Schneier on Security

AUGUST 2, 2023

The US Securities and Exchange Commission adopted final rules around the disclosure of cybersecurity incidents. There are two basic rules: Public companies must “disclose any cybersecurity incident they determine to be material” within four days, with potential delays if there is a national security risk. Public companies must “describe their processes, if any, for assessing, identifying, and managing material risks from cybersecurity threats” in their annual filings.

Cybersecurity 242

Cybersecurity Risk Government Information Security 242

The Last Watchdog

AUGUST 2, 2023

San Francisco, Calif., Aug. 2, 2023 – Normalyze , a pioneer in cloud data security, today introduced new capabilities to protect data across hybrid cloud deployments and on-premises environments. With an extensive platform that already offers comprehensive data security posture management for data at rest and in motion across all IaaS, PaaS, SaaS data assets, Normalyze now provides IT and security teams with unprecedented visibility into data housedon-premises.

Cloud Migration 189

Cloud Migration Risk Architecture Media 189

Malwarebytes

AUGUST 2, 2023

Minecraft players interested in modding are potentially at risk of compromise. A Remote Code Execution (RCE) vulnerability in certain Minecraft mods allows for malicious commands on both servers and clients. The vulnerability, named BleedingPipe , allows attackers to take over a targeted server. Minecraft modding is immensely popular, with a potentially huge number of servers in the wild doing their own thing.

Risk 98

Risk Malware Cybersecurity 98

Security Affairs

AUGUST 2, 2023

The fast food giant Burger King put their systems and data at risk by exposing sensitive credentials to the public for a second time. Original post @ [link] Burger King is a renowned US-based international fast food giant with a global presence of over 19 thousand restaurants and revenue of $1.8 billion. Recently, the Cybernews research team uncovered that Burger King in France exposed sensitive credentials to the public due to a misconfiguration on their website.

Passwords 98

Passwords Accountability Mobile Hacking 98

Speaker: Erroll Amacker

Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.

Risk

The Hacker News

AUGUST 2, 2023

Cybersecurity researchers have discovered a new post-exploitation technique in Amazon Web Services (AWS) that allows the AWS Systems Manager Agent (SSM Agent) to be run as a remote access trojan on Windows and Linux environments "The SSM agent, a legitimate tool used by admins to manage their instances, can be re-purposed by an attacker who has achieved high privilege access on an endpoint with

Cybersecurity 98

Cybersecurity 98

Security Affairs

AUGUST 2, 2023

Researchers warn that hundreds of Citrix servers have been hacked in an ongoing campaign exploiting the RCE CVE-2023-3519. Security researchers from the non-profit organization Shadowserver Foundation reported that hundreds of Citrix Netscaler ADC and Gateway servers have already been compromised as part of an ongoing campaign exploiting the critical remote code execution (RCE) vulnerability CVE-2023-3519.

VPN 98

VPN Hacking Cyber Attacks Software 98

Security Affairs

AUGUST 2, 2023

Experts spotted a spear-phishing Facebook campaign exploiting a zero-day vulnerability in Salesforce email services. Researchers from Guardio Labs uncovered a sophisticated phishing campaign exploiting a zero-day vulnerability in Salesforce email services and SMTP servers. The phishing campaigns are able to evade conventional detection methods by chaining the Salesforce vulnerability and legacy quirks in Facebook’s web games platform.

Phishing 98

Phishing Accountability Authentication Hacking 98

Heimadal Security

AUGUST 2, 2023

A significant portion of cyberattacks target endpoints, either individually or as gateways to the larger company network. Experts Insights mention that 68% of companies researched by a Ponemon study experienced one or more successful endpoint assaults that compromised their IT infrastructure and/or data. Unfortunately, this is not a singular threat, but a layered issue: hackers exploit software […] The post What Is Endpoint Security?

