Schneier on Security

NOVEMBER 14, 2022

The International Committee of the Red Cross wants some digital equivalent to the iconic red cross, to alert would-be hackers that they are accessing a medical network. The emblem wouldn’t provide technical cybersecurity protection to hospitals, Red Cross infrastructure or other medical providers, but it would signal to hackers that a cyberattack on those protected networks during an armed conflict would violate international humanitarian law, experts say, Tilman Rodenhäuser, a legal adviser to

Cybersecurity 211

Cybersecurity Healthcare Ransomware 211

Tech Republic Security

NOVEMBER 14, 2022

Next year, cybercriminals will be as busy as ever. Are IT departments ready? The post Top cybersecurity threats for 2023 appeared first on TechRepublic.

Cybersecurity 218

Cybersecurity Phishing Ransomware Malware 218

Schneier on Security

NOVEMBER 14, 2022

This is a current list of where and when I am scheduled to speak: I’m speaking at the 24th International Information Security Conference in Madrid, Spain, on November 17, 2022. The list is maintained on this page.

Information Security 186

Information Security 186

The Last Watchdog

NOVEMBER 14, 2022

Ever feel like your smart home has dyslexia? Siri and Alexa are terrific at gaining intelligence with each additional voice command. And yet what these virtual assistants are starkly missing is interoperability. Related: Why standards are so vital. Matter 1.0 is about to change that. This new home automation connectivity standard rolls out this holiday season with sky high expectations.

Internet 183

Internet Internet IoT Manufacturing 183

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Tech Republic Security

NOVEMBER 14, 2022

With data breaches on the rise, encryption has never been more important for protecting companies against hackers and cyberattacks. The post Data encryption as a crucial step to manage data access and security appeared first on TechRepublic.

Encryption 157

Encryption Data breaches Ransomware 157

We Live Security

NOVEMBER 14, 2022

An overview of the activities of selected APT groups investigated and analyzed by ESET Research in T2 2022. The post ESET APT Activity Report T2 2022 appeared first on WeLiveSecurity.

141

141

CyberSecurity Insiders

NOVEMBER 14, 2022

HaveIBeenPwned serves as a platform for those who can search for their email address to find whether it was accessed by hackers via a data breach. But what if the platform itself gets infiltrated and leaks the whole of its database to cyber crooks? Well, unconfirmed reports state that the entire database owned by the Microsoft Regional Director Troy Hunt was hacked by cyber criminals through an unknown vulnerability.

Cyber Attacks 131

Cyber Attacks Data breaches Hacking Media 131

Bleeping Computer

NOVEMBER 14, 2022

Microsoft is investigating a new known issue causing enterprise domain controllers to experience Kerberos sign-in failures and other authentication problems after installing cumulative updates released during this month's Patch Tuesday. [.].

Authentication 131

Authentication 131

IT Security Guru

NOVEMBER 14, 2022

Electric vehicles have become the hottest item in the market and sales are growing year after year. This is the most fundamental transformation in road transport; however, concerns do exist. Can the US grid sustain the increased demand for electricity and how can smart grids help in this direction? Can we limit the exposure of charging stations and vehicles to cyber-attacks?

Energy and Utilities 114

Energy and Utilities Accountability Risk Advertising 114

Security Boulevard

NOVEMBER 14, 2022

The dark web is a treasure trove of information, data, and malicious software. Most people do not know about the dark web and, if they do, they don’t really know what is available on it. For both professional and personal reasons, I worry about the dark web a lot. Here's why. This past weekend, I was in the car with my kids and somehow, I can’t remember how, we got on the subject of the dark web.

Social Engineering 110

Social Engineering Engineering Passwords Software 110

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Bleeping Computer

NOVEMBER 14, 2022

Google has agreed to pay $391.5 million to settle a lawsuit filed by a coalition of attorneys general from 40 U.S. states alleging that the search giant tracked Android users' locations since at least 2014 even when they thought location tracking was disabled. [.].

109

109

CyberSecurity Insiders

NOVEMBER 14, 2022

With Cloud Security, there is a myth prevailing among users that only the top brands offer many security resources, making them infallible. But according to John McDonough, the Consulting Cloud Architect from Fortinet, such an assumption is a myth as even the top brands such as Microsoft can fall prey to sophisticated attacks launched these days. Users need to change their viewpoint when it comes to foreseeing cloud security.

Architecture 108

Architecture Firewall Network Security Cybersecurity 108

Bleeping Computer

NOVEMBER 14, 2022

Following yesterday's deadly blast on ?stiklal Avenue in Istanbul, Turkish authorities began restricting access to social media including Instagram, Facebook, Twitter, YouTube and Telegram. [.].

Media 107

Media 107

CSO Magazine

NOVEMBER 14, 2022

New York-barred attorneys will be required to complete one continuing legal education (CLE) credit hour of cybersecurity, privacy, and data protection training as part of their biennial learning requirement beginning July 1, 2023. New York is the first jurisdiction to stipulate this specific requirement as the state aims to emphasize the technical competence duty of lawyers to meet professional, ethical and contractual obligations to safeguard client information.

Cybersecurity 103

Cybersecurity Education 103

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

The Hacker News

NOVEMBER 14, 2022

A new malicious campaign has compromised over 15,000 WordPress websites in an attempt to redirect visitors to bogus Q&A portals. "These malicious redirects appear to be designed to increase the authority of the attacker's sites for search engines," Sucuri researcher Ben Martin said in a report published last week, calling it a "clever black hat SEO trick.

