Lohrman on Security

SEPTEMBER 18, 2022

White House efforts to strengthen the cybersecurity workforce nationwide took several new steps forward over the past few months.

Cybersecurity 258

Cybersecurity 258

Schneier on Security

SEPTEMBER 23, 2022

Okay, it’s an obscure threat. But people are researching it : Our models and experimental results in a controlled lab setting show it is possible to reconstruct and recognize with over 75 percent accuracy on-screen texts that have heights as small as 10 mm with a 720p webcam.” That corresponds to 28 pt, a font size commonly used for headings and small headlines. […].

290

290

Tech Republic Security

SEPTEMBER 17, 2022

Communications and engineering systems were taken offline after hacker sends images of repositories to cybersecurity researchers and The New York Times. The post Uber investigating security breach of several internal systems appeared first on TechRepublic.

Engineering 166

Engineering Cybersecurity Social Engineering Phishing 166

We Live Security

SEPTEMBER 19, 2022

Here are some of the most common ways that an iPhone can be compromised with malware, how to tell it’s happened to you, and how to remove a hacker from your device. The post Can your iPhone be hacked? What to know about iOS security appeared first on WeLiveSecurity.

Hacking 145

Hacking Malware Mobile 145

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Graham Cluley

SEPTEMBER 21, 2022

The UK’s National Cyber Security Centre (NCSC) has warned that fraudsters are sending out emails and SMS texts urging homeowners to sign up for a discount on their energy bills.

Scams 143

Scams Phishing 143

Schneier on Security

SEPTEMBER 20, 2022

Someone in the UK is stealing smartphones and credit cards from people who have stored them in gym lockers, and is using the two items in combination to commit fraud: Phones, of course, can be made inaccessible with the use of passwords and face or fingerprint unlocking. And bank cards can be stopped. But the thief has a method which circumnavigates those basic safety protocols.

Banking 275

Banking Accountability Passwords Authentication 275

CSO Magazine

SEPTEMBER 22, 2022

Credential compromise has been one of the top causes for network security breaches for a long time, which has prompted more organizations to adopt multi-factor authentication (MFA) as a defense. While enabling MFA for all accounts is highly encouraged and a best practice, the implementation details matter because attackers are finding ways around it.

Authentication 141

Authentication Network Security Accountability 141

CyberSecurity Insiders

SEPTEMBER 21, 2022

By Robert Fleming, Chief Marketing Officer at Zivver. Employees are constantly overloaded with the ‘we need to be more secure’ mantra from their employers but, as found in our recent report, out of the 67% of employees who had security training in the last two years, only 36% applied these tips and techniques to their core role. This means one thing: security training alone isn’t getting the job done.

Technology 140

Technology Risk Marketing Cybersecurity 140

Schneier on Security

SEPTEMBER 21, 2022

This is a fascinating glimpse of the future of automatic cheating detection in sports: Maybe you heard about the truly insane false-start controversy in track and field? Devon Allen—a wide receiver for the Philadelphia Eagles—was disqualified from the 110-meter hurdles at the World Athletics Championships a few weeks ago for a false start.

225

225

Tech Republic Security

SEPTEMBER 22, 2022

A new approach to Linux offers hope to those who want to improve their security posture. The post Software supply chain security gets its first Linux distro, Wolfi appeared first on TechRepublic.

Software 158

Software Cybersecurity 158

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Bleeping Computer

SEPTEMBER 17, 2022

LastPass says the attacker behind the August security breach had internal access to the company's systems for four days until they were detected and evicted. [.].

145

145

CyberSecurity Insiders

SEPTEMBER 22, 2022

In today’s ultra-competitive MSSP market , business owners are looking for ways to make their offerings more attractive to customers and their SOCs more effective. To that end MSSPs add new technology to their security offering stack with the hopes that prospective customers will see this addition as an opportunity to outsource some, or all, of their security monitoring.

Data collection 139

Data collection Technology Threat Detection Marketing 139

Schneier on Security

SEPTEMBER 19, 2022

The Washington Post is reporting that the US Customs and Border Protection agency is seizing and copying cell phone, tablet, and computer data from “as many as” 10,000 phones per year, including an unspecified number of American citizens. This is done without a warrant, because “…courts have long granted an exception to border authorities, allowing them to search people’s devices without a warrant or suspicion of a crime.” CBP’s inspection of people̵

Computers and Electronics 215

Computers and Electronics Surveillance 215

Tech Republic Security

SEPTEMBER 23, 2022

Losses triggered by account takeovers have averaged $12,000 per incident, according to data cited by SEON. The post Account takeover attacks on the rise, impacting almost 25% of people in the US appeared first on TechRepublic.

Accountability 148

Accountability Password Management Passwords Cybersecurity 148

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Bleeping Computer

SEPTEMBER 22, 2022

A vulnerability in the Python programming language that has been overlooked for 15 years is now back in the spotlight as it likely affects more than 350,000 open-source repositories and can lead to code execution. [.].

130

130

CyberSecurity Insiders

SEPTEMBER 20, 2022

By Alfredo Hickman, head of information security, Obsidian Security. Earlier this year, I had the opportunity to speak before a group of CISOs about the topic of attack surface management (ASM). While much of the conversation centered around managing the attack surface around on-premise environments and cloud infrastructure, it was interesting to me that not much was said about SaaS.

