Sat.Dec 24, 2022 - Fri.Dec 30, 2022

article thumbnail

Will the Crypto Crash Impact Cybersecurity in 2023? Maybe.

Dark Reading

Will the bottom falling out of the cryptocurrency market have a profound impact on cybercriminal tactics and business models? Experts weigh in on what to expect.

article thumbnail

Recovering Smartphone Voice from the Accelerometer

Schneier on Security

Yet another smartphone side-channel attack: “ EarSpy: Spying Caller Speech and Identity through Tiny Vibrations of Smartphone Ear Speakers “: Abstract: Eavesdropping from the user’s smartphone is a well-known threat to the user’s safety and privacy. Existing studies show that loudspeaker reverberation can inject speech into motion sensor readings, leading to speech eavesdropping.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

The Top 23 Security Predictions for 2023 (Part 2)

Lohrman on Security

After a year full of data breaches, ransomware attacks and real-world cyber impacts stemming from Russia’s invasion of Ukraine, what’s next? Here’s part 2 of your annual roundup of security industry forecasts for 2023 and beyond.

article thumbnail

Weekly Update 328

Troy Hunt

We made it! That's 2022 done and dusted, and what a year it was, both professionally and personally. It feels great to get to the end of the year with all the proverbial ducks lined up, some massive achievements now behind us (not least of which was the wedding), and a clean slate coming into 2023 to do amazing things. I'm super excited about next year and can't wait to share a whole bunch of new stuff over the coming 52 Fridays.

article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

How to deploy a self-hosted instance of the Passbolt password manager

Tech Republic Security

A password manager can keep your sensitive information in-house. Here's how to deploy Passbolt to your data center or cloud-hosted service. The post How to deploy a self-hosted instance of the Passbolt password manager appeared first on TechRepublic.

article thumbnail

LastPass Breach

Schneier on Security

Last August, LastPass reported a security breach, saying that no customer information—or passwords—were compromised. Turns out the full story is worse : While no customer data was accessed during the August 2022 incident, some source code and technical information were stolen from our development environment and used to target another employee, obtaining credentials and keys which were used to access and decrypt some storage volumes within the cloud-based storage service. […].

Passwords 266

More Trending

article thumbnail

Weekly Update 327

Troy Hunt

It's my last weekly update on the road for a while! As enjoyable as travel is, I'm looking forward to getting back to a normal routine and really starting to smash out some of the goals I have for the coming year. For now though, I've published this a couple of days after recording, and a day after an awesome hot, beachside Christmas.

article thumbnail

Tips and tricks for securing data when migrating to the cloud

Tech Republic Security

Find out how you can have a safe and secure transition to the cloud. This guide describes tips and steps to take to ensure your data is secure during a migration. The post Tips and tricks for securing data when migrating to the cloud appeared first on TechRepublic.

article thumbnail

QR Code Scam

Schneier on Security

An enterprising individual made fake parking tickets with a QR code for easy payment.

Scams 255
article thumbnail

2022 in review: 10 of the year’s biggest cyberattacks

We Live Security

The past year has seen no shortage of disruptive cyberattacks – here’s a round-up of some of the worst hacks and breaches that have impacted a variety of targets around the world in 2022. The post 2022 in review: 10 of the year’s biggest cyberattacks appeared first on WeLiveSecurity.

Hacking 138
article thumbnail

Beware of Pixels & Trackers on U.S. Healthcare Websites

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

article thumbnail

Ransomware attack at Louisiana hospital impacts 270,000 patients

Bleeping Computer

The Lake Charles Memorial Health System (LCMHS) is sending out notices of a data breach affecting thousands of people who have received care at one of its medical centers. [.].

article thumbnail

FIN7 threat actor updated its ransomware activity

Tech Republic Security

Researchers from PRODAFT reveal that the infamous FIN7 threat actor updated its ransomware activities and provide a unique view into the structure of the group. Learn how to protect against it. The post FIN7 threat actor updated its ransomware activity appeared first on TechRepublic.

article thumbnail

BlueNoroff introduces new methods bypassing MoTW

SecureList

BlueNoroff group is a financially motivated threat actor eager to profit from its cyberattack capabilities. We have published technical details of how this notorious group steals cryptocurrency before. We continue to track the group’s activities and this October we observed the adoption of new malware strains in its arsenal. The group usually takes advantage of Word documents and uses shortcut files for the initial intrusion.

