Schneier on Security
JULY 27, 2022
Good essay arguing that open-source software is a critical national-security asset and needs to be treated as such: Open source is at least as important to the economy, public services, and national security as proprietary code, but it lacks the same standards and safeguards. It bears the qualities of a public good and is as indispensable as national highways.
The Last Watchdog
JULY 27, 2022
Post Covid 19, attack surface management has become the focal point of defending company networks. Related: The importance of ‘SaaS posture management’ As digital transformation continues to intensify, organizations are relying more and more on hosted cloud processing power and data storage, i.e. Platform as a Service ( PaaS ,) as well as business tools of every stripe, i.e.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Tech Republic Security
JULY 27, 2022
Ducktail malware tries to hijack the accounts of individuals who use Facebook’s Business and Ads platforms, says WithSecure Intelligence. The post Infostealer malware targets Facebook business accounts to capture sensitive data appeared first on TechRepublic.
Jane Frankland
JULY 27, 2022
This week, I’m writing to you about call-out culture. I want to ensure you know how to respond to criticism online. I want to make sure that I’m not losing more voices when communicating. I’ve taken inspiration from a post on this topic by Andrea Gibson from Button Poetry who wrote recently about this and community behaviour. . Given the nature of what is considered a highly emotive topic, I want to keep a dialogue going, remove as much fear as possible when posting comments so we ca
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Tech Republic Security
JULY 27, 2022
If you're looking to get a powerful ERP solution up and running, Jack Wallen has the solution by way of Odoo and Docker. The post How to quickly deploy the Odoo ERP solution with Docker appeared first on TechRepublic.
CSO Magazine
JULY 27, 2022
Since the pandemic the cyber world has become a far riskier place. According to the Hiscox Cyber Readiness Report 2022 , almost half (48%) of organizations across the U.S. and Europe experienced a cyberattack in the past 12 months. Even more alarming is that these attacks are happening despite businesses doubling down on their cybersecurity spend. Cybersecurity is at a critical inflection point where five megatrends are making the threat landscape riskier, more complicated, and costlier to manag
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
We Live Security
JULY 27, 2022
It pays to be careful – here’s how you can stay safe from fake giveaways, money flipping scams and other cons that fraudsters use to trick payment app users out of their hard-earned cash. The post Cash App fraud: 10 common scams to watch out for appeared first on WeLiveSecurity.
CyberSecurity Insiders
JULY 27, 2022
A novel malware named CosmicStrand is said to be targeting the old motherboards offered by Asus and Gigabyte and the crux is that it can survive operating system re-installs and it survives in Unified Extensible Firmware Interface (UEFIs) unlike just the storage drive. Russia-based cybersecurity firm Kaspersky confirmed this news as its researchers have discovered the malware propelling on old Microsoft machines since Dec’16.
Bleeping Computer
JULY 27, 2022
Microsoft has linked a threat group it tracks as Knotweed to a cyber mercenary outfit (aka private-sector offensive actor) named DSIRF, targeting European and Central American entities using a malware toolset dubbed Subzero. [.].
Malwarebytes
JULY 27, 2022
An anti-vax dating site has been revealed as shockingly easy to compromise by security researchers. Many major aspects of the site, from membership subscriptions to support tickets, were found to be vulnerable. The site, called Unjected, has been around since last year. It functions as a sort of social media/dating platform for folks averse to vaccinations.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Security Boulevard
JULY 27, 2022
The International Consortium of Investigative Journalists (ICIJ), in conjunction with a number of worldwide publications, jointly released an ICIJ investigation, “The Uber Files” which detailed the back room deals and access enjoyed by the company as it went about its “chaotic global expansion.” The source of the Uber Files has been identified as Mark MacGann, The post Uber’s Latest Shenanigans appeared first on Security Boulevard.
NSTIC
JULY 27, 2022
In providing a foundation for cybersecurity advancements over the years, NIST has taken the global context into account when determining priorities and approaches. Our participation in Standards Developing Organizations (SDOs) has expanded steadily, and we encourage international participation in the development of our own programs and resources. As we celebrate the 50th anniversary of cybersecurity at NIST, it is more important than ever that we work with our partners around the world.
Bleeping Computer
JULY 27, 2022
The Spanish police have announced the arrest of two hackers believed to be responsible for cyberattacks on the country's radioactivity alert network (RAR), which took place between March and June 2021. [.].
Cisco Security
JULY 27, 2022
We’re excited to announce Cisco Secure Client, formerly AnyConnect, as the new version of one of the most widely deployed security agents. As the unified security agent for Cisco Secure , it addresses common operational use cases applicable to Cisco Secure endpoint agents. Those who install Secure Client’s next-generation software will benefit from a shared user interface for tighter and simplified management of Cisco agents for endpoint security.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
The Hacker News
JULY 27, 2022
As many as 30 malicious Android apps with cumulative downloads of nearly 10 million have been found on the Google Play Store distributing adware. "All of them were built into various programs, including image-editing software, virtual keyboards, system tools and utilities, calling apps, wallpaper collection apps, and others," Dr.Web said in a Tuesday write-up.
