Schneier on Security
DECEMBER 30, 2022
Yet another smartphone side-channel attack: “ EarSpy: Spying Caller Speech and Identity through Tiny Vibrations of Smartphone Ear Speakers “: Abstract: Eavesdropping from the user’s smartphone is a well-known threat to the user’s safety and privacy. Existing studies show that loudspeaker reverberation can inject speech into motion sensor readings, leading to speech eavesdropping.
Lohrman on Security
DECEMBER 30, 2022
After a year full of data breaches, ransomware attacks and real-world cyber impacts stemming from Russia’s invasion of Ukraine, what’s next? Here’s part 2 of your annual roundup of security industry forecasts for 2023 and beyond.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Troy Hunt
DECEMBER 30, 2022
We made it! That's 2022 done and dusted, and what a year it was, both professionally and personally. It feels great to get to the end of the year with all the proverbial ducks lined up, some massive achievements now behind us (not least of which was the wedding), and a clean slate coming into 2023 to do amazing things. I'm super excited about next year and can't wait to share a whole bunch of new stuff over the coming 52 Fridays.
Tech Republic Security
DECEMBER 30, 2022
Find out how you can have a safe and secure transition to the cloud. This guide describes tips and steps to take to ensure your data is secure during a migration. The post Tips and tricks for securing data when migrating to the cloud appeared first on TechRepublic.
Speaker: Erroll Amacker
Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.
Security Boulevard
DECEMBER 30, 2022
While low-code and no-code application development is a couple decades old, the train truly left the station just a few years ago. It has been gaining considerable steam ever since. So popular and prevalent is low-code/no-code that several studies estimate that by 2025 it will be responsible for two-thirds of all applications developed. The post How Low-Code/No-Code App Development Affects IT Security appeared first on Radware Blog.
Tech Republic Security
DECEMBER 30, 2022
Supply chain security concerns continue to grow. Does your company have a risk management strategy in place that addresses the possibility of a major supplier security failure? The post Don’t overlook supply chain security in your 2023 security plan appeared first on TechRepublic.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
|
Heimadal Security
DECEMBER 30, 2022
Over Christmas, the Port of Lisbon administration suffered a cyberattack. The representatives of Portugal’s third-largest port said the attack did not affect operations, but the cyber incident was reported to the National Cybersecurity Center and the Judiciary Police. The company’s website was unavailable until today. All security protocols and response measures planned for this type […].
SecureBlitz
DECEMBER 30, 2022
Beginners in online gambling frequently struggle to determine where to bet and play. Given the sheer number of different gambling websites out there, this doesn’t come as much of a surprise. In fact, there are so many platforms that even professional gamblers looking for a new online casino to join can have trouble determining which […].
Digital Guardian
DECEMBER 30, 2022
Your organization is likely required to disclose data breaches to the proper authorities in your state, but sometimes going one step further is just as important.
Dark Reading
DECEMBER 30, 2022
Dark Reading's panel of security experts deliver a magnum of bubbly hot takes on what 2023 will look like, featuring evil AIs, WWIII, wild workplace soon-to-be-norms, and more.
Advertisement
Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.
The Hacker News
DECEMBER 30, 2022
A security researcher was awarded a bug bounty of $107,500 for identifying security issues in Google Home smart speakers that could be exploited to install backdoors and turn them into wiretapping devices.
CyberSecurity Insiders
DECEMBER 30, 2022
Microsoft received a jolt at the end of this year when France’s data watchdog CNIL imposed a penalty of €60m or $64 million, largest imposed by the digital privacy functionary in this year. The penalty was pronounced on the tech giant for not allowing its Bing users to refuse cookies, as it is made it mandatory and is against the EU’s General Data Protection Regulation (GDPR).
Security Boulevard
DECEMBER 30, 2022
Whether a nudge security strategy is appropriate for a company depends on the objectives of the program. Users are humans and subject to biases and emotions. The post Nudge security strategy can augment SaaS security programs appeared first on Security Boulevard.
Bleeping Computer
DECEMBER 30, 2022
A previously unknown Linux malware has been exploiting 30 vulnerabilities in multiple outdated WordPress plugins and themes to inject malicious JavaScript. [.].
Advertisement
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
Security Affairs
DECEMBER 30, 2022
The website for the Port of Lisbon is still down days after it was the target of a ransomware attack claimed by Lockbit group. The Port of Lisbon is the third-largest port in Portugal and one of the main European ports due to its strategic location. The website of the port was hit by a cyber attack on December 25, in response to the security breach the administrators shut down it.
Lenny Zeltser
DECEMBER 30, 2022
Cybersecurity leaders not only go against threat actors to defend the organization but also find themselves at odds with other business executives. How can we avoid fighting everyone? What does it take to ensure the security team doesn't become the department of "no"? In the following conversation with Chris Cochran and Ron Eddings at Hacker Valley , I discuss how CISOs and other security leaders can: Build relationships with security and business functions.
