Mon.Dec 12, 2022

article thumbnail

Apple Is Finally Encrypting iCloud Backups

Schneier on Security

After way too many years, Apple is finally encrypting iCloud backups : Based on a screenshot from Apple, these categories are covered when you flip on Advanced Data Protection: device backups, messages backups, iCloud Drive, Notes, Photos, Reminders, Safari bookmarks, Siri Shortcuts, Voice Memos, and Wallet Passes. Apple says the only “major” categories not covered by Advanced Data Protection are iCloud Mail, Contacts, and Calendar because “of the need to interoperate with the global email, cont

Backups 355
article thumbnail

BH EU 2022 and BSides London

Javvad Malik

As I wandered through the psychedelic chaos of Black Hat Europe 2022, I couldn’t help but feel like I had stumbled into the belly of the beast. The vendor area was a tacky nightmare of flashing lights and buzzword-laden sales pitches, but I knew there was something deeper lurking beneath the surface. And then, like a shot of pure adrenaline to the heart, Dan Cuthbert’s opening keynote began and the conference was suddenly alive with the raw energy of truth and rebellion.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

TrueBot malware delivery evolves, now infects businesses in the US and elsewhere

Tech Republic Security

New research from Cisco Talos reveals that the infamous TrueBot malware has updated its modus operandi and now hits the U.S. with additional payloads such as the infamous Clop ransomware. The post TrueBot malware delivery evolves, now infects businesses in the US and elsewhere appeared first on TechRepublic.

Malware 174
article thumbnail

Cisco Secure Cloud Analytics – What’s New

Cisco Security

Nowadays, “cybersecurity” is the buzzword du jour , infiltrating every organization, invited or not. Furthermore, this is the case around the world, where an increasing proportion of all services now have an online presence, prompting businesses to reconsider the security of their systems. This, however, is not news to Cisco, as we anticipated it and were prepared to serve and assist clients worldwide.

article thumbnail

How to Avoid Pitfalls In Automation: Keep Humans In the Loop

Speaker: Erroll Amacker

Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.

article thumbnail

Protect your most valuable data forever for only $70 — don’t miss this deal

Tech Republic Security

Train for cybersecurity certifications as you need them to advance through an entire career. The post Protect your most valuable data forever for only $70 — don’t miss this deal appeared first on TechRepublic.

article thumbnail

Fortinet says SSL-VPN pre-auth RCE bug is exploited in attacks

Bleeping Computer

Fortinet urges customers to patch their appliances against an actively exploited FortiOS SSL-VPN vulnerability that could allow unauthenticated remote code execution on devices. [.].

VPN 142

LifeWorks

More Trending

article thumbnail

Why Are People in the US Becoming Radicalized?

WIRED Threat Level

A confluence of factors is leading people in the nation to gravitate toward extremist views.

140
140
article thumbnail

14 lessons CISOs learned in 2022

CSO Magazine

We're about to finish yet another erratic year, in which Elon Musk bought Twitter, Russia invaded Ukraine, and many workers returned to their offices. We also saw, for the first time, a security chief sentenced to prison for concealing a data breach. These events and many more have changed the business landscape and forced CISOs to steer a course through uncertain waters.

CISO 140
article thumbnail

Open source security fought back in 2022

InfoWorld on Security

Early December marked the one-year anniversary of the Log4j security meltdown. Ever since, the software world has been on a dead sprint to ensure it would never happen again. We’re finally seeing some traction as the missing links in software supply chain security begin to get filled in. Log4j was a crippling event for many organizations that struggled to understand whether and where they were even running the popular open source logging utility in their environments.

