Schneier on Security

MAY 12, 2022

San Francisco police are using autonomous vehicles as mobile surveillance cameras. Privacy advocates say the revelation that police are actively using AV footage is cause for alarm. “This is very concerning,” Electronic Frontier Foundation (EFF) senior staff attorney Adam Schwartz told Motherboard. He said cars in general are troves of personal consumer data, but autonomous vehicles will have even more of that data from capturing the details of the world around them.

Surveillance 316

Surveillance Mobile 316

Tech Republic Security

MAY 12, 2022

On average, companies lose $480 worth of productivity per employee per year due to the time spent dealing with password problems, says Beyond Identity. The post How password fatigue can cost organizations time, money and mental energy appeared first on TechRepublic.

Passwords 179

Passwords 179

We Live Security

MAY 12, 2022

The ‘it won’t happen to me’ mindset leaves you unprepared – here are some common factors that put any of us at risk of online fraud. The post 10 reasons why we fall for scams appeared first on WeLiveSecurity.

Scams 145

Scams Risk 145

Tech Republic Security

MAY 12, 2022

As the number of ransomware attacks continue to increase, the response at C-level must be swift and decisive. The post Ransomware: How executives should prepare given the current threat landscape appeared first on TechRepublic.

Ransomware 148

Ransomware 148

Speaker: Erroll Amacker

Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.

Risk

Malwarebytes

MAY 12, 2022

When you’re buying things online, reducing the exposure of payment details during transactions is one way to help reduce the risk of data theft. If you can hide this payment data and switch it out for something else entirely, even better. Google is proposing to do just that for customers in the US, with recently announced plans to offer a virtual credit card service for Chrome.

Banking 145

Banking Authentication Accountability Risk 145

Cisco Security

MAY 12, 2022

Back in September last year, Ash Devata, VP and GM for Zero Trust and Duo at Cisco wrote about the expansion of our international footprint with the opening of data centers in Australia, Singapore, and Japan. Today, I am thrilled to add India to that list, exemplifying Duo’s commitment in a key market, which couldn’t have been better timed. Local data centers help customers meet compliance and data localization requirements, which is becoming an increasingly important issue in India.

Data privacy 145

Data privacy Authentication Insurance VPN 145

The Hacker News

MAY 12, 2022

Cybersecurity researchers have disclosed a massive campaign that's responsible for injecting malicious JavaScript code into compromised WordPress websites that redirects visitors to scam pages and other malicious websites to generate illegitimate traffic.

Scams 144

Scams Hacking Cybersecurity 144

Cisco Security

MAY 12, 2022

Below research is reflecting our observations during month of March 2022. We also would like to thank Maria Jose Erquiaga for her contribution in introduction and support during the process of writing. Overview. As the Russian-Ukrainian war continues over conventional warfare, cybersecurity professionals witnessed their domain turning into a real frontier.

Malware 144

Malware DNS DDOS Phishing 144

Appknox

MAY 12, 2022

Internet and software giant Google recently recalibrated how it categorizes its Playstore apps. Google's Android applications are tagged with 'nutrition labels' based on the security practices and the data they collect from users to share with third parties.

Mobile 143

Mobile Internet Internet Software 143

Bleeping Computer

MAY 12, 2022

Microsoft is investigating a known issue causing authentication failures for some Windows services after installing updates released during the May 2022 Patch Tuesday. [.].

Authentication 143

Authentication 143

Advertisement

Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.

Cyber threats

CyberSecurity Insiders

MAY 12, 2022

Nokia, once renowned for its amazing mobile phones, has now developed a testing lab completely dedicated to cybersecurity in the United States. The new Dallas, Texas-based Advanced Security Testing and Research (ASTaR) Lab will be fully based on a 5G network and will be useful in putting IoT products based on 5G to test against known and unknown cybersecurity threats.

Cybersecurity 136

Cybersecurity IoT Cyber Attacks Threat Detection 136

Bleeping Computer

MAY 12, 2022

A recently discovered backdoor malware called BPFdoor has been stealthily targeting Linux and Solaris systems without being noticed for more than five years. [.].

Firewall 134

Firewall Malware 134

CyberSecurity Insiders

MAY 12, 2022

According to research carried out by SecureWorks, an Iranian Hacking group dubbed “Cobalt Mirage” was discovered to be distributing ransomware. The Advanced Persistent Group (APT) group linked to another Tehran-based threat activists group dubbed Cobalt Illusion APT35 is seen distributing file-encrypting malware that straightly wipes out files if the victim cannot pay the ransom on time.

Hacking 127

Hacking Ransomware Encryption Government 127

Dark Reading

MAY 12, 2022

In an effort to combat phishing, Google will allow Android phones and iPhones to be used as security keys.

Phishing 122

Phishing Mobile 122

Advertisement

The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.

Cybersecurity

Heimadal Security

MAY 12, 2022

Bitter, an APT group reportedly engaged in cyber espionage activities, has been observed targeting the Bangladesh government by leveraging new malware that shows remote file execution functionalities. The campaign has been active since at least August 2021 and represents a good example of what the Bitter scope is. Bitter APT Group Campaign: More Details Threat […].

Government 122

Government Malware Cybersecurity 122

eSecurity Planet

MAY 12, 2022

User’s of F5’s BIG-IP application services could be vulnerable to a critical flaw that allows an unauthenticated attacker on the BIG-IP system to run arbitrary system commands, create or delete files, or disable services. The vulnerability is recorded as CVE-2022-1388 with a 9.8 severity rating, just below the highest possible rating of 10.

