Krebs on Security

OCTOBER 5, 2022

A recent proliferation of phony executive profiles on LinkedIn is creating something of an identity crisis for the business networking site, and for companies that rely on it to hire and screen prospective employees. The fabricated LinkedIn identities — which pair AI-generated profile photos with text lifted from legitimate accounts — are creating major headaches for corporate HR departments and for those managing invite-only LinkedIn groups.

Accountability 315

Accountability Scams Artificial Intelligence Cryptocurrency 315

Schneier on Security

OCTOBER 5, 2022

For the past nineteen years, October has been Cybersecurity Awareness Month here in the US, and that event that has always been part advice and part ridicule. I tend to fall on the apathy end of the spectrum; I don’t think I’ve ever mentioned it before. But the memes can be funny. Here’s a decent rundown of some of the chatter.

Cybersecurity 254

Cybersecurity Education 254

Tech Republic Security

OCTOBER 5, 2022

CMO of Holm Security says that, as more businesses turn to cloud-based applications, the concept of shadow IT will not remain in the shadows. The post Shadow IT: Fear it or embrace it? appeared first on TechRepublic.

148

148

Jane Frankland

OCTOBER 5, 2022

The world is going through rapid change what with climate change (exceptional droughts, floods hurricanes) high inflation, economic slowdowns, recessions, tech company layoffs, supply chain problems, wars, protests, and a stock market crash. It’s a liminal time and lots of people are in transition right now. Maybe that’s you. Maybe you’re considering or have got yourself a new job, promotion, home, location, relationship, or family.

Marketing 147

Marketing Accountability Risk Cybersecurity 147

Speaker: Erroll Amacker

Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.

Risk

Tech Republic Security

OCTOBER 5, 2022

This kind of attack is very difficult to detect and might lead to full compromise of systems, leading to cyberespionage or financial crime. The post Software supply chains at risk: The account takeover threat appeared first on TechRepublic.

Accountability 148

Accountability Software Risk 148

SecureList

OCTOBER 5, 2022

Introduction. We are often asked how targets are infected with malware. Our answer is nearly always the same: (spear) phishing. There will be exceptions, naturally, as we will encounter RCE vulnerabilities every now and then, or if the attacker is already on the network, they will use tools like PsExec. But that’s it — most of the time, anyway.

Malware 144

Malware Architecture Ransomware Spyware 144

Bleeping Computer

OCTOBER 5, 2022

Microsoft has updated the mitigation for the latest Exchange zero-day vulnerabilities tracked as CVE-2022-41040 and CVE-2022-41082, also referred to ProxyNotShell. [.].

134

134

CSO Magazine

OCTOBER 5, 2022

Every entity should have an information technology asset disposal (ITAD) program as part of its information security process and procedure. Indeed, every time an IT asset is purchased, the eventual disposal of that asset should already be defined within an ITAD. When one doesn’t exist, data becomes exposed, compromises occur, and in many cases, fines are levied.

Information Security 132

Information Security Technology 132

Security Boulevard

OCTOBER 5, 2022

LayerX this week emerged from stealth to launch a modern browser extension that leverages machine learning algorithms to ensure connections made to applications are secure. LayerX CEO Or Eshed said an approach based on browser extensions also makes it simpler for IT and security operations teams to manage security without having to replace existing browsers.

Malware 121

Malware Cybersecurity Network Security 121

eSecurity Planet

OCTOBER 5, 2022

After Microsoft published guidance on mitigating the two remote code execution flaws uncovered last week by Vietnamese security firm GTSC, it seems the mitigations Microsoft suggested weren’t as effective as the company had hoped. Over the weekend, Vietnamese security researcher Jang warned , “The URL pattern to detect/prevent the Exchange 0day provided in MSRC’s blog post can easily be bypassed,” suggesting that the following pattern might work instead: *autodiscover.json.

Scams 117

Scams Engineering Authentication Hacking 117

Advertisement

Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.

