Security Boulevard
FEBRUARY 14, 2023
U.S. GDPR ASAP: Data brokers are selling PII about mental health conditions—depression, anxiety, bipolar disorder, PTSD, OCD, etc. The post Your Mental Health Data for Sale or Rent — 20¢ appeared first on Security Boulevard.
CSO Magazine
FEBRUARY 14, 2023
The last year saw a rise in the sophistication and number of attacks targeting industrial infrastructure, including the discovery of a modular malware toolkit that's capable of targeting tens of thousands of industrial control systems (ICS) across different industry verticals. At the same time, incident response engagements by industrial cybersecurity firm Dragos showed that 80% of impacted environments lacked visibility into ICS traffic and half had network segmentation issues and uncontrolled
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Anton on Security
FEBRUARY 14, 2023
This post continues the discussion started in “Use Cloud Securely? What Does This Even Mean?!” and focuses on an area that should be easy for every purported security professional — defense in depth. So, before reading further, ask yourself two questions: Do you understand the concept of “defense in depth” (DiD) in security? Do you understand how DiD applies in public cloud environments?
CSO Magazine
FEBRUARY 14, 2023
A core pillar of a mature cyber risk program is the ability to measure, analyze, and report cybersecurity threats and performance. That said, measuring cybersecurity is not easy. On one hand business leaders struggle to understand information risk (because they usually are from a non-cyber background), while on the other, security practitioners get caught up in too much technical detail which ends up confusing, misinforming, or misleading stakeholders.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Security Boulevard
FEBRUARY 14, 2023
When considering how to thwart threat actors and protect IT assets against cyber attacks, many organizations take an inherently defensive approach. Locking down systems and assets with protective tools and procedures like firewalls, employee training, and incident response plans makes sense. However, in today’s high-volume and sophisticated threat landscape, intruders continue to innovate and find […] The post Offensive Cybersecurity: The Definitive Guide appeared first on Flare | Cyber Thr
Heimadal Security
FEBRUARY 14, 2023
Threat actors breached Pepsi Bottling Ventures LLC`s network and successfully installed info-stealing malware. The incident happened on or around December 23rd, 2022, and the team discovered it 18 days later, on January 10th, 2023. It took the IT team another 9 days to remediate the breach and secure the system. So, the hackers had around […] The post Pepsi Bottle Ventures Suffers Data Breach After Malware Attack appeared first on Heimdal Security Blog.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
We Live Security
FEBRUARY 14, 2023
Spoiler alert: it turned me down. But that’s far from the only thing I learned while playing around with the bot that the world has fallen in love with so badly. The post ChatGPT, will you be my Valentine?
Bleeping Computer
FEBRUARY 14, 2023
Today is Microsoft's February 2023 Patch Tuesday, and security updates fix three actively exploited zero-day vulnerabilities and a total of 77 flaws. [.
CyberSecurity Insiders
FEBRUARY 14, 2023
We all know that the iPhone giant released its iOS 16 a few weeks ago and wanted everyone to upgrade to the new operating systems as it’s more intuitive and easier to use. A couple of weeks back, the technology giant of America issued a warning to all its users and urged them to go for the upgrade at the earliest. As among the two identified flaws, one was discovered to be exploited already by threat actors.
CSO Magazine
FEBRUARY 14, 2023
The new Transparent Data Encryption (TDE) feature will be shipped along with the company’s enterprise version of its database.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Dark Reading
FEBRUARY 14, 2023
How newly exposed security weaknesses in industrial wireless, cloud-based interfaces, and nested PLCs serve as a wake-up call for hardening the physical process control layer of the OT network.
CyberSecurity Insiders
FEBRUARY 14, 2023
Mortal Kombat is the news ransomware that is on the prowl and Cisco Talos says the new ransomware can wipe off data of the victim, if they fail to pay the demanded ransom on time. Security firm of Cisco says the malware also can steal cryptocurrency, thanks to its add-on of Laplas, that has the ability to replace the crypto address on the Windows Clipboard and substitute it with the one dictated by the threat actor.
Dark Reading
FEBRUARY 14, 2023
78 new CVEs patched in this month's batch — nearly half of which are remotely executable and three of which attackers already are exploiting.
CSO Magazine
FEBRUARY 14, 2023
Pepsi Bottling Ventures, the largest bottlers of Pepsi beverages in the US, has reported a data breach affecting the personal information of several employees. The company filed a notice of the data breach with the Attorney General of Montana on February 10 after discovering that a threat actor had accessed confidential information of certain current and former employees.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
The Hacker News
FEBRUARY 14, 2023
Malicious actors have published more than 451 unique Python packages on the official Python Package Index (PyPI) repository in an attempt to infect developer systems with clipper malware. Software supply chain security company Phylum, which spotted the libraries, said the ongoing activity is a follow-up to a campaign that was initially disclosed in November 2022.
Bleeping Computer
FEBRUARY 14, 2023
Microsoft says that some WSUS servers upgraded to Windows Server 2022 might fail to push Windows 11, version 22H2 updates released during this month's Patch Tuesday to endpoints across enterprise environments. [.
