Schneier on Security
NOVEMBER 10, 2022
The major browsers natively trust a whole bunch of certificate authorities, and some of them are really sketchy : Google’s Chrome, Apple’s Safari, nonprofit Firefox and others allow the company, TrustCor Systems, to act as what’s known as a root certificate authority, a powerful spot in the internet’s infrastructure that guarantees websites are not fake, guiding users to them seamlessly.
Krebs on Security
NOVEMBER 10, 2022
A nonprofit organization is suing the state of Massachusetts on behalf of thousands of low-income families who were collectively robbed of more than a $1 million in food assistance benefits by card skimming devices secretly installed at cash machines and grocery store checkout lanes across the state. Federal law bars states from replacing these benefits using federal funds, and a recent rash of skimming incidents nationwide has disproportionately affected those receiving food assistance via stat
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Tech Republic Security
NOVEMBER 10, 2022
It wasn’t a “Day of Anger” as Qualys used the final leg of its multi-city conference series to discuss the control of edge assets. The post Qualys Security Conference 2022: Corralling horses in an expanding edge rodeo appeared first on TechRepublic.
Digital Shadows
NOVEMBER 10, 2022
Sporting events, like the upcoming FIFA World Cup Qatar 2022 (Qatar 2022 World Cup), attract massive attention from every corner. The post Cyber Threats to the FIFA World Cup Qatar 2022 first appeared on Digital Shadows.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Bleeping Computer
NOVEMBER 10, 2022
Europol has announced today the arrest of a Russian national linked to LockBit ransomware attacks targeting critical infrastructure organizations and high-profile companies worldwide. [.].
Security Affairs
NOVEMBER 10, 2022
A flaw in the ABB Totalflow system used in oil and gas organizations could be exploited by an attacker to inject and execute arbitrary code. Researchers from industrial security firm Claroty disclosed details of a vulnerability affecting ABB Totalflow flow computers and remote controllers. Flow computers are used to calculate volume and flow rates for oil and gas that are critical to electric power manufacturing and distribution.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
CSO Magazine
NOVEMBER 10, 2022
For enterprises that handle credit card data, which means just about every consumer-facing company, payment processing is a mission-critical system that requires the highest levels of security. The volume of transactions conducted with general purpose credit cards (American Express, Discover, Mastercard, Visa, UnionPay in China, and JCB in Japan) totaled $581 billion in 2021, up 24.5% year-over-year, according to the Nilson Report.
Bleeping Computer
NOVEMBER 10, 2022
The FBI warns that tech support scammers are now impersonating financial institutions' refund payment portals to harvest victims' sensitive information and add legitimacy. [.].
Security Boulevard
NOVEMBER 10, 2022
Our sincere thanks to BSidesKC 2022 for publishing their outstanding conference videos on the organization's YouTube channel. The post BSidesKC 2022 – Igor Mezic’s ‘AI And Machine Learning In Network Security’ appeared first on Security Boulevard.
Digital Shadows
NOVEMBER 10, 2022
In our first blog in this series, we covered how ransomware groups go about their recruitment, with their large teams. The post Dark Web Recruitment: Malware, Phishing, and Carding first appeared on Digital Shadows.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Security Boulevard
NOVEMBER 10, 2022
A Uber breach verdict was handed down that could prove highly impactful to CISOs and CSOs in the near and distant future. The post “How will the Uber Breach Verdict Affect the CISO Role in the Future?” appeared first on Radware Blog. The post “How will the Uber Breach Verdict Affect the CISO Role in the Future?” appeared first on Security Boulevard.
Bleeping Computer
NOVEMBER 10, 2022
The U.S. Department of Health and Human Services (HHS) warned today that Venus ransomware attacks are also targeting the country's healthcare organizations. [.].
Security Boulevard
NOVEMBER 10, 2022
Searches for cyber threats have seen a steady increase worldwide, particularly in the last year, proving that it’s a major concern for people all around the world. In fact, according to IBM’s Cost of a Data Breach report, the average cost of a data breach has reached an all-time high, climbing 12.7%, from $3.86 million … Continued. The post The world’s most searched-for cyber attacks and prevention measures appeared first on Enterprise Network Security Blog from IS Decisions.
Bleeping Computer
NOVEMBER 10, 2022
Kaspersky is stopping the operation and sales of its VPN product, Kaspersky Secure Connection, in the Russian Federation, with the free version to be suspended as early as November 15, 2022. [.].
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Heimadal Security
NOVEMBER 10, 2022
Outlook and Thunderbird accounts are being targeted by a new info stealer malware known as StrelaStealer. The malware behaves as most info stealers do, meaning they attempt to steal data from various sources, such as browsers, cryptocurrency wallet apps, cloud gaming apps, the clipboard and so on. Distribution and Execution Earlier this month, researchers from DCSO […].
Dark Reading
NOVEMBER 10, 2022
StackRox bridges network security and other gaps and makes applying and managing network isolation and access controls easier while extending Kubernetes' automation and scalability benefit.
