Schneier on Security
DECEMBER 6, 2022
Kaspersky is reporting on a data wiper masquerading as ransomware that is targeting local Russian government networks. The Trojan corrupts any data that’s not vital for the functioning of the operating system. It doesn’t affect files with extensions.exe,dll,lnk,sys or.msi, and ignores several system folders in the C:Windows directory. The malware focuses on databases, archives, and user documents.
Joseph Steinberg
DECEMBER 6, 2022
The era of cyberwar has not only arrived, but is advancing rapidly – and the repercussions of the march forward are nothing short of terrifying. The following infographic, reproduced with permission from Nowsourcing, highlights how Ukraine has become the battleground between Russia and the United States, in a 21st Century epilogue to the Cold War: This infographic originally appeared here , and is reproduced with permission.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
The Last Watchdog
DECEMBER 6, 2022
Much more effective authentication is needed to help protect our digital environment – and make user sessions smoother and much more secure. Related: Why FIDO champions passwordless systems. Consider that some 80 percent of hacking-related breaches occur because of weak or reused passwords, and that over 90 percent of consumers continue to re-use their intrinsically weak passwords.
Tech Republic Security
DECEMBER 6, 2022
At 75% off, this affordable VPN service is more affordable than ever and capable of defending your business from cybercrime while browsing the internet. The post Protect yourself and your business on public Wi-Fi appeared first on TechRepublic.
Speaker: Erroll Amacker
Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.
Cisco Security
DECEMBER 6, 2022
Ampol has been Australia’s leading transport fuel company since 1900. What began over 125 years ago is now an organization that powers a country, operating 1,500 retail stores and stations across ANZ, plus 89 depots for refining and importing fuels and lubricants, and 8,200 employees throughout Australia, New Zealand, the United States, and Singapore.
Bleeping Computer
DECEMBER 6, 2022
Offensive Security has released Kali Linux 2022.4, the fourth and final version of 2022, with new Azure and QEMU images, six new tools, and improved desktop experiences. [.].
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
|
CyberSecurity Insiders
DECEMBER 6, 2022
By Mike Wilkinson. Mike Tyson famously said, “Everyone has a plan until they get punched in the mouth.” That applies to the world of boxing—and to the world of cyberattacks. Many companies have an Incident Response (IR) plan in place. But those plans don’t always hold up when an actual cyberattack occurs. At Avertium , we carry out hundreds of IR engagements a year, so I’m highly familiar with what makes IR plans useful—and what doesn’t.
Security Affairs
DECEMBER 6, 2022
Researchers spotted a version of the open-source ransomware toolkit Cryptonite that doesn’t support decryption capabilities. Fortinet researchers discovered a sample of malware generated with the publicly available open-source ransomware toolkit Cryptonite that never offers the decryption window, turning it as a wiper. The experts also reported an increase in ransomware intentionally turned into wiper malware, these malicious code are mainly employed in politically-motivated campaigns.
Bleeping Computer
DECEMBER 6, 2022
Contestants have hacked the Samsung Galaxy S22 smartphone twice during the first day of the Pwn2Own Toronto 2022 hacking competition, the 10th edition of the consumer-focused event. [.].
Heimadal Security
DECEMBER 6, 2022
The creators of the FreeBSD operating system have released updates meant to resolve a vulnerability within the ping module. The vulnerability, identified as CVE-2022-23093, could be exploited to crash the program or trigger remote code execution, and affects all supported versions of FreeBSD. Last week, an advisory was published, explaining the issue in further detail. ping […].
Advertisement
Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.
SecureList
DECEMBER 6, 2022
There are two main types of online fraud aimed at stealing user data and money: phishing and scams. Phishers primarily seek to extract confidential information from victims, such as credentials or bank card details, while scammers deploy social engineering to persuade targets to transfer money on their own accord. The history of scams and phishing. The term “phishing” was coined back in 1996, when cybercriminals attacked users of America Online (AOL), the largest internet provider at
Security Affairs
DECEMBER 6, 2022
Researchers discovered a security flaw in the connected vehicle service SiriusXM that exposes multiple car models to remote attacks. Cybersecurity researchers discovered a security vulnerability in the connected vehicle service provided by SiriusXM that can allow threat actors to remotely attack vehicles from multiple carmakers, including Honda, Nissan, Infiniti, and Acura.
CyberSecurity Insiders
DECEMBER 6, 2022
By Doriel Abrahams, Head of U.S. Analytics, Forter. ‘Tis the season for holiday shopping, and with it, a surge in e-commerce transactions. While this festive time of year presents a big opportunity for retailers, it is also rife with fraudsters hoping to catch them off guard. From new, sophisticated scams to variations on tried-and-true tactics, cybercriminals are hard at work devising ways to take advantage of eager shoppers and their spike in online activity.
Naked Security
DECEMBER 6, 2022
Guilty party got 18 months, also has to pay back $20m he probably hasn't got, which could land him in more hot water.
Advertisement
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
Heimadal Security
DECEMBER 6, 2022
Researchers warn that the Linux PRoot utility is now frequently used by threat actors in BYOF (Bring Your Own Filesystem) attacks. Unfortunately, the technique can be successfully used on various Linux distributions, like Ubuntu, Fedora, or Alpine. What`s a BYOF Attack? When threat actors create a malicious filesystem that holds a typical set of hijacking […].
