Mon.Mar 13, 2023

article thumbnail

Artificial Intelligence in Cybersecurity: Boon or Bane? – A Free Webinar With Joseph Steinberg, Author of Cybersecurity For Dummies

Joseph Steinberg

As pretty much every professional knows, the cyber-threat landscape is constantly and rapidly evolving as hackers discover new techniques to breach organizations. While the introduction of artificial intelligence (AI) is certainly delivering many benefits to mankind, including in the realm of cybersecurity, it has also created all sorts of new risks as evildoers seek to harness AI for their illicit and harmful purposes.

article thumbnail

GUEST ESSAY: Could CISOs be on the verge of disproving the ‘security-as-a-cost-center’ fallacy?

The Last Watchdog

This year has kicked off with a string of high-profile layoffs — particularly in high tech — prompting organizations across all sectors to both consider costs and plan for yet another uncertain 12 or more months. Related: Attack surface management takes center stage. So how will this affect chief information security officers (CISOs) and security programs?

CISO 203
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

New Hiatus malware campaign targets routers

Tech Republic Security

A new malware dubbed HiatusRAT infects routers to spy on its targets, mostly in Europe and in the U.S. Learn which router models are primarily targeted and how to protect from this security threat. The post New Hiatus malware campaign targets routers appeared first on TechRepublic.

Malware 147
article thumbnail

6 reasons why your anti-phishing strategy isn’t working

CSO Magazine

Phishing attempts are typically like fishing in a barrel — given enough time, a bad actor is 100% likely to reel in a victim. Once they recognize organizations as habitually vulnerable, they will continue to target them and the barrel-fishing cycle goes on and on. “Bad actors are highly motivated and funded with the sole attempt to be successful at attracting only one victim,” says Johanna Baum, CEO and founder of Strategic Security Solutions Consulting.

Phishing 131
article thumbnail

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

Speaker: Speakers:

They say a defense can be measured by its weakest link. In your cybersecurity posture, what––or who––is the weakest link? And how can you make them stronger? This webinar will equip you with the resources to search for quality training, implement it, and improve the cyber-behaviors of your workforce. By the end of the hour, you will feel empowered to improve the aspects of your security posture you control the least – the situational awareness and decision-making of your workforce.

article thumbnail

How internet-facing webcams could put your organization at risk

Tech Republic Security

By exploiting webcams and other IoT devices, hackers can spy on private and professional conversations, potentially giving them access to sensitive information, says BitSight. The post How internet-facing webcams could put your organization at risk appeared first on TechRepublic.

Internet 137
article thumbnail

What to Do If Your Phone Is Lost or Stolen

Identity IQ

What to Do If Your Phone Is Lost or Stolen IdentityIQ Losing your phone can feel like the end of the world. One minute it’s in your pocket, and the next you can’t find it anywhere! Whether it was dropped somewhere, taken by someone, or completely disappeared into thin air, you’re now in a whirlwind of worry and frustration. No doubt you are concerned about the cost of replacing an expensive smartphone.

More Trending

article thumbnail

Coffee with the Council Podcast: Help Elect the Council’s Next Board of Advisors

PCI perspectives

Hello and welcome to Coffee with the Council. I’m Alicia Malone, Senior Manager of Public Relations at the PCI Security Standards Council. This month, we begin the election phase of the Council’s new Board of Advisors for the 2023 to 2025 term.

101
101
article thumbnail

Fake ChatGPT browser extension is hijacking Facebook Business accounts

ZoneAlarm

A fake ChatGPT extension named “Quick access to ChatGPT” has been found to hijack Facebook business accounts. The extension injects malicious code into the Facebook pages of targeted businesses, allowing attackers to gain unauthorized access to the accounts and take over their management functions. This has led to multiple businesses reporting similar incidents of unauthorized … The post Fake ChatGPT browser extension is hijacking Facebook Business accounts appeared first on Zo

article thumbnail

Kali Linux 2023.1 introduces 'Purple' distro for defensive security

Bleeping Computer

​Offensive Security has released ​Kali Linux 2023.1, the first version of 2023 and the project's 10th anniversary, with a new distro called 'Kali Purple,' aimed at Blue and Purple teamers for defensive security. [.

