Wed.Dec 07, 2022

article thumbnail

The Decoupling Principle

Schneier on Security

This is a really interesting paper that discusses what the authors call the Decoupling Principle: The idea is simple, yet previously not clearly articulated: to ensure privacy, information should be divided architecturally and institutionally such that each entity has only the information they need to perform their relevant function. Architectural decoupling entails splitting functionality for different fundamental actions in a system, such as decoupling authentication (proving who is allowed to

article thumbnail

Cybersecurity adoption hampered by shortage of skills and poor product integration

Tech Republic Security

A limited security budget was also a top obstacle for CISOs and IT decision makers, according to a recent survey from BlackFog. The post Cybersecurity adoption hampered by shortage of skills and poor product integration appeared first on TechRepublic.

CISO 141
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Fantasy – a new Agrius wiper deployed through a supply?chain attack

We Live Security

ESET researchers analyzed a supply-chain attack abusing an Israeli software developer to deploy Fantasy, Agrius’s new wiper, with victims including the diamond industry. The post Fantasy – a new Agrius wiper deployed through a supply‑chain attack appeared first on WeLiveSecurity.

Software 138
article thumbnail

Insider Risks Hamper the Digital Transformation Process

Security Boulevard

Digital transformation is the way forward for today’s work environment. “Digital transformation and pursuing a cloud-first strategy is what makes business become more agile, allowing you to deliver more value to customers and go to market faster,” said Adam Gavish, co-founder and CEO at DoControl, in an email interview. But for a digital transformation to.

article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

Apple and Android release slew of mobile security measures to patch vulnerabilities

CyberSecurity Insiders

Apple Inc has released a data protection measures to give all its users an assurance that their information remains protected from fraudulent access and data transfers. New rolled out features like Security Keys for Apple ID, Advanced Data Protection for iCloud, iMessage Contact Key Verification help users to protect sensitive data of users and their communication from prying eyes.

Mobile 124
article thumbnail

Antwerp Goes Offline Following Ransomware Attack

Heimadal Security

The city of Antwerp, Belgium, is working on restoring its digital services that were disrupted, earlier this week, by a cyberattack on its digital provider. The disruption in services has affected everything from schools, daycare centers, and the police. There is not much public information available at this time, but all signs point to a […].

More Trending

article thumbnail

New Web Software Module Introduced in PCI Secure Software Standard Version 1.2

PCI perspectives

Today, the PCI Security Standards Council (PCI SSC) published version 1.2 of the PCI Secure Software Standard and its supporting program documentation. The PCI Secure Software Standard is one of two standards that are part of the PCI Software Security Framework (SSF). The PCI Secure Software Standard and its security requirements help provide assurance that payment software is designed, developed, and maintained in a manner that protects payment transactions and data, minimizes vulnerabilities,

Software 113
article thumbnail

Smashing Security podcast #301: AI chatbot or the start of Skynet? Eufy privacy, and hot desks

Graham Cluley

An AI chatbot is causing a stir - both impressing and terrifying users in equal measure. A security researcher discovers that a "smart" cam that doesn't use the internet is err. using the internet. And university students revolt over under-the-belt surveillance. All this and much more is discussed in the latest edition of the award-winning "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Host Unknown's Thom Langford.

article thumbnail

Cyber Attack news headlines trending on Google

CyberSecurity Insiders

Foremost is the cyber attack that hit a third party IT service provider that operates most of the websites of government agencies related to New Zealand. And the most affected among them were the health services. Cybersecurity Insiders has learnt from its sources that Te Whatu Ora-health New Zealand was targeted by threat actors resulting in a breach.

article thumbnail

For Cyberattackers, Popular EDR Tools Can Turn into Destructive Data Wipers

Dark Reading

Microsoft, three others release patches to fix a vulnerability in their respective products that enables such manipulation. Potentially other EDR products affected as well.

108
108
article thumbnail

Beware of Pixels & Trackers on U.S. Healthcare Websites

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

article thumbnail

Cisco Survey Reveals Increased Focus on Cybersecurity Resilience

Security Boulevard

A global survey of 4,700 IT professionals published this week by Cisco found the leading types of incidents were network or data breaches (52%) followed closely by network or system outages (51%), ransomware events (47%) and distributed denial-of-service attacks (46%). Overall, the survey found 62% of organizations experienced a security event that impacted business in.

article thumbnail

Apple finally adds encryption to iCloud backups

CSO Magazine

Apple today introduced several new security features focused on fending off threats to user data in the cloud, including end-to-end encryption for backups for iCloud users. Along with end-to-end encryption for iCloud , Apple’s cloud storage and computing platform, the company announced iMessage Contact Key Verification, allowing users to verify they are communicating only with whom they intend.

