Schneier on Security
DECEMBER 5, 2022
This is an actual CAPTCHA I was shown when trying to log into PayPal. As an actual human and not a bot, I had no idea how to answer. Is this a joke? (Seems not.) Is it a Magritte-like existential question? (It’s not a bicycle. It’s a drawing of a bicycle. Actually, it’s a photograph of a drawing of a bicycle. No, it’s really a computer image of a photograph of a drawing of a bicycle.
Krebs on Security
DECEMBER 5, 2022
In December 2021, Google filed a civil lawsuit against two Russian men thought to be responsible for operating Glupteba , one of the Internet’s largest and oldest botnets. The defendants, who initially pursued a strategy of counter suing Google for interfering in their sprawling cybercrime business, later brazenly offered to dismantle the botnet in exchange for payment from Google.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Joseph Steinberg
DECEMBER 5, 2022
Don’t open attachments. Change your password often. Don’t click on any links sent in emails or text messages. We have all received plenty of advice on how to avoid being harmed by cyber-attacks, but staying safe can often be confusing, complicated, or impractical. Joseph Steinberg, author of the best-selling book, “Cybersecurity for Dummies,” is here to cut through the noise and give you practical tips on how to practice smart digital security — without you having to spend a ton of time or any m
Javvad Malik
DECEMBER 5, 2022
I saw this picture somewhere on social media of these many locks securing the bolt. However, upon closer inspection, you can see that by simply removing any one of the locks, you unlock the whole thing. I hope you’ll allow me the opportunity of dragging this out into a cybersecurity analogy. But, sometimes the sheer number of products and hoops we deploy end up looking a bit like this picture.
Speaker: Erroll Amacker
Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.
Tech Republic Security
DECEMBER 5, 2022
Rated at 4.9/5 stars on TrustPilot, this VPN service uses military-grade encryption to keep your web browsing safe. The post Protect confidential data for 10 years for $79.99 with VPN.asia appeared first on TechRepublic.
We Live Security
DECEMBER 5, 2022
Forget pests for a minute. Modern farms also face another – and more insidious – breed of threat. The post Tractors vs. threat actors: How to hack a farm appeared first on WeLiveSecurity.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
|
SecureList
DECEMBER 5, 2022
Introduction. If one sheep leaps over the ditch, the rest will follow. This is an old saying, found in various languages, and it can be applied to ransomware developers. In previous blog posts, we highlighted an increase in the popularity of platform-independent languages and ESXi support , and recently , we wrote about ransomware borrowing these propagation methods.
Dark Reading
DECEMBER 5, 2022
Privacy standards are only going to increase. It's time for organizations to get ahead of the coming reckoning.
CSO Magazine
DECEMBER 5, 2022
Palo Alto Networks today rolled out a new Medical IoT Security offering, designed to provide improved visibility, automated monitoring and more for hitherto vulnerable healthcare IoT frameworks, thanks to machine learning and adherence to zero trust principles. Medical device security is a serious problem for most organizations in healthcare, with a long string of reported vulnerabilities in the area stretching back for years.
CyberSecurity Insiders
DECEMBER 5, 2022
First is the news related to the FIFA World Cup Football Tournament of 2022 being held in Qatar. Cybersecurity authorities’ managing the event have issued a caution to all those watching the sporting event on television to beware of illegal streaming websites. Because of high ticket prices, infrastructure issues and the ongoing Christmas season, most of the Football fans will watch their favorite teams on a big screen.
Advertisement
Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.
Bleeping Computer
DECEMBER 5, 2022
The André-Mignot teaching hospital in the suburbs of Paris had to shut down its phone and computer systems because of a ransomware attack that hit on Saturday evening. [.].
Security Boulevard
DECEMBER 5, 2022
A new wiper malware is destroying data on Russian government PCs. Dubbed CryWiper, it pretends to be ransomware. The post Russia Hit by New ‘CryWiper’ — Fake Ransomware appeared first on Security Boulevard.
CSO Magazine
DECEMBER 5, 2022
In his career in IT security leadership, Aaron de Montmorency has seen a lot — an employee phished on their first day by someone impersonating the CEO, an HR department head asked to change the company’s direct deposit information by a bogus CFO, not to mention multichannel criminal engagement with threat actors attacking from social media to email to SMS text.
Security Affairs
DECEMBER 5, 2022
A critical stack-based buffer overflow bug, tracked as CVE-2022-23093, in the ping service can allow to take over FreeBSD systems. The maintainers of the FreeBSD operating system released updates to address a critical flaw, tracked as CVE-2022-23093, in the ping module that could be potentially exploited to gain remote code execution. The ping utility allows testing the reachability of a remote host using ICMP messages, it requires elevated privileges to use raw sockets.
Advertisement
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
The Hacker News
DECEMBER 5, 2022
Three different security flaws have been disclosed in American Megatrends (AMI) MegaRAC Baseboard Management Controller (BMC) software that could lead to remote code execution on vulnerable servers.
