Krebs on Security
MARCH 28, 2023
The United Kingdom’s National Crime Agency (NCA) has been busy setting up phony DDoS-for-hire websites that seek to collect information on users, remind them that launching DDoS attacks is illegal, and generally increase the level of paranoia for people looking to hire such services. The warning displayed to users on one of the NCA’s fake booter sites.
Schneier on Security
MARCH 28, 2023
Both Google’s Pixel’s Markup Tool and the Windows Snipping Tool have vulnerabilities that allow people to partially recover content that was edited out of images.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Tech Republic Security
MARCH 28, 2023
Learn how to protect your Linux server from the fork bomb denial-of-service attack with this video tutorial by Jack Wallen. The post How to prevent fork bombs on your Linux development servers appeared first on TechRepublic.
Bleeping Computer
MARCH 28, 2023
Cybersecurity researchers have discovered a fundamental security flaw in the design of the IEEE 802.11 WiFi protocol standard, allowing attackers to trick access points into leaking network frames in plaintext form. [.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Tech Republic Security
MARCH 28, 2023
This deal takes 98% off the total price of this course bundle until 4/3. The post Improve your technical knowledge with 13 CompTIA courses for $54.97 appeared first on TechRepublic.
The Last Watchdog
MARCH 28, 2023
Imagine being a young person who wants a career, of whatever type you can find, as a cybersecurity professional. Related: Up-skilling workers to boost security Related Although you were born with an agile and analytical mind, you have very limited financial resources and few, if any, connections that can open doors to your future ambitions. Dennis If you were born in a country such as the US, Canada or the UK, you might have a wider range of options despite your financial limitations.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Bleeping Computer
MARCH 28, 2023
A surge of trojanized Tor Browser installers targets Russians and Eastern Europeans with clipboard-hijacking malware that steals infected users' cryptocurrency transactions. [.
CyberSecurity Insiders
MARCH 28, 2023
If you handle consumer financial data, you need to be aware of the U.S. Federal Trade Commission ‘s ( FTC ) revised Safeguards Rule cybersecurity regulation. The rule applies to a wide range of businesses, including those that may not consider themselves to be financial institutions. The FTC has classified many companies as “non-banking financial institutions” subject to the rule, which requires them to implement specific measures to protect customer data.
Anton on Security
MARCH 28, 2023
So, we went through “Debating SIEM in 2023, Part 1” , now let’s debate a bit more. At this point, everybody who didn’t “rage stop” reading it should be convinced that yes, SIEM does matter in 2023. Debating SIEM in 2023, Part 1 But why? I bet the views on why SIEM matters differ a lot. So let’s dive into this! Let’s start with this: why should anyone buy an SIEM tool in 2023?
Trend Micro
MARCH 28, 2023
We discovered a new malware, which we named “OpcJacker” (due to its opcode configuration design and its cryptocurrency hijacking ability), that has been distributed in the wild since the second half of 2022.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Bleeping Computer
MARCH 28, 2023
A new North Korean hacking group has been revealed to be targeting government organizations, academics, and think tanks in the United States, Europe, Japan, and South Korea for the past five years. [.
Security Boulevard
MARCH 28, 2023
A survey of 316 cybersecurity training strategy decision-makers in the UK, U.S, Canada, Germany and Sweden published today found there is a major disconnect in the confidence they have in their teams have in their abilities and their actual abilities. Conducted by Forrester Consulting on behalf of Immersive Labs, a provider of a cyberattack simulation.
CyberSecurity Insiders
MARCH 28, 2023
China has urged Apple CEO Tim Cook to bolster its products’ data security and privacy protections. While, most people in the United States believe that Apple offers iPhones and Macs with the utmost security, Zheng Shanjie, the Chairperson of the National Development and Reform Commission, met with Cook to discuss the issue of personal privacy protection.
Security Boulevard
MARCH 28, 2023
Tech companies large and small are all jumping on the AI chatbot bandwagon—Google just opened up access to its Bard offering and ChatGPT is already on version 4—and, not surprisingly, threat actors will likely press AI into action to carry out nefarious actions. For now, though, human social engineers still outperform AI when it comes. The post ChatGPT Less Convincing Than Human Social Engineers in Phishing Attacks appeared first on Security Boulevard.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Bleeping Computer
MARCH 28, 2023
Microsoft today announced Security Copilot, a new ChatGPT-like assistant powered by artificial intelligence that takes advantage of Microsoft's threat intelligence footprint to make faster decisions during incident response and to help with threat hunting and security reporting. [.
Security Boulevard
MARCH 28, 2023
Semiconductors had their moment in the spotlight during the worst of the pandemic-induced supply chain disruptions. The shortage of semiconductors wreaked havoc on the industries that rely on them, opening up devices to potential threats. “The semiconductor supply chain remains one of the most complicated and most critical supply chains that underpin the entire global.
