Troy Hunt

NOVEMBER 23, 2022

We've had great feedback from people who have gotten Pwned. Loads of people had told us how much they've enjoyed it and would like to get their friends Pwned too. Personally, I think everyone should get Pwned! Which is why we're making it possible for 30% less 😊 Ok, being more serious for a moment, I'm talking about Pwned the book which we launched a couple of months ago and it's chock full of over 800 pages worth of epic blog posts and more importantly, the stor

211

211

Schneier on Security

NOVEMBER 23, 2022

Nothing beats a dog’s nose for detecting explosives. Unfortunately, there aren’t enough dogs : Last month, the US Government Accountability Office (GAO) released a nearly 100-page report about working dogs and the need for federal agencies to better safeguard their health and wellness. The GOA says that as of February the US federal government had approximately 5,100 working dogs, including detection dogs, across three federal agencies.

Government 189

Government Accountability 189

Tech Republic Security

NOVEMBER 23, 2022

Industrial IoT is gaining adoption, but this comes with some security risks. Check out the dangers and how you can avoid them. The post Top 6 security risks associated with industrial IoT appeared first on TechRepublic.

IoT 192

IoT Risk Internet Internet 192

Security Boulevard

NOVEMBER 23, 2022

Some incredibly personal details are being sent to Facebook, without your consent, using the “Meta Pixel.”. The post ‘This is Appalling’ — Tax-Prep Sites Leak PII to Facebook appeared first on Security Boulevard.

Security Awareness 138

Security Awareness CISO Network Security Malware 138

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Tech Republic Security

NOVEMBER 23, 2022

Distributed denial-of-service protection from OVHcloud takes the complexity out of avoiding denial of service attacks for your business. The post DDoS protection from OVHcloud appeared first on TechRepublic.

DDOS 147

DDOS Software 147

Security Affairs

NOVEMBER 23, 2022

Researchers discovered that analytics data associated with iPhone include Directory Services Identifier (DSID) that could allow identifying users. Researchers at software company Mysk discovered that analytics data collected by iPhone include the Directory Services Identifier (DSID), which could allow identifying users. Apple collects both DSID and Apple ID, which means that it can use the former to identify the user and retrieve associated personal information, including full name, phone number

Hacking 136

Hacking Data collection Cybersecurity Accountability 136

We Live Security

NOVEMBER 23, 2022

Malicious apps used in this active campaign exfiltrate contacts, SMS messages, recorded phone calls, and even chat messages from apps such as Signal, Viber, and Telegram. The post Bahamut cybermercenary group targets Android users with fake VPN apps appeared first on WeLiveSecurity.

VPN 127

VPN 127

Bleeping Computer

NOVEMBER 23, 2022

Chrome browser extension 'SearchBlox' installed by more than 200,000 users has been discovered to contain a backdoor that can steal your Roblox credentials as well as your assets on Rolimons, a Roblox trading platform. [.].

131

131

CyberSecurity Insiders

NOVEMBER 23, 2022

For the past seven to eight months, we have been constantly reading or listening to Russia’s negative involvement in cybersecurity. Now, the latest that has been published by Group-IB claims Moscow’s involvement in the password stealing of over 50 million users. Yes, according to a report compiled after analyzing over 34 telegram groups’ involvement in cybercrime, researchers from Group-IB have confirmed the involvement of hacking groups linked to the Kremlin stealing 50m passwords from about 89

Passwords 127

Passwords Scams Malware Cybercrime 127

Security Boulevard

NOVEMBER 23, 2022

Multifactor authentication (MFA) push notification fatigue attacks are increasing and are proving more effective, according to Expel’s quarterly threat report, based on data from the company’s customer base. The report also indicated that automated orchestration is proving to be a big advantage, with the median time to perform a remediation action automated via orchestration dropping.

Threat Reports 125

Threat Reports Authentication Social Engineering Cybersecurity 125

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

CSO Magazine

NOVEMBER 23, 2022

A report released by Meta’s security team describes the company’s shutdown of a network of Facebook and Instagram accounts participating in what it calls coordinated inauthentic behavior, and linking some of those accounts to the US military. “Coordinated inauthentic behavior” is Meta’s term for misinformation activity performed by groups of social media accounts on its platforms that target particular groups or demographics.

