Sat.Jan 07, 2023 - Fri.Jan 13, 2023

article thumbnail

Are Cyber Attacks at Risk of Becoming 'Uninsurable'?

Lohrman on Security

There are dark clouds on the horizon as well as conflicting forecasts regarding cyber insurance in 2023 and beyond. Where will the insurance market go from here on cybersecurity coverage?

article thumbnail

Identity Thieves Bypassed Experian Security to View Credit Reports

Krebs on Security

Identity thieves have been exploiting a glaring security weakness in the website of Experian , one of the big three consumer credit reporting bureaus. Normally, Experian requires that those seeking a copy of their credit report successfully answer several multiple choice questions about their financial history. But until the end of 2022, Experian’s website allowed anyone to bypass these questions and go straight to the consumer’s report.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Identifying People Using Cell Phone Location Data

Schneier on Security

The two people who shut down four Washington power stations in December were arrested. This is the interesting part: Investigators identified Greenwood and Crahan almost immediately after the attacks took place by using cell phone data that allegedly showed both men in the vicinity of all four substations, according to court documents. Nowadays, it seems like an obvious thing to do—although the search is probably unconstitutional.

article thumbnail

Weekly Update 330

Troy Hunt

Big week! So big, in fact, that I rushed into this week's update less prepared and made it a very casual one, which is just fine 😊 It's mostly password books and kitchen equipment this week, both topics which had far more engagement than I expected but made them all the more interesting. Next week I'll get back into the pattern of switching between last thing Friday and first thing Friday so it'll be my morning again on the 20th, see you then!

Passwords 247
article thumbnail

How to Avoid Pitfalls In Automation: Keep Humans In the Loop

Speaker: Erroll Amacker

Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.

article thumbnail

Cyber Security Expert Joseph Steinberg To Continue Serving On Newsweek Expert Forum In 2023

Joseph Steinberg

Cyber Security Expert, Joseph Steinberg, who joined Newsweek’s Expert Forum in 2021, will continue serving as a member of the premier news organization’s council in 2023. In 2021, Newsweek invited Steinberg to join its community of pioneering thinkers and industry leaders, and to provide the news outlet with input related to his various areas of expertise, including cybersecurity, privacy, and artificial intelligence.

article thumbnail

Microsoft Patch Tuesday, January 2023 Edition

Krebs on Security

Microsoft today released updates to fix nearly 100 security flaws in its Windows operating systems and other software. Highlights from the first Patch Tuesday of 2023 include a zero-day vulnerability in Windows, printer software flaws reported by the U.S. National Security Agency , and a critical Microsoft SharePoint Server bug that allows a remote, unauthenticated attacker to make an anonymous connection.

Software 312

LifeWorks

More Trending

article thumbnail

GUEST ESSAY: In pursuit of smarter cybersecurity — to overcome complex risks and grow revenue

The Last Watchdog

In golf there’s a popular saying: play the course, not your opponent. Related: How ‘CAASM’ closes gaps. In an enterprise, it’s the same rule. All areas of an organization need to be free to “play their own game.”. And when malware, ransomware, or other cyber threats get in the way, the focus shifts from forward progress to focused co-operation.

Risk 214
article thumbnail

Ransomware attacks are decreasing, but companies remain vulnerable

Tech Republic Security

Only 25% of the organizations surveyed by Delinea were hit by ransomware attacks in 2022, but fewer companies are taking proactive steps to prevent such attacks. The post Ransomware attacks are decreasing, but companies remain vulnerable appeared first on TechRepublic.

article thumbnail

Yikes, Control Web Panel has Critical RCE — Patch NOW

Security Boulevard

Linanto’s popular web hosting control panel, CWP, has a nasty flaw. It’s easily exploitable—in fact, it’s being exploited RIGHT NOW. The post Yikes, Control Web Panel has Critical RCE — Patch NOW appeared first on Security Boulevard.