Dark Reading
DECEMBER 6, 2022
Threat actors can weaponize code within AI technology to gain initial network access, move laterally, deploy malware, steal data, or even poison an organization's supply chain.
CyberSecurity Insiders
DECEMBER 6, 2022
By: Matt Lindley, COO and CISO of NINJIO. Companies have struggled to cope with surging costs, an extremely tight labor market, a looming recession, and many other issues that have made 2022 a uniquely turbulent and unpredictable year. Likewise, the cyberthreat landscape is undergoing several tectonic shifts, such as the increasing frequency of state-sponsored cyberattacks, the infiltration of supply chains, and the exploitation of a widening array of attack vectors.
Bleeping Computer
DECEMBER 6, 2022
Texas-based cloud computing provider Rackspace has confirmed today that a ransomware attack is behind an ongoing Hosted Exchange outage described as an "isolated disruption." [.].
Speaker: Sierre Lindgren
Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.
CyberSecurity Insiders
DECEMBER 6, 2022
Doug Dooley, COO, Data Theorem. Security automation will be a high priority in a down-economy with hiring freezes. Many IT security projects will be delayed or put on-hold because of staff shortages and budgets cuts. Compliance, regulatory, and critical services will triage to the top of the priority and budget list for most IT security teams. Automation of processes previously done by staffing and manual efforts will be one of the top projects in 2023 to remedy resource reduction and constraint
InfoWorld on Security
DECEMBER 6, 2022
It’s a fact that most enterprises put security teams and tools in a silo. It drives me nuts when I see these bad habits carried over to cloud computing security. I covered this topic three years ago , and for the most part, it’s unchanged. Many of today’s security breaches are due to human error. A study by Ponemon and IBM indicates that misconfigured cloud servers cause 19% of data breaches.
CSO Magazine
DECEMBER 6, 2022
Digital twins are a digital representation of objects, structures or systems that give organizations greater insight into the life cycle of these objects, but this same level of insight and control can also open doors for malicious attackers. Digital twins can be created for any physical infrastructure that includes individual components of an engine, turbine and other equipment, or entire factories, and data centers.
Heimadal Security
DECEMBER 6, 2022
A Saturday night ransomware attack forced the André-Mignot teaching hospital in the Paris outskirts to shut down its phone and computer systems. According to the co-chairman of the hospital’s supervisory board, Richard Delepierre, the threat actors have already demanded a ransom. Delepierre told RFI that he does not know the sum requested by the threat […].
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
CSO Magazine
DECEMBER 6, 2022
As the frequency and severity of ransomware, phishing, and denial of service attacks has increased, so has demand for cyber insurance. About $6.5 billion in direct written premiums were recorded in 2021, a 61% increase over the prior year, according to an October 2022 memorandum from the National Association of Insurance Commissioners. “Some companies see it as essential to their risk management strategy,” says Heather Engel, managing partner at advisory firm Strategic Cyber Partners.
Duo's Security Blog
DECEMBER 6, 2022
When someone is told that passwords are going away in favor of a new, “password-less” authentication method, a healthy dose of skepticism is not unwarranted. After all, years of memorizing increasingly complex combinations of lower- and upper-case letters, numbers, and special characters have conditioned users to believe the fancier their password, the less likely they are to get breached.
Cisco Security
DECEMBER 6, 2022
“There’s so much left to know, and I’m on the road to find out.” –Cat Stevens (Yusuf). Two years ago, we asked the question: What actually works in cybersecurity? Not what everyone’s doing—because there are plenty of cybersecurity reports out there that answer that question—but which data-backed practices lead to the outcomes we want to implement in cybersecurity strategies?
Heimadal Security
DECEMBER 6, 2022
The list of security flaws that can be exploited in attacks has been expanded by the Cybersecurity and Infrastructure Security Agency (CISA). On Friday, the Google Chrome web browser for Windows, Mac, and Linux users was patched to address the vulnerability (tracked as CVE-2022-4262). Since the beginning of the year, Google has patched nine Chrome […].
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Security Boulevard
DECEMBER 6, 2022
Key SaaS security trends for 2023. The post 2023 SaaS security predictions appeared first on Security Boulevard.
The Hacker News
DECEMBER 6, 2022
Cybersecurity researchers have shed light on a darknet marketplace called InTheBox that's designed to specifically cater to mobile malware operators. The actor behind the criminal storefront, believed to be available since at least January 2020, has been offering over 400 custom web injects grouped by geography that can be purchased by other adversaries looking to mount attacks of their own.
eSecurity Planet
DECEMBER 6, 2022
In a recent analysis of the public and Internet-facing assets of 471 of the Fortune 500 companies, Cyberpion uncovered more than 148,000 critical vulnerabilities (exploits that are publicly available and actively targeted), with an average of 476 per company. Fully 98 percent of Fortune 500 companies have critically vulnerable internal assets, 95 percent have expired certificates, and 85 percent have exposed login pages accessible over HTTP.
CyberSecurity Insiders
DECEMBER 6, 2022
Netwrix, a cybersecurity vendor that makes data security easy, today released key IT security trends that will affect organizations of all sizes in 2023. This analysis from Dirk Schrader, Vice President of Security Research, and Michael Paye, Vice President of Research and Development, is based on Netwrix’s global experience across a wide range of verticals, including technology, finance, manufacturing, government and healthcare.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Expert insights. Personalized for you.
286 
Let's personalize your content