Krebs on Security

APRIL 29, 2022

Google said this week it is expanding the types of data people can ask to have removed from search results, to include personal contact information like your phone number, email address or physical address. The move comes just months after Google rolled out a new policy enabling people under the age of 18 (or a parent/guardian) to request removal of their images from Google search results.

Identity Theft 364

Identity Theft Cybercrime Retail Hacking 364

Schneier on Security

APRIL 29, 2022

New research: “ Are You Really Muted?: A Privacy Analysis of Mute Buttons in Video Conferencing Apps “: Abstract: In the post-pandemic era, video conferencing apps (VCAs) have converted previously private spaces — bedrooms, living rooms, and kitchens — into semi-public extensions of the office. And for the most part, users have accepted these apps in their personal space, without much thought about the permission models that govern the use of their personal data during me

Government 339

Government 339

Lohrman on Security

APRIL 24, 2022

Where next for supply chain disruptions? How will this impact technology projects and plans? Let’s explore.

Technology 246

Technology 246

The Last Watchdog

APRIL 28, 2022

Passwords have become ubiquitous with digital. Yet most people don’t know how to use them properly. The humble password is nothing more than a digital key that opens a door. Related: The coming of passwordless access. People use keys to open their house, office, garage or car. And they use passwords to open a device, a system, an account, a file and so on.

Passwords 237

Passwords Encryption Phishing Social Engineering 237

Speaker: Erroll Amacker

Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.

Risk

Tech Republic Security

APRIL 25, 2022

Through multiple breaches, the Lapsus$ cybercriminal group was able to steal source code from T-Mobile, says KrebsOnSecurity. The post T-Mobile hit by data breaches from Lapsus$ extortion group appeared first on TechRepublic.

Data breaches 197

Data breaches Mobile 197

Schneier on Security

APRIL 25, 2022

SMS phishing attacks — annoyingly called “smishing” — are becoming more common. I know that I have been receiving a lot of phishing SMS messages over the past few months. I am not getting the “Fedex package delivered” messages the article talks about. Mine are usually of the form: “thank you for paying your bill, here’s a free gift for you.

Phishing 333

Phishing 333

The Last Watchdog

APRIL 26, 2022

In a recent survey of US-based CEOs, talent shortages and cybersecurity were listed as two of the top five business concerns in 2022. Related: Cultivating ‘human sensors’ They may not entirely realize that when compounded, these two concerns could pose a critical security threat for their organization. CEOs who are looking to secure their data and build a cyber-resilient infrastructure are facing a quadruple whammy: •Expanding their digital infrastructure faster than they can secure

Cybersecurity 234

Cybersecurity Education InfoSec Cyber threats 234

Tech Republic Security

APRIL 27, 2022

The malicious software had been slowly returning since November 2021, and saw a large number of phishing emails sent out with Emotet attached in April 2022. The post Emotet malware launches new email campaign appeared first on TechRepublic.

Malware 174

Malware Phishing Software 174

Schneier on Security

APRIL 28, 2022

Microsoft has a comprehensive report on the dozens of cyberattacks — and even more espionage operations — Russia has conducted against Ukraine as part of this war: At least six Russian Advanced Persistent Threat (APT) actors and other unattributed threats, have conducted destructive attacks, espionage operations, or both, while Russian military forces attack the country by land, air, and sea.

Government 257

Government Malware 257

WIRED Threat Level

APRIL 27, 2022

From “IT Army” DDoS attacks to custom malware, the country has become a target like never before.

DDOS 145

DDOS Hacking Malware 145

Advertisement

Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.

Cyber threats

Cisco Security

APRIL 26, 2022

For my very first interview for the Security Stories podcast , I met a wonderful person called Mick Jenkins, MBE. Mick is sadly no longer with us, but his story will stay with me forever. One of Mick’s philosophies was centred around the importance of cyber resilience. “Improvise, adapt, overcome” are the words he used. This philosophy helped him when he got lost in the wilderness at age 14.

CISO 145

CISO Data privacy Cybersecurity Technology 145

Tech Republic Security

APRIL 25, 2022

Disaster recovery as a service offerings are plentiful for a reason. Here's how the cloud-based disaster recovery services work and how the best providers stack up. The post Top DRaaS providers and disaster recovery services 2022 appeared first on TechRepublic.

166

166

Schneier on Security

APRIL 27, 2022

Both Google and Mandiant are reporting a significant increase in the number of zero-day vulnerabilities reported in 2021. Google: 2021 included the detection and disclosure of 58 in-the-wild 0-days, the most ever recorded since Project Zero began tracking in mid-2014. That’s more than double the previous maximum of 28 detected in 2015 and especially stark when you consider that there were only 25 detected in 2020.

Ransomware 245

Ransomware Risk Malware Hacking 245

Malwarebytes

APRIL 25, 2022

Imagine logging into your bank’s website after responding to a text message claiming you’re due a refund, only to see a warning to watch out for bogus texts: Beware of SMS phishing! For those who don’t read Dutch, the warning reads: Never respond to unusual emails or texts! Fraudsters often send e-mails under the guise of renewing your debit card or digipas.

Phishing 145

Phishing Banking Scams Accountability 145

Advertisement

The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.

Cybersecurity

Cisco Security

APRIL 25, 2022

A conversation with Shawnee Heights School District . You have likely heard us talking more about security resilience in recent weeks. Resilience has always been a key part of cybersecurity, but the last few years have really highlighted its importance. . At Cisco, we define security resilience as: The ability to protect the integrity of every aspect of your business to withstand unpredictable threats or changes, and then emerge stronger.