article thumbnail

Threats of Machine-Generated Text

Schneier on Security

With the release of ChatGPT, I’ve read many random articles about this or that threat from the technology. This paper is a good survey of the field: what the threats are, how we might detect machine-generated text, directions for future research. It’s a solid grounding amongst all of the hype. Machine Generated Text: A Comprehensive Survey of Threat Models and Detection Methods.

article thumbnail

Why Giant Content Libraries Do Nothing for Your Employees’ Cyber Resilience

Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.

article thumbnail

GUEST ESSAY: How ‘DPIAs” — data privacy impact assessments — can lead SMBs to compliance

The Last Watchdog

As the world becomes more digital and connected, it is no surprise that data privacy and security is a growing concern for small to medium sized businesses — SMBs. Related: GDPR sets new course for data privacy. Large corporations tend to have the resources to deal with compliance issues. However, SMBs have can struggle with the expense and execution of complying with data security laws in many countries.

article thumbnail

Microsoft retracts its report on Mac ransomware

Tech Republic Security

A publication from Microsoft that was taken down January 6 warns about four ransomware families affecting macOS devices. Much of the report closely resembles research published in July by Patrick Wardle. The post Microsoft retracts its report on Mac ransomware appeared first on TechRepublic.

article thumbnail

Buggy Microsoft Defender ASR rule deletes Windows app shortcuts

Bleeping Computer

Microsoft has addressed a false positive triggered by a buggy Microsoft Defender ASR rule that would delete application shortcuts from the desktop, the Start menu, and the taskbar and, in some cases, render existing shortcuts unusable as they couldn't be used to launch the linked apps. [.].

145
145
article thumbnail

Experian Privacy Vulnerability

Schneier on Security

Brian Krebs is reporting on a vulnerability in Experian’s website: Identity thieves have been exploiting a glaring security weakness in the website of Experian, one of the big three consumer credit reporting bureaus. Normally, Experian requires that those seeking a copy of their credit report successfully answer several multiple choice questions about their financial history.

article thumbnail

Zero Trust Mandate: The Realities, Requirements and Roadmap

The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.

article thumbnail

Realizing the Value of Privacy Investment

Cisco Security

It’s been my pleasure to work alongside the Centre for Information Policy Leadership (CIPL) for over a decade to advocate for privacy to be respected as a fundamental human right and managed by organizations as a business imperative. CIPL works with industry leaders, regulators, and policymakers to deliver leading practices and solutions for privacy and responsible data use around the world.

article thumbnail

Explore information security with 97% off this huge course bundle

Tech Republic Security

The training covers Docker, Splunk and AWS as you work toward CCSP certification. The post Explore information security with 97% off this huge course bundle appeared first on TechRepublic.

article thumbnail

Free decryptor for victims of MegaCortex ransomware released

Graham Cluley

The experts at security firm Bitdefender have released a universal decryptor for victims of the MegaCortex family of ransomware, which is estimated to have caused more than 1800 infections - mostly of businesses.

article thumbnail

StrongPity espionage campaign targeting Android users

We Live Security

ESET researchers identified an active StrongPity campaign distributing a trojanized version of the Android Telegram app, presented as the Shagle app – a video-chat service that has no app version. The post StrongPity espionage campaign targeting Android users appeared first on WeLiveSecurity.

145
145
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Achieving Security Resilience: Findings from the Security Outcomes Report, Vol 3

Cisco Security

I am excited to announce the release of Cisco’s annual flagship cybersecurity report, the Security Outcomes Report, Volume 3: Achieving Security Resilience. It’s about preparing, adapting, and overcoming security challenges and threats, and an organisation’s ability to respond and emerge stronger.It’s the organization’s ability to respond to the inevitable attacks and unexpected events that come our way.

article thumbnail

BCDR Buyer’s Guide For MSPs

Tech Republic Security

When a client’s server goes down or is compromised in a cyberattack, managed service providers (MSPs) need an effective business continuity and disaster recovery (BCDR) solution to restore data and operations quickly, without sacrificing margin. That means industry-leading recovery technology from a vendor that is there to support you, no matter what.

