Fri.Mar 03, 2023

article thumbnail

Nick Weaver on Regulating Cryptocurrency

Schneier on Security

Nicholas Weaver wrote an excellent paper on the problems of cryptocurrencies and the need to regulate the space—with all existing regulations. His conclusion: Regulators, especially regulators in the United States, often fear accusations of stifling innovation. As such, the cryptocurrency space has grown over the past decade with very little regulatory oversight.

article thumbnail

Top 10 open-source security and operational risks of 2023

Tech Republic Security

Many software companies rely on open-source code but lack consistency in how they measure and handle risks and vulnerabilities associated with open-source software, according to a new report. The post Top 10 open-source security and operational risks of 2023 appeared first on TechRepublic.

Risk 210
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Organizations Struggle With CCPA, CPRA, GDPR Compliance

Security Boulevard

The vast majority—92% of companies across all verticals, states and business sizes—are still unprepared for compliance with the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), while a similar percentage (91%) are unprepared for GDPR compliance. A report from Cytrio revealed these organizations are still using time-consuming and error-prone manual processes to.

IoT 139
article thumbnail

Actions You Can Take To Support Women In Cybersecurity On And Beyond IWD 2023

Jane Frankland

International Women’s Day is a global day of celebration and recognition for the social, economic, cultural, and political achievements of women. It is celebrated on March 8th every year and originated in Europe during the early 1900s. The day provides an opportunity to come together to support and honor female contributions around the world. The theme for this year is “Embrace Equity” – which encourages everyone to focus on gender equity and get the world talking about Why equal opp

article thumbnail

How to Avoid Pitfalls In Automation: Keep Humans In the Loop

Speaker: Erroll Amacker

Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.

article thumbnail

National Cybersecurity Strategy | Contrast Security

Security Boulevard

Time for the gloves to come off, the U.S. government said on Thursday in a newly aggressive policy on cybersecurity that has — mostly — thrilled cybersecurity experts. The post National Cybersecurity Strategy | Contrast Security appeared first on Security Boulevard.

article thumbnail

Cybersecurity headlines trending on Google

CyberSecurity Insiders

CISA of the United States has issued a warning to all public and private entities to stay away from the Royal Ransomware group. They issued an advisory as a part of StopRansomware Campaign and issued some tips that help raise the defense-line against such cyber threats. Royal Ransomware gang has been active since September 2022 and demands a sum ranging between $1m to $11 million that needs to be paid in Bitcoins.

LifeWorks

More Trending

article thumbnail

BidenCash market leaks over 2 million stolen credit cards for free

Bleeping Computer

A carding marketplace known as BidenCash has leaked online a free database of 2,165,700 debit and credit cards in celebration of its first anniversary. [.

Marketing 118
article thumbnail

Feds warn about right Royal ransomware rampage that runs the gamut of TTPs

Naked Security

Wondering which cybercrime tools, techniques and procedures to focus on? How about any and all of them?

article thumbnail

Cowbell Adds Free Cybersecurity Services for Insurance Policy Holders

Security Boulevard

Cowbell this week added a free 24/7 managed security service for organizations that take out a cyberinsurance policy to help reduce the cost of a cybersecurity breach. Manu Singh, vice president of risk engineering at Cowbell, said Cowbell 365 spans everything from working with policyholders to improve their overall cybersecurity posture management to responding to.

Insurance 115
article thumbnail

HPE to acquire Axis Security to deliver a unified SASE offering

CSO Magazine

Hewlett Packard Enterprise has agreed to buy cloud security services provider Axis Security, its third acquistion since January, to deliver a unified secure access service edge (SASE) offering. The acquisition is aimed at incorporating the Axis security service edge (SSE) platform into HPE’s edge-to-cloud network security capabilities with to deliver integrated networking and security solutions as-a-service.

article thumbnail

Why Giant Content Libraries Do Nothing for Your Employees’ Cyber Resilience

Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.

article thumbnail

Cybersecurity Insights with Contrast CISO David Lindner | 3/3

Security Boulevard

Insight #1 " June 11 th , 2023 is getting closer. Have you started pulling together information for the government’s requirement of self-attestation as to the security practices you follow in your SDLC for any software used or purchased by the U.S. federal government? What about SBOMs, are you in the process to be able to provide those if requested?

