Sat.Jun 04, 2022 - Fri.Jun 10, 2022

Zero Trust and the Failure of Sampling: Two Important Cybersecurity Trends

Joseph Steinberg

Last week, I attended an excellent briefing given by Tom Gillis, Senior Vice President and General Manager of VMware’s Networking and Advanced Security Business Group, in which he discussed various important cybersecurity-related trends that he and his team have observed.

Twitter Used Two-Factor Login Details for Ad Targeting

Schneier on Security

Twitter was fined $150 million for using phone numbers and email addresses collected for two-factor authentication for ad targeting

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

KrebsOnSecurity in New Netflix Series on Cybercrime

Krebs on Security

Netflix has a new documentary series airing next week — “ Web of Make Believe: Death, Lies & the Internet ” — in which Yours Truly apparently has a decent amount of screen time.

Weekly Update 298

Troy Hunt

I somehow ended up blasting through an hour and a quarter in this week's video with loads of discussion on the CTARS / NDIS data breach then a real time "let's see what the fuss is about" with news that one of our state's digital driver's licenses (DDL) may be easily forgeable.

How Preparation and Strategy Can Be Used to Fight and Defeat Any Ransomware Attack

Speaker: Karl Camilleri, Cloud Services Product Manager at phoenixNAP

Through a detailed analysis of major attacks and their consequences, Karl Camilleri, Cloud Services Product Manager at phoenixNAP, will discuss the state of ransomware and future predictions, as well as provide best practices for attack prevention and recovery.

Top-Ranked New Jersey School District Cancels Final Exams Following Ransomware Cyberattack

Joseph Steinberg

The Tenafly, New Jersey, Public School District has canceled final exams for its high school students after a ransomware cyberattack crippled the district’s computer infrastructure.

Long Story on the Accused CIA Vault 7 Leaker

Schneier on Security

Long article about Joshua Schulte, the accused leaker of the WikiLeaks Vault 7 and Vault 8 CIA data. Well worth reading. Uncategorized CIA leaks WikiLeaks

215
215

More Trending

Welcoming the Indonesian Government to Have I Been Pwned

Troy Hunt

Four years ago now, I started making domains belonging to various governments around the world freely searchable via a set of APIs in Have I Been Pwned. Today, I'm very happy to welcome the 33rd government, Indonesia!

GUEST ESSAY: The Top 5 online privacy and data security threats faced by the elderly

The Last Watchdog

What is it about the elderly that makes them such attractive targets for cybercriminals? A variety of factors play a role. Related: The coming of bio-digital twins. Unlike many younger users online, they may have accumulated savings over their lives — and those nest eggs are a major target for hackers. Now add psychological variables to the mix of assets worth stealing. Perhaps elderly folks who haven’t spent a lot of time online are easier to deceive.

Scams 199

Leaking Military Secrets on Gaming Discussion Boards

Schneier on Security

People are leaking classified military information on discussion boards for the video game War Thunder to win arguments — repeatedly. Uncategorized games leaks military operational security secrecy

204
204

What Can Be Done About the Decline of Customer Service?

Lohrman on Security

Frustration, anger and even desperation are showing up across diverse industries as the meaning of “more for less” is changing in America

185
185

Cover Your SaaS: How to Overcome Security Challenges and Risks For Your Organization

Speaker: Ronald Eddings, Cybersecurity Expert and Podcaster

In this webinar, Ronald Eddings, Cybersecurity Expert, will outline the relationship between SaaS apps and IT & security teams, along with several actionable solutions to overcome the new difficulties facing your organization.

How Good is DALL·E 2 at Creating NFT Artwork?

Daniel Miessler

If you’ve not heard, there are these things called NFTs. I think they’re simultaneously the future of digital signaling and currently mostly hype. But whatever—that’s not what this post is about.

RSAC insights: ‘CAASM’ tools and practices get into the nitty gritty of closing network security gaps

The Last Watchdog

Reducing the attack surface of a company’s network should, by now, be a top priority for all organizations. Related: Why security teams ought to embrace complexity. As RSA Conference 2022 gets underway today in San Francisco, advanced systems to help companies comprehensively inventory their cyber assets for enhanced visibility to improve asset and cloud configurations and close security gaps will be in the spotlight. As always, the devil is in the details.

Smartphones and Civilians in Wartime

Schneier on Security

Risk 163

RSA 2022 Musings: The Past and The Future of Security

Anton on Security

One of the things I do every year at the RSA conference is to wander the expo halls trying to deduce themes and trends for the industry. Before I go into my specific observations, I wanted to share what impressed me the most this time. My first reaction was the normalcy of it all?—?it it came as a shock as this was my first big event after, well, RSA 2020. It definitely felt like the industry was back, with all its goods and some of its bads.

VPN 131

How to Avoid the Pain and Cost of PCI Compliance While Optimizing Payments

Speaker: P. Andrew Sjogren, Sr. Product Marketing Manager at Very Good Security, Matt Doka, Co-Founder and CTO of Fivestars, and Steve Andrews, President & CEO of the Western Bankers Association 

In this webinar, we have a great set of panelists who will take you through how Zero Data strategies can be used as part of a well-rounded compliance and security approach, and get you to market much sooner by also allowing for payment optimization. They’ll share how to grow your business faster and minimize costs for both security and compliance

Artificial Intelligence and Security: What You Should Know

Dark Reading

Next-generation AI products learn proactively and identify changes in the networks, users, and databases using "data drift" to adapt to specific threats as they evolve

RSAC insights: Security platforms arise to help companies discover, assess and mitigate cyber risks

The Last Watchdog

Pity the poor CISO at any enterprise you care to name. Related: The rise of ‘XDR’. As their organizations migrate deeper into an intensively interconnected digital ecosystem, CISOs must deal with cyber attacks raining down on all fronts. Many are working with siloed security products from another era that serve as mere speed bumps. Meanwhile, security teams are stretched thin and on a fast track to burn out. Help is on the way.

