Fri.Jul 01, 2022

Analyzing the Swiss E-Voting System

Schneier on Security

Andrew Appel has a long analysis of the Swiss online voting system. It’s a really good analysis of both the system and the official analyses. Uncategorized voting

171
171

GUEST ESSAY: The post-pandemic challenges of securely managing employee endpoints

The Last Watchdog

The pandemic-driven remote working brought about unforeseen challenges that the pre-pandemic corporate world would have never imagined. From transitioning to a work-from-home as a ‘perk’ to a ‘necessity’, the organizations had to realign their operations and do it fast, to keep the ships afloat. Related: Deploying human sensors. Now that the dust seems to have settled on the novelty of remote working, there’s no doubt that remote working- whether organizations like it or not is here to say.

Mobile 159
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Criminals Use Deepfake Videos to Interview for Remote Work

Dark Reading

The latest evolution in social engineering could put fraudsters in a position to commit insider threats

Amazon Quietly Patches 'High Severity' Vulnerability in Android Photos App

The Hacker News

Amazon, in December 2021, patched a high severity vulnerability affecting its Photos app for Android that could have been exploited to steal a user's access tokens.

Successful Change Management with Enterprise Risk Management

Speaker: William Hord, Vice President of ERM Services

Join us as we discuss the various tangents of data and the change management process that will help you make better risk-based business decisions to save time and money for your organization.

Teenagers are being encouraged to spread ransomware

CyberSecurity Insiders

Ransomware-as-a-service gang is on the prowl of teenagers who can act as distributors for malware. As law enforcement is tightening the noose around black hat hackers in all ways, ransomware spreading groups are now focusing more on luring teenagers into their business distribution stream.

Facebook 2FA phish arrives just 28 minutes after scam domain created

Naked Security

The crooks hit us up with this phishing email less than half an hour after they activated their new scam domain. Data loss Facebook Phishing Privacy 2FA phishing Scam

Scams 93

More Trending

OpenSea NFT Marketplace Faces Insider Hack

Dark Reading

OpenSea warns users that they are likely to be targeted in phishing attacks after a vendor employee accessed and downloaded its email list

Using AI/ML to Secure the Hybrid Workforce

Security Boulevard

First, workplaces went fully remote to keep business operations running during the COVID-19 pandemic. Now, as the pandemic is easing into endemic, organizations are asking their employees to return to their offices.

Microsoft Going Big on Identity with the Launch of Entra

Dark Reading

With more staff working remotely, identity, authentication, and access (IAA) has never been more important. Microsoft has a new response

Inching Toward Defend Forward

Security Boulevard

The increase in cyberattacks—and the increase in the cost of cyberattacks—sends a clear signal: Something about the cybersecurity industry needs to change. We live in a world where malicious cyberattack campaigns are persistent and relentless.

Cover Your SaaS: How to Overcome Security Challenges and Risks For Your Organization

Speaker: Ronald Eddings, Cybersecurity Expert and Podcaster

In this webinar, Ronald Eddings, Cybersecurity Expert, will outline the relationship between SaaS apps and IT & security teams, along with several actionable solutions to overcome the new difficulties facing your organization.

Highly Sophisticated Malware Attacks Home and Small Office Routers

eSecurity Planet

Security researchers have uncovered an unusually sophisticated malware that has been targeting small office/home office (SOHO) routers for nearly two years, taking advantage of the pandemic and rapid shift to remote work.

DNS 81

Wicked Good Development: Vulnerability Drills – the Intention, Habit, and Impact

Security Boulevard

Wicked Good Development is dedicated to the future of open source. This space is to learn about the latest in the developer community and talk shop with open source software innovators and experts in the industry.

DragonForce Malaysia Releases LPE Exploit, Threatens Ransomware

Dark Reading

The hacktivist group is ramping up its activities and ready to assault governments and businesses with escalating capabilities

Disgruntled Law School Applicant’s Cyberharassment Ends With Narrow Court Ruling

Security Boulevard

Ho Ka Terrance Yung wanted to go to Georgetown University School of Law. He had good grades and good LSAT scores and arranged for an “alumni” interview—an interview with a former Hoya to accelerate his application process. The interview did not go well.

Risk 82

How Preparation and Strategy Can Be Used to Fight and Defeat Any Ransomware Attack

Speaker: Karl Camilleri, Cloud Services Product Manager at phoenixNAP

Through a detailed analysis of major attacks and their consequences, Karl Camilleri, Cloud Services Product Manager at phoenixNAP, will discuss the state of ransomware and future predictions, as well as provide best practices for attack prevention and recovery.

New 'SessionManager' Backdoor Targeting Microsoft IIS Servers in the Wild

The Hacker News

A newly discovered malware has been put to use in the wild at least since March 2021 to backdoor Microsoft Exchange servers belonging to a wide range of entities worldwide, with infections lingering in 20 organizations as of June 2022.

Facial recognition in Oz

Security Boulevard

Despite concerns from privacy advocates, Australia is currently the only democracy in the world that uses facial recognition technology to aid Covid-19 containment procedures.