CISO 113
article thumbnail

BrandPost: It’s Time to Create More Opportunities for Women in Cybersecurity

CSO Magazine

Undoubtedly, our industry needs to create more initiatives to attract a more diverse group of professionals—including women—to STEM-focused careers like cybersecurity. While we’ve collectively made some progress on this front, a great deal of work still needs to be done to bring women into cybersecurity-focused roles and create meaningful career paths for them to grow and progress within the industry.

article thumbnail

Known Vulnerabilities Drove Most Cyberattacks in 2022

Security Boulevard

New research revealed an all-too-familiar theme: Known vulnerabilities for which patches have been issued were the main way threat actors executed cyberattacks in 2022. “The data highlights that long-known vulnerabilities frequently cause more destruction than the shiny new ones,” Bob Huber, CSO and head of research, Tenable, said in a release detailing the findings in.

CSO 111
article thumbnail

The Week in Ransomware - March 3rd 2023 - Wide impact attacks

Bleeping Computer

This week was highlighted by a massive BlackBasta ransomware attack targeting DISH Network and taking down numerous subsidiaries, including SlingTV and Boost Mobile. [.

article thumbnail

Zero Trust Mandate: The Realities, Requirements and Roadmap

The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.

article thumbnail

New Flaws in TPM 2.0 Library Pose Threat to Billions of IoT and Enterprise Devices

The Hacker News

A pair of serious security defects has been disclosed in the Trusted Platform Module (TPM) 2.0 reference library specification that could potentially lead to information disclosure or privilege escalation. One of the vulnerabilities, CVE-2023-1017, concerns an out-of-bounds write, while the other, CVE-2023-1018, is described as an out-of-bounds read.

IoT 102
article thumbnail

Hundreds of thousands of websites hacked as part of redirection campaign

Security Affairs

Thousands of Websites Hijacked Using Compromised FTP Credentials Researchers reported that threat actors compromised thousands of websites using legitimate FTP credentials to hijack traffic. Cybersecurity firm Wiz reported that since early September 2022, threat actors compromised tens of thousands of websites aimed at East Asian audiences to redirect hundreds of thousands of their users to adult-themed content.

Hacking 98
article thumbnail

Chinese Hackers Targeting European Entities with New MQsTTang Backdoor

The Hacker News

The China-aligned Mustang Panda actor has been observed using a hitherto unseen custom backdoor called MQsTTang as part of an ongoing social engineering campaign that commenced in January 2023. "Unlike most of the group's malware, MQsTTang doesn't seem to be based on existing families or publicly available projects," ESET researcher Alexandre Côté Cyr said in a new report.

article thumbnail

Pegasus spyware used to spy on a Polish mayor

Security Affairs

The phone of an opposition-linked Polish mayor was infected with the powerful Pegasus spyware, local media reported. Reuters reported that the phone of an opposition-linked Polish mayor was infected with the Pegasus spyware. According to rumors, the Polish special services are using surveillance software to spy on government opponents. The news of the hack was reported by the Gazeta Wyborcza daily, and unfortunately, it isn’t the first time that the Pegasus spyware was used in the country.

Spyware 98
article thumbnail

Next-Level Fraud Prevention: Strategies for Today’s Threat Landscape

Speaker: Sierre Lindgren

Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.

article thumbnail

The Advantages and Limitations of Object Storage: A Comprehensive Overview

SecureBlitz

In this post, I will show you the advantages and limitations of Object Storage. The majority of today’s communications data on the World Wide Web is unstructured. Nevertheless, only a few industry specialists are familiar with object-based storage technology. So many industry executives are still skeptical of object-based storage’s overall business worth.

article thumbnail

Trusted Platform Module (TPM) 2.0 flaws could impact billions of devices

Security Affairs

Two vulnerabilities affecting the Trusted Platform Module ( TPM ) 2.0 library could potentially lead to information disclosure or privilege escalation. The Trusted Computing Group (TCG) is warning of two vulnerabilities affecting the implementations of the Trusted Platform Module ( TPM ) 2.0 that could potentially lead to information disclosure or privilege escalation.

article thumbnail

How Royal Ransomware Could Wreak Havoc on the U.S. Digital Economy

Heimadal Security

Earlier this year, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) released an advisory regarding the Royal Ransomware gang. The Royal Ransomware group first appeared in the United States in September 2022—the U.S. Health and Human Services Cybersecurity Coordination Center issued a security alert to all healthcare organizations. Healthcare is one of Royal’s primary ransomware […] The post How Royal Ransomware Could Wreak Havoc on the U.S.

