Tech Republic Security
NOVEMBER 7, 2022
As attackers target the ever-growing IoT attack surface, companies can reduce their risks with these six security best practices. The post 6 ways to reduce your IoT attack surface appeared first on TechRepublic.
Schneier on Security
NOVEMBER 10, 2022
The major browsers natively trust a whole bunch of certificate authorities, and some of them are really sketchy : Google’s Chrome, Apple’s Safari, nonprofit Firefox and others allow the company, TrustCor Systems, to act as what’s known as a root certificate authority, a powerful spot in the internet’s infrastructure that guarantees websites are not fake, guiding users to them seamlessly.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Troy Hunt
NOVEMBER 6, 2022
A couple of weeks ago I wrote about some big changes afoot for Have I Been Pwned (HIBP), namely the introduction of annual billing and new rate limits. Today, it's finally here! These are two of the most eagerly awaited, most requested features on HIBP's UserVoice so it's great to see them finally knocked off after years of waiting. In implementing all this, there are changes to the existing "one size fits all" model so if you're using the HIBP API, please make sure y
Lohrman on Security
NOVEMBER 6, 2022
As we head into the pivotal 2022 midterm elections this week, how prepared are states to ensure votes are properly counted and protected from cyber attacks? Here’s a roundup of recent developments.
Speaker: Erroll Amacker
Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.
Krebs on Security
NOVEMBER 8, 2022
Let’s face it: Having “2022 election” in the headline above is probably the only reason anyone might read this story today. Still, while most of us here in the United States are anxiously awaiting the results of how well we’ve patched our Democracy, it seems fitting that Microsoft Corp. today released gobs of security patches for its ubiquitous Windows operating systems.
Schneier on Security
NOVEMBER 9, 2022
CISA is now pushing phishing-resistant multifactor authentication. Roger Grimes has an excellent post reminding everyone that “phishing-resistant” is not “phishing proof,” and that everyone needs to stop pretending otherwise. His list of different attacks is particularly useful.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
|
Security Affairs
NOVEMBER 10, 2022
A flaw in the ABB Totalflow system used in oil and gas organizations could be exploited by an attacker to inject and execute arbitrary code. Researchers from industrial security firm Claroty disclosed details of a vulnerability affecting ABB Totalflow flow computers and remote controllers. Flow computers are used to calculate volume and flow rates for oil and gas that are critical to electric power manufacturing and distribution.
Cisco Security
NOVEMBER 9, 2022
Organizations embrace the public cloud for the agility, scalability, and reliability it offers when running applications. But just as organizations need these capabilities to ensure their applications operate where needed and as needed, they also require their security does the same. Organizations may introduce multiple individual firewalls into their AWS infrastructure to produce this outcome.
Schneier on Security
NOVEMBER 8, 2022
This technique measures device response time to determine distance: The scientists tested the exploit by modifying an off-the-shelf drone to create a flying scanning device, the Wi-Peep. The robotic aircraft sends several messages to each device as it flies around, establishing the positions of devices in each room. A thief using the drone could find vulnerable areas in a home or office by checking for the absence of security cameras and other signs that a room is monitored or occupied.
Tech Republic Security
NOVEMBER 9, 2022
If you're in the process of constructing a multi-cloud security plan, these providers can help you avoid the most common pitfalls of multi-cloud security. The post Top 6 Multi-Cloud Security Solution Providers appeared first on TechRepublic.
Advertisement
Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.
Graham Cluley
NOVEMBER 8, 2022
Mastodon is hot right now. After some years of only being used by geeks (yes, I've had an account for a while now) it's at the tipping point of becoming mainstream. If you're part of the exodus of users leaving Twitter for Mastodon, what are the security and privacy issues that you need to be aware of?
Cisco Security
NOVEMBER 9, 2022
Lots of exciting things happening at Cisco, and for our customers, all to help them better prepare for what’s next. Case in point, we just returned from a very successful Cisco Partner Summit where the spotlight shined on cyber security. When our executives were on stage talking about solutions, the attendees heard a very catchy phrase; “if it’s connected, it’s protected.
Schneier on Security
NOVEMBER 7, 2022
I have been meaning to write about Joe Sullivan, Uber’s former Chief Security Officer. He was convicted of crimes related to covering up a cyberattack against Uber. It’s a complicated case, and I’m not convinced that he deserved a guilty ruling or that it’s a good thing for the industry. I may still write something, but until then, this essay on the topic is worth reading.
Trend Micro
NOVEMBER 8, 2022
We looked into the campaigns deployed by a new subgroup of advanced persistent threat (APT) group APT41, Earth Longzhi. This entry breaks down the technical details of the campaigns in full as presented at HITCON PEACE 2022 in August.
Advertisement
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
SecureList
NOVEMBER 9, 2022
Knowing what the future holds can help with being prepared for emerging threats better. Every year, Kaspersky experts prepare forecasts for different industries, helping them to build a strong defense against any cybersecurity threats they might face in the foreseeable future. Those predictions form Kaspersky Security Bulletin (KSB), an annual project lead by Kaspersky experts.
Cisco Security
NOVEMBER 8, 2022
The word is out! Cisco Secure Endpoint’s effectiveness is off the charts in protecting your enterprise environment. This is not just a baseless opinion; however, the facts are rooted in actual test results from the annual AV-Comparative EPR Test Report published in October 2022. Not only did Secure Endpoint knock it out of the park in enterprise protection; but Cisco Secure Endpoint obtained the lowest total cost of ownership (TCO) per agent at $587 over 5 years.
