Schneier on Security
SEPTEMBER 28, 2022
The Atlantic Council has published a report on securing the Internet of Things: “Security in the Billions: Toward a Multinational Strategy to Better Secure the IoT Ecosystem.” The report examines the regulatory approaches taken by four countries—the US, the UK, Australia, and Singapore—to secure home, medical, and networking/telecommunications devices.
Tech Republic Security
SEPTEMBER 28, 2022
Microsoft investigated a new kind of attack where malicious OAuth applications were deployed on compromised cloud tenants before being used for mass spamming. The post Malicious Oauth app enables attackers to send spam through corporate cloud tenants appeared first on TechRepublic.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
The Last Watchdog
SEPTEMBER 28, 2022
Phishing attacks are nothing new, but scammers are getting savvier with their tactics. Related: The threat of ‘business logic’ hacks. The Iranian hacker group TA453 has recently been using a technique that creates multiple personas to trick victims , deploying “social proof” to scam people into engaging in a thread. One example comes from Proofpoint, where a researcher began corresponding with an attacker posing as another researcher.
Security Boulevard
SEPTEMBER 28, 2022
Netography today added support for context labels and tagging to a software-as-a-service (SaaS) platform that provides deep packet inspection capabilities to identify cybersecurity threats in near-real-time. Netography CEO Martin Roesch said labels and tags will make it easier for cybersecurity teams to use flow logs to visualize and analyze network traffic by application, location, compliance.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
We Live Security
SEPTEMBER 28, 2022
Online predators increasingly trick or coerce youth into sharing explicit videos and photos of themselves before threatening to post the content online. The post Protecting teens from sextortion: What parents should know appeared first on WeLiveSecurity.
CSO Magazine
SEPTEMBER 28, 2022
We post our daily lives to social media and think nothing of making key details about our lives public. We need to reconsider what we share online and how attackers can use this information to target businesses. Your firm’s security may be one text message away from a breach. How and why attackers target new employees. For example, a firm onboards a new intern and provides them with keys to the office building, logins to the network, and an email address.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
The State of Security
SEPTEMBER 28, 2022
There’s a high chance that you or someone you know has been impacted by email fraud or identity theft. At the very least, you’ve likely received a variety of spam emails and text messages asking to provide a payment or confirm your identity. The good news is that cybersecurity protection is constantly evolving and improving, […]… Read More.
InfoWorld on Security
SEPTEMBER 28, 2022
Now that things seem to be getting back to normal—traffic, delayed flights, and all those things we didn’t miss during the stay-home phase of the pandemic—it’s time to look at what work is going to be like post-pandemic. I found this article an interesting description of some of the human issues that are popping up and how technology needs to address most of these challenges.
Bleeping Computer
SEPTEMBER 28, 2022
The relatively new Bl00Dy Ransomware Gang has started to use a recently leaked LockBit ransomware builder in attacks against companies. [.].
Security Boulevard
SEPTEMBER 28, 2022
The Ukrainian government has warned that Russia is planning a massive attack against the critical infrastructure of Ukraine and of its allies. The post Russia ‘Plans’ HUGE Cyberattack on Critical Infrastructure appeared first on Security Boulevard.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
SecureWorld News
SEPTEMBER 28, 2022
Harvard's Belfer Center for Science and International Affairs today released its updated 2022 National Cyber Power Index (NCPI), a follow-up to its groundbreaking 2020 index that ranks 30 countries according to their capability and intent to pursue eight objectives of cyber power. Key items the report notes: The United States remains atop the list (see the Top 10 and full Top 30 lists below).
Heimadal Security
SEPTEMBER 28, 2022
Lazarus, a North Korean hacking group, now spreads macOS malware via fake Crypto.com job offers. They are targeting employees from the crypto space with malicious files that, once opened, can be used to breach crypto companies’ networks. The goal is to steal as much cryptocurrency and NFTs as possible or even carry out corporate espionage […].
Cisco Security
SEPTEMBER 28, 2022
Written by Martin Lee and Richard Archdeacon. Lloyds of London have recently published a Market Bulletin 1 addressing the wording of cyber insurance policies to exclude losses arising from: “ state backed cyber-attacks that (a) significantly impair the ability of a state to function or (b) that significantly impair the security capabilities of a state. ”.
Malwarebytes
SEPTEMBER 28, 2022
TikTok is no stranger to controversy where data usage is concerned. Back in 2021, the social media dance extravaganza platform agreed to pay $92m to settle dozens of lawsuits alleging harvesting of personal data. There has also been concern with regard to whether or not settings were enough to keep children safe , leading to significant alterations to how those accounts are managed.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Security Boulevard
SEPTEMBER 28, 2022
“There’s usually about 30% corruption in backups” Show notes for series 2, episode 5 Ransomware is feared by businesses all over the world. What happens during and after an attack? We give a unique insight into the experiences of ransomware victims. How do organisations react to a ransomware attack? We examine the grey area between […]. The post Cyber Security DE:CODED – Ransomware appeared first on SE Labs Blog.
Digital Shadows
SEPTEMBER 28, 2022
As we observed in a recent blog on ransomware franchising, ransomware groups often behave like legitimate companies. Large or small, The post Dark Web Recruitment: How Ransomware Groups Hire Cybercriminal Talent first appeared on Digital Shadows.
