Thu.Nov 10, 2022

article thumbnail

An Untrustworthy TLS Certificate in Browsers

Schneier on Security

The major browsers natively trust a whole bunch of certificate authorities, and some of them are really sketchy : Google’s Chrome, Apple’s Safari, nonprofit Firefox and others allow the company, TrustCor Systems, to act as what’s known as a root certificate authority, a powerful spot in the internet’s infrastructure that guarantees websites are not fake, guiding users to them seamlessly.

Spyware 335
article thumbnail

Qualys Security Conference 2022: Corralling horses in an expanding edge rodeo

Tech Republic Security

It wasn’t a “Day of Anger” as Qualys used the final leg of its multi-city conference series to discuss the control of edge assets. The post Qualys Security Conference 2022: Corralling horses in an expanding edge rodeo appeared first on TechRepublic.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

A bug in ABB Totalflow flow computers exposed oil and gas companies to attack

Security Affairs

A flaw in the ABB Totalflow system used in oil and gas organizations could be exploited by an attacker to inject and execute arbitrary code. Researchers from industrial security firm Claroty disclosed details of a vulnerability affecting ABB Totalflow flow computers and remote controllers. Flow computers are used to calculate volume and flow rates for oil and gas that are critical to electric power manufacturing and distribution.

Firmware 145
article thumbnail

Cyber Threats to the FIFA World Cup Qatar 2022

Digital Shadows

Sporting events, like the upcoming FIFA World Cup Qatar 2022 (Qatar 2022 World Cup), attract massive attention from every corner. The post Cyber Threats to the FIFA World Cup Qatar 2022 first appeared on Digital Shadows.

article thumbnail

How to Avoid Pitfalls In Automation: Keep Humans In the Loop

Speaker: Erroll Amacker

Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.

article thumbnail

APT29 abused the Windows Credential Roaming in an attack against a diplomatic entity

Security Affairs

Russia-linked APT29 cyberespionage group exploited a Windows feature called Credential Roaming to target a European diplomatic entity. Mandiant researchers in early 2022 responded to an incident where the Russia-linked APT29 group (aka SVR group , Cozy Bear , Nobelium , and The Dukes ) successfully phished a European diplomatic entity. The attack stands out for the use of the Windows Credential Roaming feature.

Passwords 138
article thumbnail

The state of cryptojacking in the first three quarters of 2022

SecureList

Cryptocurrency prices were dropping from the end of 2021 and throughout the first half of 2022. Although finance experts and retail investors estimate crypto to have a solid chance of recovery in the long term, at the time of writing this report the prices remain low. However, cybercriminals are capitalizing on this vulnerable industry more than ever.

LifeWorks

More Trending

article thumbnail

Researchers warn of malicious packages on PyPI using steganography

Security Affairs

Experts discovered a malicious package on the Python Package Index (PyPI) that uses steganographic to hide malware within image files. CheckPoint researchers discovered a malicious package, named ‘ apicolor ,’ on the Python Package Index (PyPI) that uses steganographic to hide malware within image files. The malicious package infects PyPI users through open-source projects on Github. .

Malware 129
article thumbnail

Worok hackers hide new malware in PNGs using steganography

Bleeping Computer

A threat group tracked as 'Worok' hides malware within PNG images to infect victims' machines with information-stealing malware without raising alarms. [.].

Malware 129
article thumbnail

PCI DSS 4.0 is coming: how to prepare for the looming changes to credit card payment rules

CSO Magazine

For enterprises that handle credit card data, which means just about every consumer-facing company, payment processing is a mission-critical system that requires the highest levels of security. The volume of transactions conducted with general purpose credit cards (American Express, Discover, Mastercard, Visa, UnionPay in China, and JCB in Japan) totaled $581 billion in 2021, up 24.5% year-over-year, according to the Nilson Report.

