Lohrman on Security
JULY 16, 2023
The White House just released the new National Cybersecurity Strategy Implementation Plan. Here are the details, selected media coverage and what you need to know moving forward.
Schneier on Security
JULY 21, 2023
Imagine a future in which AIs automatically interpret—and enforce—laws. All day and every day, you constantly receive highly personalized instructions for how to comply with the law, sent directly by your government and law enforcement. You’re told how to cross the street, how fast to drive on the way to work, and what you’re allowed to say or do online—if you’re in any situation that might have legal implications, you’re told exactly what to do, in real time.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Krebs on Security
JULY 21, 2023
Many things have changed since 2018, such as the names of the companies in the Fortune 100 list. But one aspect of that vaunted list that hasn’t shifted much since is that very few of these companies list any security professionals within their top executive ranks. The next time you receive a breach notification letter that invariably says a company you trusted places a top priority on customer security and privacy, consider this: Only four of the Fortune 100 companies currently list a sec
Tech Republic Security
JULY 18, 2023
Australia has an e-waste problem, and for all the conversations around climate change, energy use, plastics and other ESG matters, it's surprising that more isn't said about it.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Bleeping Computer
JULY 19, 2023
Cyber Police Department of the National Police of Ukraine dismantled another massive bot farm linked to more than 100 individuals after searches at almost two dozen locations. [.
Schneier on Security
JULY 17, 2023
Interesting forensics in connection with a serial killer arrest: Investigators went through phone records collected from both midtown Manhattan and the Massapequa Park area of Long Island—two areas connected to a “burner phone” they had tied to the killings. (In court, prosecutors later said the burner phone was identified via an email account used to “solicit and arrange for sexual activity.” The victims had all been Craigslist escorts, according to officials.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Tech Republic Security
JULY 21, 2023
The Europol report also reported on cybercriminals' use of cryptocurrencies and how their techniques are more sophisticated. However, there was good cybersecurity news, too.
Malwarebytes
JULY 21, 2023
The Cybersecurity and Infrastructure Security Agency (CISA) has added a critical unauthenticated remote code execution (RCE) vulnerability in Citrix NetScaler ADC and Citrix NetScaler Gateway to its Known Exploited Vulnerabilities Catalog , based on evidence of active exploitation. This means that Federal Civilian Executive Branch (FCEB) agencies need to remediate this vulnerability by August 9, 2023 to protect their networks against active threats.
Schneier on Security
JULY 18, 2023
You can disable a self-driving car by putting a traffic cone on its hood: The group got the idea for the conings by chance. The person claims a few of them walking together one night saw a cone on the hood of an AV, which appeared disabled. They weren’t sure at the time which came first; perhaps someone had placed the cone on the AV’s hood to signify it was disabled rather than the other way around.
Security Boulevard
JULY 21, 2023
How to Tame Identity Sprawl: Strategies and solutions for managing digital identitiesIf your employees use different usernames and passwords for their computers, applications, other systems and accounts, your organization is experiencing identity sprawl. Identity sprawl is a problem that has increased significantly with the rise of identity-related attacks.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Tech Republic Security
JULY 18, 2023
Newly discovered vulnerabilities in distributed control systems could allow attackers access to systems supporting industrial, energy, chemical and other operations.
eSecurity Planet
JULY 20, 2023
Kevin Mitnick, who turned legendary hacking exploits and two prison terms into a career as an esteemed cybersecurity leader, died Sunday at age 59 after a 14-month battle with pancreatic cancer, KnowBe4 revealed today. A memorial will be held August 1 in Las Vegas. Once dubbed “the world’s most wanted hacker” after his youthful exploits attacking Digital Equipment Corporation and Pacific Bell, Mitnick completed his decade-long transition to cybersecurity luminary when he joined
Schneier on Security
JULY 19, 2023
Gandalf is an interactive LLM game where the goal is to get the chatbot to reveal its password. There are eight levels of difficulty, as the chatbot gets increasingly restrictive instructions as to how it will answer. It’s a great teaching tool. I am stuck on Level 7. Feel free to give hints and discuss strategy in the comments below. I probably won’t look at them until I’ve cracked the last level.
