Schneier on Security
JUNE 23, 2023
I get UPS phishing spam on my phone all the time. I never click on it, because it’s so obviously spam. Turns out that hackers have been harvesting actual UPS delivery data from a Canadian tracking tool for its phishing SMSs.
Tech Republic Security
JUNE 23, 2023
Read our interview from Dell Technologies World 2023 about cloud and edge workloads and Dell's NativeEdge product. The post Dell Technologies World 2023: Q&A on how Dell sees security at the edge appeared first on TechRepublic.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Security Boulevard
JUNE 23, 2023
Vulns unpatched for FOUR years: ‘Triangulation’ spyware said to use backdoor Apple gave to NSA. The post Apple Fixes 0-Days — Russia Says US Used for Spying appeared first on Security Boulevard.
Tech Republic Security
JUNE 23, 2023
The company’s CTO of its Prisma Cloud says that when the software development process meets continuous integration and development, security must be efficient and holistic. The post Palo Alto Networks CTO Talks Securing ‘Code to Cloud’ appeared first on TechRepublic.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Bleeping Computer
JUNE 23, 2023
Cybersecurity solutions company Fortinet has updated its zero-trust access solution FortiNAC to address a critical-severity vulnerability that attackers could leverage to execute code and commands. [.
Tech Republic Security
JUNE 23, 2023
Looking for the best VPNs for Chrome extension to enhance your online security and privacy? Dive into our list of top rated VPNs and find your best fit. The post 5 Best Chrome VPN Extensions for 2023 appeared first on TechRepublic.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Tech Republic Security
JUNE 23, 2023
Explore what matters in data protection today. Cyber resilience, recovery and streamlined software make the list. The post Dell Technologies World 2023: Interview with Rob Emsley on data protection, recovery and more appeared first on TechRepublic.
Bleeping Computer
JUNE 23, 2023
U.S. law enforcement today seized the clear web domain of the notorious BreachForums (aka Breached) hacking forum three months after apprehending its owner Conor Fitzpatrick (aka Pompompurin), under cybercrime charges. [.
Security Boulevard
JUNE 23, 2023
The U.S. State Department is offering a $10 million bounty for information related to the Cl0p ransomware gang, which is thought to be behind the MOVEit Transfer vulnerabilities. The post US Gov’t Puts $10M Bounty on CL0P as MOVEit Fallout Continues appeared first on Security Boulevard.
Bleeping Computer
JUNE 23, 2023
Today, CISA ordered federal agencies to patch recently patched security vulnerabilities exploited as zero-days to deploy Triangulation spyware on iPhones via iMessage zero-click exploits. [.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Security Boulevard
JUNE 23, 2023
CISA put federal civilian agencies on notice that they were expected to secure network devices within 14 days of discovering they had been exposed on the internet. The post CISA Pressures Federal Civilian Agencies to Secure Network Devices appeared first on Security Boulevard.
Dark Reading
JUNE 23, 2023
Unknown senders have been shipping smartwatches to service members, leading to questions regarding what kind of ulterior motive is at play, malware or otherwise.
Security Boulevard
JUNE 23, 2023
Attitudes around software engineering have evolved, posing a key paradigm shift for organizations regarding how they think about and manage software engineering functions. As cloud adoption continues to accelerate, software engineering is taking a front seat, commanding an even bigger role in business growth and success. This is especially prevalent today as organizations compete with.
Dark Reading
JUNE 23, 2023
Exploiting a flaw in how the app handles communication with external tenants gives threat actors an easy way to send malicious files from a trusted source to an organization's employees, but no patch is imminent.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Security Boulevard
JUNE 23, 2023
Insight #1 "AI is not going to solve the 20-plus-year-old problem of Application Security, but it will do one of two things…add to the noise of SAST or kill off SAST completely allowing businesses to move on to bigger and better runtime analysis of their applications. I vote for the latter." Insight #2 "The cyber security talent shortage is not just about hiring new people into the field, that’s easy.
Bleeping Computer
JUNE 23, 2023
PBI Research Services (PBI) has suffered a data breach with three clients disclosing that the data for 4.75 million people was stolen in the recent MOVEit Transfer data-theft attacks. [.
