Schneier on Security
JUNE 21, 2022
Two bills attempting to reduce the power of Internet monopolies are currently being debated in Congress: S. 2992, the American Innovation and Choice Online Act ; and S. 2710, the Open App Markets Act. Reducing the power to tech monopolies would do more to “fix” the Internet than any other single action, and I am generally in favor of them both.
The Last Watchdog
JUNE 21, 2022
It’s stunning that the ransomware plague persists. Related: ‘SASE’ blends connectivity and security. Verizon’s Data Breach Incident Report shows a 13 percent spike in 2021, a jump greater than the past years combined; Sophos’ State of Ransomware survey shows victims routinely paying $1 million ransoms. In response, Cato Networks today introduced network-based ransomware protection for the Cato SASE Cloud.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Tech Republic Security
JUNE 21, 2022
A new banking Trojan dubbed "Malibot" pretends to be a cryptomining application to spread between Android phones. While only active now in Spain and Italy, it could begin targeting Americans. The post New Android banking malware disguises as crypto app to spread appeared first on TechRepublic.
SecureList
JUNE 21, 2022
ToddyCat is a relatively new APT actor that we have not been able to relate to other known actors, responsible for multiple sets of attacks detected since December 2020 against high-profile entities in Europe and Asia. We still have little information about this actor, but we know that its main distinctive signs are two formerly unknown tools that we call ‘Samurai backdoor’ and ‘Ninja Trojan’ The group started its activities in December 2020, compromising selected Exchang
Speaker: Erroll Amacker
Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.
Tech Republic Security
JUNE 21, 2022
Business organizations that have suffered from malicious attacks are beginning to realize that some of the attacks are precipitated by privileged users. As a result, privileged users should be a corporate security concern if you want to keep cyber-related security at bay in your organization. . The post How to stop malicious privileged user attacks appeared first on TechRepublic.
Malwarebytes
JUNE 21, 2022
This blog post was authored by Hossein Jazi and Roberto Santos. In a recent campaign, APT28, an advanced persistent threat actor linked with Russian intelligence, set its sights on Ukraine, targeting users with malware that steals credentials stored in browsers. APT28 (also known as Sofacy and Fancy Bear) is a notorious Russian threat actor that has been active since at least 2004 with its main activity being collecting intelligence for the Russian government.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
|
Security Affairs
JUNE 21, 2022
Experts identified a spike in phishing content delivered via Azure Front Door (AFD), a cloud CDN service provided by Microsoft. Resecurity, Inc. (USA) has identified a spike in phishing content delivered via Azure Front Door (AFD), a cloud CDN service provided by Microsoft. The identified resources in one of the malicious campaigns impersonate various services appearing to be legitimately created on the “azurefd.net” domain – This allows the bad actors to trick users and spread phishing content
Malwarebytes
JUNE 21, 2022
A researcher has published a Proof-of-Concept (PoC) for an NTLM relay attack dubbed DFSCoerce. The method leverages the Distributed File System: Namespace Management Protocol (MS-DFSNM) to seize control of a Windows domain. Active Directory. A directory service is a hierarchical arrangement of objects which is structured in a way that makes access easy.
Security Affairs
JUNE 21, 2022
Researchers linked a new APT group, tracked as ToddyCat, to a series of attacks targeting entities in Europe and Asia since at least December 2020. Researchers from Kaspersky have linked a new APT group, tracked as ToddyCat, to a series of attacks aimed at high-profile entities in Europe and Asia since at least December 2020. The threat actors initially launched a cyber espionage campaign against entities in Taiwan and Vietnam, the APT was observed targeting Microsoft Exchange servers with a zer
Malwarebytes
JUNE 21, 2022
A researcher has found a way to generate a fingerprint of your device from your installed Google Chrome extensions, and then use that fingerprint to track you online. Fingerprinting is a way of figuring out what makes your device unique and then using that to identify you as you move around the internet. Websites you visit receive a huge amount of information when you land on their portal—it’s a lot more than “just” which web browser you use to load up someone’s site.
Advertisement
Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.
Bleeping Computer
JUNE 21, 2022
Cloudflare says a massive outage that affected more than a dozen of its data centers and hundreds of major online platforms and services today was caused by a change that should have increased network resilience. [.].
Security Affairs
JUNE 21, 2022
Experts discovered a new kind of Windows NTLM relay attack dubbed DFSCoerce that allows taking control over a Windows domain. Researchers warn of a new Windows NTLM relay attack dubbed DFSCoerce that can be exploited by threat actors to take control over a Windows domain. The DFSCoerce attack relies on the Distributed File System (DFS): Namespace Management Protocol (MS-DFSNM) to take full control over a Windows domain.
Dark Reading
JUNE 21, 2022
In the wake of devastating attacks, here are some of the best techniques and policies a company can implement to protect its data.