article thumbnail

Post-ransomware attack, The Guardian warns staff their personal data was accessed

Graham Cluley

Three weeks after The Guardian newspaper was hit by a ransomware attack, it warns staff members that their personal data was accessed.

article thumbnail

Introducing IPyIDA: A Python plugin for your reverse?engineering toolkit

We Live Security

ESET Research announces IPyIDA 2.0, a Python plugin integrating IPython and Jupyter Notebook into IDA. The post Introducing IPyIDA: A Python plugin for your reverse‑engineering toolkit appeared first on WeLiveSecurity.

article thumbnail

Next-Level Fraud Prevention: Strategies for Today’s Threat Landscape

Speaker: Sierre Lindgren

Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.

article thumbnail

Accelerate XDR Outcomes with NDR and EDR

Cisco Security

Cybersecurity attacks complication and damaging impact are always keeping SOC analyst at their edge. Extended Detection and Response (XDR) solutions tend to simplify for Sam, a SOC analyst, his job by simplifying the workflow and process that involve the lifecycle of a threat investigation from detection to response. In this post we will explore how SecureX, Secure Cloud Analytics (NDR), Secure Endpoint (EDR) with their seamless integration accelerate the ability to achieve XDR outcomes. .

article thumbnail

Forging the Path to Continuous Audit Readiness

CyberSecurity Insiders

By Scott Gordon, CISSP, Oomnitza . Technology oversight is a common mandate across IT and security frameworks and compliance specifications, but achieving that oversight is difficult. The rise of hybrid workplaces, shadow IT/DevOps, and cloud infrastructure dynamics continue to create cybersecurity risks. SecOps, Governance Risk and Compliance (GRC) and ITOps teams use wide variety of tools and operational data to mitigate security posture exposures and fortify business resiliency, yet audit re

article thumbnail

CES 2023 FAIL: Worst in Show for Security and Privacy

Security Boulevard

The Consumer Electronics Show wrapped up yesterday. But some vendors faced stiff criticism over their privacy and security stances. The post CES 2023 FAIL: Worst in Show for Security and Privacy appeared first on Security Boulevard.

article thumbnail

Microsoft January 2023 Patch Tuesday fixes 98 flaws, 1 zero-day

Bleeping Computer

​Today is Microsoft's January 2023 Patch Tuesday, and with it comes fixes for an actively exploited zero-day vulnerability and a total of 98 flaws. [.].

140
140
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Nine Top of Mind Issues for CISOs Going Into 2023

Cisco Security

As the majority of the global Covid fog finally started lifting in 2022, other events – and their associated risks – started to fill the headspace of C-level execs the world over. In my role, I regularly engage with CISOs in all kinds of sectors, representatives at industry bodies, and experts at analyst houses. This gives me an invaluable macroview not only of how the last 12 months have affected organizations and what CISOs are thinking about, but also how the upcoming year is shaping up.

CISO 142
article thumbnail

Attackers Are Already Exploiting ChatGPT to Write Malicious Code

Dark Reading

The AI-based chatbot is allowing bad actors with absolutely no coding experience to develop malware.

Malware 139
article thumbnail

Security Teams Failing to Address Open Source Vulnerabilities 

Security Boulevard

The ongoing rise in open source vulnerabilities and software supply chain attacks is leaving organizations vulnerable to attack and causing greater challenges for security teams, according to Mend’s open source risk survey of nearly 1,000 North American companies. The report found open source vulnerabilities are outstripping the growth of open source software.

Software 139
article thumbnail

Security risk assessment checklist

Tech Republic Security

Organizations, regardless of size, face ever-increasing information technology and data security threats. Everything from physical sites to data, applications, networks and systems are under attack. Worse, neither an organization nor its managers need to prove prominent or controversial to prove a target. Automated and programmatic robotic attacks seek weaknesses, then exploit vulnerabilities when detected.

Risk 136
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!