Tech Republic Security
JANUARY 11, 2023
The training covers Docker, Splunk and AWS as you work toward CCSP certification. The post Explore information security with 97% off this huge course bundle appeared first on TechRepublic.
Cisco Security
JANUARY 11, 2023
It’s been my pleasure to work alongside the Centre for Information Policy Leadership (CIPL) for over a decade to advocate for privacy to be respected as a fundamental human right and managed by organizations as a business imperative. CIPL works with industry leaders, regulators, and policymakers to deliver leading practices and solutions for privacy and responsible data use around the world.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Graham Cluley
JANUARY 11, 2023
The experts at security firm Bitdefender have released a universal decryptor for victims of the MegaCortex family of ransomware, which is estimated to have caused more than 1800 infections - mostly of businesses.
We Live Security
JANUARY 11, 2023
A new law portends a future where (we hope) it will be easier for us all to repair, fix, upgrade, and just tinker with things we already own. The post Now you can legally repair your tech – sort of appeared first on WeLiveSecurity.
Speaker: Erroll Amacker
Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.
CSO Magazine
JANUARY 11, 2023
Security researchers have used the GPT-3 natural language generation model and the ChatGPT chatbot based on it to show how such deep learning models can be used to make social engineering attacks such as phishing or business email compromise scams harder to detect and easier to pull off. The study, by researchers with security firm WithSecure, demonstrates that not only can attackers generate unique variations of the same phishing lure with grammatically correct and human-like written text, but
CyberSecurity Insiders
JANUARY 11, 2023
As the maritime sector has become extremely dependent on technology tools, it is also attracting the attention of cyber criminals who are finding it as a lucrative target to mint money. Adding fuel to this are the vulnerabilities being observed in the system visibility tools that are being deployed because of OT/IT convergence. Although such automated tools help to cut down cyber risks, they also create complex visibility hiccups because of a shortage for the trained workforce.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
|
CSO Magazine
JANUARY 11, 2023
The Scattered Spider cybercrime group has recently been observed attempting to deploy a malicious kernel driver using a tactic called bring your own vulnerable driver (BYOVD) — a warning to security professionals that the technique, which exploits longstanding deficiencies in Windows kernel protections, is still being employed by cybercriminals, according to cybersecurity company CrowdStrike.
eSecurity Planet
JANUARY 11, 2023
Microsoft’s first Patch Tuesday of 2023 addresses 98 vulnerabilities, more than twice as many as last month – including one zero-day flaw that’s being actively exploited, as well as 11 critical flaws. The zero-day, CVE-2023-21674 , is a Windows Advanced Local Procedure Call (ALPC) elevation of privilege vulnerability with a CVSS score of 8.8.
Graham Cluley
JANUARY 11, 2023
Three weeks after The Guardian newspaper was hit by a ransomware attack, it warns staff members that their personal data was accessed.
CyberSecurity Insiders
JANUARY 11, 2023
Royal Mail, the Britain-based postal and courier delivery services, has made an official statement that a cyber attack affected all its it systems because of which its parcel and letter delivery services will be deeply affected. Thus, those using the services can either expect the delivery to be delayed by a couple of days or might be scheduled freshly for next week’s delivery.
Advertisement
Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.
Bleeping Computer
JANUARY 11, 2023
A financially motivated threat actor tracked as Scattered Spider was observed attempting to deploy Intel Ethernet diagnostics drivers in a BYOVD (Bring Your Own Vulnerable Driver) attack to evade detection from EDR (Endpoint Detection and Response) security products. [.].
Dark Reading
JANUARY 11, 2023
School to resume Thursday, Jan. 12, after Iowa school district detected unusual network activity and pulled the plug.
Duo's Security Blog
JANUARY 11, 2023
Last year, Duo announced the General Availability of Remote Desktop Protocol (RDP) for the Duo Network Gateway (DNG) , and today we are happy to share that we’ve now extended transmission control protocol (TCP) support to the Server Message Block (SMB) protocol. This capability is generally available for Duo Beyond customers. This means that the DNG now enables users to access on-premises shares, without requiring a full VPN connection.
Security Boulevard
JANUARY 11, 2023
As the world becomes increasingly reliant on technology and the internet, cybersecurity legal trends continue to evolve and shape the way we approach data protection. So what can we expect in terms of legal changes for 2023 in the United States? Let’s get out that old crystal ball and see what we can see. Increased. The post Cybersecurity Legal Trends for 2023 appeared first on Security Boulevard.
Advertisement
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
Heimadal Security
JANUARY 11, 2023
Researchers warn that patching critical vulnerabilities that allow network access is not enough to prevent ransomware attacks. Some gangs exploit the flaws to plan a backdoor malware while they still have the opportunity, and they may return long after the victim has applied the necessary security updates. In one case, hackers exploited a critical bug […].
