Schneier on Security
NOVEMBER 28, 2022
Laptop technicians routinely violate the privacy of the people whose computers they repair: Researchers at University of Guelph in Ontario, Canada, recovered logs from laptops after receiving overnight repairs from 12 commercial shops. The logs showed that technicians from six of the locations had accessed personal data and that two of those shops also copied data onto a personal device.
Krebs on Security
NOVEMBER 28, 2022
A recent scoop by Reuters revealed that mobile apps for the U.S. Army and the Centers for Disease Control and Prevention (CDC) were integrating software that sends visitor data to a Russian company called Pushwoosh , which claims to be based in the United States. But that story omitted an important historical detail about Pushwoosh: In 2013, one of its developers admitted to authoring the Pincer Trojan , malware designed to surreptitiously intercept and forward text messages from Android mob
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Lohrman on Security
NOVEMBER 28, 2022
A Sandia National Laboratories study determined that electric vehicle charging stations are vulnerable to cyber attacks. What might happen next — and how hard will this be to fix?
Tech Republic Security
NOVEMBER 28, 2022
There's news from Amazon Web Services' Las Vegas show as a flurry of partnerships and edge computing initiatives have been revealed. The post AWS re:Invent 2022: Partners on parade appeared first on TechRepublic.
Speaker: Erroll Amacker
Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.
WIRED Threat Level
NOVEMBER 28, 2022
Google provided investigators with location data for more than 5,000 devices as part of the federal investigation into the attack on the US Capitol.
Tech Republic Security
NOVEMBER 28, 2022
Big data meets private data in a perfect storm for healthcare. Confidential computing providers say they’ll make the cloud safer for medical data. The post Top 5 confidential computing uses in healthcare appeared first on TechRepublic.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
|
Tech Republic Security
NOVEMBER 28, 2022
Password-driven security may not be the perfect solution, but the alternatives haven’t gained much traction. This policy defines best practices that will make password protection as strong and manageable as possible. From the policy: Employee passwords are the first line of defense in securing the organization from inappropriate or malicious access to data and services.
Security Affairs
NOVEMBER 28, 2022
Several Ukrainian organizations were hit by Russia-based RansomBoggs Ransomware in the last week, ESET reports. Researchers from ESET observed multiple attacks involving a new family of ransomware, tracked as RansomBoggs ransomware, against Ukrainian organizations. The security firm first detected the attacks on November 21 and immediately alerted the CERT US.
CyberSecurity Insiders
NOVEMBER 28, 2022
Windows 11 is all set to get a VPN Status Indicator in its system tray, allowing users to connect or download files anonymously and without the revelation of their home or IP address. Therefore, all those using VPN services to browse websites, stream movies and download files can look at their network and proceed only when it shows a sign. According to a report that turned viral on Twitter, Windows 11 users will get an indicator as a shield icon to let us know whether their network is connected
Security Affairs
NOVEMBER 28, 2022
ESET announced the discovery of a vulnerability impacting Acer laptops that can allow an attacker to deactivate UEFI Secure Boot. ESET researchers announced in a series of tweets the discovery of a vulnerability impacting Acer laptops, the issue can allow an attacker to deactivate UEFI Secure Boot. The experts explained that the flaw, tracked as CVE-2022-4020 , is similar to the Lenovo vulnerabilities the company disclosed earlier this month.
Advertisement
Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.
SecureList
NOVEMBER 28, 2022
The consumer threat landscape constantly changes. Although the main types of threats (phishing, scams, malware, etc.) remain the same, lures that fraudsters use vary greatly depending on the time of year, current major events, news, etc. This year, we have seen spikes in cybercriminal activity aimed at users amid the shopping and back-to-school season, big pop culture events, such as Grammy and Oscar, movie premieres , new smartphone announcements , game releases , etc.
Security Boulevard
NOVEMBER 28, 2022
Two key members of the Five Eyes intelligence alliance have made further moves to stop Chinese equipment imports. The post U.S. and UK Ban More Chinese Kit as Xi’s Grip Weakens appeared first on Security Boulevard.
CSO Magazine
NOVEMBER 28, 2022
A database of 487 million WhatsApp users’ mobile numbers has been put up for sale on the Breached.vc hacking community forum. The data set contains information on WhatsApp users from more than 84 countries, the post shows. The story was first reported by Cybernews. The seller of the leaked data is also offering it through the controversial messaging app Telegram , where the person or the group goes by handle “Palm Yunn.
Jane Frankland
NOVEMBER 28, 2022
Sir Isaac Newton first presented his three laws of motion in 1686. His third law, is widely known and states that, “for every action there is an equal and opposing reaction.” We see this in business. As technology advances at speed, it enables just as many opportunities as it introduces threats. Gains come but so do threats and losses. No company can escape either.
Advertisement
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
We Live Security
NOVEMBER 28, 2022
ESET researchers spot a new ransomware campaign that goes after Ukrainian organizations and has Sandworm's fingerprints all over it. The post RansomBoggs: New ransomware targeting Ukraine appeared first on WeLiveSecurity.
