Sat.Apr 16, 2022 - Fri.Apr 22, 2022

Undetectable Backdoors in Machine-Learning Models

Schneier on Security

New paper: “ Planting Undetectable Backdoors in Machine Learning Models : Abstract : Given the computational cost and technical expertise required to train machine learning models, users may delegate the task of learning to a service provider.

283
283

Don’t Let Encryption Become A Double-Edged Sword That Undermines Zero Trust CyberSecurity

Joseph Steinberg

It is no secret that cybersecurity professionals universally recommend that people, businesses, and governments employ strong encryption as one of several methods of protecting sensitive information.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Conti’s Ransomware Toll on the Healthcare Industry

Krebs on Security

Conti — one of the most ruthless and successful Russian ransomware groups — publicly declared during the height of the COVID-19 pandemic that it would refrain from targeting healthcare providers.

Weekly Update 292

Troy Hunt

Well that was an unusual ending. Both my mouse and keyboard decided to drop off right at the end of this week's video and without any control whatsoever, there was no way to end the live stream!

How Preparation and Strategy Can Be Used to Fight and Defeat Any Ransomware Attack

Speaker: Karl Camilleri, Cloud Services Product Manager at phoenixNAP

Through a detailed analysis of major attacks and their consequences, Karl Camilleri, Cloud Services Product Manager at phoenixNAP, will discuss the state of ransomware and future predictions, as well as provide best practices for attack prevention and recovery.

Clever Cryptocurrency Theft

Schneier on Security

Beanstalk Farms is a decentralized finance project that has a majority stake governance system: basically people have proportiona votes based on the amount of currency they own.

GUEST ESSAY: The wisdom of taking a risk-based approach to security compliance

The Last Watchdog

Today, all organizations are required or encouraged to meet certain standards and regulations to protect their data against cybersecurity threats. The regulations vary across countries and industries, but they are designed to protect customers from the threat of posed data breaches. . Related: The value of sharing third-party risk assessments.

Risk 158

More Trending

How do Companies Process Sensitive Data and Why is That Important?

CyberSecurity Insiders

Source. Keeping information secure from any theft activities in the digital world is necessary. But unfortunately, with everything going online, the digital world seems to be just as dangerous as the real world, especially when storing your personal information. .

Long Article on NSO Group

Schneier on Security

Ronan Farrow has a long article in The New Yorker on NSO Group, which includes the news that someone — probably Spain — used the software to spy on domestic Catalonian sepratists

SHARED INTEL: How Russia’s war mongering compromises those holding security clearances

The Last Watchdog

While global commerce is an important aspect of the world economy, individuals who hold national security clearances need to be aware that some of the activities they engage in could pose a security risk and may negatively impact their security clearances. Related: Russia takes steps to radicalize U.S. youth.

Risk 148

The Basics of Cloud Security for Your Business

Security Boulevard

Cloud security encompasses the controls, policies, practices and technologies that protect applications, data and infrastructure from internal and external threats.

Cover Your SaaS: How to Overcome Security Challenges and Risks For Your Organization

Speaker: Ronald Eddings, Cybersecurity Expert and Podcaster

In this webinar, Ronald Eddings, Cybersecurity Expert, will outline the relationship between SaaS apps and IT & security teams, along with several actionable solutions to overcome the new difficulties facing your organization.

Malware is seen sending extortion emails to pay $2K in Bitcoins

CyberSecurity Insiders

A malware dubbed MyloBot malware is seen sending extortion emails to victims and demanding a payment of $2,732 in digital currency.

Java Cryptography Implementation Mistake Allows Digital-Signature Forgeries

Schneier on Security

Interesting implementation mistake : The vulnerability, which Oracle patched on Tuesday , affects the company’s implementation of the Elliptic Curve Digital Signature Algorithm in Java versions 15 and above.

Anonymous hacked other Russian organizations, some of the breaches could be severe

Security Affairs

The Anonymous collective and affiliate groups intensify their attacks and claimed to have breached multiple organizations. Anonymous and groups linked to the famous collective continues to target Russian organizations, the hacktivist are breaching their systems and leak stolen data online.

Critical Chipset Bugs Open Millions of Android Devices to Remote Spying

The Hacker News

Three security vulnerabilities have been disclosed in the audio decoders of Qualcomm and MediaTek chips that, if left unresolved, could allow an adversary to remotely gain access to media and audio conversations from affected mobile devices.

Media 112

How to Avoid the Pain and Cost of PCI Compliance While Optimizing Payments

Speaker: P. Andrew Sjogren, Sr. Product Marketing Manager at Very Good Security, Matt Doka, Co-Founder and CTO of Fivestars, and Steve Andrews, President & CEO of the Western Bankers Association 

In this webinar, we have a great set of panelists who will take you through how Zero Data strategies can be used as part of a well-rounded compliance and security approach, and get you to market much sooner by also allowing for payment optimization. They’ll share how to grow your business faster and minimize costs for both security and compliance

Financial data of about 42m Britons hacked last year

CyberSecurity Insiders

Reynolds Porter Chamberlain (RPC), an international law firm based in Britain, published some interesting facts on its survey conducted on Financial Frauds that took place last year. And as per the published material, financial data of nearly 42 million Britons was hacked last year.

When “secure” isn’t secure at all: High?impact UEFI vulnerabilities discovered in Lenovo consumer laptops

We Live Security

ESET researchers discover multiple vulnerabilities in various Lenovo laptop models that allow an attacker with admin privileges to expose the user to firmware-level malware.