Banking 123
article thumbnail

BSidesKC 2022 – Igor Mezic’s ‘AI And Machine Learning In Network Security’

Security Boulevard

Our sincere thanks to BSidesKC 2022 for publishing their outstanding conference videos on the organization's YouTube channel. The post BSidesKC 2022 – Igor Mezic’s ‘AI And Machine Learning In Network Security’ appeared first on Security Boulevard.

article thumbnail

Why Giant Content Libraries Do Nothing for Your Employees’ Cyber Resilience

Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.

article thumbnail

Social Media Influencer Sentenced to 11 Years in Prison for Cyber Fraud

Heimadal Security

‘Ray Hushpuppi’, an Instagram celebrity, was sentenced to 11 years in jail for conspiring to launder tens of millions of dollars via business email compromise (BEC) scams and other cyber frauds. A law company in the United States and a businessperson in Qatar have both been identified as victims of the 40-year-old Nigerian, whose real […].

Media 120
article thumbnail

“How will the Uber Breach Verdict Affect the CISO Role in the Future?”

Security Boulevard

A Uber breach verdict was handed down that could prove highly impactful to CISOs and CSOs in the near and distant future. The post “How will the Uber Breach Verdict Affect the CISO Role in the Future?” appeared first on Radware Blog. The post “How will the Uber Breach Verdict Affect the CISO Role in the Future?” appeared first on Security Boulevard.

CISO 120
article thumbnail

Outlook and Thunderbird Accounts Threatened by StrelaStealer

Heimadal Security

Outlook and Thunderbird accounts are being targeted by a new info stealer malware known as StrelaStealer. The malware behaves as most info stealers do, meaning they attempt to steal data from various sources, such as browsers, cryptocurrency wallet apps, cloud gaming apps, the clipboard and so on. Distribution and Execution Earlier this month, researchers from DCSO […].

article thumbnail

Dark Web Recruitment: Malware, Phishing, and Carding

Digital Shadows

In our first blog in this series, we covered how ransomware groups go about their recruitment, with their large teams. The post Dark Web Recruitment: Malware, Phishing, and Carding first appeared on Digital Shadows.

Phishing 116
article thumbnail

Zero Trust Mandate: The Realities, Requirements and Roadmap

The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.

article thumbnail

Private Information of Thousands of COVID-19 Patients Exposed in Resileo Leak

Heimadal Security

A leak that exposed the private information of thousands of COVID-19 patients was discovered on Resileo’s servers this August. The India-based IT and consulting firm has clients like HCL Technologies, Verizon, and RCS Group. The company offers application performance monitoring (APM) services and works with Indian Council for Medical Research (ICMR), helping them analyze data. […].

article thumbnail

REPEAT AND REFINE: HOW DO YOU GET TO CARNEGIE HALL? (Pt. 6 of “Why Don’t You Go Dox Yourself?”)

Cisco Security

Welcome back! In our last article, you cleared out your extraneous digital footprints by removing unnecessary accounts and opting-out of data broker services, and have finished a dedicated review of your online history. In this final section, we will answer the natural question encountered at the end of any journey: What’s next? . Before becoming the series you’ve just read, I presented a version of this many times as a live talk at conferences and training sessions.

Passwords 116
article thumbnail

Thousands of Sites Hacked in Massive Google SEO Poisoning Campaign

Heimadal Security

This week, almost 15,000 sites were compromised during a massive black hat search engine optimization (SEO) campaign. The websites would redirect the visitors to face Q&A discussion forums. Security researchers believe that the goal of the threat actors is to generate enough indexed pages to increase the authority of the fake Q&A sites and thus, […].

Hacking 117
article thumbnail

The world’s most searched-for cyber attacks and prevention measures

Security Boulevard

Searches for cyber threats have seen a steady increase worldwide, particularly in the last year, proving that it’s a major concern for people all around the world. In fact, according to IBM’s Cost of a Data Breach report, the average cost of a data breach has reached an all-time high, climbing 12.7%, from $3.86 million … Continued. The post The world’s most searched-for cyber attacks and prevention measures appeared first on Enterprise Network Security Blog from IS Decisions.

article thumbnail

Next-Level Fraud Prevention: Strategies for Today’s Threat Landscape

Speaker: Sierre Lindgren

Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.

article thumbnail

Elon Musk's Twitter Blue Verification Is a Scammer's Paradise

WIRED Threat Level

Anyone can get a blue tick on Twitter without proving who they are. And it’s already causing a ton of problems.

