Schneier on Security

NOVEMBER 15, 2022

Last month, we were warned not to install Qatar’s World Cup app because it was spyware. This month, it’s Egypt’s COP27 Summit app : The app is being promoted as a tool to help attendees navigate the event. But it risks giving the Egyptian government permission to read users’ emails and messages. Even messages shared via encrypted services like WhatsApp are vulnerable, according to POLITICO’s technical review of the application, and two of the outside experts.

Spyware 348

Spyware Technology Encryption Government 348

Tech Republic Security

NOVEMBER 15, 2022

Windows 10 in S mode is an operating system option that prioritizes security and performance. Learn the pros and cons of Windows 10 in S mode here. The post Windows 10 in S mode: Pros and cons appeared first on TechRepublic.

Software 197

Software 197

SecureList

NOVEMBER 15, 2022

Introduction. DTrack is a backdoor used by the Lazarus group. Initially discovered in 2019 , the backdoor remains in use three years later. It is used by the Lazarus group against a wide variety of targets. For example, we’ve seen it being used in financial environments where ATMs were breached, in attacks on a nuclear power plant and also in targeted ransomware attacks.

Malware 145

Malware Telecommunications Encryption Manufacturing 145

Graham Cluley

NOVEMBER 15, 2022

Twitter is in chaos. I'd rather delete my Direct Messages one-by-one than one day find that they are in the hands of a hacker or a disgruntled Twitter employee who goes rogue.

Data breaches 140

Data breaches 140

Speaker: Erroll Amacker

Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.

Risk

CyberSecurity Insiders

NOVEMBER 15, 2022

By Kathy Quashie, Chief Growth Officer at Capita . It’s well known that cracks are beginning to show in the workforce of today. Demand for digital skills, permeating each and every industry, is not being met with supply. This digital skills gap is harming UK productivity – and will continue to do so until it is addressed by employers up and down the country.

Cybersecurity 137

Cybersecurity Cyber threats Technology 137

Graham Cluley

NOVEMBER 15, 2022

Healthcare organisations in the United States are being warned to be on their guard once again, this time against a family of ransomware known as Venus. Read more in my article on the Tripwire State of Security blog.

Healthcare 134

Healthcare Ransomware Malware 134

Security Boulevard

NOVEMBER 15, 2022

A Hungarian researcher found a nasty Android security bug: Malicious people can unlock your phone. The post Google Pixel Can be Unlocked via SIM Swap (Other Android Phones, Too) appeared first on Security Boulevard.

Social Engineering 128

Social Engineering Security Awareness Engineering Mobile 128

CyberSecurity Insiders

NOVEMBER 15, 2022

Google has been assigned paying a $392m penalty as it harvested location tracking details of its users without their consent, respectively. The landmark legal pronouncement came at the end of last week when a team of US attorneys confirmed that the tech giant was keeping a track of moments of its users through ‘ Location History’ even after they explicitly said NO to such practices.

Marketing 127

Marketing Internet Internet Cybersecurity 127

Trend Micro

NOVEMBER 15, 2022

Based on our survey of over 900 ICS security leaders in the United States, Germany, and Japan, we dig deeper into each industry's challenges and present Trend Micro's recommendations.

Cybersecurity 125

Cybersecurity IoT Phishing Ransomware 125

Bleeping Computer

NOVEMBER 15, 2022

North Korean hackers are using a new version of the DTrack backdoor to attack organizations in Europe and Latin America. [.].

Malware 121

Malware 121

Advertisement

Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.

Cyber threats

Security Affairs

NOVEMBER 15, 2022

Researchers discovered a critical vulnerability impacting Spotify’s Backstage Software Catalog and Developer Platform. Researchers from the security firm Oxeye discovered a critical Remote Code Execution in Spotify’s Backstage (CVSS Score of 9.8). Backstage is Spotify’s open-source platform for building developer portals, it’s used by a several organizations , including American Airlines, Netflix, Splunk, Fidelity Investments and Epic Games.

