Schneier on Security

MAY 12, 2023

Ted Chiang has an excellent essay in the New Yorker : “Will A.I. Become the New McKinsey?” The question we should be asking is: as A.I. becomes more powerful and flexible, is there any way to keep it from being another version of McKinsey? The question is worth considering across different meanings of the term “A.I.” If you think of A.I. as a broad set of technologies being marketed to companies to help them cut their costs, the question becomes: how do we keep those technologies fro

Risk 334

Risk Software Technology Marketing 334

Tech Republic Security

MAY 12, 2023

Someone who gains physical access to an iPhone or Android phone could use the Phone Link app to spy on the user’s text messages, phone calls and notifications, says Certo. The post How cyberstalkers could access your iPhone using the Windows Phone Link app appeared first on TechRepublic.

Mobile 212

Mobile Software Cybersecurity 212

Bleeping Computer

MAY 12, 2023

Discord is notifying users of a data breach that occurred after the account of a third-party support agent was compromised. [.

Data breaches 144

Data breaches Hacking Accountability 144

CyberSecurity Insiders

MAY 12, 2023

Automation transforms the audit experience. What was once a burden to bear becomes a competitive advantage that lets your company maximize every opportunity. Streamlining the audit process is not the only benefit compliance automation. From higher productivity to stronger security posture, automation improves your compliance program. Learn more about the benefits of compliance automation and then schedule a demo to see how you can streamline your audit processes.

Risk 139

Risk Software Cybersecurity 139

Speaker: Erroll Amacker

Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.

Risk

The Hacker News

MAY 12, 2023

As many as five security flaws have been disclosed in Netgear RAX30 routers that could be chained to bypass authentication and achieve remote code execution.

Surveillance 133

Surveillance Malware Internet Internet 133

Graham Cluley

MAY 12, 2023

Cybercriminals have developed a new malware threat which can steal highly sensitive data from the Mac computers it infects.

Malware 130

Malware Passwords 130

Naked Security

MAY 12, 2023

Not just an active adversary, but a two-faced one, too.

Ransomware 126

Ransomware 126

We Live Security

MAY 12, 2023

Strike a balance between making the internet a safer place for your children and giving them the freedom to explore, learn and socialize The post Why you need parental control software – and 5 features to look for appeared first on WeLiveSecurity

Software 124

Software Internet Internet 124

CyberSecurity Insiders

MAY 12, 2023

Coming May 14th, 2023, most of the world will be celebrating Mother’s Day for this year. So, obviously many of the daughters and sons will be shopping to gift for their loved ones and this is where scammers will be preying on innocent victims by exploiting their sentiments on the special occasion. False online retailers, false ads related to holidays, fake coupons and gift cards, Facebook Marketplace scams, AI based voice scams, Impersonation threats, investments and delivery scams phishing are

Scams 122

Scams Retail Advertising Phishing 122

The Hacker News

MAY 12, 2023

A previously undocumented and mostly undetected variant of a Linux backdoor called BPFDoor has been spotted in the wild, cybersecurity firm Deep Instinct said in a technical report published this week. "BPFDoor retains its reputation as an extremely stealthy and difficult-to-detect malware with this latest iteration," security researchers Shaul Vilkomir-Preisman and Eliran Nissan said.

Malware 119

Malware Cybersecurity 119

Advertisement

Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.

Cyber threats

Dark Reading

MAY 12, 2023

One long-awaited security move caused a ripple effect in the cybercrime ecosystem.

Cybercrime 116

Cybercrime 116

We Live Security

MAY 12, 2023

What have some of the world's most infamous advanced threat actors been up to and what might be the implications of their activities for your business?

115

115

Security Boulevard

MAY 12, 2023

Insight #1 "Privacy is becoming a problem for many organizations. In a 2023 report by IAPP, 80% of consumers sometimes or always stop doing business with a company after a breach." Insight #2 "We need to start treating all data as regulated data and if you collect data for one purpose you cannot just use it for another purpose. This is especially important in thinking about your AI strategies.

CISO 113

CISO Cybersecurity 113

Bleeping Computer

MAY 12, 2023

Toyota Motor Corporation disclosed a data breach on its cloud environment that exposed the car-location information of 2,150,000 customers for ten years, between November 6, 2013, and April 17, 2023. [.

Data breaches 112

Data breaches 112

Advertisement

The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.

Cybersecurity

Dark Reading

MAY 12, 2023

The privilege escalation flaw is one in thousands that researchers have disclosed in recent years.

110

110

eSecurity Planet

MAY 12, 2023

A vulnerability management policy sets the ground rules for the process, minimum standards, and reporting requirements for vulnerability management. An effective vulnerability management policy can help with the cyclical process of discovering and managing vulnerabilities found within IT hardware, software, and systems. A documented policy enables IT teams to create a trackable and repeatable process that meets the expectations of executives and conforms to compliance requirements.

Penetration Testing 109

Penetration Testing Risk Cybersecurity Government 109

Dark Reading

MAY 12, 2023

Dubbed "ChattyGoblin," the China-backed actors use chatbots to scam Southeast Asian gambling companies.

Scams 108

Scams 108

eSecurity Planet

MAY 12, 2023

eSecurity Planet may receive a commission from vendor links. Our recommendations are independent of any commissions, and we only recommend solutions we have personally used or researched and meet our standards for inclusion. How to use this template: Comments intended to guide understanding and use of this template will be enclosed in brackets “[…]” and the ‘company’ will be listed as [eSecurity Planet] throughout the document.

