Schneier on Security
OCTOBER 18, 2022
Everyone visiting Qatar for the World Cup needs to install spyware on their phone. Everyone travelling to Qatar during the football World Cup will be asked to download two apps called Ehteraz and Hayya. Briefly, Ehteraz is an covid-19 tracking app, while Hayya is an official World Cup app used to keep track of match tickets and to access the free Metro in Qatar.
Krebs on Security
OCTOBER 18, 2022
When people banking in the United States lose money because their payment card got skimmed at an ATM , gas pump or grocery store checkout terminal , they may face hassles or delays in recovering any lost funds, but they are almost always made whole by their financial institution. Yet, one class of Americans — those receiving food assistance benefits via state-issued prepaid debit cards — are particularly exposed to losses from skimming scams, and usually have little recourse to do an
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Tech Republic Security
OCTOBER 18, 2022
Mike Arrowsmith, chief trust officer at NinjaOne, makes the case for a permanent shift in the way businesses conduct remote security. The post Plugging holes remote work punched through security appeared first on TechRepublic.
eSecurity Planet
OCTOBER 18, 2022
For any organization struck by ransomware , business leaders always ask “how do we decrypt the data ASAP, so we can get back in business?”. The good news is that ransomware files can be decrypted. The bad news is it doesn’t work most of the time: Paid ransom decryption tools and keys don’t always work. Free decryption tools don’t always work. Paid decryption tools don’t always work.
Speaker: Erroll Amacker
Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.
Security Affairs
OCTOBER 18, 2022
Fortinet confirmed that many systems are still vulnerable to attacks exploiting the CVE-2022-40684 zero-day vulnerability. Fortinet is urging customers to address the recently discovered CVE-2022-40684 zero-day vulnerability. Unfortunately, the number of devices that have yet to be patched is still high. “After multiple notifications from Fortinet over the past week, there are still a significant number of devices that require mitigation, and following the publication by an outside party o
CSO Magazine
OCTOBER 18, 2022
Humanitarian initiatives have always been of huge global importance, but perhaps never more so than over the past few years. The impacts of the COVID-19 pandemic, unprecedented shifts in weather patterns limiting resource availability and triggering mass migration, Russia’s invasion of Ukraine, and some of the largest rises in living costs for decades have all brought new urgency to the vital support humanitarian work (often led by nonprofits) provides those in need.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
|
Security Boulevard
OCTOBER 18, 2022
Cryptocurrency is becoming mainstream—both as a digital currency and as a fraud target. More than 300 million people use crypto worldwide and 16% of Americans say they have invested in, traded or used cryptocurrency. Meanwhile, cryptocurrency hacks are on the rise, with more than $1 billion stolen so far this year. The cryptocurrency industry has. The post The Five Ws of Cryptocurrency Fraud — and How We Can Stop It appeared first on Security Boulevard.
Security Affairs
OCTOBER 18, 2022
HelpSystems, the company that developed the Cobalt Strike platform, addressed a critical remote code execution vulnerability in its software. HelpSystems, the company that developed the commercial post-exploitation toolkit Cobalt Strike, addressed a critical remote code execution vulnerability, tracked as CVE-2022-42948, in its platform. The company released an out-of-band security update to address the remote code execution issue that can be exploited by an attacker to take control of targeted
CSO Magazine
OCTOBER 18, 2022
As the United States nears the 2022 mid-term elections, the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) issued two back-to-back public service announcements (PSAs) that address the state of play when it comes to election integrity. The first announcement , seemingly designed to enhance voters’ faith in the election process, said the two agencies “assess that any attempts by cyber actors to compromise election infrastructure are unlikely t
Security Affairs
OCTOBER 18, 2022
China-linked threat actors APT41 (a.k.a. Winnti ) targeted organizations in Hong Kong, in some cases remaining undetected for a year. Symantec researchers reported that cyberespionage group APT41 targeted organizations in Hong Kong in a campaign that is a likely continuation of the Operation CuckooBees activity detailed by Cybereason in May. Winnti (aka APT41 , Axiom, Barium , Blackfly) is a cyberespionage group that has been active since at least 2007.
Advertisement
Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.
CSO Magazine
OCTOBER 18, 2022
Millennials and Gen Z employees in the US are much less likely to prioritize or adhere to cybersecurity protocols than their older Gen X and Baby Boomer counterparts, according to a recent survey by EY Consulting. The survey suggests that despite understanding the need for security measures, younger, digitally native workers were significantly more likely to disregard mandatory IT updates for as long as possible (58% for Gen Z and 42% for millennials vs. 31% for Gen X and 15% for baby boomers).
The Hacker News
OCTOBER 18, 2022
Both cryptocurrency and ransomware are nothing new in the digital world; both have been there for a very long time, which was enough for them to find common pieces for starting their relationship. Ransomware can be like a virtual car that works on all types of fuels, and crypto is the one that is currently most recommended.
eSecurity Planet
OCTOBER 18, 2022
SafeBreach Labs researchers recently uncovered a new fully undetectable (FUD) PowerShell backdoor that uses a novel approach to disguise itself as part of the Windows update process. “The covert self-developed tool and the associated C2 commands seem to be the work of a sophisticated, unknown threat actor who has targeted approximately 100 victims,” SafeBreach director of security research Tomer Bar wrote in a blog post today detailing the findings.
Security Affairs
OCTOBER 18, 2022
An international law enforcement operation led by Europol disrupted a cybercrime ring focused on hacking wireless key fobs to steal cars. The French authorities in cooperation with their Spanish and Latvian peers, and with the support of Europol and Eurojust, have dismantled a cybercrime organization specializing in the theft of cars by hacking key fobs. .
