Schneier on Security

JUNE 7, 2023

New paper: “ Lessons Lost: Incident Response in the Age of Cyber Insurance and Breach Attorneys “: Abstract: Incident Response (IR) allows victim firms to detect, contain, and recover from security incidents. It should also help the wider community avoid similar attacks in the future. In pursuit of these goals, technical practitioners are increasingly influenced by stakeholders like cyber insurers and lawyers.

Cyber Insurance 197

Cyber Insurance Cybersecurity Insurance 197

The Last Watchdog

JUNE 7, 2023

Back in 2002, when I was a reporter at USA Today , I had to reach for a keychain fob to retrieve a single-use passcode to connect remotely to the paper’s publishing system. Related: A call to regulate facial recognition This was an early example of multifactor authentication (MFA). Fast forward to today; much of the MFA concept is being reimagined by startup Circle Security to protect data circulating in cloud collaboration scenarios.

Authentication 177

Authentication Encryption Passwords Internet 177

Tech Republic Security

JUNE 7, 2023

A recent report from Kaspersky revealed a zero-click attack method that requires no action from victims to infect iOS devices. The post New zero-click threat targets iPhones and iPads appeared first on TechRepublic.

Spyware 159

Spyware Big data Malware Cybersecurity 159

Jane Frankland

JUNE 7, 2023

Over the years I’ve spent countless hours working on toxic behaviours and micro-aggressions in cybersecurity, from building the IN Security Code of Conduct for event organisers to performing ground-breaking research on sexual harassment, supporting those who’ve been victims, and leaders who want to create high performance environments of excellence.

Cybersecurity 130

Cybersecurity Education Accountability Internet 130

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

Tech Republic Security

JUNE 7, 2023

Google’s Chrome web browser held a 64.92% command of the global browser market share in April 2023. That means more users are working with Chrome in significantly more use cases: mobile, desktop and even business. Because of that, users of all types must employ Chrome with a measure of caution and intelligence. After all, most. The post Google Chrome: Security and UI tips you need to know appeared first on TechRepublic.

Mobile 127

Mobile Marketing 127

CSO Magazine

JUNE 7, 2023

Bitdefender has uncovered a hidden malware campaign living undetected on mobile devices worldwide for more than six months. The campaign is designed to push adware to Android devices with the purpose of driving revenue. “However, the threat actors involved can easily switch tactics to redirect users to other types of malware, such as banking trojans to steal credentials and financial information or ransomware ,” Bitdefender said in a blog.

Adware 139

Adware Malware Ransomware Banking 139

CyberSecurity Insiders

JUNE 7, 2023

Outlook.com users have been suffering with intermittent outages from yesterday and news is out that the disruption was caused because of a DDoS cyber attack launched by a hacking group named ‘Anonymous Sudan’. Microsoft acknowledged the outage as true, but failed to label it as a state funded attack. How-ever, it issued a statement that it has employed mitigation policies to neutralize the impact of the DdoS attack.

Cyber Attacks 127

Cyber Attacks DDOS Hacking Cybersecurity 127

Bleeping Computer

JUNE 7, 2023

Cisco has fixed a high-severity vulnerability found in Cisco Secure Client (formerly AnyConnect Secure Mobility Client) software that can let attackers escalate privileges to the SYSTEM account used by the operating system. [.

Mobile 132

Mobile Software Accountability 132

SecureList

JUNE 7, 2023

IT threat evolution in Q3 2022 IT threat evolution in Q3 2022. Non-mobile statistics IT threat evolution in Q3 2022. Mobile statistics Targeted attacks BlueNoroff introduces new methods bypassing MotW At the close of 2022, we reported the recent activities of BlueNoroff , a financially motivated threat actor known for stealing cryptocurrency. The threat actor typically exploits Word documents, using shortcut files for the initial intrusion.

Malware 122

Malware DNS Phishing Cryptocurrency 122

CyberSecurity Insiders

JUNE 7, 2023

Gal Helemski, Co-Founder & CTO/CPO of PlainID Many lessons can be learned when reflecting on 2022’s slew of data breaches. As we understand more about data security and, even more so, as data becomes more fluid, complex and dynamic, it’s critical to reevaluate what constitutes strong data protection. Up until very recently, traditional data technologies didn’t have strong security controls in place.

