Schneier on Security
OCTOBER 14, 2022
This is a current list of where and when I am scheduled to speak: I’m speaking at the World Ethical Data Forum , online, October 26-28, 2022. I’m speaking at the 24th International Information Security Conference in Madrid, Spain, on November 17, 2022. The list is maintained on this page.
Tech Republic Security
OCTOBER 14, 2022
Zero trust is one of the most used buzzwords in cybersecurity, but what exactly does this approach entail? The post Zero trust: Data-centric culture to accelerate innovation and secure digital business appeared first on TechRepublic.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Security Affairs
OCTOBER 14, 2022
Researchers disclosed details of a now-patched flaw, tracked as CVE-2022-37969, in Windows Common Log File System (CLFS). The CVE-2022-37969 (CVSS score: 7.8) flaw is a Windows Common Log File System Driver Elevation of Privilege Vulnerability. The Common Log File System (CLFS) is a general-purpose logging subsystem that can be used by applications running in both kernel mode and user mode for building high-performance transaction logs, and is implemented in the driver CLFS.sys.
Tech Republic Security
OCTOBER 14, 2022
At this week's event, Google presented its latest solutions as it tries to overtake Amazon and Microsoft in the cloud market. The post Google Next ’22: A new era of built-in cloud services appeared first on TechRepublic.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Bleeping Computer
OCTOBER 14, 2022
The U.S. Cybersecurity and Infrastructure Security (CISA) agency has announced RedEye, an open-source analytic tool for operators to visualize and report command and control (C2) activity. [.].
Tech Republic Security
OCTOBER 14, 2022
With the end of support looming, you need to plan to replace Exchange Server 2013 in the next few months, but there are more options than just upgrading. The post April is the end of Exchange 2013: Here’s what you need to know appeared first on TechRepublic.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Tech Republic Security
OCTOBER 14, 2022
The SplashID Pro password manager helps you securely store and manage your important digital data. Get it for more than 70% off today. The post Protect your digital life with SplashID Pro password manager appeared first on TechRepublic.
The Hacker News
OCTOBER 14, 2022
Tata Power Company Limited, India's largest integrated power company, on Friday confirmed it was targeted by a cyberattack. The intrusion on IT infrastructure impacted "some of its IT systems," the company said in a filing with the National Stock Exchange (NSE) of India.
Tech Republic Security
OCTOBER 14, 2022
Signal is phasing out SMS support from Android to enable it to focus on developing a more secure and reliable platform. The post Signal to remove SMS support from Android appeared first on TechRepublic.
Bleeping Computer
OCTOBER 14, 2022
The Dutch National Police, in collaboration with cybersecurity firm Responders.NU, tricked the DeadBolt ransomware gang into handing over 155 decryption keys by faking ransom payments. [.].
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Security Boulevard
OCTOBER 14, 2022
Australian police secret agents exposed in Colombian data leak, White House to roll out Energy Star-like ratings for IoT, a new data breach at Toyota. The post Cybersecurity News Round-Up: Week of October 10, 2022 appeared first on Security Boulevard.
Security Affairs
OCTOBER 14, 2022
Chinese-speaking threat actor, tracked as WIP19, is targeting telecommunications and IT service providers in the Middle East and Asia. SentinelOne researchers uncovered a new threat cluster, tracked as WIP19, which has been targeting telecommunications and IT service providers in the Middle East and Asia. The experts believe the group operated for cyber espionage purposes and is a Chinese-speaking threat group.
Security Boulevard
OCTOBER 14, 2022
This week in malware, we discovered and analyzed nearly five dozen packages flagged as malicious, suspicious, or dependency confusion attacks in npm and PyPI registries. The post This Week in Malware – Over 50 Packages Discovered appeared first on Security Boulevard.
Bleeping Computer
OCTOBER 14, 2022
Microsoft says new Prestige ransomware is being used to target transportation and logistics organizations in Ukraine and Poland in ongoing attacks. [.].
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
The Hacker News
OCTOBER 14, 2022
Web infrastructure and security company Cloudflare disclosed this week that it halted a 2.5 Tbps distributed denial-of-service (DDoS) attack launched by a Mirai botnet. Characterizing it as a "multi-vector attack consisting of UDP and TCP floods," researcher Omer Yoachimik said the DDoS attack targeted the Minecraft server Wynncraft in Q3 2022. "The entire 2.
