Schneier on Security
JANUARY 6, 2023
This group has found a ton of remote vulnerabilities in all sorts of automobiles. It’s enough to make you want to buy a car that is not Internet-connected. Unfortunately, that seems to be impossible.
Tech Republic Security
JANUARY 6, 2023
A spate of zero-day exploits against Twitter, Rackspace and others late last year showed the limits of a cybersecurity workforce under duress, a step behind and understaffed with some 3.4 million vacant seats. The post Recent 2022 cyberattacks presage a rocky 2023 appeared first on TechRepublic.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Schneier on Security
JANUARY 6, 2023
I’m not sure why, but Audiobooks.com is offering the audiobook version of Schneier on Security at 50% off until January 17.
CyberSecurity Insiders
JANUARY 6, 2023
By Tyler Reguly, senior manager, security R&D at cybersecurity software and services provider Fortra. The pandemic ushered in an unprecedented wave of online purchasing, as people around the world became far more comfortable with virtual shopping. In fact, the U.S. Census Bureau’s latest  Annual Retail Trade Survey  reports e-commerce expenditures rose from $571.2 billion in 2019 to $815.4 billion in 2020, a 43% increase.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Security Boulevard
JANUARY 6, 2023
Nearly half (49%) of cybersecurity professionals citied digital business transformation issues as the top factor driving an increase in cybersecurity costs, according to a survey conducted by Dimensional Research on behalf of Deepwatch, a provider of managed detection and response services. The survey of 107 IT security professionals working at organizations with more 1,000 employees.
CyberSecurity Insiders
JANUARY 6, 2023
By Geert van der Linden, EVP & Head of Global Cybersecurity Practice at Capgemini. You might feel like we live in an age of permacrisis. The past year has brought about rising geopolitical tensions, mass digitalization, more hybrid working, and a skilled labor shortage. Adding to these challenges is the new era of almost limitless connectivity, which is changing the way we live and work, all the while causing havoc for cybersecurity teams.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
CyberSecurity Insiders
JANUARY 6, 2023
By Doron Pinhas, Chief Technology Officer, Continuity. 2022 clearly demonstrated that attacks on data represent the greatest cyber-threat organizations face. The attack pace not only continued, it accelerated. Notable data breaches took place at Microsoft, News Corp., the Red Cross, FlexBooker, Cash App, GiveSendGo, and several crypto firms. Many of these attacks took advantage of known vulnerabilities and security misconfigurations in storage and backup systems.
Cisco Security
JANUARY 6, 2023
Speaking to many CISOs, it’s clear that many security executives view zero trust as a journey that can be difficult to start, and one that even makes identifying successful outcomes a challenge. Simultaneously, the topic of security resilience has risen up the C-level agenda and is now another focus for security teams. So, are these complementary?
CyberSecurity Insiders
JANUARY 6, 2023
By Larry Goldman, Senior Manager of Product Marketing, Progress. To this point, many businesses have failed to look at application experience (AX) management holistically, as its own challenge with its own set of distinct––and interlocking––solutions. This oversight has been to their detriment. The fact is that every second of lag time on an online banking app risks alienating the consumer.
Security Boulevard
JANUARY 6, 2023
What’s the greatest cybersecurity threat businesses face today? If you answered ransomware, cryptojacking or phishing–which headlined lists of top cybersecurity risks in recent years–you’re stuck in the past. Although other types of attacks continue to occur, APIs have now become the top attack vector for enterprises to worry about, according to an October 2022 Gartner.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
CyberSecurity Insiders
JANUARY 6, 2023
Richard Bird, Chief Security Officer, Traceable AI. This year will be the year that many business and security leaders will wake up to truly understand the scope of their API security issues. For the past three years, organizations have prioritized flexibility and growth over security and navigating extremely challenging business conditions. They’ve aggregated large data sets and deployed more cloud services to digitize business models, products, and services.
Security Boulevard
JANUARY 6, 2023
Seceon’s comprehensive platform includes more than 15 tools like ai, ml, vulnerability assessment, SIEM, SOAR, UEBA, NBAD, NTA, EDR, TI, but our focus for today is an area that frequently comes up in conversation with customers and partners alike. The post Seceon’s Comprehensive Cybersecurity Platform appeared first on Seceon. The post Seceon’s Comprehensive Cybersecurity Platform appeared first on Security Boulevard.
CSO Magazine
JANUARY 6, 2023
More than a dozen schools in the UK have suffered a cyberattack which has led to highly confidential documents being leaked online by cybercriminals. That’s according to a report from the BBC which claimed that children’s SEN information, child passport scans, staff pay scales and contract details have been stolen by notorious cybercrime group Vice Society, known for disproportionately targeting the education sector with ransomware attacks in the UK and other countries.
