Schneier on Security
APRIL 28, 2022
Microsoft has a comprehensive report on the dozens of cyberattacks — and even more espionage operations — Russia has conducted against Ukraine as part of this war: At least six Russian Advanced Persistent Threat (APT) actors and other unattributed threats, have conducted destructive attacks, espionage operations, or both, while Russian military forces attack the country by land, air, and sea.
Anton on Security
APRIL 28, 2022
I recently did this fun SANS webinar titled “Anton Chuvakin Discusses “20 Years of SIEM?—?What’s Next?”” (the seemingly self-centered title was suggested by CardinalOps who organized the webinar). As it is common for SANS webinars , we got a lot of great questions that I feel like re-answering here for posterity. Q: When do you think the industry will understand what XDR entails?
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Jane Frankland
APRIL 28, 2022
No matter who you are, what you do, or where you reside, one thing is certain. In today’s digital economy, everyone is experiencing record evolution. Customers want more, and so do their stakeholders. Today, in business, it’s all about working with digital natives – customers, partner companies, and employees – building trust and implementing advanced solutions to enhance their experience.
Tech Republic Security
APRIL 28, 2022
This review compares the features of IAM software Okta and Ping. Features include multifactor authentication, threat detection and dashboards. The post Okta vs Ping: IAM software comparison appeared first on TechRepublic.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Security Affairs
APRIL 28, 2022
Cybersecurity and Infrastructure Security Agency (CISA) published a list of 2021’s top 15 most exploited software vulnerabilities. Cybersecurity and Infrastructure Security Agency (CISA) published the list of 2021’s top 15 most exploited software vulnerabilities. This joint Cybersecurity Advisory (CSA) was coauthored by cybersecurity agencies of the United States, Australia, Canada, New Zealand, and the United Kingdom: the Cybersecurity and Infrastructure Security Agency ( CISA ), Na
CSO Magazine
APRIL 28, 2022
Phishing continues to be one of the primary attack mechanisms for bad actors with a variety of endgames in mind, in large part because phishing attacks are trivial to launch and difficult to fully protect against. Some phishing attacks target customers rather than employees, and others simply aim to damage your corporate reputation rather than compromise your systems.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Digital Shadows
APRIL 28, 2022
The two-month mark of the Russia and Ukraine war has passed, with Russia almost certainly having failed to meet its. The post The Russia – Ukraine war: Two months in first appeared on Digital Shadows.
Bleeping Computer
APRIL 28, 2022
Synology has warned customers that some of its network-attached storage (NAS) appliances are exposed to attacks exploiting multiple critical Netatalk vulnerabilities. [.].
Cisco Security
APRIL 28, 2022
In the midst of global change and virtual hiring, the landscape of job searching has changed. We sat down (via WebEx) with recruiting leaders, accessibility experts and career changers at Cisco Secure and Duo Security to find out the top 10 ways to make the virtual job search, application and interview process as easeful as possible. Stay tuned for future topics in this series including advice for career changers and environmental aspects to consider for long-term fulfillment at work. 1.
CyberSecurity Insiders
APRIL 28, 2022
Lucas Rizzotto had a vision from his childhood about a talking microwave oven that could communicate with him like a friend and act as per his commands. So, he collected a microwave from Amazon and induced it with artificial intelligence. Then, sensing it had thinking skills, he named it as Magnetron. Magnetron was fed with the childhood history of about 100 pages of data belonging to Lucas and the kitchen appliance started to soon interact with its owner through the externally fitted speaker an
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Heimadal Security
APRIL 28, 2022
Cybersecurity authorities around the world have published a list of the top 15 vulnerabilities regularly exploited by malicious actors in 2021, in collaboration with the NSA and the FBI. In a joint alert, the cybersecurity authorities recommended enterprises patch these security holes as soon as possible and adopt patch management systems to decrease their attack […].
eSecurity Planet
APRIL 28, 2022
U.S. cybersecurity agencies joined their counterparts around the globe to urge organizations to address the top 15 vulnerabilities exploited in 2021. Topping the list were the Log4Shell vulnerability and Microsoft bugs ProxyShell and ProxyLogon. Microsoft occupied more than half the list, with Exchange Server accounting for eight of the vulnerabilities.
CSO Magazine
APRIL 28, 2022
Hacking groups closely linked to the Russian government have made nearly 40 destructive attacks against hundreds of Ukrainian targets since the start of the invasion, according to a report issued by Microsoft. The attacks have been largely, but not exclusively, targeted at Ukrainian government institutions, and Microsoft's report noted that these attacks have had damaging effects on the country's economy and civilian population, in addition to Ukraine's government and military.
Malwarebytes
APRIL 28, 2022
Some ransomware authors seem to be further whittling down their tenuous “circle of trust” style agreement with victims even further. Word has spread of a new Onyx ransomware operation which is quite a bit more destructive than those impacted would be hoping for. The ransomware in question overwrites files larger than just 2MB. Anything important is lost to the void forever, and only files smaller than this will be recovered should the victims pay up.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
The Hacker News
APRIL 28, 2022
Elon Musk, CEO of SpaceX and Tesla and Twitter's new owner, on Thursday called on adding support for end-to-end encryption (E2EE) to the platform's direct messages (DM) feature. "Twitter DMs should have end to end encryption like Signal, so no one can spy on or hack your messages," Musk said in a tweet.
