Krebs on Security
FEBRUARY 7, 2023
KrebsOnSecurity will likely have a decent amount of screen time in an upcoming Hulu documentary series about the 2015 megabreach at marital infidelity site Ashley Madison. While I can’t predict what the producers will do with the video interviews we shot, it’s fair to say the series will explore compelling new clues as to who may have been responsible for the attack.
Schneier on Security
FEBRUARY 7, 2023
Criminals using Google search ads to deliver malware isn’t new, but Ars Technica declared that the problem has become much worse recently. The surge is coming from numerous malware families, including AuroraStealer, IcedID, Meta Stealer, RedLine Stealer, Vidar, Formbook, and XLoader. In the past, these families typically relied on phishing and malicious spam that attached Microsoft Word documents with booby-trapped macros.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
The Last Watchdog
FEBRUARY 7, 2023
Throughout 2022, we saw hackers become far more sophisticated with their email-based cyber attacks. Using legitimate services and compromised corporate email addresses became a norm and is likely to continue in 2023 and beyond. Related: Deploying human sensors Additionally, with tools like ChatGPT, almost anyone can create new malware and become a threat actor.
Tech Republic Security
FEBRUARY 7, 2023
These ransomware infections on VMware ESXi software are due to a vulnerability that has existed since 2021. Find out the most targeted countries and how to secure your organization. The post Massive ransomware operation targets VMware ESXi: How to protect from this security threat appeared first on TechRepublic.
Speaker: Erroll Amacker
Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.
SecureList
FEBRUARY 7, 2023
There is a vast number of trackers , which gather information about users’ activities online. For all intents and purposes, we have grown accustomed to online service providers, marketing agencies, and analytical companies tracking our every mouse click, our social posts, browser and streaming services history. The collected data can be used for improving their user interfaces or the overall user experience, or to personalize ads.
Tech Republic Security
FEBRUARY 7, 2023
With more companies investing in Web 3.0 this year, including blockchain, gaming and the metaverse, the cat and mouse game will continue, but with more dimensions. The post Metaverse adds new dimensions to Web 3.0 cybersecurity appeared first on TechRepublic.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
|
We Live Security
FEBRUARY 7, 2023
No internet, perfect security? Two ESET researchers perform a thought experiment where they consider the implications of being plunged into digital darkness.
Dark Reading
FEBRUARY 7, 2023
Lazarus Group used a known Zimbra bug to steal data from medical and energy researchers.
Trend Micro
FEBRUARY 7, 2023
In 2022, we discovered Earth Zhulong, a hacking group that has been targeting Asian firms similar to another well-known threat actor. In this article, we unravel their new tactics, techniques and procedures that they apply on their misdeeds.
Bleeping Computer
FEBRUARY 7, 2023
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has released a script to recover VMware ESXi servers encrypted by the recent widespread ESXiArgs ransomware attacks. [.
Advertisement
Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.
Heimadal Security
FEBRUARY 7, 2023
Pix is an instant payment platform developed and managed by the Central Bank of Brazil (BCB), which enables quick payment and transfer execution, with over 100 million registered accounts worldwide. A new strain of mobile malware targeting Brazil and other LATAM nations has just been discovered. The malware is designed to steal sensitive data and […] The post PixPirate Malware Is Actively Stealing Banking Passwords appeared first on Heimdal Security Blog.
SecureBlitz
FEBRUARY 7, 2023
Learn why your small business need online scheduling in this post. If you’re a small business owner, you know that time is money. The less time you spend on administrative tasks, the more time you can spend developing your product or service, marketing your business, and growing your customer base. One way to free up […] The post Why Does Your Small Business Need Online Scheduling?
WIRED Threat Level
FEBRUARY 7, 2023
Biden’s speech proves that protecting personal info is no longer a fringe issue. Now, Congress just needs to do something about it.
PCI perspectives
FEBRUARY 7, 2023
Welcome to our podcast series, Coffee with the Council. I'm Alicia Malone, Senior Manager of Public Relations for the PCI Security Standards Council. Today, we'll reflect on the accomplishments of 2022 and look ahead to what 2023 will bring at the PCI Security Standards Council. My guest for this episode is Lance Johnson, Executive Director at PCI SSC.
Advertisement
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
Dark Reading
FEBRUARY 7, 2023
The global assault on vulnerable VMware hypervisors may have been mitigated by updating to the latest version of the product, but patch management is only part of the story.
Naked Security
FEBRUARY 7, 2023
7 memory mismanagements and a timing attack. We explain all the jargon bug terminology in plain English.
Malwarebytes
FEBRUARY 7, 2023
Stalkerware is a huge problem when it comes to intrusion into people’s personal lives. “Friends”, strangers, family members, abusive spouses and many more can potentially dabble in this malignant pastime and cause all manner of trouble for their target. Thanks to the New York Attorney General’s office, some folks will shortly be made aware of a little extra something lurking on their devices , after it landed a developer with a $410,000 fine and a requirement to notify pe
Identity IQ
FEBRUARY 7, 2023
What is Phishing? IdentityIQ Cybercriminals are incredibly adaptable. They learn new security measures quickly and find new ways to steal sensitive information. One of the most common techniques used to exploit web users is the phishing scam. This article will cover what phishing is, cybercriminals’ different approaches, and how to prevent yourself from becoming a victim.
