CyberSecurity Insiders

APRIL 23, 2023

In recent years, the term “offensive cyber capabilities” has become increasingly common in discussions around national security and military strategies. Offensive cyber capabilities refer to the ability of a nation or organization to launch cyber attacks on other countries, groups, or individuals. Offensive cyber capabilities are a powerful tool in modern warfare, as they can be used to disrupt enemy operations, steal sensitive information, and even cause physical damage to infrastru

Cyber Attacks 121

Cyber Attacks Technology Government Ransomware 121

Schneier on Security

APRIL 24, 2023

In an open letter , seven secure messaging apps—including Signal and WhatsApp—point out that the UK’s Online Safety Bill could destroy end-to-end encryption: As currently drafted, the Bill could break end-to-end encryption,opening the door to routine, general and indiscriminate surveillance of personal messages of friends, family members, employees, executives, journalists, human rights activists and even politicians themselves, which would fundamentally undermine everyone’s ab

Encryption 307

Encryption Surveillance Government 307

Krebs on Security

APRIL 27, 2023

A shocking number of organizations — including banks and healthcare providers — are leaking private and sensitive information from their public Salesforce Community websites, KrebsOnSecurity has learned. The data exposures all stem from a misconfiguration in Salesforce Community that allows an unauthenticated user to access records that should only be available after logging in.

Banking 299

Banking Government Information Security Authentication 299

Troy Hunt

APRIL 27, 2023

I stand by my expression in the image above. It's a perfectly accurate representation of how I looked after receiving the CityJerks breach, clicking on the link to the website then seeing what it actually was 😳 Fortunately, the published email address on their site did go through to someone at TruckerSucker (😳😳) so they're aware of the breach and that it's circulating broadly via a public hacking website.

Accountability 220

Accountability Hacking 220

Advertisement

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.

Cybersecurity

Tech Republic Security

APRIL 26, 2023

IBM said the new cybersecurity platform is a unified interface that streamlines analyst response across the full attack lifecycle and includes AI and automation capabilities shown to speed alert triage by 55%. The post IBM launches QRadar Security Suite for accelerated threat detection and response appeared first on TechRepublic.

Threat Detection 192

Threat Detection Cybersecurity 192

Schneier on Security

APRIL 27, 2023

Stanford and Georgetown have a new report on the security risks of AI—particularly adversarial machine learning—based on a workshop they held on the topic. Jim Dempsey, one of the workshop organizers, wrote a blog post on the report: As a first step, our report recommends the inclusion of AI security concerns within the cybersecurity programs of developers and users.

Risk 249

Risk Cybersecurity Government Engineering 249

Security Boulevard

APRIL 25, 2023

2FA OTP ASAP? Google Authenticator app now syncs your secrets: No stress if you break your phone. The post FINALLY! Google Makes 2FA App Useable — BUT There’s a Catch appeared first on Security Boulevard.

Authentication 144

Authentication Social Engineering Security Awareness Engineering 144

Tech Republic Security

APRIL 28, 2023

Data synced between devices with the new Google Authenticator app update could be viewed by third parties. Google says the app works as planned. The post Google’s 2FA app update lacks end-to-end encryption, researchers find appeared first on TechRepublic.

Encryption 182

Encryption Authentication Big data Mobile 182

Schneier on Security

APRIL 28, 2023

My latest book, A Hacker’s Mind , is filled with stories about the rich and powerful hacking systems, but it was hard to find stories of the hacking by the less powerful. Here’s one I just found. An article on how layoffs at big companies work inadvertently suggests an employee hack to avoid being fired: …software performs a statistical analysis during terminations to see if certain groups are adversely affected, said such reviews can uncover other problems.

Hacking 232

Hacking Software 232

CSO Magazine

APRIL 28, 2023

The Cloud Security Alliance (CSA) has revealed five ways malicious actors can use ChatGPT to enhance their attack toolset in a new report exploring the cybersecurity implications of large language models (LLMs). The Security Implications of ChatGPT paper details how threat actors can exploit AI-driven systems in different aspects of cyberattacks including enumeration, foothold assistance, reconnaissance, phishing, and the generation of polymorphic code.

Phishing 138

Phishing Cybersecurity 138

Speaker: Speakers:

In today's digital age, having an untrained workforce can be a significant risk to your business. Cyber threats are evolving; without proper training, your employees could be the weakest link in your defense. This webinar empowers leaders like you with the tools and strategies needed to transform your employees into a robust frontline defense against cyber attacks.

Cyber Attacks

Security Boulevard

APRIL 28, 2023

40-year-old code: Starting with ancient, vulnerable legacy, Redmond team is rewriting chunks in the trendy secure language. The post Rust in Windows — it’s Official — Safe and Fast appeared first on Security Boulevard.

Security Awareness 143

Security Awareness IoT Ransomware Cybersecurity 143

Tech Republic Security

APRIL 26, 2023

This recent survey reveals the top 10 companies seeking cybersecurity professionals; the list includes Deloitte, VMware and IBM. The post Find high-paying cybersecurity and IT support jobs in these U.S. cities appeared first on TechRepublic.

Cybersecurity 171

Cybersecurity 171

CyberSecurity Insiders

APRIL 28, 2023

Google has issued a ban on approximately 173,000 application developers who tried various methods to get their software published on its Play Store. The web search giant has officially confirmed that it has weeded out a large number of bad accounts and has announced that it will raise the bar even further this year. According to a source at the technology giant, the company has taken stringent action against those spreading malware and spying tools under the guise of renowned applications and wi

Accountability 135

Accountability Internet Internet Government 135

CSO Magazine

APRIL 27, 2023

Cyber experts from the SANS Institute have revealed the five most dangerous new attack techniques being used by attackers including cyber criminals and nation-state actors. They were presented in a session at the RSA Conference in San Francisco, where a panel of SANS analysts explored emerging Tactics, Techniques, and Procedures (TTPs) and advised organizations on how to prepare for them.

