Schneier on Security
DECEMBER 30, 2022
Yet another smartphone side-channel attack: “ EarSpy: Spying Caller Speech and Identity through Tiny Vibrations of Smartphone Ear Speakers “: Abstract: Eavesdropping from the user’s smartphone is a well-known threat to the user’s safety and privacy. Existing studies show that loudspeaker reverberation can inject speech into motion sensor readings, leading to speech eavesdropping.
Lohrman on Security
DECEMBER 30, 2022
After a year full of data breaches, ransomware attacks and real-world cyber impacts stemming from Russia’s invasion of Ukraine, what’s next? Here’s part 2 of your annual roundup of security industry forecasts for 2023 and beyond.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Troy Hunt
DECEMBER 30, 2022
We made it! That's 2022 done and dusted, and what a year it was, both professionally and personally. It feels great to get to the end of the year with all the proverbial ducks lined up, some massive achievements now behind us (not least of which was the wedding), and a clean slate coming into 2023 to do amazing things. I'm super excited about next year and can't wait to share a whole bunch of new stuff over the coming 52 Fridays.
Tech Republic Security
DECEMBER 30, 2022
Find out how you can have a safe and secure transition to the cloud. This guide describes tips and steps to take to ensure your data is secure during a migration. The post Tips and tricks for securing data when migrating to the cloud appeared first on TechRepublic.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Security Boulevard
DECEMBER 30, 2022
While low-code and no-code application development is a couple decades old, the train truly left the station just a few years ago. It has been gaining considerable steam ever since. So popular and prevalent is low-code/no-code that several studies estimate that by 2025 it will be responsible for two-thirds of all applications developed. The post How Low-Code/No-Code App Development Affects IT Security appeared first on Radware Blog.
Tech Republic Security
DECEMBER 30, 2022
Supply chain security concerns continue to grow. Does your company have a risk management strategy in place that addresses the possibility of a major supplier security failure? The post Don’t overlook supply chain security in your 2023 security plan appeared first on TechRepublic.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Heimadal Security
DECEMBER 30, 2022
Over Christmas, the Port of Lisbon administration suffered a cyberattack. The representatives of Portugal’s third-largest port said the attack did not affect operations, but the cyber incident was reported to the National Cybersecurity Center and the Judiciary Police. The company’s website was unavailable until today. All security protocols and response measures planned for this type […].
Digital Guardian
DECEMBER 30, 2022
Your organization is likely required to disclose data breaches to the proper authorities in your state, but sometimes going one step further is just as important.
CyberSecurity Insiders
DECEMBER 30, 2022
Microsoft received a jolt at the end of this year when France’s data watchdog CNIL imposed a penalty of €60m or $64 million, largest imposed by the digital privacy functionary in this year. The penalty was pronounced on the tech giant for not allowing its Bing users to refuse cookies, as it is made it mandatory and is against the EU’s General Data Protection Regulation (GDPR).
The Hacker News
DECEMBER 30, 2022
A security researcher was awarded a bug bounty of $107,500 for identifying security issues in Google Home smart speakers that could be exploited to install backdoors and turn them into wiretapping devices.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Security Boulevard
DECEMBER 30, 2022
Whether a nudge security strategy is appropriate for a company depends on the objectives of the program. Users are humans and subject to biases and emotions. The post Nudge security strategy can augment SaaS security programs appeared first on Security Boulevard.
Lenny Zeltser
DECEMBER 30, 2022
Cybersecurity leaders not only go against threat actors to defend the organization but also find themselves at odds with other business executives. How can we avoid fighting everyone? What does it take to ensure the security team doesn't become the department of "no"? In the following conversation with Chris Cochran and Ron Eddings at Hacker Valley , I discuss how CISOs and other security leaders can: Build relationships with security and business functions.
Security Boulevard
DECEMBER 30, 2022
Insight #1. ". My first cyber security prediction for 2023 is that we will see a major breach due to log4j. With 50% of java applications still running on java applications, and attackers focusing their efforts on government and FinTech victims, they will expand in 2023.". . Insight #2. ". Next, I predict we will have a better industry standard than just CVSS in the works by fiscal year-end.". .
SecureBlitz
DECEMBER 30, 2022
Beginners in online gambling frequently struggle to determine where to bet and play. Given the sheer number of different gambling websites out there, this doesn’t come as much of a surprise. In fact, there are so many platforms that even professional gamblers looking for a new online casino to join can have trouble determining which […].
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Security Boulevard
DECEMBER 30, 2022
Cybercrime has forced businesses worldwide into paying billions of dollars yearly. As more of the population becomes dependent on technology, the fear of cyber attacks continues to grow. The post Cybersecurity Maturity Models You Could Align With appeared first on Security Boulevard.
Bleeping Computer
DECEMBER 30, 2022
A previously unknown Linux malware has been exploiting 30 vulnerabilities in multiple outdated WordPress plugins and themes to inject malicious JavaScript. [.].