98
article thumbnail

Fake ChatGPT Chrome Extension Hijacking Facebook Accounts for Malicious Advertising

The Hacker News

A fake ChatGPT-branded Chrome browser extension has been found to come with capabilities to hijack Facebook accounts and create rogue admin accounts, highlighting one of the different methods cyber criminals are using to distribute malware.

article thumbnail

The Importance of User Roles and Permissions in Cybersecurity Software

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

article thumbnail

Why You Need to Emphasize Cloud Security

Security Boulevard

In today’s digital age, businesses of all sizes rely heavily on cloud technology to store, process and access their critical data and applications. While cloud computing offers numerous benefits, it also poses significant security challenges that can jeopardize the confidentiality, integrity and availability of sensitive information. Cyberattacks are becoming more frequent and sophisticated, and businesses.

article thumbnail

Golang-Based Botnet GoBruteforcer targets web servers

Security Affairs

A recently discovered Golang-based botnet, dubbed GoBruteforcer, is targeting web servers running FTP, MySQL, phpMyAdmin, and Postgres services Researchers from Palo Alto Networks Unit 42 recently discovered a Golang-based botnet, tracked as GoBruteforcer, which is targeting web servers running FTP, MySQL, phpMyAdmin, and Postgres services. In order to compromise a target system, the samples require special conditions on it, such as the use of specific arguments and targeted services already bei

article thumbnail

3 key insights from the Entrust Cybersecurity Institute’s “Future of Identity” Report

Security Boulevard

We surveyed 1,450 consumers globally to understand how they feel about emerging identity topics —. The post 3 key insights from the Entrust Cybersecurity Institute’s “Future of Identity” Report appeared first on Entrust Blog. The post 3 key insights from the Entrust Cybersecurity Institute’s “Future of Identity” Report appeared first on Security Boulevard.

article thumbnail

Employee termination policy

Tech Republic Security

PURPOSE This policy provides termination guidelines, including the process of disabling former employee access, reclaiming company equipment and finalizing payroll/benefits details. It complements our Employee termination checklist, which should be filled out by involved individuals/departments and can be printed or used in electronic format shared with appropriate personnel.

81
article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

Let’s Stop Talking About the ‘Largest’ DDoS Attack

Security Boulevard

There have been a slew of DDoS attacks recently that are serious, but to focus on the size of the latest attack is the wrong thing to do. What we need to focus on are the impacts of these attacks. Would the CFO consider the site being down for less than an hour to be. The post Let’s Stop Talking About the ‘Largest’ DDoS Attack appeared first on Security Boulevard.

DDOS 97
article thumbnail

"Brad Pitt," a still body, ketchup, and a knife, or the best trick ever played on a romance scammer, with Becky Holmes: Lock and Code S04E06

Malwarebytes

Becky Holmes knows how to throw a romance scammer off script—simply bring up cannibalism. In January, Holmes shared on Twitter that an account with the name "Thomas Smith" had started up a random chat with her that sounded an awful lot like the beginnins stages of a romance scam. But rather than instantly ignoring and blocking the advances—as Holmes recommends everyone do in these types of situations—she first had a little fun.

Scams 92
article thumbnail

Large-scale Cyber Attack Hijacks East Asian Websites for Adult Content Redirects

The Hacker News

A widespread malicious cyber operation has hijacked thousands of websites aimed at East Asian audiences to redirect visitors to adult-themed content since early September 2022.

article thumbnail

Outlook app to get built-in Microsoft 365 MFA on Android, iOS

Bleeping Computer

Microsoft will soon fast-track multi-factor authentication (MFA) adoption for its Microsoft 365 cloud productivity platform by adding MFA capabilities to the Outlook email client. [.

article thumbnail

Cybersecurity Predictions for 2024

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

article thumbnail

Warning: AI-generated YouTube Video Tutorials Spreading Infostealer Malware

The Hacker News

Threat actors have been increasingly observed using AI-generated YouTube Videos to spread a variety of stealer malware such as Raccoon, RedLine, and Vidar.

