Krebs on Security

DECEMBER 13, 2022

InfraGard , a program run by the U.S. Federal Bureau of Investigation (FBI) to build cyber and physical threat information sharing partnerships with the private sector, this week saw its database of contact information on more than 80,000 members go up for sale on an English-language cybercrime forum. Meanwhile, the hackers responsible are communicating directly with members through the InfraGard portal online — using a new account under the assumed identity of a financial industry CEO tha

Hacking 363

Hacking Energy and Utilities Cybercrime Accountability 363

Schneier on Security

DECEMBER 13, 2022

Seems like absolutely everyone everywhere is playing with Chat GPT. So I did, too… Write an essay in the style of Bruce Schneier on how ChatGPT will affect cybersecurity. As with any new technology, the development and deployment of ChatGPT is likely to have a significant impact on the field of cybersecurity. In many ways, ChatGPT and other AI technologies hold great promise for improving the ability of organizations and individuals to defend against cyber threats.

Cyber threats 63

Cyber threats Technology Risk Cybersecurity 63

The Last Watchdog

DECEMBER 13, 2022

It’s all too easy to take for granted the amazing digital services we have at our fingertips today. Related: Will Matter 1.0 ignite the ‘Internet of Everything’ Yet, as 2022 ends, trust in digital services is a tenuous thing. A recent survey highlights the fact that company leaders now understand that digital trust isn’t nearly what it needs to be.

Internet 41

Internet Internet Digital transformation Accountability 41

Tech Republic Security

DECEMBER 13, 2022

No longer limited to email, BEC attacks are hitting users through text messages in an attempt to steal money or commit other types of fraud, says Trustwave. The post Business email compromise attacks now targeting people via SMS messages appeared first on TechRepublic.

Mobile 193

Mobile 193

Speaker: Erroll Amacker

Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.

Risk

Cisco Security

DECEMBER 13, 2022

Modernize your firewall for greater security resilience. Cybersecurity has changed dramatically since the dawn of firewalls in the 1980s. But despite all the upheaval and innovation, they have stood the test of time. The basic concept of allowing “good” traffic to flow and blocking the bad stuff remains essential. Of course, it looks much different now than in the era of Care Bears and Cabbage Patch Kids.

Firewall 145

Firewall Retail Encryption Digital transformation 145

Tech Republic Security

DECEMBER 13, 2022

From safety to where? Find out the right way to turn with this comprehensive analysis of seven options for your business. The post Top industrial IoT security solutions appeared first on TechRepublic.

IoT 193

IoT Internet Internet Software 193

Security Boulevard

DECEMBER 13, 2022

At the weekend, Linus Torvalds released Linux 6.1 to the world. Among other security features is support for writing parts of the kernel in Rust. The post Rust: Officially Released in Linux 6.1 Kernel appeared first on Security Boulevard.

IoT 145

IoT Mobile Risk Government 145

Security Affairs

DECEMBER 13, 2022

LockBit ransomware gang hacked the California Department of Finance and threatens to leak data stolen from its systems. The LockBit ransomware gang claims to have stolen 76Gb from the California Department of Finance and is threatening to leak the stolen data if the victims will not pay the ransom by December 24. On December 12, the California Department of Finance confirmed the security incident with a statement. “The California Cybersecurity Integration Center (Cal-CSIC) is actively resp

Hacking 143

Hacking Ransomware Technology Cybersecurity 143

Security Boulevard

DECEMBER 13, 2022

Stop me if you’ve heard this one before: Next year is the year we will finally eliminate passwords. That statement has been a staple of annual cybersecurity predictions for at least a decade, but could 2023 actually be the year that we see a major shift toward the passwordless workplace? Digital Identity thinks so. They. The post Enterprises Move Toward Passwordless, But There’s a Long Way to Go appeared first on Security Boulevard.

