Schneier on Security
FEBRUARY 22, 2023
Here’s a story about a hacker who reprogrammed a device called “Flipper Zero” to mimic Opticom transmitters—to turn traffic lights in his path green. As mentioned earlier, the Flipper Zero has a built-in sub-GHz radio that lets the device receive data (or transmit it, with the right firmware in approved regions) on the same wireless frequencies as keyfobs and other devices.
Google Security
FEBRUARY 22, 2023
Posted by Sarah Jacobus, Vulnerability Rewards Team It has been another incredible year for the Vulnerability Reward Programs (VRPs) at Google! Working with security researchers throughout 2022, we have been able to identify and fix over 2,900 security issues and continue to make our products more secure for our users around the world. We are thrilled to see significant year over year growth for our VRPs, and have had yet another record breaking year for our programs!
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Security Boulevard
FEBRUARY 22, 2023
Sensitive military data found on unprotected Microsoft Azure server. Defense Department email store left insecure for at least 11 days. The post Surprise! US DoD Server Had no Password — 3TB of Sensitive Data Leaked appeared first on Security Boulevard.
Graham Cluley
FEBRUARY 22, 2023
Russian media has blamed hackers after commercial radio stations in the country broadcast bogus warnings about air raids and missile strikes, telling listeners to head to shelters.
Speaker: Erroll Amacker
Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.
Security Boulevard
FEBRUARY 22, 2023
Modern technology has created a world where threat actors are continuously adapting new tools and techniques with the main goal of stealing data from companies. In today’s digital age, traditional defensive security measures are no longer effective at protecting business assets appropriately. Therefore, businesses must be willing to evolve and adapt their cyber strategies to […] The post Strategic Threat Intelligence: The Definitive Guide appeared first on Flare | Cyber Threat Intel |
Dark Reading
FEBRUARY 22, 2023
Hackers will take anything newsworthy and turn it against you, including the world's most advanced AI-enabled chatbot.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
|
CSO Magazine
FEBRUARY 22, 2023
The threat landscape is highly diverse and attacks range in sophistication from the most basic scams to nation-state-level cyberespionage. However, companies need to prioritize their defenses against the most common threats that are likely to impact them and their employees. In its newly released annual State of Malware report , cybersecurity firm Malwarebytes selected five threats that they consider to be archetypes for some of the most common malware families observed in 2022: LockBit ransomwa
Security Boulevard
FEBRUARY 22, 2023
IBM Security today published a report that found ransomware attacks, on average, can now be launched and completed in less than four days, down from two months previously. On the plus side, however, the IBM X-Force Threat Intelligence Index report finds the number of ransomware incidents have declined 4% on an annual basis. John Dwyer, The post IBM Security Finds Ransomware Attacks Take Less Than Four Days appeared first on Security Boulevard.
Graham Cluley
FEBRUARY 22, 2023
A ransomware outfit is advising its victims to secretly tell them how much insurance they have, so their extortion demands will be met. Read more in my article on the Tripwire State of Security blog.
Heimadal Security
FEBRUARY 22, 2023
It’s easy to see why there has always been some skepticism and uncertainty about the emergence of AI technology. However, the moment we are faced with an advanced technology capable of doing its own thinking, we must take a necessary step back before diving right in. While making our lives so much easier in many […] The post ChatGPT: The Dark Side of Artificial Intelligence Crafting Custom Malware appeared first on Heimdal Security Blog.
Advertisement
Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.
CSO Magazine
FEBRUARY 22, 2023
Deployment of backdoors on networks was the top action attackers made in almost a quarter of all incidents remediated in 2022. A spike in the use of the multi-purpose Emotet malware early in the year was the main culprit of this increase, accounting for 47% of backdoors deployed throughout the year, according to IBM Security X-Force Threat Intelligence Index.
Heimadal Security
FEBRUARY 22, 2023
Cyber researchers warn OyeTalk users that the app`s database exposed their private data and conversations to data leakage. The database admins did not use a password to secure it, so all the data was open to the public. OyeTalk is a voice-chat app that is available in over 100 countries and has five million downloads […] The post Five Million Downloads OyeTalk Android App Leaks Private User Conversations appeared first on Heimdal Security Blog.
We Live Security
FEBRUARY 22, 2023
It’s never been easier to write a convincing message that can trick you into handing over your money or personal data The post Writing like a boss using ChatGPT and how to get better at spotting phishing scams appeared first on WeLiveSecurity
Bleeping Computer
FEBRUARY 22, 2023
Threat actors are targeting Internet-exposed Fortinet appliances with exploits targeting CVE-2022-39952, an unauthenticated file path manipulation vulnerability in the FortiNAC webserver that can be abused for remote command execution. [.
Advertisement
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
SecureBlitz
FEBRUARY 22, 2023
A pen test, also known as a penetration test, simulates an authorized cyberattack against a device system to identify vulnerabilities that could influence it. It focuses on identifying security flaws in a specific information system without jeopardizing the system itself. Penetration testing services provide strategies and approaches for identifying system flaws that could endanger a business. […] The post What Programming Skills Do Pen Testers Need?
