Troy Hunt
DECEMBER 11, 2022
For the first time in I don't know how long, I couldn't do this live. Turns out both cell and wifi in Lapland are, with the benefit of hindsight, exactly what you'd expect from a remote location in the Arctic circle. The rest of the place was pretty amazing though, and a good deal of this week's content has gone to that. Plus, there's the whole "Australia becoming the world's most cyber-secure country" goal which deserves discussion.
Lohrman on Security
DECEMBER 11, 2022
What can we learn about leadership from looking back at talented teams from the past in areas ranging from sports to technology to cybersecurity to government?
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
The Last Watchdog
DECEMBER 11, 2022
The Internet of Everything ( IoE ) is on the near horizon. Related: Raising the bar for smart homes. Our reliance on artificially intelligent software is deepening, signaling an era, just ahead, of great leaps forward for humankind. We would not be at this juncture without corresponding advances on the hardware side of the house. For instance, very visibly over the past decade, Internet of Things ( IoT ) computing devices and sensors have become embedded everywhere.
Trend Micro
DECEMBER 11, 2022
We intercepted a cryptocurrency mining attack that incorporated an advanced remote access trojan (RAT) named the CHAOS Remote Administrative Tool.
Speaker: Erroll Amacker
Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.
Security Affairs
DECEMBER 11, 2022
Researchers reported an increase in TrueBot infections, attackers have shifted from using malicious emails as their primary delivery method to other techniques. Cisco Talos researchers reported an increase in TrueBot infections, threat actors have shifted from using malicious emails as their primary attack vector to other techniques. Truebot has been active since 2017 and some researchers linked it to the Silence Group , while a recent investigation linked it to threat actor TA505 (aka Evil Co
CyberSecurity Insiders
DECEMBER 11, 2022
Taylor Swift, the American singer with multiple talents, is extremely concerned about her privacy these days as environmental advocate groups are publishing her travel data online, giving a tip-off to stalkers about her whereabouts. In the year 2022, a survey conducted by a company called ‘Yard’ landed Swift on top of the list of ‘Celebrities with the Worst Private Jet CO2 Emissions’.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
|
Dark Reading
DECEMBER 11, 2022
Pulse Connect VPN server software received several updates over the years, and thousands of hosts haven't patched.
Security Affairs
DECEMBER 11, 2022
The Pwn2Own Toronto 2022 is ended, and the participants earned a total of $989,750 for 63 unique zero-day exploits. The Zero Day Initiative’s Pwn2Own Toronto 2022 hacking competition has ended and these are the final numbers for the event: $989,750 awarded. 63 unique 0-days. 66 entries. 36 different teams representing 14+ countries. The final numbers for #Pwn2Own Toronto 2022: $989,750 awarded 63 unique 0-days 66 entries 36 different teams representing 14+ countries See you at #Pwn2Own Miami in
Security Boulevard
DECEMBER 11, 2022
A chatbot developed by OpenAI, called ChatGPT, has gone viral and is able to mimic human language and speech styles and can interact with users in a conversational way. It can be used for a range of purposes, including writing code, talking like a “Valley girl”, and even podcast introduction scripts. Attackers broke into a […]. The post ChatGPT Goes Viral, More Trouble for LastPass, Apple’s New Data Protections appeared first on The Shared Security Show.
Security Affairs
DECEMBER 11, 2022
The Iran-linked MuddyWater APT is targeting countries in the Middle East as well as Central and West Asia in a new campaign. Deep Instinct’s Threat Research team uncovered a new campaign conducted by the MuddyWater APT (aka SeedWorm , TEMP.Zagros , and Static Kitten ) that was targeting Armenia, Azerbaijan, Egypt, Iraq, Israel, Jordan, Oman, Qatar, Tajikistan, and United Arab Emirates.
Advertisement
Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.
