Schneier on Security

JANUARY 10, 2023

I don’t know how much of a thing this will end up being, but we are seeing ChatGPT-written malware in the wild. …within a few weeks of ChatGPT going live, participants in cybercrime forums—­some with little or no coding experience­—were using it to write software and emails that could be used for espionage, ransomware, malicious spam, and other malicious tasks. “It’s still too early to decide whether or not ChatGPT capabilities will become the new favorite tool for

Malware 65

Malware Encryption Cybercrime Passwords 65

Krebs on Security

JANUARY 10, 2023

Microsoft today released updates to fix nearly 100 security flaws in its Windows operating systems and other software. Highlights from the first Patch Tuesday of 2023 include a zero-day vulnerability in Windows, printer software flaws reported by the U.S. National Security Agency , and a critical Microsoft SharePoint Server bug that allows a remote, unauthenticated attacker to make an anonymous connection.

Software 314

Software Encryption Engineering Internet 314

Joseph Steinberg

JANUARY 10, 2023

Cyber Security Expert, Joseph Steinberg, who joined Newsweek’s Expert Forum in 2021, will continue serving as a member of the premier news organization’s council in 2023. In 2021, Newsweek invited Steinberg to join its community of pioneering thinkers and industry leaders, and to provide the news outlet with input related to his various areas of expertise, including cybersecurity, privacy, and artificial intelligence.

Artificial Intelligence 246

Artificial Intelligence CISO Technology Cybersecurity 246

Tech Republic Security

JANUARY 10, 2023

Only 25% of the organizations surveyed by Delinea were hit by ransomware attacks in 2022, but fewer companies are taking proactive steps to prevent such attacks. The post Ransomware attacks are decreasing, but companies remain vulnerable appeared first on TechRepublic.

Ransomware 209

Ransomware 209

Speaker: Erroll Amacker

Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.

Risk

We Live Security

JANUARY 10, 2023

ESET researchers identified an active StrongPity campaign distributing a trojanized version of the Android Telegram app, presented as the Shagle app – a video-chat service that has no app version. The post StrongPity espionage campaign targeting Android users appeared first on WeLiveSecurity.

145

145

Tech Republic Security

JANUARY 10, 2023

When a client’s server goes down or is compromised in a cyberattack, managed service providers (MSPs) need an effective business continuity and disaster recovery (BCDR) solution to restore data and operations quickly, without sacrificing margin. That means industry-leading recovery technology from a vendor that is there to support you, no matter what.

Technology 146

Technology Digital transformation Software 146

Bleeping Computer

JANUARY 10, 2023

​Today is Microsoft's January 2023 Patch Tuesday, and with it comes fixes for an actively exploited zero-day vulnerability and a total of 98 flaws. [.].

140

140

Cisco Security

JANUARY 10, 2023

As the majority of the global Covid fog finally started lifting in 2022, other events – and their associated risks – started to fill the headspace of C-level execs the world over. In my role, I regularly engage with CISOs in all kinds of sectors, representatives at industry bodies, and experts at analyst houses. This gives me an invaluable macroview not only of how the last 12 months have affected organizations and what CISOs are thinking about, but also how the upcoming year is shaping up.

CISO 142

CISO Insurance Cyber Insurance Phishing 142

Naked Security

JANUARY 10, 2023

Get 'em while they're hot. And get 'em for the very last time, if you still have Windows 7 or 8.1.

Malware 133

Malware 133

Security Boulevard

JANUARY 10, 2023

As APIs are increasingly used in app development, it should come as no surprise that threat actors have turned them into attack vectors. In fact, Gartner predicted that APIs would become the top attack vector in 2022, stating, “Unmanaged and unsecured APIs are easy targets for attacks, increasing vulnerability to security and privacy incidents.” Other.

Malware 131

Malware Cybersecurity 131

Advertisement

Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.

Cyber threats

Naked Security

JANUARY 10, 2023

It's remotely triggerable, but attackers would already have pretty deep network access if they could "prime" your server for compromise.

124

124

Security Boulevard

JANUARY 10, 2023

Following a security incident, CircleCI has completed the process of rotating GitHub OAuth tokens for their customers. CircleCI said Saturday that while customers could still rotate their own tokens, it has “confidence in the security of the CircleCI platform, and customers can continue to build.” The platform first sent out an alert on January 4, The post CircleCI Rotates GitHub 0Auth Tokens After Security Incident appeared first on Security Boulevard.

Risk 131

Risk Government Cybersecurity 131

SecureBlitz

JANUARY 10, 2023

We have seen lots of news about blockchain, NFT, and Metaverse over the past few years. These technologies took the tech world almost immediately, burning new opportunities for all groups of people. While blockchain has long been here and NFTs are popular as well, Metaverse is a new trend in the tech world. However, Metaverse […]. The post Why NFTs & Blockchain Are Important In Metaverse?

Technology 121

Technology Cybersecurity Cryptocurrency 121

eSecurity Planet

JANUARY 10, 2023

In a paper published late last month, 24 Chinese researchers suggested that RSA-2048 encryption could be broken using a quantum computer with 372 physical quantum bits. Cryptographer Bruce Schneier drew attention to the paper [PDF] last week in a blog post , noting that IBM recently announced a 433-qubit quantum computer, far exceeding the researchers’ stated requirements. “This is something to take seriously,” Schneier wrote. “It might not be correct, but it’s not

Encryption 120

Encryption Software Cybersecurity Network Security 120

Advertisement

The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.

Cybersecurity

Security Boulevard

JANUARY 10, 2023

With the start of a new year, LogRhythm is announcing our 2023 cybersecurity predictions! This is a tradition at LogRhythm, as each year our executives reveal cyber threats organizations across the globe may potentially face. Looking back at our 2022…. The post 2023 Cybersecurity Predictions appeared first on LogRhythm. The post 2023 Cybersecurity Predictions appeared first on Security Boulevard.