Cyber threats

CSO Magazine

OCTOBER 5, 2022

In a recent survey of 200 health care CEOs , it was revealed that at the beginning of the COVID-19 pandemic, 62% of respondents’ organizations were executing digital transformations. However, as in so many other enterprises, nearly all the respondents (97%) indicated that the effects of the pandemic also accelerated their digital transformation projects.

Digital transformation 116

Digital transformation Healthcare Software 116

Heimadal Security

OCTOBER 5, 2022

A popular Chinese-language YouTube channel was discovered to be a means of distributing a trojanized version of a Windows installer for the Tor Browser, echoing other events directed at the paltform`s users. The malicious version of the Tor Browser installer is being spread via a link present in the description of a video dating back […]. The post YouTube Channel Caught Distributing Malicious Installer appeared first on Heimdal Security Blog.

Cybersecurity 115

Cybersecurity 115

Security Boulevard

OCTOBER 5, 2022

By now, it’s no secret that cyber attacks pose catastrophic risks to businesses large and small. The rise of remote […]. The post Cyber Security & Recruitment: The two biggest risks to your business in 2022 appeared first on Security Boulevard.

Risk 115

Risk Cyber Attacks 115

CyberSecurity Insiders

OCTOBER 5, 2022

Information is out that an advanced persistent threat group has reportedly stolen data from the US Defense servers with the help of CovalentStealer Malware. And news is out that the information steal was taking place from the past 10 months, with the initial access got Microsoft Exchange Servers from January last year. It is a fact that the Defense Industrial Base (DIB) provides products and services that support a smooth flow of military operations.

Government 111

Government Malware Adware Spyware 111

Advertisement

The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.

Cybersecurity

Security Boulevard

OCTOBER 5, 2022

Less than half of businesses are adequately addressing the issue of identity security, despite the growing threat of identity-based attacks, according to a SailPoint survey of more than 300 global cybersecurity executives. The survey also indicated that as enterprises increase their identity security maturity, they become better at using their security tools more efficiently.

Cybersecurity 111

Cybersecurity Social Engineering Engineering 111

Heimadal Security

OCTOBER 5, 2022

On 4 October 2022 U.S. Government announced a data breach at a U.S. organization in the Defense Industrial Base (DIB) sector. The infection lasted approximately ten months before being identified, with the initial access taking place in January 2021. The origin of the attackers is unknown at the moment, but several advanced persistent threat groups […].

Malware 111

Malware Data breaches Government Cybersecurity 111

CyberSecurity Insiders

OCTOBER 5, 2022

San Francisco Federal Court convicted Joe Sullivan, the Ex- CEO of Uber, for hiding a massive data breach that took place in the year 2016. The statement was pronounced after going through a 4-week long testimony was presented from the side of Mr. Sullivan. Reliable sources from the court say that Joe presented his version by putting the blame on the other C-Level executives working for the company during his tenure as a Chief Executive Officer (CEO).

Data breaches 107

Data breaches Cyber Attacks Cybersecurity 107

Digital Shadows

OCTOBER 5, 2022

The fallout of the recent Optus breach got me thinking about a common occurrence: seller’s remorse… Most of us have. The post The Optus Breach: If I Could Turn Back Time first appeared on Digital Shadows.

Cybercrime 106

Cybercrime 106

Speaker: Sierre Lindgren

Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.

Scams

Heimadal Security

OCTOBER 5, 2022

An open database containing over 200,000 personal information entries turned the customers of an Indian retailer into vulnerable targets. The leaked dataset contained personal information, such as emails, phone numbers, names, and poorly protected passwords, exposing customers to identity theft and credential-stuffing attacks. The Effects of Unprotected Passwords According to Cybernews, the unprotected 18.2GB-strong database […].

Retail 105

Retail Identity Theft Passwords Cybersecurity 105

The Hacker News

OCTOBER 5, 2022

A novel Android malware called RatMilad has been observed targeting a Middle Eastern enterprise mobile device by concealing itself as a VPN and phone number spoofing app.

