Krebs on Security
MAY 2, 2022
Image: Proxima Studios, via Shutterstock. Faced with a brain drain of smart people fleeing the country following its invasion of Ukraine, the Russian Federation is floating a new strategy to address a worsening shortage of qualified information technology experts: Forcing tech-savvy people within the nation’s prison population to perform low-cost IT work for domestic companies.
Tech Republic Security
MAY 2, 2022
You can prepare for an exciting and in-demand new career in information security without quitting your day job. Get details about these security training courses. The post Work toward an InfoSec certification with this online training bundle appeared first on TechRepublic.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
CSO Magazine
MAY 2, 2022
Cybersecurity pros interested in metrics and measures frequently ponder and pontificate on what measures would be best to show the board of directors. That can be a tricky proposition because “we have to speak like the business” is also a mantra. Coming up with cybersecurity metrics from a business perspective can be a challenge. So how can we solve this problem and provide useful insight?
Tech Republic Security
MAY 2, 2022
It's time to upgrade your IAM software, but which security tool should you choose? See how the features of CyberArk and BeyondTrust compare. The post CyberArk vs BeyondTrust: Compare IAM solutions appeared first on TechRepublic.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Security Boulevard
MAY 2, 2022
Twenty years ago, Bill Gates foresaw the security threats looming as new technologies were introduced and threat actors were ramping up their efforts. He urged for including security development at every stage of the software life cycle in his company’s products. It’s a lesson developers haven’t taken to heart, as AppSec lags far behind in. The post AppSec Champions Bring Security Front and Center appeared first on Security Boulevard.
eSecurity Planet
MAY 2, 2022
Ransomware just keeps getting worse, it seems. Cybersecurity researchers last week revealed that a new ransomware gang called Onyx is simply destroying larger files rather than encrypting them. As the MalwareHunterTeam noted in a Twitter thread , “as the ransomware they are using is a trash skidware, it’s destroying a part of the victims’ files.” The team would recommend that “no company should pay to these idiots … but they are stealing files too.” Most
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
CyberSecurity Insiders
MAY 2, 2022
Microsoft’s Digital Security Unit has confirmed that Russian cyber attacks on Ukraine were timed in such a way that they coincided with the timing of military strikes. The American technology giant stated the attacks were timed just before military attacks to either weaken the target digitally or to double strike it in such a way that it never recovers from the assault.
Security Boulevard
MAY 2, 2022
Dell Technologies today unveiled a set of Dell APEX Cyber Recovery Services through which it promises to simplify organizations’ recovery from cyberattacks. Announced at the Dell Technologies World conference, the service is an extension of Dell’s portfolio of managed services for managing on-premises and cloud computing environments. Through this service, Dell manages the day-to-day cyber.
The State of Security
MAY 2, 2022
It is often stated that security is hard. Whether it is the people, processes, and technology, or any combination of the three, security is a never ending challenge. Conversely, compliance is the opposite. Compliance is relatively straightforward. For too long, and for too many organisations, meeting a compliance standard was seen as a satisfactory way […]… Read More.
CyberSecurity Insiders
MAY 2, 2022
Spanish Government has released a press statement confirming Pegasus malware on the smart phones of Spanish Prime Minister (PM), Pedro Sanchez and the region’s Defense Minister, Margarita Robles. Pegasus is spying software when installed on a device sends information about the calls, messages, phones, videos and all other device related info to remote servers or those who installed the surveillance tool on the victims’ mobile.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Dark Reading
MAY 2, 2022
Breaches can happen to anyone, but a well-oiled machine can internally manage and externally remediate in a way that won't lead to extensive damage to a company's bottom line. (Part 1 of a series.
Security Boulevard
MAY 2, 2022
Spring4Shell illustrates why back-to-back attacks are a call to action for organizations to revise and prioritize security best practices. The post Spring4Shell Marks the end of ‘Snooze Button’ Security appeared first on Security Boulevard.
Bleeping Computer
MAY 2, 2022
A newly discovered and uncommonly stealthy Advanced Persistent Threat (APT) group is breaching corporate networks to steal Exchange (on-premise and online) emails from employees involved in corporate transactions such as mergers and acquisitions. [.].
The Hacker News
MAY 2, 2022
A Chinese-aligned cyberespionage group has been observed striking the telecommunication sector in Central Asia with versions of malware such as ShadowPad and PlugX. Cybersecurity firm SentinelOne tied the intrusions to an actor it tracks under the name "Moshen Dragon," with tactical overlaps between the collective and another threat group referred to as Nomad Panda (aka RedFoxtrot).
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
CyberSecurity Insiders
MAY 2, 2022
Onleihe, a German online library that offers e-books, electronic newspapers, magazines, audiobooks, music files, and more has admitted that its IT systems were targeted by a ransomware attack that has locked digital files from access. EKZ which offers information technology services to the Germany-based library service provider was hit by the Lockbit ransomware group last month.
