The Last Watchdog

APRIL 5, 2022

As the dust settles following the recently disclosed hack of NewsCorp , important lessons are emerging for the cybersecurity and journalism communities. Related: How China challenged Google in Operation Aurora. The Chinese government is well known for its censorship– and frequent harassment and intimidation of foreign journalists. These are the foremost reasons China is ranked fourth worst globally regarding press freedoms.

Hacking 243

Hacking Passwords Internet Internet 243

Tech Republic Security

APRIL 5, 2022

In one type of phishing attack described by the IRS, scammers pose as IRS workers to try to coax employees into sharing social security numbers or bank account details. The post IRS warns consumers and businesses of common scams during tax season appeared first on TechRepublic.

Scams 211

Scams Banking Phishing Accountability 211

Malwarebytes

APRIL 5, 2022

On April 4 2022, the Cybersecurity & Infrastructure Security Agency (CISA) added CVE-2021-45382 to its known exploited vulnerabilities catalog. But since the affected products have reached end of life (EOL), the advice is to disconnect them, if still in use. CISA catalog. The CISA catalog of known exploited vulnerabilities was set up to list the most important vulnerabilities that have proven to pose the biggest risks.

Firmware 145

Firmware Software Risk Authentication 145

Tech Republic Security

APRIL 5, 2022

A new report from CyberEdge group goes into detail on why businesses are more keen to pay off ransomware attackers and what can be done to increase cyber security. The post Nearly two-thirds of ransomware victims paid ransoms last year appeared first on TechRepublic.

Ransomware 207

Ransomware 207

Speaker: Erroll Amacker

Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.

Risk

Security Boulevard

APRIL 5, 2022

Hackers have stolen a mother lode of personal data from Intuit’s email marketing operation, Mailchimp. The post Mailchimp Hack Causes Theft of Trezor Crypto Wallet ‘Money’ appeared first on Security Boulevard.

Hacking 145

Hacking Marketing Social Engineering CISO 145

Tech Republic Security

APRIL 5, 2022

Known as Borat, a new Trojan spotted by Cyble allows attackers to compile malicious code to launch ransomware campaigns and DDoS attacks on the victim’s machine. The post Remote Access Trojan adds ransomware and DDoS attacks to usual bag of tricks appeared first on TechRepublic.

DDOS 179

DDOS Ransomware 179

Tech Republic Security

APRIL 5, 2022

If you use SSH or services that require encryption keys, it can be challenging to safely store that data to allow you secure access to your accounts. Here are some services to help you keep track of them. The post 5 tools to make encryption key management easier appeared first on TechRepublic.

Encryption 175

Encryption Accountability Software 175

Bleeping Computer

APRIL 5, 2022

The servers of Hydra Market, the most prominent Russian darknet platform for selling drugs and money laundering, have been seized by the German police. [.].

Marketing 144

Marketing 144

Tech Republic Security

APRIL 5, 2022

Scams spotted by Tessian typically try to grab donations intended to support Ukrainian humanitarian efforts to combat Russia’s attack. See how these exploits work and how to avoid them. The post How phishing attacks are exploiting Russia’s invasion of Ukraine appeared first on TechRepublic.

Phishing 167

Phishing Scams 167

Bleeping Computer

APRIL 5, 2022

US chipmaker Intel announced Tuesday night that it had suspended all business operations in Russia, joining tech other companies who pulled out of the country due to the invasion of Ukraine. [.].

Technology 143

Technology Government 143

Advertisement

Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.

Cyber threats

Tech Republic Security

APRIL 5, 2022

Making your software more secure is a process that takes careful planning, a lot of collaboration, and a healthy dose of iterating as you learn more. It’s the type of journey that goes more smoothly when you have a map. SafeStack Academy’s free white paper details what software security roadmaps are, why they’re useful in. The post Software security roadmaps: Secure your software without the expense appeared first on TechRepublic.

Software 146

Software 146

Security Affairs

APRIL 5, 2022

Ukraine CERT-UA spotted a spear-phishing campaign conducted by Russia-linked Armageddon APT targeting local state organizations. Ukraine CERT-UA published a security advisory to warn of spear-phishing attacks conducted by Russia-linked Armageddon APT (aka Gamaredon , Primitive Bear, Armageddon, Winterflounder, or Iron Tilden) targeting local state organizations.

Phishing 143

Phishing Government Hacking Malware 143

CSO Magazine

APRIL 5, 2022

I don’t know how many times I’ve heard cybersecurity professionals say something like, “Not having multi-factor authentication is a huge risk for our organization.” The truth is, that type of statement may illustrate a control weakness, but unless the unwanted outcome is a ding in an audit report where MFA is required, that is not the real risk. The real risk is the probability of a ransomware incident, for example, or the leak of personally identifiable information (PII) from a customer databas

Risk 143

Risk Cybersecurity Authentication Ransomware 143

Bleeping Computer

APRIL 5, 2022

Security researchers have uncovered a long-running malicious campaign from hackers associated with the Chinese government who are using VLC Media Player to launch a custom malware loader. [.].

Media 141

Media Malware Government 141

Advertisement

The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.

Cybersecurity

Tech Republic Security

APRIL 5, 2022

Customers of hardware wallet provider Trezor have been targeted by a phishing scam, resulting in the theft of cryptocurrency assets. See how it works and how to protect yourself from this new threat. The post Sophisticated phishing attacks steal Trezor’s hardware wallets appeared first on TechRepublic.

