Wed.Jun 07, 2023

article thumbnail

How Attorneys Are Harming Cybersecurity Incident Response

Schneier on Security

New paper: “ Lessons Lost: Incident Response in the Age of Cyber Insurance and Breach Attorneys “: Abstract: Incident Response (IR) allows victim firms to detect, contain, and recover from security incidents. It should also help the wider community avoid similar attacks in the future. In pursuit of these goals, technical practitioners are increasingly influenced by stakeholders like cyber insurers and lawyers.

article thumbnail

From Bullies to Bigots: How to Handle Micro-Aggressions & Toxic Behaviour

Jane Frankland

Over the years I’ve spent countless hours working on toxic behaviours and micro-aggressions in cybersecurity, from building the IN Security Code of Conduct for event organisers to performing ground-breaking research on sexual harassment, supporting those who’ve been victims, and leaders who want to create high performance environments of excellence.

Education 130
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

New zero-click threat targets iPhones and iPads

Tech Republic Security

A recent report from Kaspersky revealed a zero-click attack method that requires no action from victims to infect iOS devices. The post New zero-click threat targets iPhones and iPads appeared first on TechRepublic.

Big data 152
article thumbnail

Over 60,000 Android apps infected with adware-pushing malware

CSO Magazine

Bitdefender has uncovered a hidden malware campaign living undetected on mobile devices worldwide for more than six months. The campaign is designed to push adware to Android devices with the purpose of driving revenue. “However, the threat actors involved can easily switch tactics to redirect users to other types of malware, such as banking trojans to steal credentials and financial information or ransomware ,” Bitdefender said in a blog.

Adware 139
article thumbnail

Human-Centered Cyber Security Training: Driving Real Impact on Security Culture

Speaker: Speakers:

In today's digital age, having an untrained workforce can be a significant risk to your business. Cyber threats are evolving; without proper training, your employees could be the weakest link in your defense. This webinar empowers leaders like you with the tools and strategies needed to transform your employees into a robust frontline defense against cyber attacks.

article thumbnail

Google Chrome: Security and UI tips you need to know

Tech Republic Security

Google’s Chrome web browser held a 64.92% command of the global browser market share in April 2023. That means more users are working with Chrome in significantly more use cases: mobile, desktop and even business. Because of that, users of all types must employ Chrome with a measure of caution and intelligence. After all, most. The post Google Chrome: Security and UI tips you need to know appeared first on TechRepublic.

Mobile 123
article thumbnail

Barracuda says hacked ESG appliances must be replaced immediately

Bleeping Computer

Email and network security company Barracuda warns customers they must replace Email Security Gateway (ESG) appliances hacked in attacks targeting a now-patched zero-day vulnerability. [.

Hacking 135

More Trending

article thumbnail

Cisco fixes AnyConnect bug giving Windows SYSTEM privileges

Bleeping Computer

Cisco has fixed a high-severity vulnerability found in Cisco Secure Client (formerly AnyConnect Secure Mobility Client) software that can let attackers escalate privileges to the SYSTEM account used by the operating system. [.

Mobile 134
article thumbnail

Learnings from 2022 Breaches: Reassessing Access Controls and Data Security Strategies

CyberSecurity Insiders

Gal Helemski, Co-Founder & CTO/CPO of PlainID Many lessons can be learned when reflecting on 2022’s slew of data breaches. As we understand more about data security and, even more so, as data becomes more fluid, complex and dynamic, it’s critical to reevaluate what constitutes strong data protection. Up until very recently, traditional data technologies didn’t have strong security controls in place.

article thumbnail

CEO guilty of selling counterfeit Cisco devices to military, govt orgs

Bleeping Computer

A Florida man has pleaded guilty to importing and selling counterfeit Cisco networking equipment to various organizations, including education, government agencies, healthcare, and the military. [.

article thumbnail

Three Risk Mitigation Strategies to Address the Latest Data Security Threats

CyberSecurity Insiders

By Dannie Combs , Senior Vice President and CISO, Donnelley Financial Solutions (DFIN) As security threats to data continue to ebb and flow (mostly flow!), I am keeping a close eye on regulations, identity and access management (IAM), and Artificial Intelligence (AI) — and I suggest that business leaders do the same. Here are three risk mitigation imperatives that can help organizations get a better handle on these latest risks and threats.

