Schneier on Security
MAY 31, 2023
Everyone is writing about an interagency and international report on Chinese hacking of US critical infrastructure. Lots of interesting details about how the group, called Volt Typhoon , accesses target networks and evades detection.
The Last Watchdog
MAY 31, 2023
The world of Identity and Access Management ( IAM ) is rapidly evolving. Related: Stopping IAM threats IAM began 25 years ago as a method to systematically grant human users access to company IT assets. Today, a “user” most often is a snippet of code seeking access at the cloud edge. At the RSAC Conference 2023 , I sat down with Venkat Raghavan , founder and CEO of start-up Stack Identity.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Tech Republic Security
MAY 31, 2023
Best practices for securing your Mac against potential hacks and security vulnerabilities include enabling the firewall, using strong passwords and encryption, and enabling Lockdown Mode. The post 8 best practices for securing your Mac from hackers in 2023 appeared first on TechRepublic.
Bleeping Computer
MAY 31, 2023
Amazon will pay $30 million in fines to settle allegations of privacy violations related to the operation of its Ring video doorbell and Alexa virtual assistant services. [.
Speaker: Erroll Amacker
Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.
Tech Republic Security
MAY 31, 2023
Researchers at Akamai’s Security Intelligence unit find a botnet specimen that reveals how successful DDoS, spam and other cyberattacks can be done with little finesse, knowledge or savvy. The post Threatening botnets can be created with little code experience, Akamai finds appeared first on TechRepublic.
Bleeping Computer
MAY 31, 2023
Kali Linux 2023.2, the second version of 2023, is now available with a pre-built Hyper-V image and thirteen new tools, including the Evilginx framework for stealing credentials and session cookies. [.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
|
Bleeping Computer
MAY 31, 2023
Toyota Motor Corporation has discovered two additional misconfigured cloud services that leaked car owners' personal information for over seven years. [.
We Live Security
MAY 31, 2023
A roundup of some of the handiest tools for the collection and analysis of publicly available data from Twitter, Facebook and other social media platforms The post 5 free OSINT tools for social media appeared first on WeLiveSecurity
Dark Reading
MAY 31, 2023
The newly found misconfigured cloud services are discovered just two weeks after an initial data breach affecting millions came to light.
Naked Security
MAY 31, 2023
Here, in an admittedly discursive nutshell, is the fascinating story of CVE-2023-32784. (Short version: Don't panic.
Advertisement
Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.
Graham Cluley
MAY 31, 2023
RaidForums, the notorious hacking and data leak forum seized and shut down by the authorities back in April 2022, is - perhaps surprisingly - at the centre of another cybersecurity breach.
Security Boulevard
MAY 31, 2023
Cybersecurity is full of acronyms. So many, in fact, that I would be hard-pressed to find someone who knows what they all stand for or clearly explain the subtle differences between many of them. Let’s not forget to mention the cybersecurity industry is still evolving at a quick pace, meaning new lingo, technology and acronyms. The post Attack Surface Management Vs.
Tech Republic Security
MAY 31, 2023
Application security is one of the most important components of an overall security program, yet some organizations struggle to identify and address their application security risks partly because they are not using the right tools to get the job done. The good news is it does not have to be that way. In this conversation, The post Modern Applications Require Modern Application Security appeared first on TechRepublic.
Graham Cluley
MAY 31, 2023
The BBC reports that the Venezuelan government is paying people to tweet in support of it, in an attempt to drown out the noise of its critics.
Advertisement
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
Security Boulevard
MAY 31, 2023
As the pace of application development accelerates, IT and security teams are losing faith in old application security (AppSec) tools. Legacy tools can’t keep up and are stuck in a perpetual game of catch-up, according to a Backslash survey of 300 CISOs, AppSec managers and engineers. The impact is far-reaching, with most organizations seeing widespread.
Duo's Security Blog
MAY 31, 2023
Duo Single Sign-On (SSO) is a cloud-based service that provides secure access to your applications, without requiring multiple usernames and passwords. It’s a powerful tool for organizations that want to streamline their authentication process and improve security. But did you know that Duo SSO also comes with a feature called Bridge Attributes? Bridge Attributes allows you to pass in an attribute from multiple Authentication Sources and “bridges” them to a single Duo SSO attribute name that can
Security Boulevard
MAY 31, 2023
External attack surface management (EASM) has become a vital strategy for improving cybersecurity, particularly amid recession fears that have stressed the business landscape across several sectors for many months. The task is now more challenging: According to a report by cyberinsurance provider Beazley, network attacks rose in the first quarter of 2023.