Engineering 101

Engineering 101

Security Boulevard

NOVEMBER 14, 2022

SlashNext analyzed billions of link-based URLs, attachments, and natural language messages in email, mobile and browser channels over six months in 2022 and found more than 255 million attacks – a 61% increase in the rate of phishing attacks compared to 2021. The latest State of Phishing Report findings highlights that some security strategies are […].

Phishing 98

Phishing Mobile 98

Bleeping Computer

NOVEMBER 14, 2022

Microsoft has resolved a known issue causing connectivity problems for Windows customers using the DirectAccess service to access their organizations remotely without using a virtual private network (VPN). [.].

VPN 98

VPN 98

Security Boulevard

NOVEMBER 14, 2022

GDPR – Privacy First GDPR – Privacy First Let us start this by talking about why privacy is important to the business. You want to assure your customers, especially in Europe that you take their data seriously and will develop processes to protect it. The recent companies that have been fined by the European Union […]. The post GDPR – Privacy First first appeared on SecureFLO.

98

98

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

The Hacker News

NOVEMBER 14, 2022

Internet giant Google has agreed to pay a record $391.5 million to settle with 40 states in the U.S. over charges the company misled users about the collection of personal location data.

Internet 98

Internet Internet Accountability 98

Security Boulevard

NOVEMBER 14, 2022

In the next few minutes, you will explore the in-depth design of Azure services and capabilities to help you secure, manage and monitor your cloud data and infrastructure. As a managed service, Microsoft designs and operates its cloud services with security at the core and provides you with built-in controls and tools to meet your […]. The post Dig Deeper into the Essentials of Microsoft Azure Security appeared first on PeoplActive.

Engineering 98

Engineering 98

Bleeping Computer

NOVEMBER 14, 2022

A malicious for-profit group named 'Fangxiao' has created a massive network of over 42,000 web domains that impersonate well-known brands to redirect users to sites promoting adware apps, dating sites, or 'free' giveaways. [.].

Adware 95

Adware Mobile 95

Security Boulevard

NOVEMBER 14, 2022

BOULDER, Colo., Nov. 15, 2022 —Strata Identity, the Identity Orchestration company, today announced its first no-code Orchestration Recipes for deploying end-to-end, automated customer use cases on the Maverics multi-cloud identity orchestration platform. Why use Identity Orchestration Recipes instead of “connectors”? Traditional “connectors” merely link two identity products on a one-to-one basis, while Strata’s Orchestration Recipes.

98

98

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

Security Affairs

NOVEMBER 14, 2022

Researchers spotted a new evasive malware, tracked as KmsdBot, that infects systems via an SSH connection that uses weak credentials. Akamai Security Research discovered a new evasive Golang-based malware, tracked as KmsdBot, that infects systems via an SSH connection that uses weak login credentials. The malware was employed in cryptocurrency mining campaigns and to launch denial-of-service (DDoS) attacks.

DDOS 93

DDOS Malware Cryptocurrency Architecture 93

Security Boulevard

NOVEMBER 14, 2022

Cybersecurity threats are increasingly complex and destructive. With more devices connected to the internet than ever before, the number of exploitable vulnerabilities is expanding, and no organization is immune. One unprotected link in the security chain could enable hackers to unlock virtually limitless doors to access data. It’s become a never-ending arms race between bad.

Cybersecurity 98

Cybersecurity Internet Internet Data privacy 98

Bleeping Computer

NOVEMBER 14, 2022

The Russian scooter-sharing service Whoosh has confirmed a data breach after hackers started to sell a database containing the details of 7.2 million customers on a hacking forum. [.].

Data breaches 93

Data breaches Hacking 93

Security Boulevard

NOVEMBER 14, 2022

Application programming interfaces (APIs) allow businesses to package their internal resources and make them accessible in well-defined infrastructures. External-facing APIs make it possible for businesses to adopt the inverted firm model that has defined the success of every modern tech giant and countless smaller platform businesses. The post Why API security testing is crucial | Contrast Security appeared first on Security Boulevard.

98

98

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Dark Reading

NOVEMBER 14, 2022

Quantum computing's a clear threat to encryption, and post-quantum crypto means adding new cryptography to hardware and software without being disruptive.

Encryption 100

Encryption Software 100

Security Boulevard

NOVEMBER 14, 2022

Let’s find out what gives OT security experts the creeps. Most of the times, the issues are associated with IT. The duties of the Chief Information Security Officer (CISO) change and expand along with the industrial Internet of Things (IIoT) and operational technology (OT). The CISO must eliminate threats posed by warehouse systems, networked machinery, […].

CISO 98

CISO Internet Internet Technology 98

Security Affairs

NOVEMBER 14, 2022

Experts warn of a malicious SEO campaign that has compromised over 15,000 WordPress websites to redirect visitors to fake Q&A portals. Since September 2022, researchers from security firm Sucuri have tracked a surge in WordPress malware redirecting website visitors to fake Q&A sites via ois[.]is. The campaign’s end goal appears to be black hat SEO aimed at increasing the reputation of the attacker’s sites.

Malware 87

Malware Hacking Engineering Information Security 87

Security Boulevard

NOVEMBER 14, 2022

{{consumer="/components/cta/consumer"}} In today’s digital world, we rely on our mobile devices to navigate much of our daily lives. Beyond making calls and sending text messages, we use our phones for online shopping, banking, work, personal reminders, photos, videos, and so much more. . The post Is My Phone Hacked? Here’s How You Can Tell and What to Do | Lookout appeared first on Security Boulevard.

Hacking 92

Hacking Banking Mobile 92

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.