Schneier on Security

DECEMBER 12, 2022

After way too many years, Apple is finally encrypting iCloud backups : Based on a screenshot from Apple, these categories are covered when you flip on Advanced Data Protection: device backups, messages backups, iCloud Drive, Notes, Photos, Reminders, Safari bookmarks, Siri Shortcuts, Voice Memos, and Wallet Passes. Apple says the only “major” categories not covered by Advanced Data Protection are iCloud Mail, Contacts, and Calendar because “of the need to interoperate with the global email, cont

Backups 286

Backups Encryption Accountability 286

Javvad Malik

DECEMBER 12, 2022

As I wandered through the psychedelic chaos of Black Hat Europe 2022, I couldn’t help but feel like I had stumbled into the belly of the beast. The vendor area was a tacky nightmare of flashing lights and buzzword-laden sales pitches, but I knew there was something deeper lurking beneath the surface. And then, like a shot of pure adrenaline to the heart, Dan Cuthbert’s opening keynote began and the conference was suddenly alive with the raw energy of truth and rebellion.

Social Engineering 234

Social Engineering Engineering Cybersecurity 234

Tech Republic Security

DECEMBER 12, 2022

New research from Cisco Talos reveals that the infamous TrueBot malware has updated its modus operandi and now hits the U.S. with additional payloads such as the infamous Clop ransomware. The post TrueBot malware delivery evolves, now infects businesses in the US and elsewhere appeared first on TechRepublic.

Malware 144

Malware Ransomware 144

Bleeping Computer

DECEMBER 12, 2022

Fortinet urges customers to patch their appliances against an actively exploited FortiOS SSL-VPN vulnerability that could allow unauthenticated remote code execution on devices. [.].

VPN 143

VPN 143

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Tech Republic Security

DECEMBER 12, 2022

Train for cybersecurity certifications as you need them to advance through an entire career. The post Protect your most valuable data forever for only $70 — don’t miss this deal appeared first on TechRepublic.

Cybersecurity 144

Cybersecurity 144

CSO Magazine

DECEMBER 12, 2022

We're about to finish yet another erratic year, in which Elon Musk bought Twitter, Russia invaded Ukraine, and many workers returned to their offices. We also saw, for the first time, a security chief sentenced to prison for concealing a data breach. These events and many more have changed the business landscape and forced CISOs to steer a course through uncertain waters.

CISO 140

CISO Data breaches Cybersecurity 140

Bleeping Computer

DECEMBER 12, 2022

Uber has suffered a new data breach after a threat actor leaked employee email addresses, corporate reports, and IT asset information stolen from a third-party vendor in a cybersecurity incident. [.].

Data breaches 138

Data breaches Cybersecurity 138

InfoWorld on Security

DECEMBER 12, 2022

Early December marked the one-year anniversary of the Log4j security meltdown. Ever since, the software world has been on a dead sprint to ensure it would never happen again. We’re finally seeing some traction as the missing links in software supply chain security begin to get filled in. Log4j was a crippling event for many organizations that struggled to understand whether and where they were even running the popular open source logging utility in their environments.

Software 130

Software 130

Bleeping Computer

DECEMBER 12, 2022

Twitter confirmed today that the recent leak of millions of members' profiles, including private phone numbers and email addresses, resulted from the same data breach the company disclosed in August 2022. [.].

Data breaches 128

Data breaches 128

We Live Security

DECEMBER 12, 2022

ESET experts offer their reflections on what the continued blurring of boundaries between different spheres of life means for our human and social experience – and especially our cybersecurity and privacy. The post Cybersecurity Trends 2023: Securing our hybrid lives appeared first on WeLiveSecurity.

Cybersecurity 129

Cybersecurity 129

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Security Boulevard

DECEMBER 12, 2022

Almost exactly one year after Log4Shell sent security teams scrambling to patch, more than seven in 10 (72%) of organizations are still vulnerable to the flaw. These were among the results of a Tenable telemetry study examining the scope and impact of the critical Log4j vulnerability, known as Log4Shell, in the months following its initial. The post Log4Shell Vulnerabilities Still Plague Organizations appeared first on Security Boulevard.

