Tech Republic Security
JANUARY 11, 2023
The training covers Docker, Splunk and AWS as you work toward CCSP certification. The post Explore information security with 97% off this huge course bundle appeared first on TechRepublic.
Cisco Security
JANUARY 11, 2023
It’s been my pleasure to work alongside the Centre for Information Policy Leadership (CIPL) for over a decade to advocate for privacy to be respected as a fundamental human right and managed by organizations as a business imperative. CIPL works with industry leaders, regulators, and policymakers to deliver leading practices and solutions for privacy and responsible data use around the world.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Graham Cluley
JANUARY 11, 2023
The experts at security firm Bitdefender have released a universal decryptor for victims of the MegaCortex family of ransomware, which is estimated to have caused more than 1800 infections - mostly of businesses.
CSO Magazine
JANUARY 11, 2023
Security researchers have used the GPT-3 natural language generation model and the ChatGPT chatbot based on it to show how such deep learning models can be used to make social engineering attacks such as phishing or business email compromise scams harder to detect and easier to pull off. The study, by researchers with security firm WithSecure, demonstrates that not only can attackers generate unique variations of the same phishing lure with grammatically correct and human-like written text, but
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
CyberSecurity Insiders
JANUARY 11, 2023
As the maritime sector has become extremely dependent on technology tools, it is also attracting the attention of cyber criminals who are finding it as a lucrative target to mint money. Adding fuel to this are the vulnerabilities being observed in the system visibility tools that are being deployed because of OT/IT convergence. Although such automated tools help to cut down cyber risks, they also create complex visibility hiccups because of a shortage for the trained workforce.
Bleeping Computer
JANUARY 11, 2023
A financially motivated threat actor tracked as Scattered Spider was observed attempting to deploy Intel Ethernet diagnostics drivers in a BYOVD (Bring Your Own Vulnerable Driver) attack to evade detection from EDR (Endpoint Detection and Response) security products. [.].
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
We Live Security
JANUARY 11, 2023
A new law portends a future where (we hope) it will be easier for us all to repair, fix, upgrade, and just tinker with things we already own. The post Now you can legally repair your tech – sort of appeared first on WeLiveSecurity.
Heimadal Security
JANUARY 11, 2023
Multiple government agencies and military bodies in the APAC region have been targeted by what appears to be a new advanced threat actor that uses custom malware. Researchers refer to this group as Dark Pink (Group-IB) or Saaiwc Group (Anheng Hunting Labs), noting that it employs uncommon tactics, techniques, and procedures (TTP). The actor used […].
CyberSecurity Insiders
JANUARY 11, 2023
Royal Mail, the Britain-based postal and courier delivery services, has made an official statement that a cyber attack affected all its it systems because of which its parcel and letter delivery services will be deeply affected. Thus, those using the services can either expect the delivery to be delayed by a couple of days or might be scheduled freshly for next week’s delivery.
CSO Magazine
JANUARY 11, 2023
On November 30, 2022, password manager LastPass informed customers of a cybersecurity incident following unusual activity within a third-party cloud storage service. While LastPass claims that users’ passwords remain safely encrypted, it admitted that certain elements of customers’ information have been exposed. The security incident was the latest to affect the service in recent times in the wake of unauthorized access to its development environment in August last year , serious vulnerabilities
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Appknox
JANUARY 11, 2023
DDoS attacks are rising, and hosts find it harder to prevent them. Distributed Denial of Service attack or DDoS attack is a malicious act of sending numerous requests to a target, usually to a website or server, to make it impossible for legitimate users to access the site.
Security Boulevard
JANUARY 11, 2023
As the world becomes increasingly reliant on technology and the internet, cybersecurity legal trends continue to evolve and shape the way we approach data protection. So what can we expect in terms of legal changes for 2023 in the United States? Let’s get out that old crystal ball and see what we can see. Increased. The post Cybersecurity Legal Trends for 2023 appeared first on Security Boulevard.
eSecurity Planet
JANUARY 11, 2023
Microsoft’s first Patch Tuesday of 2023 addresses 98 vulnerabilities, more than twice as many as last month – including one zero-day flaw that’s being actively exploited, as well as 11 critical flaws. The zero-day, CVE-2023-21674 , is a Windows Advanced Local Procedure Call (ALPC) elevation of privilege vulnerability with a CVSS score of 8.8.
Security Boulevard
JANUARY 11, 2023
NIST’s popular cybersecurity framework is finally ready for space. Well, not really outer space—but it will be applied to the security of ground satellite command-and-control systems. In recent years, the security of satellites has caught the attention of the military and lawmakers. Col. Jennifer Krolikowski, chief information officer at U.S. Space Systems Command, U.S.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Bleeping Computer
JANUARY 11, 2023
The Gootkit loader malware operators are running a new SEO poisoning campaign that abuses VLC Media Player to infect Australian healthcare entities with Cobalt Strike beacons. [.].
