Schneier on Security
OCTOBER 3, 2022
This is interesting research : In this paper, we develop a new mechanism for detecting audio deepfakes using techniques from the field of articulatory phonetics. Specifically, we apply fluid dynamics to estimate the arrangement of the human vocal tract during speech generation and show that deepfakes often model impossible or highly-unlikely anatomical arrangements.
Joseph Steinberg
OCTOBER 24, 2022
An online cybersecurity event with 2,500 people already logged in had to be cancelled after suspected cybercriminals launched a social engineering attack in the event’s chat window. According to multiple media reports, the Australian Institute of Company Directors had been scheduled to run an an online event today for nearly 5,000 registrants at which the organization planned to discuss its new “cybersecurity governance principles.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Tech Republic Security
OCTOBER 13, 2022
The attack framework of probable Chinese origin used by cybercriminals has been discovered. The post New Alchimist attack framework hits Windows, Linux and Mac appeared first on TechRepublic.
Bleeping Computer
OCTOBER 15, 2022
Almost 900 servers have been hacked using a critical Zimbra Collaboration Suite (ZCS) vulnerability, which at the time was a zero-day without a patch for nearly 1.5 months. [.].
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Security Boulevard
OCTOBER 1, 2022
There has been significant growth in organizations deploying private blockchain technology. But despite its reputation, it is essential not to assume blockchain is secure just because it relies on cryptography. An appropriate security design with controls that addresses an organization’s acceptable risk should be applied and reviewed before deploying blockchain to a production environment.
Security Affairs
OCTOBER 15, 2022
Palo Alto Networks addressed a high-severity authentication bypass vulnerability affecting the PAN-OS 8.1 software. Palo Alto Networks released security patches to address a high-severity authentication bypass flaw, tracked as CVE-2022-0030 (CVSS score 8.1), impacting the PAN-OS 8.1 software. “An authentication bypass vulnerability in the Palo Alto Networks PAN-OS 8.1 web interface allows a network-based attacker with specific knowledge of the target firewall or Panorama appliance to imper
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
We Live Security
OCTOBER 17, 2022
What can schools, which all too often make easy prey for cybercriminals, do to bolster their defenses and keep threats at bay? The post 5 steps to protect your school from cyberattacks appeared first on WeLiveSecurity.
Tech Republic Security
OCTOBER 7, 2022
SecureWorks found that business email compromise still generates huge revenues for cybercriminals, while cyberespionage activities tend not to change so much. The post 2022 State of the Threat: Ransomware is still hitting companies hard appeared first on TechRepublic.
Bleeping Computer
OCTOBER 29, 2022
A new open-source 'S3crets Scanner' scanner allows researchers and red-teamers to search for 'secrets' mistakenly stored in publicly exposed or company's Amazon AWS S3 storage buckets. [.].
Security Boulevard
OCTOBER 11, 2022
Source code for the Intel Alder Lake processor EUFI BIOS has gone walkies. 4chan is said to be involved. The post LEAKED: Intel’s BIOS Source Code — All 6GB of It appeared first on Security Boulevard.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Security Affairs
OCTOBER 14, 2022
Researchers disclosed details of a now-patched flaw, tracked as CVE-2022-37969, in Windows Common Log File System (CLFS). The CVE-2022-37969 (CVSS score: 7.8) flaw is a Windows Common Log File System Driver Elevation of Privilege Vulnerability. The Common Log File System (CLFS) is a general-purpose logging subsystem that can be used by applications running in both kernel mode and user mode for building high-performance transaction logs, and is implemented in the driver CLFS.sys.
Schneier on Security
OCTOBER 17, 2022
Suspected members of a European car-theft ring have been arrested : The criminals targeted vehicles with keyless entry and start systems, exploiting the technology to get into the car and drive away. As a result of a coordinated action carried out on 10 October in the three countries involved, 31 suspects were arrested. A total of 22 locations were searched, and over EUR 1 098 500 in criminal assets seized.
CSO Magazine
OCTOBER 4, 2022
Employees are often warned about the data exposure risks associated with the likes of phishing emails, credential theft, and using weak passwords. However, they can risk leaking or exposing sensitive information about themselves, the work they do, or their organization without even realizing. This risk frequently goes unexplored in cybersecurity awareness training, leaving employees oblivious to the risks they can pose to the security of data which, if exposed, could be exploited both directly a
Tech Republic Security
OCTOBER 27, 2022
SonicWall’s mid-year report update has been released with new information on malware, ransomware, cryptojacking and more. The post 2022 cyber threat report details growing trends appeared first on TechRepublic.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Bleeping Computer
OCTOBER 15, 2022
Over 45,000 VMware ESXi servers inventoried by Lansweeper just reached end-of-life (EOL), with VMware no longer providing software and security updates unless companies purchase an extended support contract. [.].
