Troy Hunt

SEPTEMBER 8, 2022

The first time I ever wrote publicly about a company's security vulnerabilities, my boss came to have a word with me after seeing my name in the news headlines. One of the worst days I've ever had was right in the middle of the Have I Been Pwned sale process, and it left me an absolute emotional wreck. When I wrote about how I deal with online abuse, it was off the back of some pretty nasty stuff. which I've now included in this book 😊 These are the stories behind the stor

InfoSec 363

InfoSec Password Management Passwords IoT 363

Schneier on Security

SEPTEMBER 8, 2022

This is from a court deposition : Facebook’s stonewalling has been revealing on its own, providing variations on the same theme: It has amassed so much data on so many billions of people and organized it so confusingly that full transparency is impossible on a technical level. In the March 2022 hearing, Zarashaw and Steven Elia, a software engineering manager, described Facebook as a data-processing apparatus so complex that it defies understanding from within.

Engineering 258

Engineering Software Data collection 258

Tech Republic Security

SEPTEMBER 8, 2022

Jack Wallen shows you how to take control of online advertisements in the Opera web browser, so you can stop worrying ads will take control of you. The post How to manage ad blocking in Opera appeared first on TechRepublic.

Advertising 148

Advertising 148

We Live Security

SEPTEMBER 8, 2022

It pays to do some research before taking a leap into the world of internet-connected toys. The post Toys behaving badly: How parents can protect their family from IoT threats appeared first on WeLiveSecurity.

IoT 145

IoT Internet Internet 145

Speaker: Erroll Amacker

Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.

Risk

Tech Republic Security

SEPTEMBER 8, 2022

The new PCI DSS 4.0 standard means organizations will have to up their game beginning in 2024. The post PCI DSS compliance improving but still lags highs appeared first on TechRepublic.

Cybersecurity 148

Cybersecurity 148

Security Affairs

SEPTEMBER 8, 2022

Cisco fixed new security flaws affecting its products, including a recently disclosed high-severity issue in NVIDIA Data Plane Development Kit. The most severe issues fixed by Cisco are an unauthenticated Access to Messaging Services Vulnerability affecting Cisco SD-WAN vManage software and a vulnerability in NVIDIA Data Plane Development Kit. The two issues have been tracked as CVE-2022-20696 (CVSS score: 7.5) and CVE-2022-28199 (CVSS score: 8.6) respectively.

Authentication 143

Authentication Small Business Software Firewall 143

Security Affairs

SEPTEMBER 8, 2022

North Korea-linked Lazarus APT group is targeting energy providers around the world, including organizations in the US, Canada, and Japan. Talos researchers tracked a campaign, orchestrated by North Korea-linked Lazarus APT group, aimed at energy providers around the world, including organizations in the US, Canada, and Japan. The campaign was observed between February and July 2022.

Malware 131

Malware Hacking Government Information Security 131

CSO Magazine

SEPTEMBER 8, 2022

Marketers in every industry enjoy evidencing their reach to their superiors and providing tangible examples of their width and breadth of influence via social networks, media, and other means of engagement. Photos of both customers and employees engaging at hosted social events, trade shows, conferences, and direct one-on-one encounters are often viewed as gold.

Risk 127

Risk Media Marketing 127

SecureList

SEPTEMBER 8, 2022

H1 2022 in numbers. Geography. In H1 2022, malicious objects were blocked at least once on 31.8% of ICS computers globally. Percentage of ICS computers on which malicious objects were blocked. For the first time in five years of observations, the lowest percentage in the ?first half of the year was observed in March.? During the period from January to March, the percentage of attacked ICS computers decreased by 1.7 p.p.

Spyware 125

Spyware Cryptocurrency Ransomware Phishing 125

Security Affairs

SEPTEMBER 8, 2022

Albania interrupted diplomatic ties with Iran and expelled the country’s embassy staff over the mid-July attack. Albanian Prime Minister Edi Rama announced that Albania interrupted diplomatic ties with Iran and expelled the country’s embassy staff over the massive cyber attack that hit the country in mid-July. The cyberattack hit the servers of the National Agency for Information Society (AKSHI), which handles many government services.

Government 123

Government Hacking Accountability Cyber Attacks 123

Advertisement

Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.

Cyber threats

Bleeping Computer

SEPTEMBER 8, 2022

Cisco says that a new authentication bypass flaw affecting multiple small business VPN routers will not be patched because the devices have reached end-of-life (EoL). [.].

Authentication 122

Authentication Small Business VPN 122

Trend Micro

SEPTEMBER 8, 2022

Through our honeypots and telemetry, we were able to observe instances in which malicious actors abused native Linux tools to launch attacks on Linux environments. In this blog entry, we discuss how these utilities were used and provide recommendations on how to minimize their impact.

120

120

CSO Magazine

SEPTEMBER 8, 2022

Global organizations say they are increasingly at risk of ransomware compromise via their extensive supply chains. Out of 2,958 IT decision makers across 26 countries in North and South America, Europe, and APAC, 79% believe their partners and customers are making their organization a more attractive ransomware target, according to the latest research by Trend Micro.

Ransomware 118

Ransomware Accountability Software Risk 118

Security Affairs

SEPTEMBER 8, 2022

Some members of the Conti ransomware gang were involved in financially motivated attacks targeting Ukraine from April to August 2022. Researchers from Google’s Threat Analysis Group (TAG) reported that some former members of the Conti cybercrime group were involved in five different campaigns targeting Ukraine between April and August 2022. The activities overlap with operations attributed to a group tracked by CERT-UA as UAC-0098 [ 1 , 2 , 3 ].

