Tue.Jun 21, 2022

Hidden Anti-Cryptography Provisions in Internet Anti-Trust Bills

Schneier on Security

Two bills attempting to reduce the power of Internet monopolies are currently being debated in Congress: S. 2992, the American Innovation and Choice Online Act ; and S. 2710, the Open App Markets Act.

Fireside chat: New ‘SASE’ weapon chokes off ransomware before attack spreads laterally

The Last Watchdog

It’s stunning that the ransomware plague persists. Related: ‘SASE’ blends connectivity and security. Verizon’s Data Breach Incident Report shows a 13 percent spike in 2021, a jump greater than the past years combined; Sophos’ State of Ransomware survey shows victims routinely paying $1 million ransoms. In response, Cato Networks today introduced network-based ransomware protection for the Cato SASE Cloud.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

7 Ways to Avoid Worst-Case Cyber Scenarios

Dark Reading

In the wake of devastating attacks, here are some of the best techniques and policies a company can implement to protect its data

114
114

Digital Value Chain Attacks on the Rise

Security Boulevard

Cybercriminals are moving to exploit vulnerabilities in the digital value chain as organizations fight to secure a rapidly expanding threat surface. These were among the findings of a report from Micro Focus subsidiary CyberRes.

How Preparation and Strategy Can Be Used to Fight and Defeat Any Ransomware Attack

Speaker: Karl Camilleri, Cloud Services Product Manager at phoenixNAP

Through a detailed analysis of major attacks and their consequences, Karl Camilleri, Cloud Services Product Manager at phoenixNAP, will discuss the state of ransomware and future predictions, as well as provide best practices for attack prevention and recovery.

AI Is Not a Security Silver Bullet

Dark Reading

AI can help companies more effectively identify and respond to threats, as well as harden applications

114
114

New Android banking malware disguises as crypto app to spread

Tech Republic Security

A new banking Trojan dubbed "Malibot" pretends to be a cryptomining application to spread between Android phones. While only active now in Spain and Italy, it could begin targeting Americans. The post New Android banking malware disguises as crypto app to spread appeared first on TechRepublic.

More Trending

ATMs in the UK are being hijacked by hackers

CyberSecurity Insiders

Automatic Teller Machines, shortly known as ATMs, are being used by hackers to lock down cards on the teller machines so that the hackers can gain control of the cards on digital form and siphon money from bank accounts.

Why Financial Institutions Must Double Down on Open Source Investments

Dark Reading

Open source is here to stay, and it's imperative that CIOs have a mature, open source engagement strategy, across consumption, contribution, and funding as a pillar of digital transformation

Cloudflare clarifies network change and not Cyber Attack

CyberSecurity Insiders

A downtime caused on the network of Cloudflare was claimed to be a cyber attack by some online news resources. But the cloud service giant responded by giving a press statement that the disruption caused on Monday this week was because of a network change and not by digital attack.

Gartner: Regulation, Human Costs Will Create Stormy Cybersecurity Weather Ahead

Dark Reading

Experts tell teams to prepare for more regulation, platform consolidation, management scrutiny, and attackers with the ability to claim human casualties

Cover Your SaaS: How to Overcome Security Challenges and Risks For Your Organization

Speaker: Ronald Eddings, Cybersecurity Expert and Podcaster

In this webinar, Ronald Eddings, Cybersecurity Expert, will outline the relationship between SaaS apps and IT & security teams, along with several actionable solutions to overcome the new difficulties facing your organization.

Phishing awareness training: Help your employees avoid the hook

We Live Security

Educating employees about how to spot phishing attacks can strike a much-needed blow for network defenders. The post Phishing awareness training: Help your employees avoid the hook appeared first on WeLiveSecurity. Cybersecurity

Researchers Disclose 56 Vulnerabilities Impacting OT Devices from 10 Vendors

The Hacker News

Nearly five dozen security vulnerabilities have been disclosed in devices from 10 operational technology (OT) vendors due to what researchers call are "insecure-by-design practices."

New DFSCoerce NTLM relay attack allows taking control over Windows domains

Security Affairs

Experts discovered a new kind of Windows NTLM relay attack dubbed DFSCoerce that allows taking control over a Windows domain. Researchers warn of a new Windows NTLM relay attack dubbed DFSCoerce that can be exploited by threat actors to take control over a Windows domain.

New NTLM Relay Attack Lets Attackers Take Control Over Windows Domain

The Hacker News

A new kind of Windows NTLM relay attack dubbed DFSCoerce has been uncovered that leverages the Distributed File System (DFS): Namespace Management Protocol (MS-DFSNM) to seize control of a domain.

How to Avoid the Pain and Cost of PCI Compliance While Optimizing Payments

Speaker: P. Andrew Sjogren, Sr. Product Marketing Manager at Very Good Security, Matt Doka, Co-Founder and CTO of Fivestars, and Steve Andrews, President & CEO of the Western Bankers Association 

In this webinar, we have a great set of panelists who will take you through how Zero Data strategies can be used as part of a well-rounded compliance and security approach, and get you to market much sooner by also allowing for payment optimization. They’ll share how to grow your business faster and minimize costs for both security and compliance

Cybercriminals Use Azure Front Door in Phishing Attacks

Security Affairs

Experts identified a spike in phishing content delivered via Azure Front Door (AFD), a cloud CDN service provided by Microsoft. Resecurity, Inc. USA) has identified a spike in phishing content delivered via Azure Front Door (AFD), a cloud CDN service provided by Microsoft.