Heimadal Security
NOVEMBER 28, 2022
5,485,635 Twitter user records that contain personal data were released on November 24th, for free, on a hacker forum. Cybersecurity researchers say that the data was stolen due to an API vulnerability that Twitter announced to have fixed in January this year. The same data is thought to have been previously for sale in August, […]. The post Threat Actors #Giveaway: 5.4 Million Twitter User Data Exposed appeared first on Heimdal Security Blog.
CSO Magazine
NOVEMBER 28, 2022
Just days after announcing the close of its consumer-oriented Wickr Me encrypted messaging service, Amazon Web Services (AWS), at its annual re:Invent conference on Monday, said that it was making the enterprise version of the app generally available. Dubbed simply AWS Wickr, the service was first announced in July and has been in preview till now. The enterprise version of the messaging service, designed to allow enterprise users to securely collaborate via text, voice and video, along with fil
CyberSecurity Insiders
NOVEMBER 28, 2022
Every year, we hear something or the other about WhatsApp data breach and following this course is this news that is currently trending on various social media platforms and community forums at the end of this year, i.e. November 2022. According to a post on a dark web forum, a hacker is claiming to sell information related to about 487 million WhatsApp users that includes their mobile numbers, respectively.
Speaker: Sierre Lindgren
Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.
Heimadal Security
NOVEMBER 28, 2022
The Ragnar Locker ransomware gang published data that they thought was from the Zwijndrecht municipality in Belgium, but the data actually belonged to Zwijndrecht police, a police department in Antwerp, Belgium. Reports have emerged that this leaked data contained information on thousands of license plates, traffic fines, criminal records, personnel files, investigation reports, and more. […].
CSO Magazine
NOVEMBER 28, 2022
A report published Monday by cloud services and CDN (content delivery network) platform Akamai said that the financial services industry is an increasingly popular target for a wide range of cyberattacks, with application and API attacks against the vertical more than tripling in the past year. APIs are a core part of how financial services firms are changing their operations in the modern era, Akamai said, given the growing desire for more and more app-based services among the consumer base.
Bleeping Computer
NOVEMBER 28, 2022
The United States government, through the Federal Communications Commission (FCC), has banned the sale of equipment from Chinese telecommunications and video surveillance vendor Huawei, ZTE, Hytera, Hikvision, and Dahua due "unacceptable risks to national security". [.].
Dark Reading
NOVEMBER 28, 2022
More than 1,000 systems are exposed to a campaign hunting weak Windows servers and more.
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
Security Affairs
NOVEMBER 28, 2022
Irish data protection commission (DPC) fined Meta for not protecting Facebook’s users’ data from scraping. Meta has been fined €265 million ($275.5 million) by the Irish data protection commission (DPC) for the data leak suffered by Facebook in 2021 that exposed the data belonging to millions of Facebook users. The Data Protection Commission is also imposing a range of corrective measures on Meta. “The Data Protection Commission (DPC) has today announced the conclusion to an in
Dark Reading
NOVEMBER 28, 2022
Don’t fuss now — just another spoonful of multifactor authentication to keep the organization strong and the data safer.
Heimadal Security
NOVEMBER 28, 2022
Top European football club, FC Barcelona, recently has its official website used by scammers in a sophisticated third-party fraud campaign. According to Adex, an ad fraud monitoring platform, the threat actors used the website of the Catalonian club to increase traffic to a likely fraudulent iGaming website. FC Barcelona’s website is visited monthly by 5.4 […].
CSO Magazine
NOVEMBER 28, 2022
The Council of the European Union (EU) has adopted a new cybersecurity directive designed to improve resilience and incident response capacities across the EU, replacing NIS , the current directive on the security of network and information systems. The new directive, NIS2, will set the baseline for cybersecurity risk management measures and reporting obligations across sectors and aims to harmonize cybersecurity requirements and implementation of measures in different member states.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Dark Reading
NOVEMBER 28, 2022
The ransomware group is using Qakbot to make the initial point of entry before moving laterally within an organization’s network.
Heimadal Security
NOVEMBER 28, 2022
The name of the ransomware gang known as Vice Society is now linked to new victims, as stolen data is being leaked on the group`s Tor leak site. This time, the targeted organizations are the Cincinnati State Technical and Community College and IKEA stores in Morocco and Kuwait. Another Hit to the Educational Sector Following a cyberattack […].
Bleeping Computer
NOVEMBER 28, 2022
Hackers are capitalizing on a trending TikTok challenge named 'Invisible Challenge' to install malware on thousands of devices and steal their passwords, Discord accounts, and, potentially, cryptocurrency wallets. [.].
Heimadal Security
NOVEMBER 28, 2022
Domain hijacking and DNS poisoning are two methods used by threat actors to perform a DNS spoofing attack and redirect traffic toward malicious websites. They are both serious threats as they can be used to steal sensitive information, send visitors to a fake version of a website and even take it offline completely. In this […]. The post Domain Hijacking vs DNS Poisoning: Do You Know the Difference?
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Expert insights. Personalized for you.
361 
Let's personalize your content