Software 98

Software 98

SecureBlitz

AUGUST 2, 2023

The intersection of cybersecurity and artificial intelligence (AI) is an increasingly important frontier in the world of technology. As cyber threats become more sophisticated, AI offers novel solutions for identifying and countering such threats. This makes the topic especially relevant for students, the upcoming generation of technologists, entrepreneurs, and academics.

Artificial Intelligence 98

Artificial Intelligence Cybersecurity Cyber threats Technology 98

The Hacker News

AUGUST 2, 2023

Cybersecurity researchers have discovered a bypass for a recently fixed actively exploited vulnerability in some versions of Ivanti Endpoint Manager Mobile (EPMM), prompting Ivanti to urge users to update to the latest version of the software. Tracked as CVE-2023-35082 (CVSS score: 10.

Mobile 98

Mobile Software Cybersecurity 98

Advertisement

Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.

Cyber threats

SecureWorld News

AUGUST 2, 2023

When I first became interested in ICS/OT cybersecurity, it was 2010 and news about Stuxnet had been made public. Stuxnet was a piece of malware designed to infiltrate a uranium enrichment facility in Iran and physically destroy the enrichment centrifuges used to ultimately make nuclear warheads. Stuxnet was not only a technical marvel, but it was also the first known piece of malware to target Industrial Control Systems (ICS)/Operational Technology (OT).

Cybersecurity 98

Cybersecurity Manufacturing Data breaches Malware 98

The Hacker News

AUGUST 2, 2023

A sophisticated Facebook phishing campaign has been observed exploiting a zero-day flaw in Salesforce's email services, allowing threat actors to craft targeted phishing messages using the company's domain and infrastructure.

Phishing 98

Phishing 98

Quick Heal Antivirus

AUGUST 2, 2023

The wealth of data available on the internet and the infinite potential that it has to offer requires. The post Ethical Web Scraping and Crawling: Navigating the Digital World Responsibly appeared first on Quick Heal Blog.

Internet 97

Internet Internet Data privacy Hacking 97

The Hacker News

AUGUST 2, 2023

Microsoft on Wednesday disclosed that it identified a set of highly targeted social engineering attacks mounted by a Russian nation-state threat actor using credential theft phishing lures sent as Microsoft Teams chats. The tech giant attributed the attacks to a group it tracks as Midnight Blizzard (previously Nobelium). It's also called APT29, BlueBravo, Cozy Bear, Iron Hemlock, and The Dukes.

Phishing 98

Phishing Social Engineering Engineering 98

Advertisement

The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.

Cybersecurity

The Security Ledger

AUGUST 2, 2023

In this Spotlight podcast interview, David Monnier of Team Cymru talks about the evolution of the threat intelligence into actionable and target specific “threat reconnaissance.” The post Spotlight Podcast: Are you ready for Threat Reconnaissance? first appeared on The Security Ledger with Paul F. Roberts. The post Spotlight Podcast: Are you. Read the whole entry. » Click the icon below to listen.

Cyber threats 97

Cyber threats Marketing Ransomware Risk 97

SecureWorld News

AUGUST 2, 2023

News of a proposed United States Cyber Force moved closer to reality last week when the U.S. Senate passed the $886 billion National Defense Authorization Act. An amendment in the bill directs the Defense Department to tap the National Academy of Public Administration to conduct an assessment of establishing a seventh, cyber-specific military service.

Government 97

Government Cyber threats Education Cyber Attacks 97

SecureBlitz

AUGUST 2, 2023

This post will show you 9 ways to secure your mobile devices. In today's digital age, our mobile devices have become an extension of ourselves. We rely on them for communication, banking, entertainment, and storing sensitive personal information. However, with the increasing prevalence of cyber threats, it's crucial to take proactive measures to secure our […] The post How to Secure Your Mobile Devices: A Comprehensive Guide appeared first on SecureBlitz Cybersecurity.

