Mon.Sep 04, 2023

article thumbnail

Securing Linux Policy

Tech Republic Security

Linux is a powerful and customizable operating system that has been the backbone of many businesses for decades. This policy from TechRepublic Premium provides guidelines for securing Linux on company computers and computers used to conduct company business. It assumes administrative knowledge of Linux servers and/or workstation environments. From the policy: DEVELOP TEMPLATES BASED ON.

178
178
article thumbnail

X will collect biometric data from its premium users

Security Affairs

The social media site X announced that it will collect premium users’ biometric data for security and identification purposes. The social media platform X (formerly known as Twitter) has updated its privacy policy informing its premium users that the company will collect their biometric data to curb fraud and prevent impersonation. Bloomberg first reported the news and confirmed that the change will only impact premium users.

Media 144
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

X (Twitter) to Collect Biometric Data from Premium Users to Combat Impersonation

The Hacker News

X, the social media site formerly known as Twitter, has updated its privacy policy to collect users’ biometric data to tackle fraud and impersonation on the platform. “Based on your consent, we may collect and use your biometric information for safety, security, and identification purposes,” the company said. The revised policy is expected to go into effect on September 29, 2023.

Media 143
article thumbnail

University of Sydney suffered a security breach caused by a third-party service provider

Security Affairs

The University of Sydney (USYD) suffered a security breach caused by a third-party service provider that exposed personal information of recent applicants. The University of Sydney (USYD) announced that a data breach suffered by a third-party service provider exposed the personal information of recently applied and enrolled international applicants.

article thumbnail

How to Avoid Pitfalls In Automation: Keep Humans In the Loop

Speaker: Erroll Amacker

Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.

article thumbnail

Hackers Exploit MinIO Storage System Vulnerabilities to Compromise Servers

The Hacker News

An unknown threat actor has been observed weaponizing high-severity security flaws in the MinIO high-performance object storage system to achieve unauthorized code execution on affected servers. Cybersecurity and incident response firm Security Joes said the intrusion leveraged a publicly available exploit chain to backdoor the MinIO instance. The comprises CVE-2023-28432 (CVSS score: 7.

article thumbnail

Cybercrime will cost Germany $224 billion in 2023

Security Affairs

Cybercrime will cost Germany 206 billion euros ($224 billion) in 2023, German digital association Bitkom told Reuters. According to the German digital association Bitkom, cybercrime will have a worrisome impact on the economy of the state in 2023. Bitkom estimated that cybercriminal activities, such as fraud, cyber espionage, the theft of intellectual property, sabotage, and extortion will cost Germany 206 billion euros ($224 billion) in 2023.

LifeWorks

More Trending

article thumbnail

“Smishing Triad” Targeted USPS and US Citizens for Data Theft

Security Affairs

Resecurity has identified a large-scale smishing campaign, tracked as Smishing Triad, targeting the US Citizens. Earlier episodes have revealed victims from the U.K., Poland, Sweden, Italy, Indonesia, Japan and other countries – the group was impersonating the Royal Mail, New Zealand Postal Service (NZPOST), Correos (Spain), Postnord, Poste Italiane and the Italian Revenue Service (Agenzia delle Entrate).

article thumbnail

Everything You Wanted to Know About AI Security but Were Afraid to Ask

The Hacker News

There’s been a great deal of AI hype recently, but that doesn’t mean the robots are here to replace us. This article sets the record straight and explains how businesses should approach AI. From musing about self-driving cars to fearing AI bots that could destroy the world, there has been a great deal of AI hype in the past few years.

