GlobalSign

AUGUST 14, 2023

As companies extend their operations globally, they must prioritise cybersecurity measures to support sustainable long-term growth. Read more.

Cybersecurity 74

Cybersecurity 74

The Last Watchdog

AUGUST 13, 2023

LAS VEGAS – Just when we appeared to be on the verge of materially shrinking the attack surface, along comes an unpredictable, potentially explosive wild card: generative AI. Related: Can ‘CNAPP’ do it all? Unsurprisingly, generative AI was in the spotlight at Black Hat USA 2023 , which returned to its full pre-Covid grandeur here last week.

Cybersecurity 246

Cybersecurity Artificial Intelligence Engineering Internet 246

Schneier on Security

AUGUST 15, 2023

This is why we need regulation: Zoom updated its Terms of Service in March, spelling out that the company reserves the right to train AI on user data with no mention of a way to opt out. On Monday, the company said in a blog post that there’s no need to worry about that. Zoom execs swear the company won’t actually train its AI on your video calls without permission, even though the Terms of Service still say it can.

Technology 236

Technology Artificial Intelligence Surveillance 236

Troy Hunt

AUGUST 14, 2023

I've been teaching my 13-year old son Ari how to code since I first got him started on Scratch many years ago, and gradually progressed through to the current day where he's getting into Python in Visual Studio Code. As I was writing the new domain search API for Have I Been Pwned (HIBP) over the course of this year, I was trying to explain to him how powerful APIs are: Think of HIBP as one website that does pretty much one thing; you load it in your browser and search through data bre

Data breaches 207

Data breaches Mobile Engineering 207

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

Krebs on Security

AUGUST 17, 2023

You’ve probably never heard of “ 16Shop ,” but there’s a good chance someone using it has tried to phish you. A 16Shop phishing page spoofing Apple and targeting Japanese users. Image: Akamai.com. The international police organization INTERPOL said last week it had shuttered the notorious 16Shop, a popular phishing-as-a-service platform launched in 2017 that made it simple for even complete novices to conduct complex and convincing phishing scams.

Phishing 186

Phishing Passwords Hacking Malware 186

Tech Republic Security

AUGUST 17, 2023

Learn how to retrieve and generate Google 2FA backup codes with this easy-to-follow, step-by-step tutorial.

Backups 176

Backups Authentication Software 176

The Hacker News

AUGUST 17, 2023

A previously undetected attack method called NoFilter has been found to abuse the Windows Filtering Platform (WFP) to achieve privilege escalation in the Windows operating system.

98

98

Bleeping Computer

AUGUST 18, 2023

A high-severity vulnerability has been fixed in WinRAR, the popular file archiver utility for Windows used by millions, that can execute commands on a computer simply by opening an archive. [.

Software 98

Software 98

Tech Republic Security

AUGUST 17, 2023

Learn seven different ways to boot a Windows 10 PC in Safe Mode to help troubleshoot issues using this comprehensive guide.

Software 155

Software 155

Schneier on Security

AUGUST 18, 2023

Interesting research: “ An Empirical Study & Evaluation of Modern CAPTCHAs “: Abstract: For nearly two decades, CAPTCHAS have been widely used as a means of protection against bots. Throughout the years, as their use grew, techniques to defeat or bypass CAPTCHAS have continued to improve. Meanwhile, CAPTCHAS have also evolved in terms of sophistication and diversity, becoming increasingly difficult to solve for both bots (machines) and humans.

Accountability 196

Accountability 196

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

Risk

The Hacker News

AUGUST 18, 2023

Threat actors are using Android Package (APK) files with unknown or unsupported compression methods to elude malware analysis. That's according to findings from Zimperium, which found 3,300 artifacts leveraging such compression algorithms in the wild. 71 of the identified samples can be loaded on the operating system without any problems.

Malware 98

Malware 98

Security Boulevard

AUGUST 18, 2023

IBM extends its alliance with Cloudflare to combat malicious bot attacks growing in volume and sophistication. The post IBM Extends Cloudflare Alliance to Combat Bots Using Machine Learning appeared first on Security Boulevard.

