Schneier on Security
APRIL 8, 2022
Ever since Apple introduced AirTags, security people have warned that they could be used for stalking. But while there have been a bunch of anecdotal stories, this is the first vaguely scientific survey: Motherboard requested records mentioning AirTags in a recent eight month period from dozens of the country’s largest police departments. We obtained records from eight police departments.
Troy Hunt
APRIL 8, 2022
I hope scheduling these in advance is working well for everyone, the analytics certainly suggest a much higher viewership so I'm going to keep scheduling these and refining the whole thing further. Other than that, it's same-same this week with the usual array of breaches, tech and life down under. Enjoy 😊 References I keep forgetting to talk about upcoming events (that's a list of what's coming in 2022, I'll try to remember to discuss it next week given I&
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Tech Republic Security
APRIL 8, 2022
A new malware has infiltrated AWS Lambda services, and investigators still aren’t sure how it happened. Here’s how it works and how to protect your organization. The post AWS Lambda sees its first malware attack with Denonia, and we don’t know how it got there appeared first on TechRepublic.
Malwarebytes
APRIL 8, 2022
The US Department of Justice (DoJ) and Microsoft have taken the sting out of two operations believed to be controlled by the Russian Federation’s Main Intelligence Directorate (GRU). On Wednesday, the DOJ announced that it had disrupted GRU’s control over thousands of internet-connected firewall devices compromised by the Russian Sandworm group. One day later, Microsoft disclosed information about the steps it took to disrupt cyberattacks it had seen targeting Ukraine.
Speaker: Erroll Amacker
Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.
Tech Republic Security
APRIL 8, 2022
A new report from Black Kite shows the entire sector may be ripe for ransomware attacks. The post Insurance industry being ravaged by high rate of cyberattacks appeared first on TechRepublic.
Malwarebytes
APRIL 8, 2022
Ledger is one of the biggest hardware cryptocurrency wallets around and scammers have noticed. Phishing mails are in circulation, hoping to snag Ledger users with a sneaky request for passphrases. What is a Ledger recovery phrase? A recovery phrase is an incredibly important combination of words that act as the literal keys to your digital crypto kingdom.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
|
CyberSecurity Insiders
APRIL 8, 2022
By Steve Moore, Chief Security Strategist, Exabeam. When you take a step back and consider these statistics, you will quickly realize the gravity of what is at stake for organizations when it comes to effectively securing their confidential information – and that there is still a lot more to be done to combat this growing trend. According to cybercrime prosecution statistics , 2022 is expected to see a worldwide annual spend of nearly $134 billion to both prevent and also deal with the aftermath
Cisco Security
APRIL 8, 2022
Keeping up with the ever-changing threat landscape is hard, with new attacks such as ransomware, fileless malware, and other advanced threats emerging every day. Protecting your endpoints becomes even more difficult when your security environment consists of multiple, disparate solutions, making it too complex to effectively manage. Protecting your endpoints can also seem daunting when you don’t have enough security staff or resources.
CyberSecurity Insiders
APRIL 8, 2022
There’s no question that advanced digital technologies are becoming increasingly prevalent, requiring strong cybersecurity measures for all organizations. All industries can benefit from a comprehensive plan, but many face challenges finding quality candidates that fit the bill. Companies that utilize new computer and information system technologies must find, recruit and hire top talent with a strong understanding of cybersecurity practices and processes.
Bleeping Computer
APRIL 8, 2022
Microsoft has reminded customers today that multiple editions of Windows 10 20H2 and Windows 10 1909 are reaching the end of service (EOS) on May 10, 2022. [.].
Advertisement
Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.
Security Affairs
APRIL 8, 2022
Microsoft obtained a court order to take over seven domains used by the Russia-linked APT28 group to target Ukraine. Microsoft on Thursday announced it has obtained a court order to take over seven domains used by Russia-linked cyberespionage group APT28 in attacks against Ukraine. The APT28 group (aka Fancy Bear , Pawn Storm , Sofacy Group , Sednit , and STRONTIUM ) has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide.
Bleeping Computer
APRIL 8, 2022
American automotive tools manufacturer Snap-on announced a data breach exposing associate and franchisee data after the Conti ransomware gang began leaking the company's data in March. [.].
CyberSecurity Insiders
APRIL 8, 2022
By Raj Dodhiawala, President, Remediant. Imagine you’re the manager of a hotel. Your position entitles you to a master key to all the hotel rooms, with access to any room, at any point in time. This of course comes with the territory and assigned role, enables ease of operations, and is demonstrative of the inherent trust that is conferred to you as the person in charge.
eSecurity Planet
APRIL 8, 2022
Bypassing detection tools is part of a hacker’s routine these days. Despite the incredible evolution of defensive technologies, attackers often remain undetected for weeks or months, earning the label advanced persistent threat (APT). Classic security tools are necessary but less and less sufficient. That’s why most security companies are now focusing on behavioral analysis and active endpoint protection , as evasion keeps becoming easier.
Advertisement
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
Bleeping Computer
APRIL 8, 2022
An update to Raspberry Pi OS Bullseye has removed the default 'pi' user to make it harder for attackers to find and compromise Internet-exposed Raspberry Pi devices using default credentials. [.].