The Hacker News
MAY 2, 2022
Cybersecurity researchers have disclosed an unpatched security vulnerability that could pose a serious risk to IoT products. The issue, which was originally reported in September 2021, affects the Domain Name System (DNS) implementation of two popular C libraries called uClibc and uClibc-ng that are used for developing embedded Linux systems.
Bleeping Computer
MAY 2, 2022
The project was announced this weekend at PyCon US 2022 and acts as a wrapper around the Pyodide project, which loads the CPython interpreter as a WebAssembly browser module. [.].
Security Boulevard
MAY 2, 2022
It’s officially spring. That means it’s time for spring cleaning. A long-honored tradition, spring cleaning. The post 3 Spring Cleaning Tips for Improving Cybersecurity Hygiene appeared first on Gurucul. The post 3 Spring Cleaning Tips for Improving Cybersecurity Hygiene appeared first on Security Boulevard.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Bleeping Computer
MAY 2, 2022
The U.S. Department of Justice (DoJ) has announced the conviction of Sercan Oyuntur, 40, resident of California, for multiple counts relating to a phishing operation that caused $23.5 million in damages to the U.S. Department of Defense (DoD). [.].
Security Boulevard
MAY 2, 2022
IT leaders are changing the way they secure cloud workloads in the aftermath of the Log4j vulnerability, according to a report from Valtix. The post How Log4j Reshaped Cloud Security Thinking appeared first on Security Boulevard.
Security Affairs
MAY 2, 2022
The latest executive order from the Italian ACN agency banned Group-IB, a Russian-led cybersecurity firm from working in the government sector. The latest executive order from the Italian National Cybersecurity Agency (NCA) banned Group-IB, a Russian-led cybersecurity company from working in the government sector, including 2 other companies – Kaspersky Labs and Positive Technologies.
Security Boulevard
MAY 2, 2022
It is often stated that security is hard. Whether it is the people, processes, and technology, or any combination of the three, security is a never ending challenge. Conversely, compliance is the opposite. Compliance is relatively straightforward. For too long, and for too many organisations, meeting a compliance standard was seen as a satisfactory way […]… Read More.
Advertisement
The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.
SecureBlitz
MAY 2, 2022
Cloud-Based Data Integration Can Transform Your Business For The Better In this article, I will show you how cloud-based data integration can transform your business. Fully integrated data is a mandatory component of any sustainable business. If you clicked on this article, there’s a chance that your business has grown enough to find itself staring.
Security Boulevard
MAY 2, 2022
Data loss happens when a company loses access to clusters of information for specific reasons. Data can be destroyed, deleted, corrupted, or rendered useless with intent or by accident during this event. Data loss can also occur in physical storage setups or the cloud. It’s an incident that takes place when data is in transit […]. The post 11 Ways to Prevent Data Loss and Data Breaches in 2022 appeared first on EasyDMARC.
The Hacker News
MAY 2, 2022
A Russian state-sponsored threat actor has been observed targeting diplomatic and government entities as part of a series of phishing campaigns commencing on January 17, 2022.
Security Boulevard
MAY 2, 2022
24th February 2022 will be remembered as a watershed moment in Russia and Ukraine. On that day, following a series of escalations in the Donbas region of eastern Ukraine, Russian troops began a full-scale invasion of their neighbor. The Ukrainian […]. The post Impact of the Russian-Ukraine Conflict on Cybersecurity appeared first on WeSecureApp :: Simplifying Enterprise Security!
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
The Hacker News
MAY 2, 2022
Cybersecurity researchers have disclosed a new variant of the AvosLocker ransomware that disables antivirus solutions to evade detection after breaching target networks by taking advantage of unpatched security flaws. "This is the first sample we observed from the U.S. with the capability to disable a defense solution using a legitimate Avast Anti-Rootkit Driver file (asWarPot.
Security Boulevard
MAY 2, 2022
Some of the world’s leading cybersecurity authorities banded together to co-author the Joint Cybersecurity Advisory: 2021 Top Routinely Exploited Vulnerabilities, where they provided details on CVE vulnerabilities that have been routinely exploited by malicious actors last year. These are the top 15 routinely exploited vulnerabilities in 2021: CVE ID VulnDB ID CVE-2021-44228 275958 CVE-2021-40539 267017 […].
CSO Magazine
MAY 2, 2022
The proven security enhancements that multi-factor authentication (MFA) or two-factor authentication (2FA) offers are spurring IT departments to put them in place. As often happens, many managers and employees are objecting to the extra steps associated with MFA log-ins, making excuses galore to avoid them. Here's what the security experts we spoke with say are the most common MFA excuses they’ve encountered and the answers they use to effectively defeat them. 1.
The Hacker News
MAY 2, 2022
A Chinese state-sponsored espionage group known as Override Panda has resurfaced in recent weeks with a new phishing attack with the goal of stealing sensitive information. "The Chinese APT used a spear-phishing email to deliver a beacon of a Red Team framework known as 'Viper,'" Cluster25 said in a report published last week.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Expert insights. Personalized for you.
268 
Let's personalize your content