Anton on Security

MAY 5, 2023

Security business is booming! Reportedly 38K people showed up for RSA 2023, and 600+ vendors did too. It is very clear from observing the large booths of many vendors (including some that are doing well unexpectedly ) that “there is lots of money in cyberland.” As somebody cynically pointed out to me, a huge booth at the RSA conference doesn’t indicate that the company is doing well — it only indicates that it was doing well 6–8 months ago when they paid for the booth … This aside, it is very cl

Threat Detection 130

Threat Detection Artificial Intelligence Cybersecurity Marketing 130

Tech Republic Security

MAY 5, 2023

Google, Apple, Microsoft and other tech giants, as well as the FIDO Alliance, password managers and identity management vendors are all moving to passkeys, thanks to FIDO2. The post RIP World Password Day appeared first on TechRepublic.

Passwords 132

Passwords Password Management Cybersecurity 132

Dark Reading

MAY 5, 2023

Users can check for the updated firmware version of their wireless headphones in the Bluetooth settings of their iPhone, iPad, or Mac devices.

Firmware 135

Firmware Wireless 135

Bleeping Computer

MAY 5, 2023

Security researchers warn that the 'Advanced Custom Fields' and 'Advanced Custom Fields Pro' WordPress plugins, with millions of installs, are vulnerable to cross-site scripting attacks (XSS). [.

138

138

Speaker: William Hord, Senior VP of Risk & Professional Services

Enterprise Risk Management (ERM) is critical for industry growth in today’s fast-paced and ever-changing risk landscape. When building your ERM program foundation, you need to answer questions like: Do we have robust board and management support? Do we understand and articulate our bank’s risk appetite and how that impacts our business units? How are we measuring and rating our risk impact, likelihood, and controls to mitigate our risk?

Banking

The Hacker News

MAY 5, 2023

A new Android subscription malware named Fleckpe has been unearthed on the Google Play Store, amassing more than 620,000 downloads in total since 2022. Kaspersky, which identified 11 apps on the official app storefront, said the malware masqueraded as legitimate photo editing apps, camera, and smartphone wallpaper packs. The apps have since been taken down.

Malware 119

Malware 119

Bleeping Computer

MAY 5, 2023

A new Android malware called 'FluHorse' has been discovered, targeting users in Eastern Asia with malicious apps that imitate legitimate versions. [.

Malware 122

Malware Passwords Mobile 122

Security Boulevard

MAY 5, 2023

Royal, née Zeon, born of Conti: Police, 911, courts and other city services staggering to recover. The post Dallas Reels from Royal Ransomware Raid appeared first on Security Boulevard.

Ransomware 111

Ransomware Security Awareness Social Engineering Network Security 111

Graham Cluley

MAY 5, 2023

Millions of WordPress-powered websites are using the Advanced Custom Fields and Advanced Custom Fields Pro plugins, which security researchers say have been vulnerable to cross-site scripting (XSS) attacks.

Risk 108

Risk 108

CompTIA on Cybersecurity

MAY 5, 2023

You’ll want to ensure you are fully prepared before you undertake the IT certification process. Here’s our advice on how to study for the new CompTIA CySA+ (CS0-003) exam.

Cybersecurity 105

Cybersecurity 105

The Hacker News

MAY 5, 2023

Users of Advanced Custom Fields plugin for WordPress are being urged to update version 6.1.6 following the discovery of a security flaw. The issue, assigned the identifier CVE-2023-30777, relates to a case of reflected cross-site scripting (XSS) that could be abused to inject arbitrary executable scripts into otherwise benign websites.

104

104

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

Risk

Google Security

MAY 5, 2023

Silvia Convento, Senior UX Researcher and Court Jacinic, Senior UX Content Designer In recognition of World Password Day 2023, Google announced its next step toward a passwordless future: passkeys. Passkeys are a new, passwordless authentication method that offer a convenient authentication experience for sites and apps, using just a fingerprint, face scan or other screen lock.

Passwords 103

Passwords Authentication Password Management Phishing 103

Security Boulevard

MAY 5, 2023

A threat intelligence report published by BlackBerry found that from December 2022 through February 2023, 12 cyberattacks per minute were launched against organizations using the company’s cybersecurity software and services, with 1.5 of those attacks per minute based on a new malware sample. The BlackBerry report also noted a shift in where those attacks are.