Advertisement
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
Security Boulevard
OCTOBER 18, 2022
The pandemic sped up digitalization, increasing opportunities and risks. With more devices entering the digital space, interacting with one another or creating dependencies, IoT device connections became more complex and vulnerable. Predictions show that by 2025, over 85% of enterprises will have more smart edge devices on their network than laptops, tablets, desktops or smartphones.
Trend Micro
OCTOBER 18, 2022
Our honeypots caught malicious cryptocurrency miner samples targeting the cloud and containers, and its routines are reminiscent of the routines employed by cybercriminal group TeamTNT, which was said to have quit in November 2021. Our investigation shows that another threat actor group, WatchDog, might be mimicking TeamTNT’s arsenal.
eSecurity Planet
OCTOBER 18, 2022
The vast majority of cybersecurity decision makers – 91 percent, in fact – find it difficult to select security products due to unclear marketing, according to the results of a survey of 800 cybersecurity and IT decision makers released today by email security company Egress. “IT Security buyers don’t have as much time as they’d like to research and choose security solutions – a situation exacerbated by vendors that exaggerate their capabilities and sell products that don’
Heimadal Security
OCTOBER 18, 2022
Medibank, a health insurance company providing services for more than 3.9 million people in Australia, recently confirmed that a ransomware attack was the cause of last week’s cyberattack and interruption of online services. The company issued an official statement apologizing for the temporary outage and confirming that a ransomware attack had occurred, and informed customers […].
Speaker: Sierre Lindgren
Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.
Appknox
OCTOBER 18, 2022
As we are in the midst of the October Cybersecurity Awareness Month of 2022, all of us need to be more cautious than ever regarding the risks surrounding an increasingly complex and lethal cyber threat landscape.
Security Affairs
OCTOBER 18, 2022
Video messaging company Zoom fixed a high-severity vulnerability, tracked as CVE-2022-28762, in Zoom Client for Meetings for macOS. Zoom Client for Meetings for macOS (Standard and for IT Admin) is affected by a debugging port misconfiguration. The issue, tracked as CVE-2022-28762, received a CVSS severity score of 7.3. When the camera mode rendering context is enabled as part of the Zoom App Layers API by running specific Zoom Apps, a local debugging port is opened by the client.
CyberSecurity Insiders
OCTOBER 18, 2022
An email leak from an employee working in Google has confirmed that the so called ‘Incognito Mode’ offered by the web search giant on its Chrome browser is useless as it doesn’t serve the intended purpose. A consumer lawsuit has been filed on this note in Oakland, California and the judge will review it and might impose a hefty penalty accounting to billions on the internet juggernaut if/when found guilty.
CSO Magazine
OCTOBER 18, 2022
Today’s complex cybersecurity landscape regularly exposes the weaknesses of disconnected security solutions. In breach after breach, we see attackers taking advantage of gaps and vulnerabilities in legacy systems and devices, underscoring the reality that a pieced-together security infrastructure is woefully inadequate for stopping modern, sophisticated threats.
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
Bleeping Computer
OCTOBER 18, 2022
Microsoft has released the long-awaited Windows 11 tabbed File Explorer, Suggested Actions, Taskbar Overflow features, and Task Manager quick-access features in a new preview cumulative update. [.].
CSO Magazine
OCTOBER 18, 2022
GitGuardian has added infrastructure-as-code (IaC) scanning to its code security platform to enhance the security of software development. The firm said the new feature will help security and development teams write, maintain, and run secure code, protecting the software development lifecycle (SDLC) against risks like tampering, code leakage and hardcoded credentials.
Heimadal Security
OCTOBER 18, 2022
A new ransomware called “Prestige”, is targeting Ukrainian and Polish transportation and logistics organizations. The first cyber incident involving Prestige Ransomware was on October 11th, in attacks detected within an hour of each other. Attackers were observed distributing the ransomware payloads across the corporate networks of their targets, a strategy that was incredibly uncommon in […].
The Hacker News
OCTOBER 18, 2022
The China-aligned espionage-focused actor dubbed Winnti has set its sights on government organizations in Hong Kong as part of an ongoing campaign dubbed Operation CuckooBees.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Heimadal Security
OCTOBER 18, 2022
German newspaper Heilbronner Stimme is part of an ongoing cyberattack, after having all its systems encrypted by unknown threat actors, on October 14th. The publication`s printing systems are still compromised, while phone and email communication only remained offline during the weekend. Source Editor-in-chief Uwe Ralf Heer claims the attack impacted the entire Stimme Mediengruppe, which includes […].
Naked Security
OCTOBER 18, 2022
Hey! That back door isn't supposed to be there at all, let alone propped open.
Heimadal Security
OCTOBER 18, 2022
Australian retail marketplace, MyDeal, announced a data breach on Friday, 14 October 2022. The threat actor managed to exfiltrate data connected to 2.2M customers and later tried to sell the data online. MyDeal is a Woolworths subsidiary, the retail giant purchasing 80% of the company this September, but the incident did not affect Woolworths as […].
Security Boulevard
OCTOBER 18, 2022
One of the most common tasks IT service and help desks carry out are resetting user passwords. Unfortunately, despite it being an easy task, it’s both tedious for IT staff and incredibly costly to a company. Passwords remain the core authentication method for many businesses, so this issue is a top priority. Why are account lockouts and password resets so.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Expert insights. Personalized for you.
358 
Let's personalize your content