Malware 117

Malware Cybersecurity 117

CyberSecurity Insiders

DECEMBER 12, 2022

Microsoft, the Windows Operating System developing giant of America, has made an official statement that it is going to acquire UK based startup ‘Lumenisity’ for an undisclosed sum. However, unconfirmed sources state that the company was purchased for $93 million, a figure that is yet to be confirmed by the tech giant. Lumenisity is a company that develops Hollow Core Fiber (HCF) cables meant for data transfer and widely used in data centers and ISPs.

Retail 117

Retail Healthcare Manufacturing Cyber threats 117

Security Boulevard

DECEMBER 12, 2022

As more businesses move to hybrid environments or adopt a cloud-first approach, the time has come to consider the latest cloud security best practices to safeguard their people, processes, and data. The post Best Practices for Data Cloud Security appeared first on Security Boulevard.

Cyber Risk 116

Cyber Risk Risk 116

Heimadal Security

DECEMBER 12, 2022

COVID-bit is a new assault strategy that uses electromagnetic waves to breach air-gapped computers, and it has a data transmission range of at least two meters (6.5 ft). The exfiltrated data can be received by a close by smartphone or laptop, even when the two devices are separated by a wall. This attack method has […]. The post COVID-bit: A New Attack Method That Can Breach Air-gapped PCs appeared first on Heimdal Security Blog.

Cybersecurity 106

Cybersecurity 106

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Security Boulevard

DECEMBER 12, 2022

Security awareness training is a critical aspect of cybersecurity strategy because between 82% and 95% of security incidents can be attributed to human-related causes rather than a failure of cybersecurity technology. But the reality is that organizations often resort to a check-the-box approach where they assume they have “done security awareness”—they’ve provided the right information, The post 3 Realities of Building a Security Awareness Training Program appeared first on Se

Security Awareness 109

Security Awareness Technology Cybersecurity CISO 109

Security Affairs

DECEMBER 12, 2022

Fortinet fixed an actively exploited FortiOS SSL-VPN flaw that could allow a remote, unauthenticated attacker to execute arbitrary code on devices. Fortinet urges customers to update their installs to address an actively exploited FortiOS SSL-VPN vulnerability, tracked as CVE-2022-42475, that could be exploited by an unauthenticated, remote attacker to execute arbitrary code on devices.

VPN 107

VPN Hacking Cybersecurity Information Security 107

Security Boulevard

DECEMBER 12, 2022

As industrial businesses connect their OT and IT networks, network segmentation is becoming an increasingly important approach. Using this method, it is feasible to successfully secure industrial assets while maintaining their important characteristics. Data reigns supremacy in the era of the Industrial 4.0 Revolution. In some of our most important industries, it catalyzes IT/OT convergence. […].

109

109

Dark Reading

DECEMBER 12, 2022

Sophos research unveiled at Black Hat Europe details a thriving subeconomy of fraud on the cybercrime underground, aimed at Dark Web forum users.

Cybercrime 118

Cybercrime 118

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

SecureBlitz

DECEMBER 12, 2022

The best AdBlock VPNs guarantee your online security and privacy. Surfshark, NordVPN, and CyberGhost VPN are a few. Find out more in this post. A VPN helps you browse the internet anonymously and unblock websites by masking your IP address. Meanwhile, an AdBlock lets you browse the internet free from distracting adverts. You don’t have […]. The post 10 Best AdBlock VPNs In 2023 [Tested & Reviewed] appeared first on SecureBlitz Cybersecurity.

VPN 104

VPN Internet Internet Cybersecurity 104

Security Boulevard

DECEMBER 12, 2022

Articles related to cyber risk quantification, cyber risk management, and cyber resilience. The post The Whys and Hows of Cyber Risk Quantification appeared first on Security Boulevard.

