CyberSecurity Insiders

APRIL 23, 2023

In recent years, the term “offensive cyber capabilities” has become increasingly common in discussions around national security and military strategies. Offensive cyber capabilities refer to the ability of a nation or organization to launch cyber attacks on other countries, groups, or individuals. Offensive cyber capabilities are a powerful tool in modern warfare, as they can be used to disrupt enemy operations, steal sensitive information, and even cause physical damage to infrastru

Cyber Attacks 137

Cyber Attacks Ransomware Cybersecurity Government 137

Schneier on Security

APRIL 24, 2023

In an open letter , seven secure messaging apps—including Signal and WhatsApp—point out that the UK’s Online Safety Bill could destroy end-to-end encryption: As currently drafted, the Bill could break end-to-end encryption,opening the door to routine, general and indiscriminate surveillance of personal messages of friends, family members, employees, executives, journalists, human rights activists and even politicians themselves, which would fundamentally undermine everyone’s ab

Encryption 331

Encryption Surveillance Government 331

Krebs on Security

APRIL 27, 2023

A shocking number of organizations — including banks and healthcare providers — are leaking private and sensitive information from their public Salesforce Community websites, KrebsOnSecurity has learned. The data exposures all stem from a misconfiguration in Salesforce Community that allows an unauthenticated user to access records that should only be available after logging in.

Banking 295

Banking Information Security CISO Data breaches 295

Troy Hunt

APRIL 27, 2023

I stand by my expression in the image above. It's a perfectly accurate representation of how I looked after receiving the CityJerks breach, clicking on the link to the website then seeing what it actually was 😳 Fortunately, the published email address on their site did go through to someone at TruckerSucker (😳😳) so they're aware of the breach and that it's circulating broadly via a public hacking website.

Hacking 225

Hacking Accountability 225

Speaker: William Hord, Senior VP of Risk & Professional Services

Enterprise Risk Management (ERM) is critical for industry growth in today’s fast-paced and ever-changing risk landscape. When building your ERM program foundation, you need to answer questions like: Do we have robust board and management support? Do we understand and articulate our bank’s risk appetite and how that impacts our business units? How are we measuring and rating our risk impact, likelihood, and controls to mitigate our risk?

Banking

Tech Republic Security

APRIL 26, 2023

IBM said the new cybersecurity platform is a unified interface that streamlines analyst response across the full attack lifecycle and includes AI and automation capabilities shown to speed alert triage by 55%. The post IBM launches QRadar Security Suite for accelerated threat detection and response appeared first on TechRepublic.

Threat Detection 193

Threat Detection Cybersecurity 193

Schneier on Security

APRIL 27, 2023

Stanford and Georgetown have a new report on the security risks of AI—particularly adversarial machine learning—based on a workshop they held on the topic. Jim Dempsey, one of the workshop organizers, wrote a blog post on the report: As a first step, our report recommends the inclusion of AI security concerns within the cybersecurity programs of developers and users.

Risk 273

Risk Cybersecurity Government Engineering 273

Security Boulevard

APRIL 28, 2023

40-year-old code: Starting with ancient, vulnerable legacy, Redmond team is rewriting chunks in the trendy secure language. The post Rust in Windows — it’s Official — Safe and Fast appeared first on Security Boulevard.

Security Awareness 143

Security Awareness Ransomware IoT Cybersecurity 143

Tech Republic Security

APRIL 28, 2023

Data synced between devices with the new Google Authenticator app update could be viewed by third parties. Google says the app works as planned. The post Google’s 2FA app update lacks end-to-end encryption, researchers find appeared first on TechRepublic.

Encryption 190

Encryption Authentication Big data Mobile 190

Schneier on Security

APRIL 25, 2023

Following a report on its activities , the Israeli spyware company QuaDream has shut down. This was QuadDream: Key Findings Based on an analysis of samples shared with us by Microsoft Threat Intelligence , we developed indicators that enabled us to identify at least five civil society victims of QuaDream’s spyware and exploits in North America, Central Asia, Southeast Asia, Europe, and the Middle East.

Spyware 273

Spyware Manufacturing Internet Internet 273

CSO Magazine

APRIL 28, 2023

The Cloud Security Alliance (CSA) has revealed five ways malicious actors can use ChatGPT to enhance their attack toolset in a new report exploring the cybersecurity implications of large language models (LLMs). The Security Implications of ChatGPT paper details how threat actors can exploit AI-driven systems in different aspects of cyberattacks including enumeration, foothold assistance, reconnaissance, phishing, and the generation of polymorphic code.