SecureList
NOVEMBER 10, 2022
Cryptocurrency prices were dropping from the end of 2021 and throughout the first half of 2022. Although finance experts and retail investors estimate crypto to have a solid chance of recovery in the long term, at the time of writing this report the prices remain low. However, cybercriminals are capitalizing on this vulnerable industry more than ever.
We Live Security
NOVEMBER 10, 2022
Survey finds SMBs, weary of security failures, curious about detection and response. The post Toward the cutting edge: SMBs contemplating enterprise security appeared first on WeLiveSecurity.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Heimadal Security
NOVEMBER 10, 2022
A leak that exposed the private information of thousands of COVID-19 patients was discovered on Resileo’s servers this August. The India-based IT and consulting firm has clients like HCL Technologies, Verizon, and RCS Group. The company offers application performance monitoring (APM) services and works with Indian Council for Medical Research (ICMR), helping them analyze data. […].
Security Boulevard
NOVEMBER 10, 2022
10 November 2022. A MESSAGE FROM THE COMMANDANT OF THE MARINE CORPS. 70 years ago, Army Major General Frank E. Lowe was quoted as saying, "The safest place in Korea was right behind a platoon of Marines. Lord, how they could fight." That testimonial rings as true now as it did then, and will remain so tomorrow. As we celebrate the 247th anniversary of our Corps' founding, we reflect on nearly two and a half centuries of exceptional prowess, while also taking objective stock of where we are today
Bleeping Computer
NOVEMBER 10, 2022
A series of attacks targeting transportation and logistics organizations in Ukraine and Poland with Prestige ransomware since October have been linked to an elite Russian military cyberespionage group. [.].
Security Boulevard
NOVEMBER 10, 2022
An interesting trend is unfolding in companies around the globe. They are investing in a growing number of SaaS apps to support day-to-day operations but then putting themselves in an extremely precarious situation by failing to invest an equal or larger amount into their security staff. These are just two findings from this year’s 2022. The post Manual Vs.
Advertisement
The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.
The Hacker News
NOVEMBER 10, 2022
Google has resolved a high-severity security issue affecting all Pixel smartphones that could be trivially exploited to unlock the devices. The vulnerability, tracked as CVE-2022-20465 and reported by security researcher David Schütz in June 2022, was remediated as part of the search giant's monthly Android update for November 2022.
Security Boulevard
NOVEMBER 10, 2022
An Untrustworthy TLS Certificate in Browsers. The major browsers natively trust a whole bunch of certificate authorities, and some of them are really sketchy : Google’s Chrome, Apple’s Safari, nonprofit Firefox and others allow the company, TrustCor Systems, to act as what’s known as a root certificate authority, a powerful spot in the internet’s infrastructure that guarantees websites are not fake, guiding users to them seamlessly.
Graham Cluley
NOVEMBER 10, 2022
PC manufacturer Lenovo has been forced to push out a security update to more than two dozen of its laptop models, following the discovery of high severity vulnerabilities that could be exploited by malicious hackers. Security researchers at ESET discovered flaws in 25 of its laptop models - including IdeaPads, Slims, and ThinkBooks - that could be used to disable the UEFI Secure Boot process.
Security Boulevard
NOVEMBER 10, 2022
The Internet of Gas Station Tank Gauges: This post is a part of Cyborg Security’s guest threat hunter series, where we invite talented threat hunting professionals to contribute interesting content for the broader cyber security community. If you would like to participate, contact us here! If you enjoy this article, feel free to check out RoseSecurity’s […].
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
CSO Magazine
NOVEMBER 10, 2022
Cloud security vendor Lacework this week announced the availability of a cloud-native application protection platform (CNAPP) for its broader Polygraph Data Platform offering, providing an agentless, low-touch option for organizations looking to improve their application security posture. There are two main components to the CNAPP release, according to Lacework, both of which require only that the user connect their cloud accounts with Lacework’s apparatus.
eSecurity Planet
NOVEMBER 10, 2022
Microsoft’s November 2022 Patch Tuesday includes fixes for more than 60 vulnerabilities affecting almost 40 different products, features and roles – including patches for CVE-2022-41040 and CVE-2022-41082 , the ProxyNotShell flaws disclosed last month. “It took Microsoft more than two months to provide the patch, even though the company admitted that ProxyNotShell actively exploited the vulnerabilities in targeted attacks against at least 10 large organizations,” Mike Walters,
CSO Magazine
NOVEMBER 10, 2022
Every quarter, we interview CISOs and ask them what is top of mind and what trends or challenges they are experiencing in the threat landscape. From this, we create the CISO Insider — an actionable report that explores the top three issues that are most relevant in today’s threat landscape. This quarter, we’re exploring rising ransomware rates, the need for increased automation and better tools to empower security teams to do more with limited resources, and the opportunity for extended detectio
Security Affairs
NOVEMBER 10, 2022
Apple released out-of-band patches for iOS and macOS to fix a couple of code execution vulnerabilities in the libxml2 library. Apple released out-of-band patches for iOS and macOS to address two code execution flaws, tracked as CVE-2022-40303 and CVE-2022-40304 , in the libxml2 library for parsing XML documents. The two vulnerabilities were discovered by Google Project Zero security researchers.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Expert insights. Personalized for you.
274 
Let's personalize your content