Security Boulevard
JUNE 23, 2023
The Purple Book Community S3M2 is a framework designed to help organizations assess and improve their software security practices. The post The Journey to a Scalable Software Maturity Model appeared first on Security Boulevard.
Graham Cluley
JUNE 23, 2023
The NSA has publsihed a guide about how to mitigate against attacks involving the BlackLotus bootkit malware, amid fears that system administrators may not be adequately protecting against the threat. Read more in my article on the Tripwire State of Security blog.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Security Boulevard
JUNE 23, 2023
IRONSCALES this week made available in beta a tool that leverages OpenAI’s generative pre-trained transformer (GPT) technology to make it simpler for end users to identify suspicious emails. IRONSCALES CEO Eyal Benishti said Themis Co-pilot for Microsoft Outlook is based on PhishLLM, a large language model (LLM) that the company hosts on behalf of customers.
The Hacker News
JUNE 23, 2023
The U.S. National Security Agency (NSA) on Thursday released guidance to help organizations detect and prevent infections of a Unified Extensible Firmware Interface (UEFI) bootkit called BlackLotus. To that end, the agency is recommending that "infrastructure owners take action by hardening user executable policies and monitoring the integrity of the boot partition.
Dark Reading
JUNE 23, 2023
It's unclear why the NSA issued in-depth mitigation guidance for the software boot threat now, but orgs should take steps to harden their environments.
The Hacker News
JUNE 23, 2023
A new strain of JavaScript dropper has been observed delivering next-stage payloads like Bumblebee and IcedID. Cybersecurity firm Deep Instinct is tracking the malware as PindOS, which contains the name in its "User-Agent" string. Both Bumblebee and IcedID serve as loaders, acting as a vector for other malware on compromised hosts, including ransomware.
Advertisement
The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.
eSecurity Planet
JUNE 23, 2023
All organizations should perform penetration tests, yet many worry about not receiving the full value of their investment. Organizations have two choices: perform penetration tests with their internal teams, or hire an external vendor and find ways to lower costs. Either case presents challenges, but to maximize the value of a penetration test, the organization must balance cost savings with quality.
Security Affairs
JUNE 23, 2023
Fortinet addressed a critical remote command execution vulnerability, tracked as CVE-2023-33299, affecting FortiNAC solution. FortiNAC is a network access control (NAC) solution designed by Fortinet that is used by organizations to secure and control access to networks by enforcing security policies, monitoring devices, and managing their access privileges.
eSecurity Planet
JUNE 23, 2023
Patch management is the continuous process of releasing and deploying software updates, most commonly done to solve security and functionality issues. But to do patch management right, you need a detailed, repeatable process. Establishing an efficient patch management process is critical for keeping your systems secure and stable. Patches address vulnerabilities that could be exploited by hackers; bug fixes that correct faults or defects in the software, and feature upgrades that offer enhanceme
Dark Reading
JUNE 23, 2023
For line-of-business execs, the fear of grinding mission-critical systems to a halt overrides the fear of ransomware. How can CISOs overcome this?
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
CyberSecurity Insiders
JUNE 23, 2023
A student of Whitworth University has brought a class action against the university for not keeping student and staff data safe from a ransomware attack that occurred in 2022. The legal case was slapped against the institute for causing unnecessary anxiety over the loss of privacy and about potential abuse of the data. Patrick Loyola is the student who filed the suit as the University failed to protect the data storage servers that stored highly sensitive information about former and present stu
Security Affairs
JUNE 23, 2023
U.S. Cybersecurity and Infrastructure Security Agency (CISA) added six new vulnerabilities to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added six new security flaws to its Known Exploited Vulnerabilities Catalog. Below is the list of the issues added to the catalog: CVE-2023-32434 : Apple Multiple Products Integer Overflow Vulnerability – Apple iOS. iPadOS, macOS, and watchOS contain an integer overflow vulnerability tha
Naked Security
JUNE 23, 2023
Don’t treat rebooting your phone once a day as a cybersecurity talisman… here are 8 additional tips for better mobile phone security.
The Hacker News
JUNE 23, 2023
A threat actor known as Muddled Libra is targeting the business process outsourcing (BPO) industry with persistent attacks that leverage advanced social engineering ploys to gain initial access.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Expert insights. Personalized for you.
206 
Let's personalize your content