Schneier on Security
MARCH 24, 2023
In case you don’t have enough to worry about, people are hiding explosives —actual ones—in USB sticks: In the port city of Guayaquil, journalist Lenin Artieda of the Ecuavisa private TV station received an envelope containing a pen drive which exploded when he inserted it into a computer, his employer said. Artieda sustained slight injuries to one hand and his face, said police official Xavier Chango.
Tech Republic Security
MARCH 24, 2023
Cisco’s just-released 2023 Cybersecurity Index shows companies will invest more in security, but the solution may be a larger tent, not more umbrellas. The post Even after armed with defense tools, CISOs say successful cyberattacks are ‘inevitable’: New study appeared first on TechRepublic.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Schneier on Security
MARCH 24, 2023
My latest book continues to sell well. Its ranking hovers between 1,500 and 2,000 on Amazon. It’s been spied in airports. Reviews are consistently good. I have been enjoying giving podcast interviews. It all feels pretty good right now. You can order a signed book from me here. For those of you in New York, I’m giving at book talk at the Ford Foundation on Thursday, April 6.
Tech Republic Security
MARCH 24, 2023
Addressing cybersecurity can be a challenge when the focus is on speed in software development and production life cycles. The post DevSecOps puts security in the software cycle appeared first on TechRepublic.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Jane Frankland
MARCH 24, 2023
I’m fresh out of the UN Women Commission on the Status of Women (CSW67) as a UN Women UK delegate, and when it comes to women supporting women my committment is as solid as ever. However, I want to take you back 8-years – to a day when I’d just started on the speaking circuit. I’d arrived at a London university to speak about women in cybersecurity and why they mattered.
Dark Reading
MARCH 24, 2023
In two days, ethical researchers from 10 countries have unearthed more than 22 zero-day bugs in a wide range of technologies at the annual hacking contest.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Bleeping Computer
MARCH 24, 2023
Consumer goods giant Procter & Gamble has confirmed a data breach affecting an undisclosed number of employees after its GoAnywhere MFT secure file-sharing platform was compromised in early February. [.
Dark Reading
MARCH 24, 2023
GitHub hastens to replace its RSA SSH host key after an exposure mishap threatens users with man-in-the-middle attacks and organization impersonation.
Security Boulevard
MARCH 24, 2023
Not so long ago, bots were considered a modern-day convenience. Understandably so, bots have the potential to make enterprises more efficient with customer service or help to improve an enterprise’s standing on popular search engines. However, with their growing sophistication and scale in recent times, bots and botnets have become a source of concern for […] The post How to Distinguish Bot vs.
Bleeping Computer
MARCH 24, 2023
Microsoft today published a detailed guide aiming to help customers discover signs of compromise via exploitation of a recently patched Outlook zero-day vulnerability. [.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Security Boulevard
MARCH 24, 2023
Phishing attacks and brute force attacks are on the rise as cybercriminals evolve their attacks to mobile and personal communication channels, according to a report from SaaS Alerts. On average, there were approximately 40,000 brute attacks daily and 53% of all attempted unauthorized logins originated from China, Vietnam, India, Brazil and Korea, according to the.
Bleeping Computer
MARCH 24, 2023
On the third day of the Pwn2Own hacking contest, security researchers were awarded $185,000 after demonstrating 5 zero-day exploits targeting Windows 11, Ubuntu Desktop, and the VMware Workstation virtualization software. [.
Security Boulevard
MARCH 24, 2023
The digital landscape continues evolving with no signs of slowing down. As the volume and severity of cyberattacks intensify, IT and security leaders need effective, user-friendly solutions to help secure their privileged credentials, accounts and sessions. However, while privileged credentials remain some of the highest-value targets for cybercriminals, the cybersecurity industry is falling short–failing to.
CSO Magazine
MARCH 24, 2023
WooCommerce, a popular plug-in for running WordPress-based online stores, contains a critical vulnerability that could allow attackers to take over websites. Technical details about the vulnerability have not been published yet, but the WooCommerce team released updates and attackers could reverse-engineer the patch. "Although what we know at this time is limited, what we do know is that the vulnerability allows for unauthenticated administrative takeover of websites," researchers from web secur
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Dark Reading
MARCH 24, 2023
A new threat actor is racking up victims and showing unusual agility. Part of its success could spring from the use of the Nim programming language.
CyberSecurity Insiders
MARCH 24, 2023
Microsoft has detected that a Russian-affiliated hacking group dubbed Killnet has been targeting healthcare apps being hosted on the Azure cloud platform. The tech giant claims that the activity has occurred for over three months, i.e. between November 2022 and February 2023. Most were distributed denial of service attacks aka DDoS and a mixture of other attack patterns.
