Fri.May 05, 2023

article thumbnail

RIP World Password Day

Tech Republic Security

Google, Apple, Microsoft and other tech giants, as well as the FIDO Alliance, password managers and identity management vendors are all moving to passkeys, thanks to FIDO2. The post RIP World Password Day appeared first on TechRepublic.

Passwords 170
article thumbnail

Google launches entry-level cybersecurity certificate to teach threat detection skills

CSO Magazine

Google has announced a new entry-level cybersecurity certificate to teach learners how to identify common risks, threats, and vulnerabilities, as well as the techniques to mitigate them. Designed and taught by Google’s cybersecurity experts, the Google Cybersecurity Certificate aims to prepare learners for entry-level jobs in cybersecurity in less than six months with no prior experience required, create greater opportunities for people around the world, and help fill the growing number of open

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

WordPress plugin vulnerability puts two million websites at risk

Graham Cluley

Millions of WordPress-powered websites are using the Advanced Custom Fields and Advanced Custom Fields Pro plugins, which security researchers say have been vulnerable to cross-site scripting (XSS) attacks.

Risk 137
article thumbnail

Fleckpe Android Malware Sneaks onto Google Play Store with Over 620,000 Downloads

The Hacker News

A new Android subscription malware named Fleckpe has been unearthed on the Google Play Store, amassing more than 620,000 downloads in total since 2022. Kaspersky, which identified 11 apps on the official app storefront, said the malware masqueraded as legitimate photo editing apps, camera, and smartphone wallpaper packs. The apps have since been taken down.

Malware 134
article thumbnail

How to Avoid Pitfalls In Automation: Keep Humans In the Loop

Speaker: Erroll Amacker

Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.

article thumbnail

Apple Patches Bluetooth Flaw in AirPods, Beats

Dark Reading

Users can check for the updated firmware version of their wireless headphones in the Bluetooth settings of their iPhone, iPad, or Mac devices.

Wireless 131
article thumbnail

RSA 2023: Not Under the GenAI Influence Yet!

Anton on Security

Security business is booming! Reportedly 38K people showed up for RSA 2023, and 600+ vendors did too. It is very clear from observing the large booths of many vendors (including some that are doing well unexpectedly ) that “there is lots of money in cyberland.” As somebody cynically pointed out to me, a huge booth at the RSA conference doesn’t indicate that the company is doing well — it only indicates that it was doing well 6–8 months ago when they paid for the booth … This aside, it is very cl

LifeWorks

More Trending

article thumbnail

Safeguarding Data Centers Against Growing Cyber Threats

Security Boulevard

As we continue to rely on digital technology to store and process vast amounts of data, the need for robust data center security has never been more critical. Cyber threats are constantly evolving, making the task of safeguarding the data and infrastructure housed within data centers increasingly challenging. Here, we'll explore the importance of. The post Safeguarding Data Centers Against Growing Cyber Threats appeared first on Hyperview.

article thumbnail

Making authentication faster than ever: passkeys vs. passwords

Google Security

Silvia Convento, Senior UX Researcher and Court Jacinic, Senior UX Content Designer In recognition of World Password Day 2023, Google announced its next step toward a passwordless future: passkeys. Passkeys are a new, passwordless authentication method that offer a convenient authentication experience for sites and apps, using just a fingerprint, face scan or other screen lock.

article thumbnail

New Android FluHorse malware steals your passwords, 2FA codes

Bleeping Computer

A new Android malware called 'FluHorse' has been discovered, targeting users in Eastern Asia with malicious apps that imitate legitimate versions. [.

Malware 124
article thumbnail

Capita’s “standard industry practice” 633gb open cloud storage

DoublePulsar

TechCrunch has a story today about Capita with an unsecured S3 bucket. A few people came across this last week — I saw it floating around social media and Discord amongst security researchers. Capita claim it is “information such as release notes and user guides, which are routinely published alongside software releases in line with standard industry practice.

