Sat.Oct 22, 2022 - Fri.Oct 28, 2022

Cybersecurity Event Cancelled After Being Hit By Cybercriminals

Joseph Steinberg

An online cybersecurity event with 2,500 people already logged in had to be cancelled after suspected cybercriminals launched a social engineering attack in the event’s chat window.

Critical Vulnerability in Open SSL

Schneier on Security

There are no details yet, but it’s really important that you patch Open SSL 3.x when the new version comes out on Tuesday. How bad is “Critical”? According to OpenSSL, an issue of critical severity affects common configurations and is also likely exploitable.

232
232
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Big Changes are Afoot: Expanding and Enhancing the Have I Been Pwned API

Troy Hunt

Just over 3 years ago now, I sat down at a makeshift desk (ok, so it was a kitchen table) in an Airbnb in Olso and built the authenticated API for Have I Been Pwned (HIBP).

FIRESIDE CHAT: Timely employee training, targeted testing needed to quell non-stop phishing

The Last Watchdog

Humans are rather easily duped. And this is the fundamental reason phishing persists as a predominant cybercriminal activity. Related: How MSSPs help secure business networks. Tricking someone into clicking to a faked landing page and typing in their personal information has become an ingrained pitfall of digital commerce. The deleterious impact on large enterprises and small businesses alike has been – and continues to be — profound.

Successful Change Management with Enterprise Risk Management

Speaker: William Hord, Vice President of ERM Services

Join us as we discuss the various tangents of data and the change management process that will help you make better risk-based business decisions to save time and money for your organization.

What Should CISOs Prioritize In A Volatile Landscape?: A Webinar With Top CyberSecurity Columnist Joseph Steinberg

Joseph Steinberg

Have you been prioritizing Detection and Response over Protection when it comes to your cybersecurity strategy? All three, of course, are key pillars of the NIST cybersecurity framework – so, why are you prioritizing two of them over the third?

CISO 160

Australia Increases Fines for Massive Data Breaches

Schneier on Security

After suffering two large, and embarrassing, data breaches in recent weeks, the Australian government increased the fine for serious data breaches from $2.2 million to a minimum of $50 million. That’s $50 million AUD, or $32 million USD.). This is a welcome change.

More Trending

GUEST ESSAY: Sure steps to achieve a robust employee cybersecurity awareness training regimen

The Last Watchdog

Employee security awareness is the most important defense against data breaches. Related: Leveraging security standards to protect your company. It involves regularly changing passwords and inventorying sensitive data. Cybercriminals view employees as a path of least resistance. As such, you should limit the amount of information that employees have access to. There are several ways you can protect your business from data breaches. Create security awareness for employees.

OpenSSL ‘CRITICAL’ Bug — Sky Falling — Patch Hits 11/1

Security Boulevard

OpenSSL has a new ‘critical’ bug. But it’s a secret until next month. The post OpenSSL ‘CRITICAL’ Bug — Sky Falling — Patch Hits 11/1 appeared first on Security Boulevard.

CISA says hospitals should be wary of new Daixin Team Ransomware

CyberSecurity Insiders

United States Cybersecurity and Infrastructure Security Agency(CISA) has issued an advisory to all hospitals and healthcare providers about a new ransomware dubbed ‘Daixin Team’ doing rounds on the internet.

Secure Your Hybrid Workforce Using These SOC Best Practices

Cisco CSR

Hybrid Workforce is here to stay. Just a few years ago when the topic of supporting offsite workers arose, some of the key conversation topics were related to purchase, logistics, deployment, maintenance and similar issues.

Cover Your SaaS: How to Overcome Security Challenges and Risks For Your Organization

Speaker: Ronald Eddings, Cybersecurity Expert and Podcaster

In this webinar, Ronald Eddings, Cybersecurity Expert, will outline the relationship between SaaS apps and IT & security teams, along with several actionable solutions to overcome the new difficulties facing your organization.

2022 cyber threat report details growing trends

Tech Republic Security

SonicWall’s mid-year report update has been released with new information on malware, ransomware, cryptojacking and more. The post 2022 cyber threat report details growing trends appeared first on TechRepublic. Security cyber threat malware ransomware

Weekly Update 318

Troy Hunt

Aussie breachapalooza! That what it feels like this week between Optus (ok, it was weeks ago but it's still in the news), Vinomofo, My Deal and the mother of all of them (at least as far as media interest goes), Medibank. That last one totally smashed my week out with unprecedented press enquiries, so is it any wonder I totally missed the Microsoft one?

Employees leaving jobs because of Cyber Attacks

CyberSecurity Insiders

Encore, a security stack management business held a survey recently and found that employees will leave their jobs on a respective note as their business firm has fallen victim to a cyber attack.

Why the Math Around Adaptive AI is Painful

Security Boulevard

Why the Math Around Adaptive AI is Painful. Artificial intelligence (AI) is expensive. Companies driving costs down while investing in digital transformations to become more agile, lean, and profitable, I get the physics! Just don’t look too deep into it yet.

How Preparation and Strategy Can Be Used to Fight and Defeat Any Ransomware Attack

Speaker: Karl Camilleri, Cloud Services Product Manager at phoenixNAP

Through a detailed analysis of major attacks and their consequences, Karl Camilleri, Cloud Services Product Manager at phoenixNAP, will discuss the state of ransomware and future predictions, as well as provide best practices for attack prevention and recovery.

Thomson Reuters collected and leaked at least 3TB of sensitive data

Security Affairs

The multinational media conglomerate Thomson Reuters left a database with sensitive customer and corporate data exposed online. Original post at [link].