CSO Magazine
MARCH 24, 2023
MLflow, an open-source framework that's used by many organizations to manage their machine-learning tests and record results, received a patch for a critical vulnerability that could allow attackers to extract sensitive information from servers such as SSH keys and AWS credentials. The attacks can be executed remotely without authentication because MLflow doesn't implement authentication by default and an increasing number of MLflow deployments are directly exposed to the internet.
Security Boulevard
MARCH 24, 2023
A discussion about re-imagining the Secure Web Gateway (SWG) with fly direct, building an authentic brand, and the future of dope.security. The post An Interview with dope.security Founder and CEO Kunal Agarwal appeared first on Security Boulevard.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
The Hacker News
MARCH 24, 2023
A recent campaign undertaken by Earth Preta indicates that nation-state groups aligned with China are getting increasingly proficient at bypassing security solutions. The threat actor, active since at least 2012, is tracked by the broader cybersecurity community under Bronze President, HoneyMyte, Mustang Panda, RedDelta, and Red Lich.
Mitnick Security
MARCH 24, 2023
Cyberattacks have posed a significant threat to organizations across the world, creating an urgency to take the necessary measures to shore up your network security to prevent catastrophic damage to your business.
CyberSecurity Insiders
MARCH 24, 2023
By John E. Dunn Nobody predicted how rapidly AI chatbots would change perceptions of what is possible. Some worry how it might improve phishing attacks. More likely, experts think, will be its effect on targeting. Much has been said about the game-changing abilities of ChatGPT since it was launched in November 2022. One of the most interesting is that the chatbot will prime a new generation of sophisticated phishing attacks, still the most important technique cybercriminals use to harvest user c
The Hacker News
MARCH 24, 2023
Microsoft on Friday shared guidance to help customers discover indicators of compromise (IoCs) associated with a recently patched Outlook vulnerability. Tracked as CVE-2023-23397 (CVSS score: 9.8), the critical flaw relates to a case of privilege escalation that could be exploited to steal NT Lan Manager (NTLM) hashes and stage a relay attack without requiring any user interaction.
Advertisement
The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.
Identity IQ
MARCH 24, 2023
How to Prevent Tax Identity Theft IdentityIQ Every year, tax season presents a seasonal opportunity for criminals seeking monetary gain from identity theft. There are many ways that scammers may try to obtain personal information, but the end goal is to file a falsified tax return in the taxpayer’s name and claim a tax refund. The scheme may not be discovered until the taxpayer attempts to file a legitimate tax return when the criminal has moved on.
CSO Magazine
MARCH 24, 2023
Italian cybersecurity firm Cleafy has found “Nexus”, a new Android Trojan capable of hijacking online accounts and siphoning funds from them, to be targeting customers from 450 banks and cryptocurrency services worldwide. First observed in June 2022 as a variant of SOVA, another Android banking Trojan, Nexus has since improved targeting capabilities and is available via a malware-as-a-service (MaaS) program for $3000 a month, and allows other attackers to rent or subscribe to the malware for per
The Hacker News
MARCH 24, 2023
OpenAI on Friday disclosed that a bug in the Redis open source library was responsible for the exposure of other users' personal information and chat titles in the upstart's ChatGPT service earlier this week.
CyberSecurity Insiders
MARCH 24, 2023
By Gal Helemski, co-founder and CTO, PlainID The number of access rules that must be managed across directories, applications, repositories, and other platforms by today’s digitally oriented enterprises is growing at an unprecedented pace. One of the major security headaches this creates is that controlling and auditing authorisations and entitlement is becoming more complex and challenging.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Bleeping Computer
MARCH 24, 2023
GitHub has rotated its private SSH key for GitHub.com after the secret was was accidentally published in a public GitHub repository. The software development and version control service says, the private RSA key was only "briefly" exposed, but that it took action out of "an abundance of caution." [.
The Hacker News
MARCH 24, 2023
A malicious Python package on the Python Package Index (PyPI) repository has been found to use Unicode as a trick to evade detection and deploy an info-stealing malware. The package in question, named onyxproxy, was uploaded to PyPI on March 15, 2023, and comes with capabilities to harvest and exfiltrate credentials and other valuable data.
Digital Guardian
MARCH 24, 2023
Read up on TikTok CEO Zi Chew’s largely unsuccessful testimony, a concerning series of stealthy Chinese hacks, the arrest of a malware creator, and more in this week’s Friday Five!
SecureList
MARCH 24, 2023
The security operations center (SOC) plays a critical role in protecting an organization’s assets and reputation by identifying, analyzing, and responding to cyberthreats in a timely and effective manner. Additionally, SOCs also help to improve overall security posture by providing add-on services like vulnerability identification, inventory tracking, threat intelligence, threat hunting, log management, etc.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Expert insights. Personalized for you.
234 
Let's personalize your content