Security Boulevard
FEBRUARY 14, 2023
Catch the highlights of our recent roundtable on modern-day cyber warfare and its impact on national cybersecurity, including why every organization is at risk and how to prepare. The post Cyber Warfare & National Cybersecurity in the 21st Century: Five Key Takeaways appeared first on SafeBreach. The post Cyber Warfare & National Cybersecurity in the 21st Century: Five Key Takeaways appeared first on Security Boulevard.
Malwarebytes
FEBRUARY 14, 2023
Apple has released information about the new security content of macOS Ventura 13.2.1 and of iOS 16.3.1 and iPadOS 16.3.1. Most prominent is a vulnerability in WebKit that may have been actively exploited. In December, 2022, we warned our readers about another actively exploited vulnerability in Apple’s WebKit. The currently patched vulnerability was a type confusion issue that Apple says has been addressed with improved checks.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Security Boulevard
FEBRUARY 14, 2023
Threat actors have started moving away from authenticating via legacy protocols to bypass multifactor authentication (MFA) in Microsoft 365, according to an Expel report on cybersecurity trends. Instead, malicious actors are adopting frameworks such as Evilginx2 to facilitate adversary-in-the-middle (AiTM) phishing attacks to steal login credentials and session cookies for initial access and MFA bypass.
SecureBlitz
FEBRUARY 14, 2023
The number of online shoppers worldwide is rising, especially since the pandemic. An omnichannel strategy hence is basic for any business nowadays. Customers want to purchase their preferred channel effortlessly. They expect a seamless experience across all touchpoints, whether online, in-store or on mobile devices. To provide such an experience, companies need to streamline their […] The post How To Streamline The Customer Journey With Omnichannel Integration appeared first on SecureBlitz
Security Boulevard
FEBRUARY 14, 2023
Our thanks to USENIX for publishing their Presenter’s outstanding USENIX Security ’22 Conference content on the organization’s’ YouTube channel. Permalink The post USENIX Security ’22 – Simon Oya, Florian Kerschbaum – ‘IHOP: Improved Statistical Query Recovery Against Searchable Symmetric Encryption Through Quadratic Optimization’ appeared first on Security Boulevard.
Bleeping Computer
FEBRUARY 14, 2023
It's Microsoft's February 2023 Patch Tuesday, and the new Windows 10 KB5022834 and KB5022840 cumulative updates are now available for versions 22H2, version 21H2, version 21H1, and 1809 to fix problems in the operating system. [.
Advertisement
The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.
Security Boulevard
FEBRUARY 14, 2023
Many people look for love or companionship online, and Valentine’s Day presents the perfect opportunity for digital crooks to take advantage of vulnerable lonely hearts. A report from Bitdefender found Valentine’s Day-themed spam has dramatically spiked in recent days, using the promise of love, discounts on merchandise and gifts from popular brands as lures.
Bleeping Computer
FEBRUARY 14, 2023
Microsoft has released the Windows 11 KB5022845 and KB5022836 cumulative updates for versions 22H2 and 21H2 to fix security vulnerabilities and bugs in the operating system. [.
The Hacker News
FEBRUARY 14, 2023
Google announced on Tuesday that it's officially rolling out Privacy Sandbox on Android in beta to eligible mobile devices running Android 13. "The Privacy Sandbox Beta provides new APIs that are designed with privacy at the core, and don't use identifiers that can track your activity across apps and websites," the search and advertising giant said.
Bleeping Computer
FEBRUARY 14, 2023
The APT37 threat group (aka 'RedEyes' or 'ScarCruft') has been spotted using a new evasive malware named 'M2RAT' along with steganography to attack specific individuals for intelligence collection. [.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
eSecurity Planet
FEBRUARY 14, 2023
In 2013, Adam Markowitz founded Portfolium, an edtech startup that matched college students and graduates with employers. “I remember the first time we were asked for a SOC 2 report, which quickly became the minimum bar requirement in our industry for proof of an effective security program,” he said. The process for creating the report was time-consuming, manual and costly.
The Hacker News
FEBRUARY 14, 2023
Microsoft on Tuesday released security updates to address 75 flaws spanning its product portfolio, three of which have come under active exploitation in the wild. The updates are in addition to 22 flaws the Windows maker patched in its Chromium-based Edge browser over the past month. Of the 75 vulnerabilities, nine are rated Critical and 66 are rated Important in severity.
Security Affairs
FEBRUARY 14, 2023
Cloudflare mitigated a record distributed denial-of-service (DDoS) that reached 71 Million requests per second. Cloudflare announced it has mitigated a record hyper-volumetric distributed denial-of-service (DDoS) attack that peaked at over 71 million requests per second (RPS). The company pointed out that this is the largest reported HTTP distributed denial-of-service attack on record, the volume was more than 35% higher than the previously reported record of 46M rps that was mitigated in June 2
SecureWorld News
FEBRUARY 14, 2023
Cybersecurity firm Group-IB successfully defended against a targeted attack by the Chinese state-sponsored Tonto Team, one of the world's most advanced persistent threat (APT) actors. Despite Tonto Team being known for its sophisticated techniques and ability to evade detection, Group-IB was able to detect and block the attack before any damage could be done.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Expert insights. Personalized for you.
135 
Let's personalize your content