Mon.Nov 21, 2022

Breaking the Zeppelin Ransomware Encryption Scheme

Schneier on Security

Expert published PoC exploit code for macOS sandbox escape flaw

Security Affairs

A researcher published details and proof-of-concept (PoC) code for High-Severity macOS Sandbox escape vulnerability tracked as CVE-2022-26696. Researcher Wojciech Regu?a

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Details of Google going against Glupteba Botnet Operators

CyberSecurity Insiders

In December 2021, Google’s Threat Analysis Group (TAG) discovered the intense activities being conducted by Glupteba Botnet on the internet and filed a lawsuit in a district court of New York.

Microsoft Defender protects Mac and Linux from malicious websites

Tech Republic Security

Now that attackers can phish employees on any device and try to extract credentials, endpoint protection has to cover more than just Windows. The post Microsoft Defender protects Mac and Linux from malicious websites appeared first on TechRepublic. Microsoft Security Software security software

Successful Change Management with Enterprise Risk Management

Speaker: William Hord, Vice President of ERM Services

Join us as we discuss the various tangents of data and the change management process that will help you make better risk-based business decisions to save time and money for your organization.

AirAsia Ransomware Attack by Daixin

CyberSecurity Insiders

AirAsia, one of the noted airliners of Malaysia, has apparently been hit by a cyber attack of ransomware variant and Daixin Team Group is claiming to have accessed over 5 million records of customers and staff and has allegedly released two spreadsheets proving its claims as true.

How social media scammers buy time to steal your 2FA codes

Naked Security

The warning is hosted on a real Facebook page; the phishing uses HTTPS via a real Google server. but the content is all fake. Facebook Phishing Privacy lockout phishing Scam

Media 84

More Trending

Achieve Defense-in-Depth in Multi-Cloud Environments

Security Boulevard

Today, 90% of organizations are operating in hybrid and multi-cloud environments—a number that has increased over the past two years due to the acceleration of digital transformation efforts required to support a hybrid workforce.

Octocrypt, Alice, and AXLocker Ransomware, new threats in the wild

Security Affairs

Experts from Cyble Research and Intelligence Labs (CRIL) discovered three new ransomware families: AXLocker, Octocrypt, and Alice Ransomware. Threat intelligence firm Cyble announced the discovery of three new ransomware families named AXLocker, Octocrypt, and Alice Ransomware.

Supreme Court to Consider Identity Theft Case

Security Boulevard

William Dubin, a licensed psychologist in Austin, Texas, provided psychological services to a youth facility known as Williams House.

9 VOIP security best practices to consider for your business

Tech Republic Security

Is VOIP secure? Can VOIP be hacked? Learn about why VOIP security is important and the best practices for your business to consider with our guide. The post 9 VOIP security best practices to consider for your business appeared first on TechRepublic. Security VOIP security

Cover Your SaaS: How to Overcome Security Challenges and Risks For Your Organization

Speaker: Ronald Eddings, Cybersecurity Expert and Podcaster

In this webinar, Ronald Eddings, Cybersecurity Expert, will outline the relationship between SaaS apps and IT & security teams, along with several actionable solutions to overcome the new difficulties facing your organization.

CyberStrong’s Cybersecurity Dashboard Capabilities

Security Boulevard

CyberStrong dashboards allow security professionals to aggregate and consolidate data into useful, presentable, easy-to-understand images that visualize cybersecurity posture in real-time.

Microsoft Warns of Rise in Stolen Cloud Tokens Used to Bypass MFA

Dark Reading

Analysts see an uptick in token theft from authenticated users, allowing threat actors to bypass MFA protections

4 ways GitOps can help secure your software pipeline

Security Boulevard

The post 4 ways GitOps can help secure your software pipeline appeared first on Security Boulevard. Security Bloggers Network Dev & DevSecOps

Google won a lawsuit against the Glupteba botnet operators

Security Affairs

Google won a lawsuit filed against two Russian nationals involved in the operations of the Glupteba botnet. This week, Google announced it has won a nearly year-long legal battle against the Glupteba botnet.

How Preparation and Strategy Can Be Used to Fight and Defeat Any Ransomware Attack

Speaker: Karl Camilleri, Cloud Services Product Manager at phoenixNAP

Through a detailed analysis of major attacks and their consequences, Karl Camilleri, Cloud Services Product Manager at phoenixNAP, will discuss the state of ransomware and future predictions, as well as provide best practices for attack prevention and recovery.

How Phishing Attacks Ruin Microsoft 365 and Google Workspace

Security Boulevard

Cyberthreats adversely impact your SaaS applications and data. Here’s a look at how phishing affects your Microsoft 365 and Google Workspace environment. The post How Phishing Attacks Ruin Microsoft 365 and Google Workspace appeared first on Security Boulevard.

Autonomous Vehicles Join the List of US National Security Threats

WIRED Threat Level

Lawmakers are growing concerned about a flood of data-hungry cars from China taking over American streets. Security Security / National Security

74

Top 4 Kubernetes Open Source Tools You Need in 2023

Security Boulevard

It’s wild to think that 2022 is wrapping up and that many of us are prepping for what’s next in 2023. As the new year fast approaches, it’s time to consider what Kubernetes open source tools you need in 2023. .