Passwords 139

Passwords Cybersecurity Authentication Network Security 139

Security Affairs

DECEMBER 13, 2022

Citrix urges customers to update their installs to fix actively exploited zero-day (CVE-2022-27518) in Citrix ADC and Gateway. Citrix urges administrators to apply security updates for a zero-day vulnerability, tracked as CVE-2022-27518, in Citrix ADC and Gateway. The vulnerability is actively exploited by China-linked threat actors to gain access to target networks. “We are aware of a small number of targeted attacks in the wild using this vulnerability.” reads a blog post published

Authentication 142

Authentication Hacking Technology Cybersecurity 142

Advertisement

Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.

Cyber threats

Naked Security

DECEMBER 13, 2022

There's an update for everything this time, not just for iOS.

139

139

Security Affairs

DECEMBER 13, 2022

A new Python backdoor is targeting VMware ESXi servers, allowing attackers to take over compromised systems. Juniper Networks researchers spotted a previously undocumented Python backdoor targeting VMware ESXi servers. The researchers discovered the backdoor in October 2022, experts pointed out the implant is notable for its simplicity, persistence and capabilities.

Passwords 142

Passwords Hacking Cybercrime Information Security 142

Dark Reading

DECEMBER 13, 2022

Threat actors leak employee email addresses, corporate reports, and IT asset information on a hacker forum after an attack on an Uber technology partner.

Technology 133

Technology 133

Security Affairs

DECEMBER 13, 2022

VMware fixed three flaws in multiple products, including a virtual machine escape issue exploited at the GeekPwn 2022 hacking competition. VMware addressed three vulnerabilities in multiple products, including a virtual machine escape flaw, tracked as CVE-2022-31705, that was exploited at the GeekPwn 2022 hacking competition. A working exploit for the CVE-2022-31705 vulnerability was demonstrated by Ant Security researcher Yuhao Jiang during the Geekpwn, a hacking contest run by the Tencent Keen

Hacking 138

Hacking Authentication Information Security 138

Advertisement

The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.

Cybersecurity

CyberSecurity Insiders

DECEMBER 13, 2022

Central government employees of India will receive a Standard Operating Procedure (SOP) on Cyber Attacks by this month and suggesting measures to take before a cyber attack and steps to mitigate risks, if in case, an organization becomes a victim to a digital attack. Amid tensions from the government of China, the Prime Minister Shri Narendra Modi led government has urged public sector units and ministries to increase vigil on their computer networks against foreign nation intrusions.

Cyber Attacks 129

Cyber Attacks Government Passwords Cyber threats 129

Naked Security

DECEMBER 13, 2022

Tales of derring-do in the cyberunderground! (And some zero-days.).

Malware 122

Malware 122

CyberSecurity Insiders

DECEMBER 13, 2022

India’s Corona fighting digital platform COWIN Portal has been reportedly been hacked by a hacker who is ready to sell the access details and some health worker data to interested parties. It has to be notified over here that the hacker advertised about the hack on Twitter and invited bids from interested parties by this weekend, after which it can possibly be sold on the dark web.

Hacking 124

Hacking Healthcare Cyber Attacks Advertising 124

Heimadal Security

DECEMBER 13, 2022

Linux users have been targeted in a cryptocurrency mining campaign that uses CHAOS, an open-source remote access trojan (RAT). The campaign was first spotted by cybersecurity experts in November 2022 and, to achieve persistence, the malware modifies the /etc/crontab file, a UNIX job scheduler that, in this case, downloads itself from Pastebin every 10 minutes, […].

Malware 119

Malware Cybersecurity Cryptocurrency 119

Speaker: Sierre Lindgren

Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.

Scams

Bleeping Computer

DECEMBER 13, 2022

Microsoft has revoked several Microsoft hardware developer accounts after drivers signed through their profiles were used in cyberattacks, including ransomware incidents. [.].

Ransomware 118

Ransomware Accountability 118

Dark Reading

DECEMBER 13, 2022

Here's what you need to patch now, including six critical updates for Microsoft's final Patch Tuesday of the year.

