Schneier on Security
JANUARY 30, 2023
NIST is planning a significant update of its Cybersecurity Framework. At this point, it’s asking for feedback and comments to its concept paper. Do the proposed changes reflect the current cybersecurity landscape (standards, risks, and technologies)? Are the proposed changes sufficient and appropriate? Are there other elements that should be considered under each area?
Tech Republic Security
JANUARY 30, 2023
With Azure AD and FIDO security keys, you can make MFA more secure and avoid having to provision certificates on everyone’s phones. The post Unphishable mobile MFA through hardware keys appeared first on TechRepublic.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
SecureList
JANUARY 30, 2023
The dark web is a collective name for a variety of websites and marketplaces that bring together individuals willing to engage in illicit or shady activities. Dark web forums contain ads for selling and buying stolen data, offers to code malware and hack websites, posts seeking like-minded individuals to participate in attacks on companies, and many more.
Tech Republic Security
JANUARY 30, 2023
Learn some of today's most popular attacks and how to mitigate them with The All-in-One Ethical Hacking & Penetration Testing Bundle. The post Get nine ethical hacking courses for just $30 appeared first on TechRepublic.
Speaker: Erroll Amacker
Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.
Security Boulevard
JANUARY 30, 2023
Security and compliance risks are ranked as among the top barriers to achieving value from investments moving to the cloud as organizations grapple with what they consider an “urgent priority,” according to a recent report from Accenture. The global survey of 800 business and IT leaders revealed security continues to be one of the top. The post Security, Compliance Risks Complicate Cloud Migration Efforts appeared first on Security Boulevard.
Tech Republic Security
JANUARY 30, 2023
Current cybersecurity practices are woefully unprepared to meet the complexities of modern networks. Cloud services, remote users, personally-owned devices, mobile company assets and other forms of tech regularly move from outside the network in, and a once-safe device can’t be assumed to be safe again. It’s here that a new paradigm in cybersecurity thinking emerges: The post Zero trust security: A cheat sheet (free PDF) appeared first on TechRepublic.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
|
Security Boulevard
JANUARY 30, 2023
There is no debate that the software supply chain is filled with action. It’s the front lines of the security world these days. If you have a shadow of a doubt, search the history of SolarWinds, Codecov , or CircleCI for examples of how attackers use the supply chain as a gateway of compromise. The post 6 misconceptions about Software Bills of Materials appeared first on Security Boulevard.
CyberSecurity Insiders
JANUARY 30, 2023
By Sebastian Goodwin, CISO, Nutanix IT budgets and revenue growth areas are top of mind at the beginning of every calendar year, even more so with the current state of the world economy. IT departments and data teams are looking at the best ways to prioritize, maintain and build security measures – while being cost effective. It’s a tricky balance to strike but an important one as security cannot be overlooked.
Security Boulevard
JANUARY 30, 2023
One of the most imminent and pressing threats to organizations presently is harvest now, decrypt later (HNDL) attacks. According to a recent poll, half of responding professionals at organizations considering quantum computing benefits believe that their organizations are at risk for HNDL attacks. During an HNDL attack, threat actors will “harvest” encrypted data from unsuspecting.
eSecurity Planet
JANUARY 30, 2023
Two venture investors have launched an index to track the most popular open source security projects. Chenxi Wang of Rain Capital and Andrew Smyth of Atlantic Bridge unveiled the Open Source Security Index last month. The website leverages GitHub application programming interfaces (APIs) to make “finding open-source security projects easier for everyone.” Anyone can go to the site to discover “the most popular and fastest-growing open-source security (OSS) projects.” OSS
Advertisement
Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.
Security Boulevard
JANUARY 30, 2023
New and Noteworthy: ChatGPT Makes Waves Inside and Outside of the Tech Industry Since it was made publicly available in December, ChatGPT has prompted all sorts of reactions from both inside and outside technology circles. Microsoft, which previously invested $1B into ChatGPT creator company OpenAI, indicated it will invest another $10 billion into the company and that it would incorporate AI into all of Microsoft’s tools. ( 1 ) Cybercriminals also seem to see the potential in ChatGPT; some sec
CyberSecurity Insiders
JANUARY 30, 2023
BlackCat Ransomware has targeted an Indian firm that produces and supplies weaponry to military agencies across the subcontinent. And details are in that the hacking gang has now put the stolen data up for sale, as the victim failed to entertain their monetary demands. Solar Industries India Limited is the firm that became a victim of the BlackCat group and data breach and security firm CloudSEK has confirmed the incident as it has gathered confidential evidence to prove its stance.
Security Boulevard
JANUARY 30, 2023
Open source software provides companies with a competitive edge but when used incorrectly, it can lead to risks in the software supply chain. The post Open source software: A pillar of modern software development appeared first on Security Boulevard.
CSO Magazine
JANUARY 30, 2023
According to the most recent research report from ESG and the Information System Security Association International (ISSA), 57% of organizations claim that they’ve been impacted by the global cybersecurity skills shortage, while 44% of organizations believe the skills shortage has gotten worse over the past few years. The result? Increasing workloads on existing cybersecurity staff, job requisitions open for weeks or months, and high burnout rates and attrition for cybersecurity professionals.
Advertisement
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
Bleeping Computer
JANUARY 30, 2023
A U.S. No Fly list with over 1.5 million records of banned flyers and upwards of 250,000 'selectees' has been shared publicly on a hacking forum. BleepingComputer has confirmed, the list is the same TSA No Fly list that was discovered recently on an unsecured CommuteAir server. [.
Naked Security
JANUARY 30, 2023
Enjoy our Serious Security deep dive into this real-world example of why cryptographic agility is important!