Backups 103
article thumbnail

Thales CipherTrust Data Security Platform Validated For Microsoft Azure Stack Hub and HCI

Thales Cloud Protection & Licensing

Thales CipherTrust Data Security Platform Validated For Microsoft Azure Stack Hub and HCI. divya. Thu, 12/08/2022 - 07:05. As security breaches continue with alarming regularity and compliance mandates become more pervasive, companies must discover and protect sensitive data across on premises, hybrid, and multi-cloud environments. Thales continues to facilitate risk management options for customer deployment choices no matter where their data resides.

article thumbnail

New Go-based botnet Zerobot exploits dozens of flaws

Security Affairs

Researchers discovered a new Go-based botnet called Zerobot that exploits two dozen security vulnerabilities IoT devices. Fortinet FortiGuard Labs researchers have discovered a new Go-based botnet called Zerobot that spreads by exploiting two dozen security vulnerabilities in the internet of things (IoT) devices and other applications. “This botnet , known as Zerobot, contains several modules, including self-replication, attacks for different protocols, and self-propagation.” reads

IoT 98
article thumbnail

Software Composition Analysis: The New Armor for Your Cybersecurity

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

article thumbnail

Ho, ho, no! Scams to avoid this festive season

Malwarebytes

Whether you’ve been naughty or nice, someone will try and stuff a scam down your chimney either way. The FBI is warning of several likely ways to be parted from your funds or logins , and we’re going to give some additional context along with tips to avoid these digital lumps of coal. Social media shopping scams. The FBI says : Consumers should beware of posts on social media sites that appear to offer vouchers or gift cards.

Scams 98
article thumbnail

Demystifying Cyber Insurance: 7 Key Security Controls Every Organization Should Have

Security Boulevard

7 Key Security Controls Every Organization Should Have. . The post Demystifying Cyber Insurance: 7 Key Security Controls Every Organization Should Have appeared first on Security Boulevard.

article thumbnail

Update now! Google patches Android vulnerability that allows remote code execution over Bluetooth

Malwarebytes

In the Android security bulletin of December 5, 2022 you can find an overview of the security vulnerabilities affecting Android devices that are fixed in patch level 2022-12-05 or later. The most severe of these issues is a critical security vulnerability in the System component that could lead to remote code execution over Bluetooth with no additional execution privileges needed.

Mobile 98
article thumbnail

Spyware Vendor’s Heliconia Framework Exploits Browser Vulnerabilities

Security Boulevard

A company in Barcelona that purports to offer custom security solutions is tied to exploitation frameworks that can deploy spyware. Variston IT’s “Heliconia framework exploits n-day vulnerabilities in Chrome, Firefox and Microsoft Defender and provides all the tools necessary to deploy a payload to a target device. Google, Microsoft and Mozilla fixed the affected vulnerabilities in.

Spyware 98
article thumbnail

From Complexity to Clarity: Strategies for Effective Compliance and Security Measures

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

article thumbnail

New Zerobot malware has 21 exploits for BIG-IP, Zyxel, D-Link devices

Bleeping Computer

A new Go-based malware named 'Zerobot' has been spotted in mid-November using exploits for almost two dozen vulnerabilities in a variety of devices that include F5 BIG-IP, Zyxel firewalls, Totolink and D-Link routers, and Hikvision cameras. [.].

Malware 98
article thumbnail

Security Practitioners Lack Dark Web Threat Intelligence Training

Security Boulevard

Monitoring and assessing threats from the cybercriminal underground on the dark web requires the right tools, processes and expertise — many of which security teams don’t have, according to a recent report from Kela. Increasing threats emerging from the dark web can put organizations in danger if they don’t have ways to assess and mitigate.

article thumbnail

Microsoft: November updates break ODBC database connections

Bleeping Computer

Microsoft is working to address a new known issue affecting apps using ODBC database connections after installing the November 2022 Patch Tuesday Windows updates. [.].