Data breaches 118

Data breaches Data Analyst Data privacy Risk 118

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

Risk

We Live Security

JUNE 7, 2023

How your voice assistant could do the bidding of a hacker – without you ever hearing a thing The post Hear no evil: Ultrasound attacks on voice assistants appeared first on WeLiveSecurity

Internet 117

Internet Internet 117

CyberSecurity Insiders

JUNE 7, 2023

By Dannie Combs , Senior Vice President and CISO, Donnelley Financial Solutions (DFIN) As security threats to data continue to ebb and flow (mostly flow!), I am keeping a close eye on regulations, identity and access management (IAM), and Artificial Intelligence (AI) — and I suggest that business leaders do the same. Here are three risk mitigation imperatives that can help organizations get a better handle on these latest risks and threats.

Risk 118

Risk Data breaches Cybersecurity Phishing 118

Dark Reading

JUNE 7, 2023

Threat actors are lifting public images and videos from the Internet, altering them, and posting them online in a new wave of sextortion campaigns.

Internet 127

Internet Internet 127

CyberSecurity Insiders

JUNE 7, 2023

ChatGPT, the conversational bot developed by OpenAI and now owned by Microsoft has hit the news headlines for wrong reasons. A senior government official from UAE has alleged that the chat-based platform is being used by criminals to launch phishing and ransomware attacks. “It’s become a trend to use technology for cyberwarfare and we have investigated it along with our partners and discovered that our adversaries have already started using it”, said Mohammad Al Kuwaiti, Cybersecurity Head, UAE.

Phishing 113

Phishing Ransomware Artificial Intelligence Cybersecurity 113

Speaker: William Hord, Senior VP of Risk & Professional Services

Enterprise Risk Management (ERM) is critical for industry growth in today’s fast-paced and ever-changing risk landscape. When building your ERM program foundation, you need to answer questions like: Do we have robust board and management support? Do we understand and articulate our bank’s risk appetite and how that impacts our business units? How are we measuring and rating our risk impact, likelihood, and controls to mitigate our risk?

Banking

Dark Reading

JUNE 7, 2023

By stepping in to provide aid, the federal government could help protect companies, insurers, and the economy from the impact of a widespread, catastrophic cyberattack.

Cyber Insurance 114

Cyber Insurance Insurance Government 114

Bleeping Computer

JUNE 7, 2023

A Florida man has pleaded guilty to importing and selling counterfeit Cisco networking equipment to various organizations, including education, government agencies, healthcare, and the military. [.

Healthcare 129

Healthcare Government Education 129

Security Boulevard

JUNE 7, 2023

One of the most powerful principles of economics is the concept of trade-offs. Whether it’s deciding to buy a new car rather than putting that money toward your retirement or the trade-off we make when we entrust our private information to businesses in return for more personalized services, we understand that with every choice we. The post The Privacy-Control Trade-Off: User Privacy Vs.

Security Awareness 103

Security Awareness Data privacy Network Security Risk 103

Dark Reading

JUNE 7, 2023

A worm virus called "fracturizer" has been embedded in modpacks from various sites, including CurseForge and CraftBukkit.

Malware 120

Malware 120

Speaker: Ronald Eddings, Cybersecurity Expert and Podcaster

So, you’ve accomplished an organization-wide SaaS adoption. It started slow, and now just a few team members might be responsible for running Salesforce, Slack, and a few others applications that boost productivity, but it’s all finished. Or is it? Through all the benefits offered by SaaS applications, it’s still a necessity to onboard providers as quickly as possible.

Risk

Security Boulevard

JUNE 7, 2023

On May 25, 2023 streaming content provider Netflix began enforcing its policy prohibiting the sharing of Netflix accounts even among family members who are not members of the same “household”—meaning living together in the same house. It was always Netflix’s policy to prohibit such account and password sharing—it’s just that Netflix finally began enforcing the.

Passwords 102

Passwords Accountability Security Awareness Risk 102

Bleeping Computer

JUNE 7, 2023

Hackers used the popular Minecraft modding platforms Bukkit and CurseForge to distribute a new 'Fractureiser' information-stealing malware through uploaded modifications and by injecting malicious code into existing projects. [.

Malware 116

Malware 116

Security Boulevard

JUNE 7, 2023

About the Client Topsec Cloud Solutions is a. The post Topsec Partners with EasyDMARC to Help Tackle Surging Email Cybersecurity Threats appeared first on EasyDMARC. The post Topsec Partners with EasyDMARC to Help Tackle Surging Email Cybersecurity Threats appeared first on Security Boulevard.