Researchers Find Bluetooth Signals Can be Fingerprinted to Track Smartphones

The Hacker News

A new research undertaken by a group of academics from the University of California San Diego has revealed for the first time that Bluetooth signals can be fingerprinted to track smartphones (and therefore, individuals).

Russia warned the West against cyber attacks and threatened direct military warfare

CyberSecurity Insiders

Russia is saying that western nations like the United States and the UK are launching cyber attacks on its critical infrastructure in the name of “Glory of Ukraine”.

Back to the Office: Privacy and Security Solutions to Compliance Issues for 2021 and Beyond

Speaker: Mike Cramer, Director of HIPAA & Data Security at The Word & Brown Companies

Now that companies are slowly allowing employees to return to work at the office, it's time to re-evaluate your company’s posture towards privacy and security. Join Mike Cramer, Director of HIPAA & Data Security at The Word & Brown Companies, for a discussion that will focus on compliance and the types of privacy and security measures your company should be aware of, as well as tips and methods for implementing these measures.

New Linux Malware 'Nearly Impossible to Detect'

Dark Reading

So-called Symbiote malware, first found targeting financial institutions, contains stealthy rootkit capabilities

GUEST ESSAY – The role of automation in keeping software from malicious, unintended usage

The Last Watchdog

Writing a code can be compared to writing a letter. Related: Political apps promote division. When we write a letter, we write it in the language we speak — and the one that the recipient understands. When writing a code, the developer does it in a language that the computer understands, that is, a programing language. With this language, the developer describes a program scenario that determines what the program is required to do, and under what circumstances.

Humans and identity are constants in the ever-changing world of cybersecurity

Tech Republic Security

Businesses now compete as ecosystems and the veracity of information must be protected, officials tell the audience at the RSA Conference Monday. The post Humans and identity are constants in the ever-changing world of cybersecurity appeared first on TechRepublic. CXO Security

Period-Tracking and Fertility Apps Can Put Women Seeking Abortions at Risk

WIRED Threat Level

Apps collect sensitive data that could be subpoenaed by law enforcement or sold by data brokers. Business Security / Privacy

Risk 114

How AI Is Useful — and Not Useful — for Cybersecurity

Dark Reading

AI works best when security professionals and AI are complementing each other

Microsoft Suggests Work-Around For ‘Serious’ Follina Zero-Day

Security Boulevard

While malicious email attachments are nothing new, there’s reason to be particularly cautious when it comes to the new zero-day vulnerability, dubbed Follina, found in Microsoft Word, for which the tech giant almost immediately issued a workaround.

Tech pros have low confidence in supply chain security

Tech Republic Security

A new report from ISACA finds that 53% of respondents believe supply chain issues will stay the same or worsen over the next six months. The post Tech pros have low confidence in supply chain security appeared first on TechRepublic. Security

166
166

Period-Tracking and Fertility Apps Can Put Women Seeking Abortions at Risk

WIRED Threat Level

Apps collect sensitive data that could be subpoenaed by law enforcement or sold by data brokers. Business Security / Privacy

Risk 114

Communication Is Key to CISO Success

Dark Reading

A panel of CISOs at the RSA Conference outlined what a successful first 90-day plan looks like, and it boiled down to effective communication and listening

CISO 114

Tesla Fails Yet Again: Hackers can Steal Cars via NFC

Security Boulevard

Tesla Models 3 and Y can be unlocked and stolen via a bug in their NFC software. Two separate research groups found this new bug at around the same time. The post Tesla Fails Yet Again: Hackers can Steal Cars via NFC appeared first on Security Boulevard.

Security Resilience for a Hybrid, Multi-Cloud Future

Cisco CSR

Eighty-one percent of organizations told Gartner they have a multi-cloud strategy. As more organizations subscribe to cloud offerings for everything from hosted data centers to enterprise applications, the topology of the typical IT environment grows increasingly complex.

Retail 114

Unpatched Critical Flaws Disclosed in U-Boot Bootloader for Embedded Devices

The Hacker News

Cybersecurity researchers have disclosed two unpatched security vulnerabilities in the open-source U-Boot boot loader.

Harnessing AI to Proactively Thwart Threats

Dark Reading

By using artificial intelligence to predict how an attacker would carry out their attack, we can deploy defenses and preemptively shut down vulnerable entry points

Bots compromise Jersey Computers to use them for Cyber Attacks

CyberSecurity Insiders

Hackers were seen using Jersey computers to cyber attack servers operating in the United States, Germany and Hungary. The compromised machines were acting as devices to launch cyber attacks and the suspicion finger is currently rising towards Russia.

GitLab addressed critical account take over via SCIM email change

Security Affairs

GitLab addresses a critical security vulnerability, tracked as CVE-2022-1680, that could be exploited by an attacker to take over users’ accounts.