Security Boulevard
JANUARY 6, 2023
2023 is in full swing, and we couldn’t be more excited. This past year has been monumental for Swimlane, thanks to our $70 million in growth funding, regional expansion into APJ and META and the launch of our newest solution, Swimane Turbine. It’s one thing to hear about Swimlane’s success from us. What’s more telling of our growth is the. The post 2022 Wrap-Up: A Winning Year for Swimlane appeared first on Security Boulevard.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Dark Reading
JANUARY 6, 2023
The role of artificial intelligence in cybersecurity is growing. A new AI model highlights the opportunities and challenges.
Security Boulevard
JANUARY 6, 2023
Last fall, California drew first blood when it agreed to a $1.2 million settlement with Sephora over the cosmetics company’s violations of the California Consumer Privacy Act (CCPA). Attorney General Rob Bonta announced that the French firm sold consumer data without notification, failed to process opt-out requests and failed to put things right within 30.
CyberSecurity Insiders
JANUARY 6, 2023
In what appears as a serious threat to students from 14 schools based in UK, a hacking group named Vice Society posted about 550 GB of data online belonging to school pupil that includes sensitive info like pupil passport scams, pay scales of staff, their contract details and Children’s Special Educational Needs(SEN) info. It’s believed that the hackers got hold of the data from a ransomware attack that was launched on educational institutions in UK and US last year and as the victims failed to
Bleeping Computer
JANUARY 6, 2023
American fast-food restaurant chain Chick-fil-A is investigating what it described as "suspicious activity" linked to some of its customers' accounts. [.].
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
eSecurity Planet
JANUARY 6, 2023
Rackspace has acknowledged that it was hit by the Play ransomware a month ago in an attack that compromised customers’ Microsoft Exchange accounts. The attackers apparently leveraged a zero-day vulnerability called OWASSRF that was recently analyzed by CrowdStrike. In an interview with the San Antonio Express-News , Rackspace chief product officer John Prewitt said the company hadn’t implemented Microsoft’s November 2022 patches for the ProxyNotShell flaws in Exchange because o
Security Boulevard
JANUARY 6, 2023
Do more with less. That’s not an uncommon catchphrase in business. But the reality is many organizations, especially those in technology and similar industries, haven’t really had to focus much on cost-cutting and savings measures since the financial crisis of 2007. . The post 5 Ways to Increase Security and Compliance Efficiencies in 2023 appeared first on Security Boulevard.
CSO Magazine
JANUARY 6, 2023
Since Elon Musk purchased Twitter in late October, non-stop turmoil and controversy have dogged the company, from massive staff firings and resignations to reputational damage from Musk's careless and often bizarre tweets. Now, mushrooming concern around a possible data breach stemming from a now-fixed Twitter flaw is poised to drive the company further down unless Twitter takes quick action.
Heimadal Security
JANUARY 6, 2023
Blind Eagle, a financially-motivated threat actor previously observed launching operations against organizations in Colombia and Ecuador, has reemerged with a sophisticated toolset and a complex infection chain. The latest findings from Check Point shed light on the group’s methods, such as the employment of upgraded tools and government-themed baits to trigger the kill chain.
Advertisement
The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.
Dark Reading
JANUARY 6, 2023
The Automated Libra group is deploying all components of its campaign in an automated manner via containers, stealing free trial resources for cryptomining, but the threat could get larger.
Security Boulevard
JANUARY 6, 2023
At least 95% of enterprise blockchain projects end in failure. Was yours one of them, or could it be on the same path to failure? The slow death of blockchain consortia has everyone in the industry thinking the worst. When champions of blockchain say, “There’s nothing you can do with a blockchain that you can’t. The post 9 Reasons Blockchain Projects Fail (And How to Succeed) appeared first on Security Boulevard.
Dark Reading
JANUARY 6, 2023
Security vulnerabilities plague automakers, and as vehicles become more connected, a more proactive stance on cybersecurity will be required — alongside regulations.
Bleeping Computer
JANUARY 6, 2023
Microsoft has released a temporary fix for a known issue impacting Windows apps using ODBC database connections after installing the November 2022 Patch Tuesday updates. [.].
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
The Hacker News
JANUARY 6, 2023
A South Africa-based threat actor known as Automated Libra has been observed employing CAPTCHA bypass techniques to create GitHub accounts in a programmatic fashion as part of a freejacking campaign dubbed PURPLEURCHIN.
Bleeping Computer
JANUARY 6, 2023
This week saw a lot of ransomware news, ranging from new extortion tactics, to a ransomware gang giving away a free decryptor after attacking a children's hospital. [.].
Security Affairs
JANUARY 6, 2023
Antivirus firm Bitdefender released a decryptor for the MegaCortex ransomware allowing its victims to restore their data for free. Antivirus firm Bitdefender released a decryptor for the MegaCortex ransomware , which can allow victims of the group to restore their data for free. The MegaCortex ransomware first appeared on the threat landscape in May 2019 when it was spotted by security experts at Sophos.
Bleeping Computer
JANUARY 6, 2023
Threat analysts at AquaSec have experimented with the security of VSCode Marketplace and found that it's surprisingly easy to upload malicious extensions from accounts that appear verified on the platform. [.].
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Expert insights. Personalized for you.
269 
Let's personalize your content