Technology 145

Technology Education Architecture Internet 145

Tech Republic Security

APRIL 27, 2022

If malicious actors are already on your network, then typical cybersecurity measures aren’t enough. Learn how to further protect your organization’s data with these five facts about zero-trust security from Tom Merritt. The post Top 5 things about zero-trust security that you need to know appeared first on TechRepublic.

Cybersecurity 159

Cybersecurity 159

Veracode Security

APRIL 25, 2022

Emerging government regulations have driven the advancement of standards for securing software supply chains. The production of a Software Bill of Materials (SBOM) in a standard format is an increasing audit and compliance need for large organizations. Having an SBOM can help Identify and avoid security risks Understand and manage licensing risks Veracode Software Composition Analysis (SCA) helps teams qualify and manage risks from software running in their environments, better plan and control

Software 142

Software Risk Government 142

Malwarebytes

APRIL 29, 2022

A joint Cybersecurity Advisory, coauthored by cybersecurity authorities of the United States (CISA, NSA, and FBI), Australia (ACSC), Canada (CCCS), New Zealand (NZ NCSC), and the United Kingdom (NCSC-UK) has detailed the top 15 Common Vulnerabilities and Exposures (CVEs) routinely exploited by malicious cyber actors in 2021, as well as other CVEs frequently exploited.

Internet 142

Internet Internet Software Authentication 142

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

Cisco Security

APRIL 28, 2022

In the midst of global change and virtual hiring, the landscape of job searching has changed. We sat down (via WebEx) with recruiting leaders, accessibility experts and career changers at Cisco Secure and Duo Security to find out the top 10 ways to make the virtual job search, application and interview process as easeful as possible. Stay tuned for future topics in this series including advice for career changers and environmental aspects to consider for long-term fulfillment at work. 1.

Engineering 143

Engineering Technology Software Education 143

Tech Republic Security

APRIL 29, 2022

Okta and Microsoft Azure Active Directory are both robust and capable IAM solutions. Okta wins out on ease of use and streamlined implementation; Azure Active Directory is best for existing Azure infrastructures where more complex user access permissions are needed. The post IAM software: Okta vs Azure Active Directory appeared first on TechRepublic.

Software 148

Software 148

Security Affairs

APRIL 25, 2022

State television announced that Iran has foiled massive cyberattacks that targeted public services operated by both government and private organizations. According to the Iran state television, the attack attempts took place in recent days and aimed at the infrastructure of more than 100 public sector agencies. The report did not name entities that were targeted by the cyberattacks.

Cyber Attacks 142

Cyber Attacks Malware Internet Internet 142

Bleeping Computer

APRIL 25, 2022

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added seven vulnerabilities to its list of actively exploited security issues, including those from Microsoft, Linux, and Jenkins. [.].

Cybersecurity 141

Cybersecurity 141

Speaker: Sierre Lindgren

Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.

Scams

CSO Magazine

APRIL 28, 2022

Phishing continues to be one of the primary attack mechanisms for bad actors with a variety of endgames in mind, in large part because phishing attacks are trivial to launch and difficult to fully protect against. Some phishing attacks target customers rather than employees, and others simply aim to damage your corporate reputation rather than compromise your systems.

Phishing 136

Phishing Social Engineering Engineering Technology 136

Tech Republic Security

APRIL 29, 2022

Trick attackers into exposing themselves when they breach your systems using decoys that are easy to deploy and act like tripwires. The post Protect your environment with deception and honeytokens appeared first on TechRepublic.

148

148

CyberSecurity Insiders

APRIL 27, 2022

As the threat landscape evolves and multiplies with more advanced attacks than ever, defending against these modern cyber threats is a monumental challenge for almost any. organization. Threat detection is about an organization’s ability to accurately identify threats, be it to. the network, an endpoint, another asset or application – including cloud infrastructure. and assets.

Threat Detection 136

Threat Detection Software Technology Engineering 136

Graham Cluley

APRIL 25, 2022

Someone isn't happy that Ukraine's post office has issued stamps mocking the sunken Russian navy flagship.

DDOS 135

DDOS 135

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Security Boulevard

APRIL 25, 2022

A ridiculously dumb flaw in Java’s signature checking code is patched. This isn’t some crufty legacy Sun code, but actual garbage Oracle sloppiness that’s causing IT people to chase their tails yet again. The post ‘Crypto Bug of the Year’ Fixed — Update Java NOW appeared first on Security Boulevard.

IoT 134

IoT Security Awareness Mobile Risk 134

Tech Republic Security

APRIL 29, 2022

New research shows that the weakness shattered confidence in cloud defenses and motivated a new set of cybersecurity priorities. The post Survey: Recovery from Log4Shell vulnerability is ongoing with 77% of organizations still in patching mode appeared first on TechRepublic.

Cybersecurity 148

Cybersecurity 148

Malwarebytes

APRIL 26, 2022

Bad ads are at it again. Rogue Google ads caused no end of misery for cryptocurrency enthusiasts, costing them roughly $4.31 million between the 12th and the 21st of April. This is an astonishing slice of cryptocurrency cash to lose for the sake of clicking on something in a search engine. The bogus links were at the top of results for Terra blockchain projects.

Cryptocurrency 134

Cryptocurrency Phishing Engineering Mobile 134

Security Affairs

APRIL 25, 2022

At least 60 entities worldwide have been breached by BlackCat ransomware, warns a flash report published by the U.S. FBI. The U.S. Federal Bureau of Investigation (FBI) published a flash report that states that at least 60 entities worldwide have been breached by BlackCat ransomware (aka ALPHV and Noberus) since it started its operations in November. “The Federal Bureau of Investigation (FBI) has released a Flash report detailing indicators of compromise (IOCs) associated with attacks in

Ransomware 132

Ransomware Antivirus Passwords Malware 132

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!