Schneier on Security
FEBRUARY 1, 2023
This is the result of a security audit: More than a fifth of the passwords protecting network accounts at the US Department of the Interior—including Password1234, Password1234!, and ChangeItN0w!—were weak enough to be cracked using standard methods, a recently published security audit of the agency found. […] The results weren’t encouraging.
Tech Republic Security
FEBRUARY 1, 2023
Change Your Password Day — an annual reminder of just how bad passwords really are. The post The headache of changing passwords appeared first on TechRepublic.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Trend Micro
FEBRUARY 1, 2023
We analyze an infection campaign targeting organizations in the Middle East for cyberespionage in December 2022 using a new backdoor malware. The campaign abuses legitimate but compromised email accounts to send stolen data to external mail accounts controlled by the attackers.
Tech Republic Security
FEBRUARY 1, 2023
A new business email attack threat actor is using a stealth tactic to avoid giveaways of typical social engineering attacks. Learn the best defense for protecting your company. The post New cybersecurity BEC attack mimics vendors appeared first on TechRepublic.
Speaker: Erroll Amacker
Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.
Dark Reading
FEBRUARY 1, 2023
Two security holes — one particularly gnarly — could allow hackers the freedom to do as they wish with the popular edge equipment.
Tech Republic Security
FEBRUARY 1, 2023
A new phishing campaign abuses OneNote documents to infect computers with the infamous AsyncRAT malware, targeting users in the U.K., Canada and the U.S. The post OneNote documents spread malware in several countries appeared first on TechRepublic.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
|
Naked Security
FEBRUARY 1, 2023
Is it a vulnerability if someone with control over your account can mess with files that your account is allowed to access anyway?
Dark Reading
FEBRUARY 1, 2023
Killnet is building its profile, inspiring jewelry sales and rap anthems. But the impact of its DDoS attacks, like the ones that targeted 14 major US hospitals this week, remain largely questionable.
Trend Micro
FEBRUARY 1, 2023
We analyze a BEC campaign targeting large companies around the world that was leveraging open-source tools to stay under the radar.
Jane Frankland
FEBRUARY 1, 2023
The past couple of years has seen remote work leveling the playing field in terms of women in cybersecurity. Simply being able to work from home has made it easier for many companies to draw in a more diversified workforce, and boost their presence of women and minorities. But, just as companies made progress, the economic downturn is forcing many companies to lay off staff in droves.
Advertisement
Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.
CyberSecurity Insiders
FEBRUARY 1, 2023
A serious cyber attack that took place on the servers of trading software service provider named ION is said to have affected its operations deeply, as the entire communication network was paralyzed for hours. Several of the trading clients took to their twitter accounts to express their anger over the disruption and urged the company ION to safeguard its IT infrastructure well in advance from digital invasions from now on.
Jane Frankland
FEBRUARY 1, 2023
The past couple of years has seen remote work leveling the playing field in terms of women in cybersecurity. Simply being able to work from home has made it easier for many companies to draw in a more diversified workforce, and boost their presence of women and minorities. But, just as companies made progress, the economic downturn is forcing many companies to lay off staff in droves.
We Live Security
FEBRUARY 1, 2023
Lose what you don’t use and other easy ways to limit your digital footprint and strengthen your online privacy and security The post Less is more: Conquer your digital clutter before it conquers you appeared first on WeLiveSecurity
Dark Reading
FEBRUARY 1, 2023
A new supply chain risk management office aims to help public and private sectors implement recent CISA policies and guidance.
Advertisement
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
CyberSecurity Insiders
FEBRUARY 1, 2023
At the beginning this week, ransomware spreading hackers locked down the servers of Nantucket Public Schools with the help of file encrypting malware, prompting the school authorities to shut down the schools from Tuesday. As of the time of this writing, the school authorities could not recover their IT infrastructure from the attack and so announced that they will close the operations of the school on Wednesday for a second day.
Dark Reading
FEBRUARY 1, 2023
Companies need to be aware of the work culture they foster. Diversity and inclusion aren't just buzzwords. Increasing female visibility and improving female mentoring to help women enter and advance within the cybersecurity industry are key steps forward.
CSO Magazine
FEBRUARY 1, 2023
The two biggest cloud security risks continue to be misconfigurations and vulnerabilities, which are being introduced in greater numbers through software supply chains, according to a report by Sysdig. While zero trust is a top priority, data showed that least privilege access rights, an underpinning of zero trust architecture, are not properly enforced.
Security Through Education
FEBRUARY 1, 2023
Painted hearts on restaurant doors, red roses in hand, candies and chocolates on display. These are just some of the signs that the month of love is coming upon us again. As February approaches, many are excited for what it promises; romance. Among hopefuls searching for a true connection though, are those who take advantage of our need for human interaction, namely scammers.
