Schneier on Security
AUGUST 24, 2022
Peiter Zatko, aka Mudge, has filed a whistleblower complaint with the SEC against Twitter, claiming that they violated an eleven-year-old FTC settlement by having lousy security. And he should know; he was Twitter’s chief security officer until he was fired in January. The Washington Post has the scoop (with documents) and companion backgrounder.
Tech Republic Security
AUGUST 24, 2022
Analyzing over 100 prominent ransomware incidents, Barracuda found the top targeted sectors to be education, municipalities, healthcare, infrastructure and financial. The post How ransomware attacks target specific industries appeared first on TechRepublic.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Trend Micro
AUGUST 24, 2022
A new ransomware written in the Go language has been targeting healthcare and education enterprises in Asia and Africa. This ransomware is called Agenda and is customized per victim.
Tech Republic Security
AUGUST 24, 2022
Learn more about a new Iranian tool dubbed Hyperscrape and how it is used by a cyberespionage group to extract content from victims’ inboxes. The post Iranian cyberespionage group uses new Hyperscrape tool to extract emails from victims’ mailboxes appeared first on TechRepublic.
Speaker: Erroll Amacker
Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.
SecureList
AUGUST 24, 2022
Kimsuky (also known as Thallium, Black Banshee and Velvet Chollima) is a prolific and active threat actor primarily targeting Korea-related entities. Like other sophisticated adversaries, this group also updates its tools very quickly. In early 2022, we observed this group was attacking the media and a think-tank in South Korea and reported technical details to our threat intelligence customer.
Cisco Security
AUGUST 24, 2022
Security tools are only as good as the intelligence and expertise that feeds them. We’re very fortunate to have our security technologies powered by Cisco Talos , one of the largest and most trusted threat intelligence groups in the world. Talos is comprised of highly skilled researchers, analysts, and engineers who provide industry-leading visibility, actionable intelligence, and vulnerability research to protect both our customers and the internet at large.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
|
Security Affairs
AUGUST 24, 2022
Threat actors are using the Tox peer-to-peer instant messaging service as a command-and-control server, Uptycs researchers reported. Tox is a peer-to-peer serverless instant messaging services that uses NaCl for encryption and decryption. Uptycs researchers reported that threat actors have started using the Tox peer-to-peer instant messaging service as a command-and-control server.
Heimadal Security
AUGUST 24, 2022
The Department for Culture, Media and Sport (DCMS) in the UK issued a new report showing that businesses neglect cybersecurity procedures until after a major attack had happened. The report extended on four years and investigated ten organizations of different sizes which had all dealt with a major data protection breach in this period. The […].
Security Affairs
AUGUST 24, 2022
The streaming media platform Plex is urging its users to reset passwords after threat actors gained access to its database. Plex is an American streaming media service and a client–server media player platform. The company disclosed a data breach after threat actors have access to a limited subset of data stored in a compromised database. Exposed data includes emails, usernames, and encrypted passwords.
SecureBlitz
AUGUST 24, 2022
This post will show you the benefits of logo templates. All entrepreneurs know that a business needs a logo, but not everyone understands its role. This is not just a beautiful symbol or trademark of the brand. Its meaning and goal lie much deeper. Fortunately, we can always turn to ready-made logo templates to ease […]. The post Top 4 Benefits Logo Templates Can Bring To Your Business appeared first on SecureBlitz Cybersecurity.
Advertisement
Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.
CyberSecurity Insiders
AUGUST 24, 2022
Plex, an American Streaming platform, has officially sent out email notifications to all its users urging them to change their passwords. The entertainment offering company added in its update that the reason to send a notification to all its users was because of the discovery of suspicious activity on one of its IT databases. In the statement issued by Plex, the streaming media specified that the activity was discovered by it on August 23rd of this year and soon its IT staff, along with a third
CSO Magazine
AUGUST 24, 2022
Cybersecurity spending in the coming year may not be recession-proof, but it's likely to be recession-resistant. Still, pressure remains on security leaders to prioritize technologies that generate the most bang for the buck. Forrester released a report Tuesday to help organizations do just that. "It's hard to assess what 2023 budgets will look like because most companies are in their budget planning for 2023 now, but I think most companies are taking a cautious approach," says Forrester Vice Pr
Dark Reading
AUGUST 24, 2022
The bug tracked as CVE-2022-0028 allows attackers to hijack firewalls without authentication, in order to mount DDoS hits on their targets of choice.
CSO Magazine
AUGUST 24, 2022
The metaverse is seen by many companies as a great business opportunity and for new ways of working. Security provider Trend Micro, however, warns in a recent research report that cybercriminals could misuse the technology for their own purposes. Security researchers predict that a kind of darknet structure could emerge there, similar to today's Internet.
Advertisement
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
Webroot
AUGUST 24, 2022
With social engineering now the #1 cause of cyberattacks, it’s imperative for you to learn how to stop social engineering attacks against your business. Your first step in stopping them is to learn what they are and how they work. After that, you need to learn how combining security layers like Endpoint Protection and Email Security makes the best defense.
