Schneier on Security
AUGUST 25, 2022
Here’s a phishing campaign that uses a man-in-the-middle attack to defeat multi-factor authentication: Microsoft observed a campaign that inserted an attacker-controlled proxy site between the account users and the work server they attempted to log into. When the user entered a password into the proxy site, the proxy site sent it to the real server and then relayed the real server’s response back to the user.
Tech Republic Security
AUGUST 25, 2022
In a scam analyzed by Avanan, the victim received an email claiming to be from the CFO directing them to make a payment to their insurance company. The post How a business email compromise scam spoofed the CFO of a major corporation appeared first on TechRepublic.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Bleeping Computer
AUGUST 25, 2022
Password management firm LastPass was hacked two weeks ago, enabling threat actors to steal the company's source code and proprietary technical information. [.].
Tech Republic Security
AUGUST 25, 2022
Apple updates, cookie theft, tech tips and a 5G cheat sheet top this week’s most-read news on TechRepublic. The post Tech news you may have missed: August 18 – 25 appeared first on TechRepublic.
Speaker: Erroll Amacker
Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.
Security Affairs
AUGUST 25, 2022
Password management software firm LastPass has suffered a data breach, threat actors have stole source code and other data. Password management software firm LastPass disclosed a security breach, threat actors had access to portions of the company development environment through a single compromised developer account and stole portions of source code and some proprietary technical information. “Two weeks ago, we detected some unusual activity within portions of the LastPass development env
Tech Republic Security
AUGUST 25, 2022
Mitiga says that MFA, even if improperly configured, is no panacea for preventing attackers from abusing compromised credentials. The post How a business email compromise attack exploited Microsoft’s multi-factor authentication appeared first on TechRepublic.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
|
Tech Republic Security
AUGUST 25, 2022
As the facial recognition market continues to grow, business leaders should consider these issues before deciding whether to implement the technology. The post Privacy and security issues associated with facial recognition software appeared first on TechRepublic.
Bleeping Computer
AUGUST 25, 2022
Microsoft has discovered a new malware used by the Russian hacker group APT29 (a.k.a. NOBELIUM, Cozy Bear) that enables authentication as anyone in a compromised network. [.].
Tech Republic Security
AUGUST 25, 2022
Jack Wallen has had enough with online ads crashing the party of his productivity. Find out what has him so riled up. The post There’s a problem with online ads, and it’s not what you think appeared first on TechRepublic.
Security Boulevard
AUGUST 25, 2022
It probably isn’t a surprise to any skeptics of the security practices of social media platforms—or who specifically remember Twitter’s previous security mishaps, including the hack of high-profile blue-check accounts—that Twitter’s cybersecurity practices are less than stellar and may even leave the platform open to attacks by nation-states. This, according to a former Twitter security.
Advertisement
Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.
Threatpost
AUGUST 25, 2022
Tens of thousands of cameras have failed to patch a critical, 11-month-old CVE, leaving thousands of organizations exposed.
Security Boulevard
AUGUST 25, 2022
This week: cybercriminals are continuing to target medical facilities, Twitter’s alleged lack of cybersecurity measures, and more. . The post The Week in Cybersecurity: French hospital hit with ransomware attack appeared first on Security Boulevard.
Security Affairs
AUGUST 25, 2022
GAIROSCOPE: An Israeli researcher demonstrated how to exfiltrate data from air-gapped systems using ultrasonic tones and smartphone gyroscopes. The popular researcher Mordechai Guri from the Ben-Gurion University of the Negev in Israel devise an attack technique, named GAIROSCOPE , to exfiltrate data from air-gapped systems using ultrasonic tones and smartphone gyroscopes.
eSecurity Planet
AUGUST 25, 2022
The widely-used DevOps platform GitLab has released critical security updates for its Community Edition (CE) and Enterprise Edition (EE). The vulnerability was reported for a number of versions of GitLab CE/EE: all versions starting from 11.3.4 before 15.1.5 all versions starting from 15.2 before 15.2.3 all versions starting from 15.3 before 15.3.1.
Advertisement
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
We Live Security
AUGUST 25, 2022
Doxing can happen to anyone – here’s how you can reduce the odds that your personal information will be weaponized against you. The post What is doxing and how to protect yourself appeared first on WeLiveSecurity.
Security Boulevard
AUGUST 25, 2022
Wondering about CI/CD security? We explain why CI/CD security is essential, how it works, the tools you need, and best practices to overcome its challenges. The post What Is CI/CD Security & Why Does It Matter? appeared first on Security Boulevard.
