Sat.Nov 05, 2022 - Fri.Nov 11, 2022

6 ways to reduce your IoT attack surface

Tech Republic Security

As attackers target the ever-growing IoT attack surface, companies can reduce their risks with these six security best practices. The post 6 ways to reduce your IoT attack surface appeared first on TechRepublic. CXO Internet of Things Security best practices iot security

IoT 144

An Untrustworthy TLS Certificate in Browsers

Schneier on Security

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Lawsuit Seeks Food Benefits Stolen By Skimmers

Krebs on Security

A nonprofit organization is suing the state of Massachusetts on behalf of thousands of low-income families who were collectively robbed of more than a $1 million in food assistance benefits by card skimming devices secretly installed at cash machines and grocery store checkout lanes across the state.

2022 Midterm Election Cybersecurity: Are We Ready?

Lohrman on Security

As we head into the pivotal 2022 midterm elections this week, how prepared are states to ensure votes are properly counted and protected from cyber attacks? Here’s a roundup of recent developments

Successful Change Management with Enterprise Risk Management

Speaker: William Hord, Vice President of ERM Services

Join us as we discuss the various tangents of data and the change management process that will help you make better risk-based business decisions to save time and money for your organization.

The Have I Been Pwned API Now Has Different Rate Limits and Annual Billing

Troy Hunt

A couple of weeks ago I wrote about some big changes afoot for Have I Been Pwned (HIBP), namely the introduction of annual billing and new rate limits. Today, it's finally here!

Defeating Phishing-Resistant Multifactor Authentication

Schneier on Security

CISA is now pushing phishing-resistant multifactor authentication. Roger Grimes has an excellent post reminding everyone that “phishing-resistant” is not “phishing proof,” and that everyone needs to stop pretending otherwise.

More Trending

10 Best Practices for Data Protection

CyberSecurity Insiders

By Moinul Khan , Vice President & General Manager, Data Protection, at Zscaler. In 2022, Gartner established its first ever Magic Quadrant for Security Service Edge (SSE) , a new security industry category.

SHARED INTEL: The non-stop advance and diversification of ransomware extortion tactics

The Last Watchdog

Cybercriminals are becoming more creative as cybersecurity analysts adapt quickly to new ransomware strategies. Related: How training can mitigate targeted attacks. Ransomware has evolved from classic attacks to more innovative approaches to navigate reinforced security infrastructure. Here’s how hackers crafting new ransomware extortion tactics to keep analysts on their toes: Data exfiltration is no more.

Using Wi-FI to See through Walls

Schneier on Security

This technique measures device response time to determine distance: The scientists tested the exploit by modifying an off-the-shelf drone to create a flying scanning device, the Wi-Peep.

Anton’s Security Blog Quarterly Q4 2022

Anton on Security

Great blog posts are sometimes hard to find (especially on Medium ), so I decided to do a periodic list blog with my favorite posts of the past quarter or so. Here is the next one. The posts below are ranked by lifetime views. This covers both Anton on Security and my posts from Google Cloud blog , and our Cloud Security Podcast too ( subscribe ).

Cover Your SaaS: How to Overcome Security Challenges and Risks For Your Organization

Speaker: Ronald Eddings, Cybersecurity Expert and Podcaster

In this webinar, Ronald Eddings, Cybersecurity Expert, will outline the relationship between SaaS apps and IT & security teams, along with several actionable solutions to overcome the new difficulties facing your organization.

Uyghurs Targeted With Spyware, Courtesy of PRC

Dark Reading

Chinese government employs spyware to detect so-called "pre-crimes" including using a VPN, religious apps, or WhatsApp, new analysis reveals

Cisco Secure Firewall on AWS: Build resilience at scale with stateful firewall clustering

Cisco CSR

Organizations embrace the public cloud for the agility, scalability, and reliability it offers when running applications. But just as organizations need these capabilities to ensure their applications operate where needed and as needed, they also require their security does the same.

The Conviction of Uber’s Chief Security Officer

Schneier on Security

I have been meaning to write about Joe Sullivan, Uber’s former Chief Security Officer. He was convicted of crimes related to covering up a cyberattack against Uber.

A cyberattack blocked the trains in Denmark

Security Affairs

At the end of October, a cyber attack caused the trains to stop in Denmark, the attack hit a third-party IT service provider. A cyber attack caused training the trains operated by DSB to stop in Denmark the last weekend, threat actors hit a third-party IT service provider.

How Preparation and Strategy Can Be Used to Fight and Defeat Any Ransomware Attack

Speaker: Karl Camilleri, Cloud Services Product Manager at phoenixNAP

Through a detailed analysis of major attacks and their consequences, Karl Camilleri, Cloud Services Product Manager at phoenixNAP, will discuss the state of ransomware and future predictions, as well as provide best practices for attack prevention and recovery.

Safely Test Your Malware, Ransomware and Virus Defenses

Security Boulevard

What’s the best way for a company to test its malware defenses in real-life scenarios? The past few years have seen both an uptick in cyberattacks and a dire shortage of security talent. In fact, a 2017 report predicted that by 2020 businesses will be hit by a threat actor every eleven seconds.

How to Close Kubernetes' Network Security Gap

Dark Reading

StackRox bridges network security and other gaps and makes applying and managing network isolation and access controls easier while extending Kubernetes' automation and scalability benefit

NSA Over-surveillance

Schneier on Security

Here in 2022, we have a newly declassified 2016 Inspector General report—”Misuse of Sigint Systems”—about a 2013 NSA program that resulted in the unauthorized (that is, illegal) targeting of Americans. Given all we learned from Edward Snowden, this feels like a minor coda.

