Schneier on Security

JULY 1, 2022

Andrew Appel has a long analysis of the Swiss online voting system. It’s a really good analysis of both the system and the official analyses.

259

259

The Last Watchdog

JULY 1, 2022

The pandemic-driven remote working brought about unforeseen challenges that the pre-pandemic corporate world would have never imagined. From transitioning to a work-from-home as a ‘perk’ to a ‘necessity’, the organizations had to realign their operations and do it fast, to keep the ships afloat. Related: Deploying human sensors. Now that the dust seems to have settled on the novelty of remote working, there’s no doubt that remote working- whether organizations like it or not is here to say

Mobile 258

Mobile Education Phishing Technology 258

Tech Republic Security

JULY 1, 2022

Triggered by an employee from an external vendor who shared email addresses with an unauthorized party, the breach could lead to phishing attempts against affected individuals. The post Data breach of NFT marketplace OpenSea may expose customers to phishing attacks appeared first on TechRepublic.

Data breaches 206

Data breaches Phishing 206

Naked Security

JULY 1, 2022

The crooks hit us up with this phishing email less than half an hour after they activated their new scam domain.

Scams 143

Scams Phishing 143

Speaker: Erroll Amacker

Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.

Risk

Tech Republic Security

JULY 1, 2022

ClearVPN's Premium Plan offers advanced security and connectivity, allowing you to easily protect your devices at an affordable price. The post Get one year of this leading VPN for just $30 appeared first on TechRepublic.

VPN 148

VPN 148

The Hacker News

JULY 1, 2022

Amazon, in December 2021, patched a high severity vulnerability affecting its Photos app for Android that could have been exploited to steal a user's access tokens. "The Amazon access token is used to authenticate the user across multiple Amazon APIs, some of which contain personal data such as full name, email, and address," Checkmarx researchers João Morais and Pedro Umbelino said.

Authentication 142

Authentication 142

Bleeping Computer

JULY 1, 2022

On Thursday, the Jenkins security team announced 34 security vulnerabilities affecting 29 plugins for the Jenkins open source automation server, 29 of the bugs being zero-days still waiting to be patched. [.].

139

139

Dark Reading

JULY 1, 2022

The latest evolution in social engineering could put fraudsters in a position to commit insider threats.

Social Engineering 120

Social Engineering Engineering 120

WIRED Threat Level

JULY 1, 2022

Putting sensor-packed Chinese cars on Western roads could be a privacy issue. Just ask Tesla.

118

118

eSecurity Planet

JULY 1, 2022

Security researchers have uncovered an unusually sophisticated malware that has been targeting small office/home office (SOHO) routers for nearly two years, taking advantage of the pandemic and rapid shift to remote work. Such routers are rarely monitored or up-to-date, making them attractive targets for hackers to reach adjacent corporate networks.

Malware 117

Malware DNS Antivirus Internet 117

Advertisement

Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.

Cyber threats

Heimadal Security

JULY 1, 2022

What is an Acceptable Use Policy An acceptable use policy, often known as an AUP, is a collection of guidelines developed by the proprietor of a website, online service, or computer infrastructure with the intention of restricting the improper or illegal use of the owner’s software or information assets. It’s a fundamental component of the […].

Software 105

Software 105

We Live Security

JULY 1, 2022

The lead-up to the Canada Day festivities has brought a tax scam with it. The post Phishing scam poses as Canadian tax agency before Canada Day appeared first on WeLiveSecurity.

Scams 102

Scams Phishing 102

Heimadal Security

JULY 1, 2022

Previously, we’ve talked, at length about what a hotfix is, what’s it used for, and how to tell them apart from updates, patches, and other improvements-carrying packages. Today, we’re going to add even more -fix(es) to our list – coldfixes and bugfixes. So, what are they, what do they do, and when should you apply […]. The post Patch vs Hotfix vs Coldfix vs Bugfix – What’s the Difference, What Do They Fix, and When to Apply Them appeared first on Heimdal Security Blog.

104

104

Security Affairs

JULY 1, 2022

A cyber attack forced the American publishing giant Macmillan to shut down its IT systems. The publishing giant Macmillan has been hit by a cyberattack that forced the company to shut down its IT infrastructure to prevent the threat from spreading within its network. The company spokesman Erin Coffey told different media outlets that attackers have encrypted certain files on the Macmillan network.

Ransomware 101

Ransomware Data breaches Cyber Attacks Media 101

Advertisement

The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.

Cybersecurity

Heimadal Security

JULY 1, 2022

Macmillan Publishers is a worldwide trade publishing firm that operates in over 70 countries and has imprints in a number of different nations across the world, including the United States of America, Germany, the United Kingdom, Australia, South Africa, and India. Holtzbrinck Publishing Group is a multinational family-owned media corporation with its headquarters in Stuttgart, […].