81

Luna Moth's Novel, Malware-Free Extortion Campaign Takes Flight

Dark Reading

Luna Moth is relying solely on call-back phishing, as well as legitimate tools, to steal data and extract ransoms from victims of all stripes in an expanding cyberattack effort

How to Avoid the Pain and Cost of PCI Compliance While Optimizing Payments

Speaker: P. Andrew Sjogren, Sr. Product Marketing Manager at Very Good Security, Matt Doka, Co-Founder and CTO of Fivestars, and Steve Andrews, President & CEO of the Western Bankers Association 

In this webinar, we have a great set of panelists who will take you through how Zero Data strategies can be used as part of a well-rounded compliance and security approach, and get you to market much sooner by also allowing for payment optimization. They’ll share how to grow your business faster and minimize costs for both security and compliance

Best Practices, Challenges and Trends in Employee Onboarding for BPOs

Security Boulevard

Employee Onboarding effectiveness defines whether your employee will be engaged or disengaged at work, depending on the impression created on them. Poorly managed onboarding can lead to abandonment, especially for youngsters.

80

Major Security Breach From Business Users' Low-Code Apps Could Come in 2023, Analysts Warn

Dark Reading

Here's what that means about our current state as an industry, and why we should be happy about it

72

Aviation Starting to Get Hit with Rise of Cyberattacks Post-Pandemic

Security Boulevard

Threat actors are turning their attention to the aviation industry post-pandemic, but what motivations and challenges are causing the rise? Read more. The post Aviation Starting to Get Hit with Rise of Cyberattacks Post-Pandemic appeared first on Security Boulevard. Security Bloggers Network

77

Google provides rules to detect tens of cracked versions of Cobalt Strike

Security Affairs

Researchers at Google Cloud identified 34 different hacked release versions of the Cobalt Strike tool in the wild. Cobalt Strike is a paid penetration testing product that allows an attacker to deploy an agent named ‘Beacon’ on the victim machine.

Back to the Office: Privacy and Security Solutions to Compliance Issues for 2021 and Beyond

Speaker: Mike Cramer, Director of HIPAA & Data Security at The Word & Brown Companies

Now that companies are slowly allowing employees to return to work at the office, it's time to re-evaluate your company’s posture towards privacy and security. Join Mike Cramer, Director of HIPAA & Data Security at The Word & Brown Companies, for a discussion that will focus on compliance and the types of privacy and security measures your company should be aware of, as well as tips and methods for implementing these measures.

Wiz Adds Data Security Posture Module to CNAPP

Security Boulevard

Wiz today announced it added a data security posture management (DSPM) module to its cloud-native application protection platform (CNAPP) that makes it simpler to prioritize remediation efforts based on the value of the data that might be compromised.

Investors Are Pouring Cash Into These 10 Cybersecurity Startups

Dark Reading

Following the dollars reveals pen-test and intrusion-detection startups are the most attractive to investors right now, collectively getting more than $3 billion in funding

Securing The New Frontier in Developer Environments: Cloud IDEs

Security Boulevard

You might already be using a Cloud IDE for certain projects. This exciting evolution of the local dev environment has a lot of advantages but also brings some new risks. This article will help you stay safe as you embrace the cloud for your coding needs.

Risk 71

#BeCyberSmart All Year Round With Educational Resources From Microsoft

Dark Reading

Improved cyber hygiene keeps users and their identities, devices, and data more secure and reduces the organization’s risk exposure

Security Incident Response in the Cloud: A Few Ideas

Anton on Security

This quick blog is essentially a summary of our (joint with Marshall from Mandiant ) Google Cloud Next 2022 conference presentation ( video ) and a pointer to a just-released podcast on the same topic?—?security security incident response (IR) in public cloud. In our Next presentation , we only had 18.5 minutes to present a few fun and insightful things about security incident response in the cloud. Here’s what we decided.

A Leak Details Apple's Secret Dirt on Corellium, a Trusted Security Startup

WIRED Threat Level

A 500-page document reviewed by WIRED shows that Corellium engaged with several controversial companies, including spyware maker NSO Group. Security Security / National Security Security / Privacy

Better Together: Why It's Time for Ops and Security to Converge

Dark Reading

Threat actors are becoming only more sophisticated and determined

68

Microsoft Warns of Surge in Token Theft, Bypassing MFA

eSecurity Planet

The Microsoft Detection and Response Team (DART) recently warned that attackers are increasingly using token theft to circumvent multi-factor authentication (MFA).

Time to Get Kids Hacking: Our 2022 Holiday Gift Guide

Dark Reading

Check out our slideshow of 10 fun games and toys that teach programming principles, electronics, and engineering concepts to get kids ready to hack the planet

BSidesKC 2022 – Michael James’ ‘Why OSINT?’

Security Boulevard

Our sincere thanks to BSidesKC 2022 for publishing their outstanding conference videos on the organization's YouTube channel. Permalink. The post BSidesKC 2022 – Michael James’ ‘Why OSINT?’ ’ appeared first on Security Boulevard. Network Security Security Bloggers Network appsec education BSidesKC BSidesKC 2022 Cyber Security cybersecurity education Information Security Infosecurity Education Physical Security Security BSides Security Conferences Security Education