IoT 106

Talking IoT Security at the White House

Cisco CSR

Last week, I was privileged to participate in an important national summit on IoT Security convened by Anne Neuberger, Deputy National Security Advisor for Cyber and Emerging Technologies. .

IoT 104

Adoption of Secure Cloud Services in Critical Infrastructure

CyberSecurity Insiders

Adoption of cloud services, whether consumed as 3 rd party services provided by various vendors or in the form in-house developed software and/or services leveraging Platform-as-a-Service (PaaS) from major Cloud Service Providers (CSPs) has been steadily on the rise in critical infrastructure (CI) related industries [i].

What Cybersecurity Professionals Can Learn from First Responders

Security Boulevard

We’re almost at the end of Cybersecurity Awareness Month. For me, working in the cybersecurity space truly is a rewarding experience. It has been more than just a job or even a career. Working with solutions that protect companies from cyberattacks makes me proud.

How to Avoid the Pain and Cost of PCI Compliance While Optimizing Payments

Speaker: P. Andrew Sjogren, Sr. Product Marketing Manager at Very Good Security, Matt Doka, Co-Founder and CTO of Fivestars, and Steve Andrews, President & CEO of the Western Bankers Association 

In this webinar, we have a great set of panelists who will take you through how Zero Data strategies can be used as part of a well-rounded compliance and security approach, and get you to market much sooner by also allowing for payment optimization. They’ll share how to grow your business faster and minimize costs for both security and compliance

Apple backports fixes for CVE-2022-42827 zero-day to older iPhones, iPads

Security Affairs

Apple released updates to backport the recently released security patches for CVE-2022-42827 zero-day to older iPhones and iPads.

Ransomware Barrage Aimed at US Healthcare Sector, Feds Warn

Dark Reading

A CISA advisory warns that the Daixin Team ransomware group has put the US healthcare system in its crosshairs for data extortion, and provides tools to fight back

LinkedIn added new security features to weed out fraud and fake profiles

CyberSecurity Insiders

LinkedIn is a professional social media platform where learnt people interact to take their businesses to next level.

GUEST ESSAY: Sure steps to achieve a robust employee cybersecurity awareness training regimen

Security Boulevard

Employee security awareness is the most important defense against data breaches. Related: Leveraging security standards to protect your company. It involves regularly changing passwords and inventorying sensitive data. Cybercriminals view employees as a path of least resistance.

Back to the Office: Privacy and Security Solutions to Compliance Issues for 2021 and Beyond

Speaker: Mike Cramer, Director of HIPAA & Data Security at The Word & Brown Companies

Now that companies are slowly allowing employees to return to work at the office, it's time to re-evaluate your company’s posture towards privacy and security. Join Mike Cramer, Director of HIPAA & Data Security at The Word & Brown Companies, for a discussion that will focus on compliance and the types of privacy and security measures your company should be aware of, as well as tips and methods for implementing these measures.

OpenSSL to fix the second critical flaw ever

Security Affairs

The OpenSSL Project announced an upcoming update to address a critical vulnerability in the open-source toolkit. The OpenSSL Project announced that it is going to release updates to address a critical vulnerability in the open-source toolkit.

Cybersecurity Risks & Stats This Spooky Season

Dark Reading

From ransomware to remote workers to cyber-extortion gangs to Fred in shipping who clicks on the wrong link, cybersecurity concerns can keep you awake this season and all seasons

Risk 102

Samsung releases new privacy tool for its Galaxy phones

CyberSecurity Insiders

Samsung, the electronics giant of Korea, is all set to release a new privacy tool that will help its smart phone users to block data from being accessed by those repairing the mobile device.

7 Essential Burp Extensions for Hacking APIs

Security Boulevard

Check out the coolest extensions to help out when hacking APIs in Burp. The post 7 Essential Burp Extensions for Hacking APIs appeared first on Dana Epp's Blog. The post 7 Essential Burp Extensions for Hacking APIs appeared first on Security Boulevard. Security Bloggers Network API Hacking Tools

Multiple vulnerabilities affect the Juniper Junos OS

Security Affairs

Juniper Networks devices are affected by multiple high-severity issues, including code execution vulnerabilities. Multiple high-severity security vulnerabilities have been discovered in Juniper Networks devices.

Cybercriminals Use Fake Public PoCs to Spread Malware and Steal Data

eSecurity Planet

GitHub proofs of concept (PoCs) for known vulnerabilities could themselves contain malware as often as 10% of the time, security researchers have found.

Will new CISA guidelines help bolster cyber defenses?

CyberSecurity Insiders

Roel Decneut, Chief Strategy Officer at Lansweeper. Do you know what IT devices are in your business or on your network right now? If not, it’s not just cybercriminals that might be knocking on your door very soon, but the White House.

Cybersecurity Insights with Contrast CISO David Lindner | 10/28

Security Boulevard

Insight #1. ". CVSS score does not directly relate to the risk to your organization. Please for everyone’s sake, including your developers, produce a better algorithm for managing risk in your organization. Look at things like exploitability (EPSS), exploit path, vulnerable class usage, etc.". .

CISO 98

Google fixes a new actively exploited Chrome zero-day, it is the seventh one this year

Security Affairs

Google Thursday released an emergency patch for Chrome 107 to address the actively exploited zero-day vulnerability CVE-2022-3723. Google released an emergency update for the Chrome 107 to address an actively exploited zero-day vulnerability tracked as CVE-2022-3723.

Stress Is Driving Cybersecurity Professionals to Rethink Roles

Dark Reading

Burnout has led one-third of cybersecurity staffers to consider changing jobs over the next two years, potentially further deepening the talent shortage, research shows