Lohrman on Security

SEPTEMBER 18, 2022

White House efforts to strengthen the cybersecurity workforce nationwide took several new steps forward over the past few months.

Cybersecurity 266

Cybersecurity 266

Schneier on Security

SEPTEMBER 23, 2022

Okay, it’s an obscure threat. But people are researching it : Our models and experimental results in a controlled lab setting show it is possible to reconstruct and recognize with over 75 percent accuracy on-screen texts that have heights as small as 10 mm with a 720p webcam.” That corresponds to 28 pt, a font size commonly used for headings and small headlines. […].

351

351

The Last Watchdog

SEPTEMBER 21, 2022

The pace and extent of digital transformation that global enterprise organizations have undergone cannot be overstated. Related: The criticality of ‘attack surface management’ Massive global macro-economic shifts have fundamentally changed the way companies operate. Remote work already had an impact on IT strategy and the shift to cloud, including hybrid cloud , well before the onset of Covid 19.

Digital transformation 214

Digital transformation Cybersecurity Cyber threats Technology 214

Tech Republic Security

SEPTEMBER 17, 2022

Communications and engineering systems were taken offline after hacker sends images of repositories to cybersecurity researchers and The New York Times. The post Uber investigating security breach of several internal systems appeared first on TechRepublic.

Engineering 184

Engineering Cybersecurity Social Engineering Phishing 184

Speaker: Erroll Amacker

Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.

Risk

Javvad Malik

SEPTEMBER 23, 2022

I love myself a good Security BSides, and I’ve never been to Tallin in Estonia. So when I saw the CFP was open I submitted and was delighted to be selected. View of Riga, Latvia. Unable to find a reliable direct flight to Tallin, and horrendously long connecting flights – I opted for the scenic route which involved flying into Riga in Latvia, and then driving across the border to Tallinn in the fastest car ever made… a rental car.

Phishing 182

Phishing Architecture Education Banking 182

Schneier on Security

SEPTEMBER 20, 2022

Someone in the UK is stealing smartphones and credit cards from people who have stored them in gym lockers, and is using the two items in combination to commit fraud: Phones, of course, can be made inaccessible with the use of passwords and face or fingerprint unlocking. And bank cards can be stopped. But the thief has a method which circumnavigates those basic safety protocols.

Banking 338

Banking Accountability Passwords Authentication 338

Tech Republic Security

SEPTEMBER 22, 2022

The financial giant hired a moving company with no experience in data destruction to dispose of hard drives with the personal data of around 15 million customers, said the SEC. The post SEC fines Morgan Stanley Smith Barney $35 million over failure to secure customer data appeared first on TechRepublic.

180

180

Graham Cluley

SEPTEMBER 21, 2022

The UK’s National Cyber Security Centre (NCSC) has warned that fraudsters are sending out emails and SMS texts urging homeowners to sign up for a discount on their energy bills.

Scams 145

Scams Phishing 145

Schneier on Security

SEPTEMBER 21, 2022

This is a fascinating glimpse of the future of automatic cheating detection in sports: Maybe you heard about the truly insane false-start controversy in track and field? Devon Allen—a wide receiver for the Philadelphia Eagles—was disqualified from the 110-meter hurdles at the World Athletics Championships a few weeks ago for a false start.

304

304

We Live Security

SEPTEMBER 19, 2022

Here are some of the most common ways that an iPhone can be compromised with malware, how to tell it’s happened to you, and how to remove a hacker from your device. The post Can your iPhone be hacked? What to know about iOS security appeared first on WeLiveSecurity.

Hacking 145

Hacking Malware Mobile 145

Advertisement

Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.

Cyber threats

Tech Republic Security

SEPTEMBER 22, 2022

A new approach to Linux offers hope to those who want to improve their security posture. The post Software supply chain security gets its first Linux distro, Wolfi appeared first on TechRepublic.

Software 176

Software Cybersecurity 176

Bleeping Computer

SEPTEMBER 17, 2022

LastPass says the attacker behind the August security breach had internal access to the company's systems for four days until they were detected and evicted. [.].

145

145

Schneier on Security

SEPTEMBER 22, 2022

This is an interesting attack I had not previously considered. The variants are interesting , and I think we’re just starting to understand their implications.

Artificial Intelligence 281

Artificial Intelligence Engineering 281

Cisco Security

SEPTEMBER 22, 2022

In the first part of this blog series on Unscrambling Cybersecurity Acronyms , we provided a high-level overview of the different threat detection and response solutions and went over how to find the right solution for your organization. In this blog, we’ll do a deeper dive on two of these solutions – Endpoint Detection and Response (EDR) and Managed Endpoint Detection and Response (MEDR).

Cybersecurity 144

Cybersecurity Threat Detection Malware Technology 144

Advertisement

The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.

Cybersecurity

Tech Republic Security

SEPTEMBER 23, 2022

Losses triggered by account takeovers have averaged $12,000 per incident, according to data cited by SEON. The post Account takeover attacks on the rise, impacting almost 25% of people in the US appeared first on TechRepublic.

Accountability 164

Accountability Password Management Passwords Cybersecurity 164

Security Affairs

SEPTEMBER 20, 2022

How can businesses protect themselves from fraudulent activities by examining IP addresses? The police would track burglars if they left calling cards at the attacked properties. Internet fraudsters usually leave a trail of breadcrumbs whenever they visit websites through specific IP addresses. They reveal their physical location and the device they used to connect to the web.