Mobile 97

Mobile Cyber threats Banking Cybersecurity 97

The Hacker News

AUGUST 2, 2023

Services offered by an obscure Iranian company known as Cloudzy are being leveraged by multiple threat actors, including cybercrime groups and nation-state crews. "Although Cloudzy is incorporated in the United States, it almost certainly operates out of Tehran, Iran – in possible violation of U.S.

Cybercrime 96

Cybercrime 96

Speaker: Sierre Lindgren

Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.

Scams

Heimadal Security

AUGUST 2, 2023

Cybersecurity agencies in Australia and the U.S. issued an advisory that warns about security flaws in web applications that could result in large-scale data breaches. The advisory refers to a certain sort of vulnerability called Insecure Direct Object Reference (IDOR). IDOR is a variety of access control bugs that surface when user-supplied input is used […] The post Eyes on IDOR Vulnerabilities!

Data breaches 96

Data breaches Cybersecurity 96

Dark Reading

AUGUST 2, 2023

Want heated seats for free? Self-driving in Europe despite a regulatory ban? Researchers have discovered the road to free car-modding on the popular Tesla EVs.

94

94

Heimadal Security

AUGUST 2, 2023

The Information Commissioner’s Office (ICO) revealed that 26 staff members of NHS Lanarkshire shared patients` information on a WhatsApp group. The group didn`t have the organization`s approval for processing data about the NHS patients. The team got access to the social media platform to facilitate communication during the pandemic. BBC wrote that according to NHS […] The post Staff at NHS Lanarkshire Exposed Patient`s Data on Unauthorized WhatsApp Group appeared first on Heimdal Se

Media 95

Media Cybersecurity 95

Malwarebytes

AUGUST 2, 2023

Ivanti has issued a patch to address a second critical zero-day vulnerability that is under active attack. The vulnerability is said to be used in combination with the first vulnerability we discussed some days ago. The Cybersecurity and Infrastructure Security Agency (CISA) has added the new vulnerability to its Known Exploited Vulnerabilities Catalog , based on evidence of active exploitation since at least April of 2023.

Authentication 93

Authentication Mobile Cybersecurity Government 93

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

The Hacker News

AUGUST 2, 2023

In recent years the rise of illicit activities conducted within online messaging platforms has become a growing concern for countless industries. One of the most notable platforms that has been host to many malicious actors and nefarious activities has been Telegram.

92

92

Dark Reading

AUGUST 2, 2023

The prolific APT, also known as OilRig and MuddyWater, was caught targeting an IT company's government clients in the region, with the aim of carrying out cyber espionage.

Government 91

Government 91

The Hacker News

AUGUST 2, 2023

A Russia-nexus adversary has been linked to 94 new domains starting March 2023, suggesting that the group is actively modifying its infrastructure in response to public disclosures about its activities.

Hacking 92

Hacking Cybersecurity 92

Dark Reading

AUGUST 2, 2023

Innovations in continuous controls monitoring may be the only way underwriters can offer cyber-insurance policies that make sense in the market.

Cyber Insurance 89

Cyber Insurance Insurance Marketing 89

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

The Hacker News

AUGUST 2, 2023

About 34% of security vulnerabilities impacting industrial control systems (ICSs) that were reported in the first half of 2023 have no patch or remediation, registering a significant increase from 13% the previous year. According to data compiled by SynSaber, a total of 670 ICS product flaws were reported via the U.S.

Cybersecurity 89

Cybersecurity 89

Dark Reading

AUGUST 2, 2023

A culture of cybersecurity and implementing industry best practices can go a long way toward protecting a utility.

Cybersecurity 82

Cybersecurity 82

Bleeping Computer

AUGUST 2, 2023

Hundreds of Citrix Netscaler ADC and Gateway servers have already been breached and backdoored in a series of attacks targeting a critical remote code execution (RCE) vulnerability tracked as CVE-2023-3519. [.

81

81

Dark Reading

AUGUST 2, 2023

Despite being outed earlier this year, the advanced persistent threat group is trying to sneak past researchers again.

82

82

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!