Krebs on Security
APRIL 3, 2023
John Clifton Davies , a 60-year-old con man from the United Kingdom who fled the country in 2015 before being sentenced to 12 years in prison for fraud, has enjoyed a successful life abroad swindling technology startups by pretending to be a billionaire investor. Davies’ newest invention appears to be “ CodesToYou ,” which purports to be a “full cycle software development company” based in the U.K.
Schneier on Security
APRIL 6, 2023
New research: “ Achilles Heels for AGI/ASI via Decision Theoretic Adversaries “: As progress in AI continues to advance, it is important to know how advanced systems will make choices and in what ways they may fail. Machines can already outsmart humans in some domains, and understanding how to safely build ones which may have capabilities at or above the human level is of particular concern.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Troy Hunt
APRIL 1, 2023
Most of this week's video went on talking about the UniFi Dream Wall. What a unit! I mean it's big, but then it wraps a lot of stuff up in the one device too. If you watch this and have thoughts on how I can integrate it into the new garage such that it doesn't clash with the dark theme, I'd love to hear about it. I'll share more once I set it up in the coming weeks but for now, enjoy this week's video 🙂 References The UniFi Dream Wall is an impressive unit
Lohrman on Security
APRIL 2, 2023
NATO countries are facing a growing breadth and depth of nation-state cyber attacks as Russia, China, Iran and other countries increase military cyber cooperation.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Krebs on Security
APRIL 4, 2023
Several domain names tied to Genesis Market , a bustling cybercrime store that sold access to passwords and other data stolen from millions of computers infected with malicious software, were seized by the Federal Bureau of Investigation (FBI) today. Sources tell KrebsOnsecurity the domain seizures coincided with “dozens” of arrests in the United States and abroad targeting those who allegedly operated the service, as well as suppliers who continuously fed Genesis Market with freshly
Schneier on Security
APRIL 5, 2023
Genesis Market is shut down : Active since 2018, Genesis Market’s slogan was, “Our store sells bots with logs, cookies, and their real fingerprints.” Customers could search for infected systems with a variety of options, including by Internet address or by specific domain names associated with stolen credentials. But earlier today, multiple domains associated with Genesis had their homepages replaced with a seizure notice from the FBI, which said the domains were seized pursuan
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Tech Republic Security
APRIL 3, 2023
Some 43% of employees have been targeted with work-related phishing attacks on their personal devices, says a survey from SlashNext. The post BYOD and personal apps: A recipe for data breaches appeared first on TechRepublic.
Bleeping Computer
APRIL 7, 2023
Amazon has banned the sale of the Flipper Zero portable multi-tool for pen-testers as it no longer allows its sale on the platform after tagging it as a card-skimming device. [.
Security Boulevard
APRIL 3, 2023
Déjà Vu: Hack of WD systems leads to My Cloud service outage. Owners unable to access files. The post Western Digital Hacked: ‘My Cloud’ Data Dead (Even Local Storage!) appeared first on Security Boulevard.
eSecurity Planet
APRIL 7, 2023
Kali Linux turns 10 this year, and to celebrate, the Linux penetration testing distribution has added defensive security tools to its arsenal of open-source security tools. It remains to be seen if Kali Purple will do for defensive open source security tools what Kali Linux has done for open source pentesting, but the addition of more than 100 open source tools for SIEM , incident response , intrusion detection and more should raise the profile of those defensive tools.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Tech Republic Security
APRIL 3, 2023
A new report for cybersecurity firm WithSecure suggests that most companies are investing in security solutions that are tactical and reactive, but not in line with strategic aims of an organization. The post Cybersecurity unaligned with business goals is reactive … and flawed: Study appeared first on TechRepublic.
Bleeping Computer
APRIL 4, 2023
HP announced in a security bulletin this week that it would take up to 90 days to patch a critical-severity vulnerability that impacts the firmware of certain business-grade printers. [.
Security Boulevard
APRIL 4, 2023
$8.50 per child: UK regulator punishes TikTok at 5.5% of revenue. Says app illegally tracked children. The post TikTok Abused Kids’ Data — UK Fines it $16 Million appeared first on Security Boulevard.
Dark Reading
APRIL 5, 2023
Using only ChatGPT prompts, a Forcepoint researcher convinced the AI to create malware for finding and exfiltrating specific documents, despite its directive to refuse malicious requests.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Tech Republic Security
APRIL 7, 2023
Joe Burton, CEO of digital identity company Telesign, talks to TechRepublic about how the “fuzzy” realm between statistical analysis and AI can fuel global, fast, accurate identity. The post Company that launched 2FA is pioneering AI for digital identity appeared first on TechRepublic.
