Krebs on Security
MAY 30, 2023
A number of Discord communities focused on cryptocurrency have been hacked this past month after their administrators were tricked into running malicious Javascript code disguised as a Web browser bookmark. This attack involves malicious Javascript that is added to one’s browser by dragging a component from a web page to one’s browser bookmarks.
Schneier on Security
JUNE 1, 2023
Earlier this week, I signed on to a short group statement , coordinated by the Center for AI Safety: Mitigating the risk of extinction from AI should be a global priority alongside other societal-scale risks such as pandemics and nuclear war. The press coverage has been extensive, and surprising to me. The New York Times headline is “A.I. Poses ‘Risk of Extinction,’ Industry Leaders Warn.” BBC : “Artificial intelligence could lead to extinction, experts warn.”
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Troy Hunt
MAY 27, 2023
This week's update is dominated by my experience with "Lena", the scammer from Gumtree who tried to fleece my wife of $800. There's a blow-by-blow rundown of how it all happened in this video and it's fascinating to think that these things can actually be successful given all the red flags. But they are, and in Australia alone innocent victims are stung to the tune of more than 3 billion dollars every year by fraudsters which is a staggering number.
The Last Watchdog
MAY 31, 2023
The world of Identity and Access Management ( IAM ) is rapidly evolving. Related: Stopping IAM threats IAM began 25 years ago as a method to systematically grant human users access to company IT assets. Today, a “user” most often is a snippet of code seeking access at the cloud edge. At the RSAC Conference 2023 , I sat down with Venkat Raghavan , founder and CEO of start-up Stack Identity.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Krebs on Security
JUNE 1, 2023
Code-signing certificates are supposed to help authenticate the identity of software publishers, and provide cryptographic assurance that a signed piece of software has not been altered or tampered with. Both of these qualities make stolen or ill-gotten code-signing certificates attractive to cybercriminal groups, who prize their ability to add stealth and longevity to malicious software.
Schneier on Security
JUNE 2, 2023
In February, Meta released its large language model: LLaMA. Unlike OpenAI and its ChatGPT, Meta didn’t just give the world a chat window to play with. Instead, it released the code into the open-source community, and shortly thereafter the model itself was leaked. Researchers and programmers immediately started modifying it, improving it, and getting it to do things no one else anticipated.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Tech Republic Security
JUNE 2, 2023
Identity management company 1Password is spinning up a pair of new features that constitute a major shift away from passwords and toward their low-friction replacement: passkeys. The post 1Password enables passkeys — a new option from passwords appeared first on TechRepublic.
Bleeping Computer
JUNE 2, 2023
Microsoft says SMB signing (aka security signatures) will be required by default for all connections to defend against NTLM relay attacks, starting with today's Windows build (Enterprise edition) rolling out to Insiders in the Canary Channel. [.
Schneier on Security
MAY 30, 2023
It’s neither hard nor expensive : Unlike password authentication, which requires a direct match between what is inputted and what’s stored in a database, fingerprint authentication determines a match using a reference threshold. As a result, a successful fingerprint brute-force attack requires only that an inputted image provides an acceptable approximation of an image in the fingerprint database.
SecureList
JUNE 1, 2023
While monitoring the network traffic of our own corporate Wi-Fi network dedicated for mobile devices using the Kaspersky Unified Monitoring and Analysis Platform (KUMA), we noticed suspicious activity that originated from several iOS-based phones. Since it is impossible to inspect modern iOS devices from the inside, we created offline backups of the devices in question, inspected them using the Mobile Verification Toolkit’s mvt-ios and discovered traces of compromise.
Speaker: William Hord, Vice President of ERM Services
A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.
Tech Republic Security
MAY 31, 2023
Best practices for securing your Mac against potential hacks and security vulnerabilities include enabling the firewall, using strong passwords and encryption, and enabling Lockdown Mode. The post 8 best practices for securing your Mac from hackers in 2023 appeared first on TechRepublic.
Bleeping Computer
JUNE 2, 2023
Google has removed from the Chrome Web Store 32 malicious extensions that could alter search results and push spam or unwanted ads. Collectively, they come with a download count of 75 million. [.
Schneier on Security
MAY 31, 2023
Everyone is writing about an interagency and international report on Chinese hacking of US critical infrastructure. Lots of interesting details about how the group, called Volt Typhoon , accesses target networks and evades detection.
Security Boulevard
JUNE 2, 2023
Tit-For-Tat Triangulation Trojan Talk: Backdoor inserted at U.S. behest, alleges FSB. The post Russia Says NSA Hacked iOS With Apple’s Help — we Triangulate Kaspersky’s Research appeared first on Security Boulevard.
Speaker: Ronald Eddings, Cybersecurity Expert and Podcaster
So, you’ve accomplished an organization-wide SaaS adoption. It started slow, and now just a few team members might be responsible for running Salesforce, Slack, and a few others applications that boost productivity, but it’s all finished. Or is it? Through all the benefits offered by SaaS applications, it’s still a necessity to onboard providers as quickly as possible.
Tech Republic Security
JUNE 1, 2023
Users should be aware of what personal data is being collected and stored by Microsoft Edge and be prepared to perform periodic maintenance on that data to keep it secure. The post How to determine exactly what personal information Microsoft Edge knows about you appeared first on TechRepublic.
Bleeping Computer
JUNE 2, 2023
After introducing a string of AI-powered assistants for its products, Microsoft has now announced that it will soon end support for the Windows standalone Cortana app. [.
CyberSecurity Insiders
JUNE 2, 2023
By Matt Morris, Global Managing Director of 1898 & Co. Two years have passed since the notorious Colonial Pipeline hack, an incident that plunged the nation into a state of emergency, causing fuel disruptions in airlines and commercial sectors, and triggering panic-buying among consumers leading to a sharp rise in gas prices. In May 2021, the hack infiltrated critical systems of the pipeline, resulting in its shutdown for several days.