Phishing 139

Phishing Cryptocurrency Scams 139

Security Affairs

APRIL 5, 2022

Anonymous continues to support Ukraine against the Russian criminal invasion targeting the Russian military and propaganda. Anonymous leaked personal details of the Russian military stationed in Bucha where the Russian military carried out a massacre of civilians that are accused of having raped and shot local women and children. Leaked data include names, ranks and passport details of Russians serving in the 64 Motor Rifle Brigade which occupied Bucha prior to March 31.

Hacking 138

Hacking Media Government Cybersecurity 138

Malwarebytes

APRIL 5, 2022

This blog post was authored by Ankur Saini, with contributions from Hossein Jazi and Jérôme Segura. Colibri Loader is a relatively new piece of malware that first appeared on underground forums in August 2021 and was advertised to “ people who have large volumes of traffic and lack of time to work out the material “ As it names suggests, it is meant to deliver and manage payloads onto infected computers.

Malware 137

Malware Advertising 137

The Hacker News

APRIL 5, 2022

With the growth in digital transformation, the API management market is set to grow by more than 30% by the year 2025 as more businesses build web APIs and consumers grow to rely on them for everything from mobile apps to customized digital services.

Digital transformation 136

Digital transformation Mobile Marketing 136

Speaker: Sierre Lindgren

Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.

Scams

SecureBlitz

APRIL 5, 2022

Are you thinking about what best freelancing job websites for cyber security there are? The demand for cyber security freelancing jobs is no doubt on the increase in recent times; here, sit back as we walk you through the best freelancing job websites for 2022. As a cybersecurity expert, you can find freelance jobs on. The post 5 Best Freelancing Job Websites For Cyber Security appeared first on SecureBlitz Cybersecurity.

Cybersecurity 131

Cybersecurity 131

The Hacker News

APRIL 5, 2022

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added the recently disclosed remote code execution (RCE) vulnerability affecting the Spring Framework, to its Known Exploited Vulnerabilities Catalog based on "evidence of active exploitation." The critical severity flaw, assigned the identifier CVE-2022-22965 (CVSS score: 9.

Cybersecurity 134

Cybersecurity 134

eSecurity Planet

APRIL 5, 2022

MITRE Engenuity has released the latest round of its ATT&CK endpoint security evaluations, and the results show some familiar names leading the pack with the most detections. The MITRE evaluations are unique in that they emulate advanced persistent threat (APT) and nation-state hacking techniques, making them different from tests that might look at static malware samples, for example.

Antivirus 130

Antivirus Security Defenses Cybersecurity Ransomware 130

Security Boulevard

APRIL 5, 2022

For years, compliance audits have basically been conducted the same way: create an audit plan, complete the audit. Read More. The post Agile Auditing: What You Need to Know appeared first on Hyperproof. The post Agile Auditing: What You Need to Know appeared first on Security Boulevard.

128

128

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

Malwarebytes

APRIL 5, 2022

GitLab has issued several critical security updates, with users of the version control software urged to upgrade their installations as soon as possible. One of the fixes is for a hard coded password issue. What is distributed version control? Distributed version control is a way for an organisation’s codebase to be mirrored on the devices of anyone who needs access.

Passwords 127

Passwords Accountability Software 127

Appknox

APRIL 5, 2022

As more and more businesses move towards cloud-based operations and embrace digital transformation, security is increasingly becoming an important question. As an enterprise migrates to the cloud, its assets and data resources need to be migrated as well, and that might expose the sensitive information.

Digital transformation 127

Digital transformation 127

Security Boulevard

APRIL 5, 2022

Qualys this week updated its multi-vector endpoint detection and response (EDR) service to add additional threat-hunting and risk mitigation capabilities along with improved alert prioritization capabilities. Hiep Dang, vice president of endpoint security solutions for Qualys, said the 2.0 release of the multi-vector EDR service from Qualys now makes it easier to operationalize tactics and.

Risk 122

Risk Malware Cybersecurity Network Security 122

The Hacker News

APRIL 5, 2022

The notorious cybercrime group known as FIN7 has diversified its initial access vectors to incorporate software supply chain compromise and the use of stolen credentials, new research has revealed.

Software 121

Software Passwords Cybercrime Ransomware 121

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Dark Reading

APRIL 5, 2022

Security features to come include a TPM-like security processor for protecting artifacts that a computer uses during the secure boot-up process, as well as a control for blocking unsigned and untrusted apps.

121

121

We Live Security

APRIL 5, 2022

If better privacy and anonymity sound like music to your ears, you may not need to look much further than Tor Browser. Here’s what it’s like to surf the dark web using the browser. The post We’re going on Tor appeared first on WeLiveSecurity.

Cybercrime 120

Cybercrime 120

Bleeping Computer

APRIL 5, 2022

Cash App is notifying 8.2 million current and former US customers of a data breach after a former employee accessed their account information. [.].

Data breaches 119

Data breaches Accountability 119

CSO Magazine

APRIL 5, 2022

In an SEC filing made on Monday, Cash App parent company Block, Inc., said that it was working to contact roughly 8.2 million past and present customers of its investment services, as names, brokerage portfolio values and account numbers were compromised in a data breach. According to Block’s form 8-K, a employee who had regular access to the records during their employment downloaded customer records after leaving the company.

Hacking 118

Hacking Data breaches Passwords Accountability 118

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!