The Last Watchdog
JUNE 13, 2022
At the start of this year, analysts identified a number of trends driving the growth of cybersecurity. Among them: an expanding digital footprint, growing attack surfaces, and increasing government regulation. Related: Taking API proliferation seriously. Last year saw an unprecedented $21.8 billion in venture capital poured into cybersecurity companies globally.
Schneier on Security
JUNE 13, 2022
ENCSecurity markets a file encryption system, and it’s used by SanDisk, Sony, Lexar, and probably others. Despite it using AES as its algorithm, it’s implementation is flawed in multiple ways—and breakable. The moral is, as it always is, that implementing cryptography securely is hard. Don’t roll your own anything if you can help it.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Tech Republic Security
JUNE 13, 2022
Threat actors originating from the People's Republic of China are exploiting known vulnerabilities to build a broad network infrastructure of compromised machines worldwide. Learn more about how to protect yourself from this threat. The post State-sponsored Chinese threat actors compromise telecommunications and network services providers appeared first on TechRepublic.
Cisco Security
JUNE 13, 2022
This article is part of a series in which we will explore several features, principles, and the building blocks of a security detection engine within an extended detection and response (XDR) solution. In this second installment, we will look at ways of structuring the presentation of machine-generated alerts, so that each alert offers a cohesive and compelling narrative, as if written by a human analyst, at scale and in realtime.
Speaker: Erroll Amacker
Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.
Webroot
JUNE 13, 2022
The transition to a digital-first world enables us to connect, work and live in a realm where information is available at our fingertips. The children of today will be working in an environment of tomorrow that is shaped by hyperconnectivity. Operating in this environment means our present and future generations need to understand the importance of being aware of the benefits and risks of an interconnected world.
The State of Security
JUNE 13, 2022
Sophos Labs recently released its annual global study, State of Ransomware 2022, which covers real-world ransomware experiences in 2021, their financial and operational impact on organizations, as well as the role of cyber insurance in cyber defense. The report, which surveyed 5,600 IT professionals in mid-sized organizations across 31 countries, shows that ransomware attacks are […]… Read More.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
|
CSO Magazine
JUNE 13, 2022
Machine learning and artificial intelligence (AI) are becoming a core technology for some threat detection and response tools. The ability to learn on the fly and automatically adapt to changing cyberthreats give security teams an advantage. However, some threat actors are also using machine learning and AI a to scale up their cyberattacks, evade security controls, and find new vulnerabilities all at an unprecedented pace and to devastating results.
Malwarebytes
JUNE 13, 2022
Last week on Malwarebytes Labs: FBI warns of scammers soliciting donations for Ukraine Microsoft autopatch is here…but can you use it? Prometheus ransomware’s flaws inspired researchers to try to build a near-universal decryption tool Rotten apples banned from App store Hackers can take over accounts you haven’t even created yet Ransomware Task Force priorities see progress in first year Coffee app in hot water for constant tracking of user location SSNDOB stolen data marketpla
Security Boulevard
JUNE 13, 2022
This week we discuss hacking ham radio with special guests Caitlin Johanson, Rick Osgood, and Larry Pesce. In this episode you’ll learn what ham radio is, why its still relevant, why would attackers want to hack ham radio, all about packet radio and APRS (Automatic Packet Reporting System), and what equipment and licensing you need […]. The post Hacking Ham Radio: Why It’s Still Relevant and How to Get Started appeared first on The Shared Security Show.
Security Affairs
JUNE 13, 2022
Researchers at the University of Hamburg demonstrated that WiFi connection probe requests expose users to track. A group of academics at the University of Hamburg (Germany) demonstrated that it is possible to use WiFi connection probe requests to identify and track devices and thereby their users. Mobile devices transmit probe requests to receive information about nearby Wi-Fi networks and establish a Wi-Fi connection.
Advertisement
Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.
Quick Heal Antivirus
JUNE 13, 2022
Goodwill Ransomware, identified by CloudSEK researchers in March 2022, is known to promote social justice on the internet. The post Robin Hood Ransomware ‘GOODWILL’ Forces Victim for Charity appeared first on Quick Heal Blog | Latest computer security news, tips, and advice.
CSO Magazine
JUNE 13, 2022
Threat actors exhibited "ceaseless creativity" last year when attacking the Achilles heel of every organization—its human capital—according to Proofpoint's annual The Human Factor 2022 report. The report, released June 2, draws on a multi-trillion datapoint graph created from the company's deployments to identify the latest attack trends by malicious players.
The Hacker News
JUNE 13, 2022
The Iranian state-sponsored threat actor tracked under the moniker Lyceum has turned to using a new custom.NET-based backdoor in recent campaigns directed against the Middle East. "The new malware is a.NET based DNS Backdoor which is a customized version of the open source tool 'DIG.net,'" Zscaler ThreatLabz researchers Niraj Shivtarkar and Avinash Kumar said in a report published last week.
CSO Magazine
JUNE 13, 2022
Identity and access management (IAM) embraces a broad swath of IT practice. This practice is subject to two forces pushing it towards greater prominence: increasing threat actor activity and increasing infrastructure complexity. In response, we see increasing sophistication of the tools used to deal with both. Web3 technology has unique characteristics that lend it to dealing with IAM.