Schneier on Security
NOVEMBER 11, 2022
Here in 2022, we have a newly declassified 2016 Inspector General report—”Misuse of Sigint Systems”—about a 2013 NSA program that resulted in the unauthorized (that is, illegal) targeting of Americans. Given all we learned from Edward Snowden, this feels like a minor coda. There’s nothing really interesting in the IG document, which is heavily redacted.
Bleeping Computer
NOVEMBER 7, 2022
Mastodon, the free, open-source, decentralized micro-blogging social media platform, has surpassed a million monthly active users for the first time in its history. [.].
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
Digital Shadows
NOVEMBER 10, 2022
Sporting events, like the upcoming FIFA World Cup Qatar 2022 (Qatar 2022 World Cup), attract massive attention from every corner. The post Cyber Threats to the FIFA World Cup Qatar 2022 first appeared on Digital Shadows.
Security Affairs
NOVEMBER 6, 2022
The ransomware group LockBit claimed to have stolen data from consulting and IT services provider Kearney & Company. Kearney is the premier CPA firm that services across the financial management spectrum to government entities. The company provides audit, consulting and IT services to the United States government. It has helped the Federal Government improve its financial operations’ overall effectiveness and efficiency.
Schneier on Security
NOVEMBER 11, 2022
I have a new book coming out in February. It’s about hacking. A Hacker’s Mind: How the Powerful Bend Society’s Rules, and How to Bend them Back isn’t about hacking computer systems; it’s about hacking more general economic, political, and social systems. It generalizes the term hack as a means of subverting a system’s rules in unintended ways.
WIRED Threat Level
NOVEMBER 7, 2022
Edward Perez says that “manufactured chaos” by bad actors will be even riskier thanks to Elon Musk’s own mayhem.
Speaker: Sierre Lindgren
Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.
CyberSecurity Insiders
NOVEMBER 9, 2022
By Moinul Khan , Vice President & General Manager, Data Protection, at Zscaler. In 2022, Gartner established its first ever Magic Quadrant for Security Service Edge (SSE) , a new security industry category. SSE acknowledges that protecting a distributed digital business from malicious actors requires three integrated technologies: secure web gateways (SWG) to control internet access, zero trust network access (ZTNA) to control private application access and cloud access security broker (CASB
eSecurity Planet
NOVEMBER 7, 2022
REMnux is a free community distribution that ethical hackers, security researchers, and many other security pros can leverage to build their own labs and speed up malware analysis. Whether you’re new to these specialties or an experienced investigator, REMnux contains many helpful Debian packages and configurations to perform advanced tasks, such as: Extracting IoCs (Indicators of Compromise) Disassembling/decompiling binaries or windows executables (such as PE files) Decoding, deobfuscating, de
Security Affairs
NOVEMBER 6, 2022
At the end of October, a cyber attack caused the trains to stop in Denmark, the attack hit a third-party IT service provider. A cyber attack caused training the trains operated by DSB to stop in Denmark the last weekend, threat actors hit a third-party IT service provider. The attack hit the Danish company Supeo which provides enterprise asset management solutions to railway companies, transportation infrastructure operators and public passenger authorities.
IT Security Guru
NOVEMBER 8, 2022
Our industry faces a shortage of skilled, experienced professionals, which puts a strain on companies finding and retaining capable and reliable security staff. The rise of specialist cyber security consultants and managed cyber security service providers (MSSPs) is underpinned by organisations that appreciate the lower investment cost and greater experience these companies can offer.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Security Boulevard
NOVEMBER 7, 2022
What’s the best way for a company to test its malware defenses in real-life scenarios? The past few years have seen both an uptick in cyberattacks and a dire shortage of security talent. In fact, a 2017 report predicted that by 2020 businesses will be hit by a threat actor every eleven seconds. Not to. The post Safely Test Your Malware, Ransomware and Virus Defenses appeared first on Security Boulevard.
Tech Republic Security
NOVEMBER 9, 2022
In this guide, you will learn how to evaluate a solution based on: Security Impact – Does the solution reduce risks, and can it provide visibility into your environment? Strategic Business Initiatives – Does the solution support cloud, mobile and BYOD initiatives? Can it fulfill compliance? Total Cost of Ownership (TCO) – Does the solution.
Security Affairs
NOVEMBER 10, 2022
Russia-linked APT29 cyberespionage group exploited a Windows feature called Credential Roaming to target a European diplomatic entity. Mandiant researchers in early 2022 responded to an incident where the Russia-linked APT29 group (aka SVR group , Cozy Bear , Nobelium , and The Dukes ) successfully phished a European diplomatic entity. The attack stands out for the use of the Windows Credential Roaming feature.
SecureList
NOVEMBER 7, 2022
News overview. In Q3 2022, DDoS attacks were, more often than not, it seemed, politically motivated. As before, most news was focused on the conflict between Russia and Ukraine, but other high-profile events also affected the DDoS landscape this quarter. The pro-Russian group Killnet, active since January 2022, took the responsibility for several more cyberattacks.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Expert insights. Personalized for you.
217 
Let's personalize your content