Schneier on Security

NOVEMBER 18, 2022

Kirkus reviews A Hacker’s Mind : A cybersecurity expert examines how the powerful game whatever system is put before them, leaving it to others to cover the cost. Schneier, a professor at Harvard Kennedy School and author of such books as Data and Goliath and Click Here To Kill Everybody , regularly challenges his students to write down the first 100 digits of pi, a nearly impossible task­—but not if they cheat, concerning which he admonishes, “Don’t get caught.” No

Hacking 157

Hacking Technology Cybersecurity 157

We Live Security

NOVEMBER 18, 2022

Both Tor and a VPN can greatly help you keep prying eyes away from your online life, but they’re also two very different beasts. Which is better for you? The post Tor vs. VPN: Which should you choose? appeared first on WeLiveSecurity.

VPN 145

VPN 145

CyberSecurity Insiders

NOVEMBER 18, 2022

Kaspersky, a security firm having roots in Russia, has released a prediction filled report stating email servers and satellites becoming key cyber attack targets in the year 2023. The threat will come majorly from APTs and the forecast was made after tracking and analyzing over 900 APTs on a global note. Strangely, the Eugene Kaspersky led the firm revealed something astonishing in its report.

Cyber Attacks 136

Cyber Attacks Hacking Internet Internet 136

eSecurity Planet

NOVEMBER 18, 2022

John Jay Ray III is one of the world’s top bankruptcy lawyers. He has worked on cases like Enron and Nortel. But his latest gig appears to be the most challenging. On November 11, he took the helm at FTX, a massive crypto platform, which has plunged into insolvency. His Chapter 11 filing reads more like a Netflix script. In it, he notes : “Never in my career have I seen such a complete failure of corporate controls and such a complete absence of trustworthy financial information as occurred here

Risk 135

Risk Cybersecurity Cryptocurrency Social Engineering 135

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Security Boulevard

NOVEMBER 18, 2022

Facebook parent Meta has disciplined or fired at least 25 workers for allegedly hacking into user accounts. The post Oops! Meta Security Guards Hacked Facebook Users appeared first on Security Boulevard.

Hacking 127

Hacking Accountability Social Engineering CISO 127

Bleeping Computer

NOVEMBER 18, 2022

Proof-of-concept exploit code has been released online for two actively exploited and high-severity vulnerabilities in Microsoft Exchange, collectively known as ProxyNotShell. [.].

119

119

CSO Magazine

NOVEMBER 18, 2022

The Indian federal government on Friday published a new draft of data privacy laws that would allow personal data transfer to other nations under certain conditions, and impose fines for breaches of data-transfer and data-collection regulations. The proposed legislation has been in the works for about four years. Up until now, the Reserve Bank of India has enacted regulations that make businesses keep transaction data within the country.

Data collection 117

Data collection Data privacy Banking Government 117

Security Boulevard

NOVEMBER 18, 2022

There is an ongoing cybersecurity battle to keep pace with the persistent evolution of more sophisticated malware and relentless malicious actors. As quickly as preventive measures are deployed, cybercriminals find new vulnerabilities and stealthy workarounds. The need for more comprehensive protections has spawned a modern approach to cyberdefense in the form of endpoint detection and.

Cybersecurity 120

Cybersecurity Malware 120

CSO Magazine

NOVEMBER 18, 2022

Forty-seven percent of consumers have stopped doing business with a company after losing trust in that company’s digital security, according to new research from certificate authority and cybersecurity vendor DigiCert. The findings, which have been compiled in the company’s 2022 State of Digital Trust Survey , also revealed that 84% of customers would consider switching if they were to lose trust in a company, with 57% saying switching would be likely.

Cybersecurity 111

Cybersecurity 111

Security Boulevard

NOVEMBER 18, 2022

CRQ (Cyber Risk Quantification) is the latest acronym doing the rounds in the cyber security industry. Many security professionals regularly use this acronym but few actually understand what CRQ is and even fewer know how to implement it. In this blog, I will attempt to demystify the concept of CRQ, express why a robust CRQ …. Read More. The post Cyber Risk Quantification – The What, The Why and The How!

Cyber Risk 113

Cyber Risk Risk Network Security 113

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

The Hacker News

NOVEMBER 18, 2022

A developing threat activity cluster has been found using Google Ads in one of its campaigns to distribute various post-compromise payloads, including the recently discovered Royal ransomware. Microsoft, which spotted the updated malware delivery method in late October 2022, is tracking the group under the name DEV-0569.

Ransomware 108

Ransomware Malware 108

Security Boulevard

NOVEMBER 18, 2022

Palo Alto Networks this week delivered a Nova update to the PAN-OS operating system it embeds across its cybersecurity portfolio. The update added capabilities to thwart evasive malware and zero-day injection attacks. Jesse Ralson, senior vice president of cloud-delivered security services for Palo Alto Networks, said PAN-OS 11.0 Nova makes it possible to deliver an.

Cybersecurity 109

Cybersecurity Malware Network Security 109

CyberSecurity Insiders

NOVEMBER 18, 2022

The first one is a report released by the FBI stating the earning details of Hive Ransomware Group. FBI issued a joint advisory along with CISA that the said hacking group extorted more than $100m in this financial year by infecting over 1300 victims in 15 months starting from June’21.Victims list include government organizations, communication sector companies, IT businesses and businesses involved in healthcare sector.