Cyber Risk 104

Cyber Risk Risk 104

PCI perspectives

DECEMBER 12, 2022

Jane Goodayle believes that unconscious bias exists in every industry. Sometimes, even just the perception of the industry as “male dominated” can discourage women from participating. In this edition of our blog, Jane explains that women can push back against unconscious bias by continuing to bring our “A” game, expose unfair stereotyping, and challenge the ‘expected and accepted’ to prompt change.

Technology 101

Technology 101

Security Affairs

DECEMBER 12, 2022

Researchers spotted a cryptocurrency mining campaign targeting Linux users with Go-based CHAOS malware (Trojan.Linux.CHAOSRAT). In November 2022, Trend Micro researchers discovered a cryptocurrency mining campaign targeting Linux users with Go-based CHAOS malware (Trojan.Linux.CHAOSRAT). The Chaos RAT is based on an open-source project. Like the original project, the malware is able to terminate competing malware, security software, and is used to deploy the Monero (XMR) cryptocurrency miner.

Malware 100

Malware Cryptocurrency Hacking Software 100

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

Security Boulevard

DECEMBER 12, 2022

According to projections, the size of the Middle East Cyber Security Market will increase from USD 20.3 billion in 2022 to USD 44.7 billion by 2027, expanding at a Compound Annual Growth Rate (CAGR) of 17.1% throughout the forecast period. The growing sophistication of cyberattacks across heavy sectors to result in financial and reputational losses, […].

Cybersecurity 98

Cybersecurity Marketing 98

The Hacker News

DECEMBER 12, 2022

Fortinet on Monday issued emergency patches for a severe security flaw affecting its FortiOS SSL-VPN product that it said is being actively exploited in the wild. Tracked as CVE-2022-42475 (CVSS score: 9.3), the critical bug relates to a heap-based buffer overflow vulnerability that could allow an unauthenticated attacker to execute arbitrary code via specially crafted requests.

VPN 98

VPN 98

Bleeping Computer

DECEMBER 12, 2022

A previously undocumented Python backdoor targeting VMware ESXi servers has been spotted, enabling hackers to execute commands remotely on a compromised system. [.].

Malware 101

Malware 101

The Hacker News

DECEMBER 12, 2022

Google has officially begun rolling out support for passkeys, the next-generation passwordless login standard, to its stable version of Chrome web browser. "Passkeys are a significantly safer replacement for passwords and other phishable authentication factors," the tech giant's Ali Sarraf said. "They cannot be reused, don't leak in server breaches, and protect users from phishing attacks.

Phishing 97

Phishing Authentication Passwords 97

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Security Affairs

DECEMBER 12, 2022

The Cybernews research team reported that India’s government platform Global Pravasi Rishta Portal was leaking sensitive user data. Original post @ [link]. The Global Pravasi Rishta Portal, India’s government platform for connecting with its overseas population, leaked sensitive data, including names and passport details. The Cybernews research team has been alerted that the Global Pravasi Rishta Portal was leaking sensitive user data.

Government 100

Government Authentication Hacking Accountability 100

The Hacker News

DECEMBER 12, 2022

An active malware campaign is targeting the Python Package Index (PyPI) and npm repositories for Python and JavaScript with typosquatted and fake modules that deploy a ransomware strain, marking the latest security issue to affect software supply chains.

Malware 96

Malware Ransomware Software 96

IT Security Guru

DECEMBER 12, 2022

If you’re looking to implement search engine optimisation strategies or augment your efforts, a common dilemma that many face is whether to outsource the work or keep it in-house. Financial and control concerns can make organisations more hesitant to hire specialists to do the job. However, the reality is that it’s often better to seek the services of experienced professionals, especially for highly specialised work like SEO. .

Engineering 100

Engineering Marketing Software 100

Security Affairs

DECEMBER 12, 2022

A hack-for-hire group dubbed Evilnum is targeting travel and financial entities with the new Janicab malware variant. Kaspersky researchers reported that a hack-for-hire group dubbed Evilnum is targeting travel and financial entities. The attacks are part of a campaign aimed at legal and financial investment institutions in the Middle East and Europe.

Malware 106

Malware Hacking Phishing Information Security 106

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.