Software 132
article thumbnail

Uber suffers new data breach after attack on vendor, info leaked online

Bleeping Computer

Uber has suffered a new data breach after a threat actor leaked employee email addresses, corporate reports, and IT asset information stolen from a third-party vendor in a cybersecurity incident. [.].

article thumbnail

Why Giant Content Libraries Do Nothing for Your Employees’ Cyber Resilience

Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.

article thumbnail

Cybersecurity Trends 2023: Securing our hybrid lives

We Live Security

ESET experts offer their reflections on what the continued blurring of boundaries between different spheres of life means for our human and social experience – and especially our cybersecurity and privacy. The post Cybersecurity Trends 2023: Securing our hybrid lives appeared first on WeLiveSecurity.

article thumbnail

Evilnum group targets legal entities with a new Janicab variant

Security Affairs

A hack-for-hire group dubbed Evilnum is targeting travel and financial entities with the new Janicab malware variant. Kaspersky researchers reported that a hack-for-hire group dubbed Evilnum is targeting travel and financial entities. The attacks are part of a campaign aimed at legal and financial investment institutions in the Middle East and Europe.

Malware 129
article thumbnail

Retail and Hospitality Trending Holiday Cyber Threats

Duo's Security Blog

As the weather cools down and consumers prepare for the winter holiday season by shopping for loved ones or traveling to see them, malicious threat actors are standing by ready to ramp up their activities. The Retail & Hospitality Information Sharing and Analysis Center (RH-ISAC) just released the 2022 Holiday Season Cyber Threat Trends report that reveals the most prevalent malware tools leveraged by cyber criminals this year, with phishing and fraud dominating the list.

Retail 121
article thumbnail

Log4Shell Vulnerabilities Still Plague Organizations 

Security Boulevard

Almost exactly one year after Log4Shell sent security teams scrambling to patch, more than seven in 10 (72%) of organizations are still vulnerable to the flaw. These were among the results of a Tenable telemetry study examining the scope and impact of the critical Log4j vulnerability, known as Log4Shell, in the months following its initial. The post Log4Shell Vulnerabilities Still Plague Organizations appeared first on Security Boulevard.

Malware 119
article thumbnail

Zero Trust Mandate: The Realities, Requirements and Roadmap

The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.

article thumbnail

Pwn2Own Toronto: 54 hacks, 63 new bugs, $1 million in bounties

Naked Security

That's a mean average of $15,710 per bug. and 63 fewer bugs out there for crooks and rogues to find.

Hacking 118
article thumbnail

Best Practices for Data Cloud Security

Security Boulevard

As more businesses move to hybrid environments or adopt a cloud-first approach, the time has come to consider the latest cloud security best practices to safeguard their people, processes, and data. The post Best Practices for Data Cloud Security appeared first on Security Boulevard.

article thumbnail

Metaparasites & the Dark Web: Scammers Turn on Their Own

Dark Reading

Sophos research unveiled at Black Hat Europe details a thriving subeconomy of fraud on the cybercrime underground, aimed at Dark Web forum users.

article thumbnail

Microsoft acquires Lumenisity for secure data transfer

CyberSecurity Insiders

Microsoft, the Windows Operating System developing giant of America, has made an official statement that it is going to acquire UK based startup ‘Lumenisity’ for an undisclosed sum. However, unconfirmed sources state that the company was purchased for $93 million, a figure that is yet to be confirmed by the tech giant. Lumenisity is a company that develops Hollow Core Fiber (HCF) cables meant for data transfer and widely used in data centers and ISPs.

Retail 117
article thumbnail

Next-Level Fraud Prevention: Strategies for Today’s Threat Landscape

Speaker: Sierre Lindgren

Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.

article thumbnail

How To Stay Secure: 5 Top Tips When Betting Online To Implement And Follow!

SecureBlitz

How to stay secure: 5 top tips when betting online to implement and follow! Betting online is a great way to have fun and further enhance the enjoyment you can get from your favorite sports and events, as well as the potential to win big, but it is important to remember that you should always […]. The post How To Stay Secure: 5 Top Tips When Betting Online To Implement And Follow!

article thumbnail

Twitter confirms recent user data leak is from 2021 breach

Bleeping Computer

Twitter confirmed today that the recent leak of millions of members' profiles, including private phone numbers and email addresses, resulted from the same data breach the company disclosed in August 2022. [.].

article thumbnail

Fortinet urges customers to fix actively exploited FortiOS SSL-VPN bug

Security Affairs

Fortinet fixed an actively exploited FortiOS SSL-VPN flaw that could allow a remote, unauthenticated attacker to execute arbitrary code on devices. Fortinet urges customers to update their installs to address an actively exploited FortiOS SSL-VPN vulnerability, tracked as CVE-2022-42475, that could be exploited by an unauthenticated, remote attacker to execute arbitrary code on devices.

