September, 2022

NATO Countries Hit With Unprecedented Cyber Attacks

Lohrman on Security

Montenegro, Estonia and new NATO applicant Finland are just three of the countries being hit hard by sophisticated cyber attacks. What’s happening and who’s next

Massive Data Breach at Uber

Schneier on Security

It’s big : The breach appeared to have compromised many of Uber’s internal systems, and a person claiming responsibility for the hack sent images of email, cloud storage and code repositories to cybersecurity researchers and The New York Times.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Fake CISO Profiles on LinkedIn Target Fortune 500s

Krebs on Security

Someone has recently created a large number of fake LinkedIn profiles for Chief Information Security Officer (CISO) roles at some of the world’s largest corporations. It’s not clear who’s behind this network of fake CISOs or what their intentions may be.

CISO 262

State And Local Government Cyber In-Security Endangers America: Let’s Finally Deal With It

Joseph Steinberg

It is not a secret that the American people remain in danger of massive, crippling cyberattacks that could impact financial services, utilities, health care, and just about every other area of modern life.

Successful Change Management with Enterprise Risk Management

Speaker: William Hord, Vice President of ERM Services

Join us as we discuss the various tangents of data and the change management process that will help you make better risk-based business decisions to save time and money for your organization.

SHARED INTEL: The cybersecurity sea change coming with the implementation of ‘CMMC’

The Last Watchdog

Finally, Uncle Sam is compelling companies to take cybersecurity seriously. Related: How the Middle East paved the way to CMMC. Cybersecurity Maturity Model Certification version 2.0

"Pwned", the Book, is Finally Here!

Troy Hunt

The first time I ever wrote publicly about a company's security vulnerabilities, my boss came to have a word with me after seeing my name in the news headlines.

More Trending

Differences in App Security/Privacy Based on Country

Schneier on Security

Depending on where you are when you download your Android apps, it might collect more or less data about you. The apps we downloaded from Google Play also showed differences based on country in their security and privacy capabilities.

Transacting in Person with Strangers from the Internet

Krebs on Security

Communities like Craigslist , OfferUp , Facebook Marketplace and others are great for finding low- or no-cost stuff that one can pick up directly from a nearby seller, and for getting rid of useful things that don’t deserve to end up in a landfill.

BSides Tallinn 2022

Javvad Malik

I love myself a good Security BSides, and I’ve never been to Tallin in Estonia. So when I saw the CFP was open I submitted and was delighted to be selected. View of Riga, Latvia.

SHARED INTEL: Poll highlights the urgency to balance digital resiliency, cybersecurity

The Last Watchdog

The pace and extent of digital transformation that global enterprise organizations have undergone cannot be overstated. Related: The criticality of ‘attack surface management’ Massive global macro-economic shifts have fundamentally changed the way companies operate. Remote work already had an impact on IT strategy and the shift to cloud, including hybrid cloud , well before the onset of Covid 19.

Cover Your SaaS: How to Overcome Security Challenges and Risks For Your Organization

Speaker: Ronald Eddings, Cybersecurity Expert and Podcaster

In this webinar, Ronald Eddings, Cybersecurity Expert, will outline the relationship between SaaS apps and IT & security teams, along with several actionable solutions to overcome the new difficulties facing your organization.

Have you Heard the Groundwater Story?

Jane Frankland

A few weeks ago I wrote to you about toxic masculinity , how it affects all of us, and what we can do about it. This week I want to bring your attention to the Groundwater Approach and Root Cause Analysis. It’s especially relevant considering the brain drain that’s occuring in cyber.

Quiet Quitting or Improved Employee Engagement — Pick One

Lohrman on Security

As we emerge from the most life-changing pandemic in a century, discouraging workplace trends, like "quiet quitting," are commonplace. So what works to improve morale and productivity?

190
190

New Report on IoT Security

Schneier on Security

The Atlantic Council has published a report on securing the Internet of Things: “Security in the Billions: Toward a Multinational Strategy to Better Secure the IoT Ecosystem.”

IoT 251

Say Hello to Crazy Thin ‘Deep Insert’ ATM Skimmers

Krebs on Security

A number of financial institutions in and around New York City are dealing with a rash of super-thin “deep insert” skimming devices designed to fit inside the mouth of an ATM’s card acceptance slot.

How Preparation and Strategy Can Be Used to Fight and Defeat Any Ransomware Attack

Speaker: Karl Camilleri, Cloud Services Product Manager at phoenixNAP

Through a detailed analysis of major attacks and their consequences, Karl Camilleri, Cloud Services Product Manager at phoenixNAP, will discuss the state of ransomware and future predictions, as well as provide best practices for attack prevention and recovery.

Weekly Update 313

Troy Hunt

I came so close to skipping this week's video. I'm surrounded by family, friends and my amazing wife to be in only a couple of days.

Media 204

FIRESIDE CHAT: Why ‘digital resiliency’ has arisen as the Holy Grail of IT infrastructure

The Last Watchdog

Digital resiliency has arisen as something of a Holy Grail in the current environment. Related: The big lesson of Log4j. Enterprises are racing to push their digital services out to the far edge of a highly interconnected, cloud-centric operating environment. This has triggered a seismic transition of company networks, one that has put IT teams and security teams under enormous pressure.

Corrupting files is easy than spreading Ransomware

CyberSecurity Insiders

Cyderes, a Cybersecurity Risk Management firm from Missouri, has discovered that corrupting files are proving cheaper, is faster and is less likely to be detected by security solutions.

