Schneier on Security

FEBRUARY 24, 2023

This is really interesting research from a few months ago: Abstract: Given the computational cost and technical expertise required to train machine learning models, users may delegate the task of learning to a service provider. Delegation of learning has clear benefits, and at the same time raises serious concerns of trust. This work studies possible abuses of power by untrusted learners.We show how a malicious learner can plant an undetectable backdoor into a classifier.

353

353

Krebs on Security

FEBRUARY 24, 2023

A security firm has discovered that a six-year-old crafty botnet known as Mylobot appears to be powering a residential proxy service called BHProxies , which offers paying customers the ability to route their web traffic anonymously through compromised computers. Here’s a closer look at Mylobot, and a deep dive into who may be responsible for operating the BHProxies service.

Accountability 305

Accountability Advertising Marketing Malware 305

Tech Republic Security

FEBRUARY 24, 2023

A new State of Enterprise DFIR survey covers findings related to automation, hiring, data and regulations and more. The post Digital forensics and incident response: The most common DFIR incidents appeared first on TechRepublic.

Cybersecurity 202

Cybersecurity 202

Security Boulevard

FEBRUARY 24, 2023

Google doesn’t want you to know what your Android apps do with your data. That seems to be the conclusion from a Mozilla study into the Play Store. The post ‘See No Evil’ — Mozilla SLAMS Google’s App Privacy Labels appeared first on Security Boulevard.

Social Engineering 145

Social Engineering Security Awareness Engineering Mobile 145

Speaker: Erroll Amacker

Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.

Risk

Tech Republic Security

FEBRUARY 24, 2023

Studies from Bitdefender and Arctic Wolf show that new tactics are using twists on concealment in social media and old vulnerabilities in third-party software. The post DLL sideloading and CVE attacks show diversity of threat landscape appeared first on TechRepublic.

Media 198

Media Software Network Security 198

Bleeping Computer

FEBRUARY 24, 2023

Brave Software, the developer of the privacy-focused web browser, has announced some plants for the upcoming version 1.49 that will block everyday browsing annoyances like "open in app" prompts and add better protections against pool-party attacks, [.

Software 144

Software 144

Bleeping Computer

FEBRUARY 24, 2023

American TV giant and satellite broadcast provider, Dish Network has mysteriously gone offline with its websites and apps ceasing to function over the past 24 hours. [.

140

140

Dark Reading

FEBRUARY 24, 2023

With the right kind of exploit, there's hardly any function, app, or bit of data an attacker couldn't access on your Mac, iPad, or iPhone.

136

136

Bleeping Computer

FEBRUARY 24, 2023

American TV giant and satellite broadcast provider, Dish Network has mysteriously gone offline with its websites and apps ceasing to function over the past 24 hours. [.

139

139

IT Security Guru

FEBRUARY 24, 2023

In many ways, considered the “new battleground for cybersecurity” in 2023, APIs can make – or break – a business in the coming year. The fact that they’re connectors, that they underpin and pull together the majority of digital services we use daily, makes them prime targets for hacks. The holy grail of a hacker is the ultimate low-risk, high-payout option.

Risk 130

Risk Telecommunications Healthcare Banking 130

Advertisement

Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.

Cyber threats

CSO Magazine

FEBRUARY 24, 2023

Microsoft is advising Exchange Server administrators to remove some of the endpoint antivirus exclusions that the company's own documentation recommended in the past. The rules are no longer needed for server stability and their presence could prevent the detection of backdoors deployed by attackers. "Times have changed, and so has the cybersecurity landscape," the Exchange Server team said in a blog post.

Antivirus 127

Antivirus Cybersecurity 127

We Live Security

FEBRUARY 24, 2023

ESET Research has compiled a timeline of cyberattacks that used wiper malware and have occurred since Russia’s invasion of Ukraine in 2022 The post A year of wiper attacks in Ukraine appeared first on WeLiveSecurity

Malware 127

Malware 127

Security Boulevard

FEBRUARY 24, 2023

The benefits of threat modeling are significant. Not only does it provide a systematic process for evaluating potential threats to an organization’s system, but it also creates a framework for informed decision-making, ensuring the best use of limited resources. Despite threat modeling existing as a proven way to mitigate risk, in 2021, we saw a. The post Debunking Three Common Threat Modeling Myths appeared first on Security Boulevard.

Risk 126

Risk Security Awareness Cybersecurity 126

SecureBlitz

FEBRUARY 24, 2023

In this post, I will show you 5 safety tips when connecting to Wi-Fi overseas. Today, due to the widespread availability of WI-FI, the majority of restaurants, hotels, and shopping centers, provide their clients with free access to public networks. Access to the internet nowadays is more crucial than ever, especially when traveling. However, fraudsters […] The post Traveling Abroad: 5 Safety Tips When Connecting To Wi-Fi Overseas appeared first on SecureBlitz Cybersecurity.

Internet 116

Internet Internet Cybersecurity Hacking 116

Advertisement

The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.

