Lohrman on Security
DECEMBER 23, 2022
After a year full of data breaches, ransomware attacks and real-world cyber impacts stemming from Russia’s invasion of Ukraine, what’s next? Here’s part 1 of your annual roundup of security industry forecasts for 2023 and beyond.
Schneier on Security
DECEMBER 23, 2022
Two men have been convicted of hacking the taxi dispatch system at the JFK airport. This enabled them to reorder the taxis on the list; they charged taxi drivers $10 to cut the line.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
CyberSecurity Insiders
DECEMBER 23, 2022
According to a secret mission launched by South Korean Spy Agency ‘The National Intelligence Service (NIS)’ North Korea hackers have so far managed to siphon $1.2 billion worth digital currency with a large amount($686 million) stolen in the current year i.e. 2022. NIS anticipates that the year 2023 will witness more such attacks from Kim Jong Un, possibly of larger scale, as they need a large sum to quench their thirst for the eight nuclear tests.
Naked Security
DECEMBER 23, 2022
The crooks now know who you are, where you live, which computers are yours, where you go online. and they got those password vaults, too.
Speaker: Erroll Amacker
Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.
Bleeping Computer
DECEMBER 23, 2022
The Irish Data Protection Commission (DPC) has launched an inquiry following last month's news reports of a massive Twitter data leak. [.].
Quick Heal Antivirus
DECEMBER 23, 2022
“Humans are the weakest link in cybersecurity.” Data breaches worldwide prove this accurate, as human errors, lack of. The post Protect yourself from Vishing Attack!! appeared first on Quick Heal Blog | Latest computer security news, tips, and advice.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
|
The Hacker News
DECEMBER 23, 2022
The developers behind the Brave open-source web browser have revealed a new privacy-preserving data querying and retrieval system called FrodoPIR. The idea, the company said, is to use the technology to build out a wide range of use cases such as safe browsing, checking passwords against breached databases, certificate revocation checks, and streaming, among others.
Heimadal Security
DECEMBER 23, 2022
To compromise corporate networks, steal data, and pursue targets for ransomware attacks based on financial size, recent finds show the FIN7 hacking group is using an automated attack system that exploits Microsoft Exchange and SQL injection vulnerabilities. The attack system was discovered by Prodaft’s threat intelligence team, which at this point has been closely following […].
Security Affairs
DECEMBER 23, 2022
Online sports betting company BetMGM suffered a data breach and threat actors offered for sale a database containing the data of 1.5 million customers. On December 21, the online sports betting company BetMGM disclosed a data breach while threat actors offered for sale a database containing the information of 1,569,310 million BetMGM customers. “ We breached BetMGM’s casino database current as of Nov 2022.
Heimadal Security
DECEMBER 23, 2022
The DuckDuckGo apps and extensions are blocking Google Sign-in pop-ups, removing what it perceives as an annoyance and a privacy risk. DuckDuckGo offers a privacy-focused search engine, an email service, mobile apps, and data-protecting browser extensions. A standalone web browser is currently in beta and only available on macOS. Chrome, Firefox, Brave, and Microsoft Edge […].
Advertisement
Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.
Security Affairs
DECEMBER 23, 2022
ByteDance admitted that its employees accessed TikTok data to track journalists to identify the source of leaks to the media. TikTok parent company ByteDance revealed that several employees accessed the TikTok data of two journalists to investigate leaks of company information to the media. . According to an email from ByteDance’s general counsel Erich Andersen which was seen by the AFP news agency, the Chinese company was attempting to discover who shared company information with a Financ
Heimadal Security
DECEMBER 23, 2022
As businesses have become increasingly susceptible to cyberattacks, the use of CSaaS has become more important. In this article, we’ll outline what CSaaS is, and discuss some of the benefits it can offer businesses. We’ll also give you a few tips on how to choose the best provider for your needs. So whether you’re new […]. The post Cybersecurity-as-a-service (CSaaS) appeared first on Heimdal Security Blog.
Security Affairs
DECEMBER 23, 2022
The data breach suffered by LastPass in August 2022 may have been more severe than previously thought. In August password management software firm LastPass disclosed a security breach, threat actors had access to portions of the company development environment through a single compromised developer account and stole portions of source code and some proprietary technical information.
Heimadal Security
DECEMBER 23, 2022
Automated tools and a huge amount of information available on the dark web make password spraying attacks a rising threat, especially for organizations. Once an account is compromised, the cybercriminal can exfiltrate sensitive data from your company, engage in lateral movement or even blackmail you. And the consequences of such an incident can range from […].
