Sat.Sep 24, 2022 - Fri.Sep 30, 2022

article thumbnail

How to Close the Cybersecurity Skills Gap in Your Business

CyberSecurity Insiders

Staffing shortages in some industries have worsened since the COVID-19 pandemic began wreaking havoc in 2020, especially in cybersecurity. Cyberattacks have increased in many sectors, primarily targeting education and healthcare. What can employers do for their businesses with attacks rising alongside the widening cybersecurity skills gap? What Is the Cybersecurity Skills Gap?

article thumbnail

Fake CISO Profiles on LinkedIn Target Fortune 500s

Krebs on Security

Someone has recently created a large number of fake LinkedIn profiles for Chief Information Security Officer (CISO) roles at some of the world’s largest corporations. It’s not clear who’s behind this network of fake CISOs or what their intentions may be. But the fabricated LinkedIn identities are confusing search engine results for CISO roles at major companies, and they are being indexed as gospel by various downstream data-scraping sources.

CISO 293
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Differences in App Security/Privacy Based on Country

Schneier on Security

Depending on where you are when you download your Android apps, it might collect more or less data about you. The apps we downloaded from Google Play also showed differences based on country in their security and privacy capabilities. One hundred twenty-seven apps varied in what the apps were allowed to access on users’ mobile phones, 49 of which had additional permissions deemed “dangerous” by Google.

Mobile 306
article thumbnail

FIRESIDE CHAT: Why ‘digital resiliency’ has arisen as the Holy Grail of IT infrastructure

The Last Watchdog

Digital resiliency has arisen as something of a Holy Grail in the current environment. Related: The big lesson of Log4j. Enterprises are racing to push their digital services out to the far edge of a highly interconnected, cloud-centric operating environment. This has triggered a seismic transition of company networks, one that has put IT teams and security teams under enormous pressure.

Internet 221
article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

CloudBees CEO: Software delivery is now ‘release orchestration’

Tech Republic Security

Enterprise software delivery company CloudBees has a new SaaS offering to discuss, and the firm's CEO gets philosophical. The post CloudBees CEO: Software delivery is now ‘release orchestration’ appeared first on TechRepublic.

Software 208
article thumbnail

What happens with a hacked Instagram account – and how to recover it

We Live Security

Had your Instagram account stolen? Don’t panic – here’s how to get your account back and how to avoid getting hacked (again). The post What happens with a hacked Instagram account – and how to recover it appeared first on WeLiveSecurity.

More Trending

article thumbnail

GUEST ESSAY: The case for an identity-first approach ‘Zero Trust’ privileged access management

The Last Watchdog

Today’s enterprises are facing more complexities and challenges than ever before. Related: Replacing VPNs with ZTNA. Thanks to the emergence of today’s hybrid and multi-cloud environments and factors like remote work, ransomware attacks continue to permeate each industry. In fact, the 2022 Verizon Data Breach Investigation Report revealed an alarming 13 percent increase in ransomware attacks overall – greater than past five years combined – and the inability to properly manage identities and pri

article thumbnail

Why 2FA is failing and what should be done about it

Tech Republic Security

Jack Wallen details a recent hack and why he believes one aspect of two-factor authentication is part of the problem. The post Why 2FA is failing and what should be done about it appeared first on TechRepublic.

article thumbnail

Netography Uses Labels and Tags to Provide Security Context

Security Boulevard

Netography today added support for context labels and tagging to a software-as-a-service (SaaS) platform that provides deep packet inspection capabilities to identify cybersecurity threats in near-real-time. Netography CEO Martin Roesch said labels and tags will make it easier for cybersecurity teams to use flow logs to visualize and analyze network traffic by application, location, compliance.

article thumbnail

Leaking Passwords through the Spellchecker

Schneier on Security

Sometimes browser spellcheckers leak passwords : When using major web browsers like Chrome and Edge, your form data is transmitted to Google and Microsoft, respectively, should enhanced spellcheck features be enabled. Depending on the website you visit, the form data may itself include PII­—including but not limited to Social Security Numbers (SSNs)/Social Insurance Numbers (SINs), name, address, email, date of birth (DOB), contact information, bank and payment information, and so on.