Bleeping Computer
FEBRUARY 22, 2023
Threat actors are actively exploiting the popularity of OpenAI's ChatGPT AI tool to distribute Windows malware, infect Android devices with spyware, or direct unsuspecting victims to phishing pages. [.
CSO Magazine
FEBRUARY 22, 2023
Cyberattacks targeting multiple data centers in several regions globally have been observed over the past year and a half, resulting in exfiltration of information pertaining to some of the world's biggest companies and the publishing of access credentials on the dark web, according to cybersecurity company Resecurity. "Malicious cyber activity targeting data center organizations creates a significant precedent in the context of supply chain cybersecurity," Resecurity said in a blog post.
Naked Security
FEBRUARY 22, 2023
Free spins? Bonus game points? Cheap social media followers? What harm could it possibly do if you just take a tiny little look?!
Speaker: Sierre Lindgren
Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.
CyberSecurity Insiders
FEBRUARY 22, 2023
Microsoft has made it official that it is going to introduce the services of its AI ChatGPT on all its premium upcoming mobile phones. Therefore, by June this year, the Bing Chatbot will be offered as Bing Smartphone app and a support system for its edge browser, thus competing with Google in terms of AI propelled search results. However, all doesn’t seem to go great for usage of artificial intelligence, as internationally renowned JPMorgan Chase has asked its employees to stop accessing the ser
The Hacker News
FEBRUARY 22, 2023
Cybersecurity researchers are warning of "imposter packages" mimicking popular libraries available on the Python Package Index (PyPI) repository. The 41 malicious PyPI packages have been found to pose as typosquatted variants of legitimate modules such as HTTP, AIOHTTP, requests, urllib, and urllib3.
Dark Reading
FEBRUARY 22, 2023
It's a banner year for attacks coming through traditional email as well as newer collaboration technologies, such as Slack and Microsoft Teams. What's next?
Bleeping Computer
FEBRUARY 22, 2023
The U.S. National Security Agency (NSA) has issued guidance to help remote workers secure their home networks and defend their devices from attacks. [.
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
The Hacker News
FEBRUARY 22, 2023
Apple has revised the security advisories it released last month to include three new vulnerabilities impacting iOS, iPadOS, and macOS. The first flaw is a race condition in the Crash Reporter component (CVE-2023-23520) that could enable a malicious actor to read arbitrary files as root. The iPhone maker said it addressed the issue with additional validation.
Bleeping Computer
FEBRUARY 22, 2023
Google last year paid its highest bug bounty ever through the Vulnerability Reward Program for a critical exploit chain report that the company valued at $605,000. [.
Security Affairs
FEBRUARY 22, 2023
Tech giant Apple discloses three new vulnerabilities affecting its iOS, iPadOS , and macOS operating systems. Apple updated its advisories by adding three new vulnerabilities, tracked as CVE-2023-23520, CVE-2023-23530 and CVE-2023-23531, that affect iOS, iPadOS , and macOS. An attacker can trigger the CVE-2023-23530 flaw to execute arbitrary code out of its sandbox or with certain elevated privileges.
Heimadal Security
FEBRUARY 22, 2023
Over 31 million people’s personal information was exposed as a result of a massive data breach at RailYatri, India’s government-approved online travel agency. An online database of private information has been released, and it is thought the breach occurred late in December 2022. Founded in 2011, RailYatri is an Indian travel marketplace endorsed by the […] The post RailYatri Data Breach Leaves Over 30 Million Users Exposed appeared first on Heimdal Security Blog.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Security Affairs
FEBRUARY 22, 2023
VMware released security updates to address a critical vulnerability, tracked as CVE-2023-20858, in the Carbon Black App Control product. VMware addressed a critical injection vulnerability, tracked as (CVSSv3 score 9.1), Carbon Black App Control. VMware Carbon Black App Control allows organizations to ensure that only trusted and approved software is allowed to execute on their critical systems and endpoints.
Malwarebytes
FEBRUARY 22, 2023
DNA Diagnostics Center (DDC), an Ohio-based private DNA testing company, last week reached a settlement deal with the Ohio and Pennsylvania state attorneys general in relation to a 2021 breach that saw the theft of 45,000 residents ' personal details. Overall the attack compromised over 2.1 million customers who had undergone genetic testing across the US.
Security Affairs
FEBRUARY 22, 2023
US CISA added actively exploited flaws in IBM Aspera Faspex and Mitel MiVoice to its Known Exploited Vulnerabilities Catalog. US CISA added the following actively exploited flaws to its Known Exploited Vulnerabilities Catalog : CVE-2022-47986 (CVSS score: 9.8) – IBM Aspera Faspex Code Execution Vulnerability – A remote attacker can trigger the vulnerability to execute arbitrary code on the system.
Bleeping Computer
FEBRUARY 22, 2023
Google is investigating a service outage affecting Gmail users worldwide that causes issues when syncing emails with Microsoft servers via the Internet Message Access Protocol (IMAP). [.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Expert insights. Personalized for you.
65 
Let's personalize your content