Lohrman on Security

OCTOBER 1, 2023

Sophisticated social engineering attacks have led to hundreds of data breaches this year. What can be done? And what new resources can help?

Cyber Attacks 333

Cyber Attacks Social Engineering Data breaches Engineering 333

Troy Hunt

OCTOBER 4, 2023

Imagine you wanted to buy some s**t on the internet. Not the metaphorical kind in terms of "I bought some random s**t online", but literal s**t. Turds. Faeces. The kind of thing you never would have thought possible to buy online until. Shitexpress came along. Here's a service that enables you to send an actual piece of smelly s**t to "An irritating colleague.

Internet 361

Internet Internet Data breaches 361

Schneier on Security

OCTOBER 3, 2023

Turns out pumps at gas stations are controlled via Bluetooth, and that the connections are insecure. No details in the article, but it seems that it’s easy to take control of the pump and have it dispense gas without requiring payment. It’s a complicated crime to monetize, though. You need to sell access to the gas pump to others.

Hacking 345

Hacking 345

Krebs on Security

OCTOBER 2, 2023

Many organizations — including quite a few Fortune 500 firms — have exposed web links that allow anyone to initiate a Zoom video conference meeting as a valid employee. These company-specific Zoom links, which include a permanent user ID number and an embedded passcode, can work indefinitely and expose an organization’s employees, customers or partners to phishing and other social engineering attacks.

Encryption 324

Encryption Engineering Social Engineering Healthcare 324

Speaker: Erroll Amacker

Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.

Risk

Joseph Steinberg

OCTOBER 4, 2023

CyberSecurity and Artificial Intelligence Expert , Joseph Steinberg, will keynote the upcoming Securing the Future: Cloud, Cybersecurity, and AI Summit , taking place on Wednesday, October 11, 2023, in Pennsylvania, USA. The summit, sponsored by Avail Technology Solutions, will allow participants to learn about the latest advancements and trends in cloud technology, cybersecurity practices, and the exciting world of Artificial Intelligence (AI) — topics that Steinberg will cover in his key

Artificial Intelligence 278

Artificial Intelligence Cybersecurity Technology 278

The Last Watchdog

OCTOBER 4, 2023

Something simply must be done to slow, and ultimately reverse, attack surface expansion. Related: What Cisco’s buyout of Splunk really signals We’re in the midst of driving towards a dramatically scaled-up and increasingly connected digital ecosystem. Companies are obsessed with leveraging cloud-hosted IT infrastructure and the speedy software development and deployment that goes along with that.

Risk 222

Risk Marketing Software Network Security 222

Krebs on Security

SEPTEMBER 30, 2023

Earlier this week, KrebsOnSecurity revealed that the darknet website for the Snatch ransomware group was leaking data about its users and the crime gang’s internal operations. Today, we’ll take a closer look at the history of Snatch, its alleged founder, and their claims that everyone has confused them with a different, older ransomware group by the same name.

Ransomware 298

Ransomware Accountability Cybercrime Backups 298

Joseph Steinberg

OCTOBER 4, 2023

A little over a decade ago I wrote a piece for Forbes describing a method of protecting electronic communications from unauthorized access, through the hiding of message contents within photos and video files. At the time, I even created a contest – embedding an unencrypted Amazon gift card number within an image displayed on the Forbes website alongside my article; despite my having provided clues as to what was hidden, and in what image it was hidden, and despite a hundred thousand peopl

Encryption 220

Encryption Artificial Intelligence Government Media 220

Tech Republic Security

OCTOBER 6, 2023

Microsoft, the Dark Web and the name John Malkovich all factor into this EvilProxy phishing attack. The good news is there are steps IT can take to mitigate this security threat.

Phishing 209

Phishing Cybersecurity 209

Schneier on Security

OCTOBER 4, 2023

Malicious ads are creeping into chatbots.

Artificial Intelligence 321

Artificial Intelligence Marketing Malware 321

Advertisement

Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.

Cyber threats

The Last Watchdog

OCTOBER 5, 2023

Editor’s note: I recently had the chance to participate in a discussion about the overall state of privacy and cybersecurity with Erin Kapczynski, OneRep’s senior vice president of B2B marketing. OneRep provides a consumer service that scrubs your personal information from Google and dozens of privacy-breaching websites. Here is Erin’s Q&A column, which originally went live on OneRep’s well-done blog.

Cyber threats 203

Cyber threats Cyber Insurance Threat Detection Cybersecurity 203

Thales Cloud Protection & Licensing

OCTOBER 2, 2023

Cybersecurity Awareness Month 2023 – What it is and why we should be aware madhav Tue, 10/03/2023 - 05:33 The inception of Cybersecurity Awareness Month in 2004 came at a critical juncture in our technological history. As we are well and truly in the digital-first age, the need for robust cybersecurity measures is glaringly evident. Though significant, the early days' threats vastly differed from today's sophisticated cyberattacks.

Cybersecurity 148

Cybersecurity Cyber threats Authentication Phishing 148

Tech Republic Security

OCTOBER 2, 2023

Don't be surprised when connecting multiple iPhones to one Apple ID. Learn how to prevent common errors and issues with this guide.

Mobile 191

Mobile 191

Schneier on Security

OCTOBER 2, 2023

The NSA is starting a new artificial intelligence security center: The AI security center’s establishment follows an NSA study that identified securing AI models from theft and sabotage as a major national security challenge, especially as generative AI technologies emerge with immense transformative potential for both good and evil. Nakasone said it would become “NSA’s focal point for leveraging foreign intelligence insights, contributing to the development of best practices g

Artificial Intelligence 316

Artificial Intelligence Technology Risk Cybersecurity 316

Advertisement

The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.

