Schneier on Security
OCTOBER 4, 2022
An ex-NSA employee has been charged with trying to sell classified data to the Russians (but instead actually talking to an undercover FBI agent). It’s a weird story, and the FBI affidavit raises more questions than it answers. The employee only worked for the NSA for three weeks—which is weird in itself. I can’t figure out how he linked up with the undercover FBI agent.
Tech Republic Security
OCTOBER 4, 2022
Today’s ransomware groups act like regular businesses with PR and advertising, escrow services and even customer support, says Cybersixgill. The post How ransomware gangs operate like legitimate businesses appeared first on TechRepublic.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
SecureList
OCTOBER 4, 2022
While performing regular threat hunting activities, we identified multiple downloads of previously unclustered malicious Tor Browser installers. According to our telemetry, all the victims targeted by these installers are located in China. As the Tor Browser website is blocked in China, individuals from this country often resort to downloading Tor from third-party websites.
Tech Republic Security
OCTOBER 4, 2022
Cloud security solutions continue to emerge as threats to cloud resources evolve. However, what are the common trends to look out for in cloud security in the coming years? Let's find out. The post Top 5 trends to watch in cloud security appeared first on TechRepublic.
Speaker: Erroll Amacker
Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.
CSO Magazine
OCTOBER 4, 2022
Employees are often warned about the data exposure risks associated with the likes of phishing emails, credential theft, and using weak passwords. However, they can risk leaking or exposing sensitive information about themselves, the work they do, or their organization without even realizing. This risk frequently goes unexplored in cybersecurity awareness training, leaving employees oblivious to the risks they can pose to the security of data which, if exposed, could be exploited both directly a
Tech Republic Security
OCTOBER 4, 2022
Most developers aren’t particularly good at building authorization into their applications, but would they trust a third-party provider like Oso? The post How Oso’s security-as-code approach to authorization might change how you think about security appeared first on TechRepublic.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
|
Tech Republic Security
OCTOBER 4, 2022
The pocket-sized Deeper Connect Pico can help you tap into a worldwide security network. The post Keep your business totally secure with this decentralized VPN appeared first on TechRepublic.
The State of Security
OCTOBER 4, 2022
You always want to know what is attached to your network. And whether it could be vulnerable or not. Read more in my article on the Tripwire State of Security blog.
Security Boulevard
OCTOBER 4, 2022
With modern software development reliant on third-party sources — and attacks surging on that supply chain — Gartner expects adoption of software bills of material (SBOM) to go from less than 5% now to 60% in 2025. . The post Gartner explains why SBOMs are critical to software supply chain security management appeared first on Security Boulevard.
Bleeping Computer
OCTOBER 4, 2022
Scammers are impersonating security researchers to sell fake proof-of-concept ProxyNotShell exploits for newly discovered Microsoft Exchange zero-day vulnerabilities. [.].
Advertisement
Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.
CSO Magazine
OCTOBER 4, 2022
Aryaka's Secure Web Gateway and Firewall-as-a-Service adds cloud-based security services to its Zero Trust WAN platform, as it moves toward providing SASE capabilities for its users.
Heimadal Security
OCTOBER 4, 2022
Researchers attributed Cheerscrypt – a newly found ransomware strain that operates on Linux – to a Chinese cybercriminal group. The group, that launches brief ransomware attacks, is known by the names Emperor Dragonfly or Bronze Starlight (Secureworks) and DEV-0401 (Microsoft). Details About the Hacking Group Sygnia report shows that “Emperor Dragonfly’ (A.K.A.
Naked Security
OCTOBER 4, 2022
Two years of scamming + $10 million leeched = 25 years in prison. Just in time for #Cybermonth.
Heimadal Security
OCTOBER 4, 2022
Data from Ferrari’s website was posted on a dark web leak site owned by ransomware group RansomEXX. The hackers claim they have obtained internal documents, datasheets, repair manuals, and other information, amounting to almost 7 GB of data. A screenshot of the stolen data shows a document marked ‘confidential’, and it appears to be a […].
Advertisement
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
Thales Cloud Protection & Licensing
OCTOBER 4, 2022
Cybersecurity Awareness Month: Resilient Multi-factor Authentication (MFA) and Strong Passwords. divya. Tue, 10/04/2022 - 05:20. Historically, October has always been an important month for the cybersecurity community and a month of major cybersecurity events. So in 2004, the President of the United States designated October as Cybersecurity Awareness Month.
