CyberSecurity Insiders

APRIL 23, 2023

In recent years, the term “offensive cyber capabilities” has become increasingly common in discussions around national security and military strategies. Offensive cyber capabilities refer to the ability of a nation or organization to launch cyber attacks on other countries, groups, or individuals. Offensive cyber capabilities are a powerful tool in modern warfare, as they can be used to disrupt enemy operations, steal sensitive information, and even cause physical damage to infrastru

Cyber Attacks 121

Cyber Attacks Ransomware Cybersecurity Government 121

Krebs on Security

APRIL 27, 2023

A shocking number of organizations — including banks and healthcare providers — are leaking private and sensitive information from their public Salesforce Community websites, KrebsOnSecurity has learned. The data exposures all stem from a misconfiguration in Salesforce Community that allows an unauthenticated user to access records that should only be available after logging in.

Banking 320

Banking Information Security CISO Cybercrime 320

Schneier on Security

APRIL 24, 2023

In an open letter , seven secure messaging apps—including Signal and WhatsApp—point out that the UK’s Online Safety Bill could destroy end-to-end encryption: As currently drafted, the Bill could break end-to-end encryption,opening the door to routine, general and indiscriminate surveillance of personal messages of friends, family members, employees, executives, journalists, human rights activists and even politicians themselves, which would fundamentally undermine everyone’s ab

Encryption 294

Encryption Surveillance Government 294

Troy Hunt

APRIL 27, 2023

I stand by my expression in the image above. It's a perfectly accurate representation of how I looked after receiving the CityJerks breach, clicking on the link to the website then seeing what it actually was 😳 Fortunately, the published email address on their site did go through to someone at TruckerSucker (😳😳) so they're aware of the breach and that it's circulating broadly via a public hacking website.

Hacking 253

Hacking Accountability 253

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

Tech Republic Security

APRIL 26, 2023

IBM said the new cybersecurity platform is a unified interface that streamlines analyst response across the full attack lifecycle and includes AI and automation capabilities shown to speed alert triage by 55%. The post IBM launches QRadar Security Suite for accelerated threat detection and response appeared first on TechRepublic.

Threat Detection 193

Threat Detection Cybersecurity 193

We Live Security

APRIL 26, 2023

ESET Research uncovers a campaign by the APT group known as Evasive Panda targeting an international NGO in China with malware delivered through updates of popular Chinese software The post Evasive Panda APT group delivers malware via updates for popular Chinese software appeared first on WeLiveSecurity

Malware 145

Malware Software 145

Bleeping Computer

APRIL 28, 2023

A new version of the ViperSoftX information-stealing malware has been discovered with a broader range of targets, including targeting the KeePass and 1Password password managers. [.

Password Management 144

Password Management Passwords Malware 144

Tech Republic Security

APRIL 28, 2023

Data synced between devices with the new Google Authenticator app update could be viewed by third parties. Google says the app works as planned. The post Google’s 2FA app update lacks end-to-end encryption, researchers find appeared first on TechRepublic.

Encryption 187

Encryption Authentication Big data Mobile 187

Security Boulevard

APRIL 25, 2023

2FA OTP ASAP? Google Authenticator app now syncs your secrets: No stress if you break your phone. The post FINALLY! Google Makes 2FA App Useable — BUT There’s a Catch appeared first on Security Boulevard.

Authentication 144

Authentication Security Awareness Social Engineering Network Security 144

Schneier on Security

APRIL 25, 2023

Following a report on its activities , the Israeli spyware company QuaDream has shut down. This was QuadDream: Key Findings Based on an analysis of samples shared with us by Microsoft Threat Intelligence , we developed indicators that enabled us to identify at least five civil society victims of QuaDream’s spyware and exploits in North America, Central Asia, Southeast Asia, Europe, and the Middle East.

Spyware 228

Spyware Manufacturing Internet Internet 228

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

Risk

Bleeping Computer

APRIL 26, 2023

Hackers are deploying new Linux malware variants in cyberespionage attacks, such as a new PingPull variant and a previously undocumented backdoor tracked as 'Sword2033.' [.

Malware 145

Malware 145

Tech Republic Security

APRIL 26, 2023

This recent survey reveals the top 10 companies seeking cybersecurity professionals; the list includes Deloitte, VMware and IBM. The post Find high-paying cybersecurity and IT support jobs in these U.S. cities appeared first on TechRepublic.

