Lohrman on Security
APRIL 30, 2023
Yes, generative AI stole the show at RSA Conference 2023 in San Francisco last week. Here’s a roundup of the top news from the biggest cybersecurity conference in the world.
Krebs on Security
MAY 2, 2023
A sprawling online company based in Georgia that has made tens of millions of dollars purporting to sell access to jobs at the United States Postal Service (USPS) has exposed its internal IT operations and database of nearly 900,000 customers. The leaked records indicate the network’s chief technology officer in Pakistan has been hacked for the past year, and that the entire operation was created by the principals of a Tennessee-based telemarketing firm that has promoted USPS employment we
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Schneier on Security
MAY 2, 2023
NIST has release a draft of Special Publication1800-38A: Migration to Post-Quantum Cryptography: Preparation for Considering the Implementation and Adoption of Quantum Safe Cryptography.” It’s only four pages long, and it doesn’t have a lot of detail—more “volumes” are coming, with more information—but it’s well worth reading.
Tech Republic Security
MAY 4, 2023
Drawing from a recent HackerOne event, HackerOne study and GitLab survey, learn how economic uncertainties are driving budget cuts, layoffs and hiring freezes across the cybersecurity industry. The post HackerOne: How the economy is impacting cybersecurity teams appeared first on TechRepublic.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Security Boulevard
MAY 2, 2023
PATCH NOW! Oh, wait, you can’t: “You are no longer connected to the internet,” it sneers. The post New Apple ‘Rapid’ Update is Slow, Messy FAIL appeared first on Security Boulevard.
Krebs on Security
MAY 4, 2023
The U.S. government this week put a $10 million bounty on the head of a Russian man who for the past 18 years operated Try2Check , one of the cybercrime underground’s most trusted services for checking the validity of stolen credit card data. U.S. authorities say 43-year-old Denis Kulkov ‘s card-checking service made him at least $18 million, which he used to buy a Ferrari, Land Rover, and other luxury items.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Tech Republic Security
MAY 4, 2023
Storing passkeys directly on devices will cut down on successful phishing, Google suggests. Is it the beginning of the end for passwords? The post Google adds passkey option to replace passwords on Gmail and other account services appeared first on TechRepublic.
CSO Magazine
MAY 5, 2023
Google has announced a new entry-level cybersecurity certificate to teach learners how to identify common risks, threats, and vulnerabilities, as well as the techniques to mitigate them. Designed and taught by Google’s cybersecurity experts, the Google Cybersecurity Certificate aims to prepare learners for entry-level jobs in cybersecurity in less than six months with no prior experience required, create greater opportunities for people around the world, and help fill the growing number of open
CyberSecurity Insiders
MAY 1, 2023
Companies that fail to protect their customers’ information are likely to face lawsuits in the year 2023, as impacted customers are no longer willing to tolerate such acts at the expense of their privacy and financial losses. This legal turn is supported by a study conducted by BakerHostetler, which confirms that lawsuits against companies that suffer data breaches are becoming more common and may increase by the end of this year.
Bleeping Computer
MAY 3, 2023
The Russian 'Sandworm' hacking group has been linked to an attack on Ukrainian state networks where WinRar was used to destroy data on government devices. [.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Tech Republic Security
MAY 5, 2023
Google, Apple, Microsoft and other tech giants, as well as the FIDO Alliance, password managers and identity management vendors are all moving to passkeys, thanks to FIDO2. The post RIP World Password Day appeared first on TechRepublic.
Graham Cluley
MAY 4, 2023
Businesses should patch their TP-Link routers as soon as possible, after the revelation that a legendary IoT botnet is targeting them for recruitment. Read more in my article on the Tripwire State of Security blog.
CyberSecurity Insiders
MAY 3, 2023
By: Craig Debban , Chief Information Security Officer, QuSecure, Inc. As you may have noticed, daily headlines around quantum computing and its impact on technologies are becoming commonplace. This is driven by the fact that quantum computers will be able to perform certain types of calculations much faster than the classical computers we all use today.
Bleeping Computer
MAY 3, 2023
The City of Dallas, Texas, has suffered a Royal ransomware attack, causing it to shut down some of its IT systems to prevent the attack's spread. [.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Tech Republic Security
MAY 4, 2023
The U.K. government has released its annual Cyber Security Breaches Survey. Top cybersecurity threats, supply chain risks, incident responses and more are covered. The post Survey: State of cybersecurity in the UK appeared first on TechRepublic.
CSO Magazine
MAY 4, 2023
The Biden administration today announced a new effort to address the risks around generative artificial intelligence (AI), which has been advancing at breakneck speeds and setting off alarm bells among industry experts. Vice President Kamala Harris and other administration officials are scheduled to meet today with the CEOs of Google, Microsoft, OpenAI, the creator of the popular ChatGPT chatbot, as well as with AI-startup Anthropic.
