Sat.Oct 15, 2022 - Fri.Oct 21, 2022

Three Cybersecurity Surprises from State Security Chiefs

Lohrman on Security

What were the top cybersecurity themes, including several unexpected narratives, that emerged from the 2022 NASCIO Annual Conference held in Louisville, Ky., this past week?

Qatar Spyware

Schneier on Security

Everyone visiting Qatar for the World Cup needs to install spyware on their phone. Everyone travelling to Qatar during the football World Cup will be asked to download two apps called Ehteraz and Hayya.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Battle with Bots Prompts Mass Purge of Amazon, Apple Employee Accounts on LinkedIn

Krebs on Security

On October 10, 2022, there were 576,562 LinkedIn accounts that listed their current employer as Apple Inc. The next day, half of those profiles no longer existed.

Encryption: One Of The Most Powerful Ways To Keep Data Private – But Governments Want To Outlaw It

Joseph Steinberg

Today, October 21, marks the first ever organized Global Encryption Day, dedicated to spreading awareness of the importance of utilizing encryption to protect sensitive information, both when it is in transit (e.g.,

Successful Change Management with Enterprise Risk Management

Speaker: William Hord, Vice President of ERM Services

Join us as we discuss the various tangents of data and the change management process that will help you make better risk-based business decisions to save time and money for your organization.

Weekly Update 317

Troy Hunt

I decided to do something a bit different this week and mostly just answer questions from my talk at GOTO Copenhagen last week.

Media 190

Hacking Automobile Keyless Entry Systems

Schneier on Security

Suspected members of a European car-theft ring have been arrested : The criminals targeted vehicles with keyless entry and start systems, exploiting the technology to get into the car and drive away.

More Trending

US Savings Bonds Offer A Great Deal: But The Treasury’s Site To Purchase Them Offers Questionable Security

Joseph Steinberg

GUEST ESSAY: A breakout of how Google, Facebook, Instagram enable third-party snooping

The Last Watchdog

More and more consumers are using apps every year. In fact, Google Play users downloaded 111.3 billion apps in 2021 alone, up more than 47 percent since 2018. Related: Microsoft CEO calls for regulating facial recognition. This increased demand for apps also raises the need for improved data protection measures, which Google took steps to address with the new data safety section they launched in July 2022.

Adversarial ML Attack that Secretly Gives a Language Model a Point of View

Schneier on Security

Machine learning security is extraordinarily difficult because the attacks are so varied—and it seems that each new one is weirder than the next.

Anti-Money Laundering Service AMLBot Cleans House

Krebs on Security

AMLBot , a service that helps businesses avoid transacting with cryptocurrency wallets that have been sanctioned for cybercrime activity, said an investigation published by KrebsOnSecurity last year helped it shut down three dark web services that secretly resold its technology to help cybercrooks avoid detection by anti-money laundering systems.

Cover Your SaaS: How to Overcome Security Challenges and Risks For Your Organization

Speaker: Ronald Eddings, Cybersecurity Expert and Podcaster

In this webinar, Ronald Eddings, Cybersecurity Expert, will outline the relationship between SaaS apps and IT & security teams, along with several actionable solutions to overcome the new difficulties facing your organization.

Experts spotted a new undetectable PowerShell Backdoor posing as a Windows update

Security Affairs

Cybersecurity researchers warn of a new PowerShell backdoor that disguises itself as part of the Windows update process to avoid detection. Cybersecurity researchers from SafeBreach a warning of a new PowerShell backdoor masqueraded as a Windows update process to avoid detection.

Meta Pixel hack leads to US healthcare provider data breach affecting 3 million patients

CyberSecurity Insiders

Advocate Aurora Health(AAH), a medical services provider serving Wisconsin and Illinois populace, was hit by a data breach affecting over 3,000,000 patients.

Dangerous hole in Apache Commons Text – like Log4Shell all over again

Naked Security

Third time unlucky. Time to put your patching boots on again. Vulnerability Apache Apache Commons Text CVE-2022-42889 Log4j Log4Shell string interpolation

110
110

$3 BILLION in DeFi Hacks in 2022—So Far

Security Boulevard

And nothing of value was lost. Again. The post $3 BILLION in DeFi Hacks in 2022—So Far appeared first on Security Boulevard.

How Preparation and Strategy Can Be Used to Fight and Defeat Any Ransomware Attack

Speaker: Karl Camilleri, Cloud Services Product Manager at phoenixNAP

Through a detailed analysis of major attacks and their consequences, Karl Camilleri, Cloud Services Product Manager at phoenixNAP, will discuss the state of ransomware and future predictions, as well as provide best practices for attack prevention and recovery.

New UEFI rootkit Black Lotus offered for sale at $5,000

Security Affairs

Black Lotus is a new, powerful Windows UEFI rootkit advertised on underground criminal forums, researcher warns. Cybersecurity researcher Scott Scheferman reported that a new Windows UEFI rootkit, dubbed Black Lotus, is advertised on underground criminal forums.