CSO Magazine
JANUARY 11, 2023
On November 30, 2022, password manager LastPass informed customers of a cybersecurity incident following unusual activity within a third-party cloud storage service. While LastPass claims that users’ passwords remain safely encrypted, it admitted that certain elements of customers’ information have been exposed. The security incident was the latest to affect the service in recent times in the wake of unauthorized access to its development environment in August last year , serious vulnerabilities
Appknox
JANUARY 11, 2023
DDoS attacks are rising, and hosts find it harder to prevent them. Distributed Denial of Service attack or DDoS attack is a malicious act of sending numerous requests to a target, usually to a website or server, to make it impossible for legitimate users to access the site.
Heimadal Security
JANUARY 11, 2023
The Advanced Persistent Threat (APT) known as StrongPity has been observed distributing a fake Shagle chat app that is a trojanized version of the Telegram for Android app with an added backdoor. Shagle is a legitimate random-video-chat platform that allows strangers to talk via an encrypted communications channel. However, the platform is entirely web-based, meaning there is […].
Speaker: Sierre Lindgren
Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.
Security Boulevard
JANUARY 11, 2023
NIST’s popular cybersecurity framework is finally ready for space. Well, not really outer space—but it will be applied to the security of ground satellite command-and-control systems. In recent years, the security of satellites has caught the attention of the military and lawmakers. Col. Jennifer Krolikowski, chief information officer at U.S. Space Systems Command, U.S.
Bleeping Computer
JANUARY 11, 2023
Cisco warned customers today of a critical authentication bypass vulnerability with public exploit code affecting multiple end-of-life (EoL) VPN routers. [.].
Security Boulevard
JANUARY 11, 2023
Increasingly, Google Cloud Platform users are recognizing the business benefits of multi-cloud. That’s not surprising since a multi-cloud approach allows organizations to enjoy each platform’s benefits, avoid vendor lock-in and accelerate cloud-native development practices. But this approach also comes with significant risks, especially for organizations that rely solely on native security controls.
Dark Reading
JANUARY 11, 2023
With artificial intelligence poised to displace many SOC professionals, it's important to think ahead to potential niches for cybersmart humans — even to outer space.
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
WIRED Threat Level
JANUARY 11, 2023
SweepWizard, an app that law enforcement used to coordinate raids, left sensitive information about hundreds of police operations publicly accessible.
Dark Reading
JANUARY 11, 2023
Organizations are looking for new methods to safeguard the virtual machines, containers, and workload services they use in the cloud.
Security Affairs
JANUARY 11, 2023
Microsoft Patch Tuesday security updates for January 2023 fixed 97 flaws and an actively exploited zero-day. Microsoft Patch Tuesday security updates for January 2023 addressed a total of 98 vulnerabilities in Microsoft Windows and Windows Components; Office and Office Components; NET Core and Visual Studio Code, 3D Builder, Azure Service Fabric Container, Windows BitLocker, Windows Defender, Windows Print Spooler Components, and Microsoft Exchange Server. 11 vulnerabilities are rated Critical a
Malwarebytes
JANUARY 11, 2023
The first Microsoft Patch Tuesday of 2023 is an important one to start of the year with. In total 98 vulnerabilities were patched, including 11 that were labelled critical and one that is being actively exploited in the wild. This is also the last time we expect to see fixes for Windows 8.1 included, since the support for Windows 8.1 ended January 10, 2023.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Security Affairs
JANUARY 11, 2023
US CISA added Microsoft Exchange elevation of privileges bug CVE-2022-41080 to its Known Exploited Vulnerabilities Catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog. The first issue, tracked as CVE-2022-41080 , is a Microsoft Exchange server privilege escalation vulnerability.
SecureWorld News
JANUARY 11, 2023
The ongoing Russia-Ukraine war is. well, still ongoing. While the fighting on the frontlines continues to make headlines, an important aspect of the war that doesn't receive as much attention is cyber warfare. The two countries have taken turns targeting each other with various types of cyberattacks, but Ukraine now believes that coordinated attacks on its civilian and critical infrastructure could amount to war crimes.
Security Affairs
JANUARY 11, 2023
Royal Mail, Britain’s postal service, announced it has suffered a “cyber incident” that caused a “severe service disruption.”. Royal Mail, the British multinational postal service and courier company, announced this week that a “cyber incident” has a severe impact on its operation. The incident only impacted Royal Mail’s international export services, the company said it is temporarily unable to despatch items to overseas destinations.
Malwarebytes
JANUARY 11, 2023
On Monday, the US Supreme Court denied the NSO Group's petition for a writ of certiorari , a request to the high court to review its case, signaling that Meta's WhatsApp can go ahead with its case against the Israeli-based company behind the Pegasus spyware. The court didn't explain why it refused to hear the NSO's appeal. If you recall, WhatsApp filed a lawsuit against NSO in 2019 under the Computer Fraud and Abuse Act for allegedly targeting and installing spyware on roughly 1,400 devices of i
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Expert insights. Personalized for you.
183 
Let's personalize your content