98
article thumbnail

Financial Services IT Teams Relying on Legacy Cybersecurity Plagued By False Positives and Negatives

Security Boulevard

Cybersecurity teams working in financial and banking settings face a constant struggle — protecting industry regulated data with limited resources. The situation can reach a breaking point when these teams become overwhelmed managing false positive and negative flags triggered by legacy cybersecurity solutions. The post Financial Services IT Teams Relying on Legacy Cybersecurity Plagued By False Positives and Negatives appeared first on Security Boulevard.

article thumbnail

Successful Change Management with Enterprise Risk Management

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

article thumbnail

Iranian State-backed Hackers Attack Independent Groups in the Middle East

Heimadal Security

Human rights activists, reporters, researchers, professors, diplomats, and politicians working in the Middle East are being targeted in an ongoing social engineering and credential phishing effort. These attacks have been linked to Iranian state hackers, APT42, which has been shown to have similarities with Charming Kitten (also known as APT35 or Phosphorus).

article thumbnail

Facets of Effective CISO’s to Better Vulnerability Management

Security Boulevard

Chief information security officers (CISOs) must therefore order vulnerabilities according to priority. Up until now, it has been difficult to achieve that prioritization. The post Facets of Effective CISO’s to Better Vulnerability Management appeared first on Security Boulevard.

CISO 98
article thumbnail

Apple rolls out end-to-end encryption for iCloud backups

Bleeping Computer

Apple introduced today Advanced Data Protection for iCloud, a new feature that uses end-to-end encryption to protect sensitive iCloud data, including backups, photos, notes, and more. [.].

Backups 99
article thumbnail

5 Key Benefits of Industrial 5G

Security Boulevard

Unsurprisingly, updates regarding 5G and its capabilities have dominated the news within the connectivity sector. Any connectivity development drastically impacts various organizations across industries, and 5G. The post 5 Key Benefits of Industrial 5G appeared first on FirstPoint. The post 5 Key Benefits of Industrial 5G appeared first on Security Boulevard.

97
article thumbnail

ERM Program Fundamentals for Success in the Banking Industry

Speaker: William Hord, Senior VP of Risk & Professional Services

Enterprise Risk Management (ERM) is critical for industry growth in today’s fast-paced and ever-changing risk landscape. When building your ERM program foundation, you need to answer questions like: Do we have robust board and management support? Do we understand and articulate our bank’s risk appetite and how that impacts our business units? How are we measuring and rating our risk impact, likelihood, and controls to mitigate our risk?

article thumbnail

5 Trends to Watch for Cybersecurity in 2023

SecureWorld News

As the world becomes increasingly reliant on technology, cybersecurity remains a top priority for individuals, businesses, and governments alike. From advancements in artificial intelligence (AI) to the continued evolution of ransomware and cyberattacks, the coming year is sure to bring significant developments in the world of cybersecurity. I t will be crucial for everyone to stay informed and prepared.

article thumbnail

Security from simplicity: Why complexity is the enemy of security

Security Boulevard

IT security is complicated. It’s an arms race. Hackers and Chief Information Security Officers (CISOs) are stuck in a never-ending game of whack-a-mole, where vulnerabilities keep popping up that security teams try and fix before they can be exploited by…. The post Security from simplicity: Why complexity is the enemy of security appeared first on LogRhythm.

CISO 97
article thumbnail

Chinese Hackers Using Russo-Ukrainian War Decoys to Target APAC and European Entities

The Hacker News

The China-linked nation-state hacking group referred to as Mustang Panda is using lures related to the ongoing Russo-Ukrainian War to attack entities in Europe and the Asia Pacific. That's according to the BlackBerry Research and Intelligence Team, which analyzed a RAR archive file titled "Political Guidance for the new EU approach towards Russia.rar.

Hacking 97
article thumbnail

Zerobot Weaponizes Numerous Flaws in Slew of IoT Devices

Dark Reading

The botnet exploits flaws in various routers, firewalls, network-attached storage, webcams, and other products and allows attackers to take over affected systems.

IoT 96
article thumbnail

Cover Your SaaS: How to Overcome Security Challenges and Risks For Your Organization

Speaker: Ronald Eddings, Cybersecurity Expert and Podcaster

So, you’ve accomplished an organization-wide SaaS adoption. It started slow, and now just a few team members might be responsible for running Salesforce, Slack, and a few others applications that boost productivity, but it’s all finished. Or is it? Through all the benefits offered by SaaS applications, it’s still a necessity to onboard providers as quickly as possible.