Schneier on Security
MARCH 24, 2023
In case you don’t have enough to worry about, people are hiding explosives —actual ones—in USB sticks: In the port city of Guayaquil, journalist Lenin Artieda of the Ecuavisa private TV station received an envelope containing a pen drive which exploded when he inserted it into a computer, his employer said. Artieda sustained slight injuries to one hand and his face, said police official Xavier Chango.
Tech Republic Security
MARCH 24, 2023
Cisco’s just-released 2023 Cybersecurity Index shows companies will invest more in security, but the solution may be a larger tent, not more umbrellas. The post Even after armed with defense tools, CISOs say successful cyberattacks are ‘inevitable’: New study appeared first on TechRepublic.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Schneier on Security
MARCH 24, 2023
My latest book continues to sell well. Its ranking hovers between 1,500 and 2,000 on Amazon. It’s been spied in airports. Reviews are consistently good. I have been enjoying giving podcast interviews. It all feels pretty good right now. You can order a signed book from me here. For those of you in New York, I’m giving at book talk at the Ford Foundation on Thursday, April 6.
Tech Republic Security
MARCH 24, 2023
Addressing cybersecurity can be a challenge when the focus is on speed in software development and production life cycles. The post DevSecOps puts security in the software cycle appeared first on TechRepublic.
Speaker: Erroll Amacker
Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.
Dark Reading
MARCH 24, 2023
In two days, ethical researchers from 10 countries have unearthed more than 22 zero-day bugs in a wide range of technologies at the annual hacking contest.
SecureList
MARCH 24, 2023
The security operations center (SOC) plays a critical role in protecting an organization’s assets and reputation by identifying, analyzing, and responding to cyberthreats in a timely and effective manner. Additionally, SOCs also help to improve overall security posture by providing add-on services like vulnerability identification, inventory tracking, threat intelligence, threat hunting, log management, etc.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
|
We Live Security
MARCH 24, 2023
As TikTok CEO attempts to placate U.S.
The Hacker News
MARCH 24, 2023
A recent campaign undertaken by Earth Preta indicates that nation-state groups aligned with China are getting increasingly proficient at bypassing security solutions. The threat actor, active since at least 2012, is tracked by the broader cybersecurity community under Bronze President, HoneyMyte, Mustang Panda, RedDelta, and Red Lich.
Jane Frankland
MARCH 24, 2023
I’m fresh out of the UN Women Commission on the Status of Women (CSW67) as a UN Women UK delegate, and when it comes to women supporting women my committment is as solid as ever. However, I want to take you back 8-years – to a day when I’d just started on the speaking circuit. I’d arrived at a London university to speak about women in cybersecurity and why they mattered.
Dark Reading
MARCH 24, 2023
A new threat actor is racking up victims and showing unusual agility. Part of its success could spring from the use of the Nim programming language.
Advertisement
Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.
Jane Frankland
MARCH 24, 2023
I’m fresh out of the UN Women Commission on the Status of Women (CSW67) as a UN Women UK delegate, and when it comes to women supporting women my committment is as solid as ever. However, I want to take you back 8-years – to a day when I’d just started on the speaking circuit. I’d arrived at a London university to speak about women in cybersecurity and why they mattered.
The Hacker News
MARCH 24, 2023
Microsoft on Friday shared guidance to help customers discover indicators of compromise (IoCs) associated with a recently patched Outlook vulnerability. Tracked as CVE-2023-23397 (CVSS score: 9.8), the critical flaw relates to a case of privilege escalation that could be exploited to steal NT Lan Manager (NTLM) hashes and stage a relay attack without requiring any user interaction.
Bleeping Computer
MARCH 24, 2023
Consumer goods giant Procter & Gamble has confirmed a data breach affecting an undisclosed number of employees after its GoAnywhere MFT secure file-sharing platform was compromised in early February. [.
Security Boulevard
MARCH 24, 2023
Not so long ago, bots were considered a modern-day convenience. Understandably so, bots have the potential to make enterprises more efficient with customer service or help to improve an enterprise’s standing on popular search engines. However, with their growing sophistication and scale in recent times, bots and botnets have become a source of concern for […] The post How to Distinguish Bot vs.
Advertisement
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
Heimadal Security
MARCH 24, 2023
Are you aware of QR code phishing or “quishing”? This form of social engineering attack is gaining popularity among cybercriminals eager to steal your data. In this article, we will find out what quishing is, how it works, and how to protect ourselves from it. Let’s dive in and learn about this latest threat in […] The post What Is Quishing: QR Code Phishing Explained appeared first on Heimdal Security Blog.