VPN 113
article thumbnail

COVID-bit: A New Attack Method That Can Breach Air-gapped PCs

Heimadal Security

COVID-bit is a new assault strategy that uses electromagnetic waves to breach air-gapped computers, and it has a data transmission range of at least two meters (6.5 ft). The exfiltrated data can be received by a close by smartphone or laptop, even when the two devices are separated by a wall. This attack method has […]. The post COVID-bit: A New Attack Method That Can Breach Air-gapped PCs appeared first on Heimdal Security Blog.

article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

3 Realities of Building a Security Awareness Training Program

Security Boulevard

Security awareness training is a critical aspect of cybersecurity strategy because between 82% and 95% of security incidents can be attributed to human-related causes rather than a failure of cybersecurity technology. But the reality is that organizations often resort to a check-the-box approach where they assume they have “done security awareness”—they’ve provided the right information, The post 3 Realities of Building a Security Awareness Training Program appeared first on Se

article thumbnail

10 Best AdBlock VPNs In 2023 [Tested & Reviewed]

SecureBlitz

The best AdBlock VPNs guarantee your online security and privacy. Surfshark, NordVPN, and CyberGhost VPN are a few. Find out more in this post. A VPN helps you browse the internet anonymously and unblock websites by masking your IP address. Meanwhile, an AdBlock lets you browse the internet free from distracting adverts. You don’t have […]. The post 10 Best AdBlock VPNs In 2023 [Tested & Reviewed] appeared first on SecureBlitz Cybersecurity.

VPN 111
article thumbnail

Complete guide to OT network segmentation

Security Boulevard

As industrial businesses connect their OT and IT networks, network segmentation is becoming an increasingly important approach. Using this method, it is feasible to successfully secure industrial assets while maintaining their important characteristics. Data reigns supremacy in the era of the Industrial 4.0 Revolution. In some of our most important industries, it catalyzes IT/OT convergence. […].

111
111
article thumbnail

Researchers Warn of Exploit that Bypasses Web Application Firewalls

eSecurity Planet

Team82 researchers have disclosed an attack technique that bypasses industry-leading web application firewalls (WAFs) by appending JSON syntax to SQL injection payloads. “An attacker able to bypass the traffic scanning and blocking capabilities of WAFs often has a direct line to sensitive business and customer information,” vulnerability researcher Noam Moshe wrote in a blog post detailing the threat. “Such bypasses, thankfully, have been infrequent, and one-offs targeting a pa

Firewall 109
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

5 Advantages of Working with SEO Agencies 

IT Security Guru

If you’re looking to implement search engine optimisation strategies or augment your efforts, a common dilemma that many face is whether to outsource the work or keep it in-house. Financial and control concerns can make organisations more hesitant to hire specialists to do the job. However, the reality is that it’s often better to seek the services of experienced professionals, especially for highly specialised work like SEO. .

article thumbnail

The Whys and Hows of Cyber Risk Quantification

Security Boulevard

Articles related to cyber risk quantification, cyber risk management, and cyber resilience. The post The Whys and Hows of Cyber Risk Quantification appeared first on Security Boulevard.

article thumbnail

Malware Strains Targeting Python and JavaScript Developers Through Official Repositories

The Hacker News

An active malware campaign is targeting the Python Package Index (PyPI) and npm repositories for Python and JavaScript with typosquatted and fake modules that deploy a ransomware strain, marking the latest security issue to affect software supply chains.

Malware 105
article thumbnail

Indian foreign ministry’s Global Pravasi Rishta portal leaks expat passport details

Security Affairs

The Cybernews research team reported that India’s government platform Global Pravasi Rishta Portal was leaking sensitive user data. Original post @ [link]. The Global Pravasi Rishta Portal, India’s government platform for connecting with its overseas population, leaked sensitive data, including names and passport details. The Cybernews research team has been alerted that the Global Pravasi Rishta Portal was leaking sensitive user data.

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!