Passwords 281
article thumbnail

Beware of Pixels & Trackers on U.S. Healthcare Websites

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

article thumbnail

The deepfake danger: When it wasn’t you on that Zoom call

CSO Magazine

In August, Patrick Hillman, chief communications officer of blockchain ecosystem Binance, knew something was off when he was scrolling through his full inbox and found six messages from clients about recent video calls with investors in which he had allegedly participated. “Thanks for the investment opportunity,” one of them said. “I have some concerns about your investment advice,” another wrote.

article thumbnail

Malicious Oauth app enables attackers to send spam through corporate cloud tenants

Tech Republic Security

Microsoft investigated a new kind of attack where malicious OAuth applications were deployed on compromised cloud tenants before being used for mass spamming. The post Malicious Oauth app enables attackers to send spam through corporate cloud tenants appeared first on TechRepublic.

186
186
article thumbnail

How Underground Groups Use Stolen Identities and Deepfakes

Trend Micro

The growing appearance of deepfake attacks is significantly reshaping the threat landscape. These fakes brings attacks such as business email compromise (BEC) and identity verification bypassing to new levels.

Media 140
article thumbnail

Protecting teens from sextortion: What parents should know

We Live Security

Online predators increasingly trick or coerce youth into sharing explicit videos and photos of themselves before threatening to post the content online. The post Protecting teens from sextortion: What parents should know appeared first on WeLiveSecurity.

142
142
article thumbnail

Software Composition Analysis: The New Armor for Your Cybersecurity

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

article thumbnail

The State of Cybersecurity has improved but is hardly flawless

The State of Security

For the record, it should be acknowledged from the start that there is no question that the cybersecurity landscape has improved over time, mostly courtesy of persistent increases in cyber spending year after year. Gartner estimates that the U.S. and the rest of the world will invest $172 billion in cybersecurity this year, up from $150 […]… Read More.

article thumbnail

New Chaos malware spreads over multiple architectures

Tech Republic Security

A new malware named Chaos raises concerns as it spreads on multiple architectures and operating systems. The post New Chaos malware spreads over multiple architectures appeared first on TechRepublic.

article thumbnail

How cybercriminals use public online and offline data to target employees

CSO Magazine

We post our daily lives to social media and think nothing of making key details about our lives public. We need to reconsider what we share online and how attackers can use this information to target businesses. Your firm’s security may be one text message away from a breach. How and why attackers target new employees. For example, a firm onboards a new intern and provides them with keys to the office building, logins to the network, and an email address.

Media 139
article thumbnail

Amazon?themed campaigns of Lazarus in the Netherlands and Belgium

We Live Security

ESET researchers have discovered Lazarus attacks against targets in the Netherlands and Belgium that use spearphishing emails connected to fake job offers. The post Amazon‑themed campaigns of Lazarus in the Netherlands and Belgium appeared first on WeLiveSecurity.

141
141
article thumbnail

From Complexity to Clarity: Strategies for Effective Compliance and Security Measures

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

article thumbnail

IT admin admits sabotaging ex-employer’s network in bid for higher salary

The State of Security

A 40-year-old man could face up to 10 years in prison, after admitting in a US District Court to sabotaging his former employer’s computer systems. Casey K Umetsu, of Honolulu, Hawaii, has pleaded guilty to charges that he deliberately misdirected a financial company’s email traffic and prevented customers from reaching its website in a failed […]… Read More.

article thumbnail

Report finds women are declining CISO/CSO roles

Tech Republic Security

Professional risk factors into career decisions, and successful women need to encourage other women to accept the risks, says Accenture. The post Report finds women are declining CISO/CSO roles appeared first on TechRepublic.

CSO 163
article thumbnail

Ethernet VLAN Stacking flaws let hackers launch DoS, MiTM attacks

Bleeping Computer

Four vulnerabilities in the widely adopted 'Stacked VLAN' Ethernet feature allows attackers to perform denial-of-service (DoS) or man-in-the-middle (MitM) attacks against network targets using custom-crafted packets. [.].

