Thu.Apr 28, 2022

article thumbnail

Microsoft Issues Report of Russian Cyberattacks against Ukraine

Schneier on Security

Microsoft has a comprehensive report on the dozens of cyberattacks — and even more espionage operations — Russia has conducted against Ukraine as part of this war: At least six Russian Advanced Persistent Threat (APT) actors and other unattributed threats, have conducted destructive attacks, espionage operations, or both, while Russian military forces attack the country by land, air, and sea.

article thumbnail

GUEST ESSAY: Why automating distribution of strong passwords to employees is wise to do

The Last Watchdog

Passwords have become ubiquitous with digital. Yet most people don’t know how to use them properly. The humble password is nothing more than a digital key that opens a door. Related: The coming of passwordless access. People use keys to open their house, office, garage or car. And they use passwords to open a device, a system, an account, a file and so on.

Passwords 237
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Okta vs Ping: IAM software comparison

Tech Republic Security

This review compares the features of IAM software Okta and Ping. Features include multifactor authentication, threat detection and dashboards. The post Okta vs Ping: IAM software comparison appeared first on TechRepublic.

Software 148
article thumbnail

CISA published 2021 Top 15 most exploited software vulnerabilities

Security Affairs

Cybersecurity and Infrastructure Security Agency (CISA) published a list of 2021’s top 15 most exploited software vulnerabilities. Cybersecurity and Infrastructure Security Agency (CISA) published the list of 2021’s top 15 most exploited software vulnerabilities. This joint Cybersecurity Advisory (CSA) was coauthored by cybersecurity agencies of the United States, Australia, Canada, New Zealand, and the United Kingdom: the Cybersecurity and Infrastructure Security Agency ( CISA ), Na

Software 145
article thumbnail

How to Avoid Pitfalls In Automation: Keep Humans In the Loop

Speaker: Erroll Amacker

Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.

article thumbnail

Study: 90% of organizations say ransomware impacted their ability to operate

Tech Republic Security

Among private sector companies, 86% of those surveyed by Sophos said that a ransomware attack caused them to lose business or revenue. The post Study: 90% of organizations say ransomware impacted their ability to operate appeared first on TechRepublic.

article thumbnail

The More You Know: Job Searching & Interviewing

Cisco Security

In the midst of global change and virtual hiring, the landscape of job searching has changed. We sat down (via WebEx) with recruiting leaders, accessibility experts and career changers at Cisco Secure and Duo Security to find out the top 10 ways to make the virtual job search, application and interview process as easeful as possible. Stay tuned for future topics in this series including advice for career changers and environmental aspects to consider for long-term fulfillment at work. 1.

LifeWorks

More Trending

article thumbnail

Protecting your Customers and Brand in 2022: Are you doing enough?

Jane Frankland

No matter who you are, what you do, or where you reside, one thing is certain. In today’s digital economy, everyone is experiencing record evolution. Customers want more, and so do their stakeholders. Today, in business, it’s all about working with digital natives – customers, partner companies, and employees – building trust and implementing advanced solutions to enhance their experience.

CISO 130
article thumbnail

Top Exploited Vulnerabilities in 2021 Revealed by Cybersecurity Firms

Heimadal Security

Cybersecurity authorities around the world have published a list of the top 15 vulnerabilities regularly exploited by malicious actors in 2021, in collaboration with the NSA and the FBI. In a joint alert, the cybersecurity authorities recommended enterprises patch these security holes as soon as possible and adopt patch management systems to decrease their attack […].

article thumbnail

The Russia – Ukraine war: Two months in

Digital Shadows

The two-month mark of the Russia and Ukraine war has passed, with Russia almost certainly having failed to meet its. The post The Russia – Ukraine war: Two months in first appeared on Digital Shadows.

