Mon.Mar 27, 2023

article thumbnail

GUEST ESSAY — The rationale for pursuing a culture of cybersecurity– and a roadmap to get there

The Last Watchdog

Organizations with strong cybersecurity cultures experience fewer cyberattacks and recover faster than others. Related: Deploying human sensors This results from emulating the culture building approaches of high-risk industries like construction that devote sustained attention to embedding safety throughout the organization. For most organizations, building a cybersecurity culture is a necessary evil rather than a cherished goal.

article thumbnail

How to secure your GitHub account with two-factor authentication

Tech Republic Security

GitHub wants you to protect your account with the right type of authentication. The post How to secure your GitHub account with two-factor authentication appeared first on TechRepublic.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

New MacStealer macOS malware steals passwords from iCloud Keychain

Bleeping Computer

A new info-stealing malware named MacStealer is targeting Mac users, stealing their credentials stored in the iCloud KeyChain and web browsers, cryptocurrency wallets, and potentially sensitive files. [.

Malware 139
article thumbnail

Hiring kit: Cybersecurity engineer

Tech Republic Security

PURPOSE Recruiting a cybersecurity engineer with the right combination of technical and industry experience will require a comprehensive screening process. This hiring kit from TechRepublic Premium provides a flexible framework your business can use to find, recruit and ultimately hire the right person for the job. From the hiring kit: DETERMINING FACTORS, DESIRABLE PERSONALITY TRAITS.

article thumbnail

The Importance of User Roles and Permissions in Cybersecurity Software

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

article thumbnail

Exchange Online to block emails from vulnerable on-prem servers

Bleeping Computer

Microsoft is introducing a new Exchange Online security feature that will automatically start throttling and eventually block all emails sent from "persistently vulnerable Exchange servers" 90 days after the admins are pinged to secure them. [.

138
138
article thumbnail

Twitter's Source Code Leak on GitHub a Potential Cyber Nightmare

Dark Reading

Indicators point to Twitter's source code being publicly available for around 3 months, offering a developer security object lesson for businesses.

140
140

More Trending

article thumbnail

France bans TikTok, all social media apps from government devices

CSO Magazine

The French government has banned TikTok and all other “recreational apps” from phones issued to its employees. The Minister of Transformation and the Public Service Stanislas Guerini, said in a statement that recreational applications do not have sufficient levels of cybersecurity and data protection to be deployed on government equipment. This prohibition applies immediately and uniformly, although exemptions may be granted on an exceptional basis for professional needs such as the institutiona

article thumbnail

Apple patches everything, including a zero-day fix for iOS 15 users

Naked Security

Got an older iPhone that can't run iOS 16? You've got a zero-day to deal with! That super-cool Studio Display monitor needs patching, too.

140
140
article thumbnail

Twitter takes down source code leaked online, hunts for downloaders

Bleeping Computer

Twitter has taken down internal source code for its platform and tools that was leaked on GitHub for months. Now it's using a subpoena to search for those who leaked and downloaded its code. [.

127
127
article thumbnail

How often should security audits be?

CyberSecurity Insiders

The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. In today’s digital world, it’s no surprise that cyberattacks are becoming more frequent and intense. Enterprises worldwide are trying to defend themselves against attacks such as ransomware, phishing, distributed denial of service and more.

article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

Survey Surfaces Need to Change SecOps Priorities

Security Boulevard

A survey of 250 senior cybersecurity and IT professionals found well over half of respondents (57%) reported that security operations (SecOps) are more chaotic today than two years ago, with 96% planning to reevaluate their priorities. Conducted by Enterprise Strategy Group on behalf of Anvilogic, a provider of a platform for automating threat detection, the.

article thumbnail

Best practices for protecting AWS RDS and other cloud databases

CSO Magazine

It’s no surprise that organizations are increasingly using cloud-native services, including for data storage. Cloud storage offers tremendous benefits such as replication, geographic resiliency, and the potential for cost-reduction and improved efficiency. The Amazon Web Services (AWS) Relational Database Service (RDS) is one of the most popular cloud database and storage services.

article thumbnail

Microsoft assigns CVE to Snipping Tool bug, pushes patch to Store

Naked Security

Microsoft says "successful exploitation requires uncommon user interaction", but it's the innocent and accidental leakage of private data you should be concerned about.