Insurance 119

Insurance Hacking Software Risk 119

Heimadal Security

MAY 12, 2022

Australia, Canada, New Zealand, the United Kingdom, and the United States are the members of the intelligence partnership known as the “Five Eyes,” sometimes abbreviated as “FVEY.” These nations are signatories to the multilateral UKUSA Agreement, which is a pact for coordinating their efforts in the field of signals intelligence.

Cybersecurity 119

Cybersecurity 119

Graham Cluley

MAY 12, 2022

Clearview AI receives something of a slap in the face, and who is wrestling over an internet wormhole? All this and more is discussed in the latest edition of the award-winning "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault. And don't miss our featured interview with Artur Kane of GoodAccess.

Internet 119

Internet Internet Cryptocurrency 119

Speaker: Sierre Lindgren

Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.

Scams

Heimadal Security

MAY 12, 2022

Nerbian RAT, a novel malware variant that comes with a long list of capabilities, including the ability to avoid detection and analysis by security researchers, has been recently spotted. The new remote access trojan is written in the Go programming language, compiled for 64-bit systems, and it’s currently being distributed through a small-scale email distribution […].

Marketing 119

Marketing Malware Cybersecurity 119

InfoWorld on Security

MAY 12, 2022

In order for cybersecurity professionals to gain the knowledge they need to thwart the hackers constantly targeting their cloud infrastructure and applications, they need to think like General George S. Patton (or rather like George C. Scott, the actor who won the Best Actor Oscar for his portrayal of the general in the 1970 film Patton ). In an early scene, the camera focuses on a book Patton is reading by German General Erwin Rommel.

Cybersecurity 118

Cybersecurity 118

Threatpost

MAY 12, 2022

The stealthy, feature-rich malware has multistage evasion tactics to fly under the radar of security analysis, researchers at Proofpoint have found.

Malware 115

Malware 115

CSO Magazine

MAY 12, 2022

Equifax CISO Jamil Farshchi has pulled back the curtains on cybersecurity operations, saying that he believes “transparency to all stakeholders to the deepest degree reasonable” makes for a more secure company. “If we have transparency, it makes sure we’re up to snuff in every facet of our program. It makes sure that no one is looking at a patch log and says ‘It’s no big deal,’ because they know everybody is looking,” he says.

CSO 113

CSO CISO Cybersecurity 113

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

Malwarebytes

MAY 12, 2022

Clearview AI, a facial recognition software and surveillance company, is permanently banned from selling its faceprint database within the United States. The company also cannot sell its database to state and law enforcement entities in Illinois for five years. This is a historic win for the American Civil Liberties Union (ACLU). This nonprofit organization filed a lawsuit against Clearview in 2020, alleging the company has built its business around secretly taking facial recognition data from p

Surveillance 110

Surveillance Technology Software 110

Security Boulevard

MAY 12, 2022

Zero-trust security is much more than just a buzzword. It is a critical mindset for organizations to consider as they encounter security challenges related to the growing distributed workforce that is accessing corporate assets from anywhere and everywhere and business workloads performed in hybrid environments. To overcome the challenge of securing access to corporate assets.

Authentication 110

Authentication Security Awareness Cybersecurity 110

The Hacker News

MAY 12, 2022

Google on Wednesday took to its annual developer conference to announce a host of privacy and security updates, including support for virtual credit cards on Android and Chrome.

103

103

Security Boulevard

MAY 12, 2022

Is The Cost Of Predictive Cyber Security Worth The Investment? Cybersecurity Events Becoming More Predictable ? With the advancements in cybersecurity science, mathematics and physics, and, of course, a good dose of luck, there is light at the end of the tunnel regarding predictable cybersecurity capabilities. In the early 1990s, the Internet industry needed to move packets as fast as possible because some marketing genius came up with the idea that everyone could have “Unlimited Internet Access

Cyber Insurance 105

Cyber Insurance Insurance Marketing Firewall 105

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Malwarebytes

MAY 12, 2022

As we reported a few days ago, a F5 BIG-IP vulnerability listed as CVE-2022-1388 is actively being exploited. But now researchers have noticed that attackers aren’t just taking control of the vulnerable servers but also making them unusable by destroying the device’s file system. F5 BIG-IP. The BIG-IP platform by F5 is a family of products covering software and hardware designed around application availability, access control, and security solutions.

Authentication 101

Authentication Software 101

Security Affairs

MAY 12, 2022

Iranian group used Bitlocker and DiskCryptor in a series of attacks targeting organizations in Israel, the US, Europe, and Australia. Researchers at Secureworks Counter Threat Unit (CTU) are investigating a series of attacks conducted by the Iran-linked COBALT MIRAGE APT group. The threat actors have been active since at least June 2020 and are linked to the Iranian COBALT ILLUSION group (aka APT35 , Charming Kitten , PHOSPHOROUS and TunnelVision ).

Ransomware 100

Ransomware Encryption Hacking Cybersecurity 100

WIRED Threat Level

MAY 12, 2022

A group of human rights lawyers and investigators has called on the Hague to bring the first-ever “cyber war crimes” charges against Russia’s most dangerous hackers.

Hacking 98

Hacking 98

Heimadal Security

MAY 12, 2022

RMM software (short for Remote Monitoring and Management Software) is a software type used by IT professionals and organizations to remotely manage and monitor networks and endpoints. How Does RMM Software Work? A service provider has to deploy the agent software on the client’s endpoints and servers to be able to connect the RMM software to the […].

Software 98

Software 98

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!