Cybersecurity

The Last Watchdog

OCTOBER 2, 2023

Surrounded by the invisible hum of electromagnetic energy, we’ve harnessed its power to fuel our technological marvels for decades. Related: MSFT CEO calls for regulating facial recognition tech Tesla’s visionary insights from 1900 hinted at the potential, and today, we bask in the glow of interconnected networks supporting our digital lives.

Mobile 203

Mobile Technology Surveillance Education 203

WIRED Threat Level

OCTOBER 6, 2023

At least a million data points from 23andMe accounts appear to have been exposed on BreachForums. While the scale of the campaign is unknown, 23andMe says it's working to verify the data.

Accountability 145

Accountability Hacking 145

Tech Republic Security

OCTOBER 5, 2023

Microsoft OneDrive is adding new SharePoint features and will let the Copilot AI summarize and interpret files.

Artificial Intelligence 190

Artificial Intelligence Software 190

Schneier on Security

OCTOBER 6, 2023

Well designed and well timed deepfake or two Slovakian politicians discussing how to rig the election: Šimečka and Denník N immediately denounced the audio as fake. The fact-checking department of news agency AFP said the audio showed signs of being manipulated using AI. But the recording was posted during a 48-hour moratorium ahead of the polls opening, during which media outlets and politicians are supposed to stay silent.

Media 295

Media Artificial Intelligence 295

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

Bleeping Computer

OCTOBER 6, 2023

23andMe has confirmed to BleepingComputer that it is aware of user data from its platform circulating on hacker forums and attributes the leak to a credential-stuffing attack. [.

Healthcare 145

Healthcare 145

We Live Security

OCTOBER 5, 2023

ESET researchers uncover a cyberespionage campaign that they called Operation Jacana and that targeted a governmental entity in Guyana.

145

145

Tech Republic Security

OCTOBER 3, 2023

This high-speed, unlimited VPN offers quality connections all over the globe. Get huge savings now when you sign up for life at TechRepublic Academy.

VPN 187

VPN Cybersecurity Network Security 187

The Hacker News

OCTOBER 5, 2023

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added two security flaws to its Known Exploited Vulnerabilities (KEV) catalog due to active exploitation, while removing five bugs from the list due to lack of adequate evidence. The vulnerabilities newly added are below - CVE-2023-42793 (CVSS score: 9.

Authentication 145

Authentication Cybersecurity 145

Speaker: Sierre Lindgren

Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.

Scams

Security Affairs

OCTOBER 4, 2023

Sony Interactive Entertainment has notified current and former employees and their family members about a data breach. Sony Interactive Entertainment (SIE) has notified current and former employees and their family members about a data breach that exposed their personal information. Sony notified about 6,800 individuals, it confirmed that the security breach was the result of the exploitation of the zero-day vulnerability CVE-2023-34362 in the MOVEit Transfer platform.

Data breaches 145

Data breaches Ransomware Hacking Software 145

Malwarebytes

OCTOBER 2, 2023

Post anything publicly on Facebook and Instagram? Meta has likely been using those posts to train its AI, according to the company's top policy executive. In an interview with Reuters , Meta President of Global Affairs Nick Clegg said the company used the public posts to train the LLM (large language model) that feeds into its new Meta AI virtual assistant.

Media 145

Media Artificial Intelligence Risk Cybersecurity 145

Tech Republic Security

OCTOBER 3, 2023

It doesn’t matter whether your organization is a huge multinational business enterprise or a one-person operation. At some point, your computer networks and systems will be attacked by someone with criminal intent. Cybersecurity attacks, in all their various forms, are inevitable and relentless. This quick glossary from TechRepublic Premium explains the terminology behind the most.

Cybersecurity 183

Cybersecurity 183

The Hacker News

OCTOBER 4, 2023

A new Linux security vulnerability dubbed Looney Tunables has been discovered in the GNU C library's ld.so dynamic loader that, if successfully exploited, could lead to a local privilege escalation and allow a threat actor to gain root privileges. Tracked as CVE-2023-4911 (CVSS score: 7.

145

145

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Security Affairs

OCTOBER 5, 2023

NATO is investigating claims that a group called SiegedSec has breached its systems and leaked a cache of unclassified documents online. NATO announced it is investigating claims that a politically motivated threat actor called SiegedSec has breached its systems and leaked unclassified documents online. “NATO cyber experts are actively addressing incidents affecting some unclassified NATO websites,” reads a statement issued by s NATO official to media outlets.

Cyber Attacks 145

Cyber Attacks Hacking Media Data breaches 145

Graham Cluley

OCTOBER 6, 2023

A joint advisory from the United States's National Security Agency (NSA) and Cybersecurity and Infrastructure Security Agency (CISA) has shone a light on the top ten most common cybersecurity misconfigurations found in large private and public organisations. Read more in my article on the Tripwire State of Security blog.

Cybersecurity 144

Cybersecurity 144

Tech Republic Security

OCTOBER 6, 2023

Read our comprehensive review of IPVanish VPN. Discover its features, pricing, and more to determine if it meets your online security and privacy needs.

VPN 183

VPN 183

The Hacker News

OCTOBER 4, 2023

Atlassian has released fixes to contain an actively exploited critical zero-day flaw impacting publicly accessible Confluence Data Center and Server instances. The vulnerability, tracked as CVE-2023-22515, is remotely exploitable and allows external attackers to create unauthorized Confluence administrator accounts and access Confluence servers.

Accountability 145

Accountability 145

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!