Google Security
JUNE 21, 2022
Posted by Jan Keller, Technical Entertainment Manager, Bug Hunters Are you ready to put your hacking skills to the test? It’s Google CTF time! The competition kicks off on July 1 2022 6:00 PM UTC and runs through July 3 2022 6:00 PM UTC. Registration is now open at [link] In true old Google CTF fashion, the top 8 teams will qualify for our Hackceler8 speedrunning meets CTFs competition.
Advertisement
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
Dark Reading
JUNE 21, 2022
AI can help companies more effectively identify and respond to threats, as well as harden applications.
Security Boulevard
JUNE 21, 2022
Cybercriminals are moving to exploit vulnerabilities in the digital value chain as organizations fight to secure a rapidly expanding threat surface. These were among the findings of a report from Micro Focus subsidiary CyberRes. The study revealed North America tops the list of most impacted regions, experiencing a third of the total cyber issues reported.
Graham Cluley
JUNE 21, 2022
Have you received an email notification that there is a voicemail waiting to be listened to by you? Maybe you would be wise to think carefully before clicking on the attachment.
Bleeping Computer
JUNE 21, 2022
An ongoing outage is affecting multiple Microsoft 365 services, with customers worldwide reporting delays, sign-in failures, and issues accessing their accounts. [.].
Speaker: Sierre Lindgren
Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.
CSO Magazine
JUNE 21, 2022
One of the most significant cybersecurity incidents related to Russia's war on Ukraine was a " multi-faceted " attack against satellite provider Viasat's KA-SAT network on February 24, one hour before Russia's invasion began. The assault, which both Ukraine and Western intelligence authorities attribute to Russia, was intended to degrade the Ukrainian national command and control.
Bleeping Computer
JUNE 21, 2022
7-zip has finally added support for the long-requested 'Mark-of-the-Web' Windows security feature, providing better protection from malicious downloaded files. [.].
Naked Security
JUNE 21, 2022
It took three years, but the Capital One cracker was convicted in the end. Don't get caught out in a data breach of your own!
Bleeping Computer
JUNE 21, 2022
A security report has been published on a set of 56 vulnerabilities that are collectively called Icefall and affect operational technology (OT) equipment used in various critical infrastructure environments. [.].
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
TrustArc
JUNE 21, 2022
With more regulations and consumers questioning companies’ use of their data, be prepared with 8 strategies for marketing in a consumer first privacy landscape.
Malwarebytes
JUNE 21, 2022
Businesses and governments these days are relying on dozens of different Software-as-a-Service (SaaS) applications to run their operations — and it’s no secret that hackers are always looking for security vulnerabilities in them to exploit. According to research by BetterCloud , the average company with 500 to 999 employees uses about 93 different SaaS applications, with that number rising to 177 for companies with over 1000 employees.
We Live Security
JUNE 21, 2022
Educating employees about how to spot phishing attacks can strike a much-needed blow for network defenders. The post Phishing awareness training: Help your employees avoid the hook appeared first on WeLiveSecurity.
Bleeping Computer
JUNE 21, 2022
The Ukrainian Computer Emergency Response Team (CERT) is warning that Russian hacking groups are exploiting the Follina code execution vulnerability in new phishing campaigns to install the CredoMap malware and Cobalt Strike beacons. [.].
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
eSecurity Planet
JUNE 21, 2022
An IT security certification can provide a key boost for your career, but with so many different certifications available (and so many organizations more than happy to take your money for training and testing), it’s important to make sure that the time and investment are well spent. The right certification can serve as a key differentiator in applying for jobs, demonstrating both your commitment to the field and the specialized knowledge you’ve gained.
Heimadal Security
JUNE 21, 2022
To obtain Microsoft Office 365 and Outlook credentials, a new phishing operation has been targeting U.S. firms in the military, security software, manufacturing supply chain, healthcare, and pharmaceutical sectors. The operation is still active, and the attacker responsible is luring victims into opening a malicious HTML file with fake voicemail notifications.
eSecurity Planet
JUNE 21, 2022
In a sequence that suggests cloud services may be more vulnerable than many think, Proofpoint researchers have demonstrated how hackers could take over Microsoft 365 accounts to ransom files stored on SharePoint and OneDrive. Microsoft services are widely used in enterprises for cloud-based collaboration, and the Proofpoint research report revealed that cloud infrastructures are not immune to ransomware attacks.
CSO Magazine
JUNE 21, 2022
British Telecom and Toshiba have launched a trial of what they say is the world's first commercial quantum secured metro network (QSMN) that aims to securely encrypt valuable data and information over standard fibre optic links using quantum key distribution (QKD). The companies will operate the network for an initial period of up to three years.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Expert insights. Personalized for you.
342 
Let's personalize your content