Speaker: Sierre Lindgren
Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.
Security Affairs
FEBRUARY 7, 2023
The maintainers of OpenSSH address multiple security issues, including a memory safety bug in the OpenSSH server (sshd). The maintainers of OpenSSH have addressed a number of security vulnerabilities with the release of version 9.2. One of the issues addressed by the maintainers is a memory safety bug in the OpenSSH server (sshd) tracked as CVE-2023-25136.
Malwarebytes
FEBRUARY 7, 2023
After eavesdropping on yet another encrypted messaging service for five months, law enforcement agencies decided to shut down the service that was popular among members of organized crime groups. The service called Exclu claims to use the “most secure encryption protocols”, as well as end-to-end encryption to ensure that only the sender and the person they’re communicating with can read what’s sent, not even Exclu itself.
Security Affairs
FEBRUARY 7, 2023
The popular collective Anonymous has leaked 128 GB of data allegedly stolen from the Russian Internet Service Provider Convex. The collective Anonymous released last week 128 gigabytes of documents that were allegedly stolen from the Russian Internet Service Provider Convex. The huge trove of data was leased by an affiliate of Anonymous’s affiliate group called Caxxii.
Identity IQ
FEBRUARY 7, 2023
7 Tips to Follow for Safer Internet Day IdentityIQ The 20 th annual Safer Internet Day is taking place on Feb. 7! Safer Internet Day is a campaign that aims to educate the public on internet safety and encourage everyone to take part in creating a safer internet. Why is Safer Internet Day Important? Online safety is a global issue, with 60% of the word population using the internet.
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
Security Affairs
FEBRUARY 7, 2023
A new Linux variant of the Clop ransomware has been observed in the wild, the good news is that its encryption algorithm is flawed. SentinelLabs researchers have observed the first Linux variant of the Clop ransomware. The researchers noticed that the encryption algorithm implemented in the ELF executable is flawed and can allow victims to decrypt locked files without paying a ransom.
SecureWorld News
FEBRUARY 7, 2023
VMware has recently issued a warning to its customers to install the latest security updates and disable the OpenSLP service on their ESXi servers. This warning comes after a large-scale campaign of ransomware attacks targeted internet-exposed and vulnerable ESXi servers. According to VMware , the attackers are not exploiting a Zero-Day vulnerability, and this service is disabled by default in ESXi software releases that were issued after 2021.
Security Affairs
FEBRUARY 7, 2023
VMware said there is no evidence that threat actors are exploiting a zero-day flaw in its software as part of an ongoing ESXiArgs ransomware campaign. VMware said that it found no evidence that the threat actors behind the ongoing ESXiArgs ransomware attacks are leveraging a zero-day vulnerability in VMware ESXi servers. “VMware has not found evidence that suggests an unknown vulnerability (0-day) is being used to propagate the ransomware used in these recent attacks.” reads the late
Heimadal Security
FEBRUARY 7, 2023
The „Holy Souls” or NEPTUNIUM threat group is considered responsible for the recent attack on the satirical French magazine Charlie Hebdo. The group is known to be backed up by the Iranian state and was previously sanctioned by the U.S. government. Due to a successful data breaching attack, hackers claim they are now in possession […] The post Iranian Threat Group Behind Charlie Hebdo Data Breach appeared first on Heimdal Security Blog.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
The Hacker News
FEBRUARY 7, 2023
The first-ever Linux variant of the Clop ransomware has been detected in the wild, but with a faulty encryption algorithm that has made it possible to reverse engineer the process. "The ELF executable contains a flawed encryption algorithm making it possible to decrypt locked files without paying the ransom," SentinelOne researcher Antonis Terefos said in a report shared with The Hacker News.
Security Boulevard
FEBRUARY 7, 2023
For the generation of children growing up today, advanced technology has been integrated into their lives since they were born. With 2020 YouGov statistics showing that 85% of six-year-olds have access to a tablet at home and, by age 17, only 4% of teenagers said that they don’t have access to a computer, it is. The post The Rise of Script Kiddies: Where Inexperience Meets Opportunity appeared first on Security Boulevard.
Identity IQ
FEBRUARY 7, 2023
SIM Swap Scams: How SIM Swapping Works and How To Protect Yourself IdentityIQ According to the Federal Bureau of Investigation, SIM swap scams are on the rise. The FBI reported that they had received 1,611 SIM swapping complaints with losses of more than $68 million in 2021. If you’re unfamiliar with this scam, it takes advantage of people’s lack of knowledge of how SIM cards work and puts their information at risk.
Cisco Security
FEBRUARY 7, 2023
Cisco Live is the premier destination for Cisco customers and partners to gain knowledge and build community. Our teams work hard to deliver education and inspiration, ignite creativity, deliver practical know-how, and accelerate the connections that fuel your digital future. The Cisco Secure team is excited to share our expertise to help power the strategies – and safety – of your organization.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Expert insights. Personalized for you.
293 
Let's personalize your content