Anton on Security

MARCH 6, 2023

Cloud D&R Report (2023) One of the mysteries of detection and response (D&R) is about how companies really approach D&R in the public cloud. So we did a survey focused on this, and we actually polled both leaders and technologists. “Our State of Cloud Threat Detection and Response report summarizes the survey responses of 400 security leaders and SecOps practitioners in North America regarding the capabilities, practices, and behaviors of protecting against, identifying, and remediat

Threat Detection 246

Threat Detection Risk 246

Security Boulevard

MARCH 6, 2023

Voice AI tech being misused by scammers: Scrotes fake your voice and call your grandparents. Then “you” beg them for money. The post Voice-Clone AI Scams — it’s NOT ME on the Phone, Grandma appeared first on Security Boulevard.

Scams 135

Scams Social Engineering Artificial Intelligence Security Awareness 135

Tech Republic Security

MARCH 6, 2023

Ethical hacking is a great skill to learn with new cyber threats on the rise. Learn how to fight back with this ethical hacking course bundle. The post This 18-course ethical hacking bundle is under $50 appeared first on TechRepublic.

Hacking 121

Hacking Cyber threats 121

Security Boulevard

MARCH 6, 2023

The identity verification market was valued at $11B in 2022. It’s anticipated that in the. The post Identity verification in today’s digital-first era appeared first on Entrust Blog. The post Identity verification in today’s digital-first era appeared first on Security Boulevard.

Marketing 132

Marketing 132

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Graham Cluley

MARCH 6, 2023

Graham Cluley Security News is sponsored this week by the folks at Sysdig. Thanks to the great team there for their support! This move to the cloud has made it easier to scale up applications when they need to grow. However, there is a corollary to this: Budgeting! Chances are, you’re probably overspending.

119

119

The Hacker News

MARCH 6, 2023

A group of researchers has revealed what it says is a vulnerability in a specific implementation of CRYSTALS-Kyber, one of the encryption algorithms chosen by the U.S. government as quantum-resistant last year.

Encryption 118

Encryption Government 118

CSO Magazine

MARCH 6, 2023

On February 10, the City of Oakland, California, announced it had been hit by a ransomware attack that knocked many of its systems offline. Four days later, Oakland declared a state of emergency as it grappled with the wide-ranging impact of the incident, which left city phone systems and multiple non-emergency services inoperable, including its 311 phone system.

Cyber threats 106

Cyber threats CISO Ransomware 106

CyberSecurity Insiders

MARCH 6, 2023

Can you believe that threat actors can easily steal data from Google Cloud Platform (GCP) leaving no forensic trace about their activities? It’s true! Mitiga researchers recently discovered that hackers are stealing data from GCP storage buckets as the differentiating-log details are not enabled by default. For instance, a cyber criminal can easily access data, and the activity is going unrecorded, as the storage platform uses the same description for all kinds of access such as simple reading o

Data breaches 105

Data breaches Software Cybersecurity 105

Dark Reading

MARCH 6, 2023

The third iteration of the Exploit Prediction Scoring System (EPSS) performs 82% better than previous versions, giving companies a better tool for evaluating vulnerabilities and prioritizing patching.

100

100

CSO Magazine

MARCH 6, 2023

A pending class action lawsuit accuses online payments giant PayPal of failing to adequately safeguard the personal information of its users, leaving them vulnerable to identity theft and related ills at the hands of the unidentified perpetrators of a data breach that occurred late last year. Nearly 35,000 people were affected by the cyberattack, which used previously compromised usernames and passwords to gain access to PayPal’s systems.

Data breaches 99

Data breaches Identity Theft Passwords 99

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

The Hacker News

MARCH 6, 2023

An older version of Shein's Android application suffered from a bug that periodically captured and transmitted clipboard contents to a remote server. The Microsoft 365 Defender Research Team said it discovered the problem in version 7.9.2 of the app that was released on December 16, 2021. The issue has since been addressed as of May 2022.

99

99

Bleeping Computer

MARCH 6, 2023

Microsoft says its Outlook for Mac email and calendar client is now available for free, and it will no longer require an Office license or a Microsoft 365 subscription to be used. [.

99

99

The Hacker News

MARCH 6, 2023

The massive breach at LastPass was the result of one of its engineers failing to update Plex on their home computer, in what's a sobering reminder of the dangers of failing to keep software up-to-date.

Engineering 98

Engineering Software Data breaches Password Management 98

Security Boulevard

MARCH 6, 2023

There is a worrying rise in multipurpose malware, which can perform a variety of malicious actions and is adept at evasion, lateral movement and data encryption. These were among the findings of a report from Picus, a security company specializing in simulating the attacks of cybercriminal gangs, which analyzed more than 550,000 real-world malware samples.

Malware 98

Malware Encryption Social Engineering Threat Detection 98

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

The Security Ledger

MARCH 6, 2023

Removing the ability to automate against a vulnerable API is a huge step forward, as automation is a key enabler for both the exploitation and the extraction of large amounts of sensitive data. The post Malicious Automation is driving API Security Breaches appeared first on The Security Ledger with Paul F. Roberts. Related Stories Episode 248: GitHub’s Jill Moné-Corallo on Product Security And Supply Chain Threats Forget the IoT.

IoT 97

IoT Internet Internet Technology 97

Security Boulevard

MARCH 6, 2023

Attack surface management (ASM) is a critical security function, and the market for ASM solutions is growing rapidly. However, with the evolution to ASM 2.0, the process of selecting a new ASM vendor can be confusing. This article will outline six ways to vet your next ASM vendor. We’ll discuss key features to look for. The post 6 Ways to Vet Your Next ASM Vendor appeared first on Security Boulevard.