Ransomware 111

Ransomware Cybercrime Government Media 111

Advertisement

The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.

Cybersecurity

CSO Magazine

SEPTEMBER 8, 2022

In this three-part series, we are detailing how digital transformation necessitates security transformation and how security service edge (SSE) offerings are the ideal solution for modernizing enterprise cybersecurity. Our previous topic revolved around securing hybrid work. This post is focused on stopping data breaches with SSE. This subject is critical because legacy data protection strategies and technologies no longer suffice in the modern business world.

Data breaches 117

Data breaches Digital transformation Technology Cybersecurity 117

The Hacker News

SEPTEMBER 8, 2022

Microsoft's threat intelligence division on Wednesday assessed that a subgroup of the Iranian threat actor tracked as Phosphorus is conducting ransomware attacks as a "form of moonlighting" for personal gain.

Ransomware 109

Ransomware 109

CSO Magazine

SEPTEMBER 8, 2022

Modern application development has wrestled with numerous shortcomings in the security paradigm. Blockchain can mitigate several of those shortcomings, but it requires devising means to integrate with conventional applications. Mainstream cyber security businesses are already working on this, accelerating the blockchain-enabled security landscape.

Authentication 109

Authentication Encryption Software 109

The Hacker News

SEPTEMBER 8, 2022

A Chinese hacking group has been attributed to a new campaign aimed at infecting government officials in Europe, the Middle East, and South America with a modular malware known as PlugX. Cybersecurity firm Secureworks said it identified the intrusions in June and July 2022, once again demonstrating the adversary's continued focus on espionage against governments around the world.

Government 106

Government Malware Hacking Cybersecurity 106

Speaker: Sierre Lindgren

Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.

Scams

WIRED Threat Level

SEPTEMBER 8, 2022

Samizdat Online syndicates banned news sites by hosting them on uncensored domains—allowing people to access independent reporting.

98

98

The Hacker News

SEPTEMBER 8, 2022

A malicious campaign mounted by the North Korea-linked Lazarus Group is targeting energy providers around the world, including those based in the United States, Canada, and Japan.

102

102

Security Boulevard

SEPTEMBER 8, 2022

Increasing competition within the broadband market, multi-access edge computing and private cellular networks and the demand for cybersecurity risk management in the 5G era are gaining momentum in telecommunications. As a result, it has become vital for mobile operators to maintain their infrastructure to keep their businesses profitable and safe. With this in mind, the.

Telecommunications 98

Telecommunications Cybersecurity Mobile Marketing 98

The Hacker News

SEPTEMBER 8, 2022

Cisco on Wednesday rolled out patches to address three security flaws affecting its products, including a high-severity weakness disclosed in NVIDIA Data Plane Development Kit (MLNX_DPDK) late last month. Tracked as CVE-2022-28199 (CVSS score: 8.

99

99

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

Security Boulevard

SEPTEMBER 8, 2022

Security and compliance. With data privacy in the headlines and cyberattacks on the rise, these two simple words have become hot topics across just about every industry. But as conversations about security and compliance continue, it has become clear that not everyone understands the distinction between the two. And while it’s true that there are. The post Security Vs.

Data privacy 98

Data privacy Security Awareness Government Risk 98

The Hacker News

SEPTEMBER 8, 2022

A recent report revealed that ecommerce provider, Shopify uses particularly weak password policies on the customer-facing portion of its Website. According to the report, Shopify's requires its customers to use a password that is at least five characters in length and that does not begin or end with a space.

Passwords 98

Passwords eCommerce 98

Security Boulevard

SEPTEMBER 8, 2022

The Federal Information Security Modernization Act of 2002 (FISMA) requires all federal agencies and their contractors to implement. Read More. The post Determining FedRAMP Risk Impact Levels and Data Security Categories appeared first on Hyperproof. The post Determining FedRAMP Risk Impact Levels and Data Security Categories appeared first on Security Boulevard.

Risk 98

Risk Information Security Data privacy 98

The Hacker News

SEPTEMBER 8, 2022

Major financial and insurance companies located in French-speaking nations in Africa have been targeted over the past two years as part of a persistent malicious campaign codenamed DangerousSavanna.

Financial Services 98

Financial Services Insurance Phishing Cybersecurity 98

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Security Boulevard

SEPTEMBER 8, 2022

We explain what DevSecOps is, how it works, and how integrating security throughout the development process helps create more secure systems. . The post What is DevSecOps? How Does It Work & What Are the Benefits? appeared first on Security Boulevard.

98

98

SecureWorld News

SEPTEMBER 8, 2022

Cyberattacks can force organizations to change all sorts of things about their operations and cyber policies, but completely cutting off another country? This could be a first. Albania has announced it will be severing all diplomatic relations with the Islamic Republic of Iran after a cyberattack in July targeted the government's digital infrastructure and public services.

Government 98

Government Cyber threats Risk Phishing 98

Security Boulevard

SEPTEMBER 8, 2022

Welcome to the latest edition of The Week in Cybersecurity , which brings you the newest headlines from both the world and our team about the most pressing topics in cybersecurity. This week: Vice Society ransomware group targets America’s education sector, the U.S. government’s new position on software supply chain security, and more. . The post The Week in Cybersecurity: Vice Society ransomware group targets back-to-school appeared first on Security Boulevard.

Ransomware 98

Ransomware Cybersecurity Education Software 98

Dark Reading

SEPTEMBER 8, 2022

From analyzing your company's risk profile to knowing where keys are stored and who can access them, prioritize key clean-up and management. Make compliance an outcome and develop a risk management strategy.

Risk 96

Risk 96

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!