Fri.May 05, 2023

article thumbnail

RIP World Password Day

Tech Republic Security

Google, Apple, Microsoft and other tech giants, as well as the FIDO Alliance, password managers and identity management vendors are all moving to passkeys, thanks to FIDO2. The post RIP World Password Day appeared first on TechRepublic.

Passwords 170
article thumbnail

Google launches entry-level cybersecurity certificate to teach threat detection skills

CSO Magazine

Google has announced a new entry-level cybersecurity certificate to teach learners how to identify common risks, threats, and vulnerabilities, as well as the techniques to mitigate them. Designed and taught by Google’s cybersecurity experts, the Google Cybersecurity Certificate aims to prepare learners for entry-level jobs in cybersecurity in less than six months with no prior experience required, create greater opportunities for people around the world, and help fill the growing number of open

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

WordPress plugin vulnerability puts two million websites at risk

Graham Cluley

Millions of WordPress-powered websites are using the Advanced Custom Fields and Advanced Custom Fields Pro plugins, which security researchers say have been vulnerable to cross-site scripting (XSS) attacks.

Risk 137
article thumbnail

Apple Patches Bluetooth Flaw in AirPods, Beats

Dark Reading

Users can check for the updated firmware version of their wireless headphones in the Bluetooth settings of their iPhone, iPad, or Mac devices.

Wireless 131
article thumbnail

How to Avoid Pitfalls In Automation: Keep Humans In the Loop

Speaker: Erroll Amacker

Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.

article thumbnail

Fleckpe Android Malware Sneaks onto Google Play Store with Over 620,000 Downloads

The Hacker News

A new Android subscription malware named Fleckpe has been unearthed on the Google Play Store, amassing more than 620,000 downloads in total since 2022. Kaspersky, which identified 11 apps on the official app storefront, said the malware masqueraded as legitimate photo editing apps, camera, and smartphone wallpaper packs. The apps have since been taken down.

Malware 131
article thumbnail

RSA 2023: Not Under the GenAI Influence Yet!

Anton on Security

Security business is booming! Reportedly 38K people showed up for RSA 2023, and 600+ vendors did too. It is very clear from observing the large booths of many vendors (including some that are doing well unexpectedly ) that “there is lots of money in cyberland.” As somebody cynically pointed out to me, a huge booth at the RSA conference doesn’t indicate that the company is doing well — it only indicates that it was doing well 6–8 months ago when they paid for the booth … This aside, it is very cl

LifeWorks

More Trending

article thumbnail

Safeguarding Data Centers Against Growing Cyber Threats

Security Boulevard

As we continue to rely on digital technology to store and process vast amounts of data, the need for robust data center security has never been more critical. Cyber threats are constantly evolving, making the task of safeguarding the data and infrastructure housed within data centers increasingly challenging. Here, we'll explore the importance of. The post Safeguarding Data Centers Against Growing Cyber Threats appeared first on Hyperview.

article thumbnail

Making authentication faster than ever: passkeys vs. passwords

Google Security

Silvia Convento, Senior UX Researcher and Court Jacinic, Senior UX Content Designer In recognition of World Password Day 2023, Google announced its next step toward a passwordless future: passkeys. Passkeys are a new, passwordless authentication method that offer a convenient authentication experience for sites and apps, using just a fingerprint, face scan or other screen lock.

article thumbnail

New Android FluHorse malware steals your passwords, 2FA codes

Bleeping Computer

A new Android malware called 'FluHorse' has been discovered, targeting users in Eastern Asia with malicious apps that imitate legitimate versions. [.

Malware 124
article thumbnail

Capita’s “standard industry practice” 633gb open cloud storage

DoublePulsar

TechCrunch has a story today about Capita with an unsecured S3 bucket. A few people came across this last week — I saw it floating around social media and Discord amongst security researchers. Capita claim it is “information such as release notes and user guides, which are routinely published alongside software releases in line with standard industry practice.

