Schneier on Security
SEPTEMBER 28, 2022
The Atlantic Council has published a report on securing the Internet of Things: “Security in the Billions: Toward a Multinational Strategy to Better Secure the IoT Ecosystem.” The report examines the regulatory approaches taken by four countries—the US, the UK, Australia, and Singapore—to secure home, medical, and networking/telecommunications devices.
Tech Republic Security
SEPTEMBER 28, 2022
Microsoft investigated a new kind of attack where malicious OAuth applications were deployed on compromised cloud tenants before being used for mass spamming. The post Malicious Oauth app enables attackers to send spam through corporate cloud tenants appeared first on TechRepublic.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
WIRED Threat Level
SEPTEMBER 28, 2022
Want to speak up against Big Tech, unjust data collection, and surveillance? Here's how to be an activist in your community and beyond.
Cisco Security
SEPTEMBER 28, 2022
Explore the nature of vulnerabilities in this episode of ThreatWise TV. It’s shaping up to be another big year for vulnerability disclosure. Already the number of Common Vulnerabilities and Exposures (CVEs) disclosed has crossed 18,000 and it’s on track to make this another record-breaking year. With new CVEs being disclosed daily, it has become increasingly difficult for security teams to stay abreast of the latest risks, let alone quickly determine which ones apply to their network environment
Speaker: Erroll Amacker
Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.
We Live Security
SEPTEMBER 28, 2022
Online predators increasingly trick or coerce youth into sharing explicit videos and photos of themselves before threatening to post the content online. The post Protecting teens from sextortion: What parents should know appeared first on WeLiveSecurity.
Security Boulevard
SEPTEMBER 28, 2022
Netography today added support for context labels and tagging to a software-as-a-service (SaaS) platform that provides deep packet inspection capabilities to identify cybersecurity threats in near-real-time. Netography CEO Martin Roesch said labels and tags will make it easier for cybersecurity teams to use flow logs to visualize and analyze network traffic by application, location, compliance.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
|
Cisco Security
SEPTEMBER 28, 2022
Written by Martin Lee and Richard Archdeacon. Lloyds of London have recently published a Market Bulletin 1 addressing the wording of cyber insurance policies to exclude losses arising from: “ state backed cyber-attacks that (a) significantly impair the ability of a state to function or (b) that significantly impair the security capabilities of a state. ”.
SecureList
SEPTEMBER 28, 2022
Prilex is a Brazilian threat actor that has evolved out of ATM-focused malware into modular point-of-sale malware. The group was behind one of the largest attacks on ATMs in the country, infecting and jackpotting more than 1,000 machines, while also cloning in excess of 28,000 credit cards that were used in these ATMs before the big heist. But the criminals’ greed had no limits: they wanted more, and so they achieved it.
SecureWorld News
SEPTEMBER 28, 2022
Harvard's Belfer Center for Science and International Affairs today released its updated 2022 National Cyber Power Index (NCPI), a follow-up to its groundbreaking 2020 index that ranks 30 countries according to their capability and intent to pursue eight objectives of cyber power. Key items the report notes: The United States remains atop the list (see the Top 10 and full Top 30 lists below).
The Last Watchdog
SEPTEMBER 28, 2022
Phishing attacks are nothing new, but scammers are getting savvier with their tactics. Related: The threat of ‘business logic’ hacks. The Iranian hacker group TA453 has recently been using a technique that creates multiple personas to trick victims , deploying “social proof” to scam people into engaging in a thread. One example comes from Proofpoint, where a researcher began corresponding with an attacker posing as another researcher.
Advertisement
Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.
Heimadal Security
SEPTEMBER 28, 2022
Lazarus, a North Korean hacking group, now spreads macOS malware via fake Crypto.com job offers. They are targeting employees from the crypto space with malicious files that, once opened, can be used to breach crypto companies’ networks. The goal is to steal as much cryptocurrency and NFTs as possible or even carry out corporate espionage […].
The State of Security
SEPTEMBER 28, 2022
There’s a high chance that you or someone you know has been impacted by email fraud or identity theft. At the very least, you’ve likely received a variety of spam emails and text messages asking to provide a payment or confirm your identity. The good news is that cybersecurity protection is constantly evolving and improving, […]… Read More.
Bleeping Computer
SEPTEMBER 28, 2022
The relatively new Bl00Dy Ransomware Gang has started to use a recently leaked LockBit ransomware builder in attacks against companies. [.].
InfoWorld on Security
SEPTEMBER 28, 2022
Now that things seem to be getting back to normal—traffic, delayed flights, and all those things we didn’t miss during the stay-home phase of the pandemic—it’s time to look at what work is going to be like post-pandemic. I found this article an interesting description of some of the human issues that are popping up and how technology needs to address most of these challenges.
Advertisement
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
Security Affairs
SEPTEMBER 28, 2022
nuvola is the new open-source cloud security tool to address the privilege escalation in cloud environments. nuvola is the new open source security tool made by the Italian cyber security researcher Edoardo Rosa ( @_notdodo_ ), Security Engineer at Prima Assicurazioni. The tool was released during the RomHack 2022 security conference in Rome. The tool helps the security community to address the complex topic of privilege escalation on cloud environments such as AWS.