Security Boulevard
MARCH 24, 2023
Phishing attacks and brute force attacks are on the rise as cybercriminals evolve their attacks to mobile and personal communication channels, according to a report from SaaS Alerts. On average, there were approximately 40,000 brute attacks daily and 53% of all attempted unauthorized logins originated from China, Vietnam, India, Brazil and Korea, according to the.
Bleeping Computer
MARCH 24, 2023
Microsoft today published a detailed guide aiming to help customers discover signs of compromise via exploitation of a recently patched Outlook zero-day vulnerability. [.
Security Boulevard
MARCH 24, 2023
The digital landscape continues evolving with no signs of slowing down. As the volume and severity of cyberattacks intensify, IT and security leaders need effective, user-friendly solutions to help secure their privileged credentials, accounts and sessions. However, while privileged credentials remain some of the highest-value targets for cybercriminals, the cybersecurity industry is falling short–failing to.
Speaker: Sierre Lindgren
Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.
CSO Magazine
MARCH 24, 2023
WooCommerce, a popular plug-in for running WordPress-based online stores, contains a critical vulnerability that could allow attackers to take over websites. Technical details about the vulnerability have not been published yet, but the WooCommerce team released updates and attackers could reverse-engineer the patch. "Although what we know at this time is limited, what we do know is that the vulnerability allows for unauthenticated administrative takeover of websites," researchers from web secur
CyberSecurity Insiders
MARCH 24, 2023
Microsoft has detected that a Russian-affiliated hacking group dubbed Killnet has been targeting healthcare apps being hosted on the Azure cloud platform. The tech giant claims that the activity has occurred for over three months, i.e. between November 2022 and February 2023. Most were distributed denial of service attacks aka DDoS and a mixture of other attack patterns.
Bleeping Computer
MARCH 24, 2023
On the third day of the Pwn2Own hacking contest, security researchers were awarded $185,000 after demonstrating 5 zero-day exploits targeting Windows 11, Ubuntu Desktop, and the VMware Workstation virtualization software. [.
CSO Magazine
MARCH 24, 2023
MLflow, an open-source framework that's used by many organizations to manage their machine-learning tests and record results, received a patch for a critical vulnerability that could allow attackers to extract sensitive information from servers such as SSH keys and AWS credentials. The attacks can be executed remotely without authentication because MLflow doesn't implement authentication by default and an increasing number of MLflow deployments are directly exposed to the internet.
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
The Hacker News
MARCH 24, 2023
OpenAI on Friday disclosed that a bug in the Redis open source library was responsible for the exposure of other users' personal information and chat titles in the upstart's ChatGPT service earlier this week.
Dark Reading
MARCH 24, 2023
The second malicious ChatGPT extension for Chrome has been discovered, giving malicious actors access to users' Facebook accounts through stolen cookies.
Mitnick Security
MARCH 24, 2023
Cyberattacks have posed a significant threat to organizations across the world, creating an urgency to take the necessary measures to shore up your network security to prevent catastrophic damage to your business.
Identity IQ
MARCH 24, 2023
How to Prevent Tax Identity Theft IdentityIQ Every year, tax season presents a seasonal opportunity for criminals seeking monetary gain from identity theft. There are many ways that scammers may try to obtain personal information, but the end goal is to file a falsified tax return in the taxpayer’s name and claim a tax refund. The scheme may not be discovered until the taxpayer attempts to file a legitimate tax return when the criminal has moved on.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
CSO Magazine
MARCH 24, 2023
Italian cybersecurity firm Cleafy has found “Nexus”, a new Android Trojan capable of hijacking online accounts and siphoning funds from them, to be targeting customers from 450 banks and cryptocurrency services worldwide. First observed in June 2022 as a variant of SOVA, another Android banking Trojan, Nexus has since improved targeting capabilities and is available via a malware-as-a-service (MaaS) program for $3000 a month, and allows other attackers to rent or subscribe to the malware for per
IT Security Guru
MARCH 24, 2023
Software security company Synopsys have discovered a new remote code execution vulnerability (RCE) in the Pluck CMS system. Pluck is a content management system (CMS) implemented in PHP designed for setting up and managing your own website. Devised with ease of use and simplicity in mind, Pluck is best suited for running a small website. Pluck CMS features an “albums” module.
The Hacker News
MARCH 24, 2023
A malicious Python package on the Python Package Index (PyPI) repository has been found to use Unicode as a trick to evade detection and deploy an info-stealing malware. The package in question, named onyxproxy, was uploaded to PyPI on March 15, 2023, and comes with capabilities to harvest and exfiltrate credentials and other valuable data.
Dark Reading
MARCH 24, 2023
A contrarian mindset with applied imagination allows security professionals to assess problems in their organization, prevent failure, or mitigate vulnerabilities.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Expert insights. Personalized for you.
320 
Let's personalize your content