Troy Hunt

SEPTEMBER 8, 2022

The first time I ever wrote publicly about a company's security vulnerabilities, my boss came to have a word with me after seeing my name in the news headlines. One of the worst days I've ever had was right in the middle of the Have I Been Pwned sale process, and it left me an absolute emotional wreck. When I wrote about how I deal with online abuse, it was off the back of some pretty nasty stuff. which I've now included in this book 😊 These are the stories behind the stor

InfoSec 359

InfoSec Password Management Passwords IoT 359

Schneier on Security

SEPTEMBER 8, 2022

This is from a court deposition : Facebook’s stonewalling has been revealing on its own, providing variations on the same theme: It has amassed so much data on so many billions of people and organized it so confusingly that full transparency is impossible on a technical level. In the March 2022 hearing, Zarashaw and Steven Elia, a software engineering manager, described Facebook as a data-processing apparatus so complex that it defies understanding from within.

Engineering 251

Engineering Software Data collection 251

Tech Republic Security

SEPTEMBER 8, 2022

The new PCI DSS 4.0 standard means organizations will have to up their game beginning in 2024. The post PCI DSS compliance improving but still lags highs appeared first on TechRepublic.

Cybersecurity 148

Cybersecurity 148

We Live Security

SEPTEMBER 8, 2022

It pays to do some research before taking a leap into the world of internet-connected toys. The post Toys behaving badly: How parents can protect their family from IoT threats appeared first on WeLiveSecurity.

IoT 145

IoT Internet Internet 145

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Tech Republic Security

SEPTEMBER 8, 2022

Jack Wallen shows you how to take control of online advertisements in the Opera web browser, so you can stop worrying ads will take control of you. The post How to manage ad blocking in Opera appeared first on TechRepublic.

Advertising 146

Advertising 146

Security Boulevard

SEPTEMBER 8, 2022

By Source Defense Now in its fourth year, the European Union’s General Data Protection Regulation (GDPR) is one of the strictest, most complex, and most confusing data privacy laws in the world. Although that complexity initially meant that accountability got off to a slow start, GDPR fines are now becoming more common and costly. During. The post GDPR and Website Data Leakage:<br>A Complex Problem With a Simple Solution appeared first on Source Defense.

Data privacy 141

Data privacy Accountability Risk Government 141

CSO Magazine

SEPTEMBER 8, 2022

Marketers in every industry enjoy evidencing their reach to their superiors and providing tangible examples of their width and breadth of influence via social networks, media, and other means of engagement. Photos of both customers and employees engaging at hosted social events, trade shows, conferences, and direct one-on-one encounters are often viewed as gold.

Risk 127

Risk Media Marketing 127

Bleeping Computer

SEPTEMBER 8, 2022

Cisco says that a new authentication bypass flaw affecting multiple small business VPN routers will not be patched because the devices have reached end-of-life (EoL). [.].

Authentication 125

Authentication Small Business VPN 125

CSO Magazine

SEPTEMBER 8, 2022

Global organizations say they are increasingly at risk of ransomware compromise via their extensive supply chains. Out of 2,958 IT decision makers across 26 countries in North and South America, Europe, and APAC, 79% believe their partners and customers are making their organization a more attractive ransomware target, according to the latest research by Trend Micro.

Ransomware 118

Ransomware Accountability Software Risk 118

Security Affairs

SEPTEMBER 8, 2022

North Korea-linked Lazarus APT group is targeting energy providers around the world, including organizations in the US, Canada, and Japan. Talos researchers tracked a campaign, orchestrated by North Korea-linked Lazarus APT group, aimed at energy providers around the world, including organizations in the US, Canada, and Japan. The campaign was observed between February and July 2022.

Malware 115

Malware Hacking Government Information Security 115

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

CSO Magazine

SEPTEMBER 8, 2022

In this three-part series, we are detailing how digital transformation necessitates security transformation and how security service edge (SSE) offerings are the ideal solution for modernizing enterprise cybersecurity. Our previous topic revolved around securing hybrid work. This post is focused on stopping data breaches with SSE. This subject is critical because legacy data protection strategies and technologies no longer suffice in the modern business world.

Data breaches 117

Data breaches Digital transformation Technology Cybersecurity 117

Bleeping Computer

SEPTEMBER 8, 2022

HP issued a security advisory alerting users about a newly discovered vulnerability in HP Support Assistant, a software tool that comes pre-installed on all HP laptops and desktop computers, including the Omen sub-brand. [.].

Software 98

Software 98

CSO Magazine

SEPTEMBER 8, 2022

Modern application development has wrestled with numerous shortcomings in the security paradigm. Blockchain can mitigate several of those shortcomings, but it requires devising means to integrate with conventional applications. Mainstream cyber security businesses are already working on this, accelerating the blockchain-enabled security landscape.

Authentication 109

Authentication Encryption Software 109

Security Boulevard

SEPTEMBER 8, 2022

Increasing competition within the broadband market, multi-access edge computing and private cellular networks and the demand for cybersecurity risk management in the 5G era are gaining momentum in telecommunications. As a result, it has become vital for mobile operators to maintain their infrastructure to keep their businesses profitable and safe. With this in mind, the.

Telecommunications 98

Telecommunications Cybersecurity Mobile Marketing 98

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Dark Reading

SEPTEMBER 8, 2022

From analyzing your company's risk profile to knowing where keys are stored and who can access them, prioritize key clean-up and management. Make compliance an outcome and develop a risk management strategy.