Social Engineering 137

Social Engineering Cyber Attacks Advertising Engineering 137

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

WIRED Threat Level

APRIL 27, 2023

No matter what happens with generative AI, its disruptive forces are already beginning to play a role in the fast-approaching US presidential race.

Artificial Intelligence 145

Artificial Intelligence 145

Tech Republic Security

APRIL 28, 2023

The U.S., Europe and Ukraine are reportedly targets in this malware threat. Learn how to protect affected Cisco routers. The post Threat actor APT28 targets Cisco routers with an old vulnerability appeared first on TechRepublic.

Malware 169

Malware Cybersecurity Network Security 169

Bleeping Computer

APRIL 22, 2023

The enterprise-targeting Bumblebee malware is distributed through Google Ads and SEO poisoning that promote popular software like Zoom, Cisco AnyConnect, ChatGPT, and Citrix Workspace. [.

Malware 131

Malware Ransomware Software 131

CSO Magazine

APRIL 24, 2023

One of the greatest fears among government officials and security experts is a crippling cyberattack on industrial organizations that run essential services, including electricity, water, oil and gas production, and manufacturing systems. The proprietary and complex nature of the operational technology (OT) tools used in these systems, not to mention their rapid convergence with IT technology, makes securing OT systems a chronic, high-stakes challenge.

Manufacturing 126

Manufacturing Technology Government 126

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

WIRED Threat Level

APRIL 28, 2023

In May 2020, the US Department of Justice noticed Russian hackers in its network but did not realize the significance of what it had found for six months.

Hacking 140

Hacking 140

Tech Republic Security

APRIL 25, 2023

Cisco took the stage at RSA 2023 to tout extended detection and response as key to a unified cross-domain security platform, plus new Duo MFA features. The post RSA: Cisco launches XDR, with focus on platform-based cybersecurity appeared first on TechRepublic.

Cybersecurity 161

Cybersecurity Authentication 161

Bleeping Computer

APRIL 24, 2023

A new side-channel attack impacting multiple generations of Intel CPUs has been discovered, allowing data to be leaked through the EFLAGS register. [.

137

137

CSO Magazine

APRIL 24, 2023

The hacking group responsible for the supply-chain attack targeting VoIP company 3CX also breached two critical infrastructure organizations in the energy sector and two financial trading organizations using the trojanized X_TRADER application, according to a report by Symantec. Among the two affected critical infrastructure organizations, one is located in the US while the other is in Europe, Symantec told Bleeping Computer.

Hacking 125

Hacking 125

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

CyberSecurity Insiders

APRIL 27, 2023

Apple Inc’s released products are known for their progressive innovation, and the best example to prove it is the invention of a glass-driven touch screen that was first introduced to the world via the first iPhone in-series and is now a part of every electronic appliance in today’s world. As expected, the next version of iOS 17, which might be unveiled in about a couple of months or so, is also expected to have mind-blowing features, and leaks suggest that it will include a feature that c

Software 123

Software Technology Hacking Cybersecurity 123

Tech Republic Security

APRIL 24, 2023

PURPOSE This Mobile Device Security Policy from TechRepublic Premium provides guidelines for mobile device security needs in order to protect businesses and their employees. This policy can be customized as needed to fit the needs of your organization. From the policy: REQUIREMENT FOR USERS If using a company-owned device, ensure that all mobile device use.

Mobile 148

Mobile 148

Bleeping Computer

APRIL 28, 2023

Americold, a leading cold storage and logistics company, has been facing IT issues since its network was breached on Tuesday night. [.

142

142

Security Boulevard

APRIL 24, 2023

Torq, today at the RSA 2023 conference, launched a hyperautomation platform for automating cybersecurity workflows and processes that includes an analytics capability enabled by a generative artificial intelligence (AI) capability. Torq co-founder and CTO Leonid Belkin said the Torq Hyperautomation Platform is distinguished from legacy security operations automation and response (SOAR) platforms in that it.

Artificial Intelligence 123

Artificial Intelligence Cybersecurity 123

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

CyberSecurity Insiders

APRIL 25, 2023

The Quad nations comprising India, Japan, Australia, and the United States will reach an agreement on how to create a collective approach to blocking cyber attacks on critical public infrastructure, such as the power and communication sectors. The Quad countries have devised a plan to meet next month in Australia to reach an agreement on how to involve, deal with, and address state-funded attacks on national infrastructure.

Cyber Attacks 123

Cyber Attacks Ransomware Cybersecurity 123

Tech Republic Security

APRIL 23, 2023

PURPOSE Every enterprise needs to establish a plan of action to assess and then recover from unauthorized access to its network. This policy from TechRepublic Premium provides a foundation from which to start building your specific procedures. From the policy: ASSIGN AN INCIDENT RESPONSE TEAM An incident response team should be put together and a. The post Incident response policy appeared first on TechRepublic.

130

130

Bleeping Computer

APRIL 27, 2023

Microsoft says Windows 10, version 22H2 will be the last feature update to be released for the Windows 10 operating system. [.

145

145

Security Boulevard

APRIL 26, 2023

When the Cybersecurity and Infrastructure Security Agency (CISA) announced its guidelines to promote better security of the software supply chain, the agency touted the software bill of materials (SBOM) as “a key building block in software security and software supply chain risk management.” One of the key areas in CISA’s strategy is to improve security.

Software 121

Software Risk Cybersecurity Security Awareness 121

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity