Schneier on Security
MARCH 29, 2023
Jenny Blessing and Ross Anderson have evaluated the security of systems designed to allow the various Internet messaging platforms to interoperate with each other: The Digital Markets Act ruled that users on different platforms should be able to exchange messages with each other. This opens up a real Pandora’s box. How will the networks manage keys, authenticate users, and moderate content?
Tech Republic Security
MARCH 29, 2023
Learn how to protect your organization and users from this Android banking trojan. The post Nexus Android malware targets 450 financial applications appeared first on TechRepublic.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Bleeping Computer
MARCH 29, 2023
A digitally signed and trojanized version of the 3CX Voice Over Internet Protocol (VOIP) desktop client is reportedly being used to target the company's customers in an ongoing supply chain attack. [.
Security Boulevard
MARCH 29, 2023
Skyhawk Security today revealed it is employing ChatGPT to add generative artificial intelligence (AI) capabilities to its cloud threat detection and response (CDR) platform at no extra charge. Skyhawk Security CEO Chen Burshan said in addition to providing textual explanations of the evolution of a security incident discovered by the company’s platform, ChatGPT also makes.
Speaker: William Hord, Senior VP of Risk & Professional Services
Enterprise Risk Management (ERM) is critical for industry growth in today’s fast-paced and ever-changing risk landscape. When building your ERM program foundation, you need to answer questions like: Do we have robust board and management support? Do we understand and articulate our bank’s risk appetite and how that impacts our business units? How are we measuring and rating our risk impact, likelihood, and controls to mitigate our risk?
The Hacker News
MARCH 29, 2023
Trojanized installers for the TOR anonymity browser are being used to target users in Russia and Eastern Europe with clipper malware designed to siphon cryptocurrencies since September 2022. "Clipboard injectors [.
Bleeping Computer
MARCH 29, 2023
Taiwanese hardware vendor QNAP warns customers to secure their Linux-powered network-attached storage (NAS) devices against a high-severity Sudo privilege escalation vulnerability. [.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Bleeping Computer
MARCH 29, 2023
Google's Threat Analysis Group (TAG) discovered several exploit chains using Android, iOS, and Chrome zero-day and n-day vulnerabilities to install commercial spyware and malicious apps on targets' devices. [.
CSO Magazine
MARCH 29, 2023
Concerns about the reach of ChatGPT and how easier it may get for bad actors to find sensitive information have increased following Microsoft’s announcement of the integration of ChatGPT into Bing and the latest update of the technology, GPT-4. Within a month of the integration, Bing had crossed the 100 million daily user threshold. Meanwhile, GPT-4 improved the AI which now has better reasoning skills, is more accurate and has the ability to see images.
The Hacker News
MARCH 29, 2023
An unknown Chinese state-sponsored hacking group has been linked to a novel piece of malware aimed at Linux servers. French cybersecurity firm ExaTrack, which found three samples of the previously documented malicious software that date back to early 2022, dubbed it Mélofée.
WIRED Threat Level
MARCH 29, 2023
Documents obtained by WIRED confirm that Good Smile, which licenses toy production for Disney, was an investor in the controversial image board.
Speaker: William Hord, Vice President of ERM Services
A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.
Dark Reading
MARCH 29, 2023
Google TAG researchers reveal two campaigns against iOS, Android, and Chrome users that demonstrate how the commercial surveillance market is thriving despite government-imposed limits.
CSO Magazine
MARCH 29, 2023
When it comes to threat actors working for the North Korean government, most people have heard of the Lazarus group (APT38). It was responsible for the 2014 attack against Sony Pictures, the 2016 cyber heist of funds belonging to the central bank of Bangladesh, and the 2017 WannaCry ransomware worm. However, another team that security researchers call APT43, Kimsuky, or Thallium has been carrying out cyberespionage and cybercrime operations at the behest of the North Korean government since at l
Dark Reading
MARCH 29, 2023
A vulnerability with a 9.8 CVSS rating in IBM's widely deployed Aspera Faspex offering is being actively exploited to compromise enterprises.
CyberSecurity Insiders
MARCH 29, 2023
As the fear of AI machines grips most technologists, Tesla’s chief’s latest words are playing the role of a catalyst to intensify the buzz. Speaking during a conference at SpaceX’s Starbase Facility, Elon Musk expressed fears that robots might launch cyberattacks on themselves in the near future, potentially causing deep trouble for humans if we do not stop their advances now.
Speaker: Dr. Karen Hardy, CEO and Chief Risk Officer of Strategic Leadership Advisors LLC
Communication is a core component of a resilient organization's risk management framework. However, risk communication involves more than just reporting information and populating dashboards, and we may be limiting our skillset. Storytelling is the ability to express ideas and convey messages to others, including stakeholders. When done effectively, it can help interpret complex risk environments for leaders and inform their decision-making.
CSO Magazine
MARCH 29, 2023
For the first time, over a dozen cybersecurity companies have come together to produce an agnostic study titled LATAM CISO Report 2023: Insights from Industry Leaders. More than 200 CISOs in the Americas region, in addition to the Inter-American Development Bank (IDB), Latin American Federation of Banks (FELABAN), and the World Economic Forum (WEF), contributed to the report.
CyberSecurity Insiders
MARCH 29, 2023
Anxiety about the security of hot wallets grows as General Bytes customers are hit by a zero-day flaw in the company’s Bitcoin ATMs. By John E. Dunn It’s fair to say that crypto has an image problem. What it didn’t need was a Bitcoin ATM (BATM) hack to generate even more bad publicity. Unfortunately, that’s exactly what happened on March 17-18, according to General Bytes, one of the best-known makers of BATMs on the market.