Security Boulevard
OCTOBER 10, 2022
It’s never been more challenging to work in cybersecurity. The cost of a breach keeps going up, the number of attacks is constantly increasing and the industry is in the middle of a multi-year staffing crisis. It’s no surprise that 90% of security teams see automation as essential for them to deliver on their mandate. The post Human-Centric No-Code Automation is the Future of Cybersecurity appeared first on Security Boulevard.
Digital Shadows
OCTOBER 19, 2022
Ransomware activity decreased in the third quarter of 2022 (Q3 2022), as actors regrouped and refocused after a busy start. The post Ransomware In Q3 2022 first appeared on Digital Shadows.
Schneier on Security
OCTOBER 18, 2022
Everyone visiting Qatar for the World Cup needs to install spyware on their phone. Everyone travelling to Qatar during the football World Cup will be asked to download two apps called Ehteraz and Hayya. Briefly, Ehteraz is an covid-19 tracking app, while Hayya is an official World Cup app used to keep track of match tickets and to access the free Metro in Qatar.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Security Affairs
OCTOBER 29, 2022
The Slovak and Polish parliaments were hit by a massive cyber attack, and the voting system in Slovakia’s legislature was brought down. A massive cyber attack hit the Slovak and Polish parliaments, reported the authorities. The cyber attack brought down the voting system in Slovakia’s legislature. “The attack was multi-directional, including from inside the Russian Federation,” reads a statement published by the Polish Senate.
Tech Republic Security
OCTOBER 17, 2022
A slew of new Asana capabilities are geared toward enhancing reporting, decreasing duplicate cross-functional work and costs, and strengthening security. The post Asana launches enterprise-level workplace tools for prioritization and planning appeared first on TechRepublic.
Bleeping Computer
OCTOBER 20, 2022
A major Internet cable in the South of France was severed yesterday at 20:30 UTC, impacting subsea cable connectivity to Europe, Asia, and the United States and causing data packet losses and increased website response latency. [.].
SecureList
OCTOBER 7, 2022
Targeted attack attribution is always a tricky thing, and in general, we believe that attribution is best left to law enforcement agencies. The reason is that, while in 90%, it is possible to understand a few things about the attackers, such as their native language or even location, the remaining 10% can lead to embarrassing attribution errors or worse.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
CyberSecurity Insiders
OCTOBER 24, 2022
United States Cybersecurity and Infrastructure Security Agency(CISA) has issued an advisory to all hospitals and healthcare providers about a new ransomware dubbed ‘Daixin Team’ doing rounds on the internet. Information is out that the said hackers group is spreading malware to healthcare and the public sector and is demanding cryptocurrency in Bitcoins for an exchange of decryption key.
Schneier on Security
OCTOBER 12, 2022
Researchers have used thermal cameras and ML guessing techniques to recover passwords from measuring the residual heat left by fingers on keyboards. From the abstract: We detail the implementation of ThermoSecure and make a dataset of 1,500 thermal images of keyboards with heat traces resulting from input publicly available. Our first study shows that ThermoSecure successfully attacks 6-symbol, 8-symbol, 12-symbol, and 16-symbol passwords with an average accuracy of 92%, 80%, 71%, and 55% respec
Dark Reading
OCTOBER 11, 2022
The computing giant didn't fix ProxyNotLogon in October's Patch Tuesday, but it disclosed a rare 10-out-of-10 bug and patched two other zero-days, including one being exploited.
Tech Republic Security
OCTOBER 4, 2022
Today’s ransomware groups act like regular businesses with PR and advertising, escrow services and even customer support, says Cybersixgill. The post How ransomware gangs operate like legitimate businesses appeared first on TechRepublic.
Speaker: William Hord, Vice President of ERM Services
A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.
Bleeping Computer
OCTOBER 3, 2022
Microsoft has shared mitigations for two new Microsoft Exchange zero-day vulnerabilities tracked as CVE-2022-41040 and CVE-2022-41082, but researchers warn that the mitigation for on-premise servers is far from enough. [.].
GlobalSign
OCTOBER 28, 2022
A critical vulnerability has been discovered in current versions of OpenSSL and will need to be patched immediately. The OpenSSL Project will release version 3.0.7 on Tuesday, November 1st, 2022. This is a critical update that needs to be made immediately.
Security Boulevard
OCTOBER 28, 2022
OpenSSL has a new ‘critical’ bug. But it’s a secret until next month. The post OpenSSL ‘CRITICAL’ Bug — Sky Falling — Patch Hits 11/1 appeared first on Security Boulevard.
The Hacker News
OCTOBER 14, 2022
Tata Power Company Limited, India's largest integrated power company, on Friday confirmed it was targeted by a cyberattack. The intrusion on IT infrastructure impacted "some of its IT systems," the company said in a filing with the National Stock Exchange (NSE) of India.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Expert insights. Personalized for you.
357 
Let's personalize your content