Cybersecurity 119

Cybersecurity Cyber threats Network Security 119

Bleeping Computer

JANUARY 10, 2023

Researchers at the universities of California, Virginia, and Microsoft have devised a new poisoning attack that could trick AI-based coding assistants into suggesting dangerous code. [.].

Technology 117

Technology 117

CSO Magazine

JANUARY 10, 2023

[Editor's note: This article originally appeared on the Le Monde Informatique website.] More than 10,000 beneficiaries of a local branch of the French social security agency CAF, or Family Allowance Fund, saw their data exposed for about 18 months, after a file containing personal information was sent to a service provider. The mistake, discovered by France Info — Radio France's news and investigation service — just before the year-end holidays, could hit the CAF hard.

109

109

CyberSecurity Insiders

JANUARY 10, 2023

The discussion of cyber security has grown beyond the IT department and now includes the entire C-suite as well as the Board. As the number of attacks has increased and the stakes grow regarding penalties and reputation, it has become a top issue for businesses of all sizes. Increased vulnerability is causing headaches and expenses due to numerous societal shifts – whether it’s the proliferation of the internet of things (IoT) in every aspect of business and society, or the widespread adoption

Cybersecurity 108

Cybersecurity Identity Theft Cyber Insurance IoT 108

Speaker: Sierre Lindgren

Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.

Scams

The Hacker News

JANUARY 10, 2023

A high-severity security flaw has been disclosed in the open source jsonwebtoken (JWT) library that, if successfully exploited, could lead to remote code execution on a target server.

108

108

Quick Heal Antivirus

JANUARY 10, 2023

Quick Heal products are fully compatible with Microsoft’s latest feature update - Windows 10 2022. Quick Heal has ensured that your cyber security solution is up to speed and fully compatible with this feature update. Find out how you can enjoy a secure digital experience even with the latest OS update. The post Quick Heal Supports Windows 10 Version 22H2 appeared first on Quick Heal Blog | Latest computer security news, tips, and advice.

105

105

SecureBlitz

JANUARY 10, 2023

Here, I’ll show you why digital resilience is key. Over the past decade, the world has witnessed massive digital transformation, with more connected devices, more system interdependence from business ecosystems, and an even greater reliance on the internet for critical communications. Many employees increasingly can work from anywhere via mobile and home office based devices, […].

Digital transformation 105

Digital transformation Mobile Internet Internet 105

Security Boulevard

JANUARY 10, 2023

A report published today by secure access service edge (SASE) platform provider Netskope identified more than 400 distinct cloud applications that delivered malware in 2022. The report found that 30% of all cloud malware downloads in 2022 originated from the Microsoft OneDrive service. Ray Canzanese, threat research director for Netskope said rather than building command-and-control.

Malware 105

Malware Cybersecurity 105

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

The Hacker News

JANUARY 10, 2023

The advanced persistent threat (APT) group known as StrongPity has targeted Android users with a trojanized version of the Telegram app through a fake website that impersonates a video chat service called Shagle. "A copycat website, mimicking the Shagle service, is used to distribute StrongPity's mobile backdoor app," ESET malware researcher Lukáš Štefanko said in a technical report.

Mobile 101

Mobile Malware 101

Security Boulevard

JANUARY 10, 2023

A man-made or natural disaster can happen at any time, potentially putting your business in jeopardy. This is why it is imperative to ensure that your digital assets are backed up and safe so they can be recovered should a major event occur. This is made easier by migrating to a cloud-based solution, allowing you. The post 7 Key Benefits of a Cloud Disaster Recovery Strategy appeared first on Security Boulevard.

Backups 105

Backups Cybersecurity 105

Identity IQ

JANUARY 10, 2023

Top 10 IdentityIQ Blog Posts of 2022. IdentityIQ. With a final look back at 2022, we’re rounding up the most searched and visited blog posts from last year. Our most popular topics were primarily concerned with identifying and preventing different types of identity theft and scams. Our readers were interested in topics that covered how criminals can steal their money, access their personal data or take over their accounts or devices.

Identity Theft 100

Identity Theft Scams Education Antivirus 100

Bleeping Computer

JANUARY 10, 2023

Microsoft has published the Windows 10 KB5022282 and KB5022286 cumulative updates for versions 22H2, version 21H2, version 21H1, and 1809 to fix security vulnerabilities and resolve known bugs. [.].

99

99

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

The Hacker News

JANUARY 10, 2023

A comprehensive analysis of the cryptographic protocols used in the Swiss encrypted messaging application Threema has revealed a number of loopholes that could be exploited to break authentication protections and even recover users' private keys. The seven attacks span three different threat models, according to ETH Zurich researchers Kenneth G.

Encryption 99

Encryption Authentication 99

Dark Reading

JANUARY 10, 2023

The cryptomining malware, which typically targets Linux, is exploiting weaknesses in an open source container tool for initial access to cloud environments.

Malware 99

Malware 99

Bleeping Computer

JANUARY 10, 2023

The StrongPity APT hacking group is distributing a fake Shagle chat app that is a trojanized version of the Telegram for Android app with an added backdoor. [.].

Hacking 98

Hacking Mobile 98

Security Affairs

JANUARY 10, 2023

Zoom addressed four “high” severity vulnerabilities impacting its popular videoconferencing software Zoom Rooms. Zoom addressed four “high” severity vulnerabilities impacting its videoconferencing platform Zoom Rooms. Below are the details for the bugs addressed by the company: CVE-2022-36930 (CVSS Score 8.2) – Local Privilege Escalation in Rooms for Windows Installers.

Hacking 98

Hacking Technology Software Information Security 98

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!