The Hacker News
DECEMBER 11, 2022
The U.S. Department of Health and Human Services (HHS) has cautioned of ongoing Royal ransomware attacks targeting healthcare entities in the country.
Security Affairs
DECEMBER 11, 2022
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. If you want to also receive for free the newsletter with the international press subscribe here. At least 4,460 vulnerable Pulse Connect Secure hosts are exposed to the Internet US HHS warns healthcare orgs of Royal Ransomware attacks CommonSpirit confirms data breach impacts 623K patients Pwn2Own Toronto 2022 Day 3: Participants earned nearly
Malwarebytes
DECEMBER 11, 2022
On Wednesday, the State of Indiana filed two lawsuits against TikTok, Inc, the company behind the same name app, and its parent company, ByteDance. The first suit alleges TikTok's 12+ rating on the Apple App Store and a "T" for "Teen" rating in the Google Play Store and the Microsoft Store are misleading as minors are repeatedly exposed to inappropriate content generated by the app's algorithm.
Bleeping Computer
DECEMBER 11, 2022
Microsoft is adding a built-in screen recorder to the Windows 11 Snipping Tool that will enable users to capture videos of their desktop without the need for a third-party app. [.].
Advertisement
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
Malwarebytes
DECEMBER 11, 2022
Researchers have uncovered a new campaign by hacking group MuddyWater, aka Static Kitten, in which a legitimate remote access tool is sent to targets from a compromised email account. The targets in this campaign are reportedly in Armenia, Azerbaijan, Egypt, Iraq, Israel, Jordan, Oman, Qatar, Tajikistan, and the United Arab Emirates. MuddyWater is suspected of being associated with Iran's Ministry of Intelligence and Security.
Dark Reading
DECEMBER 11, 2022
Funding and new leadership to drive innovation and growth in cloud-native application resiliency; round led by SKK Ventures with T-Mobile and Telefonica.
Malwarebytes
DECEMBER 11, 2022
Last week on Malwarebytes Labs: Security advisories are falling short. Here's why, with Dustin Childs: Lock and Code S03E25. Eufy "no cloud" security cameras streaming data to the cloud. Snapchat gives Californians more power over their personal data. Update now! Emergency fix for Google Chrome's V8 JavaScript engine zero-day flaw released. Hive Social pulls the plug on itself after security flaws found.
Bleeping Computer
DECEMBER 11, 2022
Security researchers have noticed a spike in devices infected with the TrueBot malware downloader created by a Russian-speaking hacking group known as Silence. [.].
Speaker: Sierre Lindgren
Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.
Malwarebytes
DECEMBER 11, 2022
There’s been a lot of weird and frankly bizarre attacks over the course of 2022, nestled in amongst the usual ransomware outbreaks and data breaches. Whether we’re talking social media, email, or even malware, there’s been a mind bending tale of tall behaviour in almost every corner. It’s time to forget about nation state attacks and the nagging sensation that every single piece of data ever created has ended up on a TOR site somewhere.
Security Boulevard
DECEMBER 11, 2022
Distinguished Paper Award Winner and First Prize Winner of the 2022 Internet Defense Prize. Complete Title : USENIX Security '22 - Diwen Xue, Reethika Ramesh, Arham Jain, Michalis Kallitsis, J. Alex Halderman, Jedidiah R. Crandall, Roya Ensafi ‘OpenVPN Is Open To VPN Fingerprinting’. Our thanks to USENIX for publishing their Presenter’s USENIX Security ’22 Conference tremendous content on the organization’s’ YouTube channel.
CyberSecurity Insiders
DECEMBER 11, 2022
Indiana’s Attorney General Todd Rokita has sued Chinese video sharing mobile application TikTok for showing inappropriate content to children below the age of 13. Todd claimed in his lawsuit that the Byte Dance owned company misleads its users, particularly children, for offering utmost security to consumers information and makes A- rated content to below the underaged.
Expert insights. Personalized for you.
294 
Let's personalize your content