CyberSecurity Insiders
JANUARY 30, 2023
JD Sports, Britain’s online retailer of branded sportswear, has reportedly become a victim of a cyber attack that leaked information of over 10 million customers. Details are in that the info belongs to all those customers who booked their orders on the platform from the past few years(say between Nov’18 to Oct’2020) and might include sensitive details of half of the affected consumers.
SecureBlitz
JANUARY 30, 2023
As a content creator, you might want to make your videos more accessible to a wider audience. With the help of captions, you can expand the reach of your viewers and make your podcasts, vlogs, or other content more engaging. Social media sites have made it easier to add captions to video, and some have […] The post 5 Easiest Ways To Add Captions To Video Fast appeared first on SecureBlitz Cybersecurity.
Speaker: Sierre Lindgren
Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.
SecureWorld News
JANUARY 30, 2023
You probably don't remember a TV series that aired on NBC in the mid 60s called Flipper. It actually stopped broadcasting before I was even born, but I do recall reruns involving criminal schemes foiled by an uncannily smart bottle-nosed dolphin named Flipper. Well, Flipper is back but in an entirely new way and for an entirely new generation. Flipper Zero has no shortage of wireless inputs and outputs Kickstarter sensation Flipper Zero is described as "a cyber dolphin who really loves to hack"
The Hacker News
JANUARY 30, 2023
Researchers are warning about a spike in exploitation attempts weaponizing a critical remote code execution flaw in Realtek Jungle SDK since the start of August 2022. According to Palo Alto Networks Unit 42, the ongoing campaign is said to have recorded 134 million exploit attempts as of December 2022, with 97% of the attacks occurring in the past four months.
Heimadal Security
JANUARY 30, 2023
Cybersecurity researchers uncovered a new strain of ransomware named Mimic. Mimic uses Everything API, a file search tool for Windows, to search for files to encrypt. Some of the code in Mimic is similar to that found in Conti, whose source code was leaked to a Ukrainian researcher in March 2022. As a sophisticated malware, […] The post New Mimic Ransomware Uses Windows Search Engine to Find and Encrypt Files appeared first on Heimdal Security Blog.
Bleeping Computer
JANUARY 30, 2023
QNAP is warning customers to install QTS and QuTS firmware updates that fix a critical security vulnerability allowing remote attackers to inject malicious code on QNAP NAS devices. [.
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
Heimadal Security
JANUARY 30, 2023
Researchers discovered a new attack on a Ukrainian target performed by Russian threat actors that used a new wiper malware that compromises the Windows operating system. SwiftSlicer, as the new malware was named, is attributed to the Sandworm malicious group known to work for the Russian General Staff Main Intelligence Directorate (GRU). More on the […] The post SwiftSlicer New Data-Wiping Malware Attacks Windows Operating Systems appeared first on Heimdal Security Blog.
The Hacker News
JANUARY 30, 2023
A new Golang-based information stealer malware dubbed Titan Stealer is being advertised by threat actors through their Telegram channel.
Security Affairs
JANUARY 30, 2023
Sports fashion retail JD Sports discloses a data breach that explosed data of about 10M customers who placed orders between 2018 and 2020. UK sports fashion chain JD Sports disclosed a data breach that exposed customer data from orders placed between November 2018 and October 2020. The company discovered unauthorized access to a server that contained data related to order placed by 10 million customers. “JD Sports Fashion Plc (“JD Sports”) has been the target of a cyber incide
Malwarebytes
JANUARY 30, 2023
In 2020, a photo of a woman sitting on a toilet—her shorts pulled half-way down her thighs—was shared on Facebook, and it was shared by someone whose job it was to look at that photo and, by labeling the objects in it, help train an artificial intelligence system for a vacuum. Bizarre? Yes. Unique? No. In December, MIT Technology Review investigated the data collection and sharing practices of the company iRobot , the developer of the popular self-automated Roomba vacuums.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Security Affairs
JANUARY 30, 2023
Taiwanese vendor QNAP is warning customers to install QTS and QuTS firmware updates to address a critical flaw impacting its NAS devices. QNAP released QTS and QuTS firmware updates to address a critical vulnerability, tracked as CVE-2022-27596 (CVSS v3 score: 9.8), that affects QNAP NAS devices. A remote attacker can exploit the vulnerability to inject malicious code on QNAP NAS devices.
Malwarebytes
JANUARY 30, 2023
After confirming threat actors were able to steal some of its code, Riot Games has also revealed that it received a ransom email from its attacker. The attackers demanding $10 million to stop them leaking source code from League of Legend's and other games. Riot's reply? Today, we received a ransom email. Needless to say, we won’t pay. While this attack disrupted our build environment and could cause issues in the future, most importantly we remain confident that no player data or player p
Security Affairs
JANUARY 30, 2023
A researcher disclosed technical details of a two-factor authentication bypass vulnerability affecting Instagram and Facebook. The researcher Gtm Manoz received a $27,000 bug bounty for having reported a two-factor authentication bypass vulnerability affecting Instagram and Facebook. The flaw resides in a component used by the parent company Meta for confirming a phone number and email address.
The Hacker News
JANUARY 30, 2023
GitHub on Monday disclosed that unknown threat actors managed to exfiltrate encrypted code signing certificates pertaining to some versions of GitHub Desktop for Mac and Atom apps. As a result, the company is taking the step of revoking the exposed certificates out of abundance of caution. The following versions of GitHub Desktop for Mac have been invalidated: 3.0.2, 3.0.3, 3.0.4, 3.0.5, 3.0.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Expert insights. Personalized for you.
61 
Let's personalize your content