Security Boulevard
JULY 21, 2023
Two banks earlier this year were the targets of open source supply chain attacks, the first of their kind in the industry. The post Software Supply Chain Attackers Targeting Banks, Checkmarx Says appeared first on Security Boulevard.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Tech Republic Security
JULY 19, 2023
Make all of your computers and devices safer regardless of operating system with this VPN Unlimited: Lifetime Subscription for just $69.99.
We Live Security
JULY 19, 2023
Why is kids’ personal information in high demand, how do criminals steal it, and what can parents do to help prevent child identity theft? The post Child identity theft: how do I keep my kids’ personal data safe?
Security Boulevard
JULY 21, 2023
For startups looking to win business and build trust with potential clients, a robust security program and effective response to security questionnaires are essential. Whether you’re new to security questionnaires or just need a refresher, we have you covered. With that, let’s get started. What are security questionnaires? Security questionnaires are sets of standardized questions […] The post Startups’ Guide to Security Questionnaires first appeared on TrustCloud.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Tech Republic Security
JULY 21, 2023
This is a comprehensive list of the top enterprise password managers. Use this guide to compare and choose which one is best for your business.
Bleeping Computer
JULY 21, 2023
The Microsoft private encryption key stolen by Storm-0558 Chinese hackers provided them with access far beyond the Exchange Online and Outlook.com accounts that Redmond said were compromised, according to Wiz security researchers. [.
We Live Security
JULY 18, 2023
There is a significant secondary marketplace where tickets can sell for several times their original value, opening the opportunity for scammers and fraud The post Protect yourself from ticketing scams ahead of the Premier League Summer Series USA Tour appeared first on WeLiveSecurity
Security Boulevard
JULY 21, 2023
Miscreants have ramped up their use of QR codes to phish for credentials, according to INKY threat researchers. The post The Rise of QR Codes Spurs Rise in ‘Fresh Phish’ appeared first on Security Boulevard.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Tech Republic Security
JULY 17, 2023
Snapshots are an effective way to improve the security of your data. Learn about different ways to use them to enhance your data security.
eSecurity Planet
JULY 21, 2023
Living off the land (LOTL) attacks use legitimate programs that already exist on a computer, rather than installing malware from an external source onto a system. The stealthy nature of these attacks can make them effective — and difficult for security teams to detect and prevent. To prevent LOTL attacks, security teams must use sophisticated detection methods, as well as closing loops in popular computer programs with known vulnerabilities.
The Hacker News
JULY 21, 2023
The recent attack against Microsoft's email infrastructure by a Chinese nation-state actor referred to as Storm-0558 is said to have a broader scope than previously thought.
Security Boulevard
JULY 20, 2023
In today’s fast-paced software development landscape, DevOps practices play a crucial role in achieving faster delivery, increased collaboration, and improved quality. AWS provides powerful services like CodePipeline and CodeDeploy that facilitate automated deployment pipelines and streamlined software releases. This comprehensive guide will walk you through the process of setting up and leveraging these AWS services […] The post DevOps Automation with AWS CodePipeline and AWS CodeDeploy appeare
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Tech Republic Security
JULY 18, 2023
HealthEdge, a healthcare digital payer platform, shares strategies for combating cyber threats threatening the healthcare industry.
eSecurity Planet
JULY 21, 2023
Incident response frameworks and practices are detailed action plans to resolve security breaches inside a business or organization. They give the business a thorough and proactive approach to security by methodically recording every aspect of an incident, including how it happened and the measures that were taken, and describing the subsequent steps to prevent such incidents in the future.
TrustArc
JULY 19, 2023
Is a EU-US Data Privacy Framework verification right for your business? Obtaining a certification enables your business to transfer personal data from the EU to the US. The post Why Your Business Needs an EU-US Data Privacy Framework Verification appeared first on TrustArc Privacy Blog.
Security Boulevard
JULY 21, 2023
Our thanks to BSides Sofia for publishing their presenter’s tremendous BSides Sofia 2023 content on the organizations’ YouTube channel. Permalink The post BSides Sofia 2023 – Georgi Gerganov – Keytap Acoustic Keyboard Eavesdropping appeared first on Security Boulevard.
Speaker: William Hord, Vice President of ERM Services
A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.
Expert insights. Personalized for you.
228 
Let's personalize your content