Media 123
article thumbnail

Why Giant Content Libraries Do Nothing for Your Employees’ Cyber Resilience

Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.

article thumbnail

Dallas Reels from Royal Ransomware Raid

Security Boulevard

Royal, née Zeon, born of Conti: Police, 911, courts and other city services staggering to recover. The post Dallas Reels from Royal Ransomware Raid appeared first on Security Boulevard.

article thumbnail

Packagist Repository Hacked: Over a Dozen PHP Packages with 500 Million Compromised

The Hacker News

PHP software package repository Packagist revealed that an "attacker" gained access to four inactive accounts on the platform to hijack over a dozen packages with over 500 million installs to date. "The attacker forked each of the packages and replaced the package description in composer.

Hacking 119
article thumbnail

How To Study for CompTIA Cybersecurity Analyst (CySA+)

CompTIA on Cybersecurity

You’ll want to ensure you are fully prepared before you undertake the IT certification process. Here’s our advice on how to study for the new CompTIA CySA+ (CS0-003) exam.

article thumbnail

ReconShark – Kimsuky’s Newest Recon Tool

Heimadal Security

Kimsuky, a North Korean hacking group, has been observed employing a new version of its reconnaissance malware called “ReconShark” in a cyberespionage campaign with global reach. According to security analysts, the threat actor has broadened the range of targets it is now attacking, including government agencies, research institutions, universities, and think tanks in the United […] The post ReconShark – Kimsuky’s Newest Recon Tool appeared first on Heimdal Security Blog.

article thumbnail

Zero Trust Mandate: The Realities, Requirements and Roadmap

The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.

article thumbnail

BrandPost: Effective Security Relies on Effective Communication

CSO Magazine

Implementing a sustainably effective security strategy is complex and challenging for even the most advanced organization. Organizations don’t operate in a vacuum. They rely on information and intelligence from others in the industry, including vendors, media reporting, government agencies, and their organizational peers. This expanded information ecosystem is a powerful benefit to organizations, extending their horizon and aiding them in meeting today's security challenges while bolstering defe

Media 107
article thumbnail

BlackBerry Report Surfaces Increasing Rate of Cyberattacks

Security Boulevard

A threat intelligence report published by BlackBerry found that from December 2022 through February 2023, 12 cyberattacks per minute were launched against organizations using the company’s cybersecurity software and services, with 1.5 of those attacks per minute based on a new malware sample. The BlackBerry report also noted a shift in where those attacks are.

Malware 105
article thumbnail

CSO sentenced to 3 years imprisonment for Uber Data Breach cover up

CyberSecurity Insiders

Joe Sullivan, the former Chief Security Officer (CSO) of Uber, has been sentenced to three years’ imprisonment and 200 hours of community service for covering up a cyber attack on the company’s servers in 2016, which led to a data breach affecting over 50 million riders and drivers. This is believed to be the first case in the history of cyber attacks where a CSO has faced criminal charges and imprisonment for covering up a data breach and obstructing a federal investigation.

CSO 103
article thumbnail

How to Use ASPM to Improve CSPM

Security Boulevard

In recent years, organizations have increasingly moved their applications and infrastructure to the cloud to take advantage of its scalability, flexibility and cost-effectiveness. However, this shift to the cloud has also introduced new security challenges, particularly in the realm of application security. Attackers are constantly looking for ways to exploit vulnerabilities in applications to gain.

article thumbnail

Next-Level Fraud Prevention: Strategies for Today’s Threat Landscape

Speaker: Sierre Lindgren

Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.

article thumbnail

New Vulnerability in Popular WordPress Plugin Exposes Over 2 Million Sites to Cyberattacks

The Hacker News

Users of Advanced Custom Fields plugin for WordPress are being urged to update version 6.1.6 following the discovery of a security flaw. The issue, assigned the identifier CVE-2023-30777, relates to a case of reflected cross-site scripting (XSS) that could be abused to inject arbitrary executable scripts into otherwise benign websites.

102
102
article thumbnail

Does AI Help or Hinder Compliance Efforts?

Security Boulevard

Technology is something of a double-edged sword. The use of AI technology by cybercriminals can leave businesses more vulnerable to legitimate-seeming scams and cyberattacks; at the same time, AI can help defend against those attacks. Compliance standards are put in place to protect not just businesses but also their consumers and investors. These days, companies.