Media 123
article thumbnail

Why Giant Content Libraries Do Nothing for Your Employees’ Cyber Resilience

Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.

article thumbnail

Packagist Repository Hacked: Over a Dozen PHP Packages with 500 Million Compromised

The Hacker News

PHP software package repository Packagist revealed that an "attacker" gained access to four inactive accounts on the platform to hijack over a dozen packages with over 500 million installs to date. "The attacker forked each of the packages and replaced the package description in composer.

Hacking 123
article thumbnail

Dallas Reels from Royal Ransomware Raid

Security Boulevard

Royal, née Zeon, born of Conti: Police, 911, courts and other city services staggering to recover. The post Dallas Reels from Royal Ransomware Raid appeared first on Security Boulevard.

article thumbnail

How To Study for CompTIA Cybersecurity Analyst (CySA+)

CompTIA on Cybersecurity

You’ll want to ensure you are fully prepared before you undertake the IT certification process. Here’s our advice on how to study for the new CompTIA CySA+ (CS0-003) exam.

article thumbnail

ReconShark – Kimsuky’s Newest Recon Tool

Heimadal Security

Kimsuky, a North Korean hacking group, has been observed employing a new version of its reconnaissance malware called “ReconShark” in a cyberespionage campaign with global reach. According to security analysts, the threat actor has broadened the range of targets it is now attacking, including government agencies, research institutions, universities, and think tanks in the United […] The post ReconShark – Kimsuky’s Newest Recon Tool appeared first on Heimdal Security Blog.

article thumbnail

Zero Trust Mandate: The Realities, Requirements and Roadmap

The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.

article thumbnail

BrandPost: Effective Security Relies on Effective Communication

CSO Magazine

Implementing a sustainably effective security strategy is complex and challenging for even the most advanced organization. Organizations don’t operate in a vacuum. They rely on information and intelligence from others in the industry, including vendors, media reporting, government agencies, and their organizational peers. This expanded information ecosystem is a powerful benefit to organizations, extending their horizon and aiding them in meeting today's security challenges while bolstering defe

Media 107
article thumbnail

BlackBerry Report Surfaces Increasing Rate of Cyberattacks

Security Boulevard

A threat intelligence report published by BlackBerry found that from December 2022 through February 2023, 12 cyberattacks per minute were launched against organizations using the company’s cybersecurity software and services, with 1.5 of those attacks per minute based on a new malware sample. The BlackBerry report also noted a shift in where those attacks are.

Malware 105
article thumbnail

CSO sentenced to 3 years imprisonment for Uber Data Breach cover up

CyberSecurity Insiders

Joe Sullivan, the former Chief Security Officer (CSO) of Uber, has been sentenced to three years’ imprisonment and 200 hours of community service for covering up a cyber attack on the company’s servers in 2016, which led to a data breach affecting over 50 million riders and drivers. This is believed to be the first case in the history of cyber attacks where a CSO has faced criminal charges and imprisonment for covering up a data breach and obstructing a federal investigation.

CSO 103
article thumbnail

How to Use ASPM to Improve CSPM

Security Boulevard

In recent years, organizations have increasingly moved their applications and infrastructure to the cloud to take advantage of its scalability, flexibility and cost-effectiveness. However, this shift to the cloud has also introduced new security challenges, particularly in the realm of application security. Attackers are constantly looking for ways to exploit vulnerabilities in applications to gain.

article thumbnail

Next-Level Fraud Prevention: Strategies for Today’s Threat Landscape

Speaker: Sierre Lindgren

Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.

article thumbnail

New Vulnerability in Popular WordPress Plugin Exposes Over 2 Million Sites to Cyberattacks

The Hacker News

Users of Advanced Custom Fields plugin for WordPress are being urged to update version 6.1.6 following the discovery of a security flaw. The issue, assigned the identifier CVE-2023-30777, relates to a case of reflected cross-site scripting (XSS) that could be abused to inject arbitrary executable scripts into otherwise benign websites.

102
102
article thumbnail

Does AI Help or Hinder Compliance Efforts?

Security Boulevard

Technology is something of a double-edged sword. The use of AI technology by cybercriminals can leave businesses more vulnerable to legitimate-seeming scams and cyberattacks; at the same time, AI can help defend against those attacks. Compliance standards are put in place to protect not just businesses but also their consumers and investors. These days, companies.

