Schneier on Security
NOVEMBER 28, 2022
Laptop technicians routinely violate the privacy of the people whose computers they repair: Researchers at University of Guelph in Ontario, Canada, recovered logs from laptops after receiving overnight repairs from 12 commercial shops. The logs showed that technicians from six of the locations had accessed personal data and that two of those shops also copied data onto a personal device.
Joseph Steinberg
DECEMBER 2, 2022
I am happy (and proud) to announce that SecureMySocial, a cybersecurity company that I co-founded, has been issued its fifth United States patent for social media security. The patent was issued by the United States Patent Office on September 6th, 2022, with a priority date going back over a decade, to June of 2012. Patent number US 11,438,334 entitled Systems and Methods for Securing Social Media for Users and Businesses and Rewarding for Enhancing Security , discloses a robust invention that a
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Lohrman on Security
NOVEMBER 28, 2022
A Sandia National Laboratories study determined that electric vehicle charging stations are vulnerable to cyber attacks. What might happen next — and how hard will this be to fix?
Krebs on Security
DECEMBER 1, 2022
ConnectWise , which offers a self-hosted, remote desktop software application that is widely used by Managed Service Providers (MSPs), is warning about an unusually sophisticated phishing attack that can let attackers take remote control over user systems when recipients click the included link. The warning comes just weeks after the company quietly patched a vulnerability that makes it easier for phishers to launch these attacks.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Schneier on Security
DECEMBER 2, 2022
We know that complexity is the worst enemy of security, because it makes attack easier and defense harder. This becomes catastrophic as the effects of that attack become greater. In A Hacker’s Mind (coming in February 2023), I write: Our societal systems, in general, may have grown fairer and more just over the centuries, but progress isn’t linear or equitable.
Tech Republic Security
DECEMBER 1, 2022
Microsoft thinks new digital meeting tools — which include Mesh avatars that reduce the pressure of being on camera for video calls and AI that summarizes meetings — are worth the extra cost. The post How to run better meetings with new Microsoft Teams tools appeared first on TechRepublic.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Krebs on Security
NOVEMBER 28, 2022
A recent scoop by Reuters revealed that mobile apps for the U.S. Army and the Centers for Disease Control and Prevention (CDC) were integrating software that sends visitor data to a Russian company called Pushwoosh , which claims to be based in the United States. But that story omitted an important historical detail about Pushwoosh: In 2013, one of its developers admitted to authoring the Pincer Trojan , malware designed to surreptitiously intercept and forward text messages from Android mob
Schneier on Security
NOVEMBER 30, 2022
Facebook—Meta—was just fined $276 million (USD) for a data leak that included full names, birth dates, phone numbers, and location. Meta’s total fine by the Data Protection Commission is over $700 million. Total GDPR fines are over €2 billion (EUR) since 2018.
Tech Republic Security
DECEMBER 1, 2022
This deal is your last chance to get the Deeper Connect Pico Decentralized VPN at $50 off plus free shipping. The post Meet the most comprehensive portable cybersecurity device appeared first on TechRepublic.
Cisco Security
NOVEMBER 29, 2022
Cisco supports the Open Cybersecurity Schema Framework and is a launch partner of AWS Security Lake. The Cisco Secure Technical Alliance supports the open ecosystem and AWS is a valued technology alliance partner, with integrations across the Cisco Secure portfolio, including SecureX, Secure Firewall, Secure Cloud Analytics, Duo, Umbrella, Web Security Appliance, Secure Workload, Secure Endpoint, Identity Services Engine, and more.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
CyberSecurity Insiders
NOVEMBER 28, 2022
Windows 11 is all set to get a VPN Status Indicator in its system tray, allowing users to connect or download files anonymously and without the revelation of their home or IP address. Therefore, all those using VPN services to browse websites, stream movies and download files can look at their network and proceed only when it shows a sign. According to a report that turned viral on Twitter, Windows 11 users will get an indicator as a shield icon to let us know whether their network is connected
Schneier on Security
DECEMBER 1, 2022
This is new : Newly revealed research shows that a number of major car brands, including Honda, Nissan, Infiniti, and Acura, were affected by a previously undisclosed security bug that would have allowed a savvy hacker to hijack vehicles and steal user data. According to researchers, the bug was in the car’s Sirius XM telematics infrastructure and would have allowed a hacker to remotely locate a vehicle, unlock and start it, flash the lights, honk the horn, pop the trunk, and access sensit
Tech Republic Security
NOVEMBER 28, 2022
There's news from Amazon Web Services' Las Vegas show as a flurry of partnerships and edge computing initiatives have been revealed. The post AWS re:Invent 2022: Partners on parade appeared first on TechRepublic.
Security Affairs
DECEMBER 1, 2022
Redigo is a new Go-based malware employed in attacks against Redis servers affected by the CVE-2022-0543 vulnerability. Researchers from security firm AquaSec discovered a new Go-based malware that is used in a campaign targeting Redis servers. Threat actors are exploiting a critical vulnerability, tracked as CVE-2022-0543 , in Redis (Remote Dictionary Server) servers.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
InfoWorld on Security
DECEMBER 2, 2022
There seems to be a clear trend in the world of cloud computing to return to IT fundamentals—the core problems that IT was set up to solve, such as data management, security, operations, governance, and development. All these things have been practiced for many decades and should be practiced now. The issue is not that IT is ignoring the fundamentals as they build and deploy major business systems in the cloud.
