Sat.Dec 17, 2022 - Fri.Dec 23, 2022

article thumbnail

The top cyber security stories of 2022

Security Boulevard

A look in the rearview can tell you a lot about the future, so we revisited the top cyber security stories of 2022 with experts in the field. The post The top cyber security stories of 2022 appeared first on Security Boulevard.

Internet 138
article thumbnail

Critical Microsoft Code-Execution Vulnerability

Schneier on Security

A critical code-execution vulnerability in Microsoft Windows was patched in September. It seems that researchers just realized how serious it was (and is): Like EternalBlue, CVE-2022-37958, as the latest vulnerability is tracked, allows attackers to execute malicious code with no authentication required. Also, like EternalBlue, it’s wormable, meaning that a single exploit can trigger a chain reaction of self-replicating follow-on exploits on other vulnerable systems.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

2022 Cyber Review: The Year the Ukraine War Shocked the World

Lohrman on Security

This past year will be remembered as another year of ransomware attacks, data breaches impacting critical infrastructure and, most of all, global cybersecurity impacts from the Russian war with Ukraine.

article thumbnail

The Equifax Breach Settlement Offer is Real, For Now

Krebs on Security

Millions of people likely just received an email or snail mail notice saying they’re eligible to claim a class action payment in connection with the 2017 megabreach at consumer credit bureau Equifax. Given the high volume of reader inquiries about this, it seemed worth pointing out that while this particular offer is legit (if paltry), scammers are likely to soon capitalize on public attention to the settlement money.

article thumbnail

How to Avoid Pitfalls In Automation: Keep Humans In the Loop

Speaker: Erroll Amacker

Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.

article thumbnail

Weekly Update 326

Troy Hunt

Despite having both my tripod and mic in the wrong suitcase in the wrong place, Scott and I still pulled together a weekly vid from the Norwegian mountains. Much of this week is a combination of our travels here, responses to my tweets around cookie warnings and reactions to Elon's various decisions (and undecisions) on Twitter. Plus, there's the CoinTracker and Gemini breaches which appear to have stemmed from the SendGrid breach, the connection to that incident having been made by Co

281
281
article thumbnail

How to Surrender to a Drone

Schneier on Security

The Ukrainian army has released an instructional video explaining how Russian soldiers should surrender to a drone: “Seeing the drone in the field of view, make eye contact with it,” the video instructs. Soldiers should then raise their arms and signal they’re ready to follow. After that the drone will move up and down a few meters, before heading off at walking pace in the direction of the nearest representatives of Ukraine’s army, it says.

331
331

LifeWorks

More Trending

article thumbnail

Study: Consumer security savvy is way behind IoT threat landscape

Tech Republic Security

A new Comcast study hints at a major risk to businesses, governments and public systems due to poor cybersecurity in the booming Internet of Things industry. The post Study: Consumer security savvy is way behind IoT threat landscape appeared first on TechRepublic.

IoT 207
article thumbnail

Lastpass: Hackers stole customer vault data in cloud storage breach

Bleeping Computer

LastPass revealed today that attackers stole customer vault data after breaching its cloud storage earlier this year using information stolen during an August 2022 incident. [.].

145
145
article thumbnail

Ukraine Intercepting Russian Soldiers’ Cell Phone Calls

Schneier on Security

They’re using commercial phones, which go through the Ukrainian telecom network : “You still have a lot of soldiers bringing cellphones to the frontline who want to talk to their families and they are either being intercepted as they go through a Ukrainian telecommunications provider or intercepted over the air,” said Alperovitch. “That doesn’t pose too much difficulty for the Ukrainian security services.” […]. “Security has always been a mess, bot

article thumbnail

GUEST ESSAY: Achieving trust — in a tumultuous 2023 that’s likely to come — can lead to success

The Last Watchdog

The 2020s are already tumultuous. Related: The Holy Grail of ‘digital resiliency’ Individuals are experiencing everything from extraordinary political and social upheaval to war on the European continent to the reemergence of infectious diseases to extreme weather events. Against this unsettling backdrop, citizens, consumers, employees, and partners will look to organizations that they trust for stability and positive long-term relationships.

