October, 2022

article thumbnail

Three Cybersecurity Surprises from State Security Chiefs

Lohrman on Security

What were the top cybersecurity themes, including several unexpected narratives, that emerged from the 2022 NASCIO Annual Conference held in Louisville, Ky., this past week?

article thumbnail

Detecting Deepfake Audio by Modeling the Human Acoustic Tract

Schneier on Security

This is interesting research : In this paper, we develop a new mechanism for detecting audio deepfakes using techniques from the field of articulatory phonetics.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Cybersecurity Event Cancelled After Being Hit By Cybercriminals

Joseph Steinberg

An online cybersecurity event with 2,500 people already logged in had to be cancelled after suspected cybercriminals launched a social engineering attack in the event’s chat window.

article thumbnail

Accused ‘Raccoon’ Malware Developer Fled Ukraine After Russian Invasion

Krebs on Security

A 26-year-old Ukrainian man is awaiting extradition from The Netherlands to the United States on charges that he acted as a core developer for Raccoon , a popular “malware-as-a-service” offering that helped paying customers steal passwords and financial data from millions of cybercrime victims.

Malware 285
article thumbnail

ERM Program Fundamentals for Success in the Banking Industry

Speaker: William Hord, Senior VP of Risk & Professional Services

This exclusive webinar with William Hord, Senior VP of Risk & Professional Services, will explore the foundational elements you need to start or validate your ERM program. He will also dive into topic definitions, governance structures, and framework components for success.

article thumbnail

Big Changes are Afoot: Expanding and Enhancing the Have I Been Pwned API

Troy Hunt

Just over 3 years ago now, I sat down at a makeshift desk (ok, so it was a kitchen table) in an Airbnb in Olso and built the authenticated API for Have I Been Pwned (HIBP).

article thumbnail

2022 cyber threat report details growing trends

Tech Republic Security

SonicWall’s mid-year report update has been released with new information on malware, ransomware, cryptojacking and more. The post 2022 cyber threat report details growing trends appeared first on TechRepublic. Security cyber threat malware ransomware

More Trending

article thumbnail

Inserting a Backdoor into a Machine-Learning System

Schneier on Security

Interesting research: “ ImpNet: Imperceptible and blackbox-undetectable backdoors in compiled neural networks , by Tim Clifford, Ilia Shumailov, Yiren Zhao, Ross Anderson, and Robert Mullins: Abstract : Early backdoor attacks against machine learning set off an arms race in attack and defence development.

article thumbnail

Former Uber CISO Faces Prison Time For Mishandling Cyberattack: Justice, Scapegoating, or Both?

Joseph Steinberg

A jury yesterday found former Uber security chief Joe Sullivan guilty of covering up a massive data breach; the conviction makes Sullivan likely to become the first executive to face prison time over the mishandling of a cyberattack.

CISO 224
article thumbnail

Battle with Bots Prompts Mass Purge of Amazon, Apple Employee Accounts on LinkedIn

Krebs on Security

On October 10, 2022, there were 576,562 LinkedIn accounts that listed their current employer as Apple Inc. The next day, half of those profiles no longer existed.

article thumbnail

Why We Should Make Time to Brainstorm New, Innovative Ideas

Lohrman on Security

How can we better plan, strategize and come up with new innovative ideas in our post-COVID world

183
183
article thumbnail

The Power of Storytelling in Risk Management

Speaker: Dr. Karen Hardy, CEO and Chief Risk Officer of Strategic Leadership Advisors LLC

Join this exclusive webinar with Dr. Karen Hardy, where she will explore the power of storytelling in risk communication as a core component of a resilient organization's management framework!

article thumbnail

New Alchimist attack framework hits Windows, Linux and Mac

Tech Republic Security

The attack framework of probable Chinese origin used by cybercriminals has been discovered. The post New Alchimist attack framework hits Windows, Linux and Mac appeared first on TechRepublic. Apple Microsoft Open source Security linux malware windows

Malware 198
article thumbnail

GUEST ESSAY: Privacy risks introduced by the ‘metaverse’ — and how to combat them

The Last Watchdog

As digital technologies become more immersive and tightly integrated with our daily lives, so too do the corresponding intrusive attacks on user privacy. Related: The case for regulating facial recognition. Virtual reality (VR) is well positioned to become a natural continuation of this trend.