The Hacker News
MARCH 29, 2023
3CX said it's working on a software update for its desktop app after multiple cybersecurity vendors sounded the alarm on what appears to be an active supply chain attack that's using digitally signed and rigged installers of the popular voice and video conferencing software to target downstream customers.
Bleeping Computer
MARCH 29, 2023
AI professors and developers have co-signed an open letter to artificial intelligence labs, calling them to pause the development and training of AI systems more powerful than GPT-4 for at least six months. [.
Speaker: Ronald Eddings, Cybersecurity Expert and Podcaster
So, you’ve accomplished an organization-wide SaaS adoption. It started slow, and now just a few team members might be responsible for running Salesforce, Slack, and a few others applications that boost productivity, but it’s all finished. Or is it? Through all the benefits offered by SaaS applications, it’s still a necessity to onboard providers as quickly as possible.
CyberSecurity Insiders
MARCH 29, 2023
The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. “While defenders pursue the most powerful and advanced solutions they can find, the enemy needs only a single user with a bad password or an unpatched application to derail an entire defensive position.” This quote by Dr.
The Hacker News
MARCH 29, 2023
A number of zero-day vulnerabilities that were addressed last year were exploited by commercial spyware vendors to target Android and iOS devices, Google's Threat Analysis Group (TAG) has revealed. The two distinct campaigns were both limited and highly targeted, taking advantage of the patch gap between the release of a fix and when it was actually deployed on the targeted devices.
CyberSecurity Insiders
MARCH 29, 2023
OpenAI-developed conversational AI ChatGPT is hitting the news headlines almost daily, and as it is now a part of Microsoft, the software giant is also getting a lot of credit for devising such a tool that can do anything and everything…well, almost! Microsoft, which is busy integrating the services of the chatbot into its software products such as Bing, made an announcement that it intends for the world to entrust cybersecurity to artificial intelligence technology, as its capabilities ar
Dark Reading
MARCH 29, 2023
Credential phishing emails are the clear favorite of threat actors, with a 478% spike last year, new research shows.
Speaker: Ryan McInerny, CAMS, FRM, MSBA - Principal, Product Strategy
Cryptocurrency and non-fungible tokens (NFTs) - what are they and why should you care? With 20% of Americans owning cryptocurrencies, speaking "fluent crypto" in the financial sector ensures you are prepared to discuss growth and risk management strategies when the topic arises. Join this exclusive webinar with Ryan McInerny to learn: Cryptocurrency asset market trends How to manage risk and compliance to serve customers safely Best practices for identifying crypto transactions and companies Rev
Security Boulevard
MARCH 29, 2023
The world is changing with generative AI. And your threat intelligence platform is too. We’re thrilled to announce the launch of Flare’s AI Powered Assistant! Security operations and threat intelligence teams can now instantly create informed, summarized, and translated reports from the clear and dark web, regardless of the language and technical jargon.
Trend Micro
MARCH 29, 2023
In late March 2023, security researchers revealed that threat actors were actively abusing a popular business communication software from 3CX.
Dark Reading
MARCH 29, 2023
Musk, Wozniak, and Yang are among more than a thousand tech leaders asking for time to establish human safety parameters around AI.
Security Boulevard
MARCH 29, 2023
ChatGPT is spreading like wildfire all over the internet, being used in everything from casual tools to cybersecurity and even industrial applications. It’s so popular, I wouldn’t be shocked if it starts running a nuclear power plant soon (if it isn’t already)! Using OpenAI’s ChatGPT-3.5, ChatGPT-4, and earlier models like Davinci costs a few cents [.
Speaker: Karl Camilleri, Cloud Services Product Manager at phoenixNAP
Did you know that 2021 was a record-breaking year for ransomware? The days of a “once in a while” attack against businesses and organizations are over. Cyberthreats have become a serious issue. With 495.1 million attacks, the threat marked a 148% increase compared to 2020 and was the most expensive year on record! As a result, data protection needs to be a concern for most banks, businesses, and information technology specialists.
Dark Reading
MARCH 29, 2023
With an infrastructure for observability, security teams can make better decisions about access and identity-based threats.
We Live Security
MARCH 29, 2023
How fraudsters groom their marks and move in for the kill using tricks from the playbooks of romance and investment scammers The post Pig butchering scams: The anatomy of a fast‑growing threat appeared first on WeLiveSecurity
CSO Magazine
MARCH 29, 2023
The cybercrime marketplace of offering stolen credentials to enable access-as-a-service attacks continues to dominate the market with a 6 fold increase in number of credentials stolen by malware. Passwords as the single factor of authentication has become a thing of the past and many security conscious organizations have now adopted multi-factor authentication (MFA) as the standard.
Dark Reading
MARCH 29, 2023
For the foreseeable future, with the spigots closing shut, CISOs will need to find ways to do more with less.
Speaker: Alex Jiménez, Managing Principal, Financial Service Consulting for EPAM
Global economic conditions are soft at best. From a budget standpoint, US banks are feeling the pinch. Many US banks are bracing for increased defaults and lower demand for mortgages and other loans as interest rates have increased. The largest banks have increased reserves to protect against deteriorating economic conditions. Should banks delay their digital transformation investments and focus on cost reductions?
Expert insights. Personalized for you.
246 
Let's personalize your content