117
117
article thumbnail

Manage Open Source Risk With Improved Malware Detection

Security Boulevard

Malware targeting developers is a major concern that the industry is struggling to catch up with. We know open source software supply chain attacks are a problem with an estimated 700% increase in 2022. Gartner suggests that in the next two years “60% of organizations will use cybersecurity risk as a primary determinant in conducting third-party transactions and business engagements ( source ).

Risk 112
article thumbnail

Cybersecurity Predictions for 2024

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

article thumbnail

Researchers warn of two new variants of potent IcedID malware loader

CSO Magazine

Security researchers have seen attack campaigns using two new variants of IcedID, a banking Trojan program that has been used to deliver ransomware in recent years. The two new variants, one of which appears to be connected to the Emotet botnet, are lighter compared to the standard one because certain functionality has been stripped. "It is likely a cluster of threat actors is using modified variants to pivot the malware away from typical banking Trojan and banking fraud activity to focus on pay

Malware 109
article thumbnail

Zoom Taps Okta to Bring Zero-Trust Cybersecurity to Videoconferences

Security Boulevard

Okta and Zoom today announced an integration through which cybersecurity administrators will be able to centrally manage end-to-end encryption across the Zoom videoconferencing platform. The Okta Authentication for End-to-End Encryption (E2EE) makes use of the Okta identity and access management platform to authenticate an attendee’s identity via email to enable organizations to ensure zero-trust policies.

article thumbnail

Part of Twitter source code leaked on GitHub

CSO Magazine

Part of Twitter’s source code has been leaked and posted on GitHub by an unknown user. GitHub took down the post after the social media platform requested it to do so on Friday. Twitter has also filed a case in the US District Court for the Northern District of California seeking to order GitHub to identify the person who shared the code and any other individuals who downloaded it, according to The New York Times.

Media 109
article thumbnail

Streaming Services and Cybersecurity

Security Boulevard

The popularity of streaming platforms and apps have exploded in recent years. Streaming services have now become the norm, rather than the exception, as more households “cut the cord” with their cable providers. Streaming services provide almost an endless array of content that cater to the preferences of their viewers. The rapid growth of streaming […] The post Streaming Services and Cybersecurity appeared first on Security Boulevard.

article thumbnail

Beware of Pixels & Trackers on U.S. Healthcare Websites

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

article thumbnail

Biden administration seeks to tamp down the spyware market with a new ban

CSO Magazine

In a significant signal to spyware vendors, the Biden administration issued an executive order (EO) prohibiting federal government agencies from using commercial spyware "that poses significant counterintelligence or security risks to the United States Government." The spyware covered by the EO is predominately malware designed to track and collect data from mobile phones that can be easily installed by one or several clicks on specially crafted links.

Spyware 106
article thumbnail

Business Email Compromise Threats Soar Past Phishing Risks

Security Boulevard

The risk of business email compromise (BEC) is increasing annually and is estimated to be twice as severe as the overall threat of phishing, according to an Osterman Research/IronScales survey of 249 U.S.-based IT and security professionals. In the past 12 months, more than 93% of organizations encountered one or multiple forms of BEC attacks, The post Business Email Compromise Threats Soar Past Phishing Risks appeared first on Security Boulevard.

Phishing 104
article thumbnail

5 Common Hotel Scams and How to Avoid Them

Identity IQ

5 Common Hotel Scams and How to Avoid Them IdentityIQ Staying at a hotel should be an enjoyable experience. But unfortunately, there are many scams out there that can make it a nightmare. To help protect your personal information and money, it is important to be aware of the most common hotel scams and how to help avoid them. 5 Common Hotel Scams Hotels are a popular target for scammers due to the high volume of guests and transactions that take place.

