Schneier on Security

OCTOBER 2, 2023

The NSA is starting a new artificial intelligence security center: The AI security center’s establishment follows an NSA study that identified securing AI models from theft and sabotage as a major national security challenge, especially as generative AI technologies emerge with immense transformative potential for both good and evil. Nakasone said it would become “NSA’s focal point for leveraging foreign intelligence insights, contributing to the development of best practices g

Artificial Intelligence 322

Artificial Intelligence Technology Risk Cybersecurity 322

Krebs on Security

OCTOBER 2, 2023

Many organizations — including quite a few Fortune 500 firms — have exposed web links that allow anyone to initiate a Zoom video conference meeting as a valid employee. These company-specific Zoom links, which include a permanent user ID number and an embedded passcode, can work indefinitely and expose an organization’s employees, customers or partners to phishing and other social engineering attacks.

Engineering 321

Engineering Encryption Social Engineering Healthcare 321

The Last Watchdog

OCTOBER 2, 2023

Surrounded by the invisible hum of electromagnetic energy, we’ve harnessed its power to fuel our technological marvels for decades. Related: MSFT CEO calls for regulating facial recognition tech Tesla’s visionary insights from 1900 hinted at the potential, and today, we bask in the glow of interconnected networks supporting our digital lives.

Mobile 203

Mobile Technology Surveillance Education 203

Tech Republic Security

OCTOBER 2, 2023

Don't be surprised when connecting multiple iPhones to one Apple ID. Learn how to prevent common errors and issues with this guide.

Mobile 193

Mobile 193

Speaker: Erroll Amacker

Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.

Risk

Thales Cloud Protection & Licensing

OCTOBER 2, 2023

Cybersecurity Awareness Month 2023 – What it is and why we should be aware madhav Tue, 10/03/2023 - 05:33 The inception of Cybersecurity Awareness Month in 2004 came at a critical juncture in our technological history. As we are well and truly in the digital-first age, the need for robust cybersecurity measures is glaringly evident. Though significant, the early days' threats vastly differed from today's sophisticated cyberattacks.

Cybersecurity 149

Cybersecurity Cyber threats Authentication Phishing 149

Tech Republic Security

OCTOBER 2, 2023

In this comprehensive review of Cyberghost VPN, we cover its features, pricing, security, and overall performance. Find out if this is the right VPN for you.

VPN 173

VPN 173

Tech Republic Security

OCTOBER 2, 2023

In the current business environment, it is almost inevitable that an organization will experience a security breach that exposes collected personal data to unauthorized access. Under the provisions of the General Data Protection Regulation, regardless of the severity of the security breach, organizations must inform their EU customers and stakeholders of the incident in a.

Data breaches 167

Data breaches 167

WIRED Threat Level

OCTOBER 2, 2023

A software company sold a New Jersey police department an algorithm that was right less than 1 percent of the time.

Software 141

Software 141

Bleeping Computer

OCTOBER 2, 2023

For Windows users who frequently use the TorBrowser, there's been a pressing concern. Recent versions of the TorBrowser, specifically because of the tor.exe file it contained, were being flagged as potential threats by Windows Defender. [.

Malware 140

Malware Software 140

NSTIC

OCTOBER 2, 2023

October is always an exciting time for us as we celebrate Cybersecurity Awareness Month and some of NIST’s greatest accomplishments, resources, guidance, and latest news in the cybersecurity space. This year is a big one because 2023 marks the 20 th anniversary of this important initiative —and we will celebrate in various ways every day throughout the month.

Cybersecurity 139

Cybersecurity Accountability 139

Advertisement

Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.

Cyber threats

Security Affairs

OCTOBER 2, 2023

The European Telecommunications Standards Institute (ETSI) disclosed a data breach, threat actors had access to a database of its users. Threat actors stole a database containing the list of users of the portal of the European Telecommunications Standards Institute ( ETSI ). The European Telecommunications Standards Institute is an independent, not-for-profit organization based in Europe.

Telecommunications 136

Telecommunications Data breaches Technology Passwords 136

IT Security Guru

OCTOBER 2, 2023

Cybercriminal tactics continue to grow in number and advance in ability; in response, many organisations have seen the need to reach a security posture where their teams can proactively combat threats. Threat hunting plays a pivotal role in modern organisations’ cybersecurity strategies. It involves actively searching for signs of advanced threats and vulnerabilities beyond passive defence mechanisms.

Technology 133

Technology Penetration Testing Threat Detection Data collection 133

Security Affairs

OCTOBER 2, 2023

The National Logistics Portal (NLP), a newly launched platform to manage all port operations in India, left public access to sensitive data, posing the risk of a potential takeover by threat actors. On September 24th, researchers discovered that the NLP platform was exposing sensitive credentials, secrets, and encryption keys via publicly available JS files.

