CyberSecurity Insiders

MAY 1, 2023

Companies that fail to protect their customers’ information are likely to face lawsuits in the year 2023, as impacted customers are no longer willing to tolerate such acts at the expense of their privacy and financial losses. This legal turn is supported by a study conducted by BakerHostetler, which confirms that lawsuits against companies that suffer data breaches are becoming more common and may increase by the end of this year.

Data breaches 138

Data breaches Cyber Insurance Insurance Technology 138

Security Boulevard

MAY 1, 2023

EV applications usually interact with each other and third-party services and platforms via APIs or JavaScript plugins. These applications process both sensitive, personal driver information and information about the vehicle. In addition, they are also connected to sophisticated back-end infrastructure(s) that manage the efficient distribution of electricity to endpoint chargers.

Risk 127

Risk DDOS Cybersecurity 127

CyberSecurity Insiders

MAY 1, 2023

Social engineering is a term used to describe the manipulation of people into revealing sensitive information or performing actions that they otherwise wouldn’t. It is an ever-increasing threat to cybersecurity, as it can be used to gain unauthorized access to systems, steal sensitive data, or carry out fraudulent activities. Social engineering is an age-old tactic that is often used in phishing attacks.

Social Engineering 131

Social Engineering Engineering Cybersecurity Education 131

Security Boulevard

MAY 1, 2023

The post The benefits of cyber security gamification & how to sell it to your board appeared first on Click Armor. The post The benefits of cyber security gamification & how to sell it to your board appeared first on Security Boulevard.

CISO 127

CISO Security Awareness 127

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Trend Micro

MAY 1, 2023

After months of dormancy, Earth Longzhi, a subgroup of advanced persistent threat (APT) group APT41, has reemerged using new techniques in its infection routine. This blog entry forewarns readers of Earth Longzhi’s resilience as a noteworthy threat.

Malware 126

Malware 126

CSO Magazine

MAY 1, 2023

In the shadowy corners of the tech world, there are plenty of stories of admins locking organizations out of their own IT environment, greedy employees selling data, or security engineers backdooring the network. The motivations for these acts can touch on anything from financial gain to revenge, and the consequences are generally disastrous for everyone involved.

Risk 124

Risk Engineering 124

CSO Magazine

MAY 1, 2023

Misinformation and cybersecurity incidents have become the top scourges of the modern digital era. Rarely does a day go by without significant news of a damaging misinformation threat, a ransomware attack, or another malicious cyber incident. As both types of threats escalate and frequently appear simultaneously in threat actors' campaigns, the lines between the two are getting fuzzy.

Malware 118

Malware Ransomware Information Security Cybersecurity 118

CyberSecurity Insiders

MAY 1, 2023

The RSA Conference 2023 witnessed a surge of interest in API security, with experts and industry leaders focusing on the increasing need to secure APIs and address vulnerabilities. As APIs continue to play a crucial role in connecting applications and data sources, especially in cloud environments, protecting them has become a top priority. The Cloud Security Alliance (CSA) reported that “Insecure Interfaces and APIs” ranked second among the top threats to cloud computing, as cited i

Threat Detection 105

Threat Detection Artificial Intelligence CISO Cyber threats 105

Security Boulevard

MAY 1, 2023

After a slow build over the past decade, new capabilities of artificial intelligence (AI) and chatbots are starting to make waves across a variety of industries. The Spring 2022 release of OpenAI’s DALL-E 2 image generator wowed users with its ability to create nearly any conceivable image based on a natural language description, even as. The post The AI Takeover: Cybersecurity Tool or Terminator?

Artificial Intelligence 103

Artificial Intelligence Cybersecurity Digital transformation Social Engineering 103

Digital Guardian

MAY 1, 2023

CPRA enforcement is only months away, so here’s everything that organizations need to know about how it differs from the CCPA, how CCPA compliance will be different moving forward, and whether or not the changes will apply to your organization.

101

101

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

CyberSecurity Insiders

MAY 1, 2023

The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. Introduction Artificial Intelligence (AI) is the mimicry of certain aspects of human behaviour such as language processing and decision-making using Large Language Models (LLMs) and Natural Language Processing (NLP).

Healthcare 100

Healthcare Artificial Intelligence Threat Detection Cybersecurity 100

The Hacker News

MAY 1, 2023

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added three flaws to the Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The security vulnerabilities are as follows - CVE-2023-1389 (CVSS score: 8.8) - TP-Link Archer AX-21 Command Injection Vulnerability CVE-2021-45046 (CVSS score: 9.

Cybersecurity 99

Cybersecurity 99

Malwarebytes

MAY 1, 2023

Microsoft issued a client roadmap update on Thursday to remind us once again that Windows 10 support is slowly coming to an end. In less than three years, all Windows 10 users will need to have moved to Windows 11. While moving to Windows 11 should be a win for security , some Windows 10 fans may be a little nervous. Upgrading isn't always straightforward, and exacting hardware requirements weigh heavily on Windows 11.

Passwords 98

Passwords Accountability Phishing Technology 98

The Hacker News

MAY 1, 2023

An analysis of over 70 billion DNS records has led to the discovery of a new sophisticated malware toolkit dubbed Decoy Dog targeting enterprise networks. Decoy Dog, as the name implies, is evasive and employs techniques like strategic domain aging and DNS query dribbling, wherein a series of queries are transmitted to the command-and-control (C2) domains so as to not arouse any suspicion.