Malware 138
article thumbnail

How One Jobseeker Used AI to Apply for 200 Jobs in 2 Days

Javvad Malik

The search for a job has never been easy, but with the commoditisation of AI tools, it’s becoming a bit easier for the ambitious jobseeker. Recently, one such individual used AI to apply for nearly 200 jobs in the span of two days – a feat most of us can only dream of achieving. @jerryjhlee Replying to @jaymie_inc this is how you apply to 200 jobs in 2 days — perfect timing with the holidays #resume #jobtips ♬ Betty (Get Money) – Yung Gravy.

article thumbnail

Software Composition Analysis: The New Armor for Your Cybersecurity

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

article thumbnail

Hacker claims to be selling Twitter data of 400 million users

Bleeping Computer

A threat actor claims to be selling public and private data of 400 million Twitter users scraped in 2021 using a now-fixed API vulnerability. They're asking $200,000 for an exclusive sale. [.].

137
137
article thumbnail

Don’t overlook supply chain security in your 2023 security plan

Tech Republic Security

Supply chain security concerns continue to grow. Does your company have a risk management strategy in place that addresses the possibility of a major supplier security failure? The post Don’t overlook supply chain security in your 2023 security plan appeared first on TechRepublic.

Risk 167
article thumbnail

Year in review for 2022 – Where is Cybersecurity headed?

Security Boulevard

As another year wraps up, it’s time to take a look back at the cybersecurity trends that dominated the landscape. From the ongoing impact of the past years’ pandemic to major geopolitical events and nation-state cyber attacks, 2022 saw a surge in cyberattacks that shows no signs of slowing down. But what exactly is driving […]. The post Year in review for 2022 – Where is Cybersecurity headed?

article thumbnail

US Congress funds cybersecurity initiatives in FY2023 spending bill

CSO Magazine

On December 23, the House and Senate Appropriations Committee agreed to a $1.7 trillion omnibus spending bill that funds government operations through the fiscal year 2023. On December 29, President Biden signed it. The 4,155-page bill reflects an already agreed-upon $858 billion for defense spending and an additional $800 billion for non-defense spending, including several prominent cybersecurity items.

article thumbnail

From Complexity to Clarity: Strategies for Effective Compliance and Security Measures

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

article thumbnail

Hackers abuse Google Ads to spread malware in legit software

Bleeping Computer

Malware operators have been increasingly abusing the Google Ads platform to spread malware to unsuspecting users searching for popular software products. [.].

Software 142
article thumbnail

Data Breach leads to Comcast Customer Data Leak

CyberSecurity Insiders

A few days ago, Comcast hit the news headlines for increasing its service price so much that many of its customers weren’t ready for the surprise at all. Now, reports are in that the database of the Pennsylvania based digital services provider was hit by a cyber attack leading to a data breach, thus leaking details to hackers. The attack reportedly took place on December 9th,2022(likely) when most of the IT staff were on a long Christmas leave or were about to take it to enjoy the festive season

article thumbnail

6 Reasons Why Today’s Cybersecurity Landscape is so Complex

Security Boulevard

Today’s cyber threat landscape is constantly expanding and evolving. On top of that, threat actors’ attack tactics are increasingly complex and difficult to detect. It can be challenging for organizations to keep up with all the new technologies they are adopting, how and where they are being used, who is using them, and whether they are critical for operations. .

article thumbnail

CPRA explained: New California privacy law ramps up restrictions on data use

CSO Magazine

On January 1, 2023, 20, the California Privacy Rights Act (CPRA) will go into effect. Approved by ballot measure as Proposition 24 in November 2020, it created a new consumer data privacy agency and put California another step ahead of other states in terms of privacy productions for consumers—and data security requirements for enterprises. California already had a privacy law in place, the California Consumer Privacy Act (CCPA), adopted in 2018.

