Lohrman on Security
APRIL 30, 2023
Yes, generative AI stole the show at RSA Conference 2023 in San Francisco last week. Here’s a roundup of the top news from the biggest cybersecurity conference in the world.
Krebs on Security
MAY 2, 2023
A sprawling online company based in Georgia that has made tens of millions of dollars purporting to sell access to jobs at the United States Postal Service (USPS) has exposed its internal IT operations and database of nearly 900,000 customers. The leaked records indicate the network’s chief technology officer in Pakistan has been hacked for the past year, and that the entire operation was created by the principals of a Tennessee-based telemarketing firm that has promoted USPS employment we
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Schneier on Security
MAY 2, 2023
NIST has release a draft of Special Publication1800-38A: Migration to Post-Quantum Cryptography: Preparation for Considering the Implementation and Adoption of Quantum Safe Cryptography.” It’s only four pages long, and it doesn’t have a lot of detail—more “volumes” are coming, with more information—but it’s well worth reading.
Troy Hunt
MAY 4, 2023
It's a bit of a mixed bag this week with a very light-hearted look at the death of the browser padlock icon (which has been replaced by an icon that looks like a sex act), and a much more serious discussion about divorce. It took a long time to write and be ready to publish that blog post, many years in fact, but I'm so glad I did. You don't have to scroll far through the responses to the launch tweet or the comments on the blog itself to get a sense of how it's impacted peop
Speaker: William Hord, Senior VP of Risk & Professional Services
Enterprise Risk Management (ERM) is critical for industry growth in today’s fast-paced and ever-changing risk landscape. When building your ERM program foundation, you need to answer questions like: Do we have robust board and management support? Do we understand and articulate our bank’s risk appetite and how that impacts our business units? How are we measuring and rating our risk impact, likelihood, and controls to mitigate our risk?
Tech Republic Security
MAY 4, 2023
Storing passkeys directly on devices will cut down on successful phishing, Google suggests. Is it the beginning of the end for passwords? The post Google adds passkey option to replace passwords on Gmail and other account services appeared first on TechRepublic.
Krebs on Security
MAY 4, 2023
The U.S. government this week put a $10 million bounty on the head of a Russian man who for the past 18 years operated Try2Check , one of the cybercrime underground’s most trusted services for checking the validity of stolen credit card data. U.S. authorities say 43-year-old Denis Kulkov ‘s card-checking service made him at least $18 million, which he used to buy a Ferrari, Land Rover, and other luxury items.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
CSO Magazine
MAY 3, 2023
As artificial intelligence and machine learning models become more firmly woven into the enterprise IT fabric and the cyberattack infrastructure, security teams will need to level up their skills to meet a whole new generation of AI-based cyber risks. Forward-looking CISOs are already being called upon to think about newly emerging risks like generative AI-enabled phishing attacks that will be more targeted than ever or adversarial AI attacks that poison learning models to skew their output.
Tech Republic Security
MAY 4, 2023
Drawing from a recent HackerOne event, HackerOne study and GitLab survey, learn how economic uncertainties are driving budget cuts, layoffs and hiring freezes across the cybersecurity industry. The post HackerOne: How the economy is impacting cybersecurity teams appeared first on TechRepublic.
Bleeping Computer
MAY 3, 2023
An APT hacking group known as "Dragon Breath," "Golden Eye Dog," or "APT-Q-27" is demonstrating a new trend of using several complex variations of the classic DLL sideloading technique to evade detection. [.
Security Boulevard
MAY 2, 2023
PATCH NOW! Oh, wait, you can’t: “You are no longer connected to the internet,” it sneers. The post New Apple ‘Rapid’ Update is Slow, Messy FAIL appeared first on Security Boulevard.
Speaker: William Hord, Vice President of ERM Services
A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.
