October, 2022

Three Cybersecurity Surprises from State Security Chiefs

Lohrman on Security

What were the top cybersecurity themes, including several unexpected narratives, that emerged from the 2022 NASCIO Annual Conference held in Louisville, Ky., this past week?

Detecting Deepfake Audio by Modeling the Human Acoustic Tract

Schneier on Security

This is interesting research : In this paper, we develop a new mechanism for detecting audio deepfakes using techniques from the field of articulatory phonetics.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Accused ‘Raccoon’ Malware Developer Fled Ukraine After Russian Invasion

Krebs on Security

A 26-year-old Ukrainian man is awaiting extradition from The Netherlands to the United States on charges that he acted as a core developer for Raccoon , a popular “malware-as-a-service” offering that helped paying customers steal passwords and financial data from millions of cybercrime victims.

Cybersecurity Event Cancelled After Being Hit By Cybercriminals

Joseph Steinberg

An online cybersecurity event with 2,500 people already logged in had to be cancelled after suspected cybercriminals launched a social engineering attack in the event’s chat window.

Successful Change Management with Enterprise Risk Management

Speaker: William Hord, Vice President of ERM Services

Join us as we discuss the various tangents of data and the change management process that will help you make better risk-based business decisions to save time and money for your organization.

Big Changes are Afoot: Expanding and Enhancing the Have I Been Pwned API

Troy Hunt

Just over 3 years ago now, I sat down at a makeshift desk (ok, so it was a kitchen table) in an Airbnb in Olso and built the authenticated API for Have I Been Pwned (HIBP).

FIRESIDE CHAT: Timely employee training, targeted testing needed to quell non-stop phishing

The Last Watchdog

Humans are rather easily duped. And this is the fundamental reason phishing persists as a predominant cybercriminal activity. Related: How MSSPs help secure business networks. Tricking someone into clicking to a faked landing page and typing in their personal information has become an ingrained pitfall of digital commerce. The deleterious impact on large enterprises and small businesses alike has been – and continues to be — profound.

More Trending

Inserting a Backdoor into a Machine-Learning System

Schneier on Security

Interesting research: “ ImpNet: Imperceptible and blackbox-undetectable backdoors in compiled neural networks , by Tim Clifford, Ilia Shumailov, Yiren Zhao, Ross Anderson, and Robert Mullins: Abstract : Early backdoor attacks against machine learning set off an arms race in attack and defence development.

Battle with Bots Prompts Mass Purge of Amazon, Apple Employee Accounts on LinkedIn

Krebs on Security

On October 10, 2022, there were 576,562 LinkedIn accounts that listed their current employer as Apple Inc. The next day, half of those profiles no longer existed.

Former Uber CISO Faces Prison Time For Mishandling Cyberattack: Justice, Scapegoating, or Both?

Joseph Steinberg

A jury yesterday found former Uber security chief Joe Sullivan guilty of covering up a massive data breach; the conviction makes Sullivan likely to become the first executive to face prison time over the mishandling of a cyberattack.

CISO 185

Weekly Update 316

Troy Hunt

Cover Your SaaS: How to Overcome Security Challenges and Risks For Your Organization

Speaker: Ronald Eddings, Cybersecurity Expert and Podcaster

In this webinar, Ronald Eddings, Cybersecurity Expert, will outline the relationship between SaaS apps and IT & security teams, along with several actionable solutions to overcome the new difficulties facing your organization.

GUEST ESSAY: Privacy risks introduced by the ‘metaverse’ — and how to combat them

The Last Watchdog

As digital technologies become more immersive and tightly integrated with our daily lives, so too do the corresponding intrusive attacks on user privacy. Related: The case for regulating facial recognition. Virtual reality (VR) is well positioned to become a natural continuation of this trend.

Risk 160

2022 State Cyber Summit Recaps from Kansas and Michigan

Lohrman on Security

Cyber summits were held this past week in Michigan and Kansas, and hot topics ranged from workforce development to ransomware to growing global cyber threats. Here’s a rundown

Qatar Spyware

Schneier on Security

Everyone visiting Qatar for the World Cup needs to install spyware on their phone. Everyone travelling to Qatar during the football World Cup will be asked to download two apps called Ehteraz and Hayya.

Microsoft Patch Tuesday, October 2022 Edition

Krebs on Security

Microsoft today released updates to fix at least 85 security holes in its Windows operating systems and related software, including a new zero-day vulnerability in all supported versions of Windows that is being actively exploited.

DNS 235

How Preparation and Strategy Can Be Used to Fight and Defeat Any Ransomware Attack

Speaker: Karl Camilleri, Cloud Services Product Manager at phoenixNAP

Through a detailed analysis of major attacks and their consequences, Karl Camilleri, Cloud Services Product Manager at phoenixNAP, will discuss the state of ransomware and future predictions, as well as provide best practices for attack prevention and recovery.

Best Practices for Hospitals To Manage Risks To CyberSecurity Created By Medical Technology And Information Systems: A Webinar With The CIA’s Former CyberSecurity Director And The Top CyberSecurity Columnist

Joseph Steinberg

What can hospitals learn from an ex-CIA cybersecurity director and a cybersecurity-expert columnist read by millions of people?

Endings and Beginnings

Jane Frankland

The world is going through rapid change what with climate change (exceptional droughts, floods hurricanes) high inflation, economic slowdowns, recessions, tech company layoffs, supply chain problems, wars, protests, and a stock market crash.