Advertisement
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
Security Boulevard
JUNE 13, 2022
When you choose a managed service provider (MSP), you are putting a lot of trust in their ability to keep your systems up and running and to keep your data safe. That’s why it’s so important to vet your potential managed service provider to make sure they are aware of and adhere to cybersecurity best. The post 19 Ways to Vet Your MSP for Cybersecurity Best Practices appeared first on Security Boulevard.
Acunetix
JUNE 13, 2022
Threat modeling is an activity that helps you identify and mitigate threats. It’s very important because it makes you look at security risks top-down, focus on decision-making and prioritize cybersecurity decisions, and consider how you can use your resources in the best possible way. There. Read more. The post Threat modeling for web application security appeared first on Acunetix.
We Live Security
JUNE 13, 2022
Five years ago, ESET researchers released their analysis of the first ever malware that was designed specifically to attack power grids. The post Industroyer: A cyber‑weapon that brought down a power grid appeared first on WeLiveSecurity.
CyberSecurity Insiders
JUNE 13, 2022
Indian Government websites are seeing a rise in cyber attacks after one of the former BJP leaders, Nupur Sharma, made some nasty comments on Prophet Muhammad. Terrorist organizations like Al-Qaida and others from Iran outfits have pledged to take control of India’s Aadhaar and electoral database if the suspended BJP leader Nupur Sharma doesn’t issue a public apology and is not punished by the court of law.
Speaker: Sierre Lindgren
Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.
The Hacker News
JUNE 13, 2022
A technically sophisticated threat actor known as SeaFlower has been targeting Android and iOS users as part of an extensive campaign that mimics official cryptocurrency wallet websites intending to distribute backdoored apps that drain victims' funds.
SecureBlitz
JUNE 13, 2022
Ransomware is a type of malware that uses encryption to hold your data hostage until a ransom, usually in the. Read more. The post 4 Ways Ransomware Can Infect A System appeared first on SecureBlitz Cybersecurity.
The Hacker News
JUNE 13, 2022
A Chinese advanced persistent threat (APT) known as Gallium has been observed using a previously undocumented remote access trojan in its espionage attacks targeting companies operating in Southeast Asia, Europe, and Africa.
Bleeping Computer
JUNE 13, 2022
Microsoft will finally end support for Internet Explorer on multiple Windows versions on Wednesday, June 15, almost 27 years after its launch on August 24, 1995. [.].
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
The Hacker News
JUNE 13, 2022
Cybersecurity researchers have disclosed details of two medium-security flaws in Mitel 6800/6900 desk phones that, if successfully exploited, could allow an attacker to gain root privileges on the devices. Tracked as CVE-2022-29854 and CVE-2022-29855 (CVSS score: 6.
Security Affairs
JUNE 13, 2022
Ukraine’s Computer Emergency Response Team (CERT) warns that the Russia-linked Sandworm APT group may exploit the Follina RCE vulnerability. Ukraine’s Computer Emergency Response Team (CERT) is warning that the Russia-linked Sandworm APT may be exploiting the recently discovered Follina RCE. The issue, tracked as CVE-2022-30190, impacts the Microsoft Windows Support Diagnostic Tool (MSDT).
The Hacker News
JUNE 13, 2022
Windows and Linux systems are being targeted by a ransomware variant called HelloXD, with the infections also involving the deployment of a backdoor to facilitate persistent remote access to infected hosts.
Dark Reading
JUNE 13, 2022
Public Travis CI logs loaded with GitHub, AWS, Docker Hub account tokens, and other sensitive data could be leveraged for lateral cloud attacks.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Malwarebytes
JUNE 13, 2022
Users of Chrome have been advised to apply updates as soon as possible related to seven security vulnerabilities. CISA has also warned that the vulnerabilities could be used to take control of affected systems. Although no detailed explanation of how these vulnerabilities work has been released, there is enough out there to encourage users to apply the patches.
Dark Reading
JUNE 13, 2022
Google last week reported seven vulnerabilities in the browser, four of which it rated as high severity.
Security Affairs
JUNE 13, 2022
China-linked Gallium APT employed a previously undocumented RAT, tracked as PingPull, in recent cyber espionage campaign targeting South Asia, Europe, and Africa. China-linked Gallium APT (aka Softcell) used a previously undocumented remote access Trojan dubbed PingPull in recent attacks aimed at organizations in Southeast Asia, Europe, and Africa. Researchers from Palo Alto Networks defined the PingPull RAT as a “difficult-to-detect” backdoor that leverages the Internet Control Mess
Security Boulevard
JUNE 13, 2022
Apple’s M1 chip isn’t as safe from buffer overflows as previously thought. M1 and other designs based on ARMv8.3 can have their ‘PAC’ protection neutered. The post Apple M1 Flaw Can’t be Fixed — PACMAN Panic appeared first on Security Boulevard.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Expert insights. Personalized for you.
257 
Let's personalize your content