Cybersecurity 102

Cybersecurity 102

Malwarebytes

JUNE 7, 2023

Google has released an update which includes two security fixes. One of these security fixes is for a zero-day about which Google says it’s aware that an exploit for this vulnerability exists in the wild. How to protect yourself If you’re a Chrome user on Windows, Mac, or Linux, you should update as soon as possible. Android users will also find an update waiting.

Cybersecurity 98

Cybersecurity Risk 98

Speaker: Dr. Karen Hardy, CEO and Chief Risk Officer of Strategic Leadership Advisors LLC

Communication is a core component of a resilient organization's risk management framework. However, risk communication involves more than just reporting information and populating dashboards, and we may be limiting our skillset. Storytelling is the ability to express ideas and convey messages to others, including stakeholders. When done effectively, it can help interpret complex risk environments for leaders and inform their decision-making.

Risk

Security Boulevard

JUNE 7, 2023

Sysdig today extended the reach of its cloud-native application protection platform (CNAPP) using an agentless implementation of the Falco engine it created to protect runtime environments. Announced at the Gartner Security and Risk Summit conference, that addition, for the first time, brings real-time cloud detection and response capabilities to the platform.

Engineering 102

Engineering Risk Network Security Cybersecurity 102

Dark Reading

JUNE 7, 2023

Cybersecurity benefits from a focus on the vital few chores rather than the trivial many. Find the "right things" to encourage strategic thinking, then move the culture needle to promote that policy.

Cybersecurity 97

Cybersecurity 97

Security Boulevard

JUNE 7, 2023

Register now for the inaugural event to maximize the efficiency of your security operations and combat the ever-growing threat landscape London, UK, 6 June 2023 — LogRhythm, the company helping security teams stop breaches by turning disconnected data and signals into trustworthy… The post LogRhythm Holds its First UK Cybersecurity Summit to Share Expertise and Insights About Elevating Cybersecurity Efficiency appeared first on LogRhythm.

Cybersecurity 98

Cybersecurity 98

eSecurity Planet

JUNE 7, 2023

AI has been the subject of a lot of hype in recent months, but one place where the hype is justified is cybersecurity. AI will completely remake the cybersecurity landscape — and create a lot of disruption in the process. To cut to the chase before we get into the details: AI will make security worse before it makes it significantly better, but at the cost of a lot of jobs.

Hacking 95

Hacking Cybersecurity Firmware Engineering 95

Speaker: Karl Camilleri, Cloud Services Product Manager at phoenixNAP

Did you know that 2021 was a record-breaking year for ransomware? The days of a “once in a while” attack against businesses and organizations are over. Cyberthreats have become a serious issue. With 495.1 million attacks, the threat marked a 148% increase compared to 2020 and was the most expensive year on record! As a result, data protection needs to be a concern for most banks, businesses, and information technology specialists.

Ransomware

Malwarebytes

JUNE 7, 2023

The FBI has issued a warning about criminals digitally manipulating people's faces on to pornographic images—known as deepfaking—and then using those images to harass or extort money out of their victim in a practice known as sextortion. The FBI said the victims include children. From the release: The FBI continues to receive reports from victims, including minor children and non-consenting adults, whose photos or videos were altered into explicit content.

Scams 93

Scams Ransomware Social Engineering Passwords 93

Bleeping Computer

JUNE 7, 2023

Honda's e-commerce platform for power equipment, marine, lawn & garden, was vulnerable to unauthorized access by anyone due to API flaws that allow password reset for any account. [.

Passwords 111

Passwords Accountability 111

CyberSecurity Insiders

JUNE 7, 2023

The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. Small businesses are more vulnerable to cyber-attacks since hackers view them as easy victims to target. While this may seem unlikely, statistics reveal that more than half of these businesses experienced some form of cyber-attack in 2022.

Small Business 93

Small Business Cybersecurity Cyber Attacks Data breaches 93

The Hacker News

JUNE 7, 2023

Enterprise security company Barracuda is now urging customers who were impacted by a recently disclosed zero-day flaw in its Email Security Gateway (ESG) appliances to immediately replace them.

Hacking 94

Hacking 94

Speaker: Ryan McInerny, CAMS, FRM, MSBA - Principal, Product Strategy

Cryptocurrency and non-fungible tokens (NFTs) - what are they and why should you care? With 20% of Americans owning cryptocurrencies, speaking "fluent crypto" in the financial sector ensures you are prepared to discuss growth and risk management strategies when the topic arises. Join this exclusive webinar with Ryan McInerny to learn: Cryptocurrency asset market trends How to manage risk and compliance to serve customers safely Best practices for identifying crypto transactions and companies Rev

Cryptocurrency