Digital Shadows
AUGUST 24, 2022
It was a dark and stormy DEFCON. Water leaked from the ceilings onto the casino floors and lightning flashed across. The post Vulnerability Intelligence RoundUp: Cloudy with a chance of zero days first appeared on Digital Shadows.
CSO Magazine
AUGUST 24, 2022
What is WannaCry? WannaCry is a ransomware worm that spread rapidly through across a number of computer networks in May of 2017. After infecting a Windows computer, it encrypts files on the PC's hard drive, making them impossible for users to access, then demands a ransom payment in bitcoin in order to decrypt them. A number of factors made the initial spread of WannaCry particularly noteworthy: it struck a number of important and high-profile systems, including many in Britain's National Health
The State of Security
AUGUST 24, 2022
Medical imaging cybersecurity needs to evolve to meet today’s security threats. Cyberthreats specifically targeting health care institutions have increased over recent years. More data is also at risk since patients have begun widely using telemedicine services. In addition to the risk of information theft, there is a very serious risk to patients, including the potential […]… Read More.
Speaker: Sierre Lindgren
Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.
Google Security
AUGUST 24, 2022
Posted by Pedro Barbosa, Security Engineer, and Daniel Bleichenbacher, Software Engineer Paranoid is a project to detect well-known weaknesses in large amounts of crypto artifacts, like public keys and digital signatures. On August 3rd 2022 we open sourced the library containing the checks that we implemented so far ( [link] ). The library is developed and maintained by members of the Google Security Team, but it is not an officially supported Google product.
CyberSecurity Insiders
AUGUST 24, 2022
North Korea’s Lazarus Group has reportedly designed new ransomware that is being targeted at M1 processors popularly running on Macs and Intel systems. And security researchers from ESET have discovered that the malware was uploaded to the VirusTotal operated system in Brazil and was targeted by a social engineering attack. ESET claims the Lazarus campaign targeted specifically Macs as most of the journalists, high-profile dignitaries, and politicians use them to stay connected to the world.
CSO Magazine
AUGUST 24, 2022
Those who apply security patches are finding that it’s becoming harder to time updates and determine the impact of patching on their organizations. Dustin Childs of the ZDI Zero Day Initiative and Trend Micro brought this problem to light at the recent Black Hat security conference: Patch quality has not increased and in fact is getting worse. We are dealing with repatching bugs that weren’t fixed right or variant bugs that could have been patched the first time.
Naked Security
AUGUST 24, 2022
One bit per second makes the Voyager probe data rate seem blindingly fast. But it's enough to break your security assumptions!
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
Security Affairs
AUGUST 24, 2022
VMware this week released patches to address an important-severity vulnerability in the VMware Tools suite of utilities. The virtualization giant VMware this week released patches to address an important-severity flaw, tracked as CVE-2022-31676, which impacts the VMware Tools suite of utilities. VMware Tools is a set of services and modules that enable several features in company products for better management of, and seamless user interactions with, guests operating systems.
Dark Reading
AUGUST 24, 2022
An insider threat or remote attacker with initial access could exploit CVE-2022-31676 to steal sensitive data and scoop up user credentials for follow-on attacks.
Security Affairs
AUGUST 24, 2022
A French hospital, the Center Hospitalier Sud Francilien (CHSF), suffered a cyberattack on Sunday and was forced to refer patients to other structures. The Center Hospitalier Sud Francilien (CHSF), a hospital southeast of Paris, has suffered a ransomware attack over the weekend. The attack disrupted the emergency services and surgeries and forced the hospital to refer patients to other structures.
Dark Reading
AUGUST 24, 2022
In a widespread campaign, threat actors use a compromised Dynamics 365 Customer Voice business account and a link posing as a survey to steal Microsoft 365 credentials.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
The Hacker News
AUGUST 24, 2022
The threat actors behind a large-scale adversary-in-the-middle (AiTM) phishing campaign targeting enterprise users of Microsoft email services have also set their sights on Google Workspace users.
Security Affairs
AUGUST 24, 2022
The threat actors behind a large-scale adversary-in-the-middle (AiTM) phishing campaign now target Google G Suite users. The threat actors behind a large-scale adversary-in-the-middle (AiTM) phishing campaign targeting enterprise users of Microsoft email services were spotted targeting Google G Suite users. In AiTM phishing, threat actors set up a proxy server between a target user and the website the user wishes to visit, which is the phishing site under the control of the attackers.
The Hacker News
AUGUST 24, 2022
A security researcher who has a long line of work demonstrating novel data exfiltration methods from air-gapped systems has come up with yet another technique that involves sending Morse code signals via LEDs on network interface cards (NICs). The approach, codenamed ETHERLED, comes from Dr.
SecureWorld News
AUGUST 24, 2022
Air-gapping a device or system is thought of as a way to isolate your device from the internet, or other public-facing networks, so that it is highly secure and untouchable to threat actors. For the most part, it's a very good way to secure your device. Though, there are exceptions. A security researcher has discovered a workaround to air-gapped systems that involves sending Morse code signals via LED lights on network interface controller (NICs).
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Expert insights. Personalized for you.
331 
Let's personalize your content