Schneier on Security
MARCH 23, 2023
A vulnerability in a popular data transfer tool has resulted in a mass ransomware attack : TechCrunch has learned of dozens of organizations that used the affected GoAnywhere file transfer software at the time of the ransomware attack, suggesting more victims are likely to come forward. However, while the number of victims of the mass-hack is widening, the known impact is murky at best.
Tech Republic Security
MARCH 23, 2023
Microsoft has already seen millions of phishing emails sent every day by attackers using this phishing kit. Learn how to protect your business from this AitM campaign. The post Massive adversary-in-the-middle phishing campaign bypasses MFA and mimics Microsoft Office appeared first on TechRepublic.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Graham Cluley
MARCH 23, 2023
The world has gone ChatGPT bonkers. Which makes it an effective lure for cybercriminals who may want to break into accounts.
Tech Republic Security
MARCH 23, 2023
PURPOSE These guidelines from TechRepublic Premium will help you define the necessary ingredients of a security policy and assist in its proper construction. They’re designed to work hand in hand with the subjective knowledge you have of your company, environment and employees. Using this information, your business can establish new policies or elaborate on those.
Speaker: Erroll Amacker
Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.
CSO Magazine
MARCH 23, 2023
The US Cybersecurity and Infrastructure Security Agency (CISA) has issued advisories on 49 vulnerabilities in eight industrial control systems (ICS) this week, which are used across multiple critical infrastructure sectors. The vulnerabilities identified by CISA were tracked in products from ICS providers including Siemens, Hitachi, Rockwell, Delta Electronics, VISAM, and Keysight.
SecureList
MARCH 23, 2023
An incident response playbook is a predefined set of actions to address a specific security incident such as malware infection, violation of security policies, DDoS attack, etc. Its main goal is to enable a large enterprise security team to respond to cyberattacks in a timely and effective manner. Such playbooks help optimize the SOC processes, and are a major step forward to SOC maturity, but can be challenging for a company to develop.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
|
Graham Cluley
MARCH 23, 2023
A new report from ENISA, the European Union Agency for Cybersecurity, looking at cyberattacks targeting the European transport network over a period of almost two years, has identified that ransomware has become the prominent threat. Read more in my article on the Tripwire State of Security blog.
CSO Magazine
MARCH 23, 2023
Cybersecurity is a demanding profession that comes with significant stress and burnout — it presents a complex problem for many businesses, with constantly evolving threats, ambiguous issues, and no clear-cut solutions. Security professionals bear a great deal of responsibility and are subject to long hours of work and high pressure in an unpredictable and constantly shifting landscape.
Bleeping Computer
MARCH 23, 2023
The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has released a new open-source incident response tool that helps detect signs of malicious activity in Microsoft cloud environments. [.
Heimadal Security
MARCH 23, 2023
Nmap is short for Network Mapper, an open-source tool used for IP and port scanning and app detection. System and network admins use it for network inventory, managing service upgrade schedules, and monitoring service uptime. At first, it was developed as a Linux tool but is now available also for Windows and MacOS. Users can […] The post What Is Nmap and How to Use It to Enhance Network Security appeared first on Heimdal Security Blog.
Advertisement
Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.
The Hacker News
MARCH 23, 2023
Google has stepped in to remove a bogus Chrome browser extension from the official Web Store that masqueraded as OpenAI's ChatGPT service to harvest Facebook session cookies and hijack the accounts. The "ChatGPT For Google" extension, a trojanized version of a legitimate open source browser add-on, attracted over 9,000 installations since March 14, 2023, prior to its removal.
eSecurity Planet
MARCH 23, 2023
Sophos and Fortinet both appear on our list of the top next-generation firewalls (NGFWs) , and while both offer very good security at their price points, they serve very different markets. What follows is a look at the key features and strengths and weaknesses of each solution. Which one is best for you will depend on your security and throughput needs – and budget.
Bleeping Computer
MARCH 23, 2023
Cross-platform exploit code is now available for a high-severity Backup Service vulnerability impacting Veeam's Backup & Replication (VBR) software. [.
CyberSecurity Insiders
MARCH 23, 2023
When a smartphone starts recording a conversation that took place in its vicinity without the knowledge of the user, it leads to the crisis of ‘Sonic Snooping’. And according to a study made by cybersecurity specialists from NORDVPN, this phenomenon is taking place in practical, and half of the Britons fear that their mobile devices are collecting data eavesdropped from their personal conversation and perhaps passing the info to hackers in control of remote servers.
Advertisement
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
Security Boulevard
MARCH 23, 2023
As business owners, keeping up with emerging trends in cyber security is imperative. According to Verizon, data breaches among businesses doubled in frequency during the past year. To prevent this, you must equip your organization with the right tools and […] The post 7 Cybersecurity Trends That Every Business Owner Should Be Aware Of appeared first on WeSecureApp :: Simplifying Enterprise Security.