Millions of Lenovo Laptops Contain Firmware-Level Vulnerabilities

Dark Reading

Three flaws present in consumer laptops can give attackers a way to drop highly persistent malware capable of evading methods to remove it, security vendor says

Cisco Secure Endpoint Shines in the 2022 MITRE® Engenuity ATT&CK Evaluation

Cisco CSR

Recently MITRE Engenuity released the results from its fourth round of the ATT&CK Evaluations. This round focused on threat actors Wizard Spider and Sandworm. It’s no surprise that both hacking groups have made their presence felt.

Retail 112

Back to the Office: Privacy and Security Solutions to Compliance Issues for 2021 and Beyond

Speaker: Mike Cramer, Director of HIPAA & Data Security at The Word & Brown Companies

Now that companies are slowly allowing employees to return to work at the office, it's time to re-evaluate your company’s posture towards privacy and security. Join Mike Cramer, Director of HIPAA & Data Security at The Word & Brown Companies, for a discussion that will focus on compliance and the types of privacy and security measures your company should be aware of, as well as tips and methods for implementing these measures.

Microsoft releases open-source tool for securing MikroTik routers

CyberSecurity Insiders

This blog was written by an independent guest blogger. In mid-March, Microsoft released a free, open-source tool that can be used to secure MikroTik routers. The tool, RouterOS Scanner, has its source code available on GitHub.

New Lenovo UEFI Firmware Vulnerabilities Affect Millions of Laptops

The Hacker News

Three high-impact Unified Extensible Firmware Interface (UEFI) security vulnerabilities have been discovered impacting various Lenovo consumer laptop models, enabling malicious actors to deploy and execute firmware implants on the affected devices.

LinkedIn Brand Now the Most Abused in Phishing Attempts

Dark Reading

New research shows threat actors increasingly leveraging social networks for attacks, with LinkedIn being used in 52% of global phishing attacks

Security Resilience in EMEA

Cisco CSR

What makes a successful cybersecurity program and how can organizations improve their resilience in a world that seems increasingly unpredictable? How do we know what actually works and what doesn’t in order to maximize success?

Retail 111

Five Eyes issues Russian Cyber Threat warning

CyberSecurity Insiders

All the countries that are against Russia’s war on Ukraine, mainly the UK, US, Australia, Canada and New Zealand and collectively called as Five Eyes- have been warned about a major possible cyber attack from Russian Federation.

Cybersecurity Ecosystem Mapping Updates: April 2022

Security Boulevard

Reflection, future plans, and a large set of updates to the original cybersecurity ecosystem mapping. The post Cybersecurity Ecosystem Mapping Updates: April 2022 appeared first on Security Boulevard. Security Bloggers Network Ecosystems

The Checklist to Ensure the Ultimate SaaS Security Posture Management (SSPM)

IT Security Guru

Cloud security is the umbrella that holds within it: IaaS, PaaS and SaaS. Gartner created the SaaS Security Posture Management ( SSPM ) category for solutions that continuously assess security risk and manage the SaaS applications’ security posture.

Enemybot, a new DDoS botnet appears in the threat landscape

Security Affairs

Enemybot is a DDoS botnet that targeted several routers and web servers by exploiting known vulnerabilities. Researchers from Fortinet discovered a new DDoS botnet, tracked as Enemybot, that has targeted several routers and web servers by exploiting known vulnerabilities.

DDOS 105

A Guide to The Metaverse and Cybersecurity: Addressing Threats in the Future of Internet

CyberSecurity Insiders

by Grace Lau – Director of Growth Content, Dialpad. As we write this, large companies are investing heavily in Metaverse real estate – and for very good reason. However, some are also concerned that the Metaverse is developing in a dangerously uncontrolled way.

The Top 7 Most Common Web Vulnerabilities

Security Boulevard

Invicti has published the Spring 2022 Edition of The Invicti AppSec Indicator, a comprehensive study that ranks the most common web vulnerabilities. To conduct their research, Invicti analyzed 939 customers across the globe for flaws, discovering 282,914 direct-impact vulnerabilities.

Zero-Day Exploit Use Exploded in 2021

Dark Reading

Ransomware and other financially motivated threat actors joined nation-state-backed groups in leveraging unpatched flaws in attack campaigns, new data shows

Static SSH host key in Cisco Umbrella allows stealing admin credentials

Security Affairs

Cisco addressed a high severity vulnerability in the Cisco Umbrella Virtual Appliance (VA) that could allow stealing admin credentials.

DNS 102

Hive Ransomware deployed on Microsoft Exchange Servers

CyberSecurity Insiders

Vulnerability in Microsoft Exchange Servers is allowing hackers to deploy hive ransomware and other backdoors, including Cobalt Strike Beacon, having capabilities of stealing cryptocurrency from wallets and deploy crypto mining software.

Local U.S. Governments and Municipalities at Risk of Foreign Nation Cyber Attacks

Security Boulevard

Experts have warned that the Russia-Ukraine conflict poses an unprecedented cyber risk for U.S. organizations as well as State and local governments and municipalities. The post Local U.S. Governments and Municipalities at Risk of Foreign Nation Cyber Attacks appeared first on Security Boulevard.

How Hackers Use Reconnaissance – and How to Protect Against It

eSecurity Planet

Information gathering is often the starting point of a cyberattack. For many hackers, before attempting anything they want to know who they’re dealing with, what vulnerabilities they might exploit, and whether they can operate stealthily or not.