Cybersecurity 98

Cybersecurity 98

Tech Republic Security

AUGUST 14, 2023

With security schema, Splunk and collaborators aim to transform alert telemetry from cacophony to chorus with one taxonomy across vendors and tools.

Cybersecurity 142

Cybersecurity Software 142

Schneier on Security

AUGUST 14, 2023

The NSA discovered the intrusion in 2020—we don’t know how—and alerted the Japanese. The Washington Post has the story : The hackers had deep, persistent access and appeared to be after anything they could get their hands on—plans, capabilities, assessments of military shortcomings, according to three former senior U.S. officials, who were among a dozen current and former U.S. and Japanese officials interviewed, who spoke on the condition of anonymity because of the matte

Hacking 200

Hacking Cybersecurity 200

Speaker: Ronald Eddings, Cybersecurity Expert and Podcaster

So, you’ve accomplished an organization-wide SaaS adoption. It started slow, and now just a few team members might be responsible for running Salesforce, Slack, and a few others applications that boost productivity, but it’s all finished. Or is it? Through all the benefits offered by SaaS applications, it’s still a necessity to onboard providers as quickly as possible.

Risk

The Hacker News

AUGUST 18, 2023

Microsoft on Thursday disclosed that it found a new version of the BlackCat ransomware (aka ALPHV and Noberus) that embeds tools like Impacket and RemCom to facilitate lateral movement and remote code execution.

Ransomware 98

Ransomware 98

Security Boulevard

AUGUST 17, 2023

The SEC adopted new rules surrounding cybersecurity risk management, strategy, governance, and incident disclosure. As a CISO, this no doubt impacts how your company discloses material cybersecurity incidents through a Form 8-K item and annually cybersecurity risk management and governance through the company’sForm 10-K. The final rule requires the 8-K to be filed within four […] The post New SEC Cybersecurity Rules and What It Means for Board Oversight appeared first on BlackCloak | Protec

Cybersecurity 98

Cybersecurity CISO Government Risk 98

Tech Republic Security

AUGUST 14, 2023

This attack sent approximately 120,000 phishing emails to organizations worldwide with the goal to steal Microsoft 365 credentials.

Phishing 144

Phishing Authentication Cybersecurity 144

Schneier on Security

AUGUST 17, 2023

Researchers are trying to use AI to detect “social norms violations.” Feels a little sketchy right now, but this is the sort of thing that AIs will get better at. (Like all of these systems, anything but a very low false positive rate makes the detection useless in practice.) News article.

Artificial Intelligence 184

Artificial Intelligence Internet Internet 184

Speaker: Karl Camilleri, Cloud Services Product Manager at phoenixNAP

Did you know that 2021 was a record-breaking year for ransomware? The days of a “once in a while” attack against businesses and organizations are over. Cyberthreats have become a serious issue. With 495.1 million attacks, the threat marked a 148% increase compared to 2020 and was the most expensive year on record! As a result, data protection needs to be a concern for most banks, businesses, and information technology specialists.

Ransomware

Bleeping Computer

AUGUST 17, 2023

A very useful and previously unknown Windows tip was revealed this week, where you can halt process jumping in Task Manager by holding down the Ctrl key on your keyboard, allowing easier access to a listed process. [.

98

98

Digital Guardian

AUGUST 18, 2023

Hacks, social engineering, and phishing dominated this week’s headlines, but cloud security is at the forefront of government officials’ minds. Catch up on all the latest in this week’s Friday Five!

Phishing 98

Phishing Social Engineering Hacking Government 98

Tech Republic Security

AUGUST 17, 2023

Code development, content creation and analytics are the top generative AI use cases. However, many enterprise users don't trust gen AI to be private.

Artificial Intelligence 132

Artificial Intelligence Big data Software 132

Digital Shadows

AUGUST 18, 2023

Cyber-actors hide using "clean" resources. ReliaQuest shows tracking IoCs & detection helps security pros counteract disguised attacks. Enhancing OSINT is key.

