Schneier on Security

NOVEMBER 21, 2022

Brian Krebs writes about how the Zeppelin ransomware encryption scheme was broken: The researchers said their break came when they understood that while Zeppelin used three different types of encryption keys to encrypt files, they could undo the whole scheme by factoring or computing just one of them: An ephemeral RSA-512 public key that is randomly generated on each machine it infects. “If we can recover the RSA-512 Public Key from the registry, we can crack it and get the 256-bit AES Key

Encryption 262

Encryption Ransomware Advertising Cybersecurity 262

Tech Republic Security

NOVEMBER 21, 2022

Now that attackers can phish employees on any device and try to extract credentials, endpoint protection has to cover more than just Windows. The post Microsoft Defender protects Mac and Linux from malicious websites appeared first on TechRepublic.

Phishing 212

Phishing Software 212

Security Affairs

NOVEMBER 21, 2022

A researcher published details and proof-of-concept (PoC) code for High-Severity macOS Sandbox escape vulnerability tracked as CVE-2022-26696. Researcher Wojciech Regu?a (@_r3ggi) of SecuRing published technical details and proof-of-concept (PoC) code for a macOS sandbox escape vulnerability tracked as CVE-2022-26696 (CVSS score of 7.8). In a wrap-up published by Regula, the researcher observed that the problem is caused by a strange behavior he observed in a sandboxed macOS app that may launc

Hacking 143

Hacking Information Security 143

Tech Republic Security

NOVEMBER 21, 2022

Is VOIP secure? Can VOIP be hacked? Learn about why VOIP security is important and the best practices for your business to consider with our guide. The post 9 VOIP security best practices to consider for your business appeared first on TechRepublic.

Hacking 152

Hacking 152

Speaker: William Hord, Senior VP of Risk & Professional Services

Enterprise Risk Management (ERM) is critical for industry growth in today’s fast-paced and ever-changing risk landscape. When building your ERM program foundation, you need to answer questions like: Do we have robust board and management support? Do we understand and articulate our bank’s risk appetite and how that impacts our business units? How are we measuring and rating our risk impact, likelihood, and controls to mitigate our risk?

Banking

Security Boulevard

NOVEMBER 21, 2022

Cyberthreats adversely impact your SaaS applications and data. Here’s a look at how phishing affects your Microsoft 365 and Google Workspace environment. The post How Phishing Attacks Ruin Microsoft 365 and Google Workspace appeared first on Security Boulevard.

Phishing 137

Phishing Backups Ransomware Risk 137

CyberSecurity Insiders

NOVEMBER 21, 2022

In December 2021, Google’s Threat Analysis Group (TAG) discovered the intense activities being conducted by Glupteba Botnet on the internet and filed a lawsuit in a district court of New York. A report was submitted, and it was clearly mentioned in it that two Russian nations were operating this botnet group that works differently from the other conventional groups of botnets.

Cryptocurrency 130

Cryptocurrency IoT Cybersecurity Internet 130

eSecurity Planet

NOVEMBER 21, 2022

The Microsoft Detection and Response Team (DART) recently warned that attackers are increasingly using token theft to circumvent multi-factor authentication (MFA). “By compromising and replaying a token issued to an identity that has already completed multifactor authentication, the threat actor satisfies the validation of MFA and access is granted to organizational resources accordingly,” the team wrote in a blog post.

Phishing 123

Phishing Malware Authentication Passwords 123

CSO Magazine

NOVEMBER 21, 2022

The ability for employees to work remotely comes with many benefits, from better work-life balance to lower expenses to higher productivity. But a widely dispersed workforce can pose some great challenges for security teams, not least of which is how remote work affects security incident reporting. With companies growing more accustomed to implementing security technologies and processes better attuned to mass remote working, incident reporting has the potential to become a major stumbling block

Technology 109

Technology 109

CyberSecurity Insiders

NOVEMBER 21, 2022

United States has stopped semiconductor exports to China as it wanted to halt the development of AI projects in the Xi Jinping led nation. But trade analysts suggest the move could trigger major concerns and could backfire by putting a permanent dent to the GDP of America. Speaking the same at the Bloomberg’s New Economy Forum in Singapore, Ken Griffin, the CEO of Citadel, added that a hit between 5% and 10% could be observed, if this continues, pushing the entire economic activity into great de

Artificial Intelligence 105

Artificial Intelligence Surveillance Cybersecurity Software 105

Security Affairs

NOVEMBER 21, 2022

Experts from Cyble Research and Intelligence Labs (CRIL) discovered three new ransomware families: AXLocker, Octocrypt, and Alice Ransomware. Threat intelligence firm Cyble announced the discovery of three new ransomware families named AXLocker, Octocrypt, and Alice Ransomware. The AXLocker ransomware encrypts victims’ files and steals Discord tokens from the infected machine.

