Troy Hunt
FEBRUARY 10, 2023
Did I really need to get a connected BBQ? No more than I needed to connect most of the other things in the house which is to say "a bit useful but not entirely necessary" But it's a fascinating process when looked at through the lens of how accessible the technology is to your average person given it's embedded in a consumer-orientated product.
Tech Republic Security
FEBRUARY 10, 2023
A new Linux version of Royal ransomware is targeting VMware ESXi virtual machines. Learn more about this security threat and how to protect from it. The post Royal ransomware spreads to Linux and VMware ESXi appeared first on TechRepublic.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Schneier on Security
FEBRUARY 10, 2023
Tuesday was the official publication date of A Hacker’s Mind: How the Powerful Bend Society’s Rules, and How to Bend them Back. It broke into the 2000s on the Amazon best-seller list. Reviews in the New York Times , Cory Doctorow’s blog , Science , and the Associated Press. I wrote essays related to the book for CNN and John Scalzi’s blog.
Tech Republic Security
FEBRUARY 10, 2023
As cybersecurity threats increase in complexity and volume, the Department of Defense is turning to new technologies for help. The post New virtual data fabric to support DoD cyber testing appeared first on TechRepublic.
Speaker: Erroll Amacker
Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.
InfoWorld on Security
FEBRUARY 10, 2023
Repatriation seems to be a hot topic these days as some applications and data sets return to where they came from. I’ve even been tagged in some circles as an advocate for repatriation, mostly because of this recent post. Once again I will restate my position: The overall goal is to find the most optimized architecture to support your business. Sometimes it’s on a public cloud, and sometimes it’s not.
Tech Republic Security
FEBRUARY 10, 2023
The 2023 Benchmark survey of security pros worldwide found that companies are taking action on customer privacy, but transparency is key. The post Cisco: Companies are spending on privacy protection, but do customers know it? appeared first on TechRepublic.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
|
Tech Republic Security
FEBRUARY 10, 2023
The How to Hack from Beginner to Ethical Hacking Certification will teach you how to protect your systems and earn the trust of top clients. The post This beginner-friendly ethical hacker training is 97% off appeared first on TechRepublic.
Security Boulevard
FEBRUARY 10, 2023
Reddit got hacked with a “sophisticated” spear phishing attack. The individual victim was an employee who clicked the wrong email link. The post Reddit Hacked — 2FA is no Phishing Phix appeared first on Security Boulevard.
SecureList
FEBRUARY 10, 2023
Penetration testing is something that many (of those who know what a pentest is) see as a search for weak spots and well-known vulnerabilities in clients’ infrastructure, and a bunch of copied-and-pasted recommendations on how to deal with the security holes thus discovered. In truth, it is not so simple, especially if you want a reliable test and useful results.
Heimadal Security
FEBRUARY 10, 2023
Are you on the lookout for threat-hunting tools? If so, you’ve come to the right place. Compared to network security systems that include appliances such as firewalls that monitor traffic as it flows through a scenario, threat hunting is a different approach to dealing with cyber-attacks. While traditional defense methods generally investigate threats after they […] The post 10 Free & Open Source Threat-Hunting Tools for 2023 appeared first on Heimdal Security Blog.
Advertisement
Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.
eSecurity Planet
FEBRUARY 10, 2023
The LookingGlass scoutPrime threat intelligence platform (TIP) integrates enterprise-grade external security threat information with information on internal architecture and security information to create actionable, prioritized risk scores for threats. The TIP provides security professionals with accelerated analysis of how threats might impact the organization and how to counter those threats.
Heimadal Security
FEBRUARY 10, 2023
In today’s digital world, it is more important than ever to be able to identify and assess any potential threats to your business. That’s why User and Entity Behavior Analytics (UEBA) is becoming such an invaluable asset for businesses of all sizes. In this article, we will introduce you to UEBA and how it can […] The post UEBA 101: An Introduction to User and Entity Behavior Analytics appeared first on Heimdal Security Blog.
SecureWorld News
FEBRUARY 10, 2023
As the world becomes increasingly digitized, our personal privacy and even physical safety are under threat from a variety of sources. One technology that has raised particular concerns is personal Bluetooth Low Energy (BLE) trackers. On one hand, these tiny devices can be incredibly useful for locating lost items like keys, purses, or even pets. On the other hand, they can be exploited by stalkers, thieves, and other criminals to carry out their illegal activities with little to no risk of gett
The Hacker News
FEBRUARY 10, 2023
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added three flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active abuse in the wild. Included among the three is CVE-2022-24990, a bug affecting TerraMaster network-attached storage (TNAS) devices that could lead to unauthenticated remote code execution with the highest privileges.
Advertisement
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
Anton on Security
FEBRUARY 10, 2023
Great blog posts are sometimes hard to find (especially on Medium ), so I decided to do a periodic list blog with my favorite posts of the past quarter or so. Here is the next one. The posts below are ranked by lifetime views. This covers both Anton on Security and my posts from Google Cloud blog , and our Cloud Security Podcast too ( subscribe ). Top 5 most popular posts of all times (these ended up being the same as last quarter) : “Security Correlation Then and Now: A Sad Truth About SIEM” “C
Security Affairs
FEBRUARY 10, 2023
A ransomware attack hit the City of Oakland this week, forcing it to take all systems offline in response to the incident. The City of Oakland disclosed a ransomware attack, the security breach began on Wednesday night. In an abundance of caution, the City of Oakland has taken impacted systems offline, while they work to secure the impacted infrastructure. “The City of Oakland has learned that it was recently subject to a ransomware attack that began on Wednesday night.
