Troy Hunt
JULY 20, 2023
Sad news to wake up to today. Kevin was a friend and as I say in this week's video, probably the most well-known identity in infosec ever, and for good reason. He made a difference, and I have fun memories with him 😊 Felt really sad waking up and seeing “RIP Kevin” in my timeline. I doubt there is a more well known name in our industry but if he’s unfamiliar to you (or you haven’t read this book), go and grab “Ghost in the Wires” which is an
Schneier on Security
JULY 20, 2023
The Atlantic Council released a detailed commentary on the White House’s new “Implementation Plan for the 2023 US National Cybersecurity Strategy.” Lots of interesting bits. So far, at least three trends emerge: First, the plan contains a (somewhat) more concrete list of actions than its parent strategy, with useful delineation of lead and supporting agencies, as well as timelines aplenty.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Javvad Malik
JULY 20, 2023
The Internet is a treacherous playground, and wouldn’t you know it, Google, the wise old seer of the digital realm, is suggesting that its employees disconnect from the very beast they helped create. Yes, you heard that right, my friends. CNBC’s Jennifer Elias lays it bare for us: Google is embarking on a pilot program where certain employees will find themselves trapped within the confines of internet-free desktop PCs.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Tech Republic Security
JULY 20, 2023
Phishing, misconfigurations and missing patches are top concerns among security leaders, but they also say their organizations are letting observability tools gather rust.
Security Boulevard
JULY 20, 2023
In 2022, the FBI received 800,944 reported complaints that exceeded $10.3 billion in fraud losses for businesses’ critical infrastructure and data. Not only is technology getting faster and more sophisticated, but so are cybercriminals. Tap in to learn more about emerging fraud trends to be aware of, the types of fraud to prevent, what it. Read more The post 2023 Fraud Trends to Know and Prevent appeared first on Security Boulevard.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Security Boulevard
JULY 20, 2023
The substantial rise in cybercrime in the past few years has generated a tremendous market for artificial intelligence (AI)-driven cybersecurity products. The global AI market totaled $428 billion in 2022 and is expected to surge to more than $2 trillion by 2030, according to Fortune Business Insights. The introduction of ChatGPT, the OpenAI tool that.
Veracode Security
JULY 20, 2023
A staggering 96% of organizations utilize open-source libraries, yet fewer than 50% actively manage the security vulnerabilities within these libraries. Vulnerabilities are welcome mats for breaches from bad actors, and once they've entered your system, the impact can be colossal. A software bill of materials (SBOM) is an important tool for managing the security of open-source software.
Security Boulevard
JULY 20, 2023
A new peer-to-peer (P2P) worm, P2PInfect, is spreading across instances of the Redis open source database software in the cloud. The post New P2P Worm Puts Windows and Linux Redis Servers in its Sights appeared first on Security Boulevard.
WIRED Threat Level
JULY 20, 2023
A landmark $13 million settlement with the City of New York is the latest in a string of legal wins for protesters who were helped by a video-analysis tool that smashes the “bad apple” myth.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Security Boulevard
JULY 20, 2023
Like anything, AI can be used maliciously. But when used for good, AI can be a game changer. In May of this year, Members of the European Parliament (MEPs) agreed to adopt a blanket ban on the use of remote biometric identification (facial recognition) in public spaces along with predictive policing tools as part of the EU's AI Act. The ban is a departure from the original proposal and the position backed in Council by EU member countries.
Security Affairs
JULY 20, 2023
The American cosmetics giant company Estée Lauder was hacked by two distinct ransomware groups, the ALPHV/BlackCat and Clop gangs. Yesterday the cybersecurity expert @sonoclaudio first alerted me about a strange circumstance, two ransomware actors, ALPHV/BlackCat and Clop, claim to have hacked the cosmetics giant company Estée Lauder and added the company to their Tor leak sites.
Security Boulevard
JULY 20, 2023
Representatives of member states of the European Union (EU) reached a common agreement yesterday regarding the proposed Cyber Resilience Act (CRA). The post Cyber Resilience Act: The Future of Software in the European Union appeared first on Security Boulevard.
Bleeping Computer
JULY 20, 2023
Two new critical severity vulnerabilities have been discovered in the MegaRAC Baseboard Management Controller (BMC) software made by hardware and software company American Megatrends International. [.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Security Boulevard
JULY 20, 2023
In today’s fast-paced software development landscape, DevOps practices play a crucial role in achieving faster delivery, increased collaboration, and improved quality. AWS provides powerful services like CodePipeline and CodeDeploy that facilitate automated deployment pipelines and streamlined software releases. This comprehensive guide will walk you through the process of setting up and leveraging these AWS services […] The post DevOps Automation with AWS CodePipeline and AWS CodeDeploy appeare
Security Affairs
JULY 20, 2023
China-linked group APT41 was spotted using two previously undocumented Android spyware called WyrmSpy and DragonEgg China-linked APT group APT41 has been observed using two previously undocumented Android spyware called WyrmSpy and DragonEgg. The APT41 group, aka Winnti , Axiom, Barium , Blackfly, HOODOO) is a China-linked cyberespionage group that has been active since at least 2007.
