Schneier on Security
JUNE 6, 2023
In 2013 and 2014, I wrote extensively about new revelations regarding NSA surveillance based on the documents provided by Edward Snowden. But I had a more personal involvement as well. I wrote the essay below in September 2013. The New Yorker agreed to publish it, but the Guardian asked me not to. It was scared of UK law enforcement, and worried that this essay would reflect badly on it.
Krebs on Security
JUNE 6, 2023
One of the most expensive aspects of any cybercriminal operation is the time and effort it takes to constantly create large numbers of new throwaway email accounts. Now a new service offers to help dramatically cut costs associated with large-scale spam and account creation campaigns, by paying people to sell their email account credentials and letting customers temporarily rent access to a vast pool of established accounts at major providers.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
The Last Watchdog
JUNE 6, 2023
A cloud migration backlash, of sorts, is playing out. Related: Guidance for adding ZTNA to cloud platforms Many companies, indeed, are shifting to cloud-hosted IT infrastructure, and beyond that, to containerization and serverless architectures. However, a “back-migration,” as Michiel De Lepper , global enablement manager, at London-based Runecast , puts it, is also ramping up.
Tech Republic Security
JUNE 6, 2023
Read the technical details about this zero-day MoveIT vulnerability, find out who is at risk, and learn how to detect and protect against this SQL injection attack. The post Zero-day MOVEit Transfer vulnerability exploited in the wild, heavily targeting North America appeared first on TechRepublic.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Dark Reading
JUNE 6, 2023
Hackers used a little to do a lot, cracking a high-value target with hardly more than the living-off-the-land tools (PowerShell especially) found on any standard Windows computer.
Tech Republic Security
JUNE 6, 2023
iOS 17 has been announced, and it's Apple’s best version of iOS. Learn everything you need to know about iOS 17's features, release date and how to get it. The post iOS 17 cheat sheet: Release date, supported devices and more appeared first on TechRepublic.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Tech Republic Security
JUNE 6, 2023
In Verizon’s just-released 2023 Data Breach Investigations Report, money is king, and denial of service and social engineering still hold sway. The post Verizon 2023 DBIR: DDoS attacks dominate and pretexting lead to BEC growth appeared first on TechRepublic.
CSO Magazine
JUNE 6, 2023
A global sensation since its initial release at the end of last year, ChatGPT 's popularity among consumers and IT professionals alike has stirred up cybersecurity nightmares about how it can be used to exploit system vulnerabilities. A key problem, cybersecurity experts have demonstrated, is the ability of ChatGPT and other large language models (LLMs) to generate polymorphic, or mutating, code to evade endpoint detection and response (EDR) systems.
Tech Republic Security
JUNE 6, 2023
At its Worldwide Developers conference, Apple unveiled supercomputation power on mobile and desktop devices, but the Vision Pro AR headset took center stage. The post WWDC 2023: Apple launches Vision Pro and raft of products powered by new chipsets appeared first on TechRepublic.
Dark Reading
JUNE 6, 2023
Attackers could exploit a common AI experience — false recommendations — to spread malicious code via developers that use ChatGPT to create software.
Speaker: William Hord, Vice President of ERM Services
A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.
Identity IQ
JUNE 6, 2023
Buying a Home? Here’s How Your Credit Will Affect Your Mortgage Rate IdentityIQ To buy a home , you need to apply for a mortgage. But before you do that, you should know how important your credit score is in the mortgage application process since it can significantly impact the mortgage rate you’ll be offered. In this blog, we break down the relationship between credit scores and mortgage rates to help you understand what to expect and how to prepare to buy a home.
Bleeping Computer
JUNE 6, 2023
Outlook.com is suffering a series of outages today after being down multiple times yesterday, with hacktivists known as Anonymous Sudan claiming to perform DDoS attacks on the service. [.