Bleeping Computer
MAY 31, 2023
A threat actor known as Spyboy is promoting a Windows defense evasion tool called "Terminator" on the Russian-speaking forum RAMP (short for Russian Anonymous Marketplace). [.
Speaker: Sierre Lindgren
Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.
Dark Reading
MAY 31, 2023
There's still a great deal of capital available for innovative companies helping businesses secure their IT environments.
Bleeping Computer
MAY 31, 2023
Hackers are performing widespread exploitation of a critical-severity command injection flaw in Zyxel networking devices, tracked as CVE-2023-28771, to install malware. [.
CyberSecurity Insiders
MAY 31, 2023
A cyber-attack has made the staff of Idaho Falls Community Hospitals to divert emergency ambulances elsewhere as it is struggling to mitigate the risks associated with the incident. Although the 88-bed hospital is taking good care of the inhouse patients and staffers, it is unable to share the same care to the new patients, as its digital infrastructure is crippling and its data systems are down to render any update.
Bleeping Computer
MAY 31, 2023
A researcher has published a working exploit for a remote code execution (RCE) flaw impacting ReportLab, a popular Python library used by numerous projects to generate PDF files from HTML input. [.
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
WIRED Threat Level
MAY 31, 2023
Hidden code in hundreds of models of Gigabyte motherboards invisibly and insecurely downloads programs—a feature ripe for abuse, researchers say.
The Hacker News
MAY 31, 2023
WordPress has issued an automatic update to address a critical flaw in the Jetpack plugin that’s installed on over five million sites. The vulnerability, which was unearthed during an internal security audit, resides in an API present in the plugin since version 2.0, which was released in November 2012.
CyberSecurity Insiders
MAY 31, 2023
According to experts from Digital Watchdog RDI, solar panels are now vulnerable to cyber attacks, with hackers targeting the vulnerabilities in the inverters that store energy for powering smartphones, laptops, and small electrical gadgets. This conclusion was reached after a comprehensive assessment of inverters from eight different manufacturers, revealing that none of them met even the basic security standards.
CSO Magazine
MAY 31, 2023
Researchers warn that the UEFI firmware in many motherboards made by PC hardware manufacturer Gigabyte injects executable code inside the Windows kernel in an unsafe way that can be abused by attackers to compromise systems. Sophisticated APT groups are abusing similar implementations in the wild. "While our ongoing investigation has not confirmed exploitation by a specific threat actor, an active widespread backdoor that is difficult to remove poses a supply chain risk for organizations with Gi
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Heimadal Security
MAY 31, 2023
Researchers revealed that the largely used WordPress plugin ”Gravity Forms” is vulnerable to unauthenticated PHP Object Injection. The flaw was tracked as CVE-2023-28782 and affects all plugin versions from 2.73 and below. The vendor fixed the vulnerability with the release of version 2.7.4, available for users starting April 11th, 2023. Cybersecurity specialists urge website admins […] The post Warning!
The Hacker News
MAY 31, 2023
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a recently patched critical security flaw in Zyxel gear to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. Tracked as CVE-2023-28771 (CVSS score: 9.
CSO Magazine
MAY 31, 2023
Improperly deactivated and unmaintained Salesforce sites are vulnerable to threat actors who can gain access to sensitive business data and personally identifiable information (PII) by simply changing the host header. That’s according to new research from Varonis Threat Labs, which explores the threats posed by Salesforce “ghost sites” that are no longer needed, set aside, but not deactivated.
The Hacker News
MAY 31, 2023
A financially motivated threat actor is actively scouring the internet for unprotected Apache NiFi instances to covertly install a cryptocurrency miner and facilitate lateral movement. The findings come from the SANS Internet Storm Center (ISC), which detected a spike in HTTP requests for “/nifi” on May 19, 2023. “Persistence is achieved via timed processors or entries to cron,” said Dr.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Expert insights. Personalized for you.
276 
Let's personalize your content