Schneier on Security
MAY 3, 2022
Researchers are using the reflection of the smartphone in the pupils of faces taken as selfies to infer information about how the phone is being used: For now, the research is focusing on six different ways a user can hold a device like a smartphone: with both hands, just the left, or just the right in portrait mode, and the same options in horizontal mode.
Tech Republic Security
MAY 3, 2022
Chats analyzed by Cisco Talos show how ransomware groups determine ransom amounts and force organizations to pay but also are willing to negotiate with victims. The post Internal chats of ransomware cybercriminals reveal ways to avoid becoming a victim appeared first on TechRepublic.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
We Live Security
MAY 3, 2022
Organizations need to get better at mitigating threats from unknown vulnerabilities, especially as both state-backed operatives and financially-motivated cybercriminals are increasing their activity. The post What’s behind the record‑high number of zero days? appeared first on WeLiveSecurity.
Tech Republic Security
MAY 3, 2022
Many high-level executives and business owners rely on weak and simple passwords, leaving their companies more vulnerable to data breaches, says NordPass. The post Even C-suite executives use terrible passwords like 123456 appeared first on TechRepublic.
Speaker: Erroll Amacker
Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.
Bleeping Computer
MAY 3, 2022
?A handy tip was shared online this week, showing how you can use PowerShell to monitor changes to the Windows Registry over time. [.].
Tech Republic Security
MAY 3, 2022
Identity theft and data breaches are less likely to occur in an environment without passwords. The post Why World Password Day should become World Passwordless Day appeared first on TechRepublic.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
|
Tech Republic Security
MAY 3, 2022
The state-supported group behind the SolarWinds supply chain attack is going after diplomats using spear phishing to deploy a novel strain of malware. The post Russian hacker group APT29 targeting diplomats appeared first on TechRepublic.
Malwarebytes
MAY 3, 2022
Airdrop phishing is a really popular tactic at the moment. It emerged alongside the explosion of Web3/NFT/cryptocurrency popularity, and ensures scammers get a slice of the money pie. You may well have heard the term in passing, and wondered what an Airdrop is. Is your iPhone about to be Airdrop phished? It doesn’t really help that the term tied up into lots of new forms of tech you might never have experienced directly.
Tech Republic Security
MAY 3, 2022
Work as a penetration tester or bug bounty hunter and kick off a new and exciting career. The post Learn ethical hacking from a certified instructor with this affordable training appeared first on TechRepublic.
Malwarebytes
MAY 3, 2022
In an unexpected turn of events, research has surfaced about a Chinese APT (advanced persistent threat) group targeting the Russian military in recent cyberattacks. Tracked as Bronze President, Mustang Panda, RedDelta, and TA416, the group has focused mainly on Southeast Asian targets—and more recently, European diplomats —and turned their attention towards Russia and started targeting the country’s military situated close to the Chinese border.
Advertisement
Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.
Tech Republic Security
MAY 3, 2022
There’s a new cyberespionage threat that targets U.S. utilities and diplomatic organizations in Africa and Middle East. Initially thought to be a single group, it appears it is built of three teams. The post TA410: The 3-headed cyberespionage threat actor appeared first on TechRepublic.
Cisco Security
MAY 3, 2022
The Public Cloud and Security Responsibility. Across many businesses, leveraging services offered and hosted by public cloud providers such as AWS proves to be extremely advantageous for both improving operational efficiencies, cost savings, scaling, and for security. For AWS customers, Lambda functions are a great example of this advantage in providing a useful way to execute only the code you need to execute when you need to execute it, saving businesses money on hosting costs and reducing ope
Security Affairs
MAY 3, 2022
China-linked Curious Gorge APT is targeting Russian government agencies, Google Threat Analysis Group (TAG) warns. Google Threat Analysis Group (TAG) reported that an APT group linked to China’s People’s Liberation Army Strategic Support Force (PLA SSF), tracked as Curious Gorge , is targeting Russian government agencies. The Google TAG team published a report focused on cybersecurity activity in Eastern Europe.
Cisco Security
MAY 3, 2022
Forrester Consulting ?recently conducted an independent analysis of five organizations using Cisco Identity Services Engine (ISE), the industry-leading network access control solution, to uncover the business value of ISE. The commissioned study conducted by Forrester Consulting on behalf of Cisco, “The Total Economic Impact of Cisco Identity Services Engine (ISE),” published in March 2022, highlighted a total payback period of only 11 months within a composite organization that was built from d
Advertisement
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
Security Affairs
MAY 3, 2022
A China-linked APT group, tracked as Moshen Dragon, is exploiting antivirus products to target the telecom sector in Asia. A China-linked APT group, tracked as Moshen Dragon, has been observed targeting the telecommunication sector in Central Asia with ShadowPad and PlugX malware, SentinelOne warns. Both PlugX and ShadowPad malware are very common among China-linked cyberespionage groups.
Bleeping Computer
MAY 3, 2022
A vulnerability in the domain name system (DNS) component of a popular C standard library that is present in a wide range of IoT products may put millions of devices at DNS poisoning attack risk. [.].