Security Boulevard
SEPTEMBER 28, 2022
The Ukrainian government has warned that Russia is planning a massive attack against the critical infrastructure of Ukraine and of its allies. The post Russia ‘Plans’ HUGE Cyberattack on Critical Infrastructure appeared first on Security Boulevard.
Security Affairs
SEPTEMBER 28, 2022
Meta dismantled a network of Facebook and Instagram accounts spreading disinformation across European countries. Meta announced to have taken down a huge Russian network of Facebook and Instagram accounts used to spread disinformation published on more than 60 websites impersonating news organizations across Europe. The disinformation operation began in May 2022, the network targeted primarily Germany, France, Italy, Ukraine and the UK, it was spreading fake content related to the war in Ukraine
Heimadal Security
SEPTEMBER 28, 2022
The Australian government says that it’s considering adopting tougher cybersecurity laws for companies in the telecommunication sector following the recent Optus data breach, where the data of 9.8 million former and current customers was leaked. Cybersecurity Minister Clare O’Neil told Australian Broadcasting Corp. that the hack was “an unprecedented theft of consumer information in Australian […].
Speaker: Sierre Lindgren
Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.
Dark Reading
SEPTEMBER 28, 2022
Initial reports suggest a basic security error allowed the attacker to access the company's live customer database via an unauthenticated API.
Heimadal Security
SEPTEMBER 28, 2022
COPENHAGEN, September 27th, 2022 – After breaking being included in G2’s Summer Reports 2022 in the Niche Quadrant this June, Heimdal™ is now featured in the High Performer Quadrant across several categories. These include Endpoint Detection & Response (EDR), Endpoint Management, and Antivirus, as well as market and region-specific variations of the former.
Security Affairs
SEPTEMBER 28, 2022
North Korea-linked Lazarus APT group is targeting macOS Users searching for jobs in the cryptocurrency industry. North Korea-linked Lazarus APT group continues to target macOS with a malware campaign using job opportunities as a lure. The attackers aimed at stealing credentials for the victims’ wallets. Last week, SentinelOne researchers discovered a decoy documents advertising positions for the popular cryptocurrency exchange Crypto.com.
Heimadal Security
SEPTEMBER 28, 2022
A new malware named “NullMixer” is making waves as it infects Windows devices with a dozen different malware families simultaneously. The malware is infecting devices through fake software cracks promoted on malicious websites on Google Search. Using a single Windows executable to spawn 12 separate malware families, NullMixer serves as an infection funnel, resulting in […].
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
Dark Reading
SEPTEMBER 28, 2022
SOC metrics will allow stakeholders to track the current state of a program and how it's supporting business objectives.
Security Affairs
SEPTEMBER 28, 2022
WhatsApp has addressed two severe Remote Code Execution vulnerabilities affecting the mobile version of the software. WhatsApp has published three security advisories for 2022, two of which are related to CVE-2021-24042 and CVE-2021-24043 vulnerabilities discovered in January and February, and the third one is related to CVE-2022-36934 and CVE-2022-27492 fixed by the company in September.
The Hacker News
SEPTEMBER 28, 2022
WhatsApp has released security updates to address two flaws in its messaging app for Android and iOS that could lead to remote code execution on vulnerable devices. One of them concerns CVE-2022-36934 (CVSS score: 9.8), a critical integer overflow vulnerability in WhatsApp that results in the execution of arbitrary code simply by establishing a video call.
WIRED Threat Level
SEPTEMBER 28, 2022
Pornhub is trialing a new automated tool that pushes CSAM-searchers to seek help for their online behavior. Will it work?
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
The Hacker News
SEPTEMBER 28, 2022
As many as 75 apps on Google Play and 10 on Apple App Store have been discovered engaging in ad fraud as part of an ongoing campaign that commenced in 2019. The latest iteration, dubbed Scylla by Online fraud-prevention firm HUMAN Security, follows similar attack waves in August 2019 and late 2020 that go by the codename Poseidon and Charybdis, respectively.
Naked Security
SEPTEMBER 28, 2022
Is WhatsApp currently under active attack by cyercriminals? Is this a clear and current danger? How worried should WhatsApp users be?
The Hacker News
SEPTEMBER 28, 2022
The global cybersecurity market is flourishing. Experts at Gartner predict that the end-user spending for the information security and risk management market will grow from $172.5 billion in 2022 to $267.3 billion in 2026. One big area of spending includes the art of putting cybersecurity defenses under pressure, commonly known as security testing.
Malwarebytes
SEPTEMBER 28, 2022
TikTok is no stranger to controversy where data usage is concerned. Back in 2021, the social media dance extravaganza platform agreed to pay $92m to settle dozens of lawsuits alleging harvesting of personal data. There has also been concern with regard to whether or not settings were enough to keep children safe , leading to significant alterations to how those accounts are managed.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Expert insights. Personalized for you.
325 
Let's personalize your content