Schneier on Security
APRIL 12, 2023
The FBI is warning people against using public phone-charging stations, worrying that the combination power-data port can be used to inject malware onto the devices: Avoid using free charging stations in airports, hotels, or shopping centers. Bad actors have figured out ways to use public USB ports to introduce malware and monitoring software onto devices that access these ports.
The Last Watchdog
APRIL 12, 2023
At 10 am PDT, next Wednesday, April 19 th , I’ll have the privilege of appearing as a special guest panelist and spotlight speaker on Virtual Guardian’s monthly Behind the Shield cybersecurity podcast. Related: The Golden Age of cyber spying is upon us You can RSVP – and be part of the live audience – by signing up here. The moderator, Marco Estrela, does a terrific job highlighting current cybersecurity topics ripped from the headlines.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Tech Republic Security
APRIL 12, 2023
Graymail, phishing, vendor impersonation, and other BECs clogging up security teams’ time. The post Cybersecurity leaders see risk from email attacks, hybrid work appeared first on TechRepublic.
SecureList
APRIL 12, 2023
The Lazarus group is a high-profile Korean-speaking threat actor with multiple sub-campaigns. We have previously published information about the connections of each cluster of this group. In this blog, we’ll focus on an active cluster that we dubbed DeathNote because the malware responsible for downloading additional payloads is named Dn.dll or Dn64.dll.
Speaker: Erroll Amacker
Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.
Tech Republic Security
APRIL 12, 2023
In the face of growing risks from open-source software dependencies, Google Cloud is releasing its Assured Open Source Software (Assured OSS) service for Java and Python ecosystems at no cost. The post Google Cloud offers Assured Open Source Software for free appeared first on TechRepublic.
Security Boulevard
APRIL 12, 2023
Beware Fancy Bears Bearing Gifts: Confirms DCLeaks caper was by APT28. Also that APT28 is Russian military unit. The post ‘But His Emails!’ — Ukrainian Hackers Hack Hillary Hacker appeared first on Security Boulevard.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
|
Graham Cluley
APRIL 12, 2023
Everyone's talking juice-jacking - but has anyone ever been juice-jacked? Uber suffers yet another data breach, but it hasn't been hacked. And Carole hosts the "AI-a-go-go or a no-no?" quiz for Dave and Graham. All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by The Cyberwire's Dave Bittner.
CyberSecurity Insiders
APRIL 12, 2023
StormWall , a premier cybersecurity firm specializing in the defense of websites, networks, and online services from Distributed Denial of Service (DDoS) attacks, has published an in-depth report on the DDoS landscape during the first quarter of 2023. The report stems from a detailed analysis of attacks targeting StormWall’s clientele, which spans various sectors such as finance, e-commerce, telecommunications, entertainment, transportation, education, and logistics.
Graham Cluley
APRIL 12, 2023
Travellers are being told to be wary when plugging their smartphones and laptops into USB chargers. But has anyone ever actually been juice-jacked in the real world?
Zero Day
APRIL 12, 2023
Wondering if your information was posted online from a data breach? Here's how to check if your accounts are at risk and what to do next.
Advertisement
Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.
Bleeping Computer
APRIL 12, 2023
Security researchers and experts warn of a critical vulnerability in the Windows Message Queuing (MSMQ) middleware service patched by Microsoft during this month's Patch Tuesday and exposing hundreds of thousands of systems to attacks. [.
Dark Reading
APRIL 12, 2023
A wide-ranging campaign to inject malicious code into WordPress-run websites has been ongoing for at least five years.
CyberSecurity Insiders
APRIL 12, 2023
The Australian government is set to issue a complete ban on ransomware payments after one of its major financial lenders became the target of a massive file-encrypting malware attack on March 16th this year. As the victim received a ransom demand in Tornado Cash on April 11th, 2023, the Albanese-led government is considering banning cryptocurrency usage and circulation to block ransomware payments.
We Live Security
APRIL 12, 2023
Some sectors have high confidence in their in-house cybersecurity expertise, while others prefer to enlist the support of an external provider to keep their systems and data secured The post What are the cybersecurity concerns of SMBs by sector?
Advertisement
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
CyberSecurity Insiders
APRIL 12, 2023
The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. What is an e-mail? E-mail, also referred to as electronic mail, is an internet service which allows people and digital services to transmit messages(letters) in electronic form across Internet.
Dark Reading
APRIL 12, 2023
Hackers can compromise public charging hubs to steal data, install malware on phones, and more, threatening individuals and businesses alike.
Security Boulevard
APRIL 12, 2023
Companies around the world are taking measures to regulate how their employees use OpenAI’s ChatGPT at work. As with all new technologies, generative AI models like ChatGPT can provide benefits, but there are also risks. After researching industry best practices, some organizations are deciding that—at least for now—those risks outweigh the benefits.
eSecurity Planet
APRIL 12, 2023
Microsoft’s Patch Tuesday for April 2023 targets 97 vulnerabilities, seven of them rated critical – as well as one that’s currently being exploited in the wild. The one flaw that’s currently being exploited, CVE-2023-28252 , is an elevation of privilege vulnerability in the Windows Common Log File System (CLFS) Driver that could provide an attacker with SYSTEM privileges.