Security Boulevard
JANUARY 11, 2023
Increasingly, Google Cloud Platform users are recognizing the business benefits of multi-cloud. That’s not surprising since a multi-cloud approach allows organizations to enjoy each platform’s benefits, avoid vendor lock-in and accelerate cloud-native development practices. But this approach also comes with significant risks, especially for organizations that rely solely on native security controls.
Bleeping Computer
JANUARY 11, 2023
Twitter finally addressed reports that a dataset of email addresses linked to hundreds of millions of Twitter users was leaked and put up for sale online, saying that it found no evidence the data was obtained by exploiting a vulnerability in its systems. [.].
Heimadal Security
JANUARY 11, 2023
The Advanced Persistent Threat (APT) known as StrongPity has been observed distributing a fake Shagle chat app that is a trojanized version of the Telegram for Android app with an added backdoor. Shagle is a legitimate random-video-chat platform that allows strangers to talk via an encrypted communications channel. However, the platform is entirely web-based, meaning there is […].
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Bleeping Computer
JANUARY 11, 2023
Cisco warned customers today of a critical authentication bypass vulnerability with public exploit code affecting multiple end-of-life (EoL) VPN routers. [.].
Malwarebytes
JANUARY 11, 2023
The first Microsoft Patch Tuesday of 2023 is an important one to start of the year with. In total 98 vulnerabilities were patched, including 11 that were labelled critical and one that is being actively exploited in the wild. This is also the last time we expect to see fixes for Windows 8.1 included, since the support for Windows 8.1 ended January 10, 2023.
Graham Cluley
JANUARY 11, 2023
Three weeks after The Guardian newspaper was hit by a ransomware attack, it warns staff members that their personal data was accessed.
Dark Reading
JANUARY 11, 2023
With artificial intelligence poised to displace many SOC professionals, it's important to think ahead to potential niches for cybersmart humans — even to outer space.
Advertisement
The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.
Duo's Security Blog
JANUARY 11, 2023
Last year, Duo announced the General Availability of Remote Desktop Protocol (RDP) for the Duo Network Gateway (DNG) , and today we are happy to share that we’ve now extended transmission control protocol (TCP) support to the Server Message Block (SMB) protocol. This capability is generally available for Duo Beyond customers. This means that the DNG now enables users to access on-premises shares, without requiring a full VPN connection.
Security Affairs
JANUARY 11, 2023
Microsoft Patch Tuesday security updates for January 2023 fixed 97 flaws and an actively exploited zero-day. Microsoft Patch Tuesday security updates for January 2023 addressed a total of 98 vulnerabilities in Microsoft Windows and Windows Components; Office and Office Components; NET Core and Visual Studio Code, 3D Builder, Azure Service Fabric Container, Windows BitLocker, Windows Defender, Windows Print Spooler Components, and Microsoft Exchange Server. 11 vulnerabilities are rated Critical a
Malwarebytes
JANUARY 11, 2023
On Monday, the US Supreme Court denied the NSO Group's petition for a writ of certiorari , a request to the high court to review its case, signaling that Meta's WhatsApp can go ahead with its case against the Israeli-based company behind the Pegasus spyware. The court didn't explain why it refused to hear the NSO's appeal. If you recall, WhatsApp filed a lawsuit against NSO in 2019 under the Computer Fraud and Abuse Act for allegedly targeting and installing spyware on roughly 1,400 devices of i
Heimadal Security
JANUARY 11, 2023
Researchers warn that patching critical vulnerabilities that allow network access is not enough to prevent ransomware attacks. Some gangs exploit the flaws to plan a backdoor malware while they still have the opportunity, and they may return long after the victim has applied the necessary security updates. In one case, hackers exploited a critical bug […].
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
CompTIA on Cybersecurity
JANUARY 11, 2023
Living in a rural region, Noah Balch might not find as many IT job openings as in a larger market. But the young IT aspirant is working overtime to make himself stand out.
Bleeping Computer
JANUARY 11, 2023
The Royal Mail, UK's leading mail delivery service, has stopped its international shipping services due to "severe service disruption" caused by what it described as a "cyber incident." [.].
Dark Reading
JANUARY 11, 2023
Current defenses are able to protect against today's AI-enhanced cybersecurity threats, but that won't be the case for long as these attacks become more effective and sophisticated.
The Hacker News
JANUARY 11, 2023
Malicious actors are actively attempting to exploit a recently patched critical vulnerability in Control Web Panel (CWP) that enables elevated privileges and unauthenticated remote code execution (RCE) on susceptible servers. Tracked as CVE-2022-44877 (CVSS score: 9.8), the bug impacts all versions of the software before 0.9.8.1147 and was patched by its maintainers on October 25, 2022.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Expert insights. Personalized for you.
137 
Let's personalize your content