Cisco Security
JULY 27, 2022
Over her 25-year-plus career, Saleema Syed has seen the information security industry from a variety of vantage points, all while championing women in technology. Syed worked as director of business systems and data management for Duo Security before rising to vice president of information technology. Later, after Duo was acquired by Cisco, she transitioned to new roles within the larger organization and now heads up operations for Webex Marketing.
Bleeping Computer
JULY 27, 2022
A new phishing as a service (PhaaS) platform named 'Robin Banks' has been launched, offering ready-made phishing kits targeting the customers of well-known banks and online services. [.].
Security Affairs
JULY 27, 2022
Threat actors are increasingly abusing Internet Information Services (IIS) extensions to maintain persistence on target servers. Microsoft warns of threat actors that are increasingly abusing Internet Information Services (IIS) extensions to establish covert backdoors into servers and maintain persistence in the target networks. IIS backdoors are also hard to detect because they follow the same code structure as legitimate and harmless modules. “Malicious IIS extensions are less frequently
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
InfoWorld on Security
JULY 27, 2022
The compromise of SolarWinds’ system management tool raised a lot of interesting issues for anyone using a CI/CD (continuous integration and continuous delivery) build process for their software. How can we ensure that the software we distribute to our users is the software we intend to build? Are all the dependencies for our code the ones we intended to have?
Identity IQ
JULY 27, 2022
Beth Cheeseman Kearney Named General Counsel and Chief Compliance Officer of IDIQ. IdentityIQ. . —New role continues company strategic growth plans —. Temecula, California, July 27, 2022 – IDIQ , an industry leader in identity theft protection and credit report monitoring, has named Beth Cheeseman Kearney to the role of general counsel and chief compliance officer.
Dark Reading
JULY 27, 2022
Microsoft flagged the company's Subzero tool set as on offer to unscrupulous governments and shady business interests.
Security Boulevard
JULY 27, 2022
IBM published a report today that suggested data breaches are starting to have a material impact on the cost of goods and services. An IBM analysis of data breaches that occurred in 550 organizations found the average cost of a data breach has now reached an all-time high of $4.35 million for the organizations IBM. The post IBM Report Reveals Economic Impact of Data Breaches appeared first on Security Boulevard.
Advertisement
The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.
Trend Micro
JULY 27, 2022
Gootkit has been known to use fileless techniques to drop Cobalt Strike and other malicious payloads. Insights from a recent attack reveal updates in its tactics.
The State of Security
JULY 27, 2022
I walked into a business the other day. After a long conversation about the client’s need for cybersecurity and the implementation of the ISO27001 security standard, we talked about their risk appetite. “We don’t accept any risk. We’re risk-averse” said the CEO. But, is this achievable? Given the complexity of our modern world, with diversity […]… Read More.
Security Boulevard
JULY 27, 2022
We get it, you’re happy in your cyber security role, and spending your time on the phone to someone whose […]. The post ‘I’m Not Looking For a New Cyber Security Role, So Why Should I Have an Introduction With a Recruiter?’ appeared first on Security Boulevard.
Malwarebytes
JULY 27, 2022
T-Mobile has agreed to pay $350 million to settle class action claims related to a 2021 cyberattack which impacted around 80 million US residents. Under the proposed settlement, T-Mobile would also commit to an aggregate incremental spend of $150 million for data security and related technology in 2022 and 2023. According to The New York Times , the filing in the US District Court for the Western District of Missouri states that the payment to each customer can’t exceed $2,500.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Security Boulevard
JULY 27, 2022
If you work in modern software development, you probably deploy something to the cloud. These cloud deployments often lead to adopting a microservice architecture, because it enables developers to integrate cloud services more efficiently and, in turn, save time and money. The post Differences between logging and distributed tracing appeared first on Security Boulevard.
The Hacker News
JULY 27, 2022
Facebook business and advertising accounts are at the receiving end of an ongoing campaign dubbed Ducktail designed to seize control as part of a financially driven cybercriminal operation.
CSO Magazine
JULY 27, 2022
Whenever I am dealing with cloud services or remote consultants, the one thing that gives me the greatest pause is keeping track of and protecting credentials. Doing so requires multiple backups, cloud resources, and tested backup and recovery processes. We have our normal password management processes, password storage tools, and encryption processes.
Bleeping Computer
JULY 27, 2022
Microsoft says Microsoft Edge users will notice improved performance and a smaller disk footprint because the web browser now automatically compresses disk caches. [.].
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Expert insights. Personalized for you.
273 
Let's personalize your content