Schneier on Security

JUNE 7, 2023

New paper: “ Lessons Lost: Incident Response in the Age of Cyber Insurance and Breach Attorneys “: Abstract: Incident Response (IR) allows victim firms to detect, contain, and recover from security incidents. It should also help the wider community avoid similar attacks in the future. In pursuit of these goals, technical practitioners are increasingly influenced by stakeholders like cyber insurers and lawyers.

Cyber Insurance 195

Cyber Insurance Insurance Cybersecurity 195

Jane Frankland

JUNE 7, 2023

Over the years I’ve spent countless hours working on toxic behaviours and micro-aggressions in cybersecurity, from building the IN Security Code of Conduct for event organisers to performing ground-breaking research on sexual harassment, supporting those who’ve been victims, and leaders who want to create high performance environments of excellence.

Education 130

Education Accountability Cybersecurity Internet 130

Tech Republic Security

JUNE 7, 2023

A recent report from Kaspersky revealed a zero-click attack method that requires no action from victims to infect iOS devices. The post New zero-click threat targets iPhones and iPads appeared first on TechRepublic.

Big data 155

Big data Spyware Mobile Software 155

CSO Magazine

JUNE 7, 2023

Bitdefender has uncovered a hidden malware campaign living undetected on mobile devices worldwide for more than six months. The campaign is designed to push adware to Android devices with the purpose of driving revenue. “However, the threat actors involved can easily switch tactics to redirect users to other types of malware, such as banking trojans to steal credentials and financial information or ransomware ,” Bitdefender said in a blog.

Adware 139

Adware Malware Banking Mobile 139

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Tech Republic Security

JUNE 7, 2023

Google’s Chrome web browser held a 64.92% command of the global browser market share in April 2023. That means more users are working with Chrome in significantly more use cases: mobile, desktop and even business. Because of that, users of all types must employ Chrome with a measure of caution and intelligence. After all, most. The post Google Chrome: Security and UI tips you need to know appeared first on TechRepublic.

Mobile 133

Mobile Marketing 133

Bleeping Computer

JUNE 7, 2023

Email and network security company Barracuda warns customers they must replace Email Security Gateway (ESG) appliances hacked in attacks targeting a now-patched zero-day vulnerability. [.

Hacking 138

Hacking Network Security 138

Bleeping Computer

JUNE 7, 2023

Cisco has fixed a high-severity vulnerability found in Cisco Secure Client (formerly AnyConnect Secure Mobility Client) software that can let attackers escalate privileges to the SYSTEM account used by the operating system. [.

Mobile 136

Mobile Accountability Software 136

CyberSecurity Insiders

JUNE 7, 2023

Gal Helemski, Co-Founder & CTO/CPO of PlainID Many lessons can be learned when reflecting on 2022’s slew of data breaches. As we understand more about data security and, even more so, as data becomes more fluid, complex and dynamic, it’s critical to reevaluate what constitutes strong data protection. Up until very recently, traditional data technologies didn’t have strong security controls in place.

Data breaches 118

Data breaches Technology Data Analyst Risk 118

Bleeping Computer

JUNE 7, 2023

A Florida man has pleaded guilty to importing and selling counterfeit Cisco networking equipment to various organizations, including education, government agencies, healthcare, and the military. [.

Healthcare 136

Healthcare Education Government 136

CyberSecurity Insiders

JUNE 7, 2023

By Dannie Combs , Senior Vice President and CISO, Donnelley Financial Solutions (DFIN) As security threats to data continue to ebb and flow (mostly flow!), I am keeping a close eye on regulations, identity and access management (IAM), and Artificial Intelligence (AI) — and I suggest that business leaders do the same. Here are three risk mitigation imperatives that can help organizations get a better handle on these latest risks and threats.

Risk 118

Risk Artificial Intelligence Technology Digital transformation 118

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Bleeping Computer

JUNE 7, 2023

Honda's e-commerce platform for power equipment, marine, lawn & garden, was vulnerable to unauthorized access by anyone due to API flaws that allow password reset for any account. [.

Passwords 124

Passwords Accountability 124

We Live Security

JUNE 7, 2023

How your voice assistant could do the bidding of a hacker – without you ever hearing a thing The post Hear no evil: Ultrasound attacks on voice assistants appeared first on WeLiveSecurity

Internet 116

Internet Internet 116

Bleeping Computer

JUNE 7, 2023

Hackers used the popular Minecraft modding platforms Bukkit and CurseForge to distribute a new 'Fractureiser' information-stealing malware through uploaded modifications and by injecting malicious code into existing projects. [.

Malware 123

Malware 123

CyberSecurity Insiders

JUNE 7, 2023

ChatGPT, the conversational bot developed by OpenAI and now owned by Microsoft has hit the news headlines for wrong reasons. A senior government official from UAE has alleged that the chat-based platform is being used by criminals to launch phishing and ransomware attacks. “It’s become a trend to use technology for cyberwarfare and we have investigated it along with our partners and discovered that our adversaries have already started using it”, said Mohammad Al Kuwaiti, Cybersecurity Head, UAE.