Security Affairs
DECEMBER 30, 2022
Netgear addressed a high-severity bug affecting multiple WiFi router models, including Wireless AC Nighthawk , Wireless AX Nighthawk (WiFi 6) , and Wireless AC. Netgear fixed a bug affecting multiple WiFi router models, including Wireless AC Nighthawk , Wireless AX Nighthawk (WiFi 6) , and Wireless AC router models. The vendor only said that the flaw is a pre-authentication buffer overflow vulnerability and urged customers to address the firmware of their devices as soon as possible.
Dark Reading
DECEMBER 30, 2022
The effectiveness of attacks largely depends on organizations' distributed denial-of-service defenses.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Security Affairs
DECEMBER 30, 2022
The website for the Port of Lisbon is still down days after it was the target of a ransomware attack claimed by Lockbit group. The Port of Lisbon is the third-largest port in Portugal and one of the main European ports due to its strategic location. The website of the port was hit by a cyber attack on December 25, in response to the security breach the administrators shut down it.
Bleeping Computer
DECEMBER 30, 2022
The Copper Mountain Mining Corporation (CMMC), a Canadian copper mining company in British Columbia, has announced it has become the target of a ransomware attack that impacted its operations. [.].
Security Affairs
DECEMBER 30, 2022
US CISA added TIBCO Software’s JasperReports vulnerabilities to its Known Exploited Vulnerabilities Catalog. US CISA added TIBCO Software’s JasperReports vulnerabilities, tracked as CVE-2018-5430 (CVSS score: 7.7) and CVE-2018-18809 (CVSS score: 9.9), to its Known Exploited Vulnerabilities ( KEV ) catalog, TIBCO JasperReports is an open-source Java reporting tool for creating and managing reports and dashboards.
Bleeping Computer
DECEMBER 30, 2022
A cyberattack hitting the Port of Lisbon Administration (APL), the third-largest port in Portugal, on Christmas day has been claimed by the LockBit ransomware gang. [.].
Advertisement
The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.
Security Affairs
DECEMBER 30, 2022
A new Linux malware has been exploiting 30 vulnerabilities in outdated WordPress plugins and themes to deploy malicious JavaScripts. Doctor Web researchers discovered a Linux malware, tracked as Linux.BackDoor.WordPressExploit.1, that compromises WordPress websites by exploiting 30 vulnerabilities in multiple outdated plugins and themes. The malware injects into targeted webpages malicious JavaScripts, then when users click on the compromised page, they are redirected to other sites under the c
Heimadal Security
DECEMBER 30, 2022
The U.S. Cybersecurity and Infrastructure Security Agency (CISA), citing evidence of ongoing exploitation, has added two-year-old security weaknesses affecting the JasperReports product from TIBCO Software to its list of Known Exploited Vulnerabilities (KEV). JasperReports is a Java-based reporting and data analytics platform used for creating, distributing, and managing reports and dashboards.
Security Boulevard
DECEMBER 30, 2022
Cyber-attacks are becoming increasingly complex, and once an attacker successfully compromises an endpoint, they love to move laterally through connected networks and devices, often undetected. . The post Why Attackers Bank on Lateral Movement and How to Stop Them appeared first on Security Boulevard.
Heimadal Security
DECEMBER 30, 2022
2022 was an all-around rollercoaster, and it was no different in the world of cybersecurity. Some of the biggest cyber attacks in recent memory occurred this year, as threat actors got slicker and their methods more sophisticated. Today, we will take a look back at some of the biggest cybersecurity incidents that happened in 2022. […]. The post Top Cyber Attacks of 2022 – What Were the Biggest Events of the Year?
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
WIRED Threat Level
DECEMBER 30, 2022
Any multifactor authentication adds protection, but a physical token is the best bet when it really counts.
Dark Reading
DECEMBER 30, 2022
CISA’s Known Exploited Vulnerabilities Catalog has become a valuable repository of vulnerabilities to be patched. A pair of reports analyze the vulnerabilities under attack to understand the kind of threats organizations should be prioritizing.
Security Boulevard
DECEMBER 30, 2022
Yet another RCE with a CVSS score of 9.8 out of 10 was disclosed a few hours ago. This issue looks like the same Log4shell and it seems even more dangerous since Common Texts are used more broadly. The Apache Foundation published a vulnerability in the Apache Commons Text project code and published a message [.]. The post New text2shell RCE vulnerability in Apache Common Texts CVE-2022-42889 appeared first on Wallarm.
Heimadal Security
DECEMBER 30, 2022
Fast flux is a DNS-based evasion technique used by botnet operators to stay under the radar. With fast flux, threat actors can quickly switch between compromised hosts, rendering themselves invisible to detection tools. In this article, we will break down what fast flux is and explore how it works, what are its security implications and […]. The post Fast Flux: Definition, How it Works and How to Prevent It appeared first on Heimdal Security Blog.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Expert insights. Personalized for you.
341 
Let's personalize your content