Phishing 144

Phishing Cybersecurity 144

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

Risk

Security Boulevard

APRIL 25, 2023

2FA OTP ASAP? Google Authenticator app now syncs your secrets: No stress if you break your phone. The post FINALLY! Google Makes 2FA App Useable — BUT There’s a Catch appeared first on Security Boulevard.

Authentication 144

Authentication Security Awareness Social Engineering Network Security 144

Tech Republic Security

APRIL 26, 2023

This recent survey reveals the top 10 companies seeking cybersecurity professionals; the list includes Deloitte, VMware and IBM. The post Find high-paying cybersecurity and IT support jobs in these U.S. cities appeared first on TechRepublic.

Cybersecurity 177

Cybersecurity 177

Schneier on Security

APRIL 26, 2023

There’s good reason to fear that A.I. systems like ChatGPT and GPT4 will harm democracy. Public debate may be overwhelmed by industrial quantities of autogenerated argument. People might fall down political rabbit holes, taken in by superficially convincing b t, or obsessed by folies à deux relationships with machine personalities that don’t really exist.

Government 255

Government Technology Engineering Software 255

CyberSecurity Insiders

APRIL 28, 2023

Google has issued a ban on approximately 173,000 application developers who tried various methods to get their software published on its Play Store. The web search giant has officially confirmed that it has weeded out a large number of bad accounts and has announced that it will raise the bar even further this year. According to a source at the technology giant, the company has taken stringent action against those spreading malware and spying tools under the guise of renowned applications and wi

Malware 140

Malware Cybersecurity Internet Internet 140

Speaker: Ronald Eddings, Cybersecurity Expert and Podcaster

So, you’ve accomplished an organization-wide SaaS adoption. It started slow, and now just a few team members might be responsible for running Salesforce, Slack, and a few others applications that boost productivity, but it’s all finished. Or is it? Through all the benefits offered by SaaS applications, it’s still a necessity to onboard providers as quickly as possible.

Risk

The Hacker News

APRIL 28, 2023

Threat actors are advertising a new information stealer for the Apple macOS operating system called Atomic macOS Stealer (or AMOS) on Telegram for $1,000 per month, joining the likes of MacStealer.

Passwords 139

Passwords Malware Advertising 139

Tech Republic Security

APRIL 28, 2023

The U.S., Europe and Ukraine are reportedly targets in this malware threat. Learn how to protect affected Cisco routers. The post Threat actor APT28 targets Cisco routers with an old vulnerability appeared first on TechRepublic.

Malware 172

Malware Network Security Cybersecurity 172

Schneier on Security

APRIL 28, 2023

My latest book, A Hacker’s Mind , is filled with stories about the rich and powerful hacking systems, but it was hard to find stories of the hacking by the less powerful. Here’s one I just found. An article on how layoffs at big companies work inadvertently suggests an employee hack to avoid being fired: …software performs a statistical analysis during terminations to see if certain groups are adversely affected, said such reviews can uncover other problems.

Hacking 247

Hacking Software 247

CSO Magazine

APRIL 24, 2023

One of the greatest fears among government officials and security experts is a crippling cyberattack on industrial organizations that run essential services, including electricity, water, oil and gas production, and manufacturing systems. The proprietary and complex nature of the operational technology (OT) tools used in these systems, not to mention their rapid convergence with IT technology, makes securing OT systems a chronic, high-stakes challenge.

Manufacturing 144

Manufacturing Government Technology 144

Speaker: Karl Camilleri, Cloud Services Product Manager at phoenixNAP

Did you know that 2021 was a record-breaking year for ransomware? The days of a “once in a while” attack against businesses and organizations are over. Cyberthreats have become a serious issue. With 495.1 million attacks, the threat marked a 148% increase compared to 2020 and was the most expensive year on record! As a result, data protection needs to be a concern for most banks, businesses, and information technology specialists.

Ransomware

The Hacker News

APRIL 28, 2023

Networking equipment maker Zyxel has released patches for a critical security flaw in its firewall devices that could be exploited to achieve remote code execution on affected systems. The issue, tracked as CVE-2023-28771, is rated 9.8 on the CVSS scoring system. Researchers from TRAPA Security have been credited with reporting the flaw.

Firewall 139

Firewall 139

Tech Republic Security

APRIL 25, 2023

Cisco took the stage at RSA 2023 to tout extended detection and response as key to a unified cross-domain security platform, plus new Duo MFA features. The post RSA: Cisco launches XDR, with focus on platform-based cybersecurity appeared first on TechRepublic.