Ransomware 101

Ransomware Encryption Malware Hacking 101

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

Risk

CyberSecurity Insiders

NOVEMBER 21, 2022

AirAsia, one of the noted airliners of Malaysia, has apparently been hit by a cyber attack of ransomware variant and Daixin Team Group is claiming to have accessed over 5 million records of customers and staff and has allegedly released two spreadsheets proving its claims as true. The Kuala Lumpur based airlines that offer flight services to over 165 destinations- all with the help of 22,000 employees worldwide is taking all measures to contain the repercussions arising from the attack.

Ransomware 102

Ransomware Cyber Attacks Malware Encryption 102

Dark Reading

NOVEMBER 21, 2022

Following the dollars reveals pen-test and intrusion-detection startups are the most attractive to investors right now, collectively getting more than $3 billion in funding.

Cybersecurity 101

Cybersecurity 101

Security Boulevard

NOVEMBER 21, 2022

Wiz today announced it added a data security posture management (DSPM) module to its cloud-native application protection platform (CNAPP) that makes it simpler to prioritize remediation efforts based on the value of the data that might be compromised. Wiz CTO Ami Luttwak said rather than presenting development teams with a long list of vulnerabilities, it’s.

Cybersecurity 98

Cybersecurity 98

Dark Reading

NOVEMBER 21, 2022

Luna Moth is relying solely on call-back phishing, as well as legitimate tools, to steal data and extract ransoms from victims of all stripes in an expanding cyberattack effort.

Malware 99

Malware Phishing 99

Speaker: Dr. Karen Hardy, CEO and Chief Risk Officer of Strategic Leadership Advisors LLC

Communication is a core component of a resilient organization's risk management framework. However, risk communication involves more than just reporting information and populating dashboards, and we may be limiting our skillset. Storytelling is the ability to express ideas and convey messages to others, including stakeholders. When done effectively, it can help interpret complex risk environments for leaders and inform their decision-making.

Risk

Security Boulevard

NOVEMBER 21, 2022

Employee Onboarding effectiveness defines whether your employee will be engaged or disengaged at work, depending on the impression created on them. Poorly managed onboarding can lead to abandonment, especially for youngsters. According to an SHRM article: 69% of employees stay longer with good onboarding A structured onboarding program will make 58% of employees stay up […].

98

98

Digital Guardian

NOVEMBER 21, 2022

No matter what form they take, trade secrets can be incredibly valuable to a business. We asked 28 IP experts and business leaders what their most important tips are for keeping them safe.

98

98

Security Boulevard

NOVEMBER 21, 2022

Today, 90% of organizations are operating in hybrid and multi-cloud environments—a number that has increased over the past two years due to the acceleration of digital transformation efforts required to support a hybrid workforce. While this flexibility and agility enable the remote workforce and faster application delivery, the proliferation of multiple parallel infrastructures has also.

Digital transformation 98

Digital transformation Security Awareness Network Security Cybersecurity 98

Bleeping Computer

NOVEMBER 21, 2022

An information-stealing Google Chrome browser extension named 'VenomSoftX' is being deployed by Windows malware to steal cryptocurrency and clipboard contents as users browse the web. [.].

Cryptocurrency 96

Cryptocurrency Passwords Malware 96

Speaker: Ronald Eddings, Cybersecurity Expert and Podcaster

So, you’ve accomplished an organization-wide SaaS adoption. It started slow, and now just a few team members might be responsible for running Salesforce, Slack, and a few others applications that boost productivity, but it’s all finished. Or is it? Through all the benefits offered by SaaS applications, it’s still a necessity to onboard providers as quickly as possible.

Risk

Security Boulevard

NOVEMBER 21, 2022

It’s wild to think that 2022 is wrapping up and that many of us are prepping for what’s next in 2023. As the new year fast approaches, it’s time to consider what Kubernetes open source tools you need in 2023. . The post Top 4 Kubernetes Open Source Tools You Need in 2023 appeared first on Security Boulevard.

98

98

Security Affairs

NOVEMBER 21, 2022

Google won a lawsuit filed against two Russian nationals involved in the operations of the Glupteba botnet. This week, Google announced it has won a nearly year-long legal battle against the Glupteba botnet. Glupteba is a highly sophisticated botnet composed of millions of compromised Windows devices. Unlike other botnets, Gluteba leverages cryptocurrency blockchains as a command-and-control mechanism in an attempt to make it more resilient to takeover. “This means that a conventional bo

Cybercrime 96

Cybercrime Malware Hacking Cryptocurrency 96

Security Boulevard

NOVEMBER 21, 2022

William Dubin, a licensed psychologist in Austin, Texas, provided psychological services to a youth facility known as Williams House. As part of a kickback scheme with the head of Williams House, Dubin had Williams House employees conduct intake of kids admitted to the facility, and then Dubin claimed that these assessments were done by himself, The post Supreme Court to Consider Identity Theft Case appeared first on Security Boulevard.