article thumbnail

Successful Change Management with Enterprise Risk Management

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

article thumbnail

Farcical Recognition

Javvad Malik

It was bound to happen – welcome to the future! Mom took her daughter to see a show. AI facial recognition software recognizes her and she’s unceremoniously escorted out by security. . Her offence? Her employer, a huge law firm (not her) is in protracted litigation with the owner MSG Entertainment, and MSG has a policy that precludes attorneys pursuing active litigation against the company from attending events at their venues.

article thumbnail

Biden administration passes bill against Quantum Computing Data Breaches

CyberSecurity Insiders

Joe Biden and his administration seems be on a forward thinking gear for quantum technology linked cyber attacks leading to data breaches. On December 21st,2022, the Senate passed a bipartisan bill to prevent data breaches emerging from quantum computing. The Quantum Computing Cybersecurity Preparedness Act was made into a legislation that prevents usage of quantum computing technology in decrypting stolen information, as they can break any kind of cryptographic algorithms.

article thumbnail

Gaming Companies Take Big Risks This Holiday

Security Boulevard

As the holiday season ramps up, online gamers spend more time in their favorite virtual worlds. From Nintendo to Xbox to “God of War” and “Call of Duty,” a flood of video games appear on the scene, encouraging players to invest even more time and money in this form of competitive entertainment. There are an […]. The post Gaming Companies Take Big Risks This Holiday appeared first on Security Boulevard.

Risk 127
article thumbnail

Log4Shell remains a big threat and a common cause for security breaches

CSO Magazine

The Log4Shell critical vulnerability that impacted millions of enterprise applications remains a common cause for security breaches a year after it received patches and widespread attention and is expected to remain a popular target for some time to come. Its long-lasting impact highlights the major risks posed by flaws in transitive software dependencies and the need for enterprises to urgently adopt software composition analysis and secure supply chain management practices Log4Shell , official

Software 118
article thumbnail

Cover Your SaaS: How to Overcome Security Challenges and Risks For Your Organization

Speaker: Ronald Eddings, Cybersecurity Expert and Podcaster

So, you’ve accomplished an organization-wide SaaS adoption. It started slow, and now just a few team members might be responsible for running Salesforce, Slack, and a few others applications that boost productivity, but it’s all finished. Or is it? Through all the benefits offered by SaaS applications, it’s still a necessity to onboard providers as quickly as possible.

article thumbnail

Thousands of Citrix servers vulnerable to patched critical flaws

Bleeping Computer

Thousands of Citrix ADC and Gateway deployments remain vulnerable to two critical-severity security issues that the vendor fixed in recent months. [.].

123
123
article thumbnail

Follow these simple tricks to keep your smart phone secure in 2023

CyberSecurity Insiders

Smart Phones have become a need for us these days as they assist us in commuting, help in entertaining us if/when bored, help communicate with near & dear, read news and do more such stuff. But as these gadgets have turned crucial in our lives, many hackers are also interested in infiltrating them, to get our glimpse of our lives or where we are heading. .

article thumbnail

How Low-Code/No-Code App Development Affects IT Security

Security Boulevard

While low-code and no-code application development is a couple decades old, the train truly left the station just a few years ago. It has been gaining considerable steam ever since. So popular and prevalent is low-code/no-code that several studies estimate that by 2025 it will be responsible for two-thirds of all applications developed. The post How Low-Code/No-Code App Development Affects IT Security appeared first on Radware Blog.

123
123
article thumbnail

Beyond the Obvious: The Boldest Cybersecurity Predictions for 2023

Dark Reading

Dark Reading's panel of security experts deliver a magnum of bubbly hot takes on what 2023 will look like, featuring evil AIs, WWIII, wild workplace soon-to-be-norms, and more.

article thumbnail

How Preparation and Strategy Can Be Used to Fight and Defeat Any Ransomware Attack

Speaker: Karl Camilleri, Cloud Services Product Manager at phoenixNAP

Did you know that 2021 was a record-breaking year for ransomware? The days of a “once in a while” attack against businesses and organizations are over. Cyberthreats have become a serious issue. With 495.1 million attacks, the threat marked a 148% increase compared to 2020 and was the most expensive year on record! As a result, data protection needs to be a concern for most banks, businesses, and information technology specialists.