Dark Reading
OCTOBER 4, 2022
Responding to cyberattacks is extraordinarily stressful, but better planning, frequent practice, and the availability of mental health services can help IR professionals, a survey finds.
Schneier on Security
OCTOBER 3, 2022
This is interesting research : In this paper, we develop a new mechanism for detecting audio deepfakes using techniques from the field of articulatory phonetics. Specifically, we apply fluid dynamics to estimate the arrangement of the human vocal tract during speech generation and show that deepfakes often model impossible or highly-unlikely anatomical arrangements.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Krebs on Security
OCTOBER 5, 2022
A recent proliferation of phony executive profiles on LinkedIn is creating something of an identity crisis for the business networking site, and for companies that rely on it to hire and screen prospective employees. The fabricated LinkedIn identities — which pair AI-generated profile photos with text lifted from legitimate accounts — are creating major headaches for corporate HR departments and for those managing invite-only LinkedIn groups.
Joseph Steinberg
OCTOBER 6, 2022
A jury yesterday found former Uber security chief Joe Sullivan guilty of covering up a massive data breach; the conviction makes Sullivan likely to become the first executive to face prison time over the mishandling of a cyberattack. According to The New York Times , in 2016, while the Federal Trade Commission (FTC) was investigating an earlier breach of Uber’s computer systems, Sullivan learned of a subsequent compromise that affected more than 57 million Uber accounts.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Troy Hunt
OCTOBER 7, 2022
Geez it's nice to be home 😊 It's nice to live in a home that makes you feel that way when returning from a place as beautiful as Bali 😊 This week's video is dominated by the whole discussion around this tweet: I love that part of the Microsoft Security Score for Identity in Azure improves your score if you *don't* enforce password rotation, what a sign of the times!
Schneier on Security
OCTOBER 4, 2022
An ex-NSA employee has been charged with trying to sell classified data to the Russians (but instead actually talking to an undercover FBI agent). It’s a weird story, and the FBI affidavit raises more questions than it answers. The employee only worked for the NSA for three weeks—which is weird in itself. I can’t figure out how he linked up with the undercover FBI agent.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Tech Republic Security
OCTOBER 7, 2022
SecureWorks found that business email compromise still generates huge revenues for cybercriminals, while cyberespionage activities tend not to change so much. The post 2022 State of the Threat: Ransomware is still hitting companies hard appeared first on TechRepublic.
Security Boulevard
OCTOBER 1, 2022
There has been significant growth in organizations deploying private blockchain technology. But despite its reputation, it is essential not to assume blockchain is secure just because it relies on cryptography. An appropriate security design with controls that addresses an organization’s acceptable risk should be applied and reviewed before deploying blockchain to a production environment.
CSO Magazine
OCTOBER 4, 2022
Employees are often warned about the data exposure risks associated with the likes of phishing emails, credential theft, and using weak passwords. However, they can risk leaking or exposing sensitive information about themselves, the work they do, or their organization without even realizing. This risk frequently goes unexplored in cybersecurity awareness training, leaving employees oblivious to the risks they can pose to the security of data which, if exposed, could be exploited both directly a
Bleeping Computer
OCTOBER 3, 2022
Microsoft has shared mitigations for two new Microsoft Exchange zero-day vulnerabilities tracked as CVE-2022-41040 and CVE-2022-41082, but researchers warn that the mitigation for on-premise servers is far from enough. [.].
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Tech Republic Security
OCTOBER 4, 2022
Today’s ransomware groups act like regular businesses with PR and advertising, escrow services and even customer support, says Cybersixgill. The post How ransomware gangs operate like legitimate businesses appeared first on TechRepublic.
SecureList
OCTOBER 7, 2022
Targeted attack attribution is always a tricky thing, and in general, we believe that attribution is best left to law enforcement agencies. The reason is that, while in 90%, it is possible to understand a few things about the attackers, such as their native language or even location, the remaining 10% can lead to embarrassing attribution errors or worse.
CyberSecurity Insiders
OCTOBER 3, 2022
LinkedIn has publicly announced that for some reasons, its servers are being targeted by fake CISO Profiles that disclose vacant positions at large multinational companies. However, the profiles when probed are found to be fake and being targeted from Asian & African countries that have nothing to do with the company operations or vacancies. Krebs On Security received this update from the professional social media giant and initiated an inquiry along with the public disclosure.
Bleeping Computer
OCTOBER 5, 2022
Microsoft has updated the mitigation for the latest Exchange zero-day vulnerabilities tracked as CVE-2022-41040 and CVE-2022-41082, also referred to ProxyNotShell. [.].
