Sat.May 21, 2022 - Fri.May 27, 2022

Manipulating Machine-Learning Systems through the Order of the Training Data

Schneier on Security

Yet another adversarial ML attack: Most deep neural networks are trained by stochastic gradient descent. Now “stochastic” is a fancy Greek word for “random”; it means that the training data are fed into the model in random order. So what happens if the bad guys can cause the order to be not random?

MY TAKE: Businesses gravitate to ‘passwordless’ authentication — widespread consumer use up next

The Last Watchdog

Google, Microsoft and Apple are bitter arch-rivals who don’t often see eye-to-eye. Related: Microsoft advocates regulation of facial recognition tools. Yet, the tech titans recently agreed to adopt a common set of standards supporting passwordless access to websites and apps.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

What’s the Latest on Cyber Talent and Staffing Shortages?

Lohrman on Security

The topic of cyber staffing shortages is a hot issue that has grown hotter during the pandemic. So what are some of the latest trends, newer perspectives and opportunities available

148
148

DevSecOps glossary: 24 terms security professionals need to know

Tech Republic Security

The world of cybersecurity is constantly changing. Improve your DevSecOps knowledge with these critical concepts. The post DevSecOps glossary: 24 terms security professionals need to know appeared first on TechRepublic. Developer Security devsecops glossary security

How Preparation and Strategy Can Be Used to Fight and Defeat Any Ransomware Attack

Speaker: Karl Camilleri, Cloud Services Product Manager at phoenixNAP

Through a detailed analysis of major attacks and their consequences, Karl Camilleri, Cloud Services Product Manager at phoenixNAP, will discuss the state of ransomware and future predictions, as well as provide best practices for attack prevention and recovery.

Malware-Infested Smart Card Reader

Schneier on Security

Brian Krebs has an interesting story of a smart ID card reader with a malware-infested Windows driver, and US government employees who inadvertently buy and use them.

GUEST ESSAY: Why organizations need to prepare for cyber attacks fueled by quantum computers

The Last Watchdog

In today’s times, we are more aware of cyberattacks as these have become front-page news. We most recently witnessed this as Russia invaded Ukraine. Cyberattacks were used as the first salvo before any bullet or missile was fired. Related: The role of post-quantum encryption.

More Trending

ChromeLoader Malware Hijacks Browsers With ISO Files

Dark Reading

The malware’s abuse of PowerShell makes it more dangerous, allowing for more advanced attacks such as ransomware, fileless malware, and malicious code memory injections

Forging Australian Driver’s Licenses

Schneier on Security

The New South Wales digital driver’s license has multiple implementation flaws that allow for easy forgeries. This file is encrypted using AES-256-CBC encryption combined with Base64 encoding.

GUEST ESSAY: Deploying ‘XDR’ can help companies avoid the security ‘vendor-silo’ trap

The Last Watchdog

According to recent data from Oracle and KPMG, organizations today employ over 100 cybersecurity products to secure their environments. These products play essential roles in detecting and preventing threats. Related: Taking a ‘risk-base’ approach to security compliance. However, because they generate thousands of alerts every day , this vast sprawl of security sources adds even more work to already over-stretched security teams. It could create a cybersecurity ticking time bomb.

ERMAC 2.0 Android Banking Trojan targets over 400 apps

Security Affairs

A new version of the ERMAC Android banking trojan is able to target an increased number of apps. The ERMAC Android banking trojan version 2.0 can target an increasing number of applications, passing from 378 to 467 target applications to steal account credentials and crypto-wallets.

Cover Your SaaS: How to Overcome Security Challenges and Risks For Your Organization

Speaker: Ronald Eddings, Cybersecurity Expert and Podcaster

In this webinar, Ronald Eddings, Cybersecurity Expert, will outline the relationship between SaaS apps and IT & security teams, along with several actionable solutions to overcome the new difficulties facing your organization.

Top Ten Most Cumbersome Website Infections to Remove in 2021

Security Boulevard

In today’s post we’re going to be going over the top ten most cumbersome website infections to remove, based on the sheer number of files or database entries that they infected on compromised client sites during 2021.

The Justice Department Will No Longer Charge Security Researchers with Criminal Hacking

Schneier on Security

Following a recent Supreme Court ruling , the Justice Department will no longer prosecute “good faith” security researchers with cybercrimes: The policy for the first time directs that good-faith security research should not be charged.

MY TAKE: ‘Digital trust’ has a huge role to play mitigating cybersecurity threats, going forward

The Last Watchdog

Modern digital systems simply could not exist without trusted operations, processes and connections. They require integrity, authentication, trusted identity and encryption. Related: Leveraging PKI to advance electronic signatures. It used to be that trusting the connection between a workstation and a mainframe computer was the main concern. Then the Internet took off and trusting the connection between a user’s device and a web server became of paramount importance.

Experts released PoC exploit code for critical VMware CVE-2022-22972 flaw

Security Affairs

Security researchers released PoC exploit code for the critical authentication bypass vulnerability CVE-2022-22972 affecting multiple VMware products.

