Joseph Steinberg
JULY 21, 2022
The second edition of Cybersecurity For Dummies , Joseph Steinberg’s best-selling introductory-level book about cybersecurity, is now available. Like its first-edition counterpart, CyberSecurity For Dummies: Second Edition is written for general audiences, and can help people of all backgrounds stay cyber-secure, regardless of their technical skillsets.
Schneier on Security
JULY 12, 2022
Honda vehicles from 2021 to 2022 are vulnerable to this attack : On Thursday, a security researcher who goes by Kevin2600 published a technical report and videos on a vulnerability that he claims allows anyone armed with a simple hardware device to steal the code to unlock Honda vehicles. Kevin2600, who works for cybersecurity firm Star-V Lab, dubbed the attack RollingPWN. […].
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Javvad Malik
JULY 7, 2022
Over here in the UK we’ve had dozens of MPs (members of parliament) tender their resignation over the last day or so. While I’m not interested in politics, seeing so many resignation letters did provide me with the template to create the perfect letter. It consists of a few steps. 1. Yellow paper (not the white one peasants write on). 2.
Krebs on Security
JULY 10, 2022
Twice in the past month KrebsOnSecurity has heard from readers who’ve had their accounts at big-three credit bureau Experian hacked and updated with a new email address that wasn’t theirs. In both cases the readers used password managers to select strong, unique passwords for their Experian accounts. Research suggests identity thieves were able to hijack the accounts simply by signing up for new accounts at Experian using the victim’s personal information and a different email
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Adam Levin
JULY 6, 2022
A firewall is a network security device or program designed to prevent unauthorized and malicious internet traffic from entering a private network or device. It is a digital safety barrier between public and private internet connections, allowing non-threatening traffic in and keeping malicious traffic out, which in theory includes malware and hackers.
Tech Republic Security
JULY 7, 2022
Cybercriminals found a way into a Shanghai National Police database, in the largest exploit of personal information in the country’s history. The post China suffers massive cybersecurity breach affecting over 1 billion people appeared first on TechRepublic.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Schneier on Security
JULY 28, 2022
Kaspersky is reporting on a new UFEI rootkit that survives reinstalling the operating system and replacing the hard drive. From an article : The firmware compromises the UEFI, the low-level and highly opaque chain of firmware required to boot up nearly every modern computer. As the software that bridges a PC’s device firmware with its operating system, the UEFI—short for Unified Extensible Firmware Interface—is an OS in its own right.
Bleeping Computer
JULY 7, 2022
While Microsoft announced earlier this year that it would block VBA macros on downloaded documents by default, Redmond said on Thursday that it will roll back this change based on "feedback" until further notice. [.].
Krebs on Security
JULY 18, 2022
The 911 service as it exists today. For the past seven years, an online service known as 911 has sold access to hundreds of thousands of Microsoft Windows computers daily, allowing customers to route their Internet traffic through PCs in virtually any country or city around the globe — but predominantly in the United States. 911 says its network is made up entirely of users who voluntarily install its “free VPN” software.
Security Boulevard
JULY 20, 2022
Salt Security today extended its security platform for application programming interfaces (APIs) to include the ability to visually depict API call sequences, create attack simulations before APIs are released into production and gain insights into attacker behaviors and patterns. Elad Koren, chief product officer for Salt Security, said the latest version of the Salt Security.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Tech Republic Security
JULY 19, 2022
CSRB has released a report saying that the Log4j exploit is here to stay long-term, meaning businesses should be ready in case of a cyber attack. The post Cyber Safety Review Board classifies Log4j as ‘endemic vulnerability’ appeared first on TechRepublic.
CSO Magazine
JULY 4, 2022
Identity and access issues topped the list of concerns of IT pros in the Cloud Security Alliance's annual Top Threats to Cloud Computing: The Pandemic 11 report released earlier this month. "Data breaches and data loss were the top concerns last year," says CSA Global Vice President of Research John Yeoh. "This year, they weren't even in the top 11.
We Live Security
JULY 13, 2022
In a world of ever-evolving cyberthreats, collaboration and knowledge exchange are vital for keeping an edge on attackers. The post Collaboration and knowledge sharing key to progress in cybersecurity appeared first on WeLiveSecurity.
eSecurity Planet
JULY 11, 2022
Intezer Labs security researchers have identified a sophisticated new malware that targets Linux devices. Dubbed OrBit , the malware can gain persistence quickly, evade detection and hide its presence in network activity by manipulating logs. The module hooks functions called in shared libraries, which is pretty common for malware, but it also implements “advanced evasion techniques” and “remote capabilities over SSH.”.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
SecureList
JULY 25, 2022
Introduction. Rootkits are malware implants which burrow themselves in the deepest corners of the operating system. Although on paper they may seem attractive to attackers, creating them poses significant technical challenges and the slightest programming error has the potential to completely crash the victim machine. In our APT predictions for 2022 , we noted that despite these risks, we expected more attackers to reach the sophistication level required to develop such tools.