Scams 103
article thumbnail

Microsoft patches 3 vulnerabilities in Azure API Management

CSO Magazine

Microsoft has patched three new vulnerabilities in the Azure API Management service which includes two Server-Side Request Forgery (SSRF) vulnerabilities and a file upload path traversal on an internal Azure workload, according to cybersecurity firm Ermetic. The vulnerabilities were achieved through url formatting bypasses and an unrestricted file upload functionality in the API Management developer portal, Ermetic said.

article thumbnail

APTs target MSP access to customer networks – Week in security with Tony Anscombe

We Live Security

The recent compromise of the networks of several companies via the abuse of a remote access tool used by MSPs exemplifies why state-aligned threat actors should be on the radars of IT service providers The post APTs target MSP access to customer networks – Week in security with Tony Anscombe appeared first on WeLiveSecurity

101
101
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

N. Korean Kimsuky Hackers Using New Recon Tool ReconShark in Latest Cyberattacks

The Hacker News

The North Korean state-sponsored threat actor known as Kimsuky has been discovered using a new reconnaissance tool called ReconShark as part of an ongoing global campaign.

Phishing 100
article thumbnail

Doctors Behind Mifepristone Ban Called ‘Christians’ a Top Threat

WIRED Threat Level

Leaked documents reveal that the American College of Pediatricians viewed “mainstream medicine” and “nominal Christians” as its opposition.

Hacking 99
article thumbnail

New Android Malware 'FluHorse' Targeting East Asian Markets with Deceptive Tactics

The Hacker News

Various sectors in East Asian markets have been subjected to a new email phishing campaign that distributes a previously undocumented strain of Android malware called FluHorse that abuses the Flutter software development framework.

article thumbnail

Fortinet fixed two severe issues in FortiADC and FortiOS

Security Affairs

Fortinet has addressed a couple of high-severity vulnerabilities impacting FortiADC, FortiOS, and FortiProxy. Fortinet addressed nine security vulnerabilities affecting multiple products, including two high-severity issues, tracked as CVE-2023-27999 and CVE-2023-22640, in FortiADC, FortiOS, and FortiProxy. The CVE-2023-27999 flaw (CVSS score 7.6) is a command injection issue in the external resource module. “An improper neutralization of special elements used in an OS command vulnerability

VPN 98
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Lack of Visibility: The Challenge of Protecting Websites from Third-Party Scripts

The Hacker News

Third-party apps such as Google Analytics, Meta Pixel, HotJar, and JQuery have become critical tools for businesses to optimize their website performance and services for a global audience. However, as their importance has grown, so has the threat of cyber incidents involving unmanaged third-party apps and open-source tools.

99
article thumbnail

Apple releases first Rapid Security Response update for iOS, iPadOS, and macOS users

Malwarebytes

On Monday, Apple released its first batch of Rapid Security Response (RSR) patches, iOS 16.4.1 (a) , iPadOS 16.4.1 (a) , and macOS 13.3.1 (a) , for iPhone and iPad, and macOS devices, respectively. RSR is a new type of software patch delivered between Apple's regular, scheduled software updates. Previously, Apple security fixes came bundled along with features and improvements, but RSRs only carry security fixes.

Spyware 98
article thumbnail

Hackers Targeting Italian Corporate Banking Clients with New Web-Inject Toolkit DrIBAN

The Hacker News

Italian corporate banking clients are the target of an ongoing financial fraud campaign that has been leveraging a new web-inject toolkit called drIBAN since at least 2019.

Banking 99
article thumbnail

North Korea-linked Kimsuky APT uses new recon tool ReconShark

Security Affairs

North Korea-linked APT group Kimsuky has been observed using a new reconnaissance tool dubbed ReconShark in a recent campaign. SentinelOne researchers observed an ongoing campaign from North Korea-linked Kimsuky Group that is using a new malware called ReconShark. The reconnaissance tool is delivered through spear-phishing emails, OneDrive links leading to document weaponized downloads, and the execution of malicious macros.

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!