Malware 103

Malware Cybersecurity Software IoT 103

CSO Magazine

MAY 5, 2023

Google has announced a new entry-level cybersecurity certificate to teach learners how to identify common risks, threats, and vulnerabilities, as well as the techniques to mitigate them. Designed and taught by Google’s cybersecurity experts, the Google Cybersecurity Certificate aims to prepare learners for entry-level jobs in cybersecurity in less than six months with no prior experience required, create greater opportunities for people around the world, and help fill the growing number of open

Threat Detection 99

Threat Detection Cybersecurity Risk 99

Security Boulevard

MAY 5, 2023

Technology is something of a double-edged sword. The use of AI technology by cybercriminals can leave businesses more vulnerable to legitimate-seeming scams and cyberattacks; at the same time, AI can help defend against those attacks. Compliance standards are put in place to protect not just businesses but also their consumers and investors. These days, companies.

Scams 102

Scams Technology Security Awareness Network Security 102

Speaker: Dr. Karen Hardy, CEO and Chief Risk Officer of Strategic Leadership Advisors LLC

Communication is a core component of a resilient organization's risk management framework. However, risk communication involves more than just reporting information and populating dashboards, and we may be limiting our skillset. Storytelling is the ability to express ideas and convey messages to others, including stakeholders. When done effectively, it can help interpret complex risk environments for leaders and inform their decision-making.

Risk

Dark Reading

MAY 5, 2023

Sweeping changes implemented since the May 2021 cyberattack are helping — but more work remains to be done, security experts say.

Ransomware 101

Ransomware 101

Security Boulevard

MAY 5, 2023

Barracuda Networks has published a report detailing how cybercriminals are now embedding malware within an HTML file that historically was created to deliver a malicious payload via a link to an external site. That shift in approach makes it more difficult for some classes of security scanner to detect malware embedded in an email. Barracuda. The post Barracuda Networks Reports Shift in HTML Malware Tactics appeared first on Security Boulevard.

Malware 98

Malware Social Engineering Phishing Cybersecurity 98

Bleeping Computer

MAY 5, 2023

Canadian diversified software company Constellation Software confirmed on Thursday that some of its systems were breached by threat actors who also stole personal information and business data. [.

Software 111

Software Ransomware 111

Security Boulevard

MAY 5, 2023

Learn about the day-to-day life of a QA engineer and the different techniques and processes used by the QA engineering team at GitGuardian to ensure high-quality products. The post Quality Assurance Engineering at GitGuardian appeared first on Security Boulevard.

Engineering 95

Engineering 95

Speaker: Ronald Eddings, Cybersecurity Expert and Podcaster

So, you’ve accomplished an organization-wide SaaS adoption. It started slow, and now just a few team members might be responsible for running Salesforce, Slack, and a few others applications that boost productivity, but it’s all finished. Or is it? Through all the benefits offered by SaaS applications, it’s still a necessity to onboard providers as quickly as possible.

Risk

Dark Reading

MAY 5, 2023

KnowBe4 is offering a no-cost password kit to help end users practice good password hygiene and strengthen their defenses against social engineering.

Passwords 97

Passwords Social Engineering Engineering 97

Security Boulevard

MAY 5, 2023

In recent years, organizations have increasingly moved their applications and infrastructure to the cloud to take advantage of its scalability, flexibility and cost-effectiveness. However, this shift to the cloud has also introduced new security challenges, particularly in the realm of application security. Attackers are constantly looking for ways to exploit vulnerabilities in applications to gain.

Security Awareness 95

Security Awareness Cybersecurity 95

Dark Reading

MAY 5, 2023

The online fraud prevention industry has taken the brunt of increased privacy actions.

Data privacy 96

Data privacy 96

Bleeping Computer

MAY 5, 2023

Android security updates released this month patch a high-severity vulnerability exploited as a zero-day to install commercial spyware on compromised devices. [.

