Schneier on Security

OCTOBER 26, 2022

After suffering two large, and embarrassing, data breaches in recent weeks, the Australian government increased the fine for serious data breaches from $2.2 million to a minimum of $50 million. (That’s $50 million AUD, or $32 million USD.). This is a welcome change. The problem is one of incentives, and Australia has now increased the incentive for companies to secure the personal data or their users and customers.

Data breaches 223

Data breaches Government 223

Tech Republic Security

OCTOBER 26, 2022

Get six training courses for just eight dollars each with The Complete 2022 PenTest & Ethical Hacking Bundle. The post Here’s how you can become a highly-paid ethical hacker appeared first on TechRepublic.

Hacking 141

Hacking Penetration Testing 141

Digital Shadows

OCTOBER 26, 2022

The curtain has fallen on the third quarter (Q3) of 2022, and it’s time to report the trends and highlights. The post Q3 2022 Vulnerability Roundup first appeared on Digital Shadows.

122

122

Tech Republic Security

OCTOBER 26, 2022

Password Boss can store unlimited login details, with instant sync between devices. Get a lifetime subscription today for just $35. The post This highly rated password manager is currently 93% off appeared first on TechRepublic.

Password Management 118

Password Management Passwords Software 118

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

CyberSecurity Insiders

OCTOBER 26, 2022

By Rajesh Ram, Chief Strategy Officer at Egnyte. The impact of ransomware attacks on businesses is twofold. Not only do businesses have to grapple with the impact of actual attacks, but they also must continue to prepare for the possibility of additional attacks. While many equate ransomware with encrypted files and potential ransom payments, the consequences go even further in terms of the costs and requirements of an organization.

Ransomware 120

Ransomware Cyber Insurance Insurance Risk 120

Security Boulevard

OCTOBER 26, 2022

If any good came out of the Log4j vulnerability and SolarWinds attacks, it was the fact that they dramatically increased awareness of software supply chain security. Software supply chain security is only as strong as the weakest exposed link; often, that’s a software library or third-party service. To help organizations bolster their CI/CD pipelines and.

Software 113

Software 113

Security Affairs

OCTOBER 26, 2022

The OpenSSL Project announced an upcoming update to address a critical vulnerability in the open-source toolkit. The OpenSSL Project announced that it is going to release updates to address a critical vulnerability in the open-source toolkit. Experts pointed out that it is the first critical vulnerability patched in toolkit since September 2016. “The OpenSSL project team would like to announce the forthcoming release of OpenSSL version 3.0.7.

Encryption 113

Encryption Hacking Information Security 113

We Live Security

OCTOBER 26, 2022

As package delivery scams that spoof DHL, USPS and other delivery companies soar, here’s how to stay safe not just this shopping season. The post Parcel delivery scams are on the rise: Do you know what to watch out for? appeared first on WeLiveSecurity.

Scams 112

Scams 112

CyberSecurity Insiders

OCTOBER 26, 2022

Australian Clinical Labs has made an official statement that it was targeted by a sophisticated cyber attack almost 8 months ago and now the stolen data is being sold on the dark web. In what appears to be an apparent ransomware attack, information is out that data of over 223,000 people were accessed and stolen by the hackers in the incident. Medlab that is a subsidiary of ACL, was deeply affected by the attack as details related to customers and staff members were stolen in the incident.

Data breaches 108

Data breaches Cyber Attacks Hacking Government 108

The Hacker News

OCTOBER 26, 2022

If you regularly read The Hacker News, there’s a fair chance that you know something about cybersecurity. It’s possible to turn that interest into a six-figure career. But to make the leap, you need to pick up some key skills and professional certifications. Featuring nine in-depth courses, The 2022 Masters in Cyber Security Certification Bundle helps you get ready for the next step.

Cybersecurity 102

Cybersecurity 102

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

CyberSecurity Insiders

OCTOBER 26, 2022

Amid the political crisis in England and Rishi Sunak taking charge as Prime Minister of the United Kingdom, a Cyber Resilience Centre(CRC) was established in London and became operational from October 25th,2022. The centre will act as an epicenter to fight cyber crime and will hereon act as an extension to the National Cyber Resilience Centre Group (NCRCG), based in England and Wales and funded by UK’s Home Office.

Cybersecurity 107

Cybersecurity 107

Trend Micro

OCTOBER 26, 2022

Code signing certificates help us assure the file's validity and legitimacy. However, threat actors can use that against us. In this blog, discover how QAKBOT use such tactic and learn ways how to prevent it.

Malware 107

Malware 107

Heimadal Security

OCTOBER 26, 2022

POS malware is still a threat exploited by cybercriminals, even if the card payment industry has been working on implementing security measures. It has been recently discovered that two point-of-sale (PoS) malware variants have been used by an unknown threat actor to steal information related to more than 167,000 credit cards from payment terminals.

Malware 108

Malware Cybersecurity 108

Dark Reading

OCTOBER 26, 2022

When we think about cybercrime and retail it is natural to focus on websites being targeted with attacks. Indeed, there has been a shocking rise in the number of cyberattacks perpetrated against online retailers in the past year. Dakota Murphey explains why store owners and security managers need to also protect their physical locations from the cyber threat, too, however.

Retail 104

Retail Cybercrime Cyber threats 104

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Heimadal Security

OCTOBER 26, 2022

A recent federal indictment charges Mark Sokolovsky, a Ukrainian national, for partaking in the Raccoon Infostealer worldwide cybercrime operation, which corrupted millions of computers around the world with malware. Raccoon Stealer is a Trojan that steals information, deployed using the MaaS (malware-as-a-service) approach. Threat actors can subscribe to Raccoon Stealer for $75 per week or […].