Speaker: Sierre Lindgren
Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.
CSO Magazine
FEBRUARY 1, 2023
To illuminate the evolving digital threat landscape and help the cyber community understand today’s most pressing threats, we released our annual Microsoft Digital Defense Report. This year’s report focuses on five key topics: cybercrime, nation-state threats, devices and infrastructure, cyber-influence operations, and cyber resiliency. With intelligence from 43 trillion daily security signals, organizations can leverage the findings presented in this report to strengthen their cyber defenses.
Security Boulevard
FEBRUARY 1, 2023
Coalition, a provider of cyberinsurance, today published a report that predicted a 13% increase in the average number of vulnerabilities disclosed per month in 2023. The report estimated more than 1,900 additional Common Vulnerabilities and Exposures (CVEs) per month will be disclosed in 2023, including 270 high-severity and 155 critical-severity vulnerabilities.
Graham Cluley
FEBRUARY 1, 2023
Graham Cluley Security News is sponsored this week by the folks at Edgescan. Thanks to the great team there for their support! Edgescan simplifies Vulnerability Management (VM) by delivering a single full-stack SaaS solution integrated with world-class security professionals.
Security Boulevard
FEBRUARY 1, 2023
With all the chatter surrounding zero-trust, it seems mature initiatives should be chugging along by now. But Gartner just threw a bucket of reality on the market with its prediction that in three years, only one-tenth of large enterprises will have zero-trust programs in place that are mature and measurable. John Watts, VP analyst, Gartner. The post Zero-Trust Alone Won’t Save You appeared first on Security Boulevard.
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
GlobalSign
FEBRUARY 1, 2023
The Internet of Things (IoT) is the network of internet-connected objects. In this article, we look at the history and the future of IoT.
Heimadal Security
FEBRUARY 1, 2023
New versions of Prilex point-of-sale (POS) malware have been spotted in the wild. Their new capabilities include blocking Near Field Communication (NFC) credit card transactions. This way clients are obliged to use the machine to pay, allowing the malicious code to steal credit card details. The NFC chips found in credit cards and mobile devices […] The post New Versions of Prilex POS Malware Can Block Contactless Transactions appeared first on Heimdal Security Blog.
CSO Magazine
FEBRUARY 1, 2023
The January patching window for your firm has probably come and gone. But has it? While January included a huge release of patches, several releases in other months have provided more than one headache for the patch management community. These are the patches and updates you need to evaluate if you haven’t already done so. BitLocker Security Feature Bypass Vulnerability In January, additional information came out about CVE-2022-41099 , the BitLocker Security Feature Bypass Vulnerability.
Bleeping Computer
FEBRUARY 1, 2023
New stealthy malware designed to hunt down vulnerable Redis servers online has infected over a thousand of them since September 2021 to build a botnet that mines for Monero cryptocurrency. [.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
CSO Magazine
FEBRUARY 1, 2023
A new open framework seeks to outline a comprehensive and actionable way for businesses and security teams to understand attacker behaviors and techniques specifically impacting the software supply chain. The Open Software Supply Chain Attack Reference (OSC&R) initiative, led by OX Security, evaluates software supply chain security threats, covering a wide range of attack vectors including vulnerabilities in third-party libraries and components, supply chain attacks on build and deployment s
The Hacker News
FEBRUARY 1, 2023
Cybersecurity researchers have disclosed details of two security flaws in the open source ImageMagick software that could potentially lead to a denial-of-service (DoS) and information disclosure. The two issues, which were identified by Latin American cybersecurity firm Metabase Q in version 7.1.0-49, were addressed in ImageMagick version 7.1.0-52, released in November 2022.
CSO Magazine
FEBRUARY 1, 2023
The US Department of Justice (DOJ) has taken a carrot-and-stick approach to its corporate enforcement policy in regard to the Foreign Corrupt Practices Act (FCPA) in an effort to entice companies to self-report when in violation of the FCPA. Assistant Attorney General Kenneth A. Polite, Jr., shared the 2022 success of the Criminal Division of the DOJ in its pursuit of corrupt and criminal activities within corporations that “threaten the public safety and national security, [and] wrongfully div
Approachable Cyber Threats
FEBRUARY 1, 2023
Category Case Study The healthcare industry is facing an ever-growing cyber threat that has doubled in the last five years. Ransomware attacks are among the most common methods used to target healthcare systems, resulting in millions of people’s personal information being compromised and costing the healthcare systems millions of dollars. In this case study, we look at vulnerabilities that most impact the industry and how healthcare providers can protect themselves from cyber threats.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Expert insights. Personalized for you.
298 
Let's personalize your content