Ransomware 104

Ransomware Healthcare Government Malware 104

Security Boulevard

NOVEMBER 18, 2022

On one of our Techstrong email lists, Mike Vizard, our chief content officer made the comment that security spending is recession-proof, and he had some data from Red Hat’s Global Tech Outlook (reg required) to back up the assertion. Not surprisingly, security remains the top funding priority with network and cloud security leading in buyer. The post Should Security Budgets be Recession-Proof?

CISO 104

CISO Cybersecurity 104

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Dark Reading

NOVEMBER 18, 2022

With the proliferation of interconnected third-party applications, new strategies are needed to close the security gap.

128

128

Security Boulevard

NOVEMBER 18, 2022

The GitGuardian Internal Monitoring platform will now include Infrastructure as Code (IaC) scanning to help organizations protect their infrastructure at the source. The post Introducing Infrastructure as Code Security appeared first on Security Boulevard.

104

104

The Hacker News

NOVEMBER 18, 2022

A notorious advanced persistent threat actor known as Mustang Panda has been linked to a spate of spear-phishing attacks targeting government, education, and research sectors across the world.

Government 103

Government Education Phishing Cybersecurity 103

Bleeping Computer

NOVEMBER 18, 2022

State-backed Chinese hackers launched a spearphishing campaign to deliver custom malware stored in Google Drive to government, research, and academic organizations worldwide. [.].

Malware 100

Malware Government 100

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Security Boulevard

NOVEMBER 18, 2022

Over 60% of the world’s population relies on technology to navigate their daily lives — that’s over 5 billion people ! Unfortunately, with such a large audience online, bad actors have turned to technology to deploy scams and make a profit. Scammers use an array of channels to target people with p. The post Lookout Study Identifies an Ongoing Consumer Scam Surge | Lookout appeared first on Security Boulevard.

Scams 98

Scams Technology 98

The Hacker News

NOVEMBER 18, 2022

Meta Platforms is said to have fired or disciplined over two dozen employees and contractors over the past year for allegedly compromising and taking over user accounts, The Wall Street Journal reported Thursday. Some of these cases involved bribery, the publication said, citing sources and documents.

Accountability 98

Accountability Media 98

Security Boulevard

NOVEMBER 18, 2022

Despite calls to re-shore and streamline supply chains during the great availability disruptions caused by the COVID-19 pandemic, enterprises are still increasing their reliance on third parties. They’re doing so to optimize productivity or, at the very least, remain competitive. While third-party suppliers often provide cost-effectiveness, speed and help increase business agility, they also increase.

Risk 98

Risk CISO Security Awareness Government 98

Digital Guardian

NOVEMBER 18, 2022

Inadequate cybersecurity efforts, questionable data privacy practices, and ransomware made the top headlines this past week. Catch up on the latest stories in this week's Friday Five!

Data privacy 98

Data privacy Ransomware Cybersecurity 98

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

Security Boulevard

NOVEMBER 18, 2022

Middletown, Delaware, USA, November 18, 2022: EasyDMARC, a vendor of the all-in-one email security and deliverability platform, announced in August it had successfully closed the seed funding round of $2.3 million, led by Acrobator Ventures, Formula VC, and a US-based public security company. This third company is Knowbe4 Ventures, which was a co-investor in the […].

98

98

Heimadal Security

NOVEMBER 18, 2022

Malicious Python packages have been used in an ongoing supply chain attack to spread the W4SP Stealer virus, which has so far infected over a hundred people. Checkmarx researcher Jossef Harush declared in a technical write-up that the threat actor is still active and releasing more malicious packages. The attacker claims that the tools are […].

Cybersecurity 97

Cybersecurity 97

Security Boulevard

NOVEMBER 18, 2022

Log4Shell used to mine crypto on U.S. federal computer system, private exchanges of some of Moldova's politicians released in hack, cyber taskforce to ‘hack the hackers’ behind the Medibank breach. The post Cybersecurity News Round-Up: Week of November 14, 2022 appeared first on Security Boulevard.

Cybersecurity 98

Cybersecurity Hacking 98

Dark Reading

NOVEMBER 18, 2022

Although the group relies on good old phishing to deliver Royal ransomware, researchers say DEV-0569 regularly uses new and creative discovery techniques to lure victims.

Ransomware 98

Ransomware Phishing 98

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Security Affairs

NOVEMBER 18, 2022

Atlassian addressed this week two critical vulnerabilities impacting its Crowd and Bitbucket products. Atlassian announced the release of security updates to address critical-severity vulnerabilities in its identity management platform, Crowd Server and Data Center , and in the Bitbucket Server and Data Center , a self-managed solution that provides source code collaboration for professional teams.

Authentication 99

Authentication Passwords Hacking Information Security 99

Dark Reading

NOVEMBER 18, 2022

Your journey to zero trust can be perilous if you are using legacy equipment that wasn’t designed for it. Begin the transformation where it makes the most sense for your organization.

96

96

The Hacker News

NOVEMBER 18, 2022

Threat hunting is the process of looking for malicious activity and its artifacts in a computer system or network. Threat hunting is carried out intermittently in an environment regardless of whether or not threats have been discovered by automated security solutions.

95

95

Heimadal Security

NOVEMBER 18, 2022

Copenhagen, November 18, 2022 — Heimdal® announced today that Heimdal® Threat Prevention has been recently recognized as a Top Cybersecurity Software in Software Advice’s latest FrontRunners report. This report evaluates verified end-user reviews, positioning the top-scoring products based on their usability and customer satisfaction ratings for small businesses.

Software 91

Software Small Business Cybersecurity 91

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.