CSO Magazine
MAY 2, 2023
It’s no secret that humans are the biggest vulnerability to any corporate network. Whether it’s an inability to properly manage password complexity across multiple systems, poor social media habits, or even a lack of awareness with things like email links, online shopping, or app and software usage. A major problem for businesses, particularly in a post-COVID world with so many people working remotely, is the fact that these security challenges employees face extend very easily to their personal
Tech Republic Security
MAY 5, 2023
Google, Apple, Microsoft and other tech giants, as well as the FIDO Alliance, password managers and identity management vendors are all moving to passkeys, thanks to FIDO2. The post RIP World Password Day appeared first on TechRepublic.
Bleeping Computer
MAY 5, 2023
Security researchers warn that the 'Advanced Custom Fields' and 'Advanced Custom Fields Pro' WordPress plugins, with millions of installs, are vulnerable to cross-site scripting attacks (XSS). [.
CyberSecurity Insiders
MAY 1, 2023
Companies that fail to protect their customers’ information are likely to face lawsuits in the year 2023, as impacted customers are no longer willing to tolerate such acts at the expense of their privacy and financial losses. This legal turn is supported by a study conducted by BakerHostetler, which confirms that lawsuits against companies that suffer data breaches are becoming more common and may increase by the end of this year.
Speaker: Ronald Eddings, Cybersecurity Expert and Podcaster
So, you’ve accomplished an organization-wide SaaS adoption. It started slow, and now just a few team members might be responsible for running Salesforce, Slack, and a few others applications that boost productivity, but it’s all finished. Or is it? Through all the benefits offered by SaaS applications, it’s still a necessity to onboard providers as quickly as possible.
CSO Magazine
MAY 5, 2023
Google has announced a new entry-level cybersecurity certificate to teach learners how to identify common risks, threats, and vulnerabilities, as well as the techniques to mitigate them. Designed and taught by Google’s cybersecurity experts, the Google Cybersecurity Certificate aims to prepare learners for entry-level jobs in cybersecurity in less than six months with no prior experience required, create greater opportunities for people around the world, and help fill the growing number of open
Tech Republic Security
MAY 4, 2023
The U.K. government has released its annual Cyber Security Breaches Survey. Top cybersecurity threats, supply chain risks, incident responses and more are covered. The post Survey: State of cybersecurity in the UK appeared first on TechRepublic.
Bleeping Computer
MAY 4, 2023
Cisco has disclosed a vulnerability in the web-based management interface of Cisco SPA112 2-Port Phone Adapters, allowing an unauthenticated, remote attacker to execute arbitrary code on the devices. [.
Graham Cluley
MAY 4, 2023
Businesses should patch their TP-Link routers as soon as possible, after the revelation that a legendary IoT botnet is targeting them for recruitment. Read more in my article on the Tripwire State of Security blog.
Speaker: Karl Camilleri, Cloud Services Product Manager at phoenixNAP
Did you know that 2021 was a record-breaking year for ransomware? The days of a “once in a while” attack against businesses and organizations are over. Cyberthreats have become a serious issue. With 495.1 million attacks, the threat marked a 148% increase compared to 2020 and was the most expensive year on record! As a result, data protection needs to be a concern for most banks, businesses, and information technology specialists.
CSO Magazine
MAY 5, 2023
Implementing a sustainably effective security strategy is complex and challenging for even the most advanced organization. Organizations don’t operate in a vacuum. They rely on information and intelligence from others in the industry, including vendors, media reporting, government agencies, and their organizational peers. This expanded information ecosystem is a powerful benefit to organizations, extending their horizon and aiding them in meeting today's security challenges while bolstering defe
Tech Republic Security
MAY 4, 2023
Read about the features of Ubuntu Pro, and find out how to get it on AWS. The post Ubuntu Pro now available on Amazon Web Services appeared first on TechRepublic.
Bleeping Computer
MAY 4, 2023
A new Android subscription malware named 'Fleckpe' has been spotted on Google Play, the official Android app store, disguised as legitimate apps downloaded over 620,000 times. [.
