Troy Hunt
APRIL 19, 2023
I want to try something new here - bear with me here: Data breach processing is hard and the hardest part of all is getting in touch with organisations and disclosing the incident before I load anything into Have I Been Pwned (HIBP). It's also something I do almost entirely in isolation, sitting here on my own trying to put the pieces together to work out what happened.
Schneier on Security
APRIL 19, 2023
EFF has a good explainer on the problems with the new UN Cybercrime Treaty, currently being negotiated in Vienna. The draft treaty has the potential to rewrite criminal laws around the world, possibly adding over 30 criminal offenses and new expansive police powers for both domestic and international criminal investigations. […] While we don’t think the U.N.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Tech Republic Security
APRIL 19, 2023
Ransomware attacks skyrocketed last month according to the new monthly cybersecurity report by NCC Group. New threat group Cl0p is behind the increase as it exploited vulnerabilities in GoAnywhere file transfer manager. The post Ransomware attacks increased 91% in March, as threat actors find new vulnerabilities appeared first on TechRepublic.
WIRED Threat Level
APRIL 19, 2023
The breach of the right-wing provocateur was simply a way of “stirring up some drama,” the attacker tells WIRED. But the damage could have been much worse.
Speaker: Erroll Amacker
Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.
Bleeping Computer
APRIL 19, 2023
The Play ransomware group has developed two custom tools in.NET, namely Grixba and VSS Copying Tool, which it uses to improve the effectiveness of its cyberattacks. [.
CyberSecurity Insiders
APRIL 19, 2023
Meta, the parent company of Facebook, has introduced a new AI model to the world that can identify objects in an image. The newly developed AI model is known as the “Segment Anything Model” (SAM for short) and can understand objects inside images and videos. The ability to detect specific objects is called segmentation, and Meta seems to be democratizing its AI development for analyzing objects on ocean floors, various underwater photography sceneries, space, and country borders.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
|
Dark Reading
APRIL 19, 2023
Unsophisticated attackers can pinpoint where a person lives by lifting metadata from Strava and other apps, even if they're using a feature specifically aimed at protecting their location information.
Security Boulevard
APRIL 19, 2023
Uber is in the headlines once again for losing sensitive data. However, this round of data exposure isn’t due to a breach of Uber’s facilities. Rather, New Jersey-based law firm Genova Burns was storing data about Uber’s drivers, including social security numbers, taxpayer identification and other personally identifiable information (PII) when attackers exfiltrated the data.
Bleeping Computer
APRIL 19, 2023
In a confusing mess, a recent Microsoft Defender update rolled out a new security feature called 'Kernel-mode Hardware-enforced Stack Protection,' while removing the LSA protection feature. Unfortunately, Microsoft has not provided any documentation on this change, leading to more questions than answers. [.
Security Boulevard
APRIL 19, 2023
For software development teams to maintain and properly set up development environments and pipelines, they need to use software secrets such as environment variables, tokens and keys in these processes. The post Secrets Exposed: The why, the how – and what to do about – secrets security in software appeared first on Security Boulevard.
Advertisement
Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.
The Hacker News
APRIL 19, 2023
Google on Tuesday rolled out emergency fixes to address another actively exploited high-severity zero-day flaw in its Chrome web browser. The flaw, tracked as CVE-2023-2136, is described as a case of integer overflow in Skia, an open source 2D graphics library. Clément Lecigne of Google's Threat Analysis Group (TAG) has been credited with discovering and reporting the flaw on April 12, 2023.
Security Boulevard
APRIL 19, 2023
Lacework today announced it has added a risk vulnerability scoring capability to its cloud-native application protection platform (CNAPP) that can be customized to a specific cloud computing environment. Lacework also announced it has expanded its attack path analysis capabilities to add support for Kubernetes. Kate MacLean, senior director of product marketing for Lacework, said this.
CSO Magazine
APRIL 19, 2023
The UK National Cyber Security Centre (NCSC) has issued an alert to critical national infrastructure (CNI) organisations warning of an emerging threat from state-aligned groups, particularly those sympathetic to Russia’s invasion of Ukraine. The alert states that newly emerged groups could launch “destructive and disruptive attacks” with less predictable consequences than those of traditional cybercriminals, with CNI organisations strongly encouraged to follow NCSC advice on steps to take when c
Security Boulevard
APRIL 19, 2023
Most executives view mobile applications as a crucial component of their organization’s business strategy. Mobile apps help companies generate revenue, engage with customers and create new business opportunities. With mobile apps accounting for over 70% of all digital time, they will help generate nearly $1 trillion in revenue by the end of 2023. However, many.
Advertisement
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
IT Security Guru
APRIL 19, 2023
Online casinos and other gambling websites have revolutionized how many gamblers play. Whereas gambling used to be restricted to specific physical locations, punters can now freely enjoy a quick betting session regardless of where they are. The opportunities such websites make possible are seemingly endless, and many people have taken full advantage of their accessibility and convenience.
CSO Magazine
APRIL 19, 2023
The Open Source Security Foundation (OpenSSF) has announced the release of Supply-chain Levels for Software Artifacts (SLSA) v.1.0 with structure changes designed to make the software supply chain security framework more accessible and specific to individual areas of the software delivery lifecycle. SLSA is a community-driven supply chain security standards project that outlines increasing security rigor within the software development process.