Cybersecurity 173

Cybersecurity 173

Security Boulevard

APRIL 28, 2023

40-year-old code: Starting with ancient, vulnerable legacy, Redmond team is rewriting chunks in the trendy secure language. The post Rust in Windows — it’s Official — Safe and Fast appeared first on Security Boulevard.

Security Awareness 143

Security Awareness Ransomware IoT Cybersecurity 143

CSO Magazine

APRIL 28, 2023

The Cloud Security Alliance (CSA) has revealed five ways malicious actors can use ChatGPT to enhance their attack toolset in a new report exploring the cybersecurity implications of large language models (LLMs). The Security Implications of ChatGPT paper details how threat actors can exploit AI-driven systems in different aspects of cyberattacks including enumeration, foothold assistance, reconnaissance, phishing, and the generation of polymorphic code.

Phishing 138

Phishing Cybersecurity 138

Speaker: Ronald Eddings, Cybersecurity Expert and Podcaster

So, you’ve accomplished an organization-wide SaaS adoption. It started slow, and now just a few team members might be responsible for running Salesforce, Slack, and a few others applications that boost productivity, but it’s all finished. Or is it? Through all the benefits offered by SaaS applications, it’s still a necessity to onboard providers as quickly as possible.

Risk

Bleeping Computer

APRIL 22, 2023

The enterprise-targeting Bumblebee malware is distributed through Google Ads and SEO poisoning that promote popular software like Zoom, Cisco AnyConnect, ChatGPT, and Citrix Workspace. [.

Malware 145

Malware Ransomware Software 145

Tech Republic Security

APRIL 28, 2023

The U.S., Europe and Ukraine are reportedly targets in this malware threat. Learn how to protect affected Cisco routers. The post Threat actor APT28 targets Cisco routers with an old vulnerability appeared first on TechRepublic.

Malware 169

Malware Network Security Cybersecurity 169

SecureList

APRIL 27, 2023

For more than five years, the Global Research and Analysis Team (GReAT) at Kaspersky has been publishing quarterly summaries of advanced persistent threat (APT) activity. These summaries are based on our threat intelligence research; and they provide a representative snapshot of what we have published and discussed in greater detail in our private APT reports.

Malware 138

Malware Energy and Utilities Phishing Government 138

CSO Magazine

APRIL 27, 2023

Cyber experts from the SANS Institute have revealed the five most dangerous new attack techniques being used by attackers including cyber criminals and nation-state actors. They were presented in a session at the RSA Conference in San Francisco, where a panel of SANS analysts explored emerging Tactics, Techniques, and Procedures (TTPs) and advised organizations on how to prepare for them.

Cyber Attacks 137

Cyber Attacks Cybersecurity Social Engineering Advertising 137

Speaker: Karl Camilleri, Cloud Services Product Manager at phoenixNAP

Did you know that 2021 was a record-breaking year for ransomware? The days of a “once in a while” attack against businesses and organizations are over. Cyberthreats have become a serious issue. With 495.1 million attacks, the threat marked a 148% increase compared to 2020 and was the most expensive year on record! As a result, data protection needs to be a concern for most banks, businesses, and information technology specialists.

Ransomware

Bleeping Computer

APRIL 22, 2023

GitHub announced that private vulnerability reporting is now generally available and can be enabled at scale, on all repositories belonging to an organization. [.

143

143

Tech Republic Security

APRIL 25, 2023

Cisco took the stage at RSA 2023 to tout extended detection and response as key to a unified cross-domain security platform, plus new Duo MFA features. The post RSA: Cisco launches XDR, with focus on platform-based cybersecurity appeared first on TechRepublic.

Cybersecurity 167

Cybersecurity Authentication 167

CyberSecurity Insiders

APRIL 28, 2023

Google has issued a ban on approximately 173,000 application developers who tried various methods to get their software published on its Play Store. The web search giant has officially confirmed that it has weeded out a large number of bad accounts and has announced that it will raise the bar even further this year. According to a source at the technology giant, the company has taken stringent action against those spreading malware and spying tools under the guise of renowned applications and wi

Malware 135

Malware Cybersecurity Internet Internet 135

WIRED Threat Level

APRIL 27, 2023

No matter what happens with generative AI, its disruptive forces are already beginning to play a role in the fast-approaching US presidential race.