118

118

We Live Security

DECEMBER 13, 2022

Think outside the (gift) box. Here are a few ideas for security and privacy gifts to get for your relatives – or even for yourself. Some don’t cost a penny! The post Top tips for security‑ and privacy‑enhancing holiday gifts appeared first on WeLiveSecurity.

Cybersecurity 117

Cybersecurity 117

CSO Magazine

DECEMBER 13, 2022

The holiday season is the most wonderful time of the year for cybercriminals. Threat adversaries inevitably have more opportunities to carry out targeted attacks as more people are online shopping and checking emails for coupons that could actually be phishing attacks. Well-staffed security teams using the right technologies can undoubtedly go a long way in protecting organizations against cybercrime.

Security Awareness 114

Security Awareness Cybercrime Phishing Technology 114

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

Dark Reading

DECEMBER 13, 2022

Organizations need servant leaders to step forward and make their teams' professional effectiveness and happiness a priority.

Cybersecurity 114

Cybersecurity 114

Security Affairs

DECEMBER 13, 2022

Twitter confirmed that the recent leak of members’ profile information resulted from the 2021 data breach disclosed in August 2022. Twitter confirmed that the recent data leak of millions of profiles resulted from the 2021 data breach that the company disclosed in August 2022. At the end of July, a threat actor leaked data of 5.4 million Twitter accounts that were obtained by exploiting a now-fixed vulnerability in the popular social media platform.

Data breaches 108

Data breaches Accountability Media Hacking 108

Bleeping Computer

DECEMBER 13, 2022

In security updates released today, Apple has fixed the tenth zero-day vulnerability since the start of the year, with this latest one actively used in attacks against iPhones. [.].

Hacking 106

Hacking 106

Trend Micro

DECEMBER 13, 2022

This report examines the infection chain and the pieces of malware used by malicious actors in supply-chain attacks that leveraged trojanized installers of chat-based customer engagement platforms.

Malware 106

Malware 106

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Heimadal Security

DECEMBER 13, 2022

Sensitive information, such as names and passport numbers, was exposed through the Global Pravasi Rishta Portal, India’s government platform for communicating with its overseas population. The Cybernews investigation team was informed that the Global Pravasi Rishta Portal was leaking users’ personal information. Unfortunately, the information proved to be correct.

Government 105

Government Cybersecurity 105

CyberSecurity Insiders

DECEMBER 13, 2022

Day to day a new ransomware emerges on the web giving us a feeling that the threat seems to be a never-ending saga and is going through evolution with time. Royal Ransomware is the latest file encrypting malware that is on the prowl and is, for now, encrypting only networks related to the healthcare sector of America. Health Department issued a warning on this note and labeled it as a threat of high severity depending on the victims and ransom amount it is demanding and has gained from its victi

Healthcare 105

Healthcare Ransomware Encryption Malware 105

Heimadal Security

DECEMBER 13, 2022

A sophisticated new malware campaign is targeting the Python Package Index and npm for both Python and JavaScript with typosquatted modules that deploy a ransomware strain. It’s yet another way that cybercriminals are infiltrating the software supply chains. The typosquatted Python packages impersonate the popular requests library: dequests, fequests, gequests, rdquests, reauests, reduests, reeuests, reqhests, reqkests, […].

Malware 105

Malware Ransomware Software Cybersecurity 105

CyberSecurity Insiders

DECEMBER 13, 2022

Evil Corp, the internationally acclaimed group of cyber criminals, is back in news for having links to the Silence Group developed new malware called ‘TrueBot’. The malware’s primary motive is to steal money and to launch DDoS attacks. Cisco Talos, the cyber arm of networking giant Cisco, tracked Truebot as an invention to TA505 and concluded that the threat actors were focusing on distributing infection worldwide, after achieving success in infecting firms in the United States- mainly those lin

Malware 105

Malware Education DDOS Banking 105

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!