Scams 103
article thumbnail

Microsoft patches 3 vulnerabilities in Azure API Management

CSO Magazine

Microsoft has patched three new vulnerabilities in the Azure API Management service which includes two Server-Side Request Forgery (SSRF) vulnerabilities and a file upload path traversal on an internal Azure workload, according to cybersecurity firm Ermetic. The vulnerabilities were achieved through url formatting bypasses and an unrestricted file upload functionality in the API Management developer portal, Ermetic said.

article thumbnail

APTs target MSP access to customer networks – Week in security with Tony Anscombe

We Live Security

The recent compromise of the networks of several companies via the abuse of a remote access tool used by MSPs exemplifies why state-aligned threat actors should be on the radars of IT service providers The post APTs target MSP access to customer networks – Week in security with Tony Anscombe appeared first on WeLiveSecurity

101
101
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Doctors Behind Mifepristone Ban Called ‘Christians’ a Top Threat

WIRED Threat Level

Leaked documents reveal that the American College of Pediatricians viewed “mainstream medicine” and “nominal Christians” as its opposition.

Hacking 99
article thumbnail

Fortinet fixed two severe issues in FortiADC and FortiOS

Security Affairs

Fortinet has addressed a couple of high-severity vulnerabilities impacting FortiADC, FortiOS, and FortiProxy. Fortinet addressed nine security vulnerabilities affecting multiple products, including two high-severity issues, tracked as CVE-2023-27999 and CVE-2023-22640, in FortiADC, FortiOS, and FortiProxy. The CVE-2023-27999 flaw (CVSS score 7.6) is a command injection issue in the external resource module. “An improper neutralization of special elements used in an OS command vulnerability

VPN 98
article thumbnail

Apple releases first Rapid Security Response update for iOS, iPadOS, and macOS users

Malwarebytes

On Monday, Apple released its first batch of Rapid Security Response (RSR) patches, iOS 16.4.1 (a) , iPadOS 16.4.1 (a) , and macOS 13.3.1 (a) , for iPhone and iPad, and macOS devices, respectively. RSR is a new type of software patch delivered between Apple's regular, scheduled software updates. Previously, Apple security fixes came bundled along with features and improvements, but RSRs only carry security fixes.

Spyware 98
article thumbnail

North Korea-linked Kimsuky APT uses new recon tool ReconShark

Security Affairs

North Korea-linked APT group Kimsuky has been observed using a new reconnaissance tool dubbed ReconShark in a recent campaign. SentinelOne researchers observed an ongoing campaign from North Korea-linked Kimsuky Group that is using a new malware called ReconShark. The reconnaissance tool is delivered through spear-phishing emails, OneDrive links leading to document weaponized downloads, and the execution of malicious macros.

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Quality Assurance Engineering at GitGuardian

Security Boulevard

Learn about the day-to-day life of a QA engineer and the different techniques and processes used by the QA engineering team at GitGuardian to ensure high-quality products. The post Quality Assurance Engineering at GitGuardian appeared first on Security Boulevard.

article thumbnail

Fleckpe Android malware totaled +620K downloads via Google Play Store

Security Affairs

Fleckpe is a new Android subscription Trojan that was discovered in the Google Play Store, totaling more than 620,000 downloads since 2022. Fleckpe is a new Android subscription Trojan that spreads via Google Play, the malware discovered by Kaspersky is hidden in photo editing apps, smartphone wallpaper packs, and other general-purpose apps. The malicious campaign has been active since 2022, the experts discovered eleven apps infected with Fleckpe on Google Play, which have been installed on mor

Malware 98
article thumbnail

City of Dallas Vital Services Shut Down in Suspected Ransomware Attack

SecureWorld News

The City of Dallas, Texas, was forced to shut down police communications and IT systems on Monday morning, May 1, due to a suspected ransomware attack. According to a media statement from the City: "Wednesday morning, the City's security monitoring tools notified our Security Operations Center (SOC) that a likely ransomware attack had been launched within our environment.

article thumbnail

Pro-Russia group NoName took down multiple France sites, including the French Senate one

Security Affairs

The French Senate’s website was taken offline by a DDoS attack launched by the pro-Russian hacker group NoName. The pro-Russia hacker group NoName is claiming responsibility for a DDoS attack that took the website of the French Senate offline. “Access to the Senate website has been disrupted since this morning, our team is fully mobilized to remedy the malfunctions.

DDOS 98
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!