Lohrman on Security
JANUARY 8, 2023
There are dark clouds on the horizon as well as conflicting forecasts regarding cyber insurance in 2023 and beyond. Where will the insurance market go from here on cybersecurity coverage?
Krebs on Security
JANUARY 9, 2023
Identity thieves have been exploiting a glaring security weakness in the website of Experian , one of the big three consumer credit reporting bureaus. Normally, Experian requires that those seeking a copy of their credit report successfully answer several multiple choice questions about their financial history. But until the end of 2022, Experian’s website allowed anyone to bypass these questions and go straight to the consumer’s report.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Schneier on Security
JANUARY 9, 2023
The two people who shut down four Washington power stations in December were arrested. This is the interesting part: Investigators identified Greenwood and Crahan almost immediately after the attacks took place by using cell phone data that allegedly showed both men in the vicinity of all four substations, according to court documents. Nowadays, it seems like an obvious thing to do—although the search is probably unconstitutional.
Joseph Steinberg
JANUARY 10, 2023
Cyber Security Expert, Joseph Steinberg, who joined Newsweek’s Expert Forum in 2021, will continue serving as a member of the premier news organization’s council in 2023. In 2021, Newsweek invited Steinberg to join its community of pioneering thinkers and industry leaders, and to provide the news outlet with input related to his various areas of expertise, including cybersecurity, privacy, and artificial intelligence.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Tech Republic Security
JANUARY 10, 2023
Only 25% of the organizations surveyed by Delinea were hit by ransomware attacks in 2022, but fewer companies are taking proactive steps to prevent such attacks. The post Ransomware attacks are decreasing, but companies remain vulnerable appeared first on TechRepublic.
Krebs on Security
JANUARY 10, 2023
Microsoft today released updates to fix nearly 100 security flaws in its Windows operating systems and other software. Highlights from the first Patch Tuesday of 2023 include a zero-day vulnerability in Windows, printer software flaws reported by the U.S. National Security Agency , and a critical Microsoft SharePoint Server bug that allows a remote, unauthenticated attacker to make an anonymous connection.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Security Boulevard
JANUARY 13, 2023
Linanto’s popular web hosting control panel, CWP, has a nasty flaw. It’s easily exploitable—in fact, it’s being exploited RIGHT NOW. The post Yikes, Control Web Panel has Critical RCE — Patch NOW appeared first on Security Boulevard.
Tech Republic Security
JANUARY 12, 2023
A publication from Microsoft that was taken down January 6 warns about four ransomware families affecting macOS devices. Much of the report closely resembles research published in July by Patrick Wardle. The post Microsoft retracts its report on Mac ransomware appeared first on TechRepublic.
Bleeping Computer
JANUARY 13, 2023
Microsoft has addressed a false positive triggered by a buggy Microsoft Defender ASR rule that would delete application shortcuts from the desktop, the Start menu, and the taskbar and, in some cases, render existing shortcuts unusable as they couldn't be used to launch the linked apps. [.].
We Live Security
JANUARY 10, 2023
ESET researchers identified an active StrongPity campaign distributing a trojanized version of the Android Telegram app, presented as the Shagle app – a video-chat service that has no app version. The post StrongPity espionage campaign targeting Android users appeared first on WeLiveSecurity.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
CyberSecurity Insiders
JANUARY 9, 2023
By Scott Gordon, CISSP, Oomnitza . Technology oversight is a common mandate across IT and security frameworks and compliance specifications, but achieving that oversight is difficult. The rise of hybrid workplaces, shadow IT/DevOps, and cloud infrastructure dynamics continue to create cybersecurity risks. SecOps, Governance Risk and Compliance (GRC) and ITOps teams use wide variety of tools and operational data to mitigate security posture exposures and fortify business resiliency, yet audit re
Tech Republic Security
JANUARY 11, 2023
The training covers Docker, Splunk and AWS as you work toward CCSP certification. The post Explore information security with 97% off this huge course bundle appeared first on TechRepublic.
Security Boulevard
JANUARY 9, 2023
The Consumer Electronics Show wrapped up yesterday. But some vendors faced stiff criticism over their privacy and security stances. The post CES 2023 FAIL: Worst in Show for Security and Privacy appeared first on Security Boulevard.
We Live Security
JANUARY 12, 2023
ESET Research announces IPyIDA 2.0, a Python plugin integrating IPython and Jupyter Notebook into IDA. The post Introducing IPyIDA: A Python plugin for your reverse‑engineering toolkit appeared first on WeLiveSecurity.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Cisco Security
JANUARY 11, 2023
It’s been my pleasure to work alongside the Centre for Information Policy Leadership (CIPL) for over a decade to advocate for privacy to be respected as a fundamental human right and managed by organizations as a business imperative. CIPL works with industry leaders, regulators, and policymakers to deliver leading practices and solutions for privacy and responsible data use around the world.
Graham Cluley
JANUARY 11, 2023
The experts at security firm Bitdefender have released a universal decryptor for victims of the MegaCortex family of ransomware, which is estimated to have caused more than 1800 infections - mostly of businesses.