Spyware 111

Spyware 111

Speaker: Ryan McInerny, CAMS, FRM, MSBA - Principal, Product Strategy

Cryptocurrency and non-fungible tokens (NFTs) - what are they and why should you care? With 20% of Americans owning cryptocurrencies, speaking "fluent crypto" in the financial sector ensures you are prepared to discuss growth and risk management strategies when the topic arises. Join this exclusive webinar with Ryan McInerny to learn: Cryptocurrency asset market trends How to manage risk and compliance to serve customers safely Best practices for identifying crypto transactions and companies Rev

Cryptocurrency

Security Affairs

MAY 5, 2023

Fortinet has addressed a couple of high-severity vulnerabilities impacting FortiADC, FortiOS, and FortiProxy. Fortinet addressed nine security vulnerabilities affecting multiple products, including two high-severity issues, tracked as CVE-2023-27999 and CVE-2023-22640, in FortiADC, FortiOS, and FortiProxy. The CVE-2023-27999 flaw (CVSS score 7.6) is a command injection issue in the external resource module. “An improper neutralization of special elements used in an OS command vulnerability

VPN 87

VPN Hacking Cybersecurity Authentication 87

WIRED Threat Level

MAY 5, 2023

Leaked documents reveal that the American College of Pediatricians viewed “mainstream medicine” and “nominal Christians” as its opposition.

Hacking 83

Hacking 83

Dark Reading

MAY 5, 2023

The Biden administration outlined its plans to ensure responsible AI development — cyber-risk is a core element.

Cyber Risk 86

Cyber Risk Software Risk 86

Security Boulevard

MAY 5, 2023

Cybercriminals seem to always be looking for new and innovative ways to commit their crimes more efficiently. In the past, the dark web and parts of the deep web were some of the most common places where you can find cybercriminals committing their schemes. However, many criminals have moved over to more secure online messaging […] The post The Typology of Illicit Telegram Channels appeared first on Flare | Cyber Threat Intel | Digital Risk Protection.

Cyber threats 81

Cyber threats Risk 81

Speaker: Karl Camilleri, Cloud Services Product Manager at phoenixNAP

Did you know that 2021 was a record-breaking year for ransomware? The days of a “once in a while” attack against businesses and organizations are over. Cyberthreats have become a serious issue. With 495.1 million attacks, the threat marked a 148% increase compared to 2020 and was the most expensive year on record! As a result, data protection needs to be a concern for most banks, businesses, and information technology specialists.

Ransomware

Dark Reading

MAY 5, 2023

Tell other CISO's "you got a break," judge says in handing down a three-year probation sentence to Joseph Sullivan.

CISO 88

CISO Data breaches 88

Malwarebytes

MAY 5, 2023

On Monday, Apple released its first batch of Rapid Security Response (RSR) patches, iOS 16.4.1 (a) , iPadOS 16.4.1 (a) , and macOS 13.3.1 (a) , for iPhone and iPad, and macOS devices, respectively. RSR is a new type of software patch delivered between Apple's regular, scheduled software updates. Previously, Apple security fixes came bundled along with features and improvements, but RSRs only carry security fixes.

Spyware 80

Spyware Ransomware Software Risk 80

Security Boulevard

MAY 5, 2023

Executive Overview Illicit Telegram channels have become a growing concern in the realm of cybercrime. Threat actors want to connect with each other in fast, reliable, and “anonymous” ways. Telegram has been their answer, and malicious actors are increasingly moving off of Tor and onto the instant messaging platform. Flare Director of Marketing Eric Clay […] The post Threat Spotlight: The New Dark Web?

Cyber threats 80

Cyber threats Cybercrime Risk Marketing 80

Dark Reading

MAY 5, 2023

One way to hide malicious activity is to make it look benign by blending in with regular traffic passing through content delivery networks (CDNs) and cloud service providers, according to a Netskope report.

Malware 88

Malware 88

Speaker: Alex Jiménez, Managing Principal, Financial Service Consulting for EPAM

Global economic conditions are soft at best. From a budget standpoint, US banks are feeling the pinch. Many US banks are bracing for increased defaults and lower demand for mortgages and other loans as interest rates have increased. The largest banks have increased reserves to protect against deteriorating economic conditions. Should banks delay their digital transformation investments and focus on cost reductions?

Digital transformation