Schneier on Security
DECEMBER 27, 2022
This is one way of ensuring that IT keeps up with patches : Albanian prosecutors on Wednesday asked for the house arrest of five public employees they blame for not protecting the country from a cyberattack by alleged Iranian hackers. Prosecutors said the five IT officials of the public administration department had failed to check the security of the system and update it with the most recent antivirus software.
Tech Republic Security
DECEMBER 27, 2022
Researchers from PRODAFT reveal that the infamous FIN7 threat actor updated its ransomware activities and provide a unique view into the structure of the group. Learn how to protect against it. The post FIN7 threat actor updated its ransomware activity appeared first on TechRepublic.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
SecureList
DECEMBER 27, 2022
BlueNoroff group is a financially motivated threat actor eager to profit from its cyberattack capabilities. We have published technical details of how this notorious group steals cryptocurrency before. We continue to track the group’s activities and this October we observed the adoption of new malware strains in its arsenal. The group usually takes advantage of Word documents and uses shortcut files for the initial intrusion.
We Live Security
DECEMBER 27, 2022
The past year has seen no shortage of disruptive cyberattacks – here’s a round-up of some of the worst hacks and breaches that have impacted a variety of targets around the world in 2022. The post 2022 in review: 10 of the year’s biggest cyberattacks appeared first on WeLiveSecurity.
Speaker: Erroll Amacker
Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.
Hacker Combat
DECEMBER 27, 2022
We all have social media accounts and use them to share photos, videos, and thoughts with the world. But what if you no longer want that account to be accessible? The post How to delete an account from Instagram? appeared first on Hacker Combat.
Dark Reading
DECEMBER 27, 2022
The unfettered collaboration of the GitHub model creates a security headache. Follow these seven principles to help relieve the pain.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
|
SecureBlitz
DECEMBER 27, 2022
There is no denying that we are dealing with interconnected vessels with the broader gambling industry as the glue. From sport to online casinos. These are sectors that interconnect on many levels and this is the case in the marketing, financial or entertainment spheres. Online gambling houses and sport in the broader sense are separate […].
CyberSecurity Insiders
DECEMBER 27, 2022
Google, the much-used search engine across the world, has disclosed some security steps to its Gmail users to stay cyber safe in the year 2023. It is urging its mail users to stay away from spam by marking mails that seem to be suspicious as spam. This not only helps the online users to stay away from malicious downloads but also helps in training the AI smart servers of Gmail to keep its inboxes clean and trouble free.
Heimadal Security
DECEMBER 27, 2022
In 2018, Meta Platforms, the parent company of Facebook, Instagram, and WhatsApp, settled a long-running class-action lawsuit for $725 million. As a result of revelations that the social media giant allowed third-party apps such as Cambridge Analytica to access users’ personal information without their consent, a legal dispute arose. A federal judge in the San […].
The Hacker News
DECEMBER 27, 2022
Microsoft's decision to block Visual Basic for Applications (VBA) macros by default for Office files downloaded from the internet has led many threat actors to improvise their attack chains in recent months. Now according to Cisco Talos, advanced persistent threat (APT) actors and commodity malware families alike are increasingly using Excel add-in (.XLL) files as an initial intrusion vector.
Advertisement
Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.
Security Affairs
DECEMBER 27, 2022
Facebook (Meta) has agreed to pay $725 million to settle the class-action lawsuit filed in 2018 over the Cambridge Analytica data leak. Facebook (Meta) has agreed to pay $725 million to settle a class-action lawsuit filed in 2018 over the Cambridge Analytica data leak. According to Reuters , the lawyers for the plaintiffs defined the proposed settlement as the largest to ever be achieved in a U.S. data privacy class action.
The Hacker News
DECEMBER 27, 2022
BlueNoroff, a subcluster of the notorious Lazarus Group, has been observed adopting new techniques into its playbook that enable it to bypass Windows Mark of the Web (MotW) protections. This includes the use of optical disk image (.ISO extension) and virtual hard disk (.VHD extension) file formats as part of a novel infection chain, Kaspersky disclosed in a report published today.
Security Affairs
DECEMBER 27, 2022
The BTC.com cryptocurrency platform was the victim of a cyberattack that resulted in the theft of $3 million worth of crypto assets. BTC.com is a website that provides services for managing and transferring Bitcoin, it offers a digital wallet for storing Bitcoin, a trading interface for exchanging Bitcoin with other cryptocurrencies and fiat currencies, and a mining platform for participating in the extraction of new Bitcoin coins.
Security Boulevard
DECEMBER 27, 2022
Readers of the RiskLens blog dug into a wide range of topics we published this year, from the basics of FAIR quantitative analysis to revving up a GRC to reporting on risk to the board with our new portfolio capability to…risk of an asteroid crashing into earth (see #7)? . The post Most Popular Blog Posts, 2022: Cyber Risk Data, CRQ Use Cases, Maximize GRC appeared first on Security Boulevard.