The Hacker News
MAY 4, 2023
Meta said it took steps to take down more than 1,000 malicious URLs from being shared across its services that were found to leverage OpenAI's ChatGPT as a lure to propagate about 10 malware families since March 2023.
Speaker: Dr. Karen Hardy, CEO and Chief Risk Officer of Strategic Leadership Advisors LLC
Communication is a core component of a resilient organization's risk management framework. However, risk communication involves more than just reporting information and populating dashboards, and we may be limiting our skillset. Storytelling is the ability to express ideas and convey messages to others, including stakeholders. When done effectively, it can help interpret complex risk environments for leaders and inform their decision-making.
CSO Magazine
MAY 1, 2023
In the shadowy corners of the tech world, there are plenty of stories of admins locking organizations out of their own IT environment, greedy employees selling data, or security engineers backdooring the network. The motivations for these acts can touch on anything from financial gain to revenge, and the consequences are generally disastrous for everyone involved.
Tech Republic Security
MAY 2, 2023
Domain security firm Infoblox discovered a command-and-control exploit that, while extremely rare and complex, could be a warning growl from a new, as-yet anonymous state actor. The post Infoblox discovers rare Decoy Dog C2 exploit appeared first on TechRepublic.
Bleeping Computer
MAY 2, 2023
The FBI and Ukrainian police have seized nine cryptocurrency exchange websites that facilitated money laundering for scammers and cybercriminals, including ransomware actors. [.
The Hacker News
MAY 4, 2023
Three new security flaws have been disclosed in Microsoft Azure API Management service that could be abused by malicious actors to gain access to sensitive information or backend services. This includes two server-side request forgery (SSRF) flaws and one instance of unrestricted file upload functionality in the API Management developer portal, according to Israeli cloud security firm Ermetic.
Speaker: P. Andrew Sjogren, Sr. Product Marketing Manager at Very Good Security, Matt Doka, Co-Founder and CTO of Fivestars, and Steve Andrews, President & CEO of the Western Bankers Association
PCI compliance can feel challenging and sometimes the result feels like you are optimizing more for security and compliance than you are for business outcomes. The key is to take the right strategy to PCI compliance that gets you both. In this webinar, we have a great set of panelists who will take you through how Zero Data strategies can be used as part of a well-rounded compliance and security approach, and get you to market much sooner by also allowing for payment optimization.
CSO Magazine
MAY 4, 2023
The Biden administration today announced a new effort to address the risks around generative artificial intelligence (AI), which has been advancing at breakneck speeds and setting off alarm bells among industry experts. Vice President Kamala Harris and other administration officials are scheduled to meet today with the CEOs of Google, Microsoft, OpenAI, the creator of the popular ChatGPT chatbot, as well as with AI-startup Anthropic.
CyberSecurity Insiders
MAY 3, 2023
By: Craig Debban , Chief Information Security Officer, QuSecure, Inc. As you may have noticed, daily headlines around quantum computing and its impact on technologies are becoming commonplace. This is driven by the fact that quantum computers will be able to perform certain types of calculations much faster than the classical computers we all use today.
Bleeping Computer
APRIL 30, 2023
The Computer Emergency Response Team of Ukraine (CERT-UA) says Russian hackers are targeting various government bodies in the country with malicious emails supposedly containing instructions on how to update Windows as a defense against cyber attacks. [.
Dark Reading
MAY 2, 2023
The cyberattack campaign, similar to one to spread the Rhadamanthys Stealer, is part of a larger trend by attackers to use malvertising as initial access for ransomware and other threat activity.
Speaker: Mike Cramer, Director of HIPAA & Data Security at The Word & Brown Companies
The COVID-19 pandemic forced many people into working remotely, opening the floodgates for a host of digital compliance issues. Now that companies are slowly allowing employees to return to work at the office, it's time to re-evaluate your company’s posture towards privacy and security. This is especially vital if your workers were (and still are!) using company equipment from home, or are still working remotely.
Expert insights. Personalized for you.
236 
Let's personalize your content