Jane Frankland

JUNE 20, 2023

Over the years, I’ve come close to burnout but in the fast-paced digital world, especially since the pandemic, burnout has become a silent epidemic. With long hours, tight deadlines, a constant demand for new innovations, and hybrid working, employees are feeling its effects more than ever. But although burnout is a prevalent issue, many people still feel uncomfortable discussing it openly.

Cybersecurity 130

Cybersecurity Risk InfoSec CISO 130

Tech Republic Security

JUNE 20, 2023

Practices such as using a separate email for sensitive activities and removing personal data from people search sites can help executives improve their data privacy. The post One overlooked element of executive safety: Data privacy appeared first on TechRepublic.

Data privacy 154

Data privacy Big data Media 154

Security Boulevard

JUNE 20, 2023

Unlucky number: Time and again this month, “Russian” hackers bring down Microsoft clouds. The post Microsoft Repeatedly Burned in ‘Layer 7’ DDoS appeared first on Security Boulevard.

DDOS 144

DDOS Security Awareness IoT Risk 144

Tech Republic Security

JUNE 20, 2023

Okta’s formula for multi-device identity authentication for a hybrid workforce: extract passwords, add ease of passkeys across devices. The post Okta moves passkeys to cloud, allowing multi-device authentication appeared first on TechRepublic.

Authentication 151

Authentication Passwords Password Management Software 151

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Bleeping Computer

JUNE 20, 2023

An unknown threat actor is brute-forcing Linux SSH servers to install a wide range of malware, including the Tsunami DDoS (distributed denial of service) bot, ShellBot, log cleaners, privilege escalation tools, and an XMRig (Monero) coin miner. [.

Malware 142

Malware DDOS 142

Tech Republic Security

JUNE 20, 2023

The European Union’s General Data Protection Regulation requires every business enterprise and public authority that collects personal data from EU customers and clients to protect that data from unauthorized access. Finding ideal candidates for the GDPR data protection compliance officer position will require thorough vetting, and potential candidates may be difficult to find.

134

134

Tech Republic Security

JUNE 20, 2023

This policy from TechRepublic Premium will help you create security guidelines for devices that transport and store data. You can use it as-is or customize it to fit the needs of your organization and employees. From the policy: The IT department will be responsible for implementing, adhering to and maintaining these controls. For the purposes. The post Network security policy appeared first on TechRepublic.

Network Security 121

Network Security 121

Bleeping Computer

JUNE 20, 2023

A cyberespionage and hacking campaign tracked as 'RedClouds' uses the custom 'RDStealer' malware to automatically steal data from drives shared through Remote Desktop connections. [.

Malware 137

Malware Hacking 137

Naked Security

JUNE 20, 2023

“Do as we say, not as we do!” – The patches took ages to come out, but don’t let that lure you into taking ages to install them.

140

140

Bleeping Computer

JUNE 20, 2023

Microsoft is working to address a known issue affecting Outlook for Microsoft 365 customers, causing slow starts and freezes as if Offline Outlook Data Files (OST) are being synced right after launch. [.

133

133

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

CyberSecurity Insiders

JUNE 20, 2023

The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. In the vast realm of digital investigations, there exists a fascinating technique known as recycle bin forensics. Delving into the depths of this captivating field unveils a world where seemingly deleted files can still reveal their secrets, allowing digital detectives to reconstruct user activities and uncov

Cybersecurity 120

Cybersecurity Cybercrime Software Cyber threats 120

Bleeping Computer

JUNE 20, 2023

A new DDoS-as-a-Service botnet called "Condi" emerged in May 2023, exploiting a vulnerability in TP-Link Archer AX21 (AX1800) Wi-Fi routers to build an army of bots to conduct attacks. [.

DDOS 127

DDOS Malware 127

Dark Reading

JUNE 20, 2023

A severe security vulnerability allows credentials for the power meters to continuously transmit in cleartext, allowing device takeover.

138

138

Bleeping Computer

JUNE 20, 2023

More than 101,000 ChatGPT user accounts have been compromised by information stealers over the past year, according to dark web marketplace data. [.

Accountability 139

Accountability Malware 139

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

CyberSecurity Insiders

JUNE 20, 2023

By Dimitri Shelest, Founder and CEO of OneRep Companies go to great lengths to protect their top executives. Keeping them safe, healthy and happy so they can perform their duties without unnecessary distractions is critical for the productivity of the company. At one time, executive protection meant providing bodyguards and secure transit, and fortifying executive offices against external threats.

Data privacy 119

Data privacy Media Phishing Cyber Attacks 119

Bleeping Computer

JUNE 20, 2023

A threat group tracked as APT28 and linked to Russia's General Staff Main Intelligence Directorate (GRU) has breached Roundcube email servers belonging to multiple Ukrainian organizations, including government entities. [.