article thumbnail

The U.S. CISA and FBI warn of Royal ransomware operation

Security Affairs

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning of the capabilities of the recently emerged Royal ransomware. The human-operated Royal ransomware first appeared on the threat landscape in September 2022, it has demanded ransoms up to millions of dollars. Unlike other ransomware operations, Royal doesn’t offer Ransomware-as-a-Service, it appears to be a private group without a network of affiliates.

article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

The Biggest Challenges And Opportunities Facing Tech Businesses Right Now

SecureBlitz

In this post, I will show you the biggest challenges and opportunities facing tech businesses right now. As a business owner, it can sometimes feel as though you are being pinballed from one incredible challenge to one amazing opportunity with no time to breathe and reflect. It can also feel as though the two things […] The post The Biggest Challenges And Opportunities Facing Tech Businesses Right Now appeared first on SecureBlitz Cybersecurity.

article thumbnail

MQsTTang, a new backdoor used by Mustang Panda APT against European entities

Security Affairs

China-Linked Mustang Panda APT employed MQsTTang backdoor as part of an ongoing campaign targeting European entities. China-linked Mustang Panda APT group has been observed using a new backdoor, called MQsTTang, in attacks aimed at European entities. The hacking campaign began in January 2023, ESET researchers pointed out that the custom backdoor MQsTTang is not based on existing families or publicly available projects.

Malware 98
article thumbnail

Play Ransomware Gang Behind Oakland Cyberattack

SecureWorld News

The City of Oakland recently experienced a ransomware attack that disrupted services and caused the city to declare a state of emergency, displaying the real-world consequences that cyberattacks can have. At the time of the incident, it was unclear who was responsible for the attack, but we now know the culprit, or at least who is claiming to be. Dominic Alvieri, a c ybersecurity analyst and security researcher, shared on Twitter that the Play Ransomware gang was behind the attack: The crippling

article thumbnail

Cyberattack on British Retailer WH Smith Exposes Employees` Data

Heimadal Security

Threat actors breached WH Smith, the 1,700 locations UK retailer, and exposed data belonging to current and former employees. WH Smith has more than 12,500 employees and reported a revenue of $1.67 billion in 2022. What Kind of Data Was Exposed The targeted company launched an investigation and notified the authorities. According to them, the […] The post Cyberattack on British Retailer WH Smith Exposes Employees` Data appeared first on Heimdal Security Blog.

Retail 98
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Play ransomware claims disruptive attack on City of Oakland

Bleeping Computer

The Play ransomware gang has taken responsibility for a cyberattack on the City of Oakland that has disrupted IT systems since mid-February. [.

article thumbnail

How to Configure a Router to Use WPA2 in 7 Easy Steps

eSecurity Planet

Most of us connect our mobile devices to a Wi-Fi router for internet access, but this connection can leave our network and data vulnerable to cyber threats. To protect against those threats, a Wi-Fi Protected Access (WPA) encryption protocol is recommended. And even though it’s been around since 2004, WPA2 remains the Wi-Fi security standard. WPA2 is a security protocol that secures wireless networks using the advanced encryption standard (AES).

article thumbnail

Wading Back Into the Software Liability Cesspool

Security Boulevard

Time must be a flat circle—it seems that every couple of years, someone brings up the topic of software liability. Just stay in one place, and soon enough, the train will come back around with folks screaming that software companies are liable for security breaches. This time, it’s Jen Easterly, the impressive head of CISA, The post Wading Back Into the Software Liability Cesspool appeared first on Security Boulevard.

article thumbnail

Chinese Hackers Are Using a New Backdoor to Deploy Malware

Heimadal Security

This year, the Chinese cyberespionage group Mustang Panda began deploying a new custom backdoor named ‘MQsTTang’ in attacks. This advanced persistent threat (APT), also known as TA416 and Bronze President, targets organizations worldwide with customized versions of PlugX malware. In January 2023, ESET researchers discovered MQsTTang as part of a campaign targeting government and political organizations […] The post Chinese Hackers Are Using a New Backdoor to Deploy Malware appe

Malware 97
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!