The Last Watchdog

MARCH 27, 2023

Organizations with strong cybersecurity cultures experience fewer cyberattacks and recover faster than others. Related: Deploying human sensors This results from emulating the culture building approaches of high-risk industries like construction that devote sustained attention to embedding safety throughout the organization. For most organizations, building a cybersecurity culture is a necessary evil rather than a cherished goal.

Cybersecurity 180

Cybersecurity Data breaches Software Risk 180

Tech Republic Security

MARCH 27, 2023

GitHub wants you to protect your account with the right type of authentication. The post How to secure your GitHub account with two-factor authentication appeared first on TechRepublic.

Authentication 142

Authentication Accountability Cybersecurity 142

Bleeping Computer

MARCH 27, 2023

Microsoft is introducing a new Exchange Online security feature that will automatically start throttling and eventually block all emails sent from "persistently vulnerable Exchange servers" 90 days after the admins are pinged to secure them. [.

139

139

Tech Republic Security

MARCH 27, 2023

PURPOSE Recruiting a cybersecurity engineer with the right combination of technical and industry experience will require a comprehensive screening process. This hiring kit from TechRepublic Premium provides a flexible framework your business can use to find, recruit and ultimately hire the right person for the job. From the hiring kit: DETERMINING FACTORS, DESIRABLE PERSONALITY TRAITS.

Engineering 130

Engineering Cybersecurity 130

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Bleeping Computer

MARCH 27, 2023

A new info-stealing malware named MacStealer is targeting Mac users, stealing their credentials stored in the iCloud KeyChain and web browsers, cryptocurrency wallets, and potentially sensitive files. [.

Malware 138

Malware Passwords Cryptocurrency 138

Dark Reading

MARCH 27, 2023

Indicators point to Twitter's source code being publicly available for around 3 months, offering a developer security object lesson for businesses.

140

140

CyberSecurity Insiders

MARCH 27, 2023

Twitter issued a public statement stating that parts of its source code were leaked on GitHub and that its officials were trying their best to file a DMCA to take down the leaked content from the web and identify the user who submitted the content to the web-based software development platform. The leaked information includes proprietary source code of the social media platform’s internal tools, and the staff are busy tracing out the culprit.

Media 124

Media Software Cybersecurity 124

CSO Magazine

MARCH 27, 2023

The French government has banned TikTok and all other “recreational apps” from phones issued to its employees. The Minister of Transformation and the Public Service Stanislas Guerini, said in a statement that recreational applications do not have sufficient levels of cybersecurity and data protection to be deployed on government equipment. This prohibition applies immediately and uniformly, although exemptions may be granted on an exceptional basis for professional needs such as the institutiona

Government 123

Government Media Cybersecurity 123

Naked Security

MARCH 27, 2023

Got an older iPhone that can't run iOS 16? You've got a zero-day to deal with! That super-cool Studio Display monitor needs patching, too.

140

140

Security Boulevard

MARCH 27, 2023

A survey of 250 senior cybersecurity and IT professionals found well over half of respondents (57%) reported that security operations (SecOps) are more chaotic today than two years ago, with 96% planning to reevaluate their priorities. Conducted by Enterprise Strategy Group on behalf of Anvilogic, a provider of a platform for automating threat detection, the.

Threat Detection 121

Threat Detection Cybersecurity CISO Network Security 121

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

CyberSecurity Insiders

MARCH 27, 2023

The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. In today’s digital world, it’s no surprise that cyberattacks are becoming more frequent and intense. Enterprises worldwide are trying to defend themselves against attacks such as ransomware, phishing, distributed denial of service and more.

Artificial Intelligence 121

Artificial Intelligence Cybersecurity Phishing Risk 121

CSO Magazine

MARCH 27, 2023

It’s no surprise that organizations are increasingly using cloud-native services, including for data storage. Cloud storage offers tremendous benefits such as replication, geographic resiliency, and the potential for cost-reduction and improved efficiency. The Amazon Web Services (AWS) Relational Database Service (RDS) is one of the most popular cloud database and storage services.

Architecture 117

Architecture 117

Naked Security

MARCH 27, 2023

Microsoft says "successful exploitation requires uncommon user interaction", but it's the innocent and accidental leakage of private data you should be concerned about.

117

117

Security Boulevard

MARCH 27, 2023

Malware targeting developers is a major concern that the industry is struggling to catch up with. We know open source software supply chain attacks are a problem with an estimated 700% increase in 2022. Gartner suggests that in the next two years “60% of organizations will use cybersecurity risk as a primary determinant in conducting third-party transactions and business engagements ( source ).

Risk 114

Risk Malware Software Cybersecurity 114

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

CSO Magazine

MARCH 27, 2023

Security researchers have seen attack campaigns using two new variants of IcedID, a banking Trojan program that has been used to deliver ransomware in recent years. The two new variants, one of which appears to be connected to the Emotet botnet, are lighter compared to the standard one because certain functionality has been stripped. "It is likely a cluster of threat actors is using modified variants to pivot the malware away from typical banking Trojan and banking fraud activity to focus on pay

Malware 109

Malware Banking Ransomware 109

Security Boulevard

MARCH 27, 2023

Okta and Zoom today announced an integration through which cybersecurity administrators will be able to centrally manage end-to-end encryption across the Zoom videoconferencing platform. The Okta Authentication for End-to-End Encryption (E2EE) makes use of the Okta identity and access management platform to authenticate an attendee’s identity via email to enable organizations to ensure zero-trust policies.