Dark Reading
JUNE 6, 2023
The company plans on disputing these fines once a final decision is made, but warned shareholders that it set aside the funds to pay it, nonetheless.
Tech Republic Security
JUNE 6, 2023
Google launched an open beta feature on June 5 that lets individuals and organizations log in to Workspace with public and private encrypted passkeys. The post Google launches passkeys for Workspace appeared first on TechRepublic.
Speaker: William Hord, Senior VP of Risk & Professional Services
Enterprise Risk Management (ERM) is critical for industry growth in today’s fast-paced and ever-changing risk landscape. When building your ERM program foundation, you need to answer questions like: Do we have robust board and management support? Do we understand and articulate our bank’s risk appetite and how that impacts our business units? How are we measuring and rating our risk impact, likelihood, and controls to mitigate our risk?
CSO Magazine
JUNE 6, 2023
Even though there is a growing demand for cybersecurity expertise at the highest levels of business, a significant number of public companies lack even one qualified cybersecurity expert on their board of directors, according to a study by cybersecurity research and advisory firm IANS. In addition, the study found that just a little more than one in 10 CISOs have all the key traits thought to be crucial for success on a corporate board.
CyberSecurity Insiders
JUNE 6, 2023
During the recent Worldwide Developers Conference (WWDC), Apple Inc. unveiled a range of new privacy and security features designed to enhance user protection. One notable feature is aimed at safeguarding children against online spying tools, while another focuses on maintaining user browsing history anonymity in the face of trackers. Additionally, iPhone users will now have the ability to access live transcripts of their voicemails, granting them the option to decide whether to answer incoming
Bleeping Computer
JUNE 6, 2023
Over 60,000 Android apps disguised as legitimate applications have been quietly installing adware on mobile devices while remaining undetected for the past six months. [.
CyberSecurity Insiders
JUNE 6, 2023
According to a report published by Japanese news resource Nikkei, it has been revealed that the North Korean government is actively engaging in cyber attacks on the digital infrastructure of its adversaries. This information is not entirely new, as many are already aware of the country’s involvement in such activities. However, what sets this report apart is the claim that North Korea earns a significant portion of its annual income from cryptocurrency heists conducted through cyber attack
Speaker: Ronald Eddings, Cybersecurity Expert and Podcaster
So, you’ve accomplished an organization-wide SaaS adoption. It started slow, and now just a few team members might be responsible for running Salesforce, Slack, and a few others applications that boost productivity, but it’s all finished. Or is it? Through all the benefits offered by SaaS applications, it’s still a necessity to onboard providers as quickly as possible.
Bleeping Computer
JUNE 6, 2023
Google has released a security update for Chrome web browser to address the third zero-day vulnerability that hackers exploited this year. [.
CSO Magazine
JUNE 6, 2023
Despite years of modernization initiatives, CISOs are still contending with an old-school problem: shadow IT, technology that operates within an enterprise but is not officially sanctioned — or on the radar of — the IT department. Unvetted software, services, and equipment can be nightmare fuel for a security team, potentially introducing a lurking host of vulnerabilities, entry points for bad actors, and malware.
Dark Reading
JUNE 6, 2023
In addition to injecting a card skimmer into target Magento, WooCommerce, Shopify, and WordPress sites, the the threat actor is also hijacking targeted domains to deliver the malware to other sites.
Security Boulevard
JUNE 6, 2023
To pay or not to pay? That is the question leadership and security teams ask whenever they deal with a ransomware attack. The recommendation from the FBI is to not pay, stating on its website that “paying a ransom doesn’t guarantee you or your organization will get any data back. It also encourages perpetrators to. The post The FBI Could Help Retrieve Your Data After a Ransomware Attack appeared first on Security Boulevard.
Speaker: Dr. Karen Hardy, CEO and Chief Risk Officer of Strategic Leadership Advisors LLC
Communication is a core component of a resilient organization's risk management framework. However, risk communication involves more than just reporting information and populating dashboards, and we may be limiting our skillset. Storytelling is the ability to express ideas and convey messages to others, including stakeholders. When done effectively, it can help interpret complex risk environments for leaders and inform their decision-making.