Marketing 98

Marketing Security Awareness Cybersecurity Network Security 98

Security Affairs

MARCH 6, 2023

Fintech platform Hatch Bank disclosed a data breach, hackers exploited a recently discovered zero-day in Fortra GoAnywhere MFT secure file-sharing platform. Hatch Bank is a fintech firm that provides services to other fintech companies. The company disclosed a data breach and revealed that the attackers have exploited a recently discovered zero-day vulnerability in the company’s Fortra GoAnywhere MFT secure file-sharing system, reported Techcrunch.com.

Data breaches 98

Data breaches Banking Identity Theft Internet 98

Security Boulevard

MARCH 6, 2023

Security teams face new and unique challenges as they move their workloads to AWS. Legacy SIEM solutions were not built for the cloud, and as a result, they are often unable to keep up with the speed and scale of AWS. This can leave your organization vulnerable to attack. You must adopt the right tactics. The post 5 Tactical Tips For Security Teams Using AWS appeared first on Security Boulevard.

Security Awareness 98

Security Awareness Malware Cybersecurity Network Security 98

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Bleeping Computer

MARCH 6, 2023

Microsoft is adding a new Canary channel to its nine-year-old Windows Insider Program to let the most fearless users test what it describes as "hot off the presses" features. [.

95

95

Security Boulevard

MARCH 6, 2023

Advanced Control Analytics in retail: going to market smarterFew other industries are as full of constant change and challenge as retail. In 2023, the retail industry is experiencing market volatility, supply chain constraints, and omnichannel shopping, forcing retailers to sustain resiliency, operate more efficiently, and better accommodate customers.

Retail 98

Retail Marketing 98

CSO Magazine

MARCH 6, 2023

The transportation industry has doubled down in the area of fleet tracking in recent years, which has come with great benefits and not a few security headaches. On the consumer side , we’ve spoken of Apple’s AirTag and how it has been used to find personal items of import — and also its potential to be abused by the nefarious to track and trace individuals.

CISO 93

CISO Technology Cybersecurity 93

Security Boulevard

MARCH 6, 2023

Companies worried about cybersecurity should know that the real risk is inside their corporate firewall. Corporate leaders spend a lot of time worrying about nation-state actors and ransomware gangs, but in Gartner Predicts 2023: Cybersecurity Industry Focuses on the Human Deal, the analyst firm reports that in the next two years, roughly 50% of major … Continued The post HR’s Growing Role in Cybersecurity appeared first on DTEX Systems Inc.

Cybersecurity 97

Cybersecurity Firewall Risk Ransomware 97

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

The Hacker News

MARCH 6, 2023

A never-before-seen complex malware is targeting business-grade routers to covertly spy on victims in Latin America, Europe, and North America at least since July 2022.

Malware 94

Malware 94

Heimadal Security

MARCH 6, 2023

The Federal Trade Commission (FTC) accused BetterHelp online counseling service of sharing customers’ mental health data with advertisers. The authorities want to ban the online platform from disclosing information to third parties like Facebook and Snapchat. After the accusations, FTC and the online service reached a settlement that requires the company to pay $7.8 million. […] The post BetterHelp Accused of Sharing Mental Health Data with Advertisers appeared first on Heimdal Security Bl

Advertising 89

Advertising Cybersecurity 89

The Hacker News

MARCH 6, 2023

Deep fakes are expected to become a more prominent attack vector. Here's how to identify them. What are Deep Fakes? A deep fake is the act of maliciously replacing real images and videos with fabricated ones to perform information manipulation. To create images, video and audio that are high quality enough to be used in deep fakes, AI and ML are required.

89

89

Security Affairs

MARCH 6, 2023

Hospital Clinic de Barcelona, one of the main hospitals in the Spanish city, suffered a cyber attack that crippled its computer system. On Sunday, a ransomware attack hit the Hospital Clinic de Barcelona, one of the main hospitals of the Catalan city. The attack crippled the center’s computer system, 150 nonurgent operations and up to 3,000 patient checkups were canceled due to the cyber attack.

Ransomware 96

Ransomware Telecommunications Cyber Attacks Data breaches 96

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

The Hacker News

MARCH 6, 2023

Law enforcement authorities from Germany and Ukraine have targeted suspected core members of a cybercrime group that has been behind large-scale attacks using DoppelPaymer ransomware. The operation, which took place on February 28, 2023, was carried out with support from the Dutch National Police (Politie) and the U.S. Federal Bureau of Investigation (FBI), according to Europol.

Ransomware 89

Ransomware Cybercrime 89

Bleeping Computer

MARCH 6, 2023

Nvidia confirmed today that it's working to fix a driver issue causing high CPU usage and blue screens of death (BSODs) on Windows systems. [.

Technology 98

Technology 98

Malwarebytes

MARCH 6, 2023

Europol has released information about the arrests of two suspected core members of the criminal group responsible for carrying out large-scale cyberattacks with the DoppelPaymer ransomware. On 28 February 2023, the German Regional Police and the Ukrainian National Police, with support from Europol, the Dutch Police, and the United States Federal Bureau of Investigations (FBI), apprehended two suspects and seized equipment to determine the suspect’s exact role in the structure of the ranso

Ransomware 83

Ransomware Backups Malware Healthcare 83

Bleeping Computer

MARCH 6, 2023

An ongoing hacking campaign called 'Hiatus' targets DrayTek Vigor router models 2960 and 3900 to steal data from victims and build a covert proxy network. [.

Hacking 92

Hacking VPN Malware 92

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.