Internet 144

Internet Internet Risk Big data 144

Schneier on Security

SEPTEMBER 19, 2022

The Washington Post is reporting that the US Customs and Border Protection agency is seizing and copying cell phone, tablet, and computer data from “as many as” 10,000 phones per year, including an unspecified number of American citizens. This is done without a warrant, because “…courts have long granted an exception to border authorities, allowing them to search people’s devices without a warrant or suspicion of a crime.” CBP’s inspection of people̵

Computers and Electronics 263

Computers and Electronics Surveillance 263

Cisco Security

SEPTEMBER 20, 2022

We’ve been talking a lot about security resilience recently, and for good reason. It’s clear the only way businesses can operate in today’s hybrid world is by taking bold steps to increase visibility, awareness, and integration across their systems. All while maintaining a singular goal of becoming more resilient in the face of evolving threats. But that doesn’t just mean expanding the scope of your security stack.

CISO 143

CISO CSO Risk 143

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

Tech Republic Security

SEPTEMBER 21, 2022

In last week’s security breach against Uber, the attackers downloaded internal messages from Slack as well as information from a tool used to manage invoices. The post Uber exposes Lapsus$ extortion group for security breach appeared first on TechRepublic.

Authentication 157

Authentication Data breaches 157

CyberSecurity Insiders

SEPTEMBER 23, 2022

Cyderes, a Cybersecurity Risk Management firm from Missouri, has discovered that corrupting files are proving cheaper, is faster and is less likely to be detected by security solutions. For this reason, some hacking groups who were into ransomware attacks have set up a separate sect of threat actors who are being assigned the job of target corporate networks and corrupt files.

Ransomware 142

Ransomware Encryption Cryptocurrency Malware 142

CSO Magazine

SEPTEMBER 22, 2022

Credential compromise has been one of the top causes for network security breaches for a long time, which has prompted more organizations to adopt multi-factor authentication (MFA) as a defense. While enabling MFA for all accounts is highly encouraged and a best practice, the implementation details matter because attackers are finding ways around it.

Authentication 141

Authentication Network Security Accountability 141

eSecurity Planet

SEPTEMBER 23, 2022

Whether it’s package hijacking, dependency confusing, typosquatting, continuous integration and continuous delivery ( CI/CD ) compromises, or basic web exploitation of outdated dependencies , there are many software supply chain attacks adversaries can perform to take down their victims, hold them to ransom , and exfiltrate critical data. It’s often more efficient to attack a weak link in the chain to reach a bigger target, like what happened to Kaseya or SolarWinds in the last couple of years.

Software 141

Software Authentication Architecture VPN 141

Speaker: Sierre Lindgren

Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.

Scams

Tech Republic Security

SEPTEMBER 22, 2022

Fifteen-year-old N-day Python tarfile module vulnerability puts software supply chain under the microscope. The post 350,000 open source projects at risk from Python vulnerability appeared first on TechRepublic.

Risk 148

Risk Software 148

Security Affairs

SEPTEMBER 22, 2022

A disgruntled developer seems to be responsible for the leak of the builder for the latest encryptor of the LockBit ransomware gang. The leak of the builder for the latest encryptor of the LockBit ransomware gang made the headlines, it seems that the person who published it is a disgruntled developer. The latest version of the encryptor, version 3.0 , was released by the gang in June.

Ransomware 141

Ransomware Hacking Passwords Accountability 141

Graham Cluley

SEPTEMBER 22, 2022

Can negotiating your firm’s ransomware payment actually be fun? Well, if it’s a game rather than the real thing then yes! The inventive bods at the Financial Times have created an imaginative ransomware negotiation simulator which lets you imagine you’re in the hot seat at a hacked company, trying to stop cybercriminals from releasing sensitive … Continue reading "How to have fun negotiating with a ransomware gang".

Ransomware 141

Ransomware Hacking Data breaches Malware 141

Dark Reading

SEPTEMBER 17, 2022

Alleged teen hacker claims he found an admin password in a network share inside Uber that allowed complete access to ride-sharing giant's AWS, Windows, Google Cloud, VMware, and other environments.

Passwords 141

Passwords 141

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Tech Republic Security

SEPTEMBER 22, 2022

The MRA market report reveals that the global cloud security market will experience a significant boom in the coming years, creating room for healthy competition among key players. The post Cloud security market forecast to surpass $123 billion by 2032 appeared first on TechRepublic.

Marketing 148

Marketing 148

CyberSecurity Insiders

SEPTEMBER 21, 2022

By Robert Fleming, Chief Marketing Officer at Zivver. Employees are constantly overloaded with the ‘we need to be more secure’ mantra from their employers but, as found in our recent report, out of the 67% of employees who had security training in the last two years, only 36% applied these tips and techniques to their core role. This means one thing: security training alone isn’t getting the job done.

Technology 140

Technology Risk Marketing Cybersecurity 140

Security Affairs

SEPTEMBER 22, 2022

Threat actors are targeting unpatched Atlassian Confluence servers as part of an ongoing crypto mining campaign. Trend Micro researchers warn of an ongoing crypto mining campaign targeting Atlassian Confluence servers affected by the CVE-2022-26134 vulnerability. The now-patched critical security flaw was disclosed by Atlassian in early June, at the time the company warned of a critical unpatched remote code execution vulnerability affecting all Confluence Server and Data Center supported versio

Cryptocurrency 139

Cryptocurrency Firewall Malware Hacking 139

SecureBlitz

SEPTEMBER 18, 2022

For those currently working on metaverse creation, we strongly recommend that you address the issues of protection against DDoS attacks and resilience to DDoS impacts in advance. Otherwise, there is a high probability that one day these metaverses will literally collapse in front of many thousands or even millions of their users. Metaverses – At […].

DDOS 139

DDOS Cybersecurity 139

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!