Lohrman on Security

MAY 1, 2022

Criminals are using stolen information to imitate the police and scam both companies and individuals. Here’s what you need to know.

Scams 252

Scams 252

Trend Micro

MAY 1, 2022

We found an AvosLocker ransomware variant using a legitimate anti-virus component to disable detection and blocking solutions.

Ransomware 145

Ransomware Cyber threats Risk Malware 145

Security Boulevard

MAY 1, 2022

In the past, I’ve written about digital privacy and how much data we leak through our day to day interactions. I think this is an important topic to consider and really focus on and it is an element of cybersecurity at both the enterprise and personal level that isn’t discussed enough. One of the reasons […]… Read More. The post OSINT: The privacy risks of sharing too much information appeared first on The State of Security.

Risk 136

Risk Cybersecurity 136

CyberSecurity Insiders

MAY 1, 2022

A Texas school district has hit Google headlines as one of its employees was caught mining cryptocurrency without permission of the school management or the government officials. Galveston Independent School District (Galveston ISD) is the educational institution in discussion and the name of the employee found guilty is withheld. According a source reporting from the IT department of Galveston Independent School District (GISD), an employee has installed cryptocurrency mining hardware and softw

Cryptocurrency 123

Cryptocurrency Firewall Education Government 123

Speaker: Erroll Amacker

Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.

Risk

Security Affairs

MAY 1, 2022

Synology warns customers that some of its NAS devices are affected by multiple critical Netatalk vulnerabilities. Synology has warned customers that multiple critical Netatalk vulnerabilities affect some of its network-attached storage (NAS) devices. Netatalk is a free, open-source implementation of the Apple Filing Protocol that allows Unix-like operating systems to serve as a file server for macOS computers.

Firmware 109

Firmware Hacking Cybersecurity Internet 109

CyberSecurity Insiders

MAY 1, 2022

All these days we have been discussing Distributed Denial of Service attacks aka Ddos attacks and the massive amounts of fake traffic they create to network disruptions in corporate and government networks. But Yo-Yo DDoS Attack is different and seems to be an innovative way to attack public cloud infrastructures. Technically, they target cloud architecture’s auto-scaling capabilities to hurt those allocated with a portion of blobs on a financial note.

DDOS 114

DDOS Firewall Passwords Government 114

Security Affairs

MAY 1, 2022

Russia-linked APT29 (Cozy Bear or Nobelium) launched a spear-phishing campaign targeting diplomats and government entities. In mid-January 2022, security researchers from Mandiant have spotted a spear-phishing campaign, launched by the Russia-linked APT29 group, on targeting diplomats and government entities. The Russia-linked APT29 group (aka SVR , Cozy Bear , and The Dukes ) has been active since at least 2014, along with APT28 cyber espionage group was involved in the Democratic National Comm

Government 100

Government Phishing Hacking Malware 100

Bleeping Computer

MAY 1, 2022

The notorious REvil ransomware operation has returned amidst rising tensions between Russia and the USA, with new infrastructure and a modified encryptor allowing for more targeted attacks. [.].

Ransomware 100

Ransomware Malware 100

The Hacker News

MAY 1, 2022

The Open Source Security Foundation (OpenSSF) has announced the initial prototype release of a new tool that's capable of carrying out dynamic analysis of all packages uploaded to popular open source repositories.

99

99

WIRED Threat Level

MAY 1, 2022

Maybe you don't want your phone number, email, home address, and other details out there for all the web to see. Here's how to make them vanish.

99

99

Advertisement

Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.

Cyber threats

Security Affairs

MAY 1, 2022

Threat actors exploited a bug in the Fuse protocol used by DeFi platforms Rari Capital and Fei Protocol and stole more than $80 million. Threat actors stole more than $80 million from the decentralized finance (DeFi) platforms Rari Capital and Fei Protocol on Saturday. Researchers from smart contract analysis firm Block Sec reported that attackers exploited a reentrancy bug in Rari’s Fuse lending protocol.

Hacking 98

Hacking Risk Cybersecurity Information Security 98

Security Boulevard

MAY 1, 2022

Data loss has a worldwide cost of $3.92 million. Any organization lacking the diligence to protect its data is at risk of losing it to cyberattackers. Data loss is more than a mere inconvenience; it’s an event that can make or break your company’s future. The only meaningful way to fight such an event is […]. The post 6 Best Data Loss Prevention Strategies appeared first on EasyDMARC.

Risk 98

Risk Cybersecurity 98

Bleeping Computer

MAY 1, 2022

The Open Source Security Foundation (OpenSSF), a Linux Foundation-backed initiative has released its first prototype version of the 'Package Analysis' tool that aims to catch and counter malicious attacks on open source registries. the open source tool released on GitHub was able to identify over 200 malicious npm and PyPI packages. [.].

98

98

Security Boulevard

MAY 1, 2022

Criminals are using stolen information to imitate the police and scam both companies and individuals. Here’s what you need to know. The post Scam Alert: Impersonating Law Enforcement, Doxxing and Swatting appeared first on Security Boulevard.

Scams 98

Scams 98

Advertisement

The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.