Schneier on Security
DECEMBER 2, 2022
The company was hacked , and customer information accessed. No passwords were compromised.
Tech Republic Security
NOVEMBER 28, 2022
Big data meets private data in a perfect storm for healthcare. Confidential computing providers say they’ll make the cloud safer for medical data. The post Top 5 confidential computing uses in healthcare appeared first on TechRepublic.
Security Affairs
NOVEMBER 28, 2022
Amazon Web Services (AWS) fixed a cross-tenant vulnerability that could have allowed attackers to gain unauthorized access to resources. Amazon Web Services (AWS) has addressed a cross-tenant confused deputy problem in its platform that could have allowed threat actors to gain unauthorized access to resources. The problem was reported to the company by researchers from Datadog on September 1, 2022, and the bug was solved on September 6.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
CyberSecurity Insiders
DECEMBER 1, 2022
LastPass, a password management service offering company, has disclosed that it has suffered a data breach in an attack that might be linked to the August data leak where hackers stole vital information from the servers of the said company. Karim Toubba, the CEO of LastPass, acknowledged the news as true and added a detailed investigation was being held by the security firm Mandiant on this note and the results are yet awaited!
WIRED Threat Level
NOVEMBER 28, 2022
Google provided investigators with location data for more than 5,000 devices as part of the federal investigation into the attack on the US Capitol.
We Live Security
NOVEMBER 30, 2022
ESET researchers uncover Dolphin, a sophisticated backdoor extending the arsenal of the ScarCruft APT group. The post Who’s swimming in South Korean waters? Meet ScarCruft’s Dolphin appeared first on WeLiveSecurity.
Bleeping Computer
DECEMBER 1, 2022
Multiple platform certificates used by Android OEM device vendors to digitally sign core system applications have also been used to sign Android apps containing malware. [.].
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
CyberSecurity Insiders
DECEMBER 1, 2022
After Vatican Pope Francis condemned Russia for launching a war on Ukraine, a digital attack disrupted various websites of the Holy See. Earlier, it was thought that the website was unavailable for access due to a technical glitch. But Matteo Bruni, the spokesperson of the Holy See Vatican website Vatican.vu has issued a statement that various web portals related to the holy city were hit by abnormal attempts of access and that showed the attack was of a DDoS variant.
Security Boulevard
NOVEMBER 28, 2022
Two key members of the Five Eyes intelligence alliance have made further moves to stop Chinese equipment imports. The post U.S. and UK Ban More Chinese Kit as Xi’s Grip Weakens appeared first on Security Boulevard.
CSO Magazine
NOVEMBER 28, 2022
A database of 487 million WhatsApp users’ mobile numbers has been put up for sale on the Breached.vc hacking community forum. The data set contains information on WhatsApp users from more than 84 countries, the post shows. The story was first reported by Cybernews. The seller of the leaked data is also offering it through the controversial messaging app Telegram , where the person or the group goes by handle “Palm Yunn.
eSecurity Planet
DECEMBER 1, 2022
The Wiz Research Team recently discovered a supply chain vulnerability in IBM Cloud that they say is the first to impact a cloud provider’s infrastructure. In a dramatic flair, they named the flaw Hell’s Keychain. The security issues were reported to IBM Cloud in late August, and were patched in early September. Before it was patched, an attacker with knowledge of the vulnerability could run malicious code and modify data being stored by any IBM Cloud customer using PostgreSQL.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
CyberSecurity Insiders
NOVEMBER 30, 2022
Sophos has compiled a report and released it stating 67% of IaaS cloud providers were hit by ransomware this year and the numbers to increase by a double fold this year. Unpatched vulnerabilities and configuration errors made it easy for hackers to steal info and encrypt data on the servers related to the cloud. FYI, IaaS is a cloud computing server where an individual or a company offers computing, storage, and networking resources on demand and the user can pay-as-you use model, making it into
Security Boulevard
DECEMBER 1, 2022
Cybersecurity has become a central business pillar these days. Unfortunately for small and medium businesses, hiring a full-time head of cybersecurity is expensive and time-consuming. Typically, these positions attract highly-qualified candidates, and a small company might struggle to entice such talent. The rise of virtual CISOs or vCISOs is changing this picture quickly.
InfoWorld on Security
DECEMBER 2, 2022
Software runs our businesses today. It powers operations, transactions, communications—just about every facet of the digital organization. It follows that ensuring the security of applications and operating systems is a major priority for development and security teams. This is where DevSecOps plays a key role. Development, security, and operations.
Heimadal Security
NOVEMBER 29, 2022
OpZero, a new exploit broker company based in Petersburg, Russia, tripled Zerodium’s offer for an eventual Signal RCE zero-day exploit. The reward went up from $500,000 to #1,500,000 and made cybersecurity researchers wonder how and why it is possible for a newcomer on the market to be able to offer such an amount of money. […]. The post Zero-Day Exploit Prices for Signal Messaging App Are Skyrocketing appeared first on Heimdal Security Blog.
Speaker: William Hord, Vice President of ERM Services
A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.
Expert insights. Personalized for you.
315 
Let's personalize your content