Risk 118
article thumbnail

The Importance of User Roles and Permissions in Cybersecurity Software

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

article thumbnail

New Fractureiser malware used CurseForge Minecraft mods to infect Windows, Linux

Bleeping Computer

Hackers used the popular Minecraft modding platforms Bukkit and CurseForge to distribute a new 'Fractureiser' information-stealing malware through uploaded modifications and by injecting malicious code into existing projects. [.

Malware 118
article thumbnail

Hear no evil: Ultrasound attacks on voice assistants

We Live Security

How your voice assistant could do the bidding of a hacker – without you ever hearing a thing The post Hear no evil: Ultrasound attacks on voice assistants appeared first on WeLiveSecurity

Internet 114
article thumbnail

ChatGPT used to launch phishing and ransomware attacks

CyberSecurity Insiders

ChatGPT, the conversational bot developed by OpenAI and now owned by Microsoft has hit the news headlines for wrong reasons. A senior government official from UAE has alleged that the chat-based platform is being used by criminals to launch phishing and ransomware attacks. “It’s become a trend to use technology for cyberwarfare and we have investigated it along with our partners and discovered that our adversaries have already started using it”, said Mohammad Al Kuwaiti, Cybersecurity Head, UAE.

Phishing 113
article thumbnail

Honda API flaws exposed customer data, dealer panels, internal docs

Bleeping Computer

Honda's e-commerce platform for power equipment, marine, lawn & garden, was vulnerable to unauthorized access by anyone due to API flaws that allow password reset for any account. [.

Passwords 114
article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

The Privacy-Control Trade-Off: User Privacy Vs. Corporate Control

Security Boulevard

One of the most powerful principles of economics is the concept of trade-offs. Whether it’s deciding to buy a new car rather than putting that money toward your retirement or the trade-off we make when we entrust our private information to businesses in return for more personalized services, we understand that with every choice we. The post The Privacy-Control Trade-Off: User Privacy Vs.

article thumbnail

Lazarus hackers linked to the $35 million Atomic Wallet heist

Bleeping Computer

The notorious North Korean hacking group known as Lazarus has been linked to the recent Atomic Wallet hack, resulting in the theft of over $35 million in crypto. [.

Hacking 111
article thumbnail

FBI: Sextortionist Campaigns Use Deepfakes to Target Children, Adults

Dark Reading

Threat actors are lifting public images and videos from the Internet, altering them, and posting them online in a new wave of sextortion campaigns.

Internet 114
article thumbnail

Netflix: Is Password-Sharing a Crime?

Security Boulevard

On May 25, 2023 streaming content provider Netflix began enforcing its policy prohibiting the sharing of Netflix accounts even among family members who are not members of the same “household”—meaning living together in the same house. It was always Netflix’s policy to prohibit such account and password sharing—it’s just that Netflix finally began enforcing the.

Passwords 102
article thumbnail

Cybersecurity Predictions for 2024

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

article thumbnail

Update Chrome now! Google patches actively exploited zero-day

Malwarebytes

Google has released an update which includes two security fixes. One of these security fixes is for a zero-day about which Google says it’s aware that an exploit for this vulnerability exists in the wild. How to protect yourself If you’re a Chrome user on Windows, Mac, or Linux, you should update as soon as possible. Android users will also find an update waiting.

Risk 98
article thumbnail

Topsec Partners with EasyDMARC to Help Tackle Surging Email Cybersecurity Threats

Security Boulevard

About the Client Topsec Cloud Solutions is a. The post Topsec Partners with EasyDMARC to Help Tackle Surging Email Cybersecurity Threats appeared first on EasyDMARC. The post Topsec Partners with EasyDMARC to Help Tackle Surging Email Cybersecurity Threats appeared first on Security Boulevard.