140
140
article thumbnail

Experts uncovered novel Malware persistence within VMware ESXi Hypervisors

Security Affairs

Researchers from Mandiant have discovered a novel malware persistence technique within VMware ESXi Hypervisors. Mandiant detailed a novel technique used by malware authors to achieve administrative access within VMware ESXi Hypervisors and take over vCenter servers and virtual machines for Windows and Linux to perform the following actions: Send commands to the hypervisor that will be routed to the guest VM for execution Transfer files between the ESXi hypervisor and guest machines running benea

Malware 133
article thumbnail

Successful Change Management with Enterprise Risk Management

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

article thumbnail

Beware Revolut frozen card scams sent via SMS text

Graham Cluley

Users of Revolut, the popular banking app, would be wise to be on their guard - as scammers are sending out barrages of SMS text messages, posing as official communications from the financial firm.

Scams 135
article thumbnail

Launch an IT career after taking these eight courses for under $50

Tech Republic Security

Get a great deal on 110 hours of IT training in these online courses focused on tech basics in the CompTIA and Microsoft certification exams. The post Launch an IT career after taking these eight courses for under $50 appeared first on TechRepublic.

Software 153
article thumbnail

IRS warns Americans of massive rise in SMS phishing attacks

Bleeping Computer

The Internal Revenue Service (IRS) warned Americans of an exponential rise in IRS-themed text message phishing attacks trying to steal their financial and personal information in the last few weeks. [.].

Phishing 143
article thumbnail

Most hackers need 5 hours or less to break into enterprise environments

CSO Magazine

Around 40% of ethical hackers recently surveyed by the SANS Institute said they can break into most environments they test, if not all. Nearly 60% said they need five hours or less to break into a corporate environment once they identify a weakness. The SANS ethical hacking survey , done in partnership with security firm Bishop Fox, is the first of its kind and collected responses from over 300 ethical hackers working in different roles inside organizations, with different levels of experience a

article thumbnail

Cover Your SaaS: How to Overcome Security Challenges and Risks For Your Organization

Speaker: Ronald Eddings, Cybersecurity Expert and Podcaster

So, you’ve accomplished an organization-wide SaaS adoption. It started slow, and now just a few team members might be responsible for running Salesforce, Slack, and a few others applications that boost productivity, but it’s all finished. Or is it? Through all the benefits offered by SaaS applications, it’s still a necessity to onboard providers as quickly as possible.

article thumbnail

ProxyNotShell— the story of the claimed zero day in Microsoft Exchange

DoublePulsar

Yesterday, cybersecurity vendor GTSC Cyber Security dropped a blog saying they had detected exploitation of a new Microsoft Exchange zero… Continue reading on DoublePulsar ».

article thumbnail

Colonial Pipeline ransomware group using new tactics to become more dangerous

Tech Republic Security

Dubbed Coreid, the group has adopted a new version of its data exfiltration tool and is offering more advanced capabilities to profitable affiliates, says Symantec. The post Colonial Pipeline ransomware group using new tactics to become more dangerous appeared first on TechRepublic.

article thumbnail

Brave browser to start blocking annoying cookie consent banners

Bleeping Computer

The Brave browser will soon allows users to block annoying and potentially privacy-harming cookie consent banners on all websites they visit. [.].

Software 145
article thumbnail

OpIran: Anonymous declares war on Teheran amid Mahsa Amini’s death

Security Affairs

OpIran: Anonymous launched Operation Iran against Teheran due to the ongoing crackdown on dissent after Mahsa Amini’s death. Anonymous launched OpIran against Iran due to the ongoing crackdown on dissent after Mahsa Amini’s death. The protests began after the death of Mahsa Amini from Saqqez in Kurdistan province after her arrest by Iran’s morality police for allegedly wearing her hijab too loosely.

Internet 130
article thumbnail

How Preparation and Strategy Can Be Used to Fight and Defeat Any Ransomware Attack

Speaker: Karl Camilleri, Cloud Services Product Manager at phoenixNAP

Did you know that 2021 was a record-breaking year for ransomware? The days of a “once in a while” attack against businesses and organizations are over. Cyberthreats have become a serious issue. With 495.1 million attacks, the threat marked a 148% increase compared to 2020 and was the most expensive year on record! As a result, data protection needs to be a concern for most banks, businesses, and information technology specialists.