Schneier on Security

MARCH 30, 2023

Now this is interesting: Thousands of pages of secret documents reveal how Vulkan’s engineers have worked for Russian military and intelligence agencies to support hacking operations, train operatives before attacks on national infrastructure, spread disinformation and control sections of the internet. The company’s work is linked to the federal security service or FSB, the domestic spy agency; the operational and intelligence divisions of the armed forces, known as the GOU and GRU;

Engineering 340

Engineering Internet Internet Hacking 340

Tech Republic Security

MARCH 30, 2023

The new AI security tool, which can answer questions about vulnerabilities and reverse-engineer problems, is now in preview. The post Microsoft adds GPT-4 to its defensive suite in Security Copilot appeared first on TechRepublic.

Engineering 217

Engineering Artificial Intelligence Cybersecurity 217

Bleeping Computer

MARCH 30, 2023

Microsoft has shared more information on what types of malicious embedded files OneNote will soon block to defend users against ongoing phishing attacks pushing malware. [.

Phishing 141

Phishing Malware 141

Tech Republic Security

MARCH 30, 2023

New studies by NCC Group and Barracuda Networks show threat actors are increasing ransomware exploits, with consumer goods and services receiving the brunt of attacks and a large percentage of victims being hit multiple times. The post Ransomware attacks skyrocket as threat actors double down on U.S., global attacks appeared first on TechRepublic.

Ransomware 211

Ransomware Software 211

Speaker: Erroll Amacker

Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.

Risk

Security Boulevard

MARCH 30, 2023

UK National Crime Agency nips it in the bud: Aims to scare straight naughty DDoS kiddies. The post Brits Slap Wrists of DDoS Kids, via NCA’s Fake Booter Sites appeared first on Security Boulevard.

DDOS 140

DDOS Social Engineering IoT Engineering 140

Tech Republic Security

MARCH 30, 2023

While cost is generally the main consideration, the war in Ukraine and global political tensions are prompting companies to shift their IT outsourcing strategies, according to a new report. The post Report: Some IT outsourcing is moving back onshore appeared first on TechRepublic.

Digital transformation 203

Digital transformation 203

Tech Republic Security

MARCH 30, 2023

Find out the most commonly used weak passwords by industry and country, according to NordPass. Plus, get tips on creating strong passwords. The post Report: Terrible employee passwords at world’s largest companies appeared first on TechRepublic.

Passwords 200

Passwords 200

The Hacker News

MARCH 30, 2023

A Chinese state-sponsored threat activity group tracked as RedGolf has been attributed to the use of a custom Windows and Linux backdoor called KEYPLUG. "RedGolf is a particularly prolific Chinese state-sponsored threat actor group that has likely been active for many years against a wide range of industries globally," Recorded Future told The Hacker News.

134

134

CyberSecurity Insiders

MARCH 30, 2023

Are you one of those who play games by investing real money to earn double or triple the amount in return? If yes, then you should be wary of scammers who are indulging in various kinds of gaming frauds. Account switching, account takeover, fake identity and promo abuse, money laundering, phishing scams, and fake websites intended to steal sensitive information are some of the frauds targeting gamers these days.

Scams 133

Scams Accountability Phishing Internet 133

Jane Frankland

MARCH 30, 2023

Do women cope better than men with stress or is gender irrelevant? This was a question I was asked by a leader the other day. It’s also something I’ve referred to often in my keynotes and media interviews. This blog answers the question. The term ‘fight or flight’ (also known as ‘the fight-flight-or-freeze-fawn response,’ ‘hyperarousal’ or ‘the acute stress response’ ) was first coined by Walter Cannon in 1932 and is generally regarded

Cybersecurity 130

Cybersecurity Data breaches Cyber threats Hacking 130

Advertisement

Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.

Cyber threats

The Hacker News

MARCH 30, 2023

A group of academics from Northeastern University and KU Leuven has disclosed a fundamental design flaw in the IEEE 802.11 Wi-Fi protocol standard, impacting a wide range of devices running Linux, FreeBSD, Android, and iOS.

129

129

Bleeping Computer

MARCH 30, 2023

A new modular toolkit called 'AlienFox' allows threat actors to scan for misconfigured servers to steal authentication secrets and credentials for cloud-based email services. [.

Authentication 123

Authentication 123

CSO Magazine

MARCH 30, 2023

3CX is working on a software update for its 3CX DesktopApp, after multiple security researchers alerted the company of an active supply chain attack in it. The update will be released in the next few hours; meanwhile the company urges customers to use its PWA (progressive web application) client instead. “As many of you have noticed the 3CX DesktopApp has a malware in it.

Malware 123

Malware Software 123

Dark Reading

MARCH 30, 2023

The vulnerability would have allowed an unauthenticated attacker to execute code on a container hosted on one of the platform's nodes.

120

120

Advertisement

The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.