CSO Magazine
MARCH 28, 2023
Payouts from ransomware victims declined by 38% in 2022, prompting hackers to adopt more professional and corporate tactics to ensure higher returns, according to Trend Micro’s Annual Cybersecurity Report. Many ransomware groups have structured their organizations to operate like legitimate businesses, including leveraging established networks and offering technical support to victims.
CyberSecurity Insiders
MARCH 28, 2023
In 2021, the LockBit Ransomware group breached the servers of New York-based law firm HPMB and stole sensitive information from one of its healthcare-related clients. The stolen data included names, DOBs, social security numbers, driving license details, biometric information of 114,979 individuals, and court-related documents in PDF form. A security analysis done in April 2022 revealed that the cybercriminals from China-funded Hafnium Group gained access to HPMB’s servers through a vulnerabilit
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Security Boulevard
MARCH 28, 2023
Ransomware, or malicious malware designed to shut down or block access to vital business data until ransom fees are paid, continues to disrupt organizations worldwide. In recent years, it’s become clear that every business, regardless of industry, requires robust and extensive cybersecurity protections against ransomware attacks. Comprehensive executive cybersecurity protection is an essential part of […] The post How Executive Cybersecurity Protection Limits Ransomware Threats appeared first on
CyberSecurity Insiders
MARCH 28, 2023
Attack simulation and penetration testing are both methods used to identify vulnerabilities in a company’s cybersecurity infrastructure, but there are some differences between the two. Penetration testing , also known as pen testing, involves a team of cybersecurity professionals attempting to breach a company’s systems, networks, or applications using a variety of methods that a real-world attacker might use.
Security Boulevard
MARCH 28, 2023
Today we are honored and excited to announce that Cyral is the recipient of 3 gold Cybersecurity Excellence Awards in the field of data security. … The post <strong>Cyral Awarded 3 Gold Cybersecurity Awards for Data Security Excellence</strong> appeared first on Cyral. The post Cyral Awarded 3 Gold Cybersecurity Awards for Data Security Excellence appeared first on Security Boulevard.
CSO Magazine
MARCH 28, 2023
Authentication-related attacks grew in 2022, taking advantage of outdated, password-based authentication systems, according to a study commissioned by HYPR, a passwordless multifactor authentication (MFA) provider based in the US. The study, conducted by independent technology market research firm Vanson Bourne, surveyed 1000 IT professionals from organizations around the world with more than 50 employees.
Advertisement
The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.
CyberSecurity Insiders
MARCH 28, 2023
By Muhammad Chbib , CEO of Autobahn Security Is your organization suffering from cybersecurity paralysis? Many businesses are in cybersecurity panic-mode due to the steady stream of alarming news that ‘nobody is safe’ from hackers. While it’s true that all businesses are technically ‘hackable’, it’s important to see the bigger picture – cybercriminals tend to focus their efforts primarily on high-yield targets.
The Hacker News
MARCH 28, 2023
Microsoft on Tuesday unveiled Security Copilot in preview, marking its continued push to embed AI-oriented features in an attempt to offer "end-to-end defense at machine speed and scale.
Bleeping Computer
MARCH 28, 2023
Australian loan giant Latitude Financial Services (Latitude) is warning customers that its data breach is much more significant than initially stated, taking the number of affected individuals from 328,000 to 14 million. [.
CSO Magazine
MARCH 28, 2023
Microsoft today announced its AI Security Copilot , a GPT-4 implementation that brings generative AI capabilities to its in-house security suite, and features a host of new visualization and analysis functions. AI Security Copilot’s basic interface is similar to the chatbot functionality familiar to generative AI users. It can be used in the same way, to answer security questions in a natural manner, but the more impressive features stem from its tight integration with Microsoft’s existing secur
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Bleeping Computer
MARCH 28, 2023
Crown Resorts, Australia's largest gambling and entertainment company, has confirmed that it suffered a data breach after its GoAnywhere secure file-sharing server was breached using a zero-day vulnerability. [.
CSO Magazine
MARCH 28, 2023
As the role of the CISO continues to grow in importance and gain more responsibility, many cybersecurity practitioners may wonder if they have what it takes to be successful in the role. Technical expertise and experience are obviously huge assets. An effective CISO has the ability to evaluate and select security technology, communicate with technical staff and make crucial decisions about security infrastructure and architecture.
Bleeping Computer
MARCH 28, 2023
Microsoft has released the optional March 2023 non-security preview update for Windows 11 that comes with a search box that matches the current color scheme and, unfortunately, with Start menu ads the company describes as "notifications for Microsoft accounts." [.
Security Affairs
MARCH 28, 2023
Europol warns of cybercriminal organizations can take advantage of systems based on artificial intelligence like ChatGPT. EU police body Europol warned about the potential abuse of systems based on artificial intelligence, such as the popular chatbot ChatGPT, for cybercriminal activities. Cybercriminal groups can use chatbot like ChatGPT in social engineering attacks, disinformation campaigns, and other cybercriminal activities, such as developing malicious code.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Expert insights. Personalized for you.
238 
Let's personalize your content