Artificial Intelligence 143

Artificial Intelligence 143

Speaker: William Hord, Senior VP of Risk & Professional Services

Enterprise Risk Management (ERM) is critical for industry growth in today’s fast-paced and ever-changing risk landscape. When building your ERM program foundation, you need to answer questions like: Do we have robust board and management support? Do we understand and articulate our bank’s risk appetite and how that impacts our business units? How are we measuring and rating our risk impact, likelihood, and controls to mitigate our risk?

Banking

Bleeping Computer

APRIL 24, 2023

A new side-channel attack impacting multiple generations of Intel CPUs has been discovered, allowing data to be leaked through the EFLAGS register. [.

145

145

Tech Republic Security

APRIL 24, 2023

PURPOSE This Mobile Device Security Policy from TechRepublic Premium provides guidelines for mobile device security needs in order to protect businesses and their employees. This policy can be customized as needed to fit the needs of your organization. From the policy: REQUIREMENT FOR USERS If using a company-owned device, ensure that all mobile device use.

Mobile 145

Mobile 145

CSO Magazine

APRIL 24, 2023

One of the greatest fears among government officials and security experts is a crippling cyberattack on industrial organizations that run essential services, including electricity, water, oil and gas production, and manufacturing systems. The proprietary and complex nature of the operational technology (OT) tools used in these systems, not to mention their rapid convergence with IT technology, makes securing OT systems a chronic, high-stakes challenge.

Manufacturing 126

Manufacturing Government Technology 126

CyberSecurity Insiders

APRIL 27, 2023

Apple Inc’s released products are known for their progressive innovation, and the best example to prove it is the invention of a glass-driven touch screen that was first introduced to the world via the first iPhone in-series and is now a part of every electronic appliance in today’s world. As expected, the next version of iOS 17, which might be unveiled in about a couple of months or so, is also expected to have mind-blowing features, and leaks suggest that it will include a feature that c

Cybersecurity 123

Cybersecurity Hacking Software Technology 123

Speaker: P. Andrew Sjogren, Sr. Product Marketing Manager at Very Good Security, Matt Doka, Co-Founder and CTO of Fivestars, and Steve Andrews, President & CEO of the Western Bankers Association 

PCI compliance can feel challenging and sometimes the result feels like you are optimizing more for security and compliance than you are for business outcomes. The key is to take the right strategy to PCI compliance that gets you both. In this webinar, we have a great set of panelists who will take you through how Zero Data strategies can be used as part of a well-rounded compliance and security approach, and get you to market much sooner by also allowing for payment optimization.

Marketing

Bleeping Computer

APRIL 28, 2023

Hackers are hijacking online stores to display modern, realistic-looking fake payment forms to steal credit cards from unsuspecting customers. [.

142

142

WIRED Threat Level

APRIL 28, 2023

In May 2020, the US Department of Justice noticed Russian hackers in its network but did not realize the significance of what it had found for six months.

Hacking 132

Hacking 132

CSO Magazine

APRIL 24, 2023

The hacking group responsible for the supply-chain attack targeting VoIP company 3CX also breached two critical infrastructure organizations in the energy sector and two financial trading organizations using the trojanized X_TRADER application, according to a report by Symantec. Among the two affected critical infrastructure organizations, one is located in the US while the other is in Europe, Symantec told Bleeping Computer.

Hacking 125

Hacking 125

CyberSecurity Insiders

APRIL 25, 2023

The Quad nations comprising India, Japan, Australia, and the United States will reach an agreement on how to create a collective approach to blocking cyber attacks on critical public infrastructure, such as the power and communication sectors. The Quad countries have devised a plan to meet next month in Australia to reach an agreement on how to involve, deal with, and address state-funded attacks on national infrastructure.

Cyber Attacks 123

Cyber Attacks Ransomware Cybersecurity 123

Speaker: Mike Cramer, Director of HIPAA & Data Security at The Word & Brown Companies

The COVID-19 pandemic forced many people into working remotely, opening the floodgates for a host of digital compliance issues. Now that companies are slowly allowing employees to return to work at the office, it's time to re-evaluate your company’s posture towards privacy and security. This is especially vital if your workers were (and still are!) using company equipment from home, or are still working remotely.

Data privacy