Risk 185
article thumbnail

Qatar Spyware

Schneier on Security

Everyone visiting Qatar for the World Cup needs to install spyware on their phone. Everyone travelling to Qatar during the football World Cup will be asked to download two apps called Ehteraz and Hayya.

Spyware 350
article thumbnail

Best Practices for Hospitals To Manage Risks To CyberSecurity Created By Medical Technology And Information Systems: A Webinar With The CIA’s Former CyberSecurity Director And The Top CyberSecurity Columnist

Joseph Steinberg

What can hospitals learn from an ex-CIA cybersecurity director and a cybersecurity-expert columnist read by millions of people?

article thumbnail

Everything You Need to Know About Crypto

Speaker: Ryan McInerny, CAMS, FRM, MSBA - Principal, Product Strategy

This exclusive webinar with Ryan McInerny will teach you all about cryptocurrency and NFTs! Register to learn more about identifying crypto transactions, crypto asset market trends, managing risk and compliance, and supporting customers and partners using crypto-based payments.

article thumbnail

Microsoft Patch Tuesday, October 2022 Edition

Krebs on Security

Microsoft today released updates to fix at least 85 security holes in its Windows operating systems and related software, including a new zero-day vulnerability in all supported versions of Windows that is being actively exploited.

DNS 267
article thumbnail

Weekly Update 316

Troy Hunt

Passwords 257
article thumbnail

2022 State of the Threat: Ransomware is still hitting companies hard

Tech Republic Security

SecureWorks found that business email compromise still generates huge revenues for cybercriminals, while cyberespionage activities tend not to change so much. The post 2022 State of the Threat: Ransomware is still hitting companies hard appeared first on TechRepublic.

article thumbnail

GUEST ESSAY: Sure steps to achieve a robust employee cybersecurity awareness training regimen

The Last Watchdog

Employee security awareness is the most important defense against data breaches. Related: Leveraging security standards to protect your company. It involves regularly changing passwords and inventorying sensitive data. Cybercriminals view employees as a path of least resistance. As such, you should limit the amount of information that employees have access to. There are several ways you can protect your business from data breaches. Create security awareness for employees.

Passwords 177
article thumbnail

Exploring the Overlap: Cost Optimization and Digital Transformation

Speaker: Alex Jiménez, Managing Principal, Financial Service Consulting for EPAM

The largest banks have increased reserves for protection against deteriorating economic conditions. Should banks delay their digital transformation investments and focus on cost reductions? In this webinar, Alex Jiménez will walk us through that question and examine the prudent course of action.

article thumbnail

Hacking Automobile Keyless Entry Systems

Schneier on Security

Suspected members of a European car-theft ring have been arrested : The criminals targeted vehicles with keyless entry and start systems, exploiting the technology to get into the car and drive away.

Hacking 342
article thumbnail

Google Cybersecurity Action Team Threat Horizons Report #4 Is Out!

Anton on Security

This is my completely informal, uncertified, unreviewed and otherwise completely unofficial blog inspired by my reading of our fourth Threat Horizons Report ( full version ) that we just released ( the official blog for #1 report , my unofficial blog for #2 , my unofficial blog for #3 ).

article thumbnail

Glut of Fake LinkedIn Profiles Pits HR Against the Bots

Krebs on Security

A recent proliferation of phony executive profiles on LinkedIn is creating something of an identity crisis for the business networking site, and for companies that rely on it to hire and screen prospective employees.