Security Affairs
DECEMBER 5, 2022
Resecurity has identified a new underground marketplace in the Dark Web oriented towards mobile malware developers and operators. “In the Box” dark web marketplace is leveraged by cybercriminals to attack over 300 financial institutions (FIs), payment systems, social media and online-retailers in 43 countries. Resecurity, the California-based cybersecurity company protecting major Fortune 500 companies, has identified a new underground marketplace in the Dark Web oriented towards
The Hacker News
DECEMBER 5, 2022
Cybersecurity researchers have discovered a security vulnerability that exposes cars from Honda, Nissan, Infiniti, and Acura to remote attacks through a connected vehicle service provided by SiriusXM.
SecureBlitz
DECEMBER 5, 2022
StormWall, a cybersecurity service that specializes in providing DDoS protection for IT infrastructures of all sizes and complexity, including websites, networks and online services, today announced the opening of its sixth point of presence in Singapore, in partnership with IDCloudHost. The new location will operate in the Equinix SG3 data center, providing robust protection against […].
Speaker: Sierre Lindgren
Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.
The Hacker News
DECEMBER 5, 2022
A version of an open source ransomware toolkit called Cryptonite has been observed in the wild with wiper capabilities due to its "weak architecture and programming." Cryptonite, unlike other ransomware strains, is not available for sale on the cybercriminal underground, and was instead offered for free by an actor named CYBERDEVILZ until recently through a GitHub repository.
Security Affairs
DECEMBER 5, 2022
A French hospital near Paris canceled operations and transfer some patients due to a cyber attack suffered over the weekend. France’s health ministry announced that the Hospital Centre of Versailles was hit by a cyber attack over the weekend. Hospital Centre of Versailles, which includes Andre-Mignot Hospital, Richaud Hospital and the Despagne Retirement Home, canceled operations and transferred some patients due to the cyberattack.
Bleeping Computer
DECEMBER 5, 2022
Hackers are abusing the open-source Linux PRoot utility in BYOF (Bring Your Own Filesystem) attacks to provide a consistent repository of malicious tools that work on many Linux distributions. [.].
Malwarebytes
DECEMBER 5, 2022
You may well have changed your social media site of choice recently, but that doesn’t mean the security implications of less familiar sites and services can be ignored. For the sites themselves, coping with an influx of new users can be nothing short of a large headache. And even the more established entities like Mastodon—which is experiencing increased scrutiny alongside its recent boom in popularity—are not left unscathed from complaints and potential security issues.
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
Graham Cluley
DECEMBER 5, 2022
Your car's mobile app might have allowed hackers to remotely unlock your vehicle, turn on or off its engine, and even honk its horn. Read more in my article on the Hot for Security blog.
Malwarebytes
DECEMBER 5, 2022
ZDNet reports an interesting form of PayPal scam sent to one of their own writers. The scam is a so-called “triple threat” phish, in that it gives the scammer three different ways to potentially collect some ill gotten gains from potential victims. The idea is that if one of the three tactics fails, there are two more waiting in the wings primed to take another swing at your digital wallet.
Cisco Security
DECEMBER 5, 2022
For these Cisconians, hands-on is the way to go when it comes to giving back. Using Cisco’s Time2Give benefit that provides 10 paid days to volunteer each year, team members rolled up their sleeves to build homes, cuddle and care for animals, distribute food and more. If you also value giving back, check out our open roles. . Building homes and hope .
Malwarebytes
DECEMBER 5, 2022
Eufy home security cameras are currently in a spot of trouble as a result of door camera footage. This is because it turns out that data which should not have been going to the cloud was doing so anyway in certain conditions. Securing your home: a complicated proposition. Insecure cameras, unprotected cloud footage, streams going where they shouldn’t be: these are all areas for concern when looking into buying a home security system.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Security Boulevard
DECEMBER 5, 2022
Microsoft may have retired the Boa web server in 2005, but that hasn’t stopped widespread use—and now the company is saying a vulnerability in the server’s open source component has been exploited by bad actors, targeting the energy industry and underscoring the continued vulnerability of the supply chain. While investigating “electrical grid intrusion activity [that].
Malwarebytes
DECEMBER 5, 2022
On Friday, December 2, Google rolled out an out-of-band patch for an actively exploited zero-day vulnerability in its V8 JavaScript engine. The flaw could allow attackers to cause a system crash or execute potentially malicious code. That means you'll want to update Chrome to patch against this vulnerability as soon as you can. Do this by navigating to the "About Chrome" page on your browser’s menu.
Security Boulevard
DECEMBER 5, 2022
A growing number of companies are integrating APIs with their applications and systems. In a recent survey, the average number of APIs per company increased by 221% in 12 months, with 26% of companies using at least twice as many APIs as they did a year ago. With the rapid increase in the use of. The post What is API Governance? appeared first on Security Boulevard.
Malwarebytes
DECEMBER 5, 2022
Every so often, bizarre but oddly believable scams do the rounds on Facebook. And so we have the latest: A tragic tale of a lost baby left outside the gate of someone’s house. The abandoned baby Facebook hoax springs into action. A post made to Facebook December 1st by someone claiming to be in the UK made the following post alongside a photograph of a baby: "Baby dumped at the gate of our house in.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Expert insights. Personalized for you.
346 
Let's personalize your content