Heimadal Security
APRIL 19, 2023
Following a ransomware attack back in March, sensitive employee data was compromised at CommScope, a major US telecommunications and IT infrastructure company. The Vice Society ransom gang claims to have published CommScope employee data on its dark web leak site. The Fortune 500 communications and technology infrastructure provider is a North Carolina–based company, which designs and […] The post US Company CommScope Hit by Ransomware appeared first on Heimdal Security Blog.
The Hacker News
APRIL 19, 2023
The Pakistan-based advanced persistent threat (APT) actor known as Transparent Tribe used a two-factor authentication (2FA) tool used by Indian government agencies as a ruse to deliver a new Linux backdoor called Poseidon. "Poseidon is a second-stage payload malware associated with Transparent Tribe," Uptycs security researcher Tejaswini Sandapolla said in a technical report published this week.
Speaker: Sierre Lindgren
Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.
Security Boulevard
APRIL 19, 2023
Digitalization means you need to build more complex software than ever before – the Polaris Software Integrity Platform® can help. The post Polaris integrations: Secure development at the speed of business appeared first on Security Boulevard.
The Hacker News
APRIL 19, 2023
Elite hackers associated with Russia's military intelligence service have been linked to large-volume phishing campaigns aimed at hundreds of users in Ukraine to extract intelligence and influence public discourse related to the war.
Bleeping Computer
APRIL 19, 2023
March 2023 was the most prolific month recorded by cybersecurity analysts in recent years, measuring 459 attacks, an increase of 91% from the previous month and 62% compared to March 2022. [.
We Live Security
APRIL 19, 2023
Before you rush to buy new hardware, try these simple tricks to get your machine up to speed again – and keep it that way. The post PC running slow?
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
The Hacker News
APRIL 19, 2023
U.K. and U.S. cybersecurity and intelligence agencies have warned of Russian nation-state actors exploiting now-patched flaws in networking equipment from Cisco to conduct reconnaissance and deploy malware against targets. The intrusions, per the authorities, took place in 2021 and targeted a small number of entities in Europe, U.S. government institutions, and about 250 Ukrainian victims.
We Live Security
APRIL 19, 2023
The legislation aims to bolster the Union’s cyber-resilience and enhance its capabilities to prepare for, detect and respond to incidents The post The EU’s Cyber Solidarity Act: Security Operations Centers to the rescue!
The Hacker News
APRIL 19, 2023
Recent data breaches across CircleCI, LastPass, and Okta underscore a common theme: The enterprise SaaS stacks connected to these industry-leading apps can be at serious risk for compromise. CircleCI, for example, plays an integral, SaaS-to-SaaS role for SaaS app development.
Security Affairs
APRIL 19, 2023
Google rolled out emergency security patches to address another actively exploited high-severity zero-day flaw in the Chrome browser. Google rolled out emergency fixes to address another actively exploited high-severity zero-day flaw, tracked as CVE-2023-2136 , in its Chrome web browser. The vulnerability is an Integer overflow in the Skia graphics library, the issue was reported by Clément Lecigne of Google’s Threat Analysis Group on April 12, 2023.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
The Hacker News
APRIL 19, 2023
The cyber espionage actor tracked as Blind Eagle has been linked to a new multi-stage attack chain that leads to the deployment of the NjRAT remote access trojan on compromised systems. "The group is known for using a variety of sophisticated attack techniques, including custom malware, social engineering tactics, and spear-phishing attacks," ThreatMon said in a Tuesday report.
Security Affairs
APRIL 19, 2023
An Iran-linked APT group tracked as Mint Sandstorm is behind a string of attacks aimed at US critical infrastructure between late 2021 to mid-2022. Microsoft has linked the Iranian Mint Sandstorm APT (previously tracked by Microsoft as PHOSPHORUS ) to a series of attacks aimed at US critical infrastructure between late 2021 to mid-2022. The IT giant reported Mint Sandstorm is refining its tactics, techniques, and procedures (TTPs).
eSecurity Planet
APRIL 19, 2023
Portnox Cloud offers network access control (NAC) as a cloud-hosted SaaS solution that enables rapid deployment of basic NAC capabilities. Although the capabilities are more limited than some NAC competitors, the quick deployment and reduced IT labor costs make Portnox Cloud an attractive solution for many. To compare Portnox Cloud against competitors, see our complete list of top network access control (NAC) solutions.
Security Affairs
APRIL 19, 2023
UK and US agencies are warning of Russia-linked APT28 group exploiting vulnerabilities in Cisco networking equipment. Russia-linked APT28 group accesses unpatched Cisco routers to deploy malware exploiting the not patched CVE-2017-6742 vulnerability (CVSS score: 8.8), states a joint report published by the UK National Cyber Security Centre ( NCSC ), the US National Security Agency ( NSA ), US Cybersecurity and Infrastructure Security Agency ( CISA ) and US Federal Bureau of Investigation ( FBI )
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Expert insights. Personalized for you.
64 
Let's personalize your content