article thumbnail

Security Buyers Are Consolidating Vendors: Gartner Security Summit

eSecurity Planet

IT security buyers are consolidating vendors at an overwhelming rate, according to a speaker at this week’s Gartner Security & Risk Management Summit. In a session on cybersecurity market trends and growth opportunities, Gartner analyst and VP Neil MacDonald said 75% of security buyers are pursuing vendor consolidation, up from just 29% in 2020. “Customers want fewer providers,” he said.

article thumbnail

Sysdig Extends Reach of CNAPP Via Agentless Edition of Falco

Security Boulevard

Sysdig today extended the reach of its cloud-native application protection platform (CNAPP) using an agentless implementation of the Falco engine it created to protect runtime environments. Announced at the Gartner Security and Risk Summit conference, that addition, for the first time, brings real-time cloud detection and response capabilities to the platform.

article thumbnail

Beware of Pixels & Trackers on U.S. Healthcare Websites

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

article thumbnail

Heimdal and SPP Join Forces to Deliver Award-Winning Unified Security Capabilities to US Service Providers

Heimadal Security

Heimdal and Texas-based renowned MSSP for MSPs, Service Provider Partners (SPP) have announced a new alliance aimed at delivering Heimdal’s innovative unified security platform to solution providers in the US market. As the rate and sophistication of cyber threats continue to increase, businesses of all sizes require extensive cybersecurity solutions to protect their distributed workforces […] The post Heimdal and SPP Join Forces to Deliver Award-Winning Unified Security Capabilities to US

article thumbnail

LogRhythm Holds its First UK Cybersecurity Summit to Share Expertise and Insights About Elevating Cybersecurity Efficiency

Security Boulevard

Register now for the inaugural event to maximize the efficiency of your security operations and combat the ever-growing threat landscape London, UK, 6 June 2023 — LogRhythm, the company helping security teams stop breaches by turning disconnected data and signals into trustworthy… The post LogRhythm Holds its First UK Cybersecurity Summit to Share Expertise and Insights About Elevating Cybersecurity Efficiency appeared first on LogRhythm.

article thumbnail

Barracuda Urges Immediate Replacement of Hacked ESG Appliances

The Hacker News

Enterprise security company Barracuda is now urging customers who were impacted by a recently disclosed zero-day flaw in its Email Security Gateway (ESG) appliances to immediately replace them.

Hacking 95
article thumbnail

Warning: Victims' faces placed on explicit images in sextortion scam

Malwarebytes

The FBI has issued a warning about criminals digitally manipulating people's faces on to pornographic images—known as deepfaking—and then using those images to harass or extort money out of their victim in a practice known as sextortion. The FBI said the victims include children. From the release: The FBI continues to receive reports from victims, including minor children and non-consenting adults, whose photos or videos were altered into explicit content.

Scams 93
article thumbnail

5 Key Findings From the 2023 FBI Internet Crime Report

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

article thumbnail

How can small businesses ensure Cybersecurity?

CyberSecurity Insiders

The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. Small businesses are more vulnerable to cyber-attacks since hackers view them as easy victims to target. While this may seem unlikely, statistics reveal that more than half of these businesses experienced some form of cyber-attack in 2022.

article thumbnail

Microsoft to Pay $20 Million Penalty for Illegally Collecting Kids' Data on Xbox

The Hacker News

Microsoft has agreed to pay a penalty of $20 million to settle U.S. Federal Trade Commission (FTC) charges that the company illegally collected and retained the data of children who signed up to use its Xbox video game console without their parents' knowledge or consent.

93
article thumbnail

+60,000 Android apps spotted hiding adware for past six months

Security Affairs

Bitdefender researchers have discovered 60,000 different Android apps secretly installing adware in the past six months. Bitdefender announced the discovery of more than 60,000 Android apps in the past six months that were spotted installing adware on Android devices. The researchers discovered the hidden adware by using a recently announced anomaly detection technology incorporated into Bitdefender Mobile Security. “Upon analysis, the campaign is designed to aggressively push adware to

Adware 92
article thumbnail

The Case for a Federal Cyber-Insurance Backstop

Dark Reading

By stepping in to provide aid, the federal government could help protect companies, insurers, and the economy from the impact of a widespread, catastrophic cyberattack.

article thumbnail

Software Composition Analysis: The New Armor for Your Cybersecurity

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?