122
122
article thumbnail

Duo’s Recipe for Great Culture

Duo's Security Blog

After years of immersion, here’s what I believe is Duo’s recipe for great culture. It’s based on my interviews and observations of about 200 people in Duo’s R&D team of designers, engineers, and product managers—all of whom were 100% remote during the height of COVID-19. My hope is that if I put these ingredients under a magnifying glass, then you’ll be able to more easily recognize the signs of a good workplace and, by joining one, discover more fulfillment in work and life.

article thumbnail

Why Giant Content Libraries Do Nothing for Your Employees’ Cyber Resilience

Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.

article thumbnail

Nimbuspwn: New Root Privilege Escalation Found in Linux

eSecurity Planet

The Microsoft 365 Defender Research Team has revealed several new Linux vulnerabilities collectively dubbed “Nimbuspwn.” Like the Dirty Pipe vulnerability , they only need a local user with low capabilities to elevate privileges, but this time the exploit seems much more specific and focuses on “networkd-dispatcher,” a systemd component that handles connection status changes.

article thumbnail

Synology warns of critical Netatalk bugs in multiple products

Bleeping Computer

Synology has warned customers that some of its network-attached storage (NAS) appliances are exposed to attacks exploiting multiple critical Netatalk vulnerabilities. [.].

113
113
article thumbnail

Cybersecurity Agencies Reveal the Top Exploited Vulnerabilities of 2021

eSecurity Planet

U.S. cybersecurity agencies joined their counterparts around the globe to urge organizations to address the top 15 vulnerabilities exploited in 2021. Topping the list were the Log4Shell vulnerability and Microsoft bugs ProxyShell and ProxyLogon. Microsoft occupied more than half the list, with Exchange Server accounting for eight of the vulnerabilities.

article thumbnail

Artificial Intelligence induced microwave oven tries to kill its owner

CyberSecurity Insiders

Lucas Rizzotto had a vision from his childhood about a talking microwave oven that could communicate with him like a friend and act as per his commands. So, he collected a microwave from Amazon and induced it with artificial intelligence. Then, sensing it had thinking skills, he named it as Magnetron. Magnetron was fed with the childhood history of about 100 pages of data belonging to Lucas and the kitchen appliance started to soon interact with its owner through the externally fitted speaker an

article thumbnail

Zero Trust Mandate: The Realities, Requirements and Roadmap

The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.

article thumbnail

The Package Analysis Project: Scalable detection of malicious open source packages

Google Security

Posted by Caleb Brown, Open Source Security Team Despite open source software’s essential role in all software built today, it’s far too easy for bad actors to circulate malicious packages that attack the systems and users running that software. Unlike mobile app stores that can scan for and reject malicious contributions, package repositories have limited resources to review the thousands of daily updates and must maintain an open model where anyone can freely contribute.

Software 106
article thumbnail

Threat-Hunting Journal April 2022 – Easter Edition

Heimadal Security

What better way to remember Easter than drawing up a list of the malware Bunny’s most ‘interesting’ offerings? Can you guess who’s the winner of this year’s (malware) egg hunt? If your answer was “trojan” then you’re right – 20 trojan strains for the April 1st – 28th interval, totaling over 25,000 positive detections – […]. The post Threat-Hunting Journal April 2022 – Easter Edition appeared first on Heimdal Security Blog.

Malware 105
article thumbnail

How To Prevent A Data Breach – And What To Do If You’re Hit

SecureBlitz

In this blog post, we’ll explain how you can prevent a data breach, and what you should do if you’re hit by one. Keep reading to find out. According to the government’s Cyber Security Breaches Survey 2021, a huge 39% of businesses and 26% of charities experienced a cyber security breach in the previous year. The post How To Prevent A Data Breach – And What To Do If You’re Hit appeared first on SecureBlitz Cybersecurity.

article thumbnail

Russian cyberattacks against Ukraine, other targets expected to rise

CSO Magazine

Hacking groups closely linked to the Russian government have made nearly 40 destructive attacks against hundreds of Ukrainian targets since the start of the invasion, according to a report issued by Microsoft. The attacks have been largely, but not exclusively, targeted at Ukrainian government institutions, and Microsoft's report noted that these attacks have had damaging effects on the country's economy and civilian population, in addition to Ukraine's government and military.

article thumbnail

Next-Level Fraud Prevention: Strategies for Today’s Threat Landscape

Speaker: Sierre Lindgren

Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.

article thumbnail

Onyx ransomware destroys files, and also the criminal circle of trust

Malwarebytes

Some ransomware authors seem to be further whittling down their tenuous “circle of trust” style agreement with victims even further. Word has spread of a new Onyx ransomware operation which is quite a bit more destructive than those impacted would be hoping for. The ransomware in question overwrites files larger than just 2MB. Anything important is lost to the void forever, and only files smaller than this will be recovered should the victims pay up.

article thumbnail

S3 Ep80: Ransomware news, phishing woes, NAS bugs, and a giant hole in Java [Podcast]

Naked Security

Latest episode - listen now!