134
134
article thumbnail

Publicly available Evil_MinIO exploit used in attacks on MinIO Storage Systems

Security Affairs

A threat actor was spotted exploiting MinIO storage system vulnerabilities to execute arbitrary code on affected servers. Security Joes researchers have observed an unknown threat actor using a publicly available exploit chain for vulnerabilities in the MinIO Object Storage system to achieve arbitrary code execution on vulnerable servers. Object Storage is a data storage architecture for storing unstructured data into units called “objects” and storing them in a structurally flat dat

article thumbnail

Password-stealing Chrome extension smuggled on to Web Store

Malwarebytes

Researchers at the University of Wisconsin–Madison have demonstrated that Chrome browser extensions can steal passwords from the text input fields in websites, even if the extension is compliant with Chrome's latest security and privacy standard, Manifest V3. To prove it, they created a proof of concept browser extension that could steal passwords and put it through the Chrome Web Store review process.

Passwords 124
article thumbnail

Why Giant Content Libraries Do Nothing for Your Employees’ Cyber Resilience

Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.

article thumbnail

Analyzing a Facebook Profile Stealer Written in Node.js

Trend Micro

We analyze an information stealer written in Node.js, packaged into an executable, exfiltrated stolen data via both Telegram bot API and a C&C server, and employed GraphQL as a channel for C&C communication.

Phishing 124
article thumbnail

Okta: Hackers target IT help desks to gain Super Admin, disable MFA

Bleeping Computer

Identity and access management company Okta released a warning about social engineering attacks targeting IT service desk agents at U.S.-based customers in an attempt to trick them into resetting multi-factor authentication (MFA) for high-privileged users. [.

article thumbnail

Risk Management Framework Steps and Best Practices

Security Boulevard

The Risk Management Framework is a process that assists organizations in identifying, evaluating, and mitigating potential risks. The post Risk Management Framework Steps and Best Practices appeared first on Scytale. The post Risk Management Framework Steps and Best Practices appeared first on Security Boulevard.

Risk 111
article thumbnail

7 Key MXDR Benefits

Heimadal Security

Protecting businesses has gotten increasingly difficult today. The sophistication of cyberattacks, the growth of distributed workforces, and the increased reliance on third-party providers have greatly expanded the attack surface, making it more complex than ever. In order to minimize the impact of a security event, proactive detection and coordinated response are essential.

105
105
article thumbnail

Zero Trust Mandate: The Realities, Requirements and Roadmap

The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.

article thumbnail

Insurer fined $3M for exposing data of 650k clients for two years

Bleeping Computer

The Swedish Authority for Privacy Protection (IMY) has fined Trygg-Hansa 35 million Swedish krona ($3,000,000) for exposing the sensitive data of hundreds of thousands of customers on its online portal. [.

Insurance 104
article thumbnail

8 Container Security Best Practices & Tips

eSecurity Planet

Many modern enterprises and service-driven companies run their digital operations in container environments, making it easier to set up distinct permissions, workflows, and rules for each microservice and set of applications they’re running. This modern infrastructure choice brings numerous advantages to operational workflows, but without the appropriate security policies and tools in place, it can also open the door to new security vulnerabilities and attack vectors.

article thumbnail

Freecycle confirms massive data breach impacting 7 million users

Bleeping Computer

Freecycle, an online forum dedicated to exchanging used items rather than trashing them, confirmed a massive data breach that affected more than 7 million users. [.

article thumbnail

A Personal Story of Recovering from Identity Theft

SecureWorld News

My wife and I decided to do some car shopping. Nothing new, but something newer than our 2018 Kia Sportage that would provide better gas mileage as she finishes year one of a new outside sales job that requires travel throughout the great Northwest territory, including Washington, Idaho, and our home state of Oregon. We researched hybrids and all-electric models, but before the daunting task of visiting auto dealerships, I thought I'd reach out to my credit union to see what kind of financing de

article thumbnail

Next-Level Fraud Prevention: Strategies for Today’s Threat Landscape

Speaker: Sierre Lindgren

Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.

article thumbnail

Hackers exploit MinIO storage system to breach corporate networks

Bleeping Computer

Hackers are exploiting two recent MinIO vulnerabilities to breach object storage systems and access private information, execute arbitrary code, and potentially take over servers. [.