Security Boulevard
JULY 20, 2023
If you’ve covered all the basics of improving reliability for your Kubernetes apps and services, you might be wondering what else you can do to make it even better. Based on my experience at Fairwinds and as a site reliability engineer and IT administrator, I have some more advanced strategies you may want to explore for optimizing reliability. (If you’re not there yet, check out my post about building a strong reliability foundation.
Bleeping Computer
JULY 20, 2023
GitHub is warning of a social engineering campaign targeting the accounts of developers in the blockchain, cryptocurrency, online gambling, and cybersecurity sectors to infect their devices with malware. [.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Security Boulevard
JULY 20, 2023
ALERT: Your bank account has been compromised! Please click this link to secure your account! Let’s say you receive this SMS text message on your phone claiming to be from your bank. The message informs you that suspicious activity has been on your account and urges you to take immediate action to secure your funds. […] The post SMS Fraud Detection: Why It Matters appeared first on Security Boulevard.
The Hacker News
JULY 20, 2023
Mallox ransomware activities in 2023 have witnessed a 174% increase when compared to the previous year, new findings from Palo Alto Networks Unit 42 reveal.
Security Boulevard
JULY 20, 2023
The article provides comprehensive information about insider threat programs, covering eight crucial points for their successful implementation. The post What Function Do Insider Threat Programs Serve? appeared first on LeaksID. The post What Function Do Insider Threat Programs Serve? appeared first on Security Boulevard.
Dark Reading
JULY 20, 2023
The models powering generative AI like ChatGPT are open to several common attack vectors that organizations need to understand and get ready for, according to Google's dedicated AI Red Team.
Advertisement
The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.
Security Boulevard
JULY 20, 2023
Our thanks to BSides Sofia for publishing their presenter’s tremendous BSides Sofia 2023 content on the organizations’ YouTube channel. Permalink The post BSides Sofia 2023 – Plamen Kalchev – Commit To Memory Making The Best Of Your Notes appeared first on Security Boulevard.
The Hacker News
JULY 20, 2023
Multiple security flaws have been disclosed in Apache OpenMeetings, a web conferencing solution, that could be potentially exploited by malicious actors to seize control of admin accounts and run malicious code on susceptible servers.
Security Boulevard
JULY 20, 2023
In today’s fast-paced and data-driven world, organizations rely heavily on efficient data management solutions to streamline operations and ensure data integrity. Incisive Software, a leading provider of innovative data management solutions, is proud to announce the rollout of extensive enhancements to its Incisive Analytics Essentials for Low-Code/No-Code and Microsoft Excel.
SecureWorld News
JULY 20, 2023
There are certain individuals who leave a lasting impact on the world and in their field, and cybersecurity has many of its own. Kevin Mitnick, often referred to as "the world's most famous hacker," was one such influential figure. Mitnick died on Sunday, July 16, at age of 59 in Las Vegas, NV. With his passing, we bid farewell to a legendary personality whose intelligence, humor, and extraordinary technological skills have left an indelible mark on the cybersecurity community.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Security Boulevard
JULY 20, 2023
Welcome to the latest edition of The Week in Security , which brings you the newest headlines from both the world and our team across the full stack of security: application security, cybersecurity, and beyond. This week: Google Cloud Build permissions can be abused to poison production environments. Also: A new AI model allows cybercriminals to launch sophisticated phishing attacks.
Google Security
JULY 20, 2023
Julie Qiu, Go Security & Reliability and Jonathan Metzman, Google Open Source Security Team Previously in our Supply chain security for Go series, we covered dependency and vulnerability management tools and how Go ensures package integrity and availability as part of the commitment to countering the rise in supply chain attacks in recent years.
Security Boulevard
JULY 20, 2023
Wallarm is excited to be back at Black Hat USA this year and meet with our friends in the community wanting (or perhaps needing) to learn more about integrated web app and API protection. We look forward to seeing you there! Expo Hours If you’re attending in person, the Business Hall is open for two [.] The post Wallarm at Black Hat USA 2023 Booth #3131 appeared first on Wallarm.
The Hacker News
JULY 20, 2023
An analysis of the indicators of compromise (IoCs) associated with the JumpCloud hack has uncovered evidence pointing to the involvement of North Korean state-sponsored groups, in a style that's reminiscent of the supply chain attack targeting 3CX. The findings come from SentinelOne, which mapped out the infrastructure pertaining to the intrusion to uncover underlying patterns.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Expert insights. Personalized for you.
169 
Let's personalize your content