Cybersecurity

CyberSecurity Insiders

MARCH 30, 2023

Seasoned CISOs/CSOs understand the importance of effectively communicating cyber risk and the need for investment in cybersecurity defense to the board of directors. To ensure cybersecurity becomes a strategic part of the corporate culture, it is crucial for CISOs to present the topic in a clear, concise, and compelling manner. In this article, I will share my advice on best practices that can help CISOs successfully raise awareness and secure the necessary support from their organization’

Cybersecurity 119

Cybersecurity Cyber Risk CISO Risk 119

SecureWorld News

MARCH 30, 2023

We've all seen a movie or TV show where, in the future, our technologies have become so advanced that machines and Artificial Intelligence begin to take over the world. In many cases, albeit fictional, the machines prosper over humanity thanks to the ever-expanding capabilities of AI. A movie like Ex Machina or a show like Westworld play out this scenario very realistically, which is a bit frightening considering the trends we have seen recently in AI.

Artificial Intelligence 116

Artificial Intelligence Technology Risk Advertising 116

Naked Security

MARCH 30, 2023

Booby-trapped app, apparently signed and shipped by 3CX itself after its source code repository was broken into.

Risk 115

Risk Malware 115

Trend Micro

MARCH 30, 2023

In this fourth article, I introduce the discussion related to Industrial IoT, that is involved challenges to adopt cybersecurity strategy into modernizing environment.

IoT 113

IoT Cybersecurity Cyber threats Risk 113

Speaker: Sierre Lindgren

Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.

Scams

CSO Magazine

MARCH 30, 2023

An APT group known in the security industry as Winter Vivern has been exploiting a vulnerability in the Zimbra Collaboration software to gain access to mailboxes from government agencies in several European countries. While no clear links have been established between Winter Vivern and a particular country's government, security researchers have noted that its activities closely align with the interests of Russia and Belarus.

Government 111

Government Telecommunications Software Cybersecurity 111

Naked Security

MARCH 30, 2023

The only backup you will ever regret is the one you didn't make.

Backups 106

Backups Ransomware 106

CSO Magazine

MARCH 30, 2023

The layoffs are part of a restructuring initiative aimed at improving efficiency and customer service, Kyndryl says.

108

108

We Live Security

MARCH 30, 2023

ESET experts share their insights on the cyber-elements of the first year of the war in Ukraine and how a growing number of destructive malware variants tried to rip through critical Ukrainian systems The post ESET Research Podcast: A year of fighting rockets, soldiers, and wipers in Ukraine appeared first on WeLiveSecurity

Malware 106

Malware 106

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

Security Boulevard

MARCH 30, 2023

Executive leadership teams are overlooking critical gaps in vulnerability management within organizations, despite a series of high-profile breaches, according to an Action1 survey of 804 IT professionals. The study revealed that, on average, 20% of endpoints remain continuously unpatched due to laptop shutdowns or update errors, and 30% of organizations take more than a month.

Cybersecurity 105

Cybersecurity Network Security 105

The Hacker News

MARCH 30, 2023

Multi-cloud data storage, once merely a byproduct of the great cloud migration, has now become a strategy for data management. "Multi-cloud by design," and its companion the supercloud, is an ecosystem in which several cloud systems work together to provide many organizational benefits, including increased scale and overall resiliency.

Cloud Migration 103

Cloud Migration 103

CyberSecurity Insiders

MARCH 30, 2023

Zero trust security has become a buzzword in the cybersecurity world, emphasizing the need for a more robust and reliable security model. While most guides and articles focus on the technical aspects, there is a crucial element often overlooked: the human aspect and the organizational culture change required for a successful zero trust implementation.

Security Awareness 102

Security Awareness Education Cyber threats Cybersecurity 102

Bleeping Computer

MARCH 30, 2023

A Russian hacking group tracked as TA473, aka 'Winter Vivern,' has been actively exploiting vulnerabilities in unpatched Zimbra endpoints since February 2023 to steal the emails of NATO officials, governments, military personnel, and diplomats. [.

Government 102

Government Hacking 102

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

CyberSecurity Insiders

MARCH 30, 2023

Apple has almost made it official that it has acquired WaveOne company that uses Artificial Intelligence technology to compress videos. Well, the tech company did not release a press statement on the issue yet. But one of the former employees of WaveOne has given the world a hint by posting on his profile that the iPhone giant is now the parent company of the Mountain View startup.

Artificial Intelligence 101

Artificial Intelligence Mobile Technology Cybersecurity 101

Dark Reading

MARCH 30, 2023

Risk reassessment is shaking up the cybersecurity insurance market, leading some organizations to consider their options, including self-insurance.

Insurance 101

Insurance Cyber Insurance Marketing Risk 101

The Hacker News

MARCH 30, 2023

A new "comprehensive toolset" called AlienFox is being distributed on Telegram as a way for threat actors to harvest credentials from API keys and secrets from popular cloud service providers.

Malware 101

Malware 101

Bleeping Computer

MARCH 30, 2023

Multiple malware botnets actively target Cacti and Realtek vulnerabilities in campaigns detected between January and March 2023, spreading ShellBot and Moobot malware. [.

Malware 99

Malware 99

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!