Heimadal Security
MARCH 23, 2023
A new credit card hacking campaign is wreaking havoc, but this time it’s a little bit different. Instead of injecting the JavaScript code into the HTML of the store or of the checkout pages, this time threat actors are hiding the malicious code inside the “Authorize.net” payment gateway module for WooCommerce. By doing so, the […] The post Threat Actors Use the MageCart Malware in New Credit Card Data Stealing Campaign appeared first on Heimdal Security Blog.
Security Boulevard
MARCH 23, 2023
Quincy Compton of Concord, North Carolina, had a wife and a pregnant girlfriend and wrote to a doctor in Washington, D.C. for information about terminating a pregnancy. The doctor, Thomas Kemp, wrote back that “[I]t would cost about two hundred [dollars] and the woman would have to stay in DC for a week.” Quincy Compton. The post Is Trafficking in Hacking Information a Crime?
Heimadal Security
MARCH 23, 2023
Researchers discovered a new fake ChatGPT extension for Chrome in the official Chrome Store. This version steals Facebook session cookies, hijacking accounts. The malicious extension is a copy of “ChatGPT for Google”, a Chrome add-on, but with additional malicious code. Since its release, the trojanized version had over 9,000 downloads. Details About This Fake ChatGPT […] The post Another Fake ChatGPT Extension Found in Google Chrome Store appeared first on Heimdal Security Blo
Speaker: Sierre Lindgren
Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.
Dark Reading
MARCH 23, 2023
Accidentally typing a password in the username field of the platform saves them to audit logs, to which threat actors can gain access and use to compromise enterprise services.
Heimadal Security
MARCH 23, 2023
Cybersecurity researchers found that Lionsgate, an entertainment industry giant, exposed the IP addresses and viewing habits of its subscribers. The investigators from Cybernews uncovered that the video-streaming service Lionsgate Play had exposed user information via a publicly accessible ElasticSearch instance. 20 GB of Server Logs, Exposed An unsecured 20GB of server logs containing approximately 30 […] The post 37M Subscribers Streaming Platform Lionsgate Exposes User Data appeared fir
The Hacker News
MARCH 23, 2023
An emerging Android banking trojan dubbed Nexus has already been adopted by several threat actors to target 450 financial applications and conduct fraud. "Nexus appears to be in its early stages of development," Italian cybersecurity firm Cleafy said in a report published this week.
We Live Security
MARCH 23, 2023
Why your organization should consider an MDR solution and five key things to look for in a service offering The post Understanding Managed Detection and Response – and what to look for in an MDR solution appeared first on WeLiveSecurity
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
Dark Reading
MARCH 23, 2023
Cloud-based System of Trust application now available for test-driving quantitative risk assessment of suppliers of hardware, software, services.
The Hacker News
MARCH 23, 2023
In 2022 alone, global cyberattacks increased by 38%, resulting in substantial business loss, including financial and reputational damage. Meanwhile, corporate security budgets have risen significantly because of the growing sophistication of attacks and the number of cybersecurity solutions introduced into the market.
CSO Magazine
MARCH 23, 2023
Intel has introduced its 13 th Generation Core processor line, which the company claims is the first to build threat detection into hardware. In combination with endpoint detection and response (EDR) platforms from Intel partners, the new vPro processors promise a 70% reduction in attack surface compared to four-year-old PCs. Windows 11 systems can also take advantage of vPro’s memory encryption to provide better virtualization-based security.
WIRED Threat Level
MARCH 23, 2023
The embattled social media company brought out the checkbook to ensure at least 30 of its biggest assets—creators—were in DC to help fend off critics.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Bleeping Computer
MARCH 23, 2023
A malicious Python package on PyPI uses Unicode as an obfuscation technique to evade detection while stealing and exfiltrating developers' account credentials and other sensitive data from compromised devices. [.
WIRED Threat Level
MARCH 23, 2023
The interrogation of CEO Shou Zi Chew highlighted US lawmakers’ own failure to pass privacy legislation.
Security Affairs
MARCH 23, 2023
Researchers released a PoC exploit code for a high-severity vulnerability in Veeam Backup & Replication (VBR) software. Veeam recently addressed a high-severity flaw, tracked as CVE-2023-27532 , in Veeam Backup and Replication (VBR) software. An unauthenticated user with access to the Veeam backup service (TCP 9401 by default) can exploit the flaw to request cleartext credentials.
Malwarebytes
MARCH 23, 2023
Bitcoin ATMs have experienced a severe bout of cash drain after a zero-day bug was exploited to steal a total of $1.5 million in digital currency. The ATMs, located in various convenience stores, function along the lines of regular banking ATMs except your dealings are all in the cryptocurrency realm. As Ars Technica notes, a particular feature of the affected ATMs is the ability to upload video.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Expert insights. Personalized for you.
283 
Let's personalize your content