Spyware 105

Spyware Mobile VPN Malware 105

Heimadal Security

OCTOBER 5, 2022

Australian company Optus confirmed yesterday that the IDs of 2.1 million customers were compromised during last month’s cyberattack. The carrier released a press statement to provide an update on the situation. Stolen Personal Data Based on the extensive investigation with more than 20 Federal, State, and Territory government agencies and departments, Optus confirmed that: 2 […].

Government 105

Government Cybersecurity 105

CyberSecurity Insiders

OCTOBER 5, 2022

A company named ‘SpinLaunch’ has developed a novel way of launching satellites into low earth orbits without the use of fuel or any kind of high-cost powering energy. It has in fact developed a rocket launching platform that uses massive slingshots that are in the size of the Statue of Liberty. Technically speaking, the slingshot rotates its arm at 5,000 miles per hour speed and shoots a projectile directly into the space to about 25,000- 200,000 feet above the earth’s surface.

Cybersecurity 104

Cybersecurity Artificial Intelligence 104

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

Heimadal Security

OCTOBER 5, 2022

In an effort to trick targets into handing over large sums of money, a Business Email Compromise (BEC) campaign uses an email thread that claims to have been forwarded by the manager. According to the FBI, BEC attacks are among the most profitable types of cybercrime, costing victims a combined total of over $43 billion […]. The post Your Manager Forwarded You a New Email?

Cybercrime 105

Cybercrime Cybersecurity 105

We Live Security

OCTOBER 5, 2022

A view of the T2 2022 threat landscape as seen by ESET telemetry and from the perspective of ESET threat detection and research experts. The post ESET Threat Report T2 2022 appeared first on WeLiveSecurity.

Threat Reports 103

Threat Reports Threat Detection 103

Heimadal Security

OCTOBER 5, 2022

Vulnerabilities can be described as being holes found in an IT system, that leave the system open to cyberattacks. Some people believe that their systems are flawless because they haven’t been affected by cyberattacks so far, which may be true in some instances, but in a lot of cases, companies do not realize that their […]. The post Vulnerability Management Lifecycle: Step by Step Through the Process appeared first on Heimdal Security Blog.

104

104

Bleeping Computer

OCTOBER 5, 2022

A new Android spyware named 'RatMilad' was discovered targeting mobile devices in the Middle East, used to spy on victims and steal data. [.].

Spyware 102

Spyware Mobile Malware 102

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Heimadal Security

OCTOBER 5, 2022

A new report published by Trustwave Spiderlabs’ team of researchers reveals two reflected cross-site scriptings (XSS) vulnerabilities in Canon Medical’s Vitrea View third-party software, found during a penetration test. The two vulnerabilities are known collectively as CVE-2022-37461. The Vitrea View tool enables viewing and safely exchanging medical images via the DICOM standard.

Penetration Testing 104

Penetration Testing Software Cybersecurity 104

The Hacker News

OCTOBER 5, 2022

Australia's largest telecommunications company Telstra disclosed that it was the victim of a data breach through a third-party, nearly two weeks after Optus reported a breach of its own. "There has been no breach of Telstra's systems," Narelle Devine, the company's chief information security officer for the Asia Pacific region, said. "And no customer account data was involved.

Data breaches 101

Data breaches Telecommunications Information Security Accountability 101

Security Affairs

OCTOBER 5, 2022

Hundreds of Microsoft SQL servers all over the world have been infected with a new piece of malware tracked as Maggie. Security researchers Johann Aydinbas and Axel Wauer from the DCSO CyTec have spotted a new piece of malware, named Maggie, that has already infected over 250 Microsoft SQL servers worldwide. Most of the infected instances are in South Korea, India, Vietnam, China, Russia, Thailand, Germany, and the United States.

Malware 100

Malware Internet Internet Hacking 100

The Hacker News

OCTOBER 5, 2022

Professional developers want to do the right thing, but in terms of security, they are rarely set up for success. Organizations must support their upskilling with precision training and incentives if they want secure software from the ground up. The cyber threat landscape grows more complex by the day, with our data widely considered highly desirable “digital gold”.

Software 99

Software Cyber threats 99

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!