Phishing 101
article thumbnail

Why you should be taking security advice from your grandmother

Malwarebytes

We tend to accept that younger folks are supposed to be more tech savvy, given they’ve grown up with computers and the Internet pretty much their whole lives. If you go back about 15 or so years, a lot of security advice focused on the “warning your grandmother away from scams” routine. The default assumption was that people over a certain age simply did not know about computers and the threats that come with them.

Scams 100
article thumbnail

Ambient.ai Expands Computer Vision Capabilities for Better Building Security

Dark Reading

The AI startup releases new threat signatures to expand the computer vision platform’s ability to identify potential physical security incidents from camera feeds.

99
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Facebook phishers threaten users with Page Recovery Help Support

Malwarebytes

We’ve seen multiple hijacked profiles on Facebook recently claiming to be account recovery services. These bogus account recovery services aren’t here to help. They’re actually just trying to scare users into falling for phishing attempts. The people behind these scams target Facebook pages belonging to musicians, products, and businesses of all kinds.

article thumbnail

It’s Called BadUSB for a Reason

Security Affairs

Cybercrime gang FIN7’s badUSB attacks serve as a reminder of two key vulnerabilities present among all organizations. The criminal group had been mailing malware-ridden USBs to various entities in the transport, insurance, and defense industries under the guise that they originated from a trusted source, such as Amazon and the US Department of Health and Human Services.

article thumbnail

Hackers fool major tech companies into handing over data of women and minors to abuse

Malwarebytes

Some major tech companies have unwittingly opened harassment and exploitation opportunities to the women and children who they have pledged to protect. This happened because they provided information in response to emergency data requests from legitimate law enforcement accounts that hackers had compromised. This finding came from four federal law enforcement agencies and a couple of industry investigators.

CSO 100
article thumbnail

Hollywood’s Fight Against VPNs Turns Ugly

WIRED Threat Level

Beyond accusations of rampant user copyright infringement, film companies have begun accusing VPNs of enabling a slew of more serious illegal activity.

98
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Twitter's New Owner Elon Musk Wants DMs to be End-to-End Encrypted like Signal

The Hacker News

Elon Musk, CEO of SpaceX and Tesla and Twitter's new owner, on Thursday called on adding support for end-to-end encryption (E2EE) to the platform's direct messages (DM) feature. "Twitter DMs should have end to end encryption like Signal, so no one can spy on or hack your messages," Musk said in a tweet.

article thumbnail

Ukraine Beats Russia in Cyberwarfare — at ‘Unprecedented Scale’

Security Boulevard

Russia is attacking Ukraine with cyberattacks and psyops. But the scale is pathetic and Ukraine is fighting back—hard. The post Ukraine Beats Russia in Cyberwarfare — at ‘Unprecedented Scale’ appeared first on Security Boulevard.

article thumbnail

Cloudflare Thwarts Record DDoS Attack Peaking at 15 Million Requests Per Second

The Hacker News

Cloudflare on Wednesday disclosed that it acted to mitigate a 15.3 million request-per-second (RPS) distributed denial-of-service (DDoS) attack. The web infrastructure and website security company called it one of the "largest HTTPS DDoS attacks on record.

DDOS 98
article thumbnail

CloudFlare blocked a record HTTPs DDoS attack peaking at 15 rps

Security Affairs

Cloudflare has mitigated a distributed denial-of-service (DDoS) attack that peaked at 15.3 million request-per-second (RPS). Cloudflare announced to have mitigated a distributed denial-of-service (DDoS) attack that peaked at 15.3 million request-per-second (RPS), which is one of the largest HTTPS DDoS attacks blocked by the company. The company blocked the attack earlier this month, the experts pointed out that HTTPS DDoS attacks are more expensive because require higher computational resources

DDOS 98
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!