Encryption 131

Encryption Risk Hacking Ransomware 131

The Hacker News

OCTOBER 2, 2023

A financially motivated campaign has been targeting online payment businesses in the Asia Pacific, North America, and Latin America with web skimmers for more than a year. The BlackBerry Research and Intelligence Team is tracking the activity under the name Silent Skimmer, attributing it to an actor who is knowledgeable in the Chinese language.

131

131

Advertisement

The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.

Cybersecurity

Bleeping Computer

OCTOBER 2, 2023

The FBI issued a public service announcement warning of a significant increase in 'phantom hacker' scams targeting senior citizens across the United States. [.

Scams 129

Scams 129

Security Affairs

OCTOBER 2, 2023

Experts warn of threat actors actively exploiting CVE-2023-40044 flaw in recently disclosed flaw in Progress Software’s WS_FTP products. Progress Software recently warned customers to address a critical severity vulnerability, tracked as CVE-2023-40044 (CVSS score 10), in its WS_FTP Server software which is used by thousands of IT teams worldwide.

Authentication 128

Authentication Software Internet Internet 128

Dark Reading

OCTOBER 2, 2023

Once they compromise an victim with an initial ransomware attack, threat actors are ready to deploy a secondary attack with a different strain, which could leave even more damage.

Ransomware 125

Ransomware 125

The Hacker News

OCTOBER 2, 2023

Introduction In today's interconnected digital ecosystem, Application Programming Interfaces (APIs) play a pivotal role in enabling seamless communication and data exchange between various software applications and systems. APIs act as bridges, facilitating the sharing of information and functionalities.

Risk 122

Risk Software 122

Speaker: Sierre Lindgren

Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.

Scams

Bleeping Computer

OCTOBER 2, 2023

Over the weekend, security researchers released a proof-of-concept (PoC) exploit for a maximum severity remote code execution vulnerability in Progress Software's WS_FTP Server file sharing platform. [.

Software 120

Software 120

The Hacker News

OCTOBER 2, 2023

Arm has released security patches to contain a security flaw in the Mali GPU Kernel Driver that has come under active exploitation in the wild.

121

121

WIRED Threat Level

OCTOBER 2, 2023

Victims of the MOVEit breach continue to come forward. But the full scale of the attack is still unknown.

Hacking 119

Hacking 119

Dark Reading

OCTOBER 2, 2023

The Lazarus Group's "LightlessCan" malware executes multiple native Windows commands within the RAT itself, making detection significantly harder, security vendor says.

Malware 119

Malware 119

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

Bleeping Computer

OCTOBER 2, 2023

Security researchers discovered a new malware-as-a-service (MaaS) named 'BunnyLoader' advertised on multiple hacker forums as a fileless loader that can steal and replace the contents of the system clipboard. [.

Malware 118

Malware Advertising 118

SecureWorld News

OCTOBER 2, 2023

As we embark on the 20th anniversary of Cybersecurity Awareness Month this October, SecureWorld proudly steps forward to champion the 2023 theme, "Secure Our World." This year marks a significant milestone in the ongoing initiative to bolster cybersecurity awareness, and SecureWorld is at the forefront, connecting the #SecureOurWorld theme directly with our mission and contributions to the cybersecurity community.

Cybersecurity 118

Cybersecurity Education Cybercrime Technology 118

The Hacker News

OCTOBER 2, 2023

A high-severity security flaw has been disclosed in the open-source OpenRefine data cleanup and transformation tool that could result in arbitrary code execution on affected systems. Tracked as CVE-2023-37476 (CVSS score: 7.8), the vulnerability is a Zip Slip vulnerability that could have adverse impacts when importing a specially crafted project in versions 3.7.3 and below.

117

117

Veracode Security

OCTOBER 2, 2023

To secure our world, Cybersecurity Awareness Month encourages four steps that make it easy to stay safe online. As a CISO, my team and I advocate for these practices constantly within our organization. If you are a security practitioner looking to bolster cybersecurity awareness, here’s a brief look at how we explain these steps to help make staying safe online easier.

CISO 115

CISO Software Cybersecurity 115

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

The Hacker News

OCTOBER 2, 2023

LUCR-3 overlaps with groups such as Scattered Spider, Oktapus, UNC3944, and STORM-0875 and is a financially motivated attacker that leverages the Identity Provider (IDP) as initial access into an environment with the goal of stealing Intellectual Property (IP) for extortion.

Retail 116

Retail Software 116

Dark Reading

OCTOBER 2, 2023

PCI DSS v4.0 is the future of the payment card industry's information security standard, but businesses must continue to look beyond this guidance and engage in proactive strategies of their own.

Cybersecurity 113

Cybersecurity Information Security 113

Digital Guardian

OCTOBER 2, 2023

File security is integral to effective cybersecurity. In today's blog we dig into the difference between file security and data security, best practices, and tools to implement for file security.

Cybersecurity 112

Cybersecurity 112

Dark Reading

OCTOBER 2, 2023

The royal takedown was a brief but effective PR stunt for Russia's most notorious hacktivist group.

DDOS 112

DDOS 112

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!