We Live Security
JUNE 6, 2023
Plus, 7 ways to tell that you downloaded a sketchy app and 7 tips for staying safe from mobile security threats in the future The post 7 tips for spotting a fake mobile app appeared first on WeLiveSecurity
Security Boulevard
JUNE 6, 2023
Introduction Open-source tools and packages are an essential part of the modern software development ecosystem. They are widely used by developers to speed up the development process and reduce the amount of work required to build complex systems. However, this convenience comes at a cost. Open-source packages can be compromised by attackers to deliver malicious […] The post Cyber Attack Due to Malicious Open-source Package appeared first on Kratikal Blogs.
Dark Reading
JUNE 6, 2023
By enhancing remote management and adopting hardware-enforced security, productivity can continue without inviting extra cyber-risk.
The Hacker News
JUNE 6, 2023
Google on Monday released security updates to patch a high-severity flaw in its Chrome web browser that it said is being actively exploited in the wild. Tracked as CVE-2023-3079, the vulnerability has been described as a type confusion bug in the V8 JavaScript engine. Clement Lecigne of Google's Threat Analysis Group (TAG) has been credited with reporting the issue on June 1, 2023.
Speaker: Karl Camilleri, Cloud Services Product Manager at phoenixNAP
Did you know that 2021 was a record-breaking year for ransomware? The days of a “once in a while” attack against businesses and organizations are over. Cyberthreats have become a serious issue. With 495.1 million attacks, the threat marked a 148% increase compared to 2020 and was the most expensive year on record! As a result, data protection needs to be a concern for most banks, businesses, and information technology specialists.
Security Boulevard
JUNE 6, 2023
“… these men came here – British and our Allies, and Americans – to storm these beaches for one purpose only, not to gain anything for ourselves, not to fulfill any ambitions that America had for conquest, but just to preserve freedom. Many thousands of men have died for such ideals as these. but these young boys. were cut off in their prime. I devoutly hope that we will never again have to see such scenes as these.
CSO Magazine
JUNE 6, 2023
The Open Worldwide Application Security Project (OWASP) has published the top 10 most critical vulnerabilities often seen in large language model (LLM) applications, highlighting their potential impact, ease of exploitation, and prevalence. Examples of vulnerabilities include prompt injections, data leakage, inadequate sandboxing, and unauthorized code execution.
Security Boulevard
JUNE 6, 2023
Lacework today added cloud infrastructure entitlement management (CIEM) capabilities to its cloud-native application protection platform (CNAPP). The CIEM addition provides cybersecurity teams visibility into who within an organization has permission to access a specific cloud service. Adam Leftik, vice president of product for Lacework, said the goal is to make it simpler for cybersecurity teams.
CSO Magazine
JUNE 6, 2023
Traditional malware techniques are increasingly taking advantage of interest in ChatGPT and other generative AI programs, according to a Palo Alto Networks report on malware trends. “Between November 2022-April 2023, we noticed a 910% increase in monthly registrations for domains, both benign and malicious, related to ChatGPT,” according to the latest Network Threat Trends Research Report from Unit 42, the threat research arm of Palo Alto Networks.
Speaker: Ryan McInerny, CAMS, FRM, MSBA - Principal, Product Strategy
Cryptocurrency and non-fungible tokens (NFTs) - what are they and why should you care? With 20% of Americans owning cryptocurrencies, speaking "fluent crypto" in the financial sector ensures you are prepared to discuss growth and risk management strategies when the topic arises. Join this exclusive webinar with Ryan McInerny to learn: Cryptocurrency asset market trends How to manage risk and compliance to serve customers safely Best practices for identifying crypto transactions and companies Rev
Expert insights. Personalized for you.
290 
Let's personalize your content