Schneier on Security
OCTOBER 17, 2022
Suspected members of a European car-theft ring have been arrested : The criminals targeted vehicles with keyless entry and start systems, exploiting the technology to get into the car and drive away. As a result of a coordinated action carried out on 10 October in the three countries involved, 31 suspects were arrested. A total of 22 locations were searched, and over EUR 1 098 500 in criminal assets seized.
Krebs on Security
OCTOBER 20, 2022
On October 10, 2022, there were 576,562 LinkedIn accounts that listed their current employer as Apple Inc. The next day, half of those profiles no longer existed. A similarly dramatic drop in the number of LinkedIn profiles claiming employment at Amazon comes as LinkedIn is struggling to combat a significant uptick in the creation of fake employee accounts that pair AI-generated profile photos with text lifted from legitimate users.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Troy Hunt
OCTOBER 15, 2022
I decided to do something a bit different this week and mostly just answer questions from my talk at GOTO Copenhagen last week. I wasn't actually in Denmark this time, but a heap of really good questions came through and as I started reading them, I thought "this would actually make for a really good weekly update" So here we are, and those questions then spurned on a whole heap more from the live audience too so this week's video became one large Q&A.
Tech Republic Security
OCTOBER 17, 2022
A slew of new Asana capabilities are geared toward enhancing reporting, decreasing duplicate cross-functional work and costs, and strengthening security. The post Asana launches enterprise-level workplace tools for prioritization and planning appeared first on TechRepublic.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Schneier on Security
OCTOBER 18, 2022
Everyone visiting Qatar for the World Cup needs to install spyware on their phone. Everyone travelling to Qatar during the football World Cup will be asked to download two apps called Ehteraz and Hayya. Briefly, Ehteraz is an covid-19 tracking app, while Hayya is an official World Cup app used to keep track of match tickets and to access the free Metro in Qatar.
Krebs on Security
OCTOBER 18, 2022
When people banking in the United States lose money because their payment card got skimmed at an ATM , gas pump or grocery store checkout terminal , they may face hassles or delays in recovering any lost funds, but they are almost always made whole by their financial institution. Yet, one class of Americans — those receiving food assistance benefits via state-issued prepaid debit cards — are particularly exposed to losses from skimming scams, and usually have little recourse to do an
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Tech Republic Security
OCTOBER 20, 2022
A new report from Zerto finds that only half of the companies surveyed focus on both recovery and prevention. The post Incomplete ransomware strategies still dog organizations appeared first on TechRepublic.
Security Affairs
OCTOBER 15, 2022
Palo Alto Networks addressed a high-severity authentication bypass vulnerability affecting the PAN-OS 8.1 software. Palo Alto Networks released security patches to address a high-severity authentication bypass flaw, tracked as CVE-2022-0030 (CVSS score 8.1), impacting the PAN-OS 8.1 software. “An authentication bypass vulnerability in the Palo Alto Networks PAN-OS 8.1 web interface allows a network-based attacker with specific knowledge of the target firewall or Panorama appliance to imper
Krebs on Security
OCTOBER 15, 2022
AMLBot , a service that helps businesses avoid transacting with cryptocurrency wallets that have been sanctioned for cybercrime activity, said an investigation published by KrebsOnSecurity last year helped it shut down three dark web services that secretly resold its technology to help cybercrooks avoid detection by anti-money laundering systems. Antinalysis, as it existed in 2021.
Bleeping Computer
OCTOBER 15, 2022
Over 45,000 VMware ESXi servers inventoried by Lansweeper just reached end-of-life (EOL), with VMware no longer providing software and security updates unless companies purchase an extended support contract. [.].
Speaker: William Hord, Vice President of ERM Services
A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.
Tech Republic Security
OCTOBER 17, 2022
Hybrid cloud has become a popular computing model in recent times. Find out all you need to know, including its features, pros and cons. The post What is hybrid cloud? appeared first on TechRepublic.
We Live Security
OCTOBER 17, 2022
What can schools, which all too often make easy prey for cybercriminals, do to bolster their defenses and keep threats at bay? The post 5 steps to protect your school from cyberattacks appeared first on WeLiveSecurity.