GUEST ESSAY: Sure steps to achieve a robust employee cybersecurity awareness training regimen

The Last Watchdog

Employee security awareness is the most important defense against data breaches. Related: Leveraging security standards to protect your company. It involves regularly changing passwords and inventorying sensitive data. Cybercriminals view employees as a path of least resistance. As such, you should limit the amount of information that employees have access to. There are several ways you can protect your business from data breaches. Create security awareness for employees.

Weekly Update 317

Troy Hunt

I decided to do something a bit different this week and mostly just answer questions from my talk at GOTO Copenhagen last week.

Media 190

How to Avoid the Pain and Cost of PCI Compliance While Optimizing Payments

Speaker: P. Andrew Sjogren, Sr. Product Marketing Manager at Very Good Security, Matt Doka, Co-Founder and CTO of Fivestars, and Steve Andrews, President & CEO of the Western Bankers Association 

In this webinar, we have a great set of panelists who will take you through how Zero Data strategies can be used as part of a well-rounded compliance and security approach, and get you to market much sooner by also allowing for payment optimization. They’ll share how to grow your business faster and minimize costs for both security and compliance

Hacking Automobile Keyless Entry Systems

Schneier on Security

Suspected members of a European car-theft ring have been arrested : The criminals targeted vehicles with keyless entry and start systems, exploiting the technology to get into the car and drive away.

Glut of Fake LinkedIn Profiles Pits HR Against the Bots

Krebs on Security

A recent proliferation of phony executive profiles on LinkedIn is creating something of an identity crisis for the business networking site, and for companies that rely on it to hire and screen prospective employees.

What Should CISOs Prioritize In A Volatile Landscape?: A Webinar With Top CyberSecurity Columnist Joseph Steinberg

Joseph Steinberg

Have you been prioritizing Detection and Response over Protection when it comes to your cybersecurity strategy? All three, of course, are key pillars of the NIST cybersecurity framework – so, why are you prioritizing two of them over the third?

CISO 160

Google Cybersecurity Action Team Threat Horizons Report #4 Is Out!

Anton on Security

This is my completely informal, uncertified, unreviewed and otherwise completely unofficial blog inspired by my reading of our fourth Threat Horizons Report ( full version ) that we just released ( the official blog for #1 report , my unofficial blog for #2 , my unofficial blog for #3 ).

Back to the Office: Privacy and Security Solutions to Compliance Issues for 2021 and Beyond

Speaker: Mike Cramer, Director of HIPAA & Data Security at The Word & Brown Companies

Now that companies are slowly allowing employees to return to work at the office, it's time to re-evaluate your company’s posture towards privacy and security. Join Mike Cramer, Director of HIPAA & Data Security at The Word & Brown Companies, for a discussion that will focus on compliance and the types of privacy and security measures your company should be aware of, as well as tips and methods for implementing these measures.

GUEST ESSAY: A roadmap to achieve a better balance of network security and performance

The Last Watchdog

Here’s a frustrating reality about securing an enterprise network: the more closely you inspect network traffic, the more it deteriorates the user experience. Related: Taking a risk-assessment approach to vulnerabilities. Slow down application performance a little, and you’ve got frustrated users. Slow it down a lot, and most likely, whichever knob you just turned gets quickly turned back again—potentially leaving your business exposed. It’s a delicate balance.

Weekly Update 319

Troy Hunt

Geez we've been getting hammered down here: Optus, MyDeal, Vinomofo, Medibank and now Australian Clinical Labs.

IoT 182

Recovering Passwords by Measuring Residual Heat

Schneier on Security

Researchers have used thermal cameras and ML guessing techniques to recover passwords from measuring the residual heat left by fingers on keyboards.

Report: Big U.S. Banks Are Stiffing Account Takeover Victims

Krebs on Security

When U.S. consumers have their online bank accounts hijacked and plundered by hackers, U.S. financial institutions are legally obligated to reverse any unauthorized transactions as long as the victim reports the fraud in a timely manner.

Encryption: One Of The Most Powerful Ways To Keep Data Private – But Governments Want To Outlaw It

Joseph Steinberg

Today, October 21, marks the first ever organized Global Encryption Day, dedicated to spreading awareness of the importance of utilizing encryption to protect sensitive information, both when it is in transit (e.g.,

More Work Needed to Secure Data in the Cloud, Survey Finds

Lohrman on Security

New survey results from the Cloud Security Alliance and BigID show gaps in protecting data in the cloud as well as a lack of confidence in controls being used by enterprises

126
126

GUEST ESSAY: Restore Us Institute (RUI) aims to protect Americans from online harms and crimes

The Last Watchdog

How did America and Americans regress to being much less secure than before the Internet? Everyone knows the many amazing conveniences, benefits, and advances the Internet has enabled. What everyone doesn’t know is how irrational the Internet’s utopian founding premises have proven to be concerning America’s and Americans’ security over the last quarter century. The first irrational security-related premise is that U.S.

CISA says hospitals should be wary of new Daixin Team Ransomware

CyberSecurity Insiders

United States Cybersecurity and Infrastructure Security Agency(CISA) has issued an advisory to all hospitals and healthcare providers about a new ransomware dubbed ‘Daixin Team’ doing rounds on the internet.

Apple Only Commits to Patching Latest OS Version

Schneier on Security

People have suspected this for a while, but Apple has made it official. It only commits to fully patching the latest version of its OS, even though it claims to support older versions.

239
239

How Card Skimming Disproportionally Affects Those Most In Need

Krebs on Security

When people banking in the United States lose money because their payment card got skimmed at an ATM , gas pump or grocery store checkout terminal , they may face hassles or delays in recovering any lost funds, but they are almost always made whole by their financial institution.

Retail 210