Malware 106

Malware Cybercrime Cybersecurity 106

Security Affairs

OCTOBER 26, 2022

Cisco warns of active exploitation attempts targeting two vulnerabilities in the Cisco AnyConnect Secure Mobility Client for Windows. Cisco is warning of exploitation attempts targeting two security flaws, tracked as CVE-2020-3153 (CVSS score: 6.5) and CVE-2020-3433 (CVSS score: 7.8), in the Cisco AnyConnect Secure Mobility Client for Windows. Both vulnerabilities are dated 2020 and are now patched.

Mobile 101

Mobile Authentication Hacking Risk 101

Malwarebytes

OCTOBER 26, 2022

It's time to update your Apple devices to ward off a zero-day threat discovered by an anonymous researcher. As is customary for Apple, the advisory revealing this attack is somewhat threadbare, and doesn't reveal a lot of information with regard to what's happening, but if you own an iPad or iPhone you'll want to get yourself on the latest version. The zero-day is being used out in the wild, and Apple holding back the specifics may be enough to slow down the risk of multiple threat actors taking

Software 98

Software Risk 98

Security Boulevard

OCTOBER 26, 2022

The pool of available open source resilient firmware keeps growing. This week, dynamic firmware maker AMI announced the contribution of its Tektagon OpenEdition Platform Root of Trust to the Open Compute Project (OCP). It’s a move the company hopes will provide increased options to organizations that wish to build devices with secure and manageable firmware.

Firmware 98

Firmware Malware Cybersecurity 98

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Bleeping Computer

OCTOBER 26, 2022

Microsoft has addressed a known issue that triggers SSL/TLS handshake failures on client and server platforms with the release of the KB5018496 preview cumulative update. [.].

96

96

Security Boulevard

OCTOBER 26, 2022

Software supply chain attacks have dominated headlines since the SolarWinds attack, closely followed by Log4j and numerous other incidents that continue to get media attention. However, in practice, software supply chain incidents do not tend to dominate daily security reports and alerts. This tendency leads some to write off the threat as industry buzz and.

Software 98

Software Media Security Awareness Malware 98

Bleeping Computer

OCTOBER 26, 2022

LinkedIn has introduced three new features to fight fake profiles and malicious use of the platform, including a new method to confirm whether a profile is authentic by showing whether it has a verified work email or phone number. [.].

Authentication 92

Authentication 92

Security Boulevard

OCTOBER 26, 2022

ManagedMethods Makes Managing Vendor Application Security in Google/Microsoft Fast & Easy The concept of “shadow IT” isn’t new in IT circles. But, how “shadow IT” gains access to your district’s data has fundamentally changed just in the last few years. So fast and so foreign is this change, that many district technology teams simply don’t […]. The post Product Highlight | Vendor Application Security in K-12 Schools Using ManagedMethods appeared first on ManagedMethods.

Technology 98

Technology Education Cybersecurity 98

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

Bleeping Computer

OCTOBER 26, 2022

Microsoft has released the Windows 11 22H2 KB5018496 preview cumulative update with twenty-six fixes or improvements, including the roll-out of a feature allowing you to launch Task Manager by right-clicking on the taskbar. [.].

90

90

Security Boulevard

OCTOBER 26, 2022

Optimizing digital experience is all the rage today, as the tech industry finally got religion about ensuring end customers—whether external buyers or internal employees—can seamlessly and simply do what they need to do with the systems we build and deploy. That means less focus on shiny tech objects and more emphasis on performance, latency and. The post Protecting the Digital Experience appeared first on Security Boulevard.

Security Awareness 98

Security Awareness Risk Government Cybersecurity 98

The Hacker News

OCTOBER 26, 2022

The threat actor behind a remote access trojan called RomCom RAT has been observed targeting Ukrainian military institutions as part of a new spear-phishing campaign that commenced on October 21, 2022.

Phishing 88

Phishing 88

Security Boulevard

OCTOBER 26, 2022

On Tuesday 1st of November, between 1-5pm UTC a new version of the widely adopted OpenSSL 3.x series will be released for general consumption. The OpenSSL project announced this in their mailing list and through twitter, also revealing the existence of a new CRITICAL security vulnerability this patch fixes. The post A New OpenSSL Vulnerability Is Coming – Get Ready to Patch appeared first on Security Boulevard.

97

97

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

The Hacker News

OCTOBER 26, 2022

A 26-year-old Ukrainian national has been charged in the U.S. for his alleged role in the Raccoon Stealer malware-as-a-service (MaaS) operation. Mark Sokolovsky, who was arrested by Dutch law enforcement after leaving Ukraine on March 4, 2022, in what's said to be a Porsche Cayenne, is currently being held in the Netherlands and awaits extradition to the U.S.

Malware 87

Malware 87

Heimadal Security

OCTOBER 26, 2022

The Iranian Atomic Energy Organization (AEOI) confirms that one of the email servers of its subsidiaries was hacked after the “Black Reward” hacking group published online the stolen data. AEOI declared in an official statement that an unauthorized party stole emails consisting of daily correspondence and technical memos. The agency informed all concerned parties and […].

Hacking 93

Hacking Cybersecurity 93

Bleeping Computer

OCTOBER 26, 2022

Microsoft warns that a newly acknowledged issue can lead to data loss when resetting virtual disks using the Server Manager management console. [.].

98

98

Heimadal Security

OCTOBER 26, 2022

Espionage is not something new. But over the years we have moved on from globe-trotting secret agents, dust coats, and sunglasses and, as with many other operations, moved intelligence gathering to the digital realm. Cyberespionage is a become more and more common, and the real-world implications are as real as they used to be back […]. The post What Is Cyberespionage?

Cybersecurity 91

Cybersecurity 91

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.