Cybersecurity

CSO Magazine

FEBRUARY 24, 2023

Content delivery network ( CDN ) service provider Edgio has added a new Distributed Denial of Service ( DDoS ) scrubbing ability along with improved Web Application and API Interface (WAAP) to its network security offering. Designed to reduce severe damages from sophisticated DDoS attacks, Edgio’s scrubbing solution impersonates the customer’s network by routing the customer’s IP traffic through its scrubbing point-of-presence (PoP) and only sending the “clean” traffic back to the customer’s inf

DDOS 115

DDOS Network Security 115

Dark Reading

FEBRUARY 24, 2023

Employees of the EU Commission are no longer allowed to use the TikTok app thanks to concerns over data security.

Cybersecurity 114

Cybersecurity 114

Security Boulevard

FEBRUARY 24, 2023

A report published this week by Okta suggested that organizations have significantly shifted allocation of budgets to ensure higher levels of security. Based on an anonymized analysis of how Okta customers allocated their cybersecurity budgets, the report found just under a quarter (22%) have deployed one or more zero-trust configurations. Chris Niggel, regional chief security.

Cybersecurity 111

Cybersecurity Network Security 111

Dark Reading

FEBRUARY 24, 2023

The cloud-native application protection platform market is expanding as security teams look to protect their applications and the software supply chain.

Software 111

Software Marketing 111

Speaker: Sierre Lindgren

Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.

Scams

CSO Magazine

FEBRUARY 24, 2023

While Zero Trust is a term that is often misunderstood as well as misused, it is an approach that has real value in helping to reduce systematic cyber risk and improve resiliency. Organizations of all sizes understand that they require a resilient cybersecurity strategy that can support and enable the business even during a crisis, but when it comes to Zero Trust, most organizations struggle to understand it and figure out the right place to start.

Cyber Risk 110

Cyber Risk Architecture Risk Cybersecurity 110

Dark Reading

FEBRUARY 24, 2023

The Cybersecurity and Infrastructure Security Agency advises US and European nations to prepare for possible website attacks marking the Feb. 24 invasion of Ukraine by Russia.

DDOS 109

DDOS Cybersecurity 109

Bleeping Computer

FEBRUARY 24, 2023

Mass media and publishing giant News Corporation (News Corp) says that attackers behind a breach disclosed in 2022 first gained access to its systems two years before, in February 2020. [.

Media 107

Media 107

Heimadal Security

FEBRUARY 24, 2023

Vulnerability and patch management are vital cogs in an organization’s cyber-hygiene plan. According to a recent Verizon cyber-safety report, more than 40% of all data breaches recorded in 2022 stem from unpatched (i.e. vulnerable) Internet-facing applications. Moreover, the rate of attack specifically targeting application coding bugs have increased by 15% over the past five years. […] The post KPI Examples for Patch and Vulnerability Management appeared first on Heimdal Security Blog.

Data breaches 105

Data breaches Internet Internet 105

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

The Hacker News

FEBRUARY 24, 2023

Google said it's working with ecosystem partners to harden the security of firmware that interacts with Android. While the Android operating system runs on what's called the application processor (AP), it's just one of the many processors of a system-on-chip (SoC) that cater to various tasks like cellular communications and multimedia processing.

Firmware 105

Firmware 105

Heimadal Security

FEBRUARY 24, 2023

An attacker’s access to the network is often traced back to a succession of events, which network defenders must unravel. This is done by asking specific questions such as: How did the attackers enter the network? How did they gain access to the network? What actions did they take once inside that allowed them to […] The post Access-as-a-Service: How to Keep Access Brokers Away from Your Organization appeared first on Heimdal Security Blog.

105

105

CSO Magazine

FEBRUARY 24, 2023

The term “shift left” is a reference to the Software Development Lifecycle (SDLC) that describes the phases of the process developers follow to create an application. Often, this lifecycle is depicted as a horizontal timeline with the conceptual and coding phases “starting” the cycle on the left side, so to move any process earlier in the cycle is to shift it left.

Software 104

Software 104

Dark Reading

FEBRUARY 24, 2023

A threat actor has leaked data — purportedly, samples of Telus employee payroll data and source code — on a hacker site.

103

103

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

CSO Magazine

FEBRUARY 24, 2023

The US Cybersecurity and Infrastructure Security Agency has issued an advisory urging organizations to increase cybersecurity vigilance today, the anniversary of Russia’s invasion of Ukraine, in the wake of a cyberattack against several Ukrainian government websites. "The United States and European nations may experience disruptive and defacement attacks against websites in an attempt to sow chaos and societal discord," the CISA advisory said.

Government 103

Government Cybersecurity 103

The Hacker News

FEBRUARY 24, 2023

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is urging organizations and individuals to increase their cyber vigilance, as Russia's military invasion of Ukraine officially enters one year.

Cybersecurity 103

Cybersecurity 103

We Live Security

FEBRUARY 24, 2023

With the conflict in Ukraine passing the one-year mark, have its cyber-war elements turned out as expected? The post One year on, how is the war playing out in cyberspace?

102

102

Bleeping Computer

FEBRUARY 24, 2023

The Amsterdam cybercrime police team has arrested three men for ransomware activity that generated €2.5 million from extorting small and large organizations in multiple countries. [.

Ransomware 102

Ransomware Cybercrime 102

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!