Banking 145
article thumbnail

Why Giant Content Libraries Do Nothing for Your Employees’ Cyber Resilience

Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.

article thumbnail

On-premises vs cloud security: What are the pros and cons?

Tech Republic Security

Is on-premises or cloud computing operations more secure for your business? Consider the security pros and cons with our guide. The post On-premises vs cloud security: What are the pros and cons? appeared first on TechRepublic.

193
193
article thumbnail

ChatGPT: What are the Implications for Infosec?

SecureWorld News

ChatGPT, a chatbot developed by OpenAI, is all the rage right now, and is so popular the site continually throws up an overcapacity message. Launched in November of this year, ChatGPT is designed to provide detailed responses and articulate answers across many domains of knowledge. The ability to ask any question on just about any topic and have a very intelligent answer given has cybersecurity experts wondering if the infosec community is using it and, if so, for what; and, if so, how is it wor

InfoSec 145
article thumbnail

Hacking the JFK Airport Taxi Dispatch System

Schneier on Security

Two men have been convicted of hacking the taxi dispatch system at the JFK airport. This enabled them to reorder the taxis on the list; they charged taxi drivers $10 to cut the line.

Hacking 255
article thumbnail

Vice Society ransomware gang is using a custom locker

Security Affairs

The Vice Society ransomware group has adopted new custom ransomware, with a strong encryption scheme, in recent intrusions. SentinelOne researchers discovered that the Vice Society ransomware gang has started using a custom ransomware that implements a robust encryption scheme, using NTRUEncrypt and ChaCha20-Poly1305 algorithms. Vice Society ransomware has been active since June 2021, it is considered by researchers a spin-off of the HelloKitty ransomware , the malware targets both Windows and L

article thumbnail

Zero Trust Mandate: The Realities, Requirements and Roadmap

The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.

article thumbnail

Google unveils beta of client-side encryption for Gmail

Tech Republic Security

Customers of Google Workspace Enterprise Plus, Education Plus, or Education Standard can apply for the beta until Jan. 20, 2023. The post Google unveils beta of client-side encryption for Gmail appeared first on TechRepublic.

article thumbnail

CVE-2022-41040 and CVE-2022-41082 – zero-days in MS Exchange

SecureList

Summary. At the end of September, GTSC reported an attack on critical infrastructure that took place in August. During the investigation, experts found that two 0-day vulnerabilities in Microsoft Exchange Server were used in the attack. The first one, later identified as CVE-2022-41040, is a server-side request forgery (SSRF) vulnerability that allows an authenticated attacker to remotely trigger the next vulnerability – CVE-2022-41082.

Malware 145
article thumbnail

Trojaned Windows Installer Targets Ukraine

Schneier on Security

Mandiant is reporting on a trojaned Windows installer that targets Ukrainian users. The installer was left on various torrent sites, presumably ensnaring people downloading pirated copies of the operating system: Mandiant uncovered a socially engineered supply chain operation focused on Ukrainian government entities that leveraged trojanized ISO files masquerading as legitimate Windows 10 Operating System installers.

article thumbnail

Google introduces end-to-end encryption for Gmail on the web

Bleeping Computer

Google announced on Friday that it's adding end-to-end encryption to Gmail on the web, allowing enrolled Google Workspace users to send and receive encrypted emails within their domain and outside their domain. [.].

article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

The security skills shortage is here, here’s how to prepare

Tech Republic Security

Corporate security is near the top of the list of CIO concerns for 2023 — but a security skills shortfall is also a problem. What can companies do to bring up the slack? The post The security skills shortage is here, here’s how to prepare appeared first on TechRepublic.

174
174
article thumbnail

Why do cyber-attacks increase during holidays?