Risk 96

Risk 96

Security Boulevard

SEPTEMBER 8, 2022

Security and compliance. With data privacy in the headlines and cyberattacks on the rise, these two simple words have become hot topics across just about every industry. But as conversations about security and compliance continue, it has become clear that not everyone understands the distinction between the two. And while it’s true that there are. The post Security Vs.

Data privacy 98

Data privacy Security Awareness Government Risk 98

The Hacker News

SEPTEMBER 8, 2022

Microsoft's threat intelligence division on Wednesday assessed that a subgroup of the Iranian threat actor tracked as Phosphorus is conducting ransomware attacks as a "form of moonlighting" for personal gain.

Ransomware 96

Ransomware 96

Security Boulevard

SEPTEMBER 8, 2022

The Federal Information Security Modernization Act of 2002 (FISMA) requires all federal agencies and their contractors to implement. Read More. The post Determining FedRAMP Risk Impact Levels and Data Security Categories appeared first on Hyperproof. The post Determining FedRAMP Risk Impact Levels and Data Security Categories appeared first on Security Boulevard.

Risk 98

Risk Information Security Data privacy 98

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

The Hacker News

SEPTEMBER 8, 2022

A Chinese hacking group has been attributed to a new campaign aimed at infecting government officials in Europe, the Middle East, and South America with a modular malware known as PlugX. Cybersecurity firm Secureworks said it identified the intrusions in June and July 2022, once again demonstrating the adversary's continued focus on espionage against governments around the world.

Government 95

Government Malware Hacking Cybersecurity 95

Security Boulevard

SEPTEMBER 8, 2022

We explain what DevSecOps is, how it works, and how integrating security throughout the development process helps create more secure systems. . The post What is DevSecOps? How Does It Work & What Are the Benefits? appeared first on Security Boulevard.

98

98

The Hacker News

SEPTEMBER 8, 2022

Cisco on Wednesday rolled out patches to address three security flaws affecting its products, including a high-severity weakness disclosed in NVIDIA Data Plane Development Kit (MLNX_DPDK) late last month. Tracked as CVE-2022-28199 (CVSS score: 8.

94

94

Security Boulevard

SEPTEMBER 8, 2022

Welcome to the latest edition of The Week in Cybersecurity , which brings you the newest headlines from both the world and our team about the most pressing topics in cybersecurity. This week: Vice Society ransomware group targets America’s education sector, the U.S. government’s new position on software supply chain security, and more. . The post The Week in Cybersecurity: Vice Society ransomware group targets back-to-school appeared first on Security Boulevard.

Ransomware 98

Ransomware Cybersecurity Education Software 98

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

The Hacker News

SEPTEMBER 8, 2022

A recent report revealed that ecommerce provider, Shopify uses particularly weak password policies on the customer-facing portion of its Website. According to the report, Shopify's requires its customers to use a password that is at least five characters in length and that does not begin or end with a space.

Passwords 94

Passwords eCommerce 94

Security Boulevard

SEPTEMBER 8, 2022

Cheating has been around since the beginning of electronic gaming, dating back as far as 1981. Players have always wanted to use shortcuts or aids as an advantage to clear the game faster or gain an advantage over other players. Yet, despite the evolution of “gaming cheats,” the motivation has always remained the same - people just like to do things the easy way – and without getting caught.

96

96

The Hacker News

SEPTEMBER 8, 2022

A malicious campaign mounted by the North Korea-linked Lazarus Group is targeting energy providers around the world, including those based in the United States, Canada, and Japan.

92

92

Trend Micro

SEPTEMBER 8, 2022

Through our honeypots and telemetry, we were able to observe instances in which malicious actors abused native Linux tools to launch attacks on Linux environments. In this blog entry, we discuss how these utilities were used and provide recommendations on how to minimize their impact.

92

92

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

The State of Security

SEPTEMBER 8, 2022

It is hard to believe, but ransomware is more than three decades old. While many would think that the ransomware mayhem started with the WannaCry attack of 2017, that is simply the most publicized example. Since then, dozens of ransomware strains have been utilized in a variety of cyberattacks. According to a PhishLabs report, by […]… Read More.

Penetration Testing 92

Penetration Testing Ransomware 92

The Hacker News

SEPTEMBER 8, 2022

Major financial and insurance companies located in French-speaking nations in Africa have been targeted over the past two years as part of a persistent malicious campaign codenamed DangerousSavanna.

Financial Services 91

Financial Services Insurance Phishing Cybersecurity 91

Security Affairs

SEPTEMBER 8, 2022

Some members of the Conti ransomware gang were involved in financially motivated attacks targeting Ukraine from April to August 2022. Researchers from Google’s Threat Analysis Group (TAG) reported that some former members of the Conti cybercrime group were involved in five different campaigns targeting Ukraine between April and August 2022. The activities overlap with operations attributed to a group tracked by CERT-UA as UAC-0098 [ 1 , 2 , 3 ].

Ransomware 135

Ransomware Cybercrime Government Media 135

Dark Reading

SEPTEMBER 8, 2022

A slew of Microsoft Exchange vulnerabilities (including ProxyLogon) fueled a surge in attacks targeting software flaws in 2021, but the trend has continued this year.

Phishing 89

Phishing Software 89

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.