Media 118

Media Accountability 118

Security Affairs

NOVEMBER 23, 2022

The operators behind the Ducktail information stealer continue to improve their malicious code, operators experts warn. In late July 2022, researchers from WithSecure (formerly F-Secure Business) discovered an ongoing operation, named DUCKTAIL, that was targeting individuals and organizations that operate on Facebook’s Business and Ads platform. Experts attribute the campaign to a Vietnamese financially motivated threat actor which is suspected to be active since 2018.

Malware 116

Malware Hacking Accountability Authentication 116

Bleeping Computer

NOVEMBER 23, 2022

At least 34 distinct Russian-speaking cybercrime groups using info-stealing malware like Raccoon and Redline have collectively stolen 50,350,000 account passwords from over 896,000 individual infections from January to July 2022. [.].

Passwords 112

Passwords Cybercrime Malware Accountability 112

Security Boulevard

NOVEMBER 23, 2022

As we embark on the U.S. Thanksgiving holiday, we’re supposed to be grateful for our gifts. And I am certainly thankful for my family, my health (injured knee notwithstanding) and being able to work at Techstrong, which is a very cool gig. But to be honest, I’m just not feeling very thankful from a security. The post Thanks for Nothing appeared first on Security Boulevard.

Security Awareness 109

Security Awareness Cybersecurity 109

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

Bleeping Computer

NOVEMBER 23, 2022

Meta has removed several accounts on Facebook and Instagram associated with the U.S. military, saying they were used as part of covert influence operations targeting the Middle East and Russia. [.].

Accountability 108

Accountability 108

Security Boulevard

NOVEMBER 23, 2022

Hospitals, government health agencies and other health care entities have a growing need to securely store and transfer personal data, both from patient to provider and with relevant agencies, insurers and regulators. Considering the exponential rise in cyberattacks, it has never been more crucial for health care organizations to take the risk out of data.

Encryption 104

Encryption Insurance Government Risk 104

Bleeping Computer

NOVEMBER 23, 2022

A set of five exploitable vulnerabilities in Arm's Mali GPU driver remain unfixed months after the chip maker patched them, leaving potentially millions of Android devices exposed to attacks. [.].

Mobile 106

Mobile 106

Security Boulevard

NOVEMBER 23, 2022

This Black Friday, we are offering an amazing 50% discount on all new plugin subscriptions. This is the perfect opportunity to shore up your WordPress security and administration (at a hefty discount) as we head into a busy festive season. The post Black Friday deals 2022 appeared first on WP White Security. The post Black Friday deals 2022 appeared first on Security Boulevard.

104

104

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

Risk

CSO Magazine

NOVEMBER 23, 2022

The UK has finalized its first independent data adequacy decision since leaving the European Union (EU) which will allow UK organisations to securely transfer personal data to the Republic of Korea without restrictions by the end of the year. The UK government stated that the new legislation, first agreed upon in principle in July, will allow businesses in both countries to share data more easily, enhancing opportunities for cooperation and growth.

Government 101

Government 101

SecureList

NOVEMBER 23, 2022

The shopping event of the year, Black Friday, is almost here, and while the big day does not officially arrive until Friday, November 25 th , deals are already starting. The day kickstarts the frenzied holiday shopping season with eye-catching promotional deals that lure shoppers into spending more of their hard-earned cash. In the weeks leading up to Black Friday, we have already seen discounts reaching 70% and even 80%, grabbing the attention of millions of customers.

Phishing 101

Phishing Scams Banking Malware 101

Security Affairs

NOVEMBER 23, 2022

Microsoft released an out-of-band update to fix problems tied to a recent Windows security patch that caused Kerberos authentication issues. Microsoft released an out-of-band update to address issues caused by a recent Windows security patch that causes Kerberos authentication problems. Microsoft Patch Tuesday security updates for November 2022 addressed a privilege escalation vulnerability, tracked as CVE-2022-37966 , that impacts Windows Server.