Digital Shadows
OCTOBER 19, 2022
Ransomware activity decreased in the third quarter of 2022 (Q3 2022), as actors regrouped and refocused after a busy start. The post Ransomware In Q3 2022 first appeared on Digital Shadows.
Bleeping Computer
OCTOBER 20, 2022
A major Internet cable in the South of France was severed yesterday at 20:30 UTC, impacting subsea cable connectivity to Europe, Asia, and the United States and causing data packet losses and increased website response latency. [.].
Speaker: Ronald Eddings, Cybersecurity Expert and Podcaster
So, you’ve accomplished an organization-wide SaaS adoption. It started slow, and now just a few team members might be responsible for running Salesforce, Slack, and a few others applications that boost productivity, but it’s all finished. Or is it? Through all the benefits offered by SaaS applications, it’s still a necessity to onboard providers as quickly as possible.
Tech Republic Security
OCTOBER 19, 2022
Consumer data compliance and privacy are growing in importance. Learn how to automate compliance efforts here. The post Consumers care about their data: Learn how to automate privacy and compliance efforts appeared first on TechRepublic.
Security Affairs
OCTOBER 20, 2022
Cybersecurity researchers warn of a new PowerShell backdoor that disguises itself as part of the Windows update process to avoid detection. Cybersecurity researchers from SafeBreach a warning of a new PowerShell backdoor masqueraded as a Windows update process to avoid detection. The backdoor spreads via weaponized Word documents (“ Apply Form.docm.”) posing as a LinkedIn-based job application.
CyberSecurity Insiders
OCTOBER 21, 2022
Advocate Aurora Health(AAH), a medical services provider serving Wisconsin and Illinois populace, was hit by a data breach affecting over 3,000,000 patients. According to the information available to Cybersecurity Insiders, AAH websites are loaded by Meta Pixel, and hackers used a vulnerability in the software tool to access information. Technically, Meta Pixel is a Facebook researchers supplied JavaScript code based analytics tool that assists website owners to gain insights on user interaction
Bleeping Computer
OCTOBER 15, 2022
Fortinet urges customers to urgently patch their appliances against a critical authentication bypass FortiOS, FortiProxy, and FortiSwitchManager vulnerability exploited in attacks. [.].
Speaker: Karl Camilleri, Cloud Services Product Manager at phoenixNAP
Did you know that 2021 was a record-breaking year for ransomware? The days of a “once in a while” attack against businesses and organizations are over. Cyberthreats have become a serious issue. With 495.1 million attacks, the threat marked a 148% increase compared to 2020 and was the most expensive year on record! As a result, data protection needs to be a concern for most banks, businesses, and information technology specialists.
Tech Republic Security
OCTOBER 17, 2022
Gartner analysts outline the steps CIOs need to take to “revolutionize work” for the next stage of digital and detail how to power sustainability outcomes during a keynote address at the Gartner IT Symposium/Xpo Monday. The post Gartner: IT force multipliers for sustainable growth, cyber resiliency and responsible investment appeared first on TechRepublic.
Digital Shadows
OCTOBER 20, 2022
Note: This blog is part of a series of articles related to the use of Structured Analytic Techniques in Cyber. The post Alternative Future Analysis: Pro-Russian Hacktivism first appeared on Digital Shadows.
We Live Security
OCTOBER 20, 2022
APT-C-50’s Domestic Kitten campaign continues, targeting Iranian citizens with a new version of the FurBall malware masquerading as an Android translation app. The post Domestic Kitten campaign spying on Iranian citizens with new FurBall malware appeared first on WeLiveSecurity.
Bleeping Computer
OCTOBER 19, 2022
A remote code execution flaw in the open-source Apache Commons Text library has some people worried that it could turn into the next Log4Shell. However, most cybersecurity researchers say it is nowhere near as concerning. [.].
