Krebs on Security

OCTOBER 5, 2022

A recent proliferation of phony executive profiles on LinkedIn is creating something of an identity crisis for the business networking site, and for companies that rely on it to hire and screen prospective employees. The fabricated LinkedIn identities — which pair AI-generated profile photos with text lifted from legitimate accounts — are creating major headaches for corporate HR departments and for those managing invite-only LinkedIn groups.

Accountability 257

Accountability Scams Artificial Intelligence Cryptocurrency 257

Schneier on Security

OCTOBER 5, 2022

For the past nineteen years, October has been Cybersecurity Awareness Month here in the US, and that event that has always been part advice and part ridicule. I tend to fall on the apathy end of the spectrum; I don’t think I’ve ever mentioned it before. But the memes can be funny. Here’s a decent rundown of some of the chatter.

Cybersecurity 195

Cybersecurity Education 195

Jane Frankland

OCTOBER 5, 2022

The world is going through rapid change what with climate change (exceptional droughts, floods hurricanes) high inflation, economic slowdowns, recessions, tech company layoffs, supply chain problems, wars, protests, and a stock market crash. It’s a liminal time and lots of people are in transition right now. Maybe that’s you. Maybe you’re considering or have got yourself a new job, promotion, home, location, relationship, or family.

Marketing 147

Marketing Accountability Risk Cybersecurity 147

Tech Republic Security

OCTOBER 5, 2022

CMO of Holm Security says that, as more businesses turn to cloud-based applications, the concept of shadow IT will not remain in the shadows. The post Shadow IT: Fear it or embrace it? appeared first on TechRepublic.

147

147

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Bleeping Computer

OCTOBER 5, 2022

Microsoft has updated the mitigation for the latest Exchange zero-day vulnerabilities tracked as CVE-2022-41040 and CVE-2022-41082, also referred to ProxyNotShell. [.].

141

141

Tech Republic Security

OCTOBER 5, 2022

This kind of attack is very difficult to detect and might lead to full compromise of systems, leading to cyberespionage or financial crime. The post Software supply chains at risk: The account takeover threat appeared first on TechRepublic.

Accountability 138

Accountability Software Risk 138

Tech Republic Security

OCTOBER 5, 2022

Most boards of directors understand the risk, but many will not invest more in cybersecurity and have different concerns about the impact of a breach. The post CISOs, boards not always on the same page appeared first on TechRepublic.

CISO 129

CISO Risk Cybersecurity Phishing 129

SecureList

OCTOBER 5, 2022

Introduction. We are often asked how targets are infected with malware. Our answer is nearly always the same: (spear) phishing. There will be exceptions, naturally, as we will encounter RCE vulnerabilities every now and then, or if the attacker is already on the network, they will use tools like PsExec. But that’s it — most of the time, anyway.

Malware 122

Malware Architecture Spyware Ransomware 122

Security Boulevard

OCTOBER 5, 2022

LayerX this week emerged from stealth to launch a modern browser extension that leverages machine learning algorithms to ensure connections made to applications are secure. LayerX CEO Or Eshed said an approach based on browser extensions also makes it simpler for IT and security operations teams to manage security without having to replace existing browsers.

Malware 119

Malware Cybersecurity Network Security 119

CSO Magazine

OCTOBER 5, 2022

In a recent survey of 200 health care CEOs , it was revealed that at the beginning of the COVID-19 pandemic, 62% of respondents’ organizations were executing digital transformations. However, as in so many other enterprises, nearly all the respondents (97%) indicated that the effects of the pandemic also accelerated their digital transformation projects.

Digital transformation 116

Digital transformation Healthcare Software 116

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Security Boulevard

OCTOBER 5, 2022

By now, it’s no secret that cyber attacks pose catastrophic risks to businesses large and small. The rise of remote […]. The post Cyber Security & Recruitment: The two biggest risks to your business in 2022 appeared first on Security Boulevard.

Risk 113

Risk Cyber Attacks 113

CyberSecurity Insiders

OCTOBER 5, 2022

Information is out that an advanced persistent threat group has reportedly stolen data from the US Defense servers with the help of CovalentStealer Malware. And news is out that the information steal was taking place from the past 10 months, with the initial access got Microsoft Exchange Servers from January last year. It is a fact that the Defense Industrial Base (DIB) provides products and services that support a smooth flow of military operations.

Government 111

Government Malware Adware Spyware 111

Security Boulevard

OCTOBER 5, 2022

Less than half of businesses are adequately addressing the issue of identity security, despite the growing threat of identity-based attacks, according to a SailPoint survey of more than 300 global cybersecurity executives. The survey also indicated that as enterprises increase their identity security maturity, they become better at using their security tools more efficiently.

Cybersecurity 109

Cybersecurity Social Engineering Engineering 109

CyberSecurity Insiders

OCTOBER 5, 2022

San Francisco Federal Court convicted Joe Sullivan, the Ex- CEO of Uber, for hiding a massive data breach that took place in the year 2016. The statement was pronounced after going through a 4-week long testimony was presented from the side of Mr. Sullivan. Reliable sources from the court say that Joe presented his version by putting the blame on the other C-Level executives working for the company during his tenure as a Chief Executive Officer (CEO).

Data breaches 107

Data breaches Cyber Attacks Cybersecurity 107

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Digital Shadows

OCTOBER 5, 2022

The fallout of the recent Optus breach got me thinking about a common occurrence: seller’s remorse… Most of us have. The post The Optus Breach: If I Could Turn Back Time first appeared on Digital Shadows.

