Schneier on Security
AUGUST 25, 2022
Here’s a phishing campaign that uses a man-in-the-middle attack to defeat multi-factor authentication: Microsoft observed a campaign that inserted an attacker-controlled proxy site between the account users and the work server they attempted to log into. When the user entered a password into the proxy site, the proxy site sent it to the real server and then relayed the real server’s response back to the user.
Tech Republic Security
AUGUST 25, 2022
Apple updates, cookie theft, tech tips and a 5G cheat sheet top this week’s most-read news on TechRepublic. The post Tech news you may have missed: August 18 – 25 appeared first on TechRepublic.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Bleeping Computer
AUGUST 25, 2022
Password management firm LastPass was hacked two weeks ago, enabling threat actors to steal the company's source code and proprietary technical information. [.].
Tech Republic Security
AUGUST 25, 2022
In a scam analyzed by Avanan, the victim received an email claiming to be from the CFO directing them to make a payment to their insurance company. The post How a business email compromise scam spoofed the CFO of a major corporation appeared first on TechRepublic.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Security Boulevard
AUGUST 25, 2022
It probably isn’t a surprise to any skeptics of the security practices of social media platforms—or who specifically remember Twitter’s previous security mishaps, including the hack of high-profile blue-check accounts—that Twitter’s cybersecurity practices are less than stellar and may even leave the platform open to attacks by nation-states. This, according to a former Twitter security.
Tech Republic Security
AUGUST 25, 2022
Mitiga says that MFA, even if improperly configured, is no panacea for preventing attackers from abusing compromised credentials. The post How a business email compromise attack exploited Microsoft’s multi-factor authentication appeared first on TechRepublic.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Tech Republic Security
AUGUST 25, 2022
As the facial recognition market continues to grow, business leaders should consider these issues before deciding whether to implement the technology. The post Privacy and security issues associated with facial recognition software appeared first on TechRepublic.
Security Boulevard
AUGUST 25, 2022
This week: cybercriminals are continuing to target medical facilities, Twitter’s alleged lack of cybersecurity measures, and more. . The post The Week in Cybersecurity: French hospital hit with ransomware attack appeared first on Security Boulevard.
Tech Republic Security
AUGUST 25, 2022
Jack Wallen has had enough with online ads crashing the party of his productivity. Find out what has him so riled up. The post There’s a problem with online ads, and it’s not what you think appeared first on TechRepublic.
We Live Security
AUGUST 25, 2022
Doxing can happen to anyone – here’s how you can reduce the odds that your personal information will be weaponized against you. The post What is doxing and how to protect yourself appeared first on WeLiveSecurity.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Bleeping Computer
AUGUST 25, 2022
Threat analysts have discovered the phishing kit responsible for thousands of attacks against 136 high-profile organizations that have compromised 9,931 accounts. [.].
Security Boulevard
AUGUST 25, 2022
Wondering about CI/CD security? We explain why CI/CD security is essential, how it works, the tools you need, and best practices to overcome its challenges. The post What Is CI/CD Security & Why Does It Matter? appeared first on Security Boulevard.
eSecurity Planet
AUGUST 25, 2022
The widely-used DevOps platform GitLab has released critical security updates for its Community Edition (CE) and Enterprise Edition (EE). The vulnerability was reported for a number of versions of GitLab CE/EE: all versions starting from 11.3.4 before 15.1.5 all versions starting from 15.2 before 15.2.3 all versions starting from 15.3 before 15.3.1.
Security Boulevard
AUGUST 25, 2022
SaaS has created unique challenges for security teams and requires them to evaluate the maturity of their SaaS security using a framework that was developed for the unique challenges SaaS creates. The post Assessing The Maturity Of Your SaaS Security Program appeared first on Security Boulevard.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Security Affairs
AUGUST 25, 2022
Russia-linked APT group Nobelium is behind a new sophisticated post-exploitation malware tracked by Microsoft as MagicWeb. Microsoft security researchers discovered a post-compromise malware, tracked as MagicWeb, which is used by the Russia-linked NOBELIUM APT group to maintain persistent access to compromised environments. The NOBELIUM APT ( APT29 , Cozy Bear , and The Dukes) is the threat actor that conducted the supply chain attack against SolarWinds, which involved multiple families of impla
Security Boulevard
AUGUST 25, 2022
Passwords are the worst. Infamous, ubiquitous, we just can't seem to get them right. Why are we stuck securing access with methods users hate and hackers love? The post Passwordless Is the Future … but What About the Present? appeared first on Security Boulevard.