The Evolution of SIEM: Where It’s Been and Where It is Going

CyberSecurity Insiders

By Michael DeCesare, CEO & President, Exabeam. As the digital economy grows, organizations have become increasingly susceptible to cyberattacks.

How to Avoid the Pain and Cost of PCI Compliance While Optimizing Payments

Speaker: P. Andrew Sjogren, Sr. Product Marketing Manager at Very Good Security, Matt Doka, Co-Founder and CTO of Fivestars, and Steve Andrews, President & CEO of the Western Bankers Association 

In this webinar, we have a great set of panelists who will take you through how Zero Data strategies can be used as part of a well-rounded compliance and security approach, and get you to market much sooner by also allowing for payment optimization. They’ll share how to grow your business faster and minimize costs for both security and compliance

Cisco Secure Endpoint Crushed the AV-Comparative EPR Test

Cisco CSR

The word is out! Cisco Secure Endpoint’s effectiveness is off the charts in protecting your enterprise environment. This is not just a baseless opinion; however, the facts are rooted in actual test results from the annual AV-Comparative EPR Test Report published in October 2022.

NSA’s Plea: Stop Using C and C++ (Because You’re Idiots)

Security Boulevard

The C and C++ languages are unsafe. Instead, the NSA would like devs to use memory-safe languages—such as Rust. The post NSA’s Plea: Stop Using C and C++ (Because You’re Idiots) appeared first on Security Boulevard.

CISO 100

New Book: A Hacker’s Mind

Schneier on Security

I have a new book coming out in February. It’s about hacking. A Hacker’s Mind: How the Powerful Bend Society’s Rules, and How to Bend them Back isn’t about hacking computer systems; it’s about hacking more general economic, political, and social systems. It generalizes the term hack as a means of subverting a system’s rules in unintended ways. What sorts of system? Any system of rules, really. Take the tax code, for example.

Researchers warn of malicious packages on PyPI using steganography

Security Affairs

Experts discovered a malicious package on the Python Package Index (PyPI) that uses steganographic to hide malware within image files.

Back to the Office: Privacy and Security Solutions to Compliance Issues for 2021 and Beyond

Speaker: Mike Cramer, Director of HIPAA & Data Security at The Word & Brown Companies

Now that companies are slowly allowing employees to return to work at the office, it's time to re-evaluate your company’s posture towards privacy and security. Join Mike Cramer, Director of HIPAA & Data Security at The Word & Brown Companies, for a discussion that will focus on compliance and the types of privacy and security measures your company should be aware of, as well as tips and methods for implementing these measures.

SolarWinds 2020 data breach to be deeply proved by SEC

CyberSecurity Insiders

US Security and Exchange Commission (SEC) has launched a serious probe on SolarWinds’s massive data breach of 2020. Thus, pretty soon, the software developer might face legal action that could land it up in paying a huge penalty.

Hacker Stole $3B of Bitcoin — Because ‘Crypto’ is Garbage

Security Boulevard

James Zhong admitted to stealing 50,000 bitcoins from the former dark web market, Silk Road. The post Hacker Stole $3B of Bitcoin — Because ‘Crypto’ is Garbage appeared first on Security Boulevard.

‘Dark Ships’ Emerge From the Shadows of the Nord Stream Mystery

WIRED Threat Level

Satellite monitors discovered two vessels with their trackers turned off in the area of the pipeline prior to the suspected sabotage in September. Security Security / National Security Security / Security News

94

LockBit 3.0 gang claims to have stolen data from Kearney & Company

Security Affairs

The ransomware group LockBit claimed to have stolen data from consulting and IT services provider Kearney & Company. Kearney is the premier CPA firm that services across the financial management spectrum to government entities.

10 Cybersecurity predictions for 2023

CyberSecurity Insiders

As we head into 2023, we look back at the last year and the focus will continue to be on reducing risk exposure and resilience.

BSidesKC 2022 – Igor Mezic’s ‘AI And Machine Learning In Network Security’

Security Boulevard

Our sincere thanks to BSidesKC 2022 for publishing their outstanding conference videos on the organization's YouTube channel. The post BSidesKC 2022 – Igor Mezic’s ‘AI And Machine Learning In Network Security’ appeared first on Security Boulevard.

Elon Musk's Twitter Blue Verification Is a Scammer's Paradise

WIRED Threat Level

Anyone can get a blue tick on Twitter without proving who they are. And it’s already causing a ton of problems. Security Security / Security News Security / Cyberattacks and Hacks Security / National Security Business / Social Media

Media 94

A bug in ABB Totalflow flow computers exposed oil and gas companies to attack

Security Affairs

A flaw in the ABB Totalflow system used in oil and gas organizations could be exploited by an attacker to inject and execute arbitrary code. Researchers from industrial security firm Claroty disclosed details of a vulnerability affecting ABB Totalflow flow computers and remote controllers.

Avoiding Cloud Security Fails – Excerpts from (ISC)² Security Congress 2022

CyberSecurity Insiders

By Chinatu Uzuegbu, CISSP, CEO/Managing Cyber Security Consultant at RoseTech CyberCrime Solutions Ltd. ISC)² Security Congress 2022 was a huge success with engaging speakers from around the world filled with insights.

Voices from Validate – Simplifying Posture Management

Security Boulevard

Learn from Zscaler how zero trust, MITRE ATT&CK, and BAS can work together to optimize security posture across complex environments. The post Voices from Validate – Simplifying Posture Management appeared first on SafeBreach.

96