Phishing 113

Phishing Artificial Intelligence Ransomware Healthcare 113

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Bleeping Computer

JUNE 7, 2023

The notorious North Korean hacking group known as Lazarus has been linked to the recent Atomic Wallet hack, resulting in the theft of over $35 million in crypto. [.

Hacking 121

Hacking Cryptocurrency 121

Security Boulevard

JUNE 7, 2023

One of the most powerful principles of economics is the concept of trade-offs. Whether it’s deciding to buy a new car rather than putting that money toward your retirement or the trade-off we make when we entrust our private information to businesses in return for more personalized services, we understand that with every choice we. The post The Privacy-Control Trade-Off: User Privacy Vs.

Data privacy 103

Data privacy Security Awareness Risk Mobile 103

Dark Reading

JUNE 7, 2023

Threat actors are lifting public images and videos from the Internet, altering them, and posting them online in a new wave of sextortion campaigns.

Internet 114

Internet Internet 114

Security Boulevard

JUNE 7, 2023

On May 25, 2023 streaming content provider Netflix began enforcing its policy prohibiting the sharing of Netflix accounts even among family members who are not members of the same “household”—meaning living together in the same house. It was always Netflix’s policy to prohibit such account and password sharing—it’s just that Netflix finally began enforcing the.

Passwords 102

Passwords Accountability Security Awareness Risk 102

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Malwarebytes

JUNE 7, 2023

Google has released an update which includes two security fixes. One of these security fixes is for a zero-day about which Google says it’s aware that an exploit for this vulnerability exists in the wild. How to protect yourself If you’re a Chrome user on Windows, Mac, or Linux, you should update as soon as possible. Android users will also find an update waiting.

Risk 98

Risk Cybersecurity 98

Security Boulevard

JUNE 7, 2023

About the Client Topsec Cloud Solutions is a. The post Topsec Partners with EasyDMARC to Help Tackle Surging Email Cybersecurity Threats appeared first on EasyDMARC. The post Topsec Partners with EasyDMARC to Help Tackle Surging Email Cybersecurity Threats appeared first on Security Boulevard.

Cybersecurity 102

Cybersecurity 102

Malwarebytes

JUNE 7, 2023

The FBI has issued a warning about criminals digitally manipulating people's faces on to pornographic images—known as deepfaking—and then using those images to harass or extort money out of their victim in a practice known as sextortion. The FBI said the victims include children. From the release: The FBI continues to receive reports from victims, including minor children and non-consenting adults, whose photos or videos were altered into explicit content.

Scams 95

Scams Social Engineering Media Engineering 95

Security Boulevard

JUNE 7, 2023

Sysdig today extended the reach of its cloud-native application protection platform (CNAPP) using an agentless implementation of the Falco engine it created to protect runtime environments. Announced at the Gartner Security and Risk Summit conference, that addition, for the first time, brings real-time cloud detection and response capabilities to the platform.

Engineering 102

Engineering Risk Cybersecurity Network Security 102

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

The Hacker News

JUNE 7, 2023

Enterprise security company Barracuda is now urging customers who were impacted by a recently disclosed zero-day flaw in its Email Security Gateway (ESG) appliances to immediately replace them.

Hacking 94

Hacking 94

Security Boulevard

JUNE 7, 2023

Register now for the inaugural event to maximize the efficiency of your security operations and combat the ever-growing threat landscape London, UK, 6 June 2023 — LogRhythm, the company helping security teams stop breaches by turning disconnected data and signals into trustworthy… The post LogRhythm Holds its First UK Cybersecurity Summit to Share Expertise and Insights About Elevating Cybersecurity Efficiency appeared first on LogRhythm.

Cybersecurity 98

Cybersecurity 98

CyberSecurity Insiders

JUNE 7, 2023

The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. Small businesses are more vulnerable to cyber-attacks since hackers view them as easy victims to target. While this may seem unlikely, statistics reveal that more than half of these businesses experienced some form of cyber-attack in 2022.

Small Business 93

Small Business Cybersecurity Cyber Attacks Data breaches 93

Graham Cluley

JUNE 7, 2023

Australia's signal intelligence agency calls upon an Eighties popstar to fight terrorism, and a simple act of kindness leads to a woman being scammed for thousands. All this and much more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault. Plus don't miss our featured interview with Max Power of Bitwarden.

Scams 93

Scams Cybersecurity Mobile Malware 93

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

The Hacker News

JUNE 7, 2023

Microsoft has agreed to pay a penalty of $20 million to settle U.S. Federal Trade Commission (FTC) charges that the company illegally collected and retained the data of children who signed up to use its Xbox video game console without their parents' knowledge or consent.

91

91

Dark Reading

JUNE 7, 2023

By stepping in to provide aid, the federal government could help protect companies, insurers, and the economy from the impact of a widespread, catastrophic cyberattack.

Insurance 93

Insurance Cyber Insurance Government 93

Naked Security

JUNE 7, 2023

With the right (or wrong, if you’re on the right side of the fence) timing…

126

126

Bleeping Computer

JUNE 7, 2023

VMware issued multiple security patches today to address critical and high-severity vulnerabilities in VMware Aria Operations for Networks, allowing attackers to gain remote execution or access sensitive information. [.

88

88

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.