Authentication 100

Authentication Hacking Encryption Accountability 100

Dark Reading

NOVEMBER 23, 2022

The infostealer Aurora’s low detection rates and newcomer status are helping it fly under the radar, as more cybercriminal gangs target cryptocurrency wallets and communications apps.

Cyber threats 100

Cyber threats Cryptocurrency 100

Speaker: William Hord, Senior VP of Risk & Professional Services

Enterprise Risk Management (ERM) is critical for industry growth in today’s fast-paced and ever-changing risk landscape. When building your ERM program foundation, you need to answer questions like: Do we have robust board and management support? Do we understand and articulate our bank’s risk appetite and how that impacts our business units? How are we measuring and rating our risk impact, likelihood, and controls to mitigate our risk?

Banking

Security Boulevard

NOVEMBER 23, 2022

The NIST cybersecurity framework is a powerful tool to organize and improve your cybersecurity program. Today many businesses see cybersecurity with a kind of laissez-faire attitude where they purchase few tools and assign some people to look after their overall IT […]. The post Leveraging the NIST Cybersecurity Framework For Business appeared first on WeSecureApp :: Simplifying Enterprise Security!

Cybersecurity 98

Cybersecurity Security Awareness 98

Bleeping Computer

NOVEMBER 23, 2022

Windows gamers and power users are being targeted by fake MSI Afterburner download portals to infect users with cryptocurrency miners and the RedLine information-stealing malware. [.].

Cryptocurrency 96

Cryptocurrency Malware 96

Security Boulevard

NOVEMBER 23, 2022

Understand the challenges of securing your cloud and key best practices for minimizing your cloud’s blast radius. The post Sealing Off Your Cloud’s Blast Radius appeared first on Ermetic. The post Sealing Off Your Cloud’s Blast Radius appeared first on Security Boulevard.

97

97

Naked Security

NOVEMBER 23, 2022

Five tips to keep yourself, and your friends and family, out of the clutches of "chopping block" scammers.

Scams 125

Scams Malware 125

Speaker: Ronald Eddings, Cybersecurity Expert and Podcaster

So, you’ve accomplished an organization-wide SaaS adoption. It started slow, and now just a few team members might be responsible for running Salesforce, Slack, and a few others applications that boost productivity, but it’s all finished. Or is it? Through all the benefits offered by SaaS applications, it’s still a necessity to onboard providers as quickly as possible.

Risk

Security Boulevard

NOVEMBER 23, 2022

Software supply chain attacks are on the rise because of their reach. Here are 10 valuable lessons from the recent GitHub namespace attack. The post GitHub repojacking attack: 10 lessons for software teams appeared first on Security Boulevard.

Software 97

Software 97

Dark Reading

NOVEMBER 23, 2022

Chinese threat actors have already used the vulnerable and pervasive Boa server to infiltrate the electrical grid in India, in spate of malicious incidents.

IoT 100

IoT 100

Security Affairs

NOVEMBER 23, 2022

Pro-Russian hacker collective Killnet took down the European Parliament website with a DDoS cyberattack. The Pro-Russia group of hacktivists Killnet claimed responsibility for the DDoS attack that today took down the website of the European Parliament website. #KILLNET , the Pro-Russia #hacking group, claims to have launched a #DDoS attack against the European Parliament's ( @Europarl_EN ) official website.

DDOS 93

DDOS Hacking Information Security 93

Heimadal Security

NOVEMBER 23, 2022

Microsoft Security Threat Intelligence research team warn about a threat actor identified as DEV-0569, which has been observed using Google Ads to distribute various payloads, including the recently discovered Royal ransomware. The DEV-0569 group allegedly carries out malvertising campaigns to spread links to a signed malware downloader posing as software installers or fake updates embedded in […].

Ransomware 91

Ransomware Malware Software Cybersecurity 91

Speaker: Dr. Karen Hardy, CEO and Chief Risk Officer of Strategic Leadership Advisors LLC

Communication is a core component of a resilient organization's risk management framework. However, risk communication involves more than just reporting information and populating dashboards, and we may be limiting our skillset. Storytelling is the ability to express ideas and convey messages to others, including stakeholders. When done effectively, it can help interpret complex risk environments for leaders and inform their decision-making.

Risk