Security Boulevard
SEPTEMBER 28, 2022
Phishing attacks are nothing new, but scammers are getting savvier with their tactics. Related: The threat of ‘business logic’ hacks. The Iranian hacker group TA453 has recently been using a technique that creates multiple personas to trick victims , deploying … (more…). The post GUEST ESSAY: These advanced phishing tactics should put all businesses on high alert appeared first on Security Boulevard.
Bleeping Computer
SEPTEMBER 28, 2022
A new malware dropper named 'NullMixer' is infecting Windows devices with a dozen different malware families simultaneously through fake software cracks promoted on malicious sites in Google Search results. [.].
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Security Boulevard
SEPTEMBER 28, 2022
In our newest case study, "How a Major U.S. City Rapidly Modernized Its Cybersecurity Defenses," we share how the City cut its cyber tool footprint in half, gained visibility into advanced foreign adversary attacks, and greatly improved the productivity of its SOC staff. The post Case Study: How a Major U.S. City Rapidly Modernized Its Cybersecurity Defenses appeared first on Security Boulevard.
SecureList
SEPTEMBER 28, 2022
Prilex is a Brazilian threat actor that has evolved out of ATM-focused malware into modular point-of-sale malware. The group was behind one of the largest attacks on ATMs in the country, infecting and jackpotting more than 1,000 machines, while also cloning in excess of 28,000 credit cards that were used in these ATMs before the big heist. But the criminals’ greed had no limits: they wanted more, and so they achieved it.
Bleeping Computer
SEPTEMBER 28, 2022
Meta says it took down a large network of Facebook and Instagram accounts pushing disinformation published on more than 60 websites that spoofed multiple legitimate news sites across Europe. [.].
The Hacker News
SEPTEMBER 28, 2022
WhatsApp has released security updates to address two flaws in its messaging app for Android and iOS that could lead to remote code execution on vulnerable devices. One of them concerns CVE-2022-36934 (CVSS score: 9.8), a critical integer overflow vulnerability in WhatsApp that results in the execution of arbitrary code simply by establishing a video call.
Advertisement
The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.
Heimadal Security
SEPTEMBER 28, 2022
The Australian government says that it’s considering adopting tougher cybersecurity laws for companies in the telecommunication sector following the recent Optus data breach, where the data of 9.8 million former and current customers was leaked. Cybersecurity Minister Clare O’Neil told Australian Broadcasting Corp. that the hack was “an unprecedented theft of consumer information in Australian […].
Malwarebytes
SEPTEMBER 28, 2022
The American people are fed up with scam texts, and we need to use every tool we have to do something about it. This is what Jessica Rosenworcel, Chairwoman of the US Federal Communications Commission (FCC) said after releasing a plan that will require mobile carriers to block "robotext" text messages. Just last month, the FCC warned of a steep rise in phishing over SMS (also known as smishing or robotexts).
Duo's Security Blog
SEPTEMBER 28, 2022
Felicia Miller was given a second chance at life. That’s one of the reasons she takes her job as a recruiter at Cisco Secure focused on Duo Security positions so seriously. It’s also why she finds advocating for candidates so meaningful, particularly at a company that values kindness and inclusivity. A resident of Las Vegas with extensive agency and in-house recruitment experience, Miller is driven by passion—whether in the arts or in the candidates she feels honored to guide.
Bleeping Computer
SEPTEMBER 28, 2022
The hacker who claimed to have breached Optus and stolen the data of 11 million customers has withdrawn their extortion demands after facing increased attention by law enforcement. The threat actor also apologized to 10,200 people whose personal data was already leaked on a hacking forum. [.].
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Dark Reading
SEPTEMBER 28, 2022
Initial reports suggest a basic security error allowed the attacker to access the company's live customer database via an unauthenticated API.
Security Affairs
SEPTEMBER 28, 2022
Meta dismantled a network of Facebook and Instagram accounts spreading disinformation across European countries. Meta announced to have taken down a huge Russian network of Facebook and Instagram accounts used to spread disinformation published on more than 60 websites impersonating news organizations across Europe. The disinformation operation began in May 2022, the network targeted primarily Germany, France, Italy, Ukraine and the UK, it was spreading fake content related to the war in Ukraine
Heimadal Security
SEPTEMBER 28, 2022
COPENHAGEN, September 27th, 2022 – After breaking being included in G2’s Summer Reports 2022 in the Niche Quadrant this June, Heimdal™ is now featured in the High Performer Quadrant across several categories. These include Endpoint Detection & Response (EDR), Endpoint Management, and Antivirus, as well as market and region-specific variations of the former.
Security Affairs
SEPTEMBER 28, 2022
WhatsApp has addressed two severe Remote Code Execution vulnerabilities affecting the mobile version of the software. WhatsApp has published three security advisories for 2022, two of which are related to CVE-2021-24042 and CVE-2021-24043 vulnerabilities discovered in January and February, and the third one is related to CVE-2022-36934 and CVE-2022-27492 fixed by the company in September.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Expert insights. Personalized for you.
279 
Let's personalize your content