Web Fraud 266
article thumbnail

What Should CISOs Prioritize In A Volatile Landscape?: A Webinar With Top CyberSecurity Columnist Joseph Steinberg

Joseph Steinberg

Have you been prioritizing Detection and Response over Protection when it comes to your cybersecurity strategy? All three, of course, are key pillars of the NIST cybersecurity framework – so, why are you prioritizing two of them over the third?

CISO 171
article thumbnail

The Anti-Money Laundering Act of 2020: Initial Catalysts, Current Implications, and Future Impacts

Speaker: Elizabeth "Paige" Baumann, Founder and CEO of Paige Baumann Advisory, LLC

In this session, Elizabeth “Paige” Baumann will cover the Anti-Money Laundering Act of 2020, which also includes the Corporate Transparency Act. She'll take a deep dive into the catalysts that brought on the act, the current implications of the act, and what impacts the act has on the future of banking and finance.

article thumbnail

Asana launches enterprise-level workplace tools for prioritization and planning

Tech Republic Security

A slew of new Asana capabilities are geared toward enhancing reporting, decreasing duplicate cross-functional work and costs, and strengthening security. The post Asana launches enterprise-level workplace tools for prioritization and planning appeared first on TechRepublic.

Software 193
article thumbnail

GUEST ESSAY: A roadmap to achieve a better balance of network security and performance

The Last Watchdog

Here’s a frustrating reality about securing an enterprise network: the more closely you inspect network traffic, the more it deteriorates the user experience. Related: Taking a risk-assessment approach to vulnerabilities. Slow down application performance a little, and you’ve got frustrated users. Slow it down a lot, and most likely, whichever knob you just turned gets quickly turned back again—potentially leaving your business exposed. It’s a delicate balance.

article thumbnail

Recovering Passwords by Measuring Residual Heat

Schneier on Security

Researchers have used thermal cameras and ML guessing techniques to recover passwords from measuring the residual heat left by fingers on keyboards.

Passwords 340
article thumbnail

Weekly Update 317

Troy Hunt

I decided to do something a bit different this week and mostly just answer questions from my talk at GOTO Copenhagen last week.

Media 235
article thumbnail

Successful Change Management with Enterprise Risk Management

Speaker: William Hord, Vice President of ERM Services

Join us as we discuss the various tangents of data and the change management process that will help you make better risk-based business decisions to save time and money for your organization.

article thumbnail

Report: Big U.S. Banks Are Stiffing Account Takeover Victims

Krebs on Security

When U.S. consumers have their online bank accounts hijacked and plundered by hackers, U.S. financial institutions are legally obligated to reverse any unauthorized transactions as long as the victim reports the fraud in a timely manner.

Banking 258
article thumbnail

2022 State Cyber Summit Recaps from Kansas and Michigan

Lohrman on Security

Cyber summits were held this past week in Michigan and Kansas, and hot topics ranged from workforce development to ransomware to growing global cyber threats. Here’s a rundown

article thumbnail

How ransomware gangs operate like legitimate businesses

Tech Republic Security

Today’s ransomware groups act like regular businesses with PR and advertising, escrow services and even customer support, says Cybersixgill. The post How ransomware gangs operate like legitimate businesses appeared first on TechRepublic. Security ransomware

article thumbnail

GUEST ESSAY: Restore Us Institute (RUI) aims to protect Americans from online harms and crimes

The Last Watchdog

How did America and Americans regress to being much less secure than before the Internet? Everyone knows the many amazing conveniences, benefits, and advances the Internet has enabled. What everyone doesn’t know is how irrational the Internet’s utopian founding premises have proven to be concerning America’s and Americans’ security over the last quarter century. The first irrational security-related premise is that U.S.

Internet 170
article thumbnail

Cover Your SaaS: How to Overcome Security Challenges and Risks For Your Organization

Speaker: Ronald Eddings, Cybersecurity Expert and Podcaster

In this webinar, Ronald Eddings, Cybersecurity Expert, will outline the relationship between SaaS apps and IT & security teams, along with several actionable solutions to overcome the new difficulties facing your organization.