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Tech Republic Security
OCTOBER 1, 2022
Number one on Skillsoft's 2022 list of top-paying IT certs is AWS Certified Solutions Architect Professional, with an annual salary of $168,080. The post 15 highest-paying certifications for 2022 appeared first on TechRepublic.
SecureList
OCTOBER 4, 2022
While performing regular threat hunting activities, we identified multiple downloads of previously unclustered malicious Tor Browser installers. According to our telemetry, all the victims targeted by these installers are located in China. As the Tor Browser website is blocked in China, individuals from this country often resort to downloading Tor from third-party websites.
Security Boulevard
OCTOBER 4, 2022
With modern software development reliant on third-party sources — and attacks surging on that supply chain — Gartner expects adoption of software bills of material (SBOM) to go from less than 5% now to 60% in 2025. . The post Gartner explains why SBOMs are critical to software supply chain security management appeared first on Security Boulevard.
Thales Cloud Protection & Licensing
OCTOBER 4, 2022
Cybersecurity Awareness Month: Resilient Multi-factor Authentication (MFA) and Strong Passwords. divya. Tue, 10/04/2022 - 05:20. Historically, October has always been an important month for the cybersecurity community and a month of major cybersecurity events. So in 2004, the President of the United States designated October as Cybersecurity Awareness Month.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Tech Republic Security
OCTOBER 6, 2022
Targeting more than 21,000 users, the phishing email managed to bypass Microsoft Exchange email security, says Armorblox. The post Phishing attack spoofs Zoom to steal Microsoft user credentials appeared first on TechRepublic.
CSO Magazine
OCTOBER 5, 2022
Every entity should have an information technology asset disposal (ITAD) program as part of its information security process and procedure. Indeed, every time an IT asset is purchased, the eventual disposal of that asset should already be defined within an ITAD. When one doesn’t exist, data becomes exposed, compromises occur, and in many cases, fines are levied.
Security Boulevard
OCTOBER 1, 2022
Software supply chains are vital, especially in the modern economy where businesses must compete against each other to ensure continuous delivery for end users and clients. Without a secure and efficient software supply chain, your company will find it difficult to keep up with competitors, produce software on time and protect itself (and end users).
Quick Heal Antivirus
OCTOBER 6, 2022
SOVA is an Android banking Trojan with significant capabilities like credential theft, capturing keystrokes, taking screenshots, etc., The post Beware: SOVA Android Banking Trojan emerges more powerful with new capabilities appeared first on Quick Heal Blog | Latest computer security news, tips, and advice.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Tech Republic Security
OCTOBER 6, 2022
Find out the best practices for securely deploying applications and managing data in the cloud. The post Top 5 best practices for cloud security appeared first on TechRepublic.
Bleeping Computer
OCTOBER 4, 2022
The U.S. Government today released an alert about state-backed hackers using a custom CovalentStealer malware and the Impacket framework to steal sensitive data from a U.S. organization in the Defense Industrial Base (DIB) sector. [.].
CSO Magazine
OCTOBER 6, 2022
Recent ESG research reveals that 52% of security professionals believe security operations are more difficult today than they were two years ago. Why? Security operations center (SOC) teams point to issues such as: A rapidly evolving and changing threat landscape: Forty-one percent of security professionals find it difficult to understand and counteract modern threats like ransomware or supply chain attacks and then build this knowledge into a comprehensive security operations program.
WIRED Threat Level
OCTOBER 7, 2022
Blockchain investigators have uncovered at least $4 million—and counting—in cryptocurrency fundraising has reached Russia's violent militia groups.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Tech Republic Security
OCTOBER 3, 2022
Cloudflare celebrates its 12th anniversary with the launch of a Zero Trust SIM, an IoT security platform and a Botnet Threat Feed. The post Cloudflare shows flair with new products for mobile and IoT security appeared first on TechRepublic.
Bleeping Computer
OCTOBER 4, 2022
Scammers are impersonating security researchers to sell fake proof-of-concept ProxyNotShell exploits for newly discovered Microsoft Exchange zero-day vulnerabilities. [.].
The State of Security
OCTOBER 4, 2022
You always want to know what is attached to your network. And whether it could be vulnerable or not. Read more in my article on the Tripwire State of Security blog.
CSO Magazine
OCTOBER 4, 2022
Aryaka's Secure Web Gateway and Firewall-as-a-Service adds cloud-based security services to its Zero Trust WAN platform, as it moves toward providing SASE capabilities for its users.
Speaker: William Hord, Vice President of ERM Services
A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.
Expert insights. Personalized for you.
132 
Let's personalize your content