Schneier on Security
FEBRUARY 1, 2023
This is the result of a security audit: More than a fifth of the passwords protecting network accounts at the US Department of the Interior—including Password1234, Password1234!, and ChangeItN0w!—were weak enough to be cracked using standard methods, a recently published security audit of the agency found. […] The results weren’t encouraging.
Tech Republic Security
FEBRUARY 1, 2023
Change Your Password Day — an annual reminder of just how bad passwords really are. The post The headache of changing passwords appeared first on TechRepublic.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Security Boulevard
FEBRUARY 1, 2023
U.S. cuts off Huawei’s last sources of technology. Export licenses for chips and other tech components are finished. The post ‘Finish Him!’ US Kills Huawei With Final Tech Ban appeared first on Security Boulevard.
Tech Republic Security
FEBRUARY 1, 2023
A new business email attack threat actor is using a stealth tactic to avoid giveaways of typical social engineering attacks. Learn the best defense for protecting your company. The post New cybersecurity BEC attack mimics vendors appeared first on TechRepublic.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Bleeping Computer
FEBRUARY 1, 2023
Google Fi, Google's U.S.-only telecommunications and mobile internet service, has informed customers that personal data was exposed by a data breach at one of its primary network providers, with some customers warned that it allowed SIM swapping attacks. [.
Tech Republic Security
FEBRUARY 1, 2023
A new phishing campaign abuses OneNote documents to infect computers with the infamous AsyncRAT malware, targeting users in the U.K., Canada and the U.S. The post OneNote documents spread malware in several countries appeared first on TechRepublic.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
CyberSecurity Insiders
FEBRUARY 1, 2023
A serious cyber attack that took place on the servers of trading software service provider named ION is said to have affected its operations deeply, as the entire communication network was paralyzed for hours. Several of the trading clients took to their twitter accounts to express their anger over the disruption and urged the company ION to safeguard its IT infrastructure well in advance from digital invasions from now on.
Dark Reading
FEBRUARY 1, 2023
Two security holes — one particularly gnarly — could allow hackers the freedom to do as they wish with the popular edge equipment.
Naked Security
FEBRUARY 1, 2023
Is it a vulnerability if someone with control over your account can mess with files that your account is allowed to access anyway?
Dark Reading
FEBRUARY 1, 2023
Companies need to be aware of the work culture they foster. Diversity and inclusion aren't just buzzwords. Increasing female visibility and improving female mentoring to help women enter and advance within the cybersecurity industry are key steps forward.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Bleeping Computer
FEBRUARY 1, 2023
New stealthy malware designed to hunt down vulnerable Redis servers online has infected over a thousand of them since September 2021 to build a botnet that mines for Monero cryptocurrency. [.
CyberSecurity Insiders
FEBRUARY 1, 2023
At the beginning this week, ransomware spreading hackers locked down the servers of Nantucket Public Schools with the help of file encrypting malware, prompting the school authorities to shut down the schools from Tuesday. As of the time of this writing, the school authorities could not recover their IT infrastructure from the attack and so announced that they will close the operations of the school on Wednesday for a second day.
CSO Magazine
FEBRUARY 1, 2023
The two biggest cloud security risks continue to be misconfigurations and vulnerabilities, which are being introduced in greater numbers through software supply chains, according to a report by Sysdig. While zero trust is a top priority, data showed that least privilege access rights, an underpinning of zero trust architecture, are not properly enforced.
Trend Micro
FEBRUARY 1, 2023
We analyze an infection campaign targeting organizations in the Middle East for cyberespionage in December 2022 using a new backdoor malware. The campaign abuses legitimate but compromised email accounts to send stolen data to external mail accounts controlled by the attackers.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
CSO Magazine
FEBRUARY 1, 2023
To illuminate the evolving digital threat landscape and help the cyber community understand today’s most pressing threats, we released our annual Microsoft Digital Defense Report. This year’s report focuses on five key topics: cybercrime, nation-state threats, devices and infrastructure, cyber-influence operations, and cyber resiliency. With intelligence from 43 trillion daily security signals, organizations can leverage the findings presented in this report to strengthen their cyber defenses.
Security Through Education
FEBRUARY 1, 2023
Painted hearts on restaurant doors, red roses in hand, candies and chocolates on display. These are just some of the signs that the month of love is coming upon us again. As February approaches, many are excited for what it promises; romance. Among hopefuls searching for a true connection though, are those who take advantage of our need for human interaction, namely scammers.