Security Boulevard
JANUARY 9, 2023
The ongoing rise in open source vulnerabilities and software supply chain attacks is leaving organizations vulnerable to attack and causing greater challenges for security teams, according to Mend’s open source risk survey of nearly 1,000 North American companies. The report found open source vulnerabilities are outstripping the growth of open source software.
We Live Security
JANUARY 9, 2023
Learning meets fun at the 2022 SANS Holiday Hack Challenge – strap yourself in for a crackerjack ride at the North Pole as I foil Grinchum's foul plan and recover the five golden rings. The post Cracked it! Highlights from KringleCon 5: Golden Rings appeared first on WeLiveSecurity.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Bleeping Computer
JANUARY 10, 2023
Today is Microsoft's January 2023 Patch Tuesday, and with it comes fixes for an actively exploited zero-day vulnerability and a total of 98 flaws. [.].
CSO Magazine
JANUARY 13, 2023
The Royal ransomware group is believed to be actively exploiting a critical security flaw affecting Citrix systems, according to the cyber research team at cyber insurance provider At-Bay. Announced by Citrix on November 8, 2022, the vulnerability, identified as CVE-2022-27510 , allows for the potential bypass of authentication measures on two Citrix products: the Application Delivery Controller (ADC) and Gateway.
Security Boulevard
JANUARY 9, 2023
Software dominates the world and remains a big and accessible attack surface. In 2022, an estimated $6B was invested in Application Security, with that number expected to reach $7.5B in 2023. Within AppSec, software supply chain security entered the spotlight two years ago and represents AppSec’s fastest growing attack category with major headlines of breaches and exploits happening on a regular basis.
We Live Security
JANUARY 11, 2023
A new law portends a future where (we hope) it will be easier for us all to repair, fix, upgrade, and just tinker with things we already own. The post Now you can legally repair your tech – sort of appeared first on WeLiveSecurity.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Cisco Security
JANUARY 10, 2023
I am excited to announce the release of Cisco’s annual flagship cybersecurity report, the Security Outcomes Report, Volume 3: Achieving Security Resilience. It’s about preparing, adapting, and overcoming security challenges and threats, and an organisation’s ability to respond and emerge stronger.It’s the organization’s ability to respond to the inevitable attacks and unexpected events that come our way.
CSO Magazine
JANUARY 11, 2023
Security researchers have used the GPT-3 natural language generation model and the ChatGPT chatbot based on it to show how such deep learning models can be used to make social engineering attacks such as phishing or business email compromise scams harder to detect and easier to pull off. The study, by researchers with security firm WithSecure, demonstrates that not only can attackers generate unique variations of the same phishing lure with grammatically correct and human-like written text, but
Security Boulevard
JANUARY 10, 2023
As APIs are increasingly used in app development, it should come as no surprise that threat actors have turned them into attack vectors. In fact, Gartner predicted that APIs would become the top attack vector in 2022, stating, “Unmanaged and unsecured APIs are easy targets for attacks, increasing vulnerability to security and privacy incidents.” Other.
Bleeping Computer
JANUARY 11, 2023
A financially motivated threat actor tracked as Scattered Spider was observed attempting to deploy Intel Ethernet diagnostics drivers in a BYOVD (Bring Your Own Vulnerable Driver) attack to evade detection from EDR (Endpoint Detection and Response) security products. [.].
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
CyberSecurity Insiders
JANUARY 11, 2023
As the maritime sector has become extremely dependent on technology tools, it is also attracting the attention of cyber criminals who are finding it as a lucrative target to mint money. Adding fuel to this are the vulnerabilities being observed in the system visibility tools that are being deployed because of OT/IT convergence. Although such automated tools help to cut down cyber risks, they also create complex visibility hiccups because of a shortage for the trained workforce.
Cisco Security
JANUARY 10, 2023
As the majority of the global Covid fog finally started lifting in 2022, other events – and their associated risks – started to fill the headspace of C-level execs the world over. In my role, I regularly engage with CISOs in all kinds of sectors, representatives at industry bodies, and experts at analyst houses. This gives me an invaluable macroview not only of how the last 12 months have affected organizations and what CISOs are thinking about, but also how the upcoming year is shaping up.
Security Boulevard
JANUARY 10, 2023
Following a security incident, CircleCI has completed the process of rotating GitHub OAuth tokens for their customers. CircleCI said Saturday that while customers could still rotate their own tokens, it has “confidence in the security of the CircleCI platform, and customers can continue to build.” The platform first sent out an alert on January 4, The post CircleCI Rotates GitHub 0Auth Tokens After Security Incident appeared first on Security Boulevard.
CSO Magazine
JANUARY 11, 2023
The Scattered Spider cybercrime group has recently been observed attempting to deploy a malicious kernel driver using a tactic called bring your own vulnerable driver (BYOVD) — a warning to security professionals that the technique, which exploits longstanding deficiencies in Windows kernel protections, is still being employed by cybercriminals, according to cybersecurity company CrowdStrike.
Speaker: William Hord, Vice President of ERM Services
A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.
Expert insights. Personalized for you.
260 
Let's personalize your content