Security Affairs
DECEMBER 30, 2022
Netgear addressed a high-severity bug affecting multiple WiFi router models, including Wireless AC Nighthawk , Wireless AX Nighthawk (WiFi 6) , and Wireless AC. Netgear fixed a bug affecting multiple WiFi router models, including Wireless AC Nighthawk , Wireless AX Nighthawk (WiFi 6) , and Wireless AC router models. The vendor only said that the flaw is a pre-authentication buffer overflow vulnerability and urged customers to address the firmware of their devices as soon as possible.
Security Boulevard
DECEMBER 30, 2022
Insight #1. ". My first cyber security prediction for 2023 is that we will see a major breach due to log4j. With 50% of java applications still running on java applications, and attackers focusing their efforts on government and FinTech victims, they will expand in 2023.". . Insight #2. ". Next, I predict we will have a better industry standard than just CVSS in the works by fiscal year-end.". .
Speaker: Sierre Lindgren
Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.
Security Affairs
DECEMBER 30, 2022
US CISA added TIBCO Software’s JasperReports vulnerabilities to its Known Exploited Vulnerabilities Catalog. US CISA added TIBCO Software’s JasperReports vulnerabilities, tracked as CVE-2018-5430 (CVSS score: 7.7) and CVE-2018-18809 (CVSS score: 9.9), to its Known Exploited Vulnerabilities ( KEV ) catalog, TIBCO JasperReports is an open-source Java reporting tool for creating and managing reports and dashboards.
Heimadal Security
DECEMBER 30, 2022
The U.S. Cybersecurity and Infrastructure Security Agency (CISA), citing evidence of ongoing exploitation, has added two-year-old security weaknesses affecting the JasperReports product from TIBCO Software to its list of Known Exploited Vulnerabilities (KEV). JasperReports is a Java-based reporting and data analytics platform used for creating, distributing, and managing reports and dashboards.
Security Affairs
DECEMBER 30, 2022
A new Linux malware has been exploiting 30 vulnerabilities in outdated WordPress plugins and themes to deploy malicious JavaScripts. Doctor Web researchers discovered a Linux malware, tracked as Linux.BackDoor.WordPressExploit.1, that compromises WordPress websites by exploiting 30 vulnerabilities in multiple outdated plugins and themes. The malware injects into targeted webpages malicious JavaScripts, then when users click on the compromised page, they are redirected to other sites under the c
Heimadal Security
DECEMBER 30, 2022
2022 was an all-around rollercoaster, and it was no different in the world of cybersecurity. Some of the biggest cyber attacks in recent memory occurred this year, as threat actors got slicker and their methods more sophisticated. Today, we will take a look back at some of the biggest cybersecurity incidents that happened in 2022. […]. The post Top Cyber Attacks of 2022 – What Were the Biggest Events of the Year?
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
Security Boulevard
DECEMBER 30, 2022
Cybercrime has forced businesses worldwide into paying billions of dollars yearly. As more of the population becomes dependent on technology, the fear of cyber attacks continues to grow. The post Cybersecurity Maturity Models You Could Align With appeared first on Security Boulevard.
Naked Security
DECEMBER 30, 2022
The problem with anniversaries is that there's an almost infinite number of them every day.
Security Boulevard
DECEMBER 30, 2022
Cyber-attacks are becoming increasingly complex, and once an attacker successfully compromises an endpoint, they love to move laterally through connected networks and devices, often undetected. . The post Why Attackers Bank on Lateral Movement and How to Stop Them appeared first on Security Boulevard.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Bleeping Computer
DECEMBER 30, 2022
The Copper Mountain Mining Corporation (CMMC), a Canadian copper mining company in British Columbia, has announced it has become the target of a ransomware attack that impacted its operations. [.].
Dark Reading
DECEMBER 30, 2022
CISA’s Known Exploited Vulnerabilities Catalog has become a valuable repository of vulnerabilities to be patched. A pair of reports analyze the vulnerabilities under attack to understand the kind of threats organizations should be prioritizing.
Bleeping Computer
DECEMBER 30, 2022
A cyberattack hitting the Port of Lisbon Administration (APL), the third-largest port in Portugal, on Christmas day has been claimed by the LockBit ransomware gang. [.].
Security Boulevard
DECEMBER 30, 2022
Yet another RCE with a CVSS score of 9.8 out of 10 was disclosed a few hours ago. This issue looks like the same Log4shell and it seems even more dangerous since Common Texts are used more broadly. The Apache Foundation published a vulnerability in the Apache Commons Text project code and published a message [.]. The post New text2shell RCE vulnerability in Apache Common Texts CVE-2022-42889 appeared first on Wallarm.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Expert insights. Personalized for you.
363 
Let's personalize your content