Authentication 120

Authentication Engineering Software Risk 120

Heimadal Security

NOVEMBER 15, 2022

17 web domains used for recruiting money mules for work-from-home and reshipping scams were seized by the FBI and USPS (US Postal Inspection Service) last week, as a result of an investigation that has been taking place since February 2021. How Did the Scam Happen? The websites advertised positions such as ”quality control inspectors” for […].

Scams 118

Scams Advertising Cybersecurity 118

Security Affairs

NOVEMBER 15, 2022

A suspected China-linked APT group breached a digital certificate authority in Asia as part of a campaign aimed at government agencies since March 2022. State-sponsored actors compromised a digital certificate authority in a country in Asia as part of a cyber espionage campaign aimed at multiple government agencies in the region, Symantec warns. Symantec attributes the attack to a China-linked cyberespionage group tracked as Billbug (aka Lotus Blossom , Thrip ).

Penetration Testing 115

Penetration Testing Government Malware Hacking 115

eSecurity Planet

NOVEMBER 15, 2022

Researchers at the University of Michigan and NASA are warning of a major flaw in the TTE (Time-Triggered Ethernet) protocol, which is used in a wide range of critical infrastructure, including spacecraft, aircraft, energy generation systems, and industrial control systems. TTE reduces cost and improves efficiency by allowing mission-critical devices (like flight controls) to leverage the same hardware as non-critical systems (like passenger Wi-Fi), while ensuring they don’t interfere with

Manufacturing 113

Manufacturing Engineering Government Cybersecurity 113

Advertisement

The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.

Cybersecurity

Trend Micro

NOVEMBER 15, 2022

Open-source applications are a practical way to save money while keeping up with your productivity. However, this can be abused by threat actors to steal your data. Find out how one app was used to gather information of Apple users.

Malware 106

Malware 106

Heimadal Security

NOVEMBER 15, 2022

The scooter-sharing service has confirmed suffering a data breach soon after hackers launched the sale of a database containing the details of 7.2 million customers. Whoosh operates in 40 cities across Russia, with over 75,000 scooters which makes it the leading urban mobility service platform in the country. Upon a Closer Look Last week, threat actors […].

Data breaches 105

Data breaches Mobile Cybersecurity 105

Hacker Combat

NOVEMBER 15, 2022

The launch of a security automation solution ecosystem for operational technology (OT) environments was announced on Monday by Swimlane, a provider of security orchestration, automation, and response (SOAR). For this OT security automation ecosystem , the business has partnered with a number of organizations, including the industrial cybersecurity firm Nozomi, the event monitoring and risk detection company Dataminr, and the technology and security consulting firm 1898 & Co.

IoT 105

IoT Threat Detection Technology Risk 105

Naked Security

NOVEMBER 15, 2022

Researchers at cloud coding security company Oxeye have written up a critical bug that they recently discovered in the popular cloud development toolkit Backstage. Their report includes an explanation of how the bug works, plus proof-of-concept (PoC) code showing how to exploit it. Backstage is what’s known as a cloud developer portal – a sort […].

105

105

Speaker: Sierre Lindgren

Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.

Scams

Security Affairs

NOVEMBER 15, 2022

Happy BirthDay Security Affairs! Eleven years together! I launched Security Affairs for passion in November 2011 and since then the blog was visited by tens of millions of readers. Thank you! Eleven years ago I decided to launch Security Affairs, a blog that is considered today one of the most valuable sources of the cybersecurity industry. It was awarded four times as the best European Personal Cyber Security blog, it is an honor for me to have so many readers every day, but the greatest gift i

Cybersecurity 100

Cybersecurity Government Hacking Data breaches 100

The Hacker News

NOVEMBER 15, 2022

Today, most Network Detection and Response (NDR) solutions rely on traffic mirroring and Deep Packet Inspection (DPI). Traffic mirroring is typically deployed on a single-core switch to provide a copy of the network traffic to a sensor that uses DPI to thoroughly analyze the payload.

98

98

Security Affairs

NOVEMBER 15, 2022

Researchers disclosed technical details of critical SQLi and access vulnerabilities in the Zendesk Explore Service. Cybersecurity researchers at Varonis disclosed technical details of critical SQLi and access vulnerabilities impacting the Zendesk Explore service. Zendesk Explore allows organizations to view and analyze key information about their customers, and their support resources.