Advertisement
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
Security Affairs
DECEMBER 23, 2022
An Iranian group hacked dozens of CCTV cameras in Israel in 2021 and maintained access for a long period of time. An Iranian group of hackers, known as Moses Staff, had seized control of dozens of Israeli CCTV cameras, the hack was known to the authorities that did nothing to stop it, reported The Times of Israel which had access to a preview of the full investigative report. “In a preview of a full investigative report set to be aired on Tuesday, the Kan public broadcaster said officials
Bleeping Computer
DECEMBER 23, 2022
Hackers are actively targeting a critical flaw in YITH WooCommerce Gift Cards Premium, a WordPress plugin used on over 50,000 websites. [.].
Heimadal Security
DECEMBER 23, 2022
BetMGM, a major player in the sports betting industry, recently reported a data breach in which the personal information of an unspecified number of customers was stolen by a threat actor. The data breach exposed information such as names, postal addresses, email addresses, phone numbers, dates of birth, hashed Social Security numbers, account identifiers (such […].
The Hacker News
DECEMBER 23, 2022
The Vice Society ransomware actors have switched to yet another custom ransomware payload in their recent attacks aimed at a variety of sectors. "This ransomware variant, dubbed 'PolyVice,' implements a robust encryption scheme, using NTRUEncrypt and ChaCha20-Poly1305 algorithms," SentinelOne researcher Antonio Cocomazzi said in an analysis.
Speaker: Sierre Lindgren
Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.
Heimadal Security
DECEMBER 23, 2022
Several critical security vulnerabilities have been found in Passwordstate password management solution. The flaws can be leveraged by a cybercriminal to steal a user’s plaintext passwords. Passwordstate, owned by the Australian company Click Studios, has over 29,000 clients, and more than 370,000 IT experts employ it. Details About the Vulnerabilities and How They Can Be […].
Dark Reading
DECEMBER 23, 2022
A complete bypass of the Kyverno security mechanism for container image imports allows cyberattackers to completely take over a Kubernetes pod to steal data and inject malware.
Heimadal Security
DECEMBER 23, 2022
Malicious actors succeeded in stealing customer vault data during LastPass` cloud storage breach. According to researchers, for this attack, they used data stolen during an incident that took place in August this year. Over 33 million people and 100,000 businesses around the globe use LastPass` password management software. After the company’s CEO, Karim Toubba, stated […].
The Hacker News
DECEMBER 23, 2022
A new targeted phishing campaign has zoomed in on a two-factor authentication solution called Kavach that's used by Indian government officials. Cybersecurity firm Securonix dubbed the activity STEPPY#KAVACH, attributing it to a threat actor known as SideCopy based on tactical overlaps with prior attacks. ".
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
Bleeping Computer
DECEMBER 23, 2022
A critical vulnerability in the Ghost CMS newsletter subscription system could allow external users to create newsletters or modify existing ones so that they contain malicious JavaScript. [.].
The Hacker News
DECEMBER 23, 2022
Tis the season for security and IT teams to send out that company-wide email: “No, our CEO does NOT want you to buy gift cards.” As much of the workforce signs off for the holidays, hackers are stepping up their game. We’ll no doubt see an increase in activity as hackers continue to unleash e-commerce scams and holiday-themed phishing attacks.
Dark Reading
DECEMBER 23, 2022
The follow-on attack from August's source-code breach could fuel future campaigns against LastPass customers.
Bleeping Computer
DECEMBER 23, 2022
Reports this week illustrate how threat actors consider Microsoft Exchange as a prime target for gaining initial access to corporate networks to steal data and deploy ransomware. [.].
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Dark Reading
DECEMBER 23, 2022
Securing videoconferencing solutions is just one of many IT security challenges small businesses are facing, often with limited financial and human resources.
Security Boulevard
DECEMBER 23, 2022
AppsMas: Onapsis Platform 2022 Highlights. ltabo. Fri, 12/23/2022 - 12:43. SAP is the world’s largest provider of enterprise application software. SAP customers generate 87% of total global commerce ($46 trillion) and 99 of the 100 largest companies in the world are SAP customers. . Looking at the SAP Corporate Fact Sheet , the following stats really jump out: SAP customers generate 87% of total global commerce ($46 trillion). 99 of the 100 largest companies in the world are SAP customers.
Dark Reading
DECEMBER 23, 2022
APIs are key to cloud transformation, but two Google surveys find that cyberattacks targeting them are reaching a tipping point, even as general cloud security issues abound.
Security Boulevard
DECEMBER 23, 2022
In what can only be described as one of the most bizarre events in the history of open source, we find that the massively popular open source libraries, colors.js , and faker.js were sabotaged by their very own maintainer, as I first reported on over the weekend. The post Best of 2022: npm Libraries ‘colors’ and ‘faker’ Sabotaged in Protest by Their Maintainer—What to do Now?
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Expert insights. Personalized for you.
333 
Let's personalize your content