Naked Security
AUGUST 25, 2022
Latest episode - listen now! (Or read the transcript if you prefer the text version.).
Security Boulevard
AUGUST 25, 2022
SaaS has created unique challenges for security teams and requires them to evaluate the maturity of their SaaS security using a framework that was developed for the unique challenges SaaS creates. The post Assessing The Maturity Of Your SaaS Security Program appeared first on Security Boulevard.
Speaker: Sierre Lindgren
Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.
SecureWorld News
AUGUST 25, 2022
The U.S. Federal Bureau of Investigation (FBI) has issued a Private Industry Notification warning of malicious cyber actors using proxies and configurations for credential stuffing attacks on organizations within the United States. Credential stuffing—a brute force attack that exploits leaked user credentials or ones purchased on the Dark Web—takes advantage of the fact that many individuals reuse usernames and passwords across multiple online accounts.
Security Boulevard
AUGUST 25, 2022
Passwords are the worst. Infamous, ubiquitous, we just can't seem to get them right. Why are we stuck securing access with methods users hate and hackers love? The post Passwordless Is the Future … but What About the Present? appeared first on Security Boulevard.
CyberSecurity Insiders
AUGUST 25, 2022
Hackers are now using AI deepfake technology to impersonate C level employees of tech firms to dupe meeting respondents and the latest to fall victim to such a digital attack was a senior official of Binance, a company that is into the trading of cryptocurrency. Patrick Hillmann, the Chief Communication Officer (CCO) was surprised to receive email alerts for attending meeting with stakeholders and other public listers in Binance.
SecureBlitz
AUGUST 25, 2022
This post will show you tips to spotting and combating cyber crime for businesses. Preventing cyber threats and cybercrime is essential to running any business in the digital age. For many businesses, however, this is easier said than done. On average, businesses take over 200 days to identify a cyber breach. This time frame gives […]. The post 7 Tips To Spotting And Combating Cyber Crime For Businesses appeared first on SecureBlitz Cybersecurity.
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
Bleeping Computer
AUGUST 25, 2022
Threat analysts have discovered the phishing kit responsible for thousands of attacks against 136 high-profile organizations that have compromised 9,931 accounts. [.].
CyberSecurity Insiders
AUGUST 25, 2022
Cisco Talos has announced that it is going to offer cybersecurity support to all companies operating in Ukraine. It also made it official that it will render support to companies that are suffering from cyber attacks such as Ransomware launched by Vladimir Putin nation. Cisco’s support includes a release of an executive guidance document that offers intelligence on the analyzed attacks on Ukraine Cyber- Infrastructure till date.
Dark Reading
AUGUST 25, 2022
The Forte Group, which gained momentum as an informal organization during the pandemic, will offer career development and advocacy for women execs in cybersecurity as well as newcomers.
Bleeping Computer
AUGUST 25, 2022
Hackers are abusing an anti-cheat system driver for the immensely popular Genshin Impact game to disable antivirus software while conducting ransomware attacks. [.].
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
CSO Magazine
AUGUST 25, 2022
It seems like just yesterday that the mad scramble following the SolarWinds compromise elevated supply chain security to the forefront of every entity, regardless of sector. The U.S. Cybersecurity and Infrastructure Security Agency (CISA), formed the Information and communications technology (ICT) Supply Chain Risk Management task force in an effort to unite public and private entities with the goal of developing an actionable strategy to enhance supply chain security.
The Hacker News
AUGUST 25, 2022
Nation-state threat actors are increasingly adopting and integrating the Sliver command-and-control (C2) framework in their intrusion campaigns as a replacement for Cobalt Strike. “Given Cobalt Strike’s popularity as an attack tool, defenses against it have also improved over time,” Microsoft security experts said.
CSO Magazine
AUGUST 25, 2022
Supply chain security has become top-of-mind for many leaders, as incident after incident has revealed supply chain vulnerabilities that expose significant organizational risk. Security challenges like Log4j and SolarStorm have battered organizations of all sizes with risks they likely didn’t even know they had. With a supply chain attack, a vulnerability in one component of a software stack can expose an entire organization to potential exploitation.
Heimadal Security
AUGUST 25, 2022
Center Hospitalier Sud Francilien (CHSF), was the victim of a ransomware attack that forced the medical center to transfer patients to other facilities and put off surgeries that were already scheduled. The hospital can accommodate 1000 patients at its full capacity and is situated only 28km from Paris city center. The malicious actors requested a […].
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Expert insights. Personalized for you.
359 
Let's personalize your content