Dark Reading
MAY 30, 2023
The government-sponsored dental and oral healthcare provider warned its customers that a March attack exposed sensitive data, some of which was leaked online by the ransomware group.
Speaker: Karl Camilleri, Cloud Services Product Manager at phoenixNAP
Did you know that 2021 was a record-breaking year for ransomware? The days of a “once in a while” attack against businesses and organizations are over. Cyberthreats have become a serious issue. With 495.1 million attacks, the threat marked a 148% increase compared to 2020 and was the most expensive year on record! As a result, data protection needs to be a concern for most banks, businesses, and information technology specialists.
Tech Republic Security
JUNE 1, 2023
A new study by Okta finds that a proliferation of active accounts and web identities is exacerbating security risks both for individuals and enterprises. The post Most people are aware of their data trails, but few know how to deal with it: Okta study appeared first on TechRepublic.
Bleeping Computer
MAY 31, 2023
Amazon will pay $30 million in fines to settle allegations of privacy violations related to the operation of its Ring video doorbell and Alexa virtual assistant services. [.
CyberSecurity Insiders
JUNE 2, 2023
By Jayakumar (Jay) Kurup, Global Sales Engineering Director at Morphisec Securing operational technology (OT) creates unique challenges. Zero tolerance of downtime in factories, ports, banks, treatment plants, and other OT environments means that standard security practices like patch management or deploying protective solutions onto endpoints can be almost impossible to uphold.
SecureList
JUNE 2, 2023
In our initial blogpost about “Operation Triangulation”, we published a comprehensive guide on how to manually check iOS device backups for possible indicators of compromise using MVT. This process takes time and requires manual search for several types of indicators. To automate this process, we developed a dedicated utility to scan the backups and run all the checks.
Speaker: William Hord, Senior VP of Risk & Professional Services
Enterprise Risk Management (ERM) is critical for industry growth in today’s fast-paced and ever-changing risk landscape. When building your ERM program foundation, you need to answer questions like: Do we have robust board and management support? Do we understand and articulate our bank’s risk appetite and how that impacts our business units? How are we measuring and rating our risk impact, likelihood, and controls to mitigate our risk?
Tech Republic Security
MAY 30, 2023
Admins can force users to reset their respective passwords during their next Windows 11 login by making a few simple changes on a difficult-to-find configuration screen. The post Windows 11: Enforcing password resets for local group users appeared first on TechRepublic.
Bleeping Computer
MAY 31, 2023
Kali Linux 2023.2, the second version of 2023, is now available with a pre-built Hyper-V image and thirteen new tools, including the Evilginx framework for stealing credentials and session cookies. [.
CyberSecurity Insiders
JUNE 1, 2023
The shifting landscape of cybersecurity poses significant challenges for traditional vulnerability management approaches. The difficulties often arise from a lack of automation and a compartmentalized “silo” approach. Unfortunately, the full potential of modern, sophisticated vulnerability management frameworks is yet to be realized across the industry, leaving some room for cybercriminals to exploit.
Dark Reading
JUNE 2, 2023
Russia's FSB intelligence agency says the zero-click attacks range far beyond Kaspersky, and it has blamed them on the United States' NSA. Those allegations are thus far uncorroborated.
Speaker: P. Andrew Sjogren, Sr. Product Marketing Manager at Very Good Security, Matt Doka, Co-Founder and CTO of Fivestars, and Steve Andrews, President & CEO of the Western Bankers Association
PCI compliance can feel challenging and sometimes the result feels like you are optimizing more for security and compliance than you are for business outcomes. The key is to take the right strategy to PCI compliance that gets you both. In this webinar, we have a great set of panelists who will take you through how Zero Data strategies can be used as part of a well-rounded compliance and security approach, and get you to market much sooner by also allowing for payment optimization.
Tech Republic Security
MAY 31, 2023
Researchers at Akamai’s Security Intelligence unit find a botnet specimen that reveals how successful DDoS, spam and other cyberattacks can be done with little finesse, knowledge or savvy. The post Threatening botnets can be created with little code experience, Akamai finds appeared first on TechRepublic.
We Live Security
MAY 31, 2023
A roundup of some of the handiest tools for the collection and analysis of publicly available data from Twitter, Facebook and other social media platforms The post 5 free OSINT tools for social media appeared first on WeLiveSecurity
CyberSecurity Insiders
MAY 30, 2023
By Motti Elloul, VP Customer Success and Incident Response, Perception Point Email phishing scams are nothing new. But they are growing increasingly prevalent and sophisticated – over 3 billion phishing emails are sent every day, and the tactics used to disguise them are only growing more devious. One case in point: the Incident Response team from our company, Perception Point, recently discovered a new phishing campaign that uses HTML files to conceal malicious scripts, duping unsuspecting user
InfoWorld on Security
MAY 30, 2023
It’s late on a Friday. You get a call from your CIO that data has been removed from XYZ public cloud server, and they need it back ASAP. It gets worse. First, there is no current backup copy of the data. The backups you expected your cloud provider to perform on your behalf only include the provider’s core system backups. That means it’s functionally unusable.
Speaker: Mike Cramer, Director of HIPAA & Data Security at The Word & Brown Companies
The COVID-19 pandemic forced many people into working remotely, opening the floodgates for a host of digital compliance issues. Now that companies are slowly allowing employees to return to work at the office, it's time to re-evaluate your company’s posture towards privacy and security. This is especially vital if your workers were (and still are!) using company equipment from home, or are still working remotely.
Expert insights. Personalized for you.
303 
Let's personalize your content