Malware 96
article thumbnail

NordVPN makes its Meshnet private tunnel free for everyone

Bleeping Computer

NordVPN's Meshnet private tunnel feature for Windows, macOS, and Linux is now free for everyone, even users who do not have a subscription to NordVPN. [.

article thumbnail

5 signs you’ve fallen for a scam – and what to do next

We Live Security

Here’s how to know you have fallen victim to a scam – and what to do in order to undo or mitigate the damage.

Scams 114
article thumbnail

Fortinet FortiOS Flaw Exploited in Targeted Cyberattacks on Government Entities

The Hacker News

Government entities and large organizations have been targeted by an unknown threat actor by exploiting a security flaw in Fortinet FortiOS software to result in data loss and OS and file corruption.

article thumbnail

Beware of Pixels & Trackers on U.S. Healthcare Websites

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

article thumbnail

Air-Gapped Computers Vulnerable to Data Stealing Through Internal Speakers

Heimadal Security

South Korean researchers presented a new covert channel attack named CASPER. It uses internal speakers to leak data from air-gapped PCs to nearby smartphones at a rate of 20 bits per second. Until now, similar attacks used external speakers. But network-isolated systems, commonly used in highly secretive organizations, do not usually have external speakers.

article thumbnail

Hackers steal $197 million in crypto in Euler Finance attack

Bleeping Computer

Lending protocol Euler Finance was hit by a cryptocurrency flash loan attack on Sunday, with the threat actor stealing $197 million in multiple digital assets. [.

article thumbnail

Researchers Uncover Over a Dozen Security Flaws in Akuvox E11 Smart Intercom

The Hacker News

More than a dozen security flaws have been disclosed in E11, a smart intercom product made by Chinese company Akuvox. "The vulnerabilities could allow attackers to execute code remotely in order to activate and control the device's camera and microphone, steal video and images, or gain a network foothold," Claroty security researcher Vera Mens said in a technical write-up.

84
article thumbnail

5 Lessons Learned From Hundreds of Penetration Tests

Dark Reading

Developers must balance creativity with security frameworks to keep applications safe. Correlating business logic with security logic will pay in safety dividends.

article thumbnail

5 Key Findings From the 2023 FBI Internet Crime Report

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

article thumbnail

Clop ransomware is victimizing GoAnywhere MFT customers

Malwarebytes

According to information gathered by BleepingComputer , the Clop ransomware group has claimed responsibility for the ransomware attacks that are tied to a vulnerability in the Fortra GoAnywhere MFT secure file-sharing solution. As we reported on February 8, Fortra released an emergency patch (7.1.2) for an actively exploited zero-day vulnerability found in the GoAnywhere MFT administrator console.

article thumbnail

Fake Job Proposals Used to Deploy Malware – Security Researchers Targeted

Heimadal Security

North Korean based threat actors are believed to be actively seeking security researchers and media outlets with fake job proposals aimed at U.S. and European victims. Three different families of malware are deployed into the target’s environment, and social engineering techniques are used to convince their targets to engage in a WhatsApp conversation.

Malware 81
article thumbnail

SVB Meltdown: What It Means for Cybersecurity Startups' Access to Capital

Dark Reading

The implosion of Silicon Valley Bank will impact investors, startups, and enterprise customers as they become more cautious over the near term, security experts say.

Banking 83
article thumbnail

CISA adds Plex Media Server bug, exploited in LastPass attack, to Known Exploited Vulnerabilities Catalog

Security Affairs

US CISA added remote code execution vulnerability in Plex Media Server to its Known Exploited Vulnerabilities Catalog. U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a remote code execution (RCE) vulnerability in the Plex Media Server, tracked as CVE-2020-5741 (CVSS score: 7.2), to its Known Exploited Vulnerabilities Catalog.

Media 79
article thumbnail

Software Composition Analysis: The New Armor for Your Cybersecurity

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?