Bleeping Computer
APRIL 3, 2023
Hackers are adding malicious functionality to WinRAR self-extracting archives that contain harmless decoy files, allowing them to plant backdoors without triggering the security agent on the target system. [.
Security Boulevard
APRIL 7, 2023
I guess I’m banned from Twitter now: Tesla employees mocked and memeified private photos and videos. Firm’s message boards were full of the stuff. The post Tesla Staff Shared Saucy Snaps of Customers (Sources Say) appeared first on Security Boulevard.
CyberSecurity Insiders
APRIL 5, 2023
Cybersecurity fatigue is genuine, and hackers are benefiting from it. The constant pressure to frequently update the software and stay precautionary of fraudulent emails is exhausting. Therefore, even minor mistakes can have critical consequences. Cybercrime risk is rising, security vulnerabilities are increasing, and the cybersecurity industry is rapidly developing.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Tech Republic Security
APRIL 7, 2023
Google's Threat Analysis Group reported on a subset of APT43 called Archipelago and detailed how the company is trying to protect users. The post Cyberespionage threat actor APT43 targets US, Europe, Japan and South Korea appeared first on TechRepublic.
Bleeping Computer
APRIL 1, 2023
Fake extortionists are piggybacking on data breaches and ransomware incidents, threatening U.S. companies with publishing or selling allegedly stolen data unless they get paid. [.
Security Boulevard
APRIL 1, 2023
The post What is the impact of AI on cyber security awareness? appeared first on Click Armor. The post What is the impact of AI on cyber security awareness? appeared first on Security Boulevard.
SecureList
APRIL 3, 2023
On March 29, Crowdstrike published a report about a supply chain attack conducted via 3CXDesktopApp, a popular VoIP program. Since then, the security community has started analyzing the attack and sharing their findings. The following has been discovered so far: The infection is spread via 3CXDesktopApp MSI installers. An installer for macOS has also been trojanized.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Tech Republic Security
APRIL 5, 2023
Windscribe has functions you probably didn’t know you need and is offering new users best-on-web pricing for one-to-three-year subscriptions. The post Get two years of ultimate VPN protection on unlimited connections for only $60 appeared first on TechRepublic.
Bleeping Computer
APRIL 1, 2023
Dish Network has been slapped with multiple class action lawsuits after it suffered a ransomware incident that was behind the company's multi-day "network outage." The legal actions aim to recover losses faced by DISH investors who were adversely affected by what has been dubbed a "securities fraud." [.
Security Boulevard
APRIL 7, 2023
As a cybersecurity professional, vulnerabilities and exploits can be exhausting, never-ending and the bane of your existence. It is hard to prioritize what matters to you and your organization when you are staring at thousands of vulnerabilities, especially when you also consider those that might impact your supply chain and third-party vendors! Earlier this year, The post Don’t Get Burned (Out) by Cloud Vulnerabilities appeared first on Security Boulevard.
CyberSecurity Insiders
APRIL 7, 2023
In today’s world, almost everyone owns a smartphone. In fact, it has become a necessity rather than a materialistic want. To secure the device from fraudulent access, mobile operating system manufacturers are coming up with various security features, among which phone PIN is the most commonly used option. However, according to a research study carried out by the SANS Institute, the most commonly used PIN on mobile phones is 1234.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Tech Republic Security
APRIL 7, 2023
Learn how IPFS is used in phishing attacks and why it’s especially tricky to remove the impacted pages, as well as how to protect from this security threat. The post More phishing campaigns are using IPFS network protocol appeared first on TechRepublic.
Bleeping Computer
APRIL 7, 2023
Apple has released emergency security updates to address two new zero-day vulnerabilities exploited in attacks to compromise iPhones, Macs, and iPads. [.
WIRED Threat Level
APRIL 3, 2023
An agency database WIRED obtained reveals widespread use of so-called 1509 summonses that experts say raises the specter of potential abuse.
CyberSecurity Insiders
APRIL 3, 2023
The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. Mobile device management (MDM) refers to a type of software that allows businesses to manage, configure and secure mobile devices used by their employees. Companies use MDM solutions to maintain a secure environment across all the mobile devices they own or have access to, as well as provide features such as re
Speaker: William Hord, Vice President of ERM Services
A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.
Expert insights. Personalized for you.
207 
Let's personalize your content