Bleeping Computer
OCTOBER 14, 2022
On Thursday, a Puerto Rico judge sentenced a former University of Puerto Rico (UPR) student to 13 months in prison for hacking over a dozen email and Snapchat accounts of female colleagues. [.].
Dark Reading
OCTOBER 14, 2022
Once overloaded, our brains can't process information effectively, performance decreases, and even the simplest of tasks seem foreign.
Bleeping Computer
OCTOBER 14, 2022
Identities of secret agents working for the Australian Federal Police (AFP) have been exposed after hackers leaked documents stolen from the Colombian government. [.].
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Security Affairs
OCTOBER 14, 2022
Experts released the PoC exploit code for the authentication bypass flaw CVE-2022-40684 in FortiGate firewalls and FortiProxy web proxies. A proof-of-concept (PoC) exploit code for the authentication bypass vulnerability CVE-2022-40684 (CVSS score: 9.6) in FortiGate firewalls and FortiProxy web proxies has been released online. The vulnerability impacts FortiOS versions from 7.0.0 to 7.0.6 and from 7.2.0 to 7.2.1.
Heimadal Security
OCTOBER 14, 2022
A new attack and C2 framework called “Alchimist” was discovered recently by cybersecurity researchers having actively targeted Windows, Linux, and macOS systems. The framework and all of its files are 64-bit executables created in the programming language GoLang, which greatly facilitates cross-compatibility between various operating systems. How Alchimist Works?
eSecurity Planet
OCTOBER 14, 2022
In a BNB Chain blog post in early October, the authors announced that about two million BNB crypto tokens were stolen. The value? It was over a whopping $560 million. At the time, the BNB Chain had $5.45 billion in DeFi (decentralized finance) assets. The platform is a part of Binance, the world’s largest cryptocurrency. The vulnerability was in the cross-chain bridge.
Bleeping Computer
OCTOBER 14, 2022
Microsoft has improved the Microsoft Edge efficiency mode feature in the latest stable release to increase battery life when the device is unplugged or on low battery. [.].
Advertisement
The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.
eSecurity Planet
OCTOBER 14, 2022
Patch management is all about helping organizations manage the process of patching software and applications. It encompasses functions such as testing patches, prioritizing them, deploying them, verifying that they are installed in all endpoints, and in general looking after every aspect of patching. But patching can be a time-consuming – and ineffective – task.
Heimadal Security
OCTOBER 14, 2022
In an ever-changing cyberthreat scenario, endpoint security software with the correct mix of endpoint protection features can help protect your company’s critical resources. Here are the essential features of advanced endpoint security tools you need to look for! 10 Essential Features of Advanced Endpoint Security Tools It’s true that there are so many choices available […].
Dark Reading
OCTOBER 14, 2022
The authentication bypass flaw in FortiOS, FortiProxy and FortiSwitchManager is easy to find and exploit, security experts say.
Cisco Security
OCTOBER 14, 2022
Inspiring discussions around innovative tech . Technology has typically had a reputation for being exciting and inventive. Unfortunately, this hasn’t always been the case for security. But times have changed. We are now recognizing the crucial role security plays in any groundbreaking technology. Without strong defenses, even the most visionary app is likely to crash and burn.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Security Boulevard
OCTOBER 14, 2022
Insight #1. ". The White House says “Energy Star” security labels for Internet of Things (IoT) devices are coming! This is so exciting, but they need to be required and not opt-in. And if we are getting what we wish for, expand these labels to all software.". . Insight #2. ". Keeping software up to date is one of the best ways to prevent successful attacks.
Heimadal Security
OCTOBER 14, 2022
Magniber Ransomware finds its way again into Windows home users’ computers, this time through false security updates, as shown in a recent report released by HP’s threat intelligence team. In September, the threat actors built websites that advertised false antivirus and security updates for Windows 10. The malicious files that were downloaded (ZIP archives) contained […].
We Live Security
OCTOBER 14, 2022
More than a dozen organizations operating in various verticals were attacked by the threat actor. The post ESET research into POLONIUM’s arsenal – Week in security with Tony Anscombe appeared first on WeLiveSecurity.
Dark Reading
OCTOBER 14, 2022
The default email encryption used in Microsoft Office's cloud version is leaky, which the company acknowledged but said it wouldn't fix.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Expert insights. Personalized for you.
180 
Let's personalize your content