Security Boulevard

Why do cyber-attacks increase during holidays? Why do cyber-attacks increase during holidays? The holiday season is traditionally a golden opportunity for hackers to take advantage of the increase in the number of employees working remotely, decrease in IT staff levels, and extended server vulnerabilities. It’s a season when the number of attacks to access your […].

article thumbnail

Old vulnerabilities in Cisco products actively exploited in the wild

Security Affairs

IT giant Cisco is warning of threat actors exploiting many old vulnerabilities in attacks in the wild. Cisco has updated multiple security advisories to warn of the active exploitation of several old vulnerabilities impacting its products. The bugs, some of which are rated as ‘critical’ severity, impact Cisco IOS, NX-OS, and HyperFlex software. Below are the critical vulnerabilities being exploited in attacks in the wild: CVE-2017-12240 (CVSS score of 9.8) – The vulnerability affects the D

Wireless 145
article thumbnail

Okta's source code stolen after GitHub repositories hacked

Bleeping Computer

In a 'confidential' email notification sent by Okta and seen by BleepingComputer, the company states that attackers gained access to its GitHub repositories this month and stole the company's source code. [.].

Hacking 143
article thumbnail

Next-Level Fraud Prevention: Strategies for Today’s Threat Landscape

Speaker: Sierre Lindgren

Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.

article thumbnail

Study to ace five cybersecurity certification exams

Tech Republic Security

Dive into CompTIA, NIST, CISSP and more with the online training offered in The 2022 Ultimate Advanced CyberSecurity Professional Certification Bundle. The post Study to ace five cybersecurity certification exams appeared first on TechRepublic.

article thumbnail

A Robot’s View of AI in Cybersecurity

Security Boulevard

An AI chatbot wrote the following article on AI in cybersecurity. For real. No humans were harmed in the drafting of this article. Artificial intelligence (AI) and machine learning (ML) are rapidly advancing technologies that have the potential to greatly impact cybersecurity. These technologies can be used to enhance security by analyzing large amounts of.

article thumbnail

US Gov warns of BEC attacks to hijack shipments of food products

Security Affairs

US government is warning of business email compromise (BEC) attacks aimed at hijacking shipments of food products and ingredients. The Federal Bureau of Investigation (FBI), the Food and Drug Administration Office of Criminal Investigations (FDA OCI), and the US Department of Agriculture (USDA) have published a joint security advisory to warn of business email compromise (BEC) attacks leading to the hijack of shipments of food products and ingredients.

article thumbnail

“Suspicious login” scammers up their game – take care at Christmas

Naked Security

A picture is worth 1024 words - we clicked through so you don't have to.

Phishing 141
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Cisco Talos report: Threat actors use known Excel vulnerability

Tech Republic Security

The use of.XLL Excel files by threat actors to infect computers with malware is growing fast. Learn more about this relatively new technique and how to protect from it. The post Cisco Talos report: Threat actors use known Excel vulnerability appeared first on TechRepublic.

Malware 167
article thumbnail

GitHub Secret Scanning is now Free (as in Beer)

Security Boulevard

Microsoft’s GitHub source control service will help stop devs accidentally embedding secrets in public code repositories. It’s a big problem. The post GitHub Secret Scanning is now Free (as in Beer) appeared first on Security Boulevard.

article thumbnail

Experts spotted a variant of the Agenda Ransomware written in Rust

Security Affairs

Researchers spotted a new variant of the Agenda ransomware which is written in the cross-platform programming language Rust. Trend Micro researchers have spotted a new variant of the Agenda ransomware (aka Qilin) that is written in Rust Language. The move follows the decision of other ransomware gangs, like Hive , Blackcat , RansomExx , and Luna , of rewriting their ransomware into Rust.

article thumbnail

Diving into an Old Exploit Chain and Discovering 3 new SIP-Bypass Vulnerabilities

Trend Micro

More than two years ago, a researcher, A2nkF demonstrated the exploit chain from root privilege escalation to SIP-Bypass up to arbitrary kernel extension loading. In this blog entry, we will discuss how we discovered 3 more vulnerabilities from the old exploit chain.

135
135
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!