CyberSecurity Insiders
MAY 1, 2023
Social engineering is a term used to describe the manipulation of people into revealing sensitive information or performing actions that they otherwise wouldn’t. It is an ever-increasing threat to cybersecurity, as it can be used to gain unauthorized access to systems, steal sensitive data, or carry out fraudulent activities. Social engineering is an age-old tactic that is often used in phishing attacks.
Bleeping Computer
MAY 5, 2023
Security researchers warn that the 'Advanced Custom Fields' and 'Advanced Custom Fields Pro' WordPress plugins, with millions of installs, are vulnerable to cross-site scripting attacks (XSS). [.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Tech Republic Security
MAY 4, 2023
Read about the features of Ubuntu Pro, and find out how to get it on AWS. The post Ubuntu Pro now available on Amazon Web Services appeared first on TechRepublic.
CSO Magazine
MAY 3, 2023
As artificial intelligence and machine learning models become more firmly woven into the enterprise IT fabric and the cyberattack infrastructure, security teams will need to level up their skills to meet a whole new generation of AI-based cyber risks. Forward-looking CISOs are already being called upon to think about newly emerging risks like generative AI-enabled phishing attacks that will be more targeted than ever or adversarial AI attacks that poison learning models to skew their output.
CyberSecurity Insiders
MAY 2, 2023
Cyber swindlers, also known as cyber fraudsters, are individuals or groups who use the internet and technology to commit fraud or deception for financial gain. They use various methods, such as phishing scams, identity theft, credit card fraud, and other forms of online scams to steal money or sensitive information from their victims. Some cyber swindlers use sophisticated techniques to deceive their targets, such as creating fake websites or emails that look like legitimate businesses or organi
Bleeping Computer
MAY 2, 2023
The FBI and Ukrainian police have seized nine cryptocurrency exchange websites that facilitated money laundering for scammers and cybercriminals, including ransomware actors. [.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Tech Republic Security
MAY 2, 2023
Domain security firm Infoblox discovered a command-and-control exploit that, while extremely rare and complex, could be a warning growl from a new, as-yet anonymous state actor. The post Infoblox discovers rare Decoy Dog C2 exploit appeared first on TechRepublic.
Security Boulevard
MAY 4, 2023
Introduction With more individuals having access to the internet, the world has undergone a profound change. The situation has altered as a result of how we now communicate and complete daily duties. By entering our personal information online, we can share documents, make payments online, and buy items. But are we aware that disclosing our […] The post GDPR Compliant – Considering Security A Top Priority appeared first on Kratikal Blogs.
CSO Magazine
MAY 1, 2023
In the shadowy corners of the tech world, there are plenty of stories of admins locking organizations out of their own IT environment, greedy employees selling data, or security engineers backdooring the network. The motivations for these acts can touch on anything from financial gain to revenge, and the consequences are generally disastrous for everyone involved.
Bleeping Computer
MAY 4, 2023
Cisco has disclosed a vulnerability in the web-based management interface of Cisco SPA112 2-Port Phone Adapters, allowing an unauthenticated, remote attacker to execute arbitrary code on the devices. [.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Tech Republic Security
MAY 2, 2023
At the RSA Conference Akamai launched a new security platform for fake websites and touted its focus on protecting application protocol interfaces, or APIs. The post At RSA, Akamai put focus on fake sites, API vulnerabilities appeared first on TechRepublic.
Security Boulevard
MAY 1, 2023
EV applications usually interact with each other and third-party services and platforms via APIs or JavaScript plugins. These applications process both sensitive, personal driver information and information about the vehicle. In addition, they are also connected to sophisticated back-end infrastructure(s) that manage the efficient distribution of electricity to endpoint chargers.
CSO Magazine
MAY 2, 2023
It’s no secret that humans are the biggest vulnerability to any corporate network. Whether it’s an inability to properly manage password complexity across multiple systems, poor social media habits, or even a lack of awareness with things like email links, online shopping, or app and software usage. A major problem for businesses, particularly in a post-COVID world with so many people working remotely, is the fact that these security challenges employees face extend very easily to their personal
Bleeping Computer
APRIL 30, 2023
The Computer Emergency Response Team of Ukraine (CERT-UA) says Russian hackers are targeting various government bodies in the country with malicious emails supposedly containing instructions on how to update Windows as a defense against cyber attacks. [.
Speaker: William Hord, Vice President of ERM Services
A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.
Expert insights. Personalized for you.
238 
Let's personalize your content