Get one year of this leading VPN for just $30

Tech Republic Security

ClearVPN's Premium Plan offers advanced security and connectivity, allowing you to easily protect your devices at an affordable price. The post Get one year of this leading VPN for just $30 appeared first on TechRepublic. Security clearvpn clearvpn premium plan VPN

VPN 113

Making CMMC Compliance Affordable For SMBs

Security Boulevard

Realizing the Total Cost of Compliance Companies in the defense industrial base (DIB) have less than a year before the Interim Rule is in effect. We’ve spoken to many small to medium businesses (SMBs) in the DIB and one concern comes up over and over again. The cost of CMMC 2.0

81

How to Avoid the Pain and Cost of PCI Compliance While Optimizing Payments

Speaker: P. Andrew Sjogren, Sr. Product Marketing Manager at Very Good Security, Matt Doka, Co-Founder and CTO of Fivestars, and Steve Andrews, President & CEO of the Western Bankers Association 

In this webinar, we have a great set of panelists who will take you through how Zero Data strategies can be used as part of a well-rounded compliance and security approach, and get you to market much sooner by also allowing for payment optimization. They’ll share how to grow your business faster and minimize costs for both security and compliance

Is Your New Car a Threat to National Security?

WIRED Threat Level

Putting sensor-packed Chinese cars on Western roads could be a privacy issue. Just ask Tesla. Security Security / National Security Security / Privacy

78

A ransomware attack forced publishing giant Macmillan to shuts down its systems

Security Affairs

A cyber attack forced the American publishing giant Macmillan to shut down its IT systems. The publishing giant Macmillan has been hit by a cyberattack that forced the company to shut down its IT infrastructure to prevent the threat from spreading within its network.

Phishing scam poses as Canadian tax agency before Canada Day

We Live Security

The lead-up to the Canada Day festivities has brought a tax scam with it. The post Phishing scam poses as Canadian tax agency before Canada Day appeared first on WeLiveSecurity. Scams

Scams 76

TikTok Assures U.S. Lawmakers it's Working to Safeguard User Data From Chinese Staff

The Hacker News

Following heightened worries that U.S. users' data had been accessed by TikTok engineers in China between September 2021 and January 2022, the company sought to assuage U.S. lawmakers that it's taking steps to "strengthen data security."

Back to the Office: Privacy and Security Solutions to Compliance Issues for 2021 and Beyond

Speaker: Mike Cramer, Director of HIPAA & Data Security at The Word & Brown Companies

Now that companies are slowly allowing employees to return to work at the office, it's time to re-evaluate your company’s posture towards privacy and security. Join Mike Cramer, Director of HIPAA & Data Security at The Word & Brown Companies, for a discussion that will focus on compliance and the types of privacy and security measures your company should be aware of, as well as tips and methods for implementing these measures.

SessionManager Backdoor employed in attacks on Microsoft IIS servers worldwide

Security Affairs

Researchers warn of a new ‘SessionManager’ Backdoor that was employed in attacks targeting Microsoft IIS Servers since March 2021.

Jenkins discloses dozens of zero-day bugs in multiple plugins

Bleeping Computer

On Thursday, the Jenkins security team announced 34 security vulnerabilities affecting 29 plugins for the Jenkins open source automation server, 29 of the bugs being zero-days still waiting to be patched. [.]. Security

107
107

The business of hackers-for-hire threat actors

Tech Republic Security

Hackers-for-hire specialize in compromising email boxes. Learn more about these cyber criminals and the threat they represent. The post The business of hackers-for-hire threat actors appeared first on TechRepublic. CXO Security google threat analysis group hackers-for-hire phishing

Google Improves Its Password Manager to Boost Security Across All Platforms

The Hacker News

Google on Thursday announced a slew of improvements to its password manager service aimed at creating a more consistent look and feel across different platforms.

A long-running cryptomining campaign conducted by 8220 hackers now targets Linux servers

Security Affairs

Microsoft spotted a cloud threat actor tracked as 8220 that is now targeting Linux servers in a long-running cryptomining campaign.

Microsoft Warns About Evolving Capabilities of Toll Fraud Android Malware Apps

The Hacker News

Microsoft has detailed the evolving capabilities of toll fraud malware apps on Android, pointing out its "complex multi-step attack flow" and an improved mechanism to evade security analysis.

5 Sectors That Need Critical Infrastructure Cybersecurity

SecureBlitz

This post will show you 5 sectors that need critical infrastructure cybersecurity. The UK National Cyber Security Centre identifies a. Read more. The post 5 Sectors That Need Critical Infrastructure Cybersecurity appeared first on SecureBlitz Cybersecurity. Tips & Hacks Cybersecurity Plan

Solving the indirect vulnerability enigma - fixing indirect vulnerabilities without breaking your dependency tree

The Hacker News

Fixing indirect vulnerabilities is one of those complex, tedious and, quite frankly, boring tasks that no one really wants to touch. No one except for Debricked, it seems. Sure, there are lots of ways to do it manually, but can it be done automatically with minimal risk of breaking changes?

Risk 68

ICYMI: A Microsoft Warning, Follina, Atlassian, and More

Dark Reading

Dark Reading's digest of the other don't-miss stories of the week, including YouTube account takeovers and a sad commentary on cyber-pro hopelessness

Microsoft: Windows Server 2012 reaches end of support in October 2023

Bleeping Computer

Microsoft has reminded customers that Windows Server 2012/2012 R2 will reach its extended end-of-support (EOS) date next year, on October 10, 2023. [.]. Microsoft

83