Media 113
article thumbnail

S3 Ep108: You hid THREE BILLION dollars in a popcorn tin?

Naked Security

Patches, busts, leaks and why even low-likelihood exploits can be high-severity risks - listen now!

Risk 112
article thumbnail

Update your Lenovo laptop’s firmware now! Flaws could help malware survive a hard disk wipe

Graham Cluley

PC manufacturer Lenovo has been forced to push out a security update to more than two dozen of its laptop models, following the discovery of high severity vulnerabilities that could be exploited by malicious hackers. Security researchers at ESET discovered flaws in 25 of its laptop models - including IdeaPads, Slims, and ThinkBooks - that could be used to disable the UEFI Secure Boot process.

Firmware 111
article thumbnail

Toward the cutting edge: SMBs contemplating enterprise security

We Live Security

Survey finds SMBs, weary of security failures, curious about detection and response. The post Toward the cutting edge: SMBs contemplating enterprise security appeared first on WeLiveSecurity.

article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

How to Close Kubernetes' Network Security Gap

Dark Reading

StackRox bridges network security and other gaps and makes applying and managing network isolation and access controls easier while extending Kubernetes' automation and scalability benefit.

article thumbnail

FBI warns scammers now impersonate refund payment portals

Bleeping Computer

The FBI warns that tech support scammers are now impersonating financial institutions' refund payment portals to harvest victims' sensitive information and add legitimacy. [.].

110
110
article thumbnail

ProxyNotShell Finally Gets Patched by Microsoft

eSecurity Planet

Microsoft’s November 2022 Patch Tuesday includes fixes for more than 60 vulnerabilities affecting almost 40 different products, features and roles – including patches for CVE-2022-41040 and CVE-2022-41082 , the ProxyNotShell flaws disclosed last month. “It took Microsoft more than two months to provide the patch, even though the company admitted that ProxyNotShell actively exploited the vulnerabilities in targeted attacks against at least 10 large organizations,” Mike Walters,

Phishing 109
article thumbnail

Oil & Gas Industry Vulnerability Typifies Threat to Key Infrastructure

SecureWorld News

A new research report has exposed vulnerabilities in the oil and gas industry, specifically to flow computers that regulate and calculate volume and flow rates of substances such as natural gas, crude oils, and other hydrocarbon fluids. The report was issued by Team82, the research arm of Claroty, an industrial security company. While the threat is pretty specific to "a path-traversal vulnerability in ABB TotalFlow flow computers and controllers," it is an example of ways hackers can disrupt cri

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

What is DRM Protected Content? Definition, How It Works & More

Digital Guardian

What does it mean when digital content is DRM protected? We explain how DRM works and protects intellectual property in this blog.

105
105
article thumbnail

Privileged Access Management (PAM) Best Practices

Heimadal Security

Privileged access management, PAM in short, is a crucial set of tools and technologies allowing organizations to maintain steadfast control and monitorization over the access to critical information and resources, as well as users, accounts and processes. Precisely because it is so important, there are some rules that should be enacted, otherwise it could become a […].

article thumbnail

US Health Dept warns of Venus ransomware targeting healthcare orgs

Bleeping Computer

The U.S. Department of Health and Human Services (HHS) warned today that Venus ransomware attacks are also targeting the country's healthcare organizations. [.].

article thumbnail

Hacker Rewarded $70,000 for Finding Way to Bypass Google Pixel Phones' Lock Screens

The Hacker News

Google has resolved a high-severity security issue affecting all Pixel smartphones that could be trivially exploited to unlock the devices. The vulnerability, tracked as CVE-2022-20465 and reported by security researcher David Schütz in June 2022, was remediated as part of the search giant's monthly Android update for November 2022.

103
103
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!