Cybercrime 104

Cybercrime 104

CyberSecurity Insiders

OCTOBER 5, 2022

A company named ‘SpinLaunch’ has developed a novel way of launching satellites into low earth orbits without the use of fuel or any kind of high-cost powering energy. It has in fact developed a rocket launching platform that uses massive slingshots that are in the size of the Statue of Liberty. Technically speaking, the slingshot rotates its arm at 5,000 miles per hour speed and shoots a projectile directly into the space to about 25,000- 200,000 feet above the earth’s surface.

Cybersecurity 104

Cybersecurity Artificial Intelligence 104

Bleeping Computer

OCTOBER 5, 2022

A new Android spyware named 'RatMilad' was discovered targeting mobile devices in the Middle East, used to spy on victims and steal data. [.].

Spyware 115

Spyware Mobile Malware 115

Heimadal Security

OCTOBER 5, 2022

A popular Chinese-language YouTube channel was discovered to be a means of distributing a trojanized version of a Windows installer for the Tor Browser, echoing other events directed at the paltform`s users. The malicious version of the Tor Browser installer is being spread via a link present in the description of a video dating back […]. The post YouTube Channel Caught Distributing Malicious Installer appeared first on Heimdal Security Blog.

Cybersecurity 101

Cybersecurity 101

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Bleeping Computer

OCTOBER 5, 2022

Security researchers have found a new piece of malware targeting Microsoft SQL servers. Named Maggie, the backdoor has already infected hundreds of machines all over the world. [.].

Malware 98

Malware 98

Security Boulevard

OCTOBER 5, 2022

How is the Internet of Things being expanded by 5G to create a better world? Do we all consider this question? The internet of things is growing at an astounding rate as the world is expanding and society continues to change and influence our daily lives. According to estimates from the Global System for Mobile […]. The post 5G and IoT for Intelligent Connectivity appeared first on Kratikal Blogs.

IoT 98

IoT Internet Internet Mobile 98

Malwarebytes

OCTOBER 5, 2022

The Securities and Exchange Commission (SEC) announced in a recent press release that it's charging celebrity influencer Kim Kardashian for violating Section 17(b) of the Securities Act of 1933, or the anti-touting provision. Kardashian was paid to promote EthereumMax (or EMAX), a crypto asset security, to her 210 million Instagram followers in June 2021.

Scams 98

Scams Advertising Risk 98

Security Boulevard

OCTOBER 5, 2022

October is recognized every year as Cyber Security Awareness Month (CSAM). Starting in 2004, this important awareness month has been a collaboration between The Cybersecurity and Infrastructure Security Agency (CISA) and the National Cybersecurity Alliance (NCA) to lead a collaborative effort between government and industry to raise cybersecurity awareness nationally and internationally.

Cybersecurity 98

Cybersecurity Security Awareness Government 98

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

We Live Security

OCTOBER 5, 2022

A view of the T2 2022 threat landscape as seen by ESET telemetry and from the perspective of ESET threat detection and research experts. The post ESET Threat Report T2 2022 appeared first on WeLiveSecurity.

Threat Reports 103

Threat Reports Threat Detection 103

Security Boulevard

OCTOBER 5, 2022

ReversingLabs customers rely on our threat analysis and hunting solution to provide them with an instant malware lab, delivering both static and dynamic analysis. Here, we break down the newest improvements for this solution. The post The latest update to the ReversingLabs Malware Analysis Workbench appeared first on Security Boulevard.

Malware 98

Malware Technology 98

Heimadal Security

OCTOBER 5, 2022

On 4 October 2022 U.S. Government announced a data breach at a U.S. organization in the Defense Industrial Base (DIB) sector. The infection lasted approximately ten months before being identified, with the initial access taking place in January 2021. The origin of the attackers is unknown at the moment, but several advanced persistent threat groups […].

Malware 92

Malware Data breaches Government Cybersecurity 92

Security Boulevard

OCTOBER 5, 2022

Doing security properly for application programming interfaces (APIs) is a process that goes well beyond security. It’s also about IT operational and architectural issues that drive security outcomes. To be successful, API security must be viewed as an end-to-end process covering the full software lifecycle. It starts with development but continues through runtime and end-of-life. .

Architecture 98

Architecture Software 98

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Thales Cloud Protection & Licensing

OCTOBER 5, 2022

Global October Cybersecurity Events: Where You Can Find Thales. divya. Thu, 10/06/2022 - 06:55. The summer is now over, and October is a month full of cybersecurity events for Thales around the world. Along with celebrating Cyber Security Awareness Month, several exciting events are taking place across the world, aiming to educate people on the latest trends in cybersecurity and privacy.

Cybersecurity 87

Cybersecurity Digital transformation Mobile Technology 87

Security Boulevard

OCTOBER 5, 2022

Contrast has expanded its Static Analysis Security Testing (SAST) language coverage to support client-side JavaScript, including Angular, React and jQuery in both the enterprise version of Contrast Scan as well as CodeSec, Contrast’s free security tool for developers. Contrast’s product roadmap also includes adding support for Vue.js in October 2022.

98

98

CyberSecurity Insiders

OCTOBER 5, 2022

Well, to a certain extent, yes, say security experts! As it helps in recovering data when any untoward situation arises. However, the data backup must be done technically and must be efficient enough to be help users recover from a cyber incident with minimal downtime and public embarrassment. Coming to the backup, there is a fundamental rule of following 3-2-1 rule.

Backups 92

Backups Ransomware Media Malware 92

Security Boulevard

OCTOBER 5, 2022

Chris Veith will Manage Relationships with EY, Deloitte, Wipro, and others for Identity Orchestration Leader BOULDER, Colo., Oct. 6, 2022 —Strata Identity, the Identity Orchestration company, today announced it has appointed Chris Veith, Senior Director of Global Alliances. Chris joins Strata from Okta and will lead the company’s global systems integrator (GSI) partner program.

97

97

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.