98

98

Speaker: William Hord, Senior VP of Risk & Professional Services

Enterprise Risk Management (ERM) is critical for industry growth in today’s fast-paced and ever-changing risk landscape. When building your ERM program foundation, you need to answer questions like: Do we have robust board and management support? Do we understand and articulate our bank’s risk appetite and how that impacts our business units? How are we measuring and rating our risk impact, likelihood, and controls to mitigate our risk?

Banking

The Hacker News

AUGUST 17, 2023

Google has announced plans to add a new feature in the upcoming version of its Chrome web browser to alert users when an extension they have installed has been removed from the Chrome Web Store. The feature, set for release alongside Chrome 117, allows users to be notified when an add-on has been unpublished by a developer, taken down for violating Chrome Web Store policy, or marked as malware.

Malware 98

Malware 98

Dark Reading

AUGUST 18, 2023

In this Dark Reading News Desk segment, Brendan O'Connor, CEO and Co-Founder of AppOmni describes some of the biggest security challenges for securing software-as-a-service (SaaS) applications.

Software 89

Software 89

Tech Republic Security

AUGUST 15, 2023

Data from the human vs. machine challenge could provide a framework for government and enterprise policies around generative AI.

Hacking 144

Hacking Government Artificial Intelligence Cybersecurity 144

Security Boulevard

AUGUST 15, 2023

New capabilities fix security issues with MFA push notifications Zero Trust security models call for the use of multi-factor authentication (MFA) to ensure that only authorized users may access protected IT resources. Many organizations are adopting MFA to add a layer of security for remote workers. Customer-facing organizations are also implementing MFA to mitigate identity-based attacks, such as phishing, and to help quash the rise in account takeover fraud.

Authentication 98

Authentication Passwords Social Engineering Phishing 98

Speaker: P. Andrew Sjogren, Sr. Product Marketing Manager at Very Good Security, Matt Doka, Co-Founder and CTO of Fivestars, and Steve Andrews, President & CEO of the Western Bankers Association 

PCI compliance can feel challenging and sometimes the result feels like you are optimizing more for security and compliance than you are for business outcomes. The key is to take the right strategy to PCI compliance that gets you both. In this webinar, we have a great set of panelists who will take you through how Zero Data strategies can be used as part of a well-rounded compliance and security approach, and get you to market much sooner by also allowing for payment optimization.

Marketing

The Hacker News

AUGUST 17, 2023

A new, financially motivated operation dubbed LABRAT has been observed weaponizing a now-patched critical flaw in GitLab as part of a cryptojacking and proxyjacking campaign.

Firewall 98

Firewall Malware 98

Dark Reading

AUGUST 16, 2023

Even after updating Citrix networking appliances to address the critical vulnerability, enterprise defenders have to check each one to ensure they have not already been compromised.

89

89

Tech Republic Security

AUGUST 16, 2023

Stories of virus and malware infections, data loss, system compromises and unauthorized access dominate headlines, and your WordPress website may be contributing to the problem. WordPress is the most popular CMS in the world. According to Colorlib, WordPress is used by over 800 million websites worldwide. But unfortunately, that popularity also makes it one of.

Malware 117

Malware Software 117

Security Boulevard

AUGUST 15, 2023

Enterprises are developing strategies now to protect identities from being stolen and abused even as a true passwordless future is slowly coming into view, according to Joseph Carson, chief security scientist and advisory CISO at privileged access manager (PAM) vendor Delinea. “Stealing identities is a top target by attackers as it allows them to stay.

Passwords 98

Passwords CISO Network Security Authentication 98

Speaker: Mike Cramer, Director of HIPAA & Data Security at The Word & Brown Companies

The COVID-19 pandemic forced many people into working remotely, opening the floodgates for a host of digital compliance issues. Now that companies are slowly allowing employees to return to work at the office, it's time to re-evaluate your company’s posture towards privacy and security. This is especially vital if your workers were (and still are!) using company equipment from home, or are still working remotely.

Data privacy