Book Review: 'If It’s Smart, It’s Vulnerable'

Lohrman on Security

This review covers Mikko Hypponen’s latest book, If It’s Smart, It’s Vulnerable. This is an excellent book that is highly recommended

145
145

How to Avoid the Pain and Cost of PCI Compliance While Optimizing Payments

Speaker: P. Andrew Sjogren, Sr. Product Marketing Manager at Very Good Security, Matt Doka, Co-Founder and CTO of Fivestars, and Steve Andrews, President & CEO of the Western Bankers Association 

In this webinar, we have a great set of panelists who will take you through how Zero Data strategies can be used as part of a well-rounded compliance and security approach, and get you to market much sooner by also allowing for payment optimization. They’ll share how to grow your business faster and minimize costs for both security and compliance

Leaking Passwords through the Spellchecker

Schneier on Security

Sometimes browser spellcheckers leak passwords : When using major web browsers like Chrome and Edge, your form data is transmitted to Google and Microsoft, respectively, should enhanced spellcheck features be enabled.

Botched Crypto Mugging Lands Three U.K. Men in Jail

Krebs on Security

Three men in the United Kingdom were arrested this month for attempting to assault a local man and steal his virtual currencies. The incident is the latest example of how certain cybercriminal communities are increasingly turning to physical violence to settle scores and disputes.

Weekly Update 312

Troy Hunt

I'm so excited to see the book finally out and awesome feedback coming in, but I'm disappointed with this week's video.

192
192

NEW TECH SNAPSHOT: The role of ‘MSSPs’ in helping businesses manage cybersecurity

The Last Watchdog

Network security has been radically altered, two-plus years into the global pandemic. Related: ‘ Attack surface management’ rises to the fore. The new normal CISOs face today is something of a nightmare. They must take into account a widely scattered workforce and somehow comprehensively mitigate new and evolving cyber threats. Criminal hacking collectives are thriving, more than ever.

Back to the Office: Privacy and Security Solutions to Compliance Issues for 2021 and Beyond

Speaker: Mike Cramer, Director of HIPAA & Data Security at The Word & Brown Companies

Now that companies are slowly allowing employees to return to work at the office, it's time to re-evaluate your company’s posture towards privacy and security. Join Mike Cramer, Director of HIPAA & Data Security at The Word & Brown Companies, for a discussion that will focus on compliance and the types of privacy and security measures your company should be aware of, as well as tips and methods for implementing these measures.

Netography Uses Labels and Tags to Provide Security Context

Security Boulevard

Netography today added support for context labels and tagging to a software-as-a-service (SaaS) platform that provides deep packet inspection capabilities to identify cybersecurity threats in near-real-time.

How to Close the Cybersecurity Skills Gap in Your Business

CyberSecurity Insiders

Staffing shortages in some industries have worsened since the COVID-19 pandemic began wreaking havoc in 2020, especially in cybersecurity. Cyberattacks have increased in many sectors, primarily targeting education and healthcare.

Leaking Screen Information on Zoom Calls through Reflections in Eyeglasses

Schneier on Security

Okay, it’s an obscure threat. But people are researching it : Our models and experimental results in a controlled lab setting show it is possible to reconstruct and recognize with over 75 percent accuracy on-screen texts that have heights as small as 10 mm with a 720p webcam.”

242
242

Accused Russian RSOCKS Botmaster Arrested, Requests Extradition to U.S.

Krebs on Security

A 36-year-old Russian man recently identified by KrebsOnSecurity as the likely proprietor of the massive RSOCKS botnet has been arrested in Bulgaria at the request of U.S. authorities.

Weekly Update 311

Troy Hunt

Well, after a crazy amount of work, a lot of edits, reflection, and feedback cycles, "Pwned" is almost here: This better be a sizzling read @troyhunt or I'll be crashing the wedding in ways never done before. Also, I thought they'd cancelled Neighbours?

184
184

GUEST ESSAY: The case for an identity-first approach ‘Zero Trust’ privileged access management

The Last Watchdog

Today’s enterprises are facing more complexities and challenges than ever before. Related: Replacing VPNs with ZTNA. Thanks to the emergence of today’s hybrid and multi-cloud environments and factors like remote work, ransomware attacks continue to permeate each industry.

On Trust and Transparency in Detection

Anton on Security

This blog / mini-paper is written jointly with Oliver Rochford. When we detect threats we expect to know what we are detecting. Sounds painfully obvious, right? But it is very clear to us that throughout the entire history of the security industry this has not always been the case.

CISO 162

Google announced the completion of the acquisition of Mandiant for $5.4 billion

Security Affairs

Google completed the acquisition of the threat intelligence firm Mandiant, the IT giant will pay $5.4 billion. Google announced the completion of the $5.4 billion acquisition of threat intelligence firm Mandiant. The acquisition was announced in March 2022 by both companies: “ RESTON, Va.,

Credit Card Fraud That Bypasses 2FA

Schneier on Security

Someone in the UK is stealing smartphones and credit cards from people who have stored them in gym lockers, and is using the two items in combination to commit fraud: Phones, of course, can be made inaccessible with the use of passwords and face or fingerprint unlocking.

Wormable Flaw, 0days Lead Sept. 2022 Patch Tuesday

Krebs on Security

This month’s Patch Tuesday offers a little something for everyone, including security updates for a zero-day flaw in Microsoft Windows that is under active attack, and another Windows weakness experts say could be used to power a fast-spreading computer worm.