Penetration Testing 109

Penetration Testing Risk Firmware Software 109

Speaker: Sierre Lindgren

Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.

Scams

CyberSecurity Insiders

MAY 12, 2023

Being a mother and working in cybersecurity necessitates unique skillsets. As mothers, we understand time management, communication, and positive reinforcement. We emphasize the value of clear instructions and providing positive reinforcement. Mothers possess the capacity to remain calm and composed in any circumstance, while also possessing the skillset needed to coach, teach, or evaluate a situation.

Risk 104

Risk Cybersecurity Technology Threat Detection 104

The Hacker News

MAY 12, 2023

Cybersecurity researchers have discovered an ongoing phishing campaign that makes use of a unique attack chain to deliver the XWorm malware on targeted systems. Securonix, which is tracking the activity cluster under the name MEME#4CHAN, said some of the attacks have primarily targeted manufacturing firms and healthcare clinics located in Germany.

Malware 100

Malware Manufacturing Healthcare Phishing 100

Dark Reading

MAY 12, 2023

Regulators should apply a healthy skepticism to generative AI developments to guarantee a competitive marketplace.

99

99

Security Affairs

MAY 12, 2023

The leak of the source code of the Babuk ransomware allowed 9 ransomware gangs to create their own ransomware targeting VMware ESXi systems. SentinelLabs researchers have identified 10 ransomware families using VMware ESXi lockers based on the source code of the Babuk ransomware that was leaked in 2021. The experts pointed out that these ransomware families were detected through H2 2022 and H1 2023, a circumstance that suggests that an increasing number of threat actors is using the source code

Ransomware 98

Ransomware Encryption Hacking Cybersecurity 98

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

Malwarebytes

MAY 12, 2023

YouTube is dipping a toe into the muddy waters of ad-blocker blocking, with ad-blocker using Redditors complaining about a popup that warns "Ad blockers are not allowed on YouTube," when they visit the site. (Image source: Reddit user Sazk100 ) The popup message explains that "Ads allow YouTube to stay free for billions of users worldwide," and invites users who want to be ad-free to take out a YouTube Premium subscription.

Scams 98

Scams Malware Risk 98

Security Affairs

MAY 12, 2023

Email-based threats have become increasingly sophisticated, how is changing the Email Security Landscape? For over a decade, email has been a common source of cybersecurity threats. During that time, email-based threats have become increasingly sophisticated. What started as notes from Nigerian princes that needed large sums of money to help them get home has evolved into bad actors that use refined social engineering tactics to convince the receiver to unknowingly share important information.

Phishing 98

Phishing Social Engineering Small Business B2B 98

Heimadal Security

MAY 12, 2023

With the “detect early” and “respond fast” capabilities in your mind, you may wonder what to choose from the XDR vs SIEM vs SOAR options. A good Detection and Response (D&R) solution is essential for your company’s cybersecurity posture. As you can achieve the goal of detecting security threats, responding to them, and preventing proactively […] The post XDR vs SIEM vs SOAR: A Comparison appeared first on Heimdal Security Blog.

Cybersecurity 98

Cybersecurity 98

Security Affairs

MAY 12, 2023

Swiss electrification and automation technology giant ABB suffered a Black Basta ransomware attack that impacted its business operations. Swiss multinational company ABB, a leading electrification and automation technology provider, it the last victim of the notorious Black Basta ransomware group. The company has more than 105,000 employees and has $29.4 billion in revenue for 2022.

Ransomware 98

Ransomware VPN Hacking Technology 98

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Heimadal Security

MAY 12, 2023

ABB, a leading provider of electrification and automation technology, has been hit by a Black Basta ransomware attack, which has reportedly affected business operations. As part of its services, ABB develops industrial control systems (ICS) and SCADA systems for manufacturers and energy suppliers. The company has approximately 105,000 employees and is expected to generate $29.4 […] The post Black Basta Ransomware Attacks Global Technology Company ABB appeared first on Heimdal Security Blog

Technology 98

Technology Ransomware Manufacturing Cybersecurity 98

Security Affairs

MAY 12, 2023

U.S. CISA and FBI warned of attacks conducted by the Bl00dy Ransomware Gang against the education sector in the country. The FBI and CISA issued a joint advisory warning that the Bl00dy Ransomware group is actively targeting the education sector by exploiting the PaperCut remote-code execution vulnerability CVE-2023-27350. The Bl00dy ransomware has been active since May 2022, it has been the first group that started using the leaked LockBit ransomware builder in attacks in the wild.

Education 98

Education Ransomware Encryption Malware 98

Security Boulevard

MAY 12, 2023

The era of remote work was the catalyst for many workplace changes. As businesses navigate this landscape, IT systems are subject to a sudden increase in cybersecurity attacks. This further encouraged IT leaders to dive deeper into their security strategy and evaluate vulnerable endpoints. As per a study conducted by Ponemon Institute in 2022, as. The post Upgrading Your Endpoint Management Security Strategy appeared first on Security Boulevard.

Cybersecurity 98

Cybersecurity 98

The Hacker News

MAY 12, 2023

U.S. cybersecurity and intelligence agencies have warned of attacks carried out by a threat actor known as the Bl00dy Ransomware Gang that attempt to exploit vulnerable PaperCut servers against the education facilities sector in the country.

Education 98

Education Ransomware Cybersecurity 98

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!