Identity Theft 98

Identity Theft Cybersecurity 98

Bleeping Computer

NOVEMBER 21, 2022

The Google Cloud Threat Intelligence team has open-sourced YARA Rules and a VirusTotal Collection of indicators of compromise (IOCs) to help defenders detect Cobalt Strike components in their networks. [.].

92

92

Speaker: Ryan McInerny, CAMS, FRM, MSBA - Principal, Product Strategy

Cryptocurrency and non-fungible tokens (NFTs) - what are they and why should you care? With 20% of Americans owning cryptocurrencies, speaking "fluent crypto" in the financial sector ensures you are prepared to discuss growth and risk management strategies when the topic arises. Join this exclusive webinar with Ryan McInerny to learn: Cryptocurrency asset market trends How to manage risk and compliance to serve customers safely Best practices for identifying crypto transactions and companies Rev

Cryptocurrency

Security Boulevard

NOVEMBER 21, 2022

CyberStrong dashboards allow security professionals to aggregate and consolidate data into useful, presentable, easy-to-understand images that visualize cybersecurity posture in real-time. Leaders can see program data from a single pane of glass without relying on disparate reporting functions by taking an integrated risk management approach to cyber security risk management.

Cybersecurity 98

Cybersecurity Risk Government Cyber Risk 98

CSO Magazine

NOVEMBER 21, 2022

Palo Alto’s Unit 42 has investigated several incidents linked to the Luna Moth group callback phishing extortion campaign targeting businesses in multiple sectors, including legal and retail. The analysis discovered that the threat actors behind the campaign leverage extortion without malware-based encryption, have significantly invested in call centers and infrastructure unique to attack targets, and are evolving their tactics over time.

Phishing 91

Phishing Malware Antivirus Ransomware 91

Security Boulevard

NOVEMBER 21, 2022

Threat actors are turning their attention to the aviation industry post-pandemic, but what motivations and challenges are causing the rise? Read more. The post Aviation Starting to Get Hit with Rise of Cyberattacks Post-Pandemic appeared first on Security Boulevard.

98

98

Dark Reading

NOVEMBER 21, 2022

Check out our slideshow of 10 fun games and toys that teach programming principles, electronics, and engineering concepts to get kids ready to hack the planet.

Hacking 96

Hacking Engineering 96

Speaker: Karl Camilleri, Cloud Services Product Manager at phoenixNAP

Did you know that 2021 was a record-breaking year for ransomware? The days of a “once in a while” attack against businesses and organizations are over. Cyberthreats have become a serious issue. With 495.1 million attacks, the threat marked a 148% increase compared to 2020 and was the most expensive year on record! As a result, data protection needs to be a concern for most banks, businesses, and information technology specialists.

Ransomware

Security Boulevard

NOVEMBER 21, 2022

Introduction Every technology has its downside. Likewise, internet use also has its drawback of cyber threats, which we already know. All the companies are struggling to secure their virtual assets from cyber-attacks to run a successful business. But the threat possibilities are worsening with new concepts like working from remote locations and cloud computing.

Cyber threats 98

Cyber threats Cyber Attacks Internet Internet 98

Security Affairs

NOVEMBER 21, 2022

Researchers at Google Cloud identified 34 different hacked release versions of the Cobalt Strike tool in the wild. Cobalt Strike is a paid penetration testing product that allows an attacker to deploy an agent named ‘Beacon’ on the victim machine. The Beacon includes a wealth of functionality for the attacker, including, but not limited to command execution, key logging, file transfer, SOCKS proxying, privilege escalation, mimikatz, port scanning and lateral movement. .

Penetration Testing 90

Penetration Testing Hacking Cybersecurity Information Security 90

Security Boulevard

NOVEMBER 21, 2022

You might already be using a Cloud IDE for certain projects. This exciting evolution of the local dev environment has a lot of advantages but also brings some new risks. This article will help you stay safe as you embrace the cloud for your coding needs. The post Securing The New Frontier in Developer Environments: Cloud IDEs appeared first on Security Boulevard.

Risk 97

Risk 97

Heimadal Security

NOVEMBER 21, 2022

Ten people have been charged by the U.S. Department of Justice (DOJ) for their alleged roles in business email compromise (BEC) scams. These scams were aimed at a wide range of victims, including federal funding programs like Medicare and Medicaid. More than $11.1 million was lost as a result of these attacks, with the money […]. The post 10 Suspects Charged for BEC Scams Targeting Federal Funding Programs appeared first on Heimdal Security Blog.

Scams 89

Scams Cybersecurity 89

Speaker: Alex Jiménez, Managing Principal, Financial Service Consulting for EPAM

Global economic conditions are soft at best. From a budget standpoint, US banks are feeling the pinch. Many US banks are bracing for increased defaults and lower demand for mortgages and other loans as interest rates have increased. The largest banks have increased reserves to protect against deteriorating economic conditions. Should banks delay their digital transformation investments and focus on cost reductions?

Digital transformation