Security Boulevard
JULY 21, 2022
Radware this week revealed it added blockchain technologies to its Bot Manager platform to thwart attacks designed to evade completely automated public Turing tests to tell computers and humans apart—better known as CAPTCHA challenges. Dr. David Aviv, CTO for Radware, said that while a CAPTCHA challenge can be an effective way to determine if an. The post Radware Employs Blockchain Technologies to Thwart Bots appeared first on Security Boulevard.
Tech Republic Security
JULY 14, 2022
Journalists have information that makes them particularly interesting for state-sponsored cyberespionage threat actors. Learn more about these threats now. The post State-sponsored cyberespionage campaigns continue targeting journalists and media appeared first on TechRepublic.
Bleeping Computer
JULY 19, 2022
An Israeli security researcher has demonstrated a novel attack against air-gapped systems by leveraging the SATA cables inside computers as a wireless antenna to emanate data via radio signals. [.].
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Dark Reading
JULY 14, 2022
Vulnerability will remain a "significant" threat for years to come and highlighted the need for more public and private sector support for open source software ecosystem, Cyber Safety Review Board says.
CSO Magazine
JULY 26, 2022
ISAC and ISAO definition. [Editor's note: This article, originally published on July 3, 2019, has been updated with a directory of ISACs and ISAOs.] An Information Sharing and Analysis Center (ISAC) is an industry-specific organization that gathers and shares information on cyber threats to critical infrastructure. ISACs also facilitate the sharing of data between public and private sector groups. [ Learn what you need to know about defending critical infrastructure. | Get the latest from CSO by
Security Affairs
JULY 31, 2022
A vulnerability, tracked as CVE-2022-30563, impacting Dahua IP Camera can allow attackers to seize control of IP cameras. The CVE-2022-30563 vulnerability impacting Dahua IP Camera can allow attackers to seize control of IP cameras. The issue affects Dahua’s implementation of the Open Network Video Interface Forum ( ONVIF ). ONVIF provides and promotes standardized interfaces for effective interoperability of IP-based physical security products.
Security Boulevard
JULY 4, 2022
Find out top 10 risks answering why SMB's are doing cyber security wrong. We have also included fixes to help you understand the cybersecurity for SMB. The post The Top 10 SMB cyber security mistakes. Find out how to fix these security risks. appeared first on Cyphere | Securing Your Cyber Sphere. The post The Top 10 SMB cyber security mistakes.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Tech Republic Security
JULY 18, 2022
Microsoft says a ransomware gang calling itself H0lyGh0st may be sponsored by the North Korean government as a way for the country to offset its struggling economy. The post Why North Korean cybercriminals are targeting businesses with ransomware appeared first on TechRepublic.
Bleeping Computer
JULY 29, 2022
The Federal Communications Commission (FCC) warned Americans of an increasing wave of SMS (Short Message Service) phishing attacks attempting to steal their personal information and money. [.].
The State of Security
JULY 14, 2022
Microsoft has shared details of a widespread phishing campaign that not only attempted to steal the passwords of targeted organisations, but was also capable of circumventing multi-factor authentication (MFA) defences. Read more in my article on the Tripwire State of Security blog.
Malwarebytes
JULY 8, 2022
When content creators flag one of their own videos as inappropriate for children, we expect YouTube’s AI moderator to accept this and move on. But the video streaming bot doesn’t seem to get it. Not only can it prevent creators from correcting a miscategorization, its synthetic will is also final—no questions asked—unless the content creator appeals.
Speaker: William Hord, Vice President of ERM Services
A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.
We Live Security
JULY 4, 2022
One in five organizations have teetered on the brink of insolvency after a cyberattack. Can your company keep hackers at bay? The post Cyberattacks: A very real existential threat to organizations appeared first on WeLiveSecurity.
Security Boulevard
JULY 22, 2022
A survey of 503 IT professionals conducted by the market research firm Dimensional Insight on behalf of Broadcom Software highlighted the degree to which organizations are struggling to balance security against customer experience. The survey found more than half of respondents (54%) prioritize security over the end-user experience. However, 46% also conceded they have bypassed.
Tech Republic Security
JULY 1, 2022
Triggered by an employee from an external vendor who shared email addresses with an unauthorized party, the breach could lead to phishing attempts against affected individuals. The post Data breach of NFT marketplace OpenSea may expose customers to phishing attacks appeared first on TechRepublic.
Bleeping Computer
JULY 21, 2022
Recent Windows 11 builds now come with the Account Lockout Policy policy enabled by default which will automatically lock user accounts (including Administrator accounts) after 10 failed sign-in attempts for 10 minutes. [.].
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Expert insights. Personalized for you.
355 
Let's personalize your content