Cybersecurity 111

Cybersecurity Encryption Authentication Social Engineering 111

CSO Magazine

MARCH 27, 2023

Part of Twitter’s source code has been leaked and posted on GitHub by an unknown user. GitHub took down the post after the social media platform requested it to do so on Friday. Twitter has also filed a case in the US District Court for the Northern District of California seeking to order GitHub to identify the person who shared the code and any other individuals who downloaded it, according to The New York Times.

Media 109

Media 109

Security Boulevard

MARCH 27, 2023

The popularity of streaming platforms and apps have exploded in recent years. Streaming services have now become the norm, rather than the exception, as more households “cut the cord” with their cable providers. Streaming services provide almost an endless array of content that cater to the preferences of their viewers. The rapid growth of streaming […] The post Streaming Services and Cybersecurity appeared first on Security Boulevard.

Cybersecurity 109

Cybersecurity Account Security Accountability 109

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

CSO Magazine

MARCH 27, 2023

In a significant signal to spyware vendors, the Biden administration issued an executive order (EO) prohibiting federal government agencies from using commercial spyware "that poses significant counterintelligence or security risks to the United States Government." The spyware covered by the EO is predominately malware designed to track and collect data from mobile phones that can be easily installed by one or several clicks on specially crafted links.

Spyware 106

Spyware Marketing Mobile Government 106

Security Boulevard

MARCH 27, 2023

The risk of business email compromise (BEC) is increasing annually and is estimated to be twice as severe as the overall threat of phishing, according to an Osterman Research/IronScales survey of 249 U.S.-based IT and security professionals. In the past 12 months, more than 93% of organizations encountered one or multiple forms of BEC attacks, The post Business Email Compromise Threats Soar Past Phishing Risks appeared first on Security Boulevard.

Phishing 105

Phishing Risk Cybersecurity 105

Bleeping Computer

MARCH 27, 2023

New IcedID variants have been found without the usual online banking fraud functionality and instead focus on installing further malware on compromised systems. [.

Banking 109

Banking Malware 109

Security Boulevard

MARCH 27, 2023

Organizations with strong cybersecurity cultures experience fewer cyberattacks and recover faster than others. Related: Deploying human sensors This results from emulating the culture building approaches of high-risk industries like construction that devote sustained attention to embedding safety throughout the organization.… (more…) The post GUEST ESSAY — The rationale for pursuing a culture of cybersecurity– and a roadmap to get there appeared first on Security Boulevard.

Cybersecurity 103

Cybersecurity Risk Security Awareness 103

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

Identity IQ

MARCH 27, 2023

5 Common Hotel Scams and How to Avoid Them IdentityIQ Staying at a hotel should be an enjoyable experience. But unfortunately, there are many scams out there that can make it a nightmare. To help protect your personal information and money, it is important to be aware of the most common hotel scams and how to help avoid them. 5 Common Hotel Scams Hotels are a popular target for scammers due to the high volume of guests and transactions that take place.

Scams 94

Scams Identity Theft Wireless Antivirus 94

The Hacker News

MARCH 27, 2023

A new information-stealing malware has set its sights on Apple's macOS operating system to siphon sensitive information from compromised devices. Dubbed MacStealer, it's the latest example of a threat that uses Telegram as a command-and-control (C2) platform to exfiltrate data. It primarily affects devices running macOS versions Catalina and later running on M1 and M2 CPUs.

Malware 101

Malware Passwords 101

PCI perspectives

MARCH 27, 2023

From 27 March to 27 April 2023, eligible stakeholders are invited to review and provide feedback on the PCI Token Service Provider (TSP) Security Requirements v1.0 during a 30-day request for comments (RFC) period.

100

100

SecureList

MARCH 27, 2023

The idea of creating Web 3.0 has been around since the end of 2000s. The new version of the world wide web should repair the weak points of Web 2.0., some of which are: featureless content, prevalence of proprietary solutions, and lack of safety in a centralized user data storage environment, where a massive leak is likely should just one server be compromised.

Phishing 100

Phishing Technology Internet Internet 100

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Bleeping Computer

MARCH 27, 2023

Apple has released security updates to backport patches released last month, addressing an actively exploited zero-day bug for older iPhones and iPads. [.

108

108

Graham Cluley

MARCH 27, 2023

Graham Cluley Security News is sponsored this week by the folks at Kolide. Thanks to the great team there for their support! Right now, “Zero Trust” is in serious danger of becoming an empty buzzword. The problem isn’t just that marketers have slapped the Zero Trust label on everything short of breakfast cereal–it’s that for … Continue reading "Can zero trust be saved?

Marketing 99

Marketing 99

CyberSecurity Insiders

MARCH 27, 2023

This March, Women’s History Month, we shared the legacy of Grace Hopper and her trailblazing innovations in software development and computing, highlighted the must-watch webinars by in cybersecurity and met with cyber newcomer and (ISC)² Candidate Nidhi Kannoujia on the (ISC)² Blog. We also asked a group of volunteer members to share their experiences working in cyber and to offer some insights into their careers so far, along with their aspirations.

Cybersecurity 99

Cybersecurity Education Accountability Marketing 99

The Hacker News

MARCH 27, 2023

Apple on Monday backported fixes for an actively exploited security flaw to older iPhone and iPad models. The issue, tracked as CVE-2023-23529, concerns a type confusion bug in the WebKit browser engine that could lead to arbitrary code execution. It was originally addressed by the tech giant with improved checks as part of updates released on February 13, 2023.

Engineering 98

Engineering 98

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.