Speaker: William Hord, Senior VP of Risk & Professional Services
Enterprise Risk Management (ERM) is critical for industry growth in today’s fast-paced and ever-changing risk landscape. When building your ERM program foundation, you need to answer questions like: Do we have robust board and management support? Do we understand and articulate our bank’s risk appetite and how that impacts our business units? How are we measuring and rating our risk impact, likelihood, and controls to mitigate our risk?
Tech Republic Security
OCTOBER 18, 2022
Mike Arrowsmith, chief trust officer at NinjaOne, makes the case for a permanent shift in the way businesses conduct remote security. The post Plugging holes remote work punched through security appeared first on TechRepublic.
Google Security
OCTOBER 20, 2022
Posted by Brandon Lum, Mihai Maruseac, Isaac Hepworth, Google Open Source Security Team Supply chain security is at the fore of the industry’s collective consciousness. We’ve recently seen a significant rise in software supply chain attacks , a Log4j vulnerability of catastrophic severity and breadth, and even an Executive Order on Cybersecurity. It is against this background that Google is seeking contributors to a new open source project called GUAC (pronounced like the dip).
CyberSecurity Insiders
OCTOBER 20, 2022
By Jason Dover, VP of Product Strategy at Progress. With the growing complexity and sophistication of modern security threats, organizations must make suitable investments and develop comprehensive strategies to keep their digital assets secure. This is not a new challenge, but the frequency of attacks is certainly on the rise. The 2022 IBM Cost of a Data Breach Report showed that 83% of the groups studied have had more than one data breach.
Bleeping Computer
OCTOBER 16, 2022
Google Search is timing out when users search for specific terms like "How many emojis on iOS," "How many emojis on Apple" and "How many emojis on Windows." [.].
Speaker: P. Andrew Sjogren, Sr. Product Marketing Manager at Very Good Security, Matt Doka, Co-Founder and CTO of Fivestars, and Steve Andrews, President & CEO of the Western Bankers Association
PCI compliance can feel challenging and sometimes the result feels like you are optimizing more for security and compliance than you are for business outcomes. The key is to take the right strategy to PCI compliance that gets you both. In this webinar, we have a great set of panelists who will take you through how Zero Data strategies can be used as part of a well-rounded compliance and security approach, and get you to market much sooner by also allowing for payment optimization.
CSO Magazine
OCTOBER 20, 2022
The vast majority of organizations lack confidence in securing their data in cloud, while many companies acknowledge they lack sufficient security even for their most sensitive data, according to a new report by the Cloud Security Alliance (CSA). The CSA report surveyed 1,663 IT and security professionals from organizations of various sizes and in various locations.
Security Affairs
OCTOBER 18, 2022
Fortinet confirmed that many systems are still vulnerable to attacks exploiting the CVE-2022-40684 zero-day vulnerability. Fortinet is urging customers to address the recently discovered CVE-2022-40684 zero-day vulnerability. Unfortunately, the number of devices that have yet to be patched is still high. “After multiple notifications from Fortinet over the past week, there are still a significant number of devices that require mitigation, and following the publication by an outside party o
CyberSecurity Insiders
OCTOBER 20, 2022
Australian Bureau of Statistics has made an official confirmation that it has defended its IT infrastructure from over a billion cyber-attacks. Dr David Gruen, a senior statistician, confirmed the news and added that the digital abuse on ABS was being carried since 2016, when a massive distributed denial of service attack led to downtime of digital census board for well over 40 hours.
Bleeping Computer
OCTOBER 20, 2022
Advocate Aurora Health (AAH), a 26-hospital healthcare system in the states of Wisconsin and Illinois, is notifying its patients of an unintentional data breach that impacts 3,000,000 individuals. [.].
Speaker: Mike Cramer, Director of HIPAA & Data Security at The Word & Brown Companies
The COVID-19 pandemic forced many people into working remotely, opening the floodgates for a host of digital compliance issues. Now that companies are slowly allowing employees to return to work at the office, it's time to re-evaluate your company’s posture towards privacy and security. This is especially vital if your workers were (and still are!) using company equipment from home, or are still working remotely.
Expert insights. Personalized for you.
329 
Let's personalize your content