Threat Detection 128

Threat Detection Risk Penetration Testing DNS 128

CSO Magazine

SEPTEMBER 19, 2022

The way Yaron Cohen sees it, companies today must do in the digital world what came naturally to neighborhood merchants who saw their customers every day. “In the old world, when people used to go to the corner store and meet the same shopkeeper every day, he’d know their tastes and what they’d buy and would personalize the experience for them,” says Cohen, a user experience researcher focused on digital strategy.

Small Business 123

Small Business Media 123

Tech Republic Security

SEPTEMBER 19, 2022

Half of the top 20 most valuable public U.S. companies had at least one single sign-on credential up for sale on the Dark Web in 2022, says BitSight. The post How to protect your organization’s single sign-on credentials from compromise appeared first on TechRepublic.

Phishing 148

Phishing Cybersecurity 148

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Digital Shadows

SEPTEMBER 21, 2022

If you have ever watched a movie or television show that depicted hacking, you have probably heard the phrase, “I’m. The post Vulnerability Intelligence Roundup: Five RCE Vulnerabilities to Prioritize in September first appeared on Digital Shadows.

Hacking 122

Hacking 122

CyberSecurity Insiders

SEPTEMBER 21, 2022

Morgan Stanley, the world-renowned American firm that is into the business of financial investment, was slapped with a fine of $35 million by US SEC. And sources report that the penalty was pronounced by the US Securities and Exchange Commission for showing laxity in dealing with customer data. Going deep into the details, it’s learned that the company disposed of some of the company servers and Hard Disk Drives (HDDS) operated in its server farms last year.

Financial Services 127

Financial Services Marketing Encryption Cybersecurity 127

eSecurity Planet

SEPTEMBER 22, 2022

During a cyberattack, time is of the essence for both attackers and defenders. To accelerate the ransomware encryption process and make it harder to detect, cybercriminal groups have begun using a new technique: intermittent encryption. Intermittent encryption allows the ransomware encryption malware to encrypt files partially or only encrypt parts of the files.

Encryption 122

Encryption Ransomware Backups Advertising 122

Tech Republic Security

SEPTEMBER 22, 2022

Fifteen-year-old N-day Python tarfile module vulnerability puts software supply chain under the microscope. The post 350,000 open source projects at risk from Python vulnerability appeared first on TechRepublic.

Risk 147

Risk Software 147

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Veracode Security

SEPTEMBER 23, 2022

The healthcare industry is transforming patient care through software, from 24/7 digital patient portals, to AI-fueled medical research, and everything in between. As innovation reaches new heights, how does healthcare stack up against other sectors in terms of software security flaws and the ability to remediate them? Our latest State of Software Security Report found that 77 percent of applications in this sector have vulnerabilities – a slight uptick from last year’s 75 percent – with 21 perc

Healthcare 122

Healthcare Software Authentication 122

CyberSecurity Insiders

SEPTEMBER 19, 2022

To help customers recover from data incidents, Google, the internet giant, has introduced cloud backup and Disaster Recovery (DR) feature from its console to all its customers directly from its console. Thus, those using Google cloud storage platform as a repository, directory, and application database can now avail the DR services as an effective backup solution across multiple workloads.

Backups 123

Backups Engineering Internet Internet 123

SecureBlitz

SEPTEMBER 18, 2022

For those currently working on metaverse creation, we strongly recommend that you address the issues of protection against DDoS attacks and resilience to DDoS impacts in advance. Otherwise, there is a high probability that one day these metaverses will literally collapse in front of many thousands or even millions of their users. Metaverses – At […].

DDOS 124

DDOS Cybersecurity 124

Tech Republic Security

SEPTEMBER 20, 2022

Start deploying cutting-edge firewalls with this training certification course. The post Learn Palo Alto Networks cybersecurity with this $20 training appeared first on TechRepublic.

Cybersecurity 147

Cybersecurity Firewall 147

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

eSecurity Planet

SEPTEMBER 21, 2022

A retired threat actor has returned with new attacks aimed at the cloud, containers – and encryption keys. The Aqua Nautilus research team observed three attacks that appeared very similar to those performed by TeamTNT, a threat actor specializing in cloud platforms and online instances such as Kubernetes clusters, Redis servers, and Docker APIs.

Encryption 122

Encryption Malware Internet Internet 122

CyberSecurity Insiders

SEPTEMBER 21, 2022

First is the news about Hive Ransomware targeting the New York Racing Association (NYRA) on 30th of June this year that resulted in disruption of IT services, including the website. Interestingly, the accessed records by the threat actors include health info, health insurance records, Social Security Numbers, and Driving License numbers of customers.

Malware 121

Malware Telecommunications Insurance Ransomware 121

Graham Cluley

SEPTEMBER 22, 2022

Can negotiating your firm’s ransomware payment actually be fun? Well, if it’s a game rather than the real thing then yes! The inventive bods at the Financial Times have created an imaginative ransomware negotiation simulator which lets you imagine you’re in the hot seat at a hacked company, trying to stop cybercriminals from releasing sensitive … Continue reading "How to have fun negotiating with a ransomware gang".

Ransomware 120

Ransomware Hacking Data breaches Malware 120

Tech Republic Security

SEPTEMBER 21, 2022

In last week’s security breach against Uber, the attackers downloaded internal messages from Slack as well as information from a tool used to manage invoices. The post Uber exposes Lapsus$ extortion group for security breach appeared first on TechRepublic.

Authentication 146

Authentication Data breaches 146

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

Risk