How to Avoid the Pain and Cost of PCI Compliance While Optimizing Payments

Speaker: P. Andrew Sjogren, Sr. Product Marketing Manager at Very Good Security, Matt Doka, Co-Founder and CTO of Fivestars, and Steve Andrews, President & CEO of the Western Bankers Association 

In this webinar, we have a great set of panelists who will take you through how Zero Data strategies can be used as part of a well-rounded compliance and security approach, and get you to market much sooner by also allowing for payment optimization. They’ll share how to grow your business faster and minimize costs for both security and compliance

How to develop competency in cyber threat intelligence capabilities

Tech Republic Security

Starting from scratch or maturing a cyber threat intelligence capability is a task that needs several different people with very different skills and competencies. Read more on what competencies can build and make CTI capability a success.

Experts Detail New RCE Vulnerability Affecting Google Chrome Dev Channel

The Hacker News

Details have emerged about a recently patched critical remote code execution vulnerability in the V8 JavaScript and WebAssembly engine used in Google Chrome and Chromium-based browsers.

Proton Is Trying to Become Google—Without Your Data

WIRED Threat Level

The encrypted-email company, popular with security-conscious users, has a plan to go mainstream. Security Security / Privacy Security / Security News

GhostTouch: how to remotely control touchscreens with EMI

Security Affairs

Security researchers devised a technique, dubbed GhostTouch, to remotely control touchscreens using electromagnetic signals.

Back to the Office: Privacy and Security Solutions to Compliance Issues for 2021 and Beyond

Speaker: Mike Cramer, Director of HIPAA & Data Security at The Word & Brown Companies

Now that companies are slowly allowing employees to return to work at the office, it's time to re-evaluate your company’s posture towards privacy and security. Join Mike Cramer, Director of HIPAA & Data Security at The Word & Brown Companies, for a discussion that will focus on compliance and the types of privacy and security measures your company should be aware of, as well as tips and methods for implementing these measures.

How Cisco Duo Is Simplifying Secure Access for Organizations Around the World

Cisco CSR

At Cisco Duo, we continually strive to enhance our products to make it easy for security practitioners to apply access policies based on the principles of zero trust.

Retail 113

Lumos System Can Find Hidden Cameras and IoT Devices in Your Airbnb or Hotel Room

The Hacker News

A group of academics has devised a system that can be used on a phone or a laptop to identify and locate Wi-Fi-connected hidden IoT devices in unfamiliar physical spaces.

IoT 114

Act Now: Leveraging PCI Compliance to Improve Security

Dark Reading

Let the threat landscape guide your company's timeline for complying with new data security standards for credit cards. Use the phase-in time to improve security overall — security as a process — not just comply with new standards

112
112

Oracle bolsters its Cloud Security capabilities

CyberSecurity Insiders

Oracle has bolstered its Cloud Infrastructure with five new capabilities in order to protect its customers against attacks on cloud applications and data assets. The software giant will enhance its cloud native firewall service to enhance Oracle Cloud Guard and Oracle Security Zones.

Get More from Your Cybersecurity Spend When Inflation Rates Climb

Cisco CSR

Find out how you can stretch your organization’s security budget amidst inflation and its economic impacts. No one could have predicted the lasting effects of the pandemic on our economy.

Retail 112

New Zoom Flaws Could Let Attackers Hack Victims Just by Sending them a Message

The Hacker News

Popular video conferencing service Zoom has resolved as many as four security vulnerabilities, which could be exploited to compromise another user over chat by sending specially crafted Extensible Messaging and Presence Protocol (XMPP) messages and execute malicious code.

Critical Microsoft vulnerabilities decreased 47% in 2021

Tech Republic Security

Only 104 critical vulnerabilities were reported in 2021, an all-time low for the world’s largest software company. The post Critical Microsoft vulnerabilities decreased 47% in 2021 appeared first on TechRepublic. Microsoft Security

Ransomware Attack Leads to a data breach at Chicago Public Schools

CyberSecurity Insiders

A ransomware attack has led to the leak of personal information of students and staff at the Chicago Public Schools(CPS) and information is out that the incident which took place in December last year was revealed to the public on April 25th this year.

Chaining Zoom bugs is possible to hack users in a chat by sending them a message

Security Affairs

Security flaws in Zoom can be exploited to compromise another user over chat by sending specially crafted messages.

The Myths of Ransomware Attacks and How To Mitigate Risk

The Hacker News

Today's modern companies are built on data, which now resides across countless cloud apps. Therefore preventing data loss is essential to your success.

Risk 111

Revisiting the Session: The Potential for Shared Signals

Cisco CSR

Sometimes in order to move forward effectively, it’s good to take stock of where we’ve been. In this blog, we’ll review a concept that has been foundational to networking and cybersecurity from the beginning: the session. Why focus on the session?

Retail 109

Twitter to pay $150m penalty for user data protection failure

CyberSecurity Insiders

Social media giant Twitter has been asked to pay a penalty of $150 million by the federal trade commission for failing to protect its user data over a 6-year span. The Financial implication will be redeemed by FTC and the Justice Department on a joint note.

Italy announced its National Cybersecurity Strategy 2022/26

Security Affairs

Italy announced its National Cybersecurity Strategy for 2022/26, a crucial document to address cyber threats and increase the resilience of the country.

Experts Warn of Rise in ChromeLoader Malware Hijacking Users' Browsers

The Hacker News

A malvertising threat is witnessing a new surge in activity since its emergence earlier this year.

Voice phishing attacks reach all-time high

Tech Republic Security

A study conducted by Agari and PhishLabs found a five-times increase in attempted vishing attacks from the beginning of 2021 to Q1 of 2022. The post Voice phishing attacks reach all-time high appeared first on TechRepublic. Security