT 'network' - all the apps and connected devices from laptops and desktops to servers and smartphones.

Network Security 135

Network Security Technology Cybersecurity 135

Advertisement

Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.

Cyber threats

CSO Magazine

SEPTEMBER 26, 2022

Reliance on VPNs for remote access is putting enterprises at significant risk as social engineering , ransomware , and malware attacks continue to advance, exposing businesses to greater risk, according to a new report by cloud security company Zscaler.

Social Engineering 127

Social Engineering Engineering Risk Ransomware 127

The Hacker News

SEPTEMBER 26, 2022

The BlackCat ransomware crew has been spotted fine-tuning their malware arsenal to fly under the radar and expand their reach.

Malware 130

Malware Ransomware Backups Software 130

Security Affairs

SEPTEMBER 26, 2022

Ransomware operators switch to new extortion tactics by using the Exmatter malware and adding new data corruption functionality. The data extortion landscape is constantly evolving and threat actors are devising new extortion techniques, this is the case of threat actors using the Exmatter malware. Cyderes Special Operations and Stairwell Threat Research researchers spotted a sample of malware classified as the.NET exfiltration tool Exmatter.

Ransomware 124

Ransomware Encryption Malware Hacking 124

CyberSecurity Insiders

SEPTEMBER 26, 2022

Staffing shortages in some industries have worsened since the COVID-19 pandemic began wreaking havoc in 2020, especially in cybersecurity. Cyberattacks have increased in many sectors, primarily targeting education and healthcare. What can employers do for their businesses with attacks rising alongside the widening cybersecurity skills gap? What Is the Cybersecurity Skills Gap?

Cybersecurity 122

Cybersecurity Education Artificial Intelligence Phishing 122

Advertisement

The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.

Cybersecurity

Security Boulevard

SEPTEMBER 26, 2022

First, let me be clear that I have no insider knowledge. This is my best guess at what occurred, based on publicly available information here and others indicated in references section below. On Thursday this week, Australia’s second-largest telecom company , Optus, announced it had suffered a major data breach that had compromised sensitive customer information.

InfoSec 122

InfoSec Cryptocurrency Accountability Data breaches 122

Security Affairs

SEPTEMBER 26, 2022

China-linked cyberespionage group TA413 exploits employ a never-before-undetected backdoor called LOWZERO in attacks aimed at Tibetan entities. A China-linked cyberespionage group, tracked as TA413 (aka LuckyCat) , is exploiting recently disclosed flaws in Sophos Firewall (CVE-2022-1040) and Microsoft Office ( CVE-2022-30190 ) to deploy a never-before-detected backdoor called LOWZERO in attacks aimed at Tibetan entities.

Firewall 120

Firewall Phishing Malware Hacking 120

Security Boulevard

SEPTEMBER 26, 2022

Securing machine identities is a rising concern for enterprises and cybersecurity leaders venturing into the relatively new terrain of the Internet of Things. The post Why the Internet of Things Needs PKI appeared first on Keyfactor. The post Why the Internet of Things Needs PKI appeared first on Security Boulevard.

Internet 115

Internet Internet Cybersecurity 115

CSO Magazine

SEPTEMBER 26, 2022

ZecOps protects world-leading enterprises, governments, and individuals; Jamf has acquired it to help secure the enterprise.

Government 113

Government 113

Speaker: Sierre Lindgren

Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.

Scams

The Hacker News

SEPTEMBER 26, 2022

A China-aligned advanced persistent threat actor known as TA413 weaponized recently disclosed flaws in Sophos Firewall and Microsoft Office to deploy a never-before-seen backdoor called LOWZERO as part of an espionage campaign aimed at Tibetan entities.

Firewall 111

Firewall 111

CSO Magazine

SEPTEMBER 26, 2022

The US Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA) have published a new Cybersecurity Advisory (CSA) for protecting operational technology (OT) and industrial control systems (ICS). The CSA outlines the Tactics, Techniques and Procedures (TTPs) malicious actors use to compromise OT/ICS assets and recommends security mitigations that owners and operators should implement to defend systems.

Technology 110

Technology Cybersecurity Risk 110

WIRED Threat Level

SEPTEMBER 26, 2022

It won’t solve all of your privacy problems, but a virtual private network can make you a less tempting target for hackers.

110

110

Graham Cluley

SEPTEMBER 26, 2022

Could the 16-year-old arrested in Oxford in March now be the 17-year-old arrested in Oxfordshire and charged with breaching his bail conditions?

Hacking 106

Hacking Data breaches 106

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

Heimadal Security

SEPTEMBER 26, 2022

The National Security Agency (NSA) together with the Cybersecurity and Infrastructure Agency (CISA) have issued an advisory that outlines what the operators of critical infrastructure should how to deal with cyberattacks, on operational technology and industrial control system assets. The advisory in the light of recent cyberattacks launched on Ukraine’s energy grid and ransomware against […].

Ransomware 105

Ransomware Technology Cybersecurity 105

WIRED Threat Level

SEPTEMBER 26, 2022

UN countries are preparing to pick a new head of the International Telecommunications Union. Who wins could shape the open web's future.

Internet 99

Internet Internet Telecommunications 99

The Hacker News

SEPTEMBER 26, 2022

Ukrainian law enforcement authorities on Friday disclosed that it had "neutralized" a hacking group operating from the city of Lviv that it said acted on behalf of Russian interests.

Accountability 98

Accountability Cybercrime Hacking 98

Malwarebytes

SEPTEMBER 26, 2022

Some new security additions and changes have been announced for users of Windows, but you’ll have to be using Windows 11 to get the most out of them. Windows 10 users may find that this is going to be a case of falling behind the herd ever so slightly. Anti-phishing tools. Enhanced phishing protection, by way of Smartscreen, is the name of the game, and Microsoft is all too happy to explain the changes.

Phishing 98

Phishing Passwords Password Management Authentication 98

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Heimadal Security

SEPTEMBER 26, 2022

Exmatter, a well-known data exfiltration malware used by the BlackMatter ransomware group, has been spotted operating a new tactic. The malware was upgraded with data corruption functionality which might show a switch in the field of ransomware attacks with hackers preferring deserting the encryption tactic. How Data Corruption Works The new data corruption tactic was […].

Ransomware 98

Ransomware Encryption Malware Cybersecurity 98

IT Security Guru

SEPTEMBER 26, 2022

Cyber security has never been so important and in a post-pandemic world it is more important than ever. According to a recent report by Kaspersky, the number of the number of Trojan-PSW (Password Stealing Ware) detections increased by almost a quarter globally – 4,003,323 in 2022 compared to 3,029,903 in 2021. In addition, internet attacks also grew from 32,500,00 globally in 2021 to almost 35,400,000 in 2022.

Cyber threats 98

Cyber threats Cybercrime Government Education 98

SecureBlitz

SEPTEMBER 26, 2022

Here, I will reveal what you get with professional data recovery services… Data is the most valuable asset to every business – small, medium, or large organization. But, as the world is fast moving towards digital transformation, data becomes vulnerable to electronic threats like ransomware, virus, etc. Although businesses invest so much into protecting data, […].

Digital transformation 97

Digital transformation Ransomware Cybersecurity 97

The Hacker News

SEPTEMBER 26, 2022

Wearable technology company Fitbit has announced a new clause that requires users to switch to a Google account "sometime" in 2023. "In 2023, we plan to launch Google accounts on Fitbit, which will enable use of Fitbit with a Google account," the Google-owned fitness devices maker said. The switch will not go live for all users in 2023.

Accountability 96

Accountability Technology 96

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!