Scams 101
article thumbnail

GUEST ESSAY — The rationale for pursuing a culture of cybersecurity– and a roadmap to get there

Security Boulevard

Organizations with strong cybersecurity cultures experience fewer cyberattacks and recover faster than others. Related: Deploying human sensors This results from emulating the culture building approaches of high-risk industries like construction that devote sustained attention to embedding safety throughout the organization.… (more…) The post GUEST ESSAY — The rationale for pursuing a culture of cybersecurity– and a roadmap to get there appeared first on Security Boulevard.

article thumbnail

5 Key Findings From the 2023 FBI Internet Crime Report

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

article thumbnail

Request for Comments: PCI TSP Security Requirements

PCI perspectives

From 27 March to 27 April 2023, eligible stakeholders are invited to review and provide feedback on the PCI Token Service Provider (TSP) Security Requirements v1.0 during a 30-day request for comments (RFC) period.

100
100
article thumbnail

New MacStealer macOS Malware Steals iCloud Keychain Data and Passwords

The Hacker News

A new information-stealing malware has set its sights on Apple's macOS operating system to siphon sensitive information from compromised devices. Dubbed MacStealer, it's the latest example of a threat that uses Telegram as a command-and-control (C2) platform to exfiltrate data. It primarily affects devices running macOS versions Catalina and later running on M1 and M2 CPUs.

Malware 100
article thumbnail

How scammers employ IPFS for email phishing

SecureList

The idea of creating Web 3.0 has been around since the end of 2000s. The new version of the world wide web should repair the weak points of Web 2.0., some of which are: featureless content, prevalence of proprietary solutions, and lack of safety in a centralized user data storage environment, where a massive leak is likely should just one server be compromised.

Phishing 100
article thumbnail

Women in Cybersecurity – History to Today

CyberSecurity Insiders

This March, Women’s History Month, we shared the legacy of Grace Hopper and her trailblazing innovations in software development and computing, highlighted the must-watch webinars by in cybersecurity and met with cyber newcomer and (ISC)² Candidate Nidhi Kannoujia on the (ISC)² Blog. We also asked a group of volunteer members to share their experiences working in cyber and to offer some insights into their careers so far, along with their aspirations.

article thumbnail

Software Composition Analysis: The New Armor for Your Cybersecurity

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

article thumbnail

Best Practices for Lean Teams to Improve Application Security Maturity

Security Boulevard

Lean teams aid the success of application development projects. Here are five practices that will help your lean teams improve their application security maturity status, identify vulnerabilities, and learn how to fix them. The post Best Practices for Lean Teams to Improve Application Security Maturity appeared first on GuardRails. The post Best Practices for Lean Teams to Improve Application Security Maturity appeared first on Security Boulevard.

98
article thumbnail

Apple fixes recently disclosed WebKit zero-day on older iPhones

Bleeping Computer

Apple has released security updates to backport patches released last month, addressing an actively exploited zero-day bug for older iPhones and iPads. [.

108
108
article thumbnail

BrandPost: The convergence of IT and OT and its impact on growing infrastructure risks

CSO Magazine

Internet-of-Things (IoT) and Operational Technology (OT) devices represent a rapidly expanding, often unchecked risk surface that is largely driven by the technology’s pervasiveness, vulnerability, and cloud connectivity. This has left a wider array of industries and organizations vulnerable and opened the door for damaging infrastructure attacks. OT systems include almost everything supporting physical operations, spanning dozens of vertical industries.

Risk 97
article thumbnail

New IcedID variants shift from bank fraud to malware delivery

Bleeping Computer

New IcedID variants have been found without the usual online banking fraud functionality and instead focus on installing further malware on compromised systems. [.

Banking 109
article thumbnail

From Complexity to Clarity: Strategies for Effective Compliance and Security Measures

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.