Ransomware 102

Ransomware Media Cybersecurity 102

Dark Reading

JULY 1, 2022

The hacktivist group is ramping up its activities and ready to assault governments and businesses with escalating capabilities.

Ransomware 99

Ransomware Government 99

Security Affairs

JULY 1, 2022

Researchers warn of a new ‘SessionManager’ Backdoor that was employed in attacks targeting Microsoft IIS Servers since March 2021. Researchers from Kaspersky Lab have discovered a new ‘SessionManager’ Backdoor that was employed in attacks targeting Microsoft IIS Servers since March 2021. “In early 2022, we investigated one such IIS backdoor: SessionManager.

Passwords 98

Passwords Hacking Government Information Security 98

Dark Reading

JULY 1, 2022

OpenSea warns users that they are likely to be targeted in phishing attacks after a vendor employee accessed and downloaded its email list.

Hacking 98

Hacking Phishing 98

Speaker: Sierre Lindgren

Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.

Scams

Bleeping Computer

JULY 1, 2022

Microsoft has reminded customers that Windows Server 2012/2012 R2 will reach its extended end-of-support (EOS) date next year, on October 10, 2023. [.].

98

98

Dark Reading

JULY 1, 2022

With more staff working remotely, identity, authentication, and access (IAA) has never been more important. Microsoft has a new response.

Authentication 98

Authentication 98

Security Affairs

JULY 1, 2022

Microsoft spotted a cloud threat actor tracked as 8220 that is now targeting Linux servers in a long-running cryptomining campaign. Microsoft Security Intelligence experts are warning of a long-running campaign conducted by a cloud threat actor group, tracked as 8220, that is now targeting Linux servers to install crypto miners. “We observed notable updates to the long-running malware campaign targeting Linux systems by a group known as the 8220 gang.” reads one of the tweets publish

Security Intelligence 98

Security Intelligence Malware Hacking Information Security 98

The Hacker News

JULY 1, 2022

A newly discovered malware has been put to use in the wild at least since March 2021 to backdoor Microsoft Exchange servers belonging to a wide range of entities worldwide, with infections lingering in 20 organizations as of June 2022.

Internet 98

Internet Internet Malware Software 98

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

Security Boulevard

JULY 1, 2022

First, workplaces went fully remote to keep business operations running during the COVID-19 pandemic. Now, as the pandemic is easing into endemic, organizations are asking their employees to return to their offices. Many workers are choosing a hybrid setup—working a couple of days a week onsite and the rest of the time remotely. This is. The post Using AI/ML to Secure the Hybrid Workforce appeared first on Security Boulevard.

Mobile 98

Mobile Network Security Cybersecurity 98

The Hacker News

JULY 1, 2022

Following heightened worries that U.S. users' data had been accessed by TikTok engineers in China between September 2021 and January 2022, the company sought to assuage U.S. lawmakers that it's taking steps to "strengthen data security." The admission that some China-based employees can access information from U.S.

Engineering 98

Engineering 98

Digital Guardian

JULY 1, 2022

The overturning of Roe v. Wade is sparking more privacy concerns, cybercriminals are using deepfakes to gain access to corporate networks, and home routers are being attacked with malware. Read about these stories and more in this week's Friday Five.

Malware 98

Malware 98

GlobalSign

JULY 1, 2022

TSA to change cybersecurity rules for pipelines, Data breach leaks names, addresses of every concealed carry permit holder in California

Cybersecurity 98

Cybersecurity Data breaches 98

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Bleeping Computer

JULY 1, 2022

CISA has re-added a security bug affecting Windows devices to its list of bugs exploited in the wild after removing it in May due to Active Directory (AD) certificate authentication issues caused by Microsoft's May 2022 updates. [.].

Authentication 98

Authentication 98

Security Boulevard

JULY 1, 2022

The increase in cyberattacks—and the increase in the cost of cyberattacks—sends a clear signal: Something about the cybersecurity industry needs to change. We live in a world where malicious cyberattack campaigns are persistent and relentless. Even as threat actors like ransomware groups face growing pressure from law enforcement, it is clear that the rule of.

Ransomware 98

Ransomware Cybersecurity Technology 98

Malwarebytes

JULY 1, 2022

Researchers are reporting the discovery of malware targeting YouTub content creators. The aim is to compromise accounts and then take over the victims’ channels completely. The malware, dubbed YTStealer, has one game plan: Grabbing authentication cookies. A site gives you an authentication cookie when you log in, and your browser then uses it in place of a password until you log out.

Authentication 98

Authentication Malware Scams Accountability 98

Security Boulevard

JULY 1, 2022

Wicked Good Development is dedicated to the future of open source. This space is to learn about the latest in the developer community and talk shop with open source software innovators and experts in the industry. The post Wicked Good Development: Vulnerability Drills – the Intention, Habit, and Impact appeared first on Security Boulevard.

Software 98

Software 98

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!