5 Tips to Thwart Business Email Compromise (BEC) Attacks

Security Boulevard

There’s been an astounding 84% increase in business email compromise (BEC) attacks, according to the latest NordLocker Email Threat Report, which compared half-yearly statistics.

Capital One identity theft hacker finally gets convicted

Naked Security

It took three years, but the Capital One cracker was convicted in the end. Don't get caught out in a data breach of your own! Data loss Law & order Malware capital one cryptojacking data breach doj SSN

Acronis Cyber Protect Home Office: More than just a backup solution

Tech Republic Security

The number of cybersecurity protection tools on the market is staggering, which makes it challenging to decide which to use. Acronis has one tool that stands out in the pack. Read on to see if this tool is right for you.

Back to the Office: Privacy and Security Solutions to Compliance Issues for 2021 and Beyond

Speaker: Mike Cramer, Director of HIPAA & Data Security at The Word & Brown Companies

Now that companies are slowly allowing employees to return to work at the office, it's time to re-evaluate your company’s posture towards privacy and security. Join Mike Cramer, Director of HIPAA & Data Security at The Word & Brown Companies, for a discussion that will focus on compliance and the types of privacy and security measures your company should be aware of, as well as tips and methods for implementing these measures.

The Power and Pitfalls of AI for US Intelligence

WIRED Threat Level

Artificial intelligence use is booming, but it's not the secret weapon you might imagine.

New ToddyCat APT targets high-profile entities in Europe and Asia

Security Affairs

Researchers linked a new APT group, tracked as ToddyCat, to a series of attacks targeting entities in Europe and Asia since at least December 2020.

Tips for WP-Config & How to Avoid Sensitive Data Exposure

Security Boulevard

The wp-config file is a powerful core WordPress file that is vital for running your website. It contains important configuration settings for WordPress, including details on where to find the database, login credentials, name and host.

The three core strengths of USM Anywhere

CyberSecurity Insiders

This blog was written by an independent guest blogger. USM Anywhere is the ideal solution for small and mid-sized businesses that need multiple high-quality security tools in a single, unified package.

Hacker Paige Thompson Could Face 45 Years in Prison — ‘Suicide by Law Enforcement’

Security Boulevard

Capital One hacker Paige A. Thompson has been found guilty. But it has to be said that Capital One’s security design was absolutely awful. The post Hacker Paige Thompson Could Face 45 Years in Prison — ‘Suicide by Law Enforcement’ appeared first on Security Boulevard.

Risk 91

15 Top Cybersecurity Certifications for 2022

eSecurity Planet

An IT security certification can provide a key boost for your career, but with so many different certifications available (and so many organizations more than happy to take your money for training and testing), it’s important to make sure that the time and investment are well spent.

Is Cyber Breach Insurance part of your Cybersecurity roadmap?

Security Boulevard

Is Cyber Breach Insurance part of your Cybersecurity roadmap? Is Cyber Breach Insurance part of your Cybersecurity roadmap?

New ToddyCat Hacker Group on Experts' Radar After Targeting MS Exchange Servers

The Hacker News

An advanced persistent threat (APT) actor codenamed ToddyCat has been linked to a string of attacks aimed at high-profile entities in Europe and Asia since at least December 2020.

87

Unless Your ID Cloud Vendor Can Fulfill These 5 Requirements, Proceed With Caution

Security Boulevard

I recently participated in a panel discussion covering "What to Look for in an Identity Cloud Provider" with two of my colleagues here at ForgeRock, which was hosted by the Cloud Security Alliance.

RIG Exploit Kit Now Infects Victims' PCs With Dridex Instead of Raccoon Stealer

The Hacker News

The operators behind the Rig Exploit Kit have swapped the Raccoon Stealer malware for the Dridex financial trojan as part of an ongoing campaign that commenced in January 2022.

56 Vulnerabilities Discovered in OT Products From 10 Different Vendors

Dark Reading

Deep-dive study unearthed security flaws that could allow remote code execution, file manipulation, and malicious firmware uploads, among other badness

Former Amazon Employee Found Guilty in 2019 Capital One Data Breach

The Hacker News

A 36-year-old former Amazon employee was convicted of wire fraud and computer intrusions in the U.S. for her role in the theft of personal data of no fewer than 100 million people in the 2019 Capital One breach.

Qakbot

Security Boulevard

Qakbot malware (also known as: QakBot, Quakbot, Pinkslipbot) is a prevalent information-stealing malware that was discovered in 2007. The post Qakbot appeared first on Cyborg Security. The post Qakbot appeared first on Security Boulevard. Security Bloggers Network Community Content

Mitigate Ransomware in a Remote-First World

The Hacker News

Ransomware has been a thorn in the side of cybersecurity teams for years. With the move to remote and hybrid work, this insidious threat has become even more of a challenge for organizations everywhere.

2 Min Read – Is your Digital DevOps strategy worth investing in?

Security Boulevard

The post 2 Min Read – Is your Digital DevOps strategy worth investing in? appeared first on PeoplActive. The post 2 Min Read – Is your Digital DevOps strategy worth investing in? appeared first on Security Boulevard. DevOps Security Bloggers Network DEVOPS DevOps strategy

82