Cybersecurity

Security Affairs

MAY 1, 2022

This post provides a timeline of the events related to the Russian invasion of Ukraine from the cyber security perspective. Below is the timeline of the events related to the ongoing invasion that occurred in the previous weeks: April 30 – Pro-Russian group Killnet launched DDoS attacks on Romanian govt sites. A series of DDoS attacks launched by Russian hacktivists are targeting several Romanian government websites.

DDOS 98

DDOS Government Hacking Banking 98

Bleeping Computer

MAY 1, 2022

Google has expanded its policies to allow doxxing victims to remove more of their personally identifiable information (PII) from search engine results starting earlier this week. [.].

Engineering 98

Engineering 98

Security Affairs

MAY 1, 2022

A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. If you want to also receive for free the newsletter with the international press subscribe here. Microsoft Azure flaws could allow accessing PostgreSQL DBs of other customers Emotet tests new attack chain in low volume campaigns Pro-Russian group Killnet launched DDoS attacks on Romanian govt sites Anonymous hacked Russian PSCB Commercial Ba

DDOS 98

DDOS Surveillance Hacking Ransomware 98

Security Boulevard

MAY 1, 2022

As part of our mission to help organisations protect their data and all paths to it, Imperva is supporting Privacy Awareness Week in Australia and Singapore, with the aim of educating individuals and organisations about the importance of data privacy and protection. In today’s digital economy, data is the new oil. The problem is: when […]. The post Data Protection as the Foundation of Trust: Celebrating Privacy Awareness Week in APAC appeared first on Blog.

Data privacy 97

Data privacy Education 97

Speaker: Sierre Lindgren

Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.

Scams

SecureWorld News

MAY 1, 2022

Travel can involve significant security risks. Employees may be exposed to new safety threats, whether they're moving within the country or abroad—including physical threats and cybersecurity dangers. Organizations of all kinds have a responsibility to keep their employees safe while they're traveling. These are the threats workers may face and what enterprises can do to protect them.

Scams 97

Scams Risk Social Engineering Software 97

WIRED Threat Level

MAY 1, 2022

Your Microsoft computer comes with built-in safety software that shields you from the worst threats. Here's how to navigate your toolkit.

Software 97

Software 97

Bleeping Computer

MAY 1, 2022

Security analysts have uncovered a recent phishing campaign from Russian hackers known as APT29 (Cozy Bear or Nobelium) targeting diplomats and government entities. [.].

Government 73

Government Phishing 73

The State of Security

MAY 1, 2022

Tripwire’s April 2022 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft, Google Chrome, Oracle, and Adobe. First on the patch priority list this month is an elevation of privilege vulnerability in the Microsoft Windows User Profile Service. This vulnerability has been added to the Metasploit Exploit Framework and any vulnerable systems should be […]… Read More.

71

71

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

Bleeping Computer

MAY 1, 2022

A YouTube influencer with hundreds of thousands of subscribers is encouraging everyone to conduct cyber warfare against Russia. How risky is it and can you get in trouble? [.].

DDOS 70

DDOS 70

Security Boulevard

MAY 1, 2022

Tripwire’s April 2022 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft, Google Chrome, Oracle, and Adobe. First on the patch priority list this month is an elevation of privilege vulnerability in the Microsoft Windows User Profile Service. This vulnerability has been added to the Metasploit Exploit Framework and any vulnerable systems should be […]… Read More.

52

52

Security Boulevard

MAY 1, 2022

Elon Musk buys Twitter for $44 billion so what does this mean for the privacy and cybersecurity of the platform? More than 100 different Lenovo laptop computers contain firmware-level vulnerabilities which is a great reminder about making sure you update the BIOS on your computer. Plus, details about researchers who have created a t-shirt that […]. The post Elon Musk Buys Twitter, Forgotten BIOS Updates, T-Shirt Outwits Facial Recognition appeared first on The Shared Security Show.

Firmware 52

Firmware Cybersecurity Surveillance InfoSec 52

Security Boulevard

MAY 1, 2022

Our thanks to both the OWASP® Foundation and the OWASP Global AppSec US 2021 Virtual Conference for publishing their well-crafted application security videos on the organization’s’ YouTube channel. Permalink. The post OWASP® Global AppSec US 2021 Virtual – Rob Dickinson’s OWASP Cautions Against “Insufficient Logging & Monitoring” What Does Sufficient Look Like?

Education 52

Education InfoSec Cybersecurity 52

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Security Boulevard

MAY 1, 2022

Our thanks to both the OWASP® Foundation and the OWASP Global AppSec US 2021 Virtual Conference for publishing their well-crafted application security videos on the organization’s’ YouTube channel. Permalink. The post OWASP® Global AppSec US 2021 Virtual – Michele Chubirka’s ‘Container Security: It’s All About The Supply Chain’ appeared first on Security Boulevard.

Education 52

Education Cybersecurity 52

Security Boulevard

MAY 1, 2022

via the comic artistry and dry wit of Randall Munroe , resident at XKCD ! Permalink. The post XKCD ‘Bad Map Projection: Madagascator’ appeared first on Security Boulevard.

52

52