We Live Security
FEBRUARY 1, 2023
Lose what you don’t use and other easy ways to limit your digital footprint and strengthen your online privacy and security The post Less is more: Conquer your digital clutter before it conquers you appeared first on WeLiveSecurity
Bleeping Computer
FEBRUARY 1, 2023
A relatively new ransomware operation known as Nevada seems to grow its capabilities quickly as security researchers noticed improved functionality for the locker targeting Windows and VMware ESXi systems. [.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
CSO Magazine
FEBRUARY 1, 2023
The January patching window for your firm has probably come and gone. But has it? While January included a huge release of patches, several releases in other months have provided more than one headache for the patch management community. These are the patches and updates you need to evaluate if you haven’t already done so. BitLocker Security Feature Bypass Vulnerability In January, additional information came out about CVE-2022-41099 , the BitLocker Security Feature Bypass Vulnerability.
Security Boulevard
FEBRUARY 1, 2023
Coalition, a provider of cyberinsurance, today published a report that predicted a 13% increase in the average number of vulnerabilities disclosed per month in 2023. The report estimated more than 1,900 additional Common Vulnerabilities and Exposures (CVEs) per month will be disclosed in 2023, including 270 high-severity and 155 critical-severity vulnerabilities.
CSO Magazine
FEBRUARY 1, 2023
A new open framework seeks to outline a comprehensive and actionable way for businesses and security teams to understand attacker behaviors and techniques specifically impacting the software supply chain. The Open Software Supply Chain Attack Reference (OSC&R) initiative, led by OX Security, evaluates software supply chain security threats, covering a wide range of attack vectors including vulnerabilities in third-party libraries and components, supply chain attacks on build and deployment s
Security Boulevard
FEBRUARY 1, 2023
With all the chatter surrounding zero-trust, it seems mature initiatives should be chugging along by now. But Gartner just threw a bucket of reality on the market with its prediction that in three years, only one-tenth of large enterprises will have zero-trust programs in place that are mature and measurable. John Watts, VP analyst, Gartner. The post Zero-Trust Alone Won’t Save You appeared first on Security Boulevard.
Advertisement
The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.
CSO Magazine
FEBRUARY 1, 2023
The US Department of Justice (DOJ) has taken a carrot-and-stick approach to its corporate enforcement policy in regard to the Foreign Corrupt Practices Act (FCPA) in an effort to entice companies to self-report when in violation of the FCPA. Assistant Attorney General Kenneth A. Polite, Jr., shared the 2022 success of the Criminal Division of the DOJ in its pursuit of corrupt and criminal activities within corporations that “threaten the public safety and national security, [and] wrongfully div
Bleeping Computer
FEBRUARY 1, 2023
Hackers have been targeting online gaming and gambling companies with what appears to be a previously unseen backdoor that researchers have named IceBreaker. [.
Security Boulevard
FEBRUARY 1, 2023
This is the result of a security audit: More than a fifth of the passwords protecting network accounts at the US Department of the Interior—including Password1234, Password1234!, and ChangeItN0w!—were weak enough to be cracked using standard methods, a recently published security audit of the agency found. […] The results weren’t encouraging. In all, the auditors cracked 18,174—or 21 percent—of the 85,944 cryptographic hashes they tested; 288 of the affected accounts had elevated privileges, an
The Hacker News
FEBRUARY 1, 2023
Container technology has gained traction among businesses due to the increased efficiency it provides. In this regard, organizations widely use Kubernetes for deploying, scaling, and managing containerized applications. Organizations should audit Kubernetes to ensure compliance with regulations, find anomalies, and identify security risks.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Security Boulevard
FEBRUARY 1, 2023
Perhaps—just maybe—2022, mainly due to the Russian invasion of Ukraine and the use of offensive digital operations, will go down as the year executives started taking the threat of cyberwarfare as a realistic risk against their operations. This week, device security platform provider Armis took a stab at quantifying the current state of cyberwarfare and.
Security Affairs
FEBRUARY 1, 2023
Censys found 30,000 internet-facing QNAP appliances potentially impacted by a recently disclosed critical code injection flaw. On January 30, Taiwanese vendor QNAP released QTS and QuTS firmware updates to address a critical vulnerability, tracked as CVE-2022-27596 (CVSS v3 score: 9.8), that affects QNAP NAS devices. A remote attacker can exploit the vulnerability to inject malicious code on QNAP NAS devices.
Dark Reading
FEBRUARY 1, 2023
A new supply chain risk management office aims to help public and private sectors implement recent CISA policies and guidance.
Security Boulevard
FEBRUARY 1, 2023
CircleCI and Slack Security Incidents CircleCI offers a continuous integration and delivery platform for software development. A recent breach provides an opportunity to learn about growing SaaS security threats. Per the company’s investigation, an attacker installed malware on a CircleCI employee’s laptop while the “malware was not detected by our antivirus software.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Expert insights. Personalized for you.
236 
Let's personalize your content