Security Affairs
APRIL 8, 2022
A Ukrainian man was sentenced in the US to 5 years in prison for his criminal activity in the cybercrime group FIN7. Denys Iarmak, a Ukrainian national (32), has been sentenced to five years in prison in the U.S. for high-level hacking activity in the cybercrime group FIN7 (aka Carbanak Group and the Navigator Group). The man was arrested in Bangkok, Thailand in November 2019 at the request of U.S. law enforcement, then he was extradited to the U.S. in May 2020.
Bleeping Computer
APRIL 8, 2022
The Mirai malware is now leveraging the Spring4Shell exploit to infect vulnerable web servers and recruit them for DDoS (distributed denial of service) attacks. [.].
Security Affairs
APRIL 8, 2022
Which are the most important cybersecurity measures that businesses can take to protect themselves in the cloud era? We are now firmly in the era of cloud data and storage. In fact, it’s become quite difficult to find a service that doesn’t rely on the cloud in some way. This ubiquity has led to increased concerns about data security, as more and more sensitive information is stored online.
Speaker: Sierre Lindgren
Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.
CyberSecurity Insiders
APRIL 8, 2022
Tim Cook, the Apple CEO, will deliver keynotes at the International Association of Privacy Professionals (IAPP) that will be held between April 11 to April 13 in Washington, DC. Mr. Cook will speak at the Global Privacy Summit on April 12th,2022 at 9:15 am Eastern time and the speech will be streamed live on YouTube for those listed in the guest lists on other continents.
Security Affairs
APRIL 8, 2022
Hamas-linked threat actors conducted an elaborate campaign aimed at high-profile Israeli individuals employed in sensitive sectors. Researchers from Cybereason observed a sophisticated cyberespionage campaign conducted by APT-C-23 group campaigns targeting Israeli high-profile targets working for sensitive defense, law enforcement, and emergency services organizations.
Heimadal Security
APRIL 8, 2022
A financial-motivated threat organization that has been active since 2013, FIN7 has targeted the retail, restaurant, and hospitality industries in the United States, often deploying point-of-sale malware to achieve its objectives. Combi Security, a front firm for FIN7, was used to administer a component of the organization. The FIN7 group has changed its approach to […].
Security Boulevard
APRIL 8, 2022
All bubbles burst—but with around 2.72 million unfilled cybersecurity jobs as of October 2021 according to (ISC)2, it seems the cybersecurity talent bubble will be floating around for the foreseeable future. The fact is, there simply aren’t enough experienced cybersecurity professionals to go around, said Mark Sasson, managing partner at Pinpoint Search Group.
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
Heimadal Security
APRIL 8, 2022
Microsoft was able to successfully disrupt cyberattacks targeting Ukraine that were conducted by the Russian APT28 cybercrime group after shutting down seven domains used as attack infrastructure. What Is APT28? The Russian-backed APT28 (also known as Fancy Bear or Strontium) hacking gang, which is connected to the GRU Russian military intelligence agency, is a threat […].
Security Affairs
APRIL 8, 2022
The popular hacking Anonymous and the IT ARMY of Ukraine continue to target Russian government entities and private businesses. This week Anonymous claimed to have hacked multiple private businesses and leaked their data through the DDoSecrets platform. The list of recently compromised businesses includes: Forest – The hacktivists leaked 37,500 emails stolen from the company which is a Russian logging and wood manufacturing firm.
Heimadal Security
APRIL 8, 2022
Identity and access management is a key component in ensuring the security of data. It can be used to protect companies against data breaches by providing a layer of security that protects information from unauthorized access. Find more about this concept along with why IAM is important and what is the best approach when implementing […]. The post Identity and Access Management (IAM) Explained: Definition, Benefits and More appeared first on Heimdal Security Blog.
CyberSecurity Insiders
APRIL 8, 2022
By: Julie Smith, executive director, Identity Defined Security Alliance . According to the latest Verizon Data Breach Investigations Report, 61% of all breaches were a result of stolen credentials. It’s no wonder why nearly all (97%) respondents in a recent Identity Defined Security Alliance (IDSA) survey responded that they will make identity security investments in the next two years.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Security Boulevard
APRIL 8, 2022
Meta says it’s eliminated countless fake Facebook troll accounts, controlled by state actors from Russia and Belarus. The post Facebook Destroys Russian Trolls (Hey Hey Rise Up) appeared first on Security Boulevard.
The Hacker News
APRIL 8, 2022
Cybersecurity researchers have uncovered further links between BlackCat (aka AlphaV) and BlackMatter ransomware families, the former of which emerged as a replacement following international scrutiny last year. "At least some members of the new BlackCat group have links to the BlackMatter group, because they modified and reused a custom exfiltration tool [.
Security Boulevard
APRIL 8, 2022
A career in cybersecurity guarantees many things: Job stability, competitive compensation and room for growth, just to name a few. Cybersecurity professionals are drawn to the fact that they are part of something bigger, working to stop adversaries and protecting the good guys. Along with the pride that comes with a career in cybersecurity is. The post Fostering the Next Generation of Cybersecurity Talent appeared first on Security Boulevard.
Bleeping Computer
APRIL 8, 2022
GitHub can now block and alert you of pull requests that introduce new dependencies impacted by known supply chain vulnerabilities. [.].
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Expert insights. Personalized for you.
350 
Let's personalize your content