CyberSecurity Insiders
AUGUST 25, 2022
Hackers are now using AI deepfake technology to impersonate C level employees of tech firms to dupe meeting respondents and the latest to fall victim to such a digital attack was a senior official of Binance, a company that is into the trading of cryptocurrency. Patrick Hillmann, the Chief Communication Officer (CCO) was surprised to receive email alerts for attending meeting with stakeholders and other public listers in Binance.
Bleeping Computer
AUGUST 25, 2022
Hackers are abusing an anti-cheat system driver for the immensely popular Genshin Impact game to disable antivirus software while conducting ransomware attacks. [.].
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
CyberSecurity Insiders
AUGUST 25, 2022
Cisco Talos has announced that it is going to offer cybersecurity support to all companies operating in Ukraine. It also made it official that it will render support to companies that are suffering from cyber attacks such as Ransomware launched by Vladimir Putin nation. Cisco’s support includes a release of an executive guidance document that offers intelligence on the analyzed attacks on Ukraine Cyber- Infrastructure till date.
Dark Reading
AUGUST 25, 2022
The Forte Group, which gained momentum as an informal organization during the pandemic, will offer career development and advocacy for women execs in cybersecurity as well as newcomers.
Bleeping Computer
AUGUST 25, 2022
The North Korean 'Kimsuky' threat actors are going to great lengths to ensure that their malicious payloads are only downloaded by valid targets and not on the systems of security researchers. [.].
CSO Magazine
AUGUST 25, 2022
It seems like just yesterday that the mad scramble following the SolarWinds compromise elevated supply chain security to the forefront of every entity, regardless of sector. The U.S. Cybersecurity and Infrastructure Security Agency (CISA), formed the Information and communications technology (ICT) Supply Chain Risk Management task force in an effort to unite public and private entities with the goal of developing an actionable strategy to enhance supply chain security.
Advertisement
The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.
Threatpost
AUGUST 25, 2022
Tens of thousands of cameras have failed to patch a critical, 11-month-old CVE, leaving thousands of organizations exposed.
CSO Magazine
AUGUST 25, 2022
Supply chain security has become top-of-mind for many leaders, as incident after incident has revealed supply chain vulnerabilities that expose significant organizational risk. Security challenges like Log4j and SolarStorm have battered organizations of all sizes with risks they likely didn’t even know they had. With a supply chain attack, a vulnerability in one component of a software stack can expose an entire organization to potential exploitation.
Bleeping Computer
AUGUST 25, 2022
Threat actors are dumping the Cobalt Strike penetration testing suite in favor of similar frameworks that are less known. After Brute Ratel, the open-source, cross-platform kit called Sliver is becoming an attractive alternative. [.].
CSO Magazine
AUGUST 25, 2022
Security operations centers – the units that manage overall cybersecurity within an organization – have been getting a workout during COVID-19. Many organizations moved their SOC staff to remote work within days of coronavirus being declared a pandemic. This shift to remote work has put a spotlight on three inter-related issues for business and cybersecurity leaders in modernizing SOCs to meet the needs of today’s workplace.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Security Boulevard
AUGUST 25, 2022
Last week, Lloyd’s of London Ltd. announced that it will require its underwriters, globally, “to exclude catastrophic state-backed hacks from stand-alone cyber insurance policies” starting in March 2023. This elimination of cyber policies involving nation-state adversaries is not surprising. Based on “worrisome trends” in our post-pandemic world, cybersecurity insurance at large “has a big problem,” as PCS Insurance Group’s Tom Johansmeyer notes in Harvard Business Review.
Digital Shadows
AUGUST 25, 2022
Blimey, August already? This year has absolutely flown by and shows no signs of slowing down. This month has been. The post What We’re Reading This Month: August 2022 first appeared on Digital Shadows.
Dark Reading
AUGUST 25, 2022
The "0ktapus" cyberattackers set up a well-planned spear-phishing effort that affected at least 130 orgs beyond Twilio and Cloudflare, including Digital Ocean and Mailchimp.
Security Boulevard
AUGUST 25, 2022
As a Cyber Security Professional, you are well and truly in demand. With a shortfall of over 14,000 cyber professionals […]. The post Top Cyber Security Qualifications to Help Advance Your Career appeared first on Security Boulevard.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Expert insights. Personalized for you.
298 
Let's personalize your content