102
102
article thumbnail

Meta Takes Down Thousands of Accounts Involved in Disinformation Ops from China and Russia

The Hacker News

Meta has disclosed that it disrupted two of the largest known covert influence operations in the world from China and Russia, blocking thousands of accounts and pages across its platform.

article thumbnail

Getting off the hook: 10 steps to take after clicking on a phishing link

We Live Security

Phishing emails are a weapon of choice for criminals intent on stealing people’s personal data and planting malware on their devices. The healing process does not end with antivirus scanning.

article thumbnail

Why Is MDR Better Than EDR: Enhancing Cybersecurity in the Modern World

Heimadal Security

Cybersecurity has become a paramount concern for businesses and organizations in today’s interconnected world. The rise of sophisticated cyber threats and the increasing complexity of IT environments have made it crucial for companies to invest in robust security solutions. Managed Detection and Response (MDR) and Endpoint Detection and Response (EDR) have emerged as key players […] The post Why Is MDR Better Than EDR: Enhancing Cybersecurity in the Modern World appeared first on He

article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Realism Reigns on AI at Black Hat and DEF CON

Dark Reading

Realistic expectations and caution began to replace wonder and confusion for generative AI at the recent security industry gatherings.

98
article thumbnail

Deep Instinct takes a prevention-first approach to stopping ransomware and other malware using deep learning

Graham Cluley

Graham Cluley Security News is sponsored this week by the folks at Deep Instinct. Thanks to the great team there for their support! Deep Instinct protects the data of the world’s largest brands by delivering on the promise of threat prevention with the only cybersecurity platform fully powered by Deep Learning.

Malware 97
article thumbnail

German financial agency site disrupted by DDoS attack since Friday

Bleeping Computer

The German Federal Financial Supervisory Authority (BaFin) announced today that an ongoing distributed denial-of-service (DDoS) attack has been impacting its website since Friday. [.

DDOS 91
article thumbnail

How to get a handle on shadow AI

InfoWorld on Security

CIOs and CISOs have long grappled with the challenge of shadow IT—technology that is being used within an enterprise but that is not officially sanctioned by the IT or security department. According to Gartner research , 41% of employees acquired, modified, or created technology outside of IT’s visibility in 2022, and that number was expected to climb to 75% by 2027.

CISO 85
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Facing Third-Party Threats With Non-Employee Risk Management

Dark Reading

As businesses continue to grapple with third-party threats, a revamped approach to non-employee risk management can help limit their potential exposure.

Risk 85
article thumbnail

Passwords vs. Passkeys: The State of Passkeys on User Endpoints

Duo's Security Blog

These days, users connect to company resources through a variety of endpoints: desktops, laptops, mobile phones, tablets, wearables…the list goes on. And when it comes to managing access for this plethora of devices, password security just isn’t cutting it anymore. That’s where passkeys come in. In our recent passkey blog series , we’ve been unpacking the difference between new passkey technology and more conventional password security in light of some of the most critical authentication scenari

article thumbnail

Thales OneWelcome Identity Platform Recognized as Overall and Market Leader by KuppingerCole

Thales Cloud Protection & Licensing

Thales OneWelcome Identity Platform Recognized as Overall and Market Leader by KuppingerCole madhav Tue, 09/05/2023 - 04:48 Thales OneWelcome Identity Platform is included in the KuppingerCole Access Management Leadership Compass 2023 analysis and is recognized as an Overall Leader and Market Leader. This is a recognition of our commitment to provide tools and services that help modern businesses of all sizes to protect themselves, their employees, partners, customers, and their most valuable as

article thumbnail

Happy Canadian Labour Day! / Bonne Fête du Travail Canadienne!

Security Boulevard

Interior view of workers at one of the steel processing plants in Hamilton, circa 1920. ( MIKAN 4915719 ) - Image Courtesy of Library and Archives Canada ( LAC ). Permalink The post Happy Canadian Labour Day! / Bonne Fête du Travail Canadienne! appeared first on Security Boulevard.

59
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!