Government 125

Government 125

Security Boulevard

JUNE 20, 2023

The Supreme Court attempted to define what it means to “use” without lawful authority “a means of identification” of another person. The post Identity Crisis: Supreme Court Rules on ‘Identity Theft’ Penalty Enhancement appeared first on Security Boulevard.

Identity Theft 109

Identity Theft Cybersecurity 109

Bleeping Computer

JUNE 20, 2023

VMware updated a security advisory published two weeks ago to warn customers that a now-patched critical vulnerability allowing remote code execution is being actively exploited in attacks. [.

114

114

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Dark Reading

JUNE 20, 2023

It's still important to use other security measures, such as strong passwords and two-factor authentication, to protect your data.

Authentication 125

Authentication Passwords 125

Bleeping Computer

JUNE 20, 2023

The ransomware operation behind a cyberattack on the University of Manchester has begun to email students, warning that their data will soon be leaked after an extortion demand was not paid. [.

Ransomware 113

Ransomware 113

The Hacker News

JUNE 20, 2023

Over 100,000 compromised OpenAI ChatGPT account credentials have found their way on illicit dark web marketplaces between June 2022 and May 2023, with India alone accounting for 12,632 stolen credentials. The credentials were discovered within information stealer logs made available for sale on the cybercrime underground, Group-IB said in a report shared with The Hacker News.

Accountability 106

Accountability Cybercrime 106

We Live Security

JUNE 20, 2023

With passkeys poised for prime time, passwords seem passé. What are the main benefits of ditching one in favor of the other? The post Passwords out, passkeys in: are you ready to make the switch?

Passwords 105

Passwords 105

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

Security Boulevard

JUNE 20, 2023

Discover the importance of preventing secret leaks and the costly consequences organizations face. Learn why existing tooling falls short and how GuardRails can enhance your security posture. The post Preventing and Managing Secrets Leaks appeared first on GuardRails. The post Preventing and Managing Secrets Leaks appeared first on Security Boulevard.

104

104

Dark Reading

JUNE 20, 2023

Infostealers are as alive as ever, wantonly sweeping up whatever business data might be of use to cybercriminals, including OpenAI credentials.

Accountability 110

Accountability 110

Security Boulevard

JUNE 20, 2023

An attacker accessing a privileged account doesn’t begin with a root or administrator account. An attack on a privileged account usually starts with the theft of an average user’s credentials. Passwords are the starting point for fraud, where bad actors disguise themselves as legitimate users. They construct a fraudulent misrepresentation to accomplish their nefarious work.

Accountability 98

Accountability Passwords CISO Security Awareness 98

Security Affairs

JUNE 20, 2023

A third-party vendor of 3CX, a popular Voice over Internet Protocol (VoIP) comms provider, left an open server and exposed sensitive 3CX data. The issue went under the company’s radar, even though it was recently targeted by North Korean hackers. While victims of cyberattacks should not be ridiculed, there’s a reason that sayings like “fool me once, shame on you; fool me twice, shame on me” resonate so well.

Software 98

Software Data breaches Security Performance Malware 98

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Security Boulevard

JUNE 20, 2023

Executive Overview The average cost of a data breach in healthcare in Canada is about 5.5 million CAD. Since delivering patient care depends on cybersecurity, securing healthcare systems and patient data is absolutely crucial. Various factors influence risks to healthcare cybersecurity, including current geopolitical events. The U.S. Department of Health and Human Services issued a […] The post Challenges to Healthcare Cybersecurity appeared first on Flare | Cyber Threat Intel | Digit

Healthcare 98

Healthcare Cybersecurity Data breaches Cyber threats 98

Bleeping Computer

JUNE 20, 2023

Zyxel is warning its NAS (Network Attached Storage) devices users to update their firmware to fix a critical severity command injection vulnerability. [.

Firmware 102

Firmware 102

Security Boulevard

JUNE 20, 2023

Peruse last quarter’s press releases from top cybersecurity vendors, and it’s hard to miss the focus on artificial intelligence (AI) and machine learning (ML). According to these vendors, traditional security tools are getting boosted by advanced algorithms that can analyze large amounts of event and behavioral data to trigger automated decisions that keep organizations safe.

Artificial Intelligence 135

Artificial Intelligence Cybersecurity CISO Security Awareness 135

Security Affairs

JUNE 20, 2023

VMware is warning customers that critical remote code execution vulnerability CVE-2023-20887 is being actively exploited in attacks. VMware is warning customers that a critical remote code execution vulnerability in Aria Operations for Networks (Formerly vRealize Network Insight), tracked as CVE-2023-20887 , is being actively exploited in the wild. “VMware has confirmed that exploitation of CVE-2023-20887 has occurred in the wild,” reads the advisory.

Authentication 96

Authentication Hacking Technology Information Security 96

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.