Graham Cluley
FEBRUARY 10, 2023
A Dallas state agency has admitted to paying $170,000 to hackers after it suffered an attack from the Royal ransomware group. Read more in my article on the Hot for Security blog.
WIRED Threat Level
FEBRUARY 10, 2023
A review of the FBI’s access to foreign intelligence reveals troubling misuse of powerful surveillance tech.
Speaker: Sierre Lindgren
Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.
Malwarebytes
FEBRUARY 10, 2023
Facebook users need to be on their guard for bogus emails claiming to be from Facebook , that tell users their account has been disabled. The emails make use of the classic “apply some pressure” tactics so beloved of scammers everywhere. A missive that makes you shrug won’t get you clicking bogus links, but mails that say you've done something wrong, violated a rule, or at imminent risk of financial peril, are more likely to work.
Bleeping Computer
FEBRUARY 10, 2023
Microsoft says apps using DirectX are crashing on Windows systems with outdated Intel drivers after installing November 2022 cumulative updates. [.
Malwarebytes
FEBRUARY 10, 2023
On Thursday, February 9, 2023, Reddit reported that it had experienced a security incident as a result of an employee being phished. What happened? According to Reddit, it "became aware of a sophisticated phishing campaign" late on February 5, 2023, that attempted to steal credentials and two-factor authentication tokens. One of its employees fell for the phish, and then self-reported, alerting Reddit to what had happened.
Security Affairs
FEBRUARY 10, 2023
The TA886 hacking group targets organizations in the United States and Germany with new spyware tracked as Screenshotter. A recently discovered threat actor, tracked as TA886 by security firm Proofpoint, is targeting organizations in the United States and Germany with new malware dubbed Screenshotter. The experts first spotted the attacks attributed to this threat actor in October 2022, they believe that the group is financially motivated.
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
Security Boulevard
FEBRUARY 10, 2023
SafeBreach coverage for US-CERT Alert (AA22-335A) - Cuba Ransomware The post SafeBreach Coverage for US-CERT Alert (AA23-040A) – DPRK Malicious Cyber Activities appeared first on SafeBreach. The post SafeBreach Coverage for US-CERT Alert (AA23-040A) – DPRK Malicious Cyber Activities appeared first on Security Boulevard.
Security Affairs
FEBRUARY 10, 2023
North Korea-linked APT groups conduct ransomware attacks against healthcare and critical infrastructure facilities to fund its activities. Ransomware attacks on critical infrastructure conducted by North Korea-linked hacker groups are used by the government of Pyongyang to fund its malicious cyber operations, U.S. and South Korean agencies warn. US CISA published a Cybersecurity Advisory (CSA) to provide information about the threat actors to network defenders.
Bleeping Computer
FEBRUARY 10, 2023
Microsoft announced that it will retire Microsoft Support Diagnostic Tool (MSDT) troubleshooters in future versions of Windows, with MSDT ultimately being removed in 2025. [.
Heimadal Security
FEBRUARY 10, 2023
Popular website Reddit suffered a cyberattack Sunday evening, which allowed hackers to access internal business systems and to steal internal documents and source code. According to statements from the company, the threat actors used a phishing lure targeting Reddit employees with a landing page impersonating its internal site. The fake site attempted to steal the […] The post Reddit Breached: Threat Actors Steal Source Code and Internal Data appeared first on Heimdal Security Blog.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Security Affairs
FEBRUARY 10, 2023
Social news aggregation platform Reddit suffered a security breach, attackers gained unauthorized access to internal documents, code, and some business systems. Reddit announced it was hit by a sophisticated and highly-targeted attack that took place on February 5, 2023. A highly-targeted phishing attack hit the employees of the company. The company pointed out that Reddit user passwords and accounts were not compromised.
Heimadal Security
FEBRUARY 10, 2023
Indigo Books & Music, the largest bookstore chain in Canada, experienced a cyber attack, leading the company to temporarily shut down its website and only allow cash payments. The details of the incident have yet to be determined, but Indigo is not excluding the possibility of customer data being compromised by the hackers. On Wednesday, […] The post Canadian Bookstore Indigo Hit By Cyberattack appeared first on Heimdal Security Blog.
Security Boulevard
FEBRUARY 10, 2023
In almost any type of warfare, reconnaissance is a much-needed first step. This certainly holds true for cyberwarfare. The steps are frequently portrayed as progressing from left to right. Two examples that describe the tactics attackers employ in a campaign are the MITRE ATT&CK framework and the Lockheed Martin Kill Chain. Pre-attack tactics like reconnaissance, The post The Dark Detectives: How to Defeat Reconnaissance-as-a-Service appeared first on Security Boulevard.
The Hacker News
FEBRUARY 10, 2023
Four different rogue packages in the Python Package Index (PyPI) have been found to carry out a number of malicious actions, including dropping malware, deleting the netstat utility, and manipulating the SSH authorized_keys file. The packages in question are aptx, bingchilling2, httops, and tkint3rs, all of which were collectively downloaded about 450 times before they were taken down.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Expert insights. Personalized for you.
268 
Let's personalize your content