Malware 99

Malware DNS 99

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Security Boulevard

MAY 1, 2023

Today’s IT and security professionals operate in a world where everything is connected, but nothing is implicitly trusted. The post The State of Machine Identity Management: More Machines, More Certificates … More Problems? appeared first on Keyfactor. The post The State of Machine Identity Management: More Machines, More Certificates … More Problems?

98

98

Bleeping Computer

MAY 1, 2023

Apple has launched the first Rapid Security Response (RSR) patches for iOS 16.4.1 and macOS 13.3.1 devices, with some users having issues installing them on their iPhones. [.

98

98

Security Boulevard

MAY 1, 2023

Organizations are overwhelmed with devices and applications in their environment due to lack of management and control, and this expansion of the cloud-based attack surface threatens to overwhelm enterprise IT security. Findings from JupiterOne’s State of Cyber Assets Report (SCAR) revealed digital assets increased by 133% year-over-year to an average of 393,419 in 2023 from.

Cybersecurity 98

Cybersecurity Network Security 98

Security Affairs

MAY 1, 2023

In 2022, Google prevented 1.43 million policy-violating apps from being published in the official Google Play store. Google announced that it prevented 1.43 million policy-violating applications from being published on Google Play in 2022. The IT giant also announced it has banned 173k developer accounts and prevented over $2 billion in fraudulent and abusive transactions.

Accountability 90

Accountability Education Media Hacking 90

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Security Boulevard

MAY 1, 2023

A report published by Radware found that, in two months alone, hacktivists claimed to launch more than 1,800 distributed denial-of-service (DDoS) attacks in the hopes of advancing various political and religious causes. The analysis of claims made on social media sites from February 18, 2023 until April 18, 2023, noted that while hacktivism surged at.

DDOS 98

DDOS Media Malware Cybersecurity 98

The Hacker News

MAY 1, 2023

A Vietnamese threat actor has been attributed as behind a "malverposting" campaign on social media platforms to infect over 500,000 devices worldwide over the past three months to deliver variants of information stealers such as S1deload Stealer and SYS01stealer.

Media 93

Media 93

Security Affairs

MAY 1, 2023

The previously undetected LOBSHOT malware is distributed using Google ads and gives operators VNC access to Windows devices. Researchers from Elastic Security Labs spotted a new remote access trojan dubbed LOBSHOT was being distributed through Google Ads. Threat actors are using an elaborate scheme of fake websites through Google Ads to spread their malware, the backdoors are embedded in installers for apparently legitimate applications, such as AnyDesk.

Malware 89

Malware Cybercrime Banking Software 89

Thales Cloud Protection & Licensing

MAY 1, 2023

5 Ways CIAM Enables Effective, Secure Business Partner Identity Management madhav Tue, 05/02/2023 - 05:40 Businesses and their partners must work together without barriers to maximize customer value. The difficulty lies in determining how to make the most of their collaboration in a flexible, scalable, agile, and secure way. At its core, this challenge calls for a robust CIAM platform to help connect and protect organizations’ business-to-business ecosystems.

B2B 87

B2B Banking Accountability Technology 87

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

Bleeping Computer

MAY 1, 2023

A Twitter outage has logged many users out of the website and prevents them from logging back into the site. [.

Technology 118

Technology 118

Dark Reading

MAY 1, 2023

Never before has cyber been higher on the FBI's list of priorities. Will more money allow the feds to make a greater impact?

Cybersecurity 108

Cybersecurity 108

Bleeping Computer

MAY 1, 2023

The ALPHV ransomware operation, aka BlackCat, has published screenshots of internal emails and video conferences stolen from Western Digital, indicating they likely had continued access to the company's systems even as the company responded to the breach. [.

Ransomware 90

Ransomware 90

The Hacker News

MAY 1, 2023

The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of cyber attacks perpetrated by Russian nation-state hackers targeting various government bodies in the country. The agency attributed the phishing campaign to APT28, which is also known by the names Fancy Bear, Forest Blizzard, FROZENLAKE, Iron Twilight, Sednit, and Sofacy.

Government 87

Government Cyber Attacks Phishing 87

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Security Affairs

MAY 1, 2023

Bitmarck, one of the largest IT service providers for social insurance carriers in Germany, announced yesterday that it has suffered a cyber attack. The German IT service provider Bitmarck announced on April 30 it had taken all its systems offline due to a cyberattack. The incident impacted statutory health insurance companies that have their IT operated by BITMARCK.

Insurance 82

Insurance Data breaches Cyber Attacks Education 82

Malwarebytes

MAY 1, 2023

When Alvin Staffin received an email from his boss, he didn't question it. In the email, Gary Bragg, then-president of Pennsylvania law firm O'Neill, Bragg & Staffin, asked Staffin to wire $580,000 to a Bank of China account. Staffin, who was VP and in charge of banking, sent the money through as asked. An hour later, he realized the request was fraudulent—he hadn't been contacted by Bragg at all.

Social Engineering 83

Social Engineering Small Business Engineering Banking 83

Security Affairs

MAY 1, 2023

Iranian authorities have been spotted using the BouldSpy Android malware to spy on minorities and traffickers. Researchers at the Lookout Threat Lab have discovered a new Android surveillance spyware, dubbed BouldSpy, that was used by the Law Enforcement Command of the Islamic Republic of Iran (FARAJA). The researchers are tracking the spyware since March 2020, starting in 2023, multiple security experts [ 1 , 2 ] started monitoring its activity.

Surveillance 80

Surveillance Malware Spyware Education 80

Bleeping Computer

MAY 1, 2023

A new malware known as 'LOBSHOT' distributed using Google ads allows threat actors to stealthily take over infected Windows devices using hVNC. [.

Malware 90

Malware 90

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.