Cybersecurity 174

Cybersecurity Authentication 174

We Live Security

APRIL 26, 2023

ESET Research uncovers a campaign by the APT group known as Evasive Panda targeting an international NGO in China with malware delivered through updates of popular Chinese software The post Evasive Panda APT group delivers malware via updates for popular Chinese software appeared first on WeLiveSecurity

Malware 136

Malware Software 136

CSO Magazine

APRIL 24, 2023

The hacking group responsible for the supply-chain attack targeting VoIP company 3CX also breached two critical infrastructure organizations in the energy sector and two financial trading organizations using the trojanized X_TRADER application, according to a report by Symantec. Among the two affected critical infrastructure organizations, one is located in the US while the other is in Europe, Symantec told Bleeping Computer.

Hacking 136

Hacking 136

Speaker: Dr. Karen Hardy, CEO and Chief Risk Officer of Strategic Leadership Advisors LLC

Communication is a core component of a resilient organization's risk management framework. However, risk communication involves more than just reporting information and populating dashboards, and we may be limiting our skillset. Storytelling is the ability to express ideas and convey messages to others, including stakeholders. When done effectively, it can help interpret complex risk environments for leaders and inform their decision-making.

Risk

The Hacker News

APRIL 25, 2023

An Iranian nation-state threat actor has been linked to a new wave of phishing attacks targeting Israel that's designed to deploy an updated version of a backdoor called PowerLess.

Phishing 130

Phishing Cybersecurity Hacking Education 130

Tech Republic Security

APRIL 24, 2023

PURPOSE This Mobile Device Security Policy from TechRepublic Premium provides guidelines for mobile device security needs in order to protect businesses and their employees. This policy can be customized as needed to fit the needs of your organization. From the policy: REQUIREMENT FOR USERS If using a company-owned device, ensure that all mobile device use.

Mobile 149

Mobile 149

CyberSecurity Insiders

APRIL 26, 2023

By Tanya Freedland , VP of Human Resources and Talent Acquisition, Identiv Currently there are 1 million cybersecurity workers in the U.S. , yet there are still upwards of 700,000 positions in the field that need to be filled immediately. As the number of job openings in cybersecurity continues to multiply, cyber attacks are growing at an exponential rate, putting the infrastructure of the entire world at risk.

Cybersecurity 134

Cybersecurity Cyber Attacks Artificial Intelligence Risk 134

CSO Magazine

APRIL 28, 2023

Researchers warn that a financially motivated cybercrime group known as FIN7 is compromising Veeam Backup & Replication servers and deploying malware on them. It's not yet clear how attackers are breaking into the servers, but a possibility is that they're taking advantage of a vulnerability patched in the popular enterprise data replication solution last month.

Cybercrime 138

Cybercrime Backups Malware Cybersecurity 138

Speaker: P. Andrew Sjogren, Sr. Product Marketing Manager at Very Good Security, Matt Doka, Co-Founder and CTO of Fivestars, and Steve Andrews, President & CEO of the Western Bankers Association 

PCI compliance can feel challenging and sometimes the result feels like you are optimizing more for security and compliance than you are for business outcomes. The key is to take the right strategy to PCI compliance that gets you both. In this webinar, we have a great set of panelists who will take you through how Zero Data strategies can be used as part of a well-rounded compliance and security approach, and get you to market much sooner by also allowing for payment optimization.

Marketing

SecureList

APRIL 27, 2023

For more than five years, the Global Research and Analysis Team (GReAT) at Kaspersky has been publishing quarterly summaries of advanced persistent threat (APT) activity. These summaries are based on our threat intelligence research; and they provide a representative snapshot of what we have published and discussed in greater detail in our private APT reports.

Malware 131

Malware Energy and Utilities Phishing Government 131

Bleeping Computer

APRIL 22, 2023

The enterprise-targeting Bumblebee malware is distributed through Google Ads and SEO poisoning that promote popular software like Zoom, Cisco AnyConnect, ChatGPT, and Citrix Workspace. [.

Malware 143

Malware Ransomware Software 143

The Hacker News

APRIL 26, 2023

The advanced persistent threat (APT) group referred to as Evasive Panda has been observed targeting an international non-governmental organization (NGO) in Mainland China with malware delivered via update channels of legitimate applications like Tencent QQ.

Malware 128

Malware 128

WIRED Threat Level

APRIL 27, 2023

No matter what happens with generative AI, its disruptive forces are already beginning to play a role in the fast-approaching US presidential race.

Artificial Intelligence 143

Artificial Intelligence 143

Speaker: Mike Cramer, Director of HIPAA & Data Security at The Word & Brown Companies

The COVID-19 pandemic forced many people into working remotely, opening the floodgates for a host of digital compliance issues. Now that companies are slowly allowing employees to return to work at the office, it's time to re-evaluate your company’s posture towards privacy and security. This is especially vital if your workers were (and still are!) using company equipment from home, or are still working remotely.

Data privacy