Mon.Oct 24, 2022

article thumbnail

Cybersecurity Event Cancelled After Being Hit By Cybercriminals

Joseph Steinberg

An online cybersecurity event with 2,500 people already logged in had to be cancelled after suspected cybercriminals launched a social engineering attack in the event’s chat window. According to multiple media reports, the Australian Institute of Company Directors had been scheduled to run an an online event today for nearly 5,000 registrants at which the organization planned to discuss its new “cybersecurity governance principles.

article thumbnail

On the Randomness of Automatic Card Shufflers

Schneier on Security

Many years ago, Matt Blaze and I talked about getting our hands on a casino-grade automatic shuffler and looking for vulnerabilities. We never did it—I remember that we didn’t even try very hard—but this article shows that we probably would have found non-random properties: …the executives had recently discovered that one of their machines had been hacked by a gang of hustlers.

Hacking 52
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

GUEST ESSAY: Sure steps to achieve a robust employee cybersecurity awareness training regimen

The Last Watchdog

Employee security awareness is the most important defense against data breaches. Related: Leveraging security standards to protect your company. It involves regularly changing passwords and inventorying sensitive data. Cybercriminals view employees as a path of least resistance. As such, you should limit the amount of information that employees have access to.

Passwords 214
article thumbnail

Optimize and secure your team’s Apple devices with Jamf Now

Tech Republic Security

Learn how Jamf Now’s features can streamline your company’s Apple mobile device management. The post Optimize and secure your team’s Apple devices with Jamf Now appeared first on TechRepublic.

Mobile 184
article thumbnail

How to Avoid Pitfalls In Automation: Keep Humans In the Loop

Speaker: Erroll Amacker

Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.

article thumbnail

CISA says hospitals should be wary of new Daixin Team Ransomware

CyberSecurity Insiders

United States Cybersecurity and Infrastructure Security Agency(CISA) has issued an advisory to all hospitals and healthcare providers about a new ransomware dubbed ‘Daixin Team’ doing rounds on the internet. Information is out that the said hackers group is spreading malware to healthcare and the public sector and is demanding cryptocurrency in Bitcoins for an exchange of decryption key.

article thumbnail

Chrome extensions with 1 million installs hijack targets’ browsers

Bleeping Computer

Researchers at Guardio Labs have discovered a new malvertizing campaign pushing Google Chrome and Microsoft Edge extensions that hijack searches and insert affiliate links into webpages. [.].

140
140

LifeWorks

More Trending

article thumbnail

Apple fixes new zero-day used in attacks against iPhones, iPads

Bleeping Computer

In security updates released on Monday, Apple has fixed the ninth zero-day vulnerability used in attacks against iPhones since the start of the year. [.].

136
136
article thumbnail

BrandPost: Cybersecurity Executives Say These are the Most Pressing Challenges They Face

CSO Magazine

Most cybersecurity teams grapple with similar issues, from defending against the ever-changing threat landscape to finding time for training and upskilling opportunities. I recently had the chance to speak with numerous security executives and industry experts at the Fortinet Security Summit, held in conjunction with the second annual PGA Fortinet Championship in Napa Valley, to discuss some of these challenges, insights, and potential solutions for addressing them.

article thumbnail

Google Chrome to drop support for Windows 7 / 8.1 in Feb 2023

Bleeping Computer

Google announced today that the Google Chrome web browser will likely drop support for Windows 7 and Windows 8.1 starting February 2023. [.].

133
133
article thumbnail

GUEST ESSAY: Sure steps to achieve a robust employee cybersecurity awareness training regimen

Security Boulevard

Employee security awareness is the most important defense against data breaches. Related: Leveraging security standards to protect your company. It involves regularly changing passwords and inventorying sensitive data. Cybercriminals view employees as a path of least resistance. As such, you … (more…). The post GUEST ESSAY: Sure steps to achieve a robust employee cybersecurity awareness training regimen appeared first on Security Boulevard.

article thumbnail

Why Giant Content Libraries Do Nothing for Your Employees’ Cyber Resilience

Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.

article thumbnail

How to navigate the current 5G and IoT threat landscape

Tech Republic Security

5G and IoT have made promising strides in the business and consumer technology spaces, but with new developments come new vulnerabilities. Learn what’s afoot and what you can do to secure against these risks. The post How to navigate the current 5G and IoT threat landscape appeared first on TechRepublic.

IoT 129
article thumbnail

Car dealer group Pendragon refuses to pay $60 million to ransomware extortionists

Graham Cluley

Pendragon - the car dealership group which owns Evans Halshaw, CarStore, and Stratstone, and operates around 160 showrooms across the UK - has confirmed that its IT servers have been hacked by cybercriminals who claim to have stolen five per cent of its data.

article thumbnail

Vulnerability Management as a Service: Top VMaaS Providers

eSecurity Planet

There are 20,000 or more new software and hardware vulnerabilities every year, yet only a few hundred might be actively exploited. It falls to IT security teams to determine where those vulnerabilities lie in their organization and which ones they need to prioritize. That process can be overwhelming. Vulnerability management tools can help, but even then finding, patching and testing vulnerabilities can still take an extraordinary amount of time.

Software 127
article thumbnail

Seven months after it found out, FamilySearch tells users their personal data has been breached

Graham Cluley

Shouldn't affected users have been told sooner?

article thumbnail

Zero Trust Mandate: The Realities, Requirements and Roadmap

The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.

article thumbnail

SBOMs are critical to software supply chain security — but only the first step in your journey

Security Boulevard

The post SBOMs are critical to software supply chain security — but only the first step in your journey appeared first on Security Boulevard.

Software 122
article thumbnail

Cuba ransomware affiliate targets Ukraine, CERT-UA warns

Security Affairs

The Ukraine Computer Emergency Response Team (CERT-UA) warns of Cuba Ransomware attacks against critical networks in the country. The Ukraine Computer Emergency Response Team (CERT-UA) warns of potential Cuba Ransomware attacks against local critical infrastructure. On October 21, 2022, the Ukraine CERT-UA uncovered a phishing campaign impersonating the Press Service of the General Staff of the Armed Forces of Ukraine.

article thumbnail

Ransomware Barrage Aimed at US Healthcare Sector, Feds Warn

Dark Reading

A CISA advisory warns that the Daixin Team ransomware group has put the US healthcare system in its crosshairs for data extortion, and provides tools to fight back.

article thumbnail

5 reasons to keep your software and devices up to date

We Live Security

Next time you're tempted to hold off on installing software updates, remember why these updates are necessary in the first place. The post 5 reasons to keep your software and devices up to date appeared first on WeLiveSecurity.

Software 116
article thumbnail

Next-Level Fraud Prevention: Strategies for Today’s Threat Landscape

Speaker: Sierre Lindgren

Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.

article thumbnail

Fighting cybersecurity risks for law enforcement: On-premises vs. cloud native systems

Tech Republic Security

Larry Zorio, chief information security officer at Mark43, offers helpful insight from the battlefront. The post Fighting cybersecurity risks for law enforcement: On-premises vs. cloud native systems appeared first on TechRepublic.

Risk 113
article thumbnail

BrandPost: How a Zero Trust Platform Approach Takes Security to the Next Level

CSO Magazine

Even though many organizations have a goal of achieving zero trust, this goal may not always be realizable in the solutions they are implementing. In fact, a recent survey found that while most responding organizations said they had implemented or were implementing a zero trust strategy , more than half of them didn’t have the ability to authenticate users and devices on an ongoing basis.

article thumbnail

Malicious Clicker apps in Google Play have 20M+ installs

Security Affairs

Researchers discovered 16 malicious clicker apps in the official Google Play store that were downloaded by 20M+ users. Security researchers at McAfee have discovered 16 malicious clicker apps available in the official Google Play store that were installed more than 20 million times. One of these apps, called DxClean, has more than five million times and its user rating was of 4.1 out of 5 stars.

Adware 108
article thumbnail

When CISOs are doomed to fail, and how to improve your chances of success

CSO Magazine

There's a joke cryptographer Jon Callas likes to tell: CISO stands for Chief Intrusion Scapegoat Officer, "because CISOs are often thrown into a position where they can't succeed." Callas, who is the director of public interest tech at the Electronic Frontier Foundation, says that security officers are often "simultaneously in charge and powerless." They know what they should do to mitigate risks, but they can't get enough support.

CISO 107
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Norway PM warns of Russia cyber threat to oil and gas industry

Security Affairs

Norway ’s prime minister warned last week that Russia poses “a real and serious threat” to the country’s oil and gas industry. Norway ’s prime minister Jonas Gahr Støre warned that Russia poses “a real and serious threat” to the country’s oil and gas industry. The minister claims its country is going slow in adopting necessary measures to protect organizations and critical infrastructure operators in the energy sector from cyberattacks.

article thumbnail

Apple megaupdate: Ventura out, iOS and iPad kernel zero-day – act now!

Naked Security

Ventura hits the market with 112 patches, Catalina's gone missing, and iPhones and iPads get a critical kernel-level zero-day patch.

Marketing 106
article thumbnail

Why Cybersecurity Awareness Month is Every Month

Security Boulevard

Cybersecurity is a year-round issue Cybersecurity awareness is important year-round for the security of our businesses and customers. We’re proud to be a supporter of Cybersecurity Awareness Month. It has been invaluable in raising awareness of digital safety issues for a broad cross-section of people, but the issues highlighted have to go beyond October and […].

article thumbnail

Most Dangerous Ransomware Groups in 2022 You Should Know About

Heimadal Security

Ransomware is a major threat that costs businesses, corporations, and infrastructure operators billions of dollars every year. Behind this type of threat are experienced ransomware gangs developing and distributing malware that make the attacks possible. By now you know that there are plenty of ransomware versions out there. With names such as Vice Society, Agenda, […].

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

A New-ish Mobile Attack: Zero-Click Spyware

SecureWorld News

Bloomberg is reporting that in July 2020, an Azerbaijani journalist was the victim of a zero-click attack, commonly used by governments to target political opponents. The journalist's iPhone received a command to open the Apple Music app without the victim's knowledge or even touching the phone. The app then connected to a malicious server and downloaded spyware to the phone, listening in on calls and viewing text messages for nearly a year and a half.

Spyware 104
article thumbnail

Stress Is Driving Cybersecurity Professionals to Rethink Roles

Dark Reading

Burnout has led one-third of cybersecurity staffers to consider changing jobs over the next two years, potentially further deepening the talent shortage, research shows.

article thumbnail

LV Ransomware Exploits ProxyShell in Attack on a Jordan-based Company

Trend Micro

Our blog entry provides a look at an attack involving the LV ransomware on a Jordan-based company from an intrusion analysis standpoint.

article thumbnail

Security experts targeted with malicious CVE PoC exploits on GitHub

Security Affairs

Researchers discovered thousands of GitHub repositories that offer fake proof-of-concept (PoC) exploits for various flaws used to distribute malware. A team of researchers at the Leiden Institute of Advanced Computer Science ( Soufian El Yadmani , Robin The , Olga Gadyatskaya ) discovered thousands of repositories on GitHub that offer fake proof-of-concept (PoC) exploits for multiple vulnerabilities.

Malware 101
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!