Advertisement
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
Security Affairs
DECEMBER 27, 2022
Facebook (Meta) has agreed to pay $725 million to settle the class-action lawsuit filed in 2018 over the Cambridge Analytica data leak. Facebook (Meta) has agreed to pay $725 million to settle a class-action lawsuit filed in 2018 over the Cambridge Analytica data leak. According to Reuters , the lawyers for the plaintiffs defined the proposed settlement as the largest to ever be achieved in a U.S. data privacy class action. “This historic settlement will provide meaningful relief to the cl
Security Boulevard
DECEMBER 27, 2022
With the iOS 16.2 update, Apple introduced “Advanced Data Protection,” which finally introduced end-to-end encryption (E2EE) for most items backed up or stored in iCloud. Apple has long been criticized, with good reason, over its iCloud service not providing E2EE (where the user has the decryption keys); for years, when enabled, for a good chunk of data iPhone syncs to iCloud, Apple held the decryption keys for some stored data, which included: Message backups.
SecureWorld News
DECEMBER 27, 2022
Cyber is the risk to watch, according to a Financial Times article in which insurer Zurich's top executive is quoted. “What will become uninsurable is going to be cyber,” said Mario Greco, CEO at Zurich, one of Europe's biggest insurance companies, in the Dec. 26 article. “What if someone takes control of vital parts of our infrastructure, the consequences of that?”.
Bleeping Computer
DECEMBER 27, 2022
A team of researchers has developed an eavesdropping attack for Android devices that can, to various degrees, recognize the caller's gender and identity, and even discern private speech. [.].
Speaker: Sierre Lindgren
Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.
Security Boulevard
DECEMBER 27, 2022
It’s time for 2023 predictions about the security industry. What’s in store for cybersecurity and development teams in 2023? Making predictions for anything related to technology and business is always a bit tricky because so much can change so quickly. Nevertheless, we are forging ahead with our best guesses about what organizations and teams can. Here Comes 2023: Rezilion’s Security Predictions.
WIRED Threat Level
DECEMBER 27, 2022
Throughout 2022, geopolitics has given rise to a new wave of politically motivated attacks with an undercurrent of state-sponsored meddling.
Security Boulevard
DECEMBER 27, 2022
12 Days of Cybersecurity: Day 2. This holiday season, in light of looming fears of a recession, many families may be tightening their purse strings and looking for creative alternatives to make their holiday dollars stretch further than in previous years. . The post End of Year Bells Are Ringing: How to Balance Cyber Costs with Resilience Goals appeared first on Security Boulevard.
Bleeping Computer
DECEMBER 27, 2022
BTC.com, one of the world's largest cryptocurrency mining pools, announced it was the victim of a cyberattack that resulted in the theft of approximately $3 million worth of crypto assets belonging to both customers and the company. [.].
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
Naked Security
DECEMBER 27, 2022
It's serious, it's critical, and you could call it severe. but in HHGttG terminology, it's probably "mostly harmless".
Bleeping Computer
DECEMBER 27, 2022
Multiple BitKeep crypto wallet users reported that their wallets were emptied during Christmas after hackers triggered transactions that didn't require verification. [.].
Dark Reading
DECEMBER 27, 2022
Inaccurate information from data brokers can damage careers and reputations. It's time for US privacy laws to change how law enforcement and legal agencies obtain and act on data.
Security Boulevard
DECEMBER 27, 2022
Our thanks to USENIX for publishing their Presenter’s USENIX Security ’22 Conference tremendous content on the organization’s’ YouTube channel. Permalink. The post USENIX Security ’22 – Gökçen Yılmaz Dayanıklı, Sourav Sinha, Devaprakash Muniraj, Ryan M. Gerdes, Mazen Farhood, Mani Mina ‘Physical-Layer Attacks Against Pulse Width Modulation-Controlled Actuators’ appeared first on Security Boulevard.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Dark Reading
DECEMBER 27, 2022
Digital transformation initiatives are challenging because IT still has to make sure performance doesn't suffer by making applications available from anywhere.
NopSec
DECEMBER 27, 2022
November 2022 has not been a boring month indeed! One of the most prominent and powerful cryptocurrency exchange – FTX – announced that it was filing for chapter 11 bankruptcy and at the same time was announcing an investigation on “unauthorized transactions” flowing from its accounts, in the form of $515 million suspicious transfers that might have been the result of a hack or theft.
Dark Reading
DECEMBER 27, 2022
Security teams are considering how to get the most out of user entity behavioral analytics by taking advantage of its strengths and augmenting its limitations.
Mitnick Security
DECEMBER 27, 2022
To connect with friends, family, and coworkers, it’s likely that we have all overshared our personal information on social platforms more than once. Unfortunately, the ease of access to an individual or company’s information has made social media an easy target for threat actors.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Expert insights. Personalized for you.
70 
Let's personalize your content