Accountability 100

Accountability Advertising Hacking Cybersecurity 100

The Hacker News

NOVEMBER 15, 2022

A suspected Chinese state-sponsored actor breached a digital certificate authority as well as government and defense agencies located in different countries in Asia as part of an ongoing campaign since at least March 2022. Symantec, by Broadcom Software, linked the attacks to an adversarial group it tracks under the name Billbug, citing the use of tools previously attributed to this actor.

Government 98

Government Software 98

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

Security Affairs

NOVEMBER 15, 2022

Cyber espionage group Worok abuses Dropbox API to exfiltrate data via using a backdoor hidden in apparently innocuous image files. Researchers from cybersecurity firm Avast observed the recently discovered espionage group Worok abusing Dropbox API to exfiltrate data via using a backdoor hidden in apparently innocuous image files. The experts started their investigation from the analysis published by ESET on attacks against organizations and local governments in Asia and Africa.

Data collection 100

Data collection Malware Accountability Hacking 100

Cisco Security

NOVEMBER 15, 2022

SaaS Security Marketing Manager Laura O’Melia has always been interested in living and working internationally. After living in Austin, Texas for twenty years, O’Melia was ready for a new adventure and decided to move to Sydney, Australia with the support and encouragement of her manager and Cisco. The pandemic delayed her plans, but now that O’Melia’s settling into life and work in Australia, she shared how she made the move to work from anywhere and how you can, too.

Marketing 98

Marketing Education Mobile Banking 98

Security Affairs

NOVEMBER 15, 2022

Trend Micro reported that the Earth Longzhi group, a previously undocumented subgroup of APT41, targets Ukraine and Asian Countries. Early this year, Trend Micro investigated a security breach suffered by a company in Taiwan. Threat actors employed a custom Cobalt Strike loader in the attack. Further analysis, revealed that the same threat actor targeted multiple regions using a similar Cobalt Strike loader and has been active since 2020.

Hacking 98

Hacking Passwords Insurance Malware 98

Cisco Security

NOVEMBER 15, 2022

New level unlocked. The next step for Kenna.VM users who are maturing their risk-based vulnerability management program is Kenna.VM Premier—and it’s live. The Cisco Kenna team is excited to release a new tier of the Kenna Security platform designed specifically for customers or prospects that have reached a point of maturity in which they can and want to do more with their vulnerability management program.

Risk 98

Risk Software 98

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Security Affairs

NOVEMBER 15, 2022

Google is going to pay $391.5 million to settle with 40 states in the U.S. for secretly collecting personal location data. Google has agreed to pay $391.5 million to settle with 40 US states for misleading users about the collection of personal location data. The settlement is the largest attorney general-led consumer privacy settlement ever, states the announcement published by DoJ. “Google misled its users into thinking they had turned off location tracking in their account settings, whe

Consumer Protection 98

Consumer Protection Accountability Data collection Advertising 98

Security Boulevard

NOVEMBER 15, 2022

While the majority of enterprise IT security managers rely on threat intelligence to reduce cybersecurity risk, many still lack the necessary skills and resources to carry out these initiatives fully, according to a Vulcan Cyber report on threat intelligence adoption trends and challenges. The survey of 100 information security, vulnerability management, and threat intelligence executives.

Information Security 98

Information Security Risk Cybersecurity CISO 98

Heimadal Security

NOVEMBER 15, 2022

An issue that is causing Kerberos sign-in failures has been reported by multiple enterprise domain controllers. The problems appeared after installing updates released during Patch’s Tuesday. BleepingComputer revealed that readers of their website also reported that Kerberos breaks in situations where they’ve set the “This account supports Kerberos AES 256-bit encryption” or “This account supports Kerberos […].

Authentication 98

Authentication Encryption Accountability Cybersecurity 98

Security Boulevard

NOVEMBER 15, 2022

via the respected security expertise of Robert M. Lee and the superlative illustration talents of Jeff Haas at Little Bobby Comic. Permalink. The post Robert M. Lee’s & Jeff Haas’ Little Bobby Comic – ‘WEEK 407’ appeared first on Security Boulevard.

98

98

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!