Security Boulevard
OCTOBER 4, 2022
Over the last week, troubling new reports have arisen about state-sponsored threat actors leveraging modified open source applications to compromise employees' machines at technology companies, governments, and non-profit organizations. Microsoft , Mandiant , and Ars Technica all covered the technicalities of the attack type, where bad actors pose as recruiters who target specific individuals as their victims.
Dark Reading
OCTOBER 4, 2022
Attackers are already circling back to reselling stolen data instead of — and in addition to — extortion.
eSecurity Planet
OCTOBER 4, 2022
Malicious programs or malware are common and dangerous threats in the digital space for both individual users and organizations alike. German IT-Security Institute AV-TEST has recorded over 1 billion malicious programs as of this writing, with over 450,000 new instances of malware being recorded every day. The extraordinarily high volume of threats is forcing vendors to include AI-based detection even in consumer antivirus products.
Speaker: Sierre Lindgren
Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.
Graham Cluley
OCTOBER 4, 2022
Yay, Microsoft has told us how to mitigate against the recently-discovered zero-day attacks. Boo, the mitigations can be bypassed.
Heimadal Security
OCTOBER 4, 2022
The official installer for the Vancouver-based Comm100 Live Chat application, a widely deployed SaaS that businesses use for customer communication and website visitors, was trojanized as part of a new supply-chain attack. Because the infected installer used a valid digital signature, antivirus solutions would not trigger warnings during its launch, allowing for a stealthy supply-chain attack. […].
Security Boulevard
OCTOBER 4, 2022
OpenText today published a Nastiest Malware of 2022 report that highlighted how ransomware attacks are evolving into triple threats. In addition to encrypting and stealing data, many attackers now include a distributed denial-of-service (DDoS) attack when victims refuse to cave to ransom demands. Specifically, the report identified the Lockbit ransomware gang as the main driver.
The Hacker News
OCTOBER 4, 2022
Nicknamed ProxyNotShell, a new exploit used in the wild takes advantage of the recently published Microsoft Server-Side Request Forgery (SSRF) vulnerability CVE-2022-41040 and a second vulnerability, CVE-2022-41082 that allows Remote Code Execution (RCE) when PowerShell is available to unidentified attackers.
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
Security Boulevard
OCTOBER 4, 2022
Ransomware attacks have reportedly declined this year. But don’t start celebrating just yet. “Gang models are evolving,” notes my colleague, Alexandra (Alix) Weaver, Semperis Solutions Architect. “I caution everyone: Do not let your guard down.” Part of the changing trend, Alix says, might be attributed to an increase in the popularity of ransomware as a.
Bleeping Computer
OCTOBER 4, 2022
The U.S. Government today released an alert about state-backed hackers using a custom CovalentStealer malware and the Impacket framework to steal sensitive data from a U.S. organization in the Defense Industrial Base (DIB) sector. [.].
Graham Cluley
OCTOBER 4, 2022
A 74-year-old Manga artist received an unsolicited Facebook message from somebody claiming to be Incredible Hulk actor Mark Ruffalo. You can probably guess where this is heading.
Heimadal Security
OCTOBER 4, 2022
The technological revolutions taking place in practically every aspect of our lives are causing a significant change in the dynamics of society. But does this offset the fresh difficulties that have emerged, particularly in the previous several months? European industry leaders, policymakers, innovators, pioneers, and investors gathered last week in London for the Bloomberg Technology […].
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Dark Reading
OCTOBER 4, 2022
On some systems the malware drops infostealers and banking Trojans; on others it installs sophisticated post-compromise tools, new analysis shows.
Security Boulevard
OCTOBER 4, 2022
The Los Angeles Unified School District has lost control of a huge cache of sensitive data because its superintendent, Alberto M. Carvalho, refused to pay the ransom. The post FAIL: Los Angeles School District Loses 500GB of PII appeared first on Security Boulevard.
The Hacker News
OCTOBER 4, 2022
A big promise with a big appeal. You hear that a lot in the world of cybersecurity, where you're often promised a fast, simple fix that will take care of all your cybersecurity needs, solving your security challenges in one go. It could be an AI-based tool, a new superior management tool, or something else – and it would probably be quite effective at what it promises to do.
CyberSecurity Insiders
OCTOBER 4, 2022
Kim Kardashian, the reality TV star, was slapped with a fine of $1.26 million by the SEC as she failed to disclose the amount she earned for promoting a product related to cryptocurrency. When a celebrity invests in a product, some of their followers blindly follow them and invest in the same brand or product to mimic their favorite star’s likings. Similarly, Ms.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Expert insights. Personalized for you.
317 
Let's personalize your content