Malwarebytes
MAY 3, 2022
A real world scam which sucks the fun out of craft fairs has caused nothing but stress for victims. It may sound bizarre, but it’s actually a fairly popular attack focused on small/self-run business owners selling their own creations. Are you ready for a trip to the craft fair? You’re a small business owner. You sell a variety of craft-style items, the type you see in vast quantities on sites like Etsy and Redbubble.
eSecurity Planet
MAY 3, 2022
Security researchers have uncovered a critical vulnerability that could lead to DNS spoofing attacks in two popular C standard libraries that provide functions for common DNS operations. Nozomi Networks Labs found the vulnerability in the Uclibc and uClibc-ng libraries, which provide functions to make common DNS operations such as lookups or translating domain names to IP addresses.
Speaker: Sierre Lindgren
Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.
Bleeping Computer
MAY 3, 2022
Hackers commonly exploit vulnerabilities in corporate networks to gain access, but a researcher has turned the table by finding exploits in the most common ransomware and malware being distributed today. [.].
Webroot
MAY 3, 2022
Passwords have become a common way to access and manage our digital lives. Think of all the accounts you have with different providers. Having a password allows you to securely access your information, pay bills or connect with friends and family on various platforms. However, having a password alone is not enough. Your password for each of your accounts needs to be difficult to guess and unpredictable.
eSecurity Planet
MAY 3, 2022
Databases contain some of the most critical data in enterprises, so vulnerabilities in them are serious issues. Researchers at Singapore-based cybersecurity company Group-IB recently discovered thousands of databases exposed to the internet that could have been exploited when they were left unprotected. The Attack Surface Management team at Group-IB said it constantly scans the IPv4 landscape for exposed databases, potentially unwanted programs, and other risks.
Security Affairs
MAY 3, 2022
A new APT group, tracked as UNC3524, uses IP cameras to deploy backdoors and steal Microsoft Exchange emails. Mandiant researchers discovered a new APT group, tracked as UNC3524, that heavily targets the emails of employees that focus on corporate development, mergers and acquisitions, and large corporate transactions. . Once gained initial access to the target systems, UNC3524 deployed a previously unknown backdoor tracked by Mandiant researchers as QUIETEXIT.
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
CSO Magazine
MAY 3, 2022
Effective partnerships between CISOs and their cybersecurity vendors are integral to security success. A well-oiled relationship built on trust, communication and mutual understanding can reap significant benefits for a business’s cybersecurity posture. Conversely, one that is problematic and incohesive can have the opposite effect, negatively impacting a company’s security practices and leaving them vulnerable to risks and wasted investment.
Security Affairs
MAY 3, 2022
A vulnerability in the domain name system (DNS) component of the uClibc library impacts millions of IoT products. Nozomi Networks warns of a vulnerability, tracked as CVE-2022-05-02, in the domain name system (DNS) component of the uClibc library which is used by a large number of IoT products. The flaw also affects DNS implementation of all versions of the uClibc-ng library, which is a fork specifically designed for OpenWRT, a common OS for routers used in various critical infrastructure sector
Threatpost
MAY 3, 2022
Popular apps to support people’s psychological and spiritual well-being can harm them by sharing their personal and sensitive data with third parties, among other privacy offenses.
Heimadal Security
MAY 3, 2022
Heimdal™ Security’s SOC department together with other cybersecurity institutions have released an all-out advisory to its customer base, clients, users, and partners in regards to the activity of an emergent botnet that has infected thousands of websites. The botnet StealthWorker (GoBrut) has achieved an impressive number of hits in a brief span of time, by […].
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Malwarebytes
MAY 3, 2022
Governments of the US, EU member states, and 32 other countries have announced the launch of the “Declaration for the Future of the Internet,” a “political commitment” among endorsers “to advance a positive vision for the internet and digital technologies.” “We are united by a belief in the potential of digital technologies to promote connectivity, democracy, peace, the rule of law, sustainable development, and the enjoyment of human rights and fundament
Bleeping Computer
MAY 3, 2022
Several ransomware strains have been linked to APT38, a North Korean-sponsored hacking group known for its focus on targeting and stealing funds from financial institutions worldwide. [.].
The Hacker News
MAY 3, 2022
An analysis of four months of chat logs spanning more than 40 conversations between the operators of Conti and Hive ransomware and their victims has offered an insight into the groups' inner workings and their negotiation techniques.
Security Boulevard
MAY 3, 2022
The Department of Defense (DoD) is planning to release an Interim Rule on the CMMC framework by May 2023, according to Stacy Bostjanick, director of the CMMC (Cybersecurity Maturity Model Certification) program for the DoD. CMMC will be enacted on the day the Interim Rule is published, and CMMC requirements will start to appear in […]. The post Countdown to Compliance: Expect CMMC by May 2023 appeared first on PreVeil.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Expert insights. Personalized for you.
261 
Let's personalize your content