Malwarebytes
APRIL 28, 2022
We tend to accept that younger folks are supposed to be more tech savvy, given they’ve grown up with computers and the Internet pretty much their whole lives. If you go back about 15 or so years, a lot of security advice focused on the “warning your grandmother away from scams” routine. The default assumption was that people over a certain age simply did not know about computers and the threats that come with them.
Security Boulevard
APRIL 28, 2022
Russia is attacking Ukraine with cyberattacks and psyops. But the scale is pathetic and Ukraine is fighting back—hard. The post Ukraine Beats Russia in Cyberwarfare — at ‘Unprecedented Scale’ appeared first on Security Boulevard.
Malwarebytes
APRIL 28, 2022
We’ve seen multiple hijacked profiles on Facebook recently claiming to be account recovery services. These bogus account recovery services aren’t here to help. They’re actually just trying to scare users into falling for phishing attempts. The people behind these scams target Facebook pages belonging to musicians, products, and businesses of all kinds.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Security Boulevard
APRIL 28, 2022
Yesterday we joined Snyk’s new Technical Alliance Partnership Program as a founding member and announced that we will integrate Snyk Open Source into our BluBracket Code Security Suite. As a relatively young company, this is a big commitment and one that as CEO I don’t take lightly. But the value proposition for our customers is […]. The post Why we joined forces with Snyk appeared first on Security Boulevard.
Malwarebytes
APRIL 28, 2022
Some major tech companies have unwittingly opened harassment and exploitation opportunities to the women and children who they have pledged to protect. This happened because they provided information in response to emergency data requests from legitimate law enforcement accounts that hackers had compromised. This finding came from four federal law enforcement agencies and a couple of industry investigators.
Bleeping Computer
APRIL 28, 2022
Edge's Secure Network is powered by Cloudflare - one of the most trusted DNS hosts in the industry - and it aims to protect your device and sensitive data as you browse. The feature is in the early stage of development available to select users in Edge Canary and it's not a full-fledged VPN service offered in browsers like Opera. [.].
Security Boulevard
APRIL 28, 2022
In light of recent high profile software supply chain security issues such as the SolarWinds attack and the Log4j open source vulnerability, we found it important to identify and explain some key terminology. We will also state our particular definitions for these terms in the context of GrammaTech products and our approach to improving software supply chain security.
Advertisement
The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.
The Hacker News
APRIL 28, 2022
Cloudflare on Wednesday disclosed that it acted to mitigate a 15.3 million request-per-second (RPS) distributed denial-of-service (DDoS) attack. The web infrastructure and website security company called it one of the "largest HTTPS DDoS attacks on record.
Security Boulevard
APRIL 28, 2022
U.S. consumers are shying away from digital banking due to security concerns. According to a PYMNTS Digital Banking report, 47% of consumers worry about their data security, despite significant interest in digitized banking services. Ransomware also poses a huge threat, with malicious attacks increasing by 1,318% in 2021. This is why modern banking practices need.
Bleeping Computer
APRIL 28, 2022
Ukraine's computer emergency response team (CERT-UA) has published an announcement warning of ongoing DDoS (distributed denial of service) attacks targeting pro-Ukraine sites and the government web portal. [.].
Security Boulevard
APRIL 28, 2022
A survey of 154 North American IT and security decision-makers conducted by Forrester Consulting on behalf of Sonrai Security and Amazon Web Services (AWS) published today found 96% of respondents acknowledged their organization faced security incidents in the last 12 months; 98% of them involved identity-related security challenges. The top issues reported are an internal.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Google Security
APRIL 28, 2022
Posted by Caleb Brown, Open Source Security Team Despite open source software’s essential role in all software built today, it’s far too easy for bad actors to circulate malicious packages that attack the systems and users running that software. Unlike mobile app stores that can scan for and reject malicious contributions, package repositories have limited resources to review the thousands of daily updates and must maintain an open model where anyone can freely contribute.
Security Boulevard
APRIL 28, 2022
The advance of the 21st century brought with it a significant shift in the work scene. Every industry and field relies heavily on computers and the digital world to function seamlessly. However, with it came the ever-mounting fear of cyber attack. Among the many forms of cyber attack is a watering hole attack, also known …. What is a watering hole attack?
The Hacker News
APRIL 28, 2022
A cyberespionage threat actor known for targeting a variety of critical infrastructure sectors in Africa, the Middle East, and the U.S. has been observed using an upgraded version of a remote access trojan with information stealing capabilities.
Security Boulevard
APRIL 28, 2022
FBI Director Christopher Wray said in an interview on CBS’s Sunday news program 60 Minutes that the current level of cybersecurity threats from China was “unprecedented in history” and highlighted the country’s attempts at cyberespionage. “The biggest threat we face as a country from a counterintelligence perspective is from the People’s Republic of China,” he.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Expert insights. Personalized for you.
215 
Let's personalize your content