Speaker: Sierre Lindgren
Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.
CyberSecurity Insiders
APRIL 12, 2023
For the past few months, Elon Musk, the current owner of Twitter, has urged AI-based firms to pause their R&D developments unless the White House figures out a way to take complete control over AI. However, in contradiction to what is being said and preached, Twitter, which occupies the second rung place in the list of the world’s most popular social media platforms, is reportedly working on a secret generative AI project that can be in line with the Microsoft-owned and OpenAI project
eSecurity Planet
APRIL 12, 2023
A vulnerability assessment is one of the most important pieces of an enterprise’s vulnerability management lifecycle because you can’t fix security vulnerabilities you know nothing about. Through the vulnerability assessment process, networks and assets are scanned and newly discovered vulnerabilities are analyzed and scored based on risk. With completed vulnerability assessments, cybersecurity and vulnerability specialists will have the knowledge they need to make security adjustments that make
The Hacker News
APRIL 12, 2023
OpenAI, the company behind the massively popular ChatGPT AI chatbot, has launched a bug bounty program in an attempt to ensure its systems are "safe and secure.
Security Affairs
APRIL 12, 2023
Hyundai disclosed a data breach that impacted Italian and French car owners and clients who booked a test drive. Hyundai has suffered a data breach that impacted Italian and French car owners and customers who booked a test drive. Threat actors had access to the email addresses, physical addresses, telephone numbers, and vehicle chassis numbers of the impacted individuals.
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
The Hacker News
APRIL 12, 2023
Threat actors using hacking tools from an Israeli surveillanceware vendor named QuaDream targeted at least five members of civil society in North America, Central Asia, Southeast Asia, Europe, and the Middle East. According to findings from a group of researchers from the Citizen Lab, the spyware campaign was directed against journalists, political opposition figures, and an NGO worker in 2021.
Malwarebytes
APRIL 12, 2023
Days ago, several Google Pay users in the US received some unexpected cashback from Google, congratulating them "for dogfooding the Google Pay Remittance experience". Confused (and a tad happy), some looked to Twitter for answers, while others aired their experiences on the /r/googlepay/ Reddit page. Freelance journalist Mishaal Rahman was one of the many recipients of free money.
Security Affairs
APRIL 12, 2023
AI company OpenAI launched a bug bounty program and announced payouts of up to $20,000 for security flaws in its ChatGPT chatbot service. OpenAI launched a bug bounty program and it is offering up to $20,000 to bug hunters that will report vulnerabilities in its ChatGPT chatbot service. The company explained that ChatGPT is in scope, including ChatGPT Plus, logins, subscriptions, OpenAI-created plugins (e.g.
Malwarebytes
APRIL 12, 2023
It’s Patch Tuesday again. Microsoft and other vendors have released their monthly updates. Among a total of 97 patched vulnerabilities there is one actively exploited zero-day. Microsoft classifies a vulnerability as a zero-day if it is publicly disclosed or actively exploited with no official fix available. The Common Vulnerabilities and Exposures (CVE) database lists publicly disclosed computer security flaws.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Security Affairs
APRIL 12, 2023
SAP fixed two critical bugs that affect the Diagnostics Agent and the BusinessObjects Business Intelligence Platform. SAP April 2023 security updates include a total of 24 notes, 19 of which are new vulnerabilities. The most critical vulnerabilities are: CVE-2023-27267 : missing authentication and insufficient input validation in the OSCommand Bridge of SAP Diagnostics Agent, version 720, can be exploited by an attacker to execute scripts on connected Diagnostics Agents.
SecureBlitz
APRIL 12, 2023
Read on to find out how to identify and avoid online gaming scams. Online gaming scams have been around for almost as long as we’ve had online games. Whether they were ways for hackers to steal your credit card details or a way for them to access your accounts, the scams were simple and effective […] The post How To Identify And Avoid Online Gaming Scams appeared first on SecureBlitz Cybersecurity.
Security Affairs
APRIL 12, 2023
At least five members of civil society worldwide have been targeted with spyware and exploits developed by surveillance firm QuaDream. Citizen Lab researchers reported that at least five civil society members were victims of spyware and exploits developed by the Israeli surveillance firm QuaDream. The victims include journalists, political opposition figures, and an NGO worker located in North America, Central Asia, Southeast Asia, Europe, and the Middle East.
Security Boulevard
APRIL 12, 2023
The utility of telecommunications services is often taken for granted. Whether it’s for personal use or for a business, these services have become ubiquitous—and more important than ever before in our daily lives. Customers now expect connectivity at the touch of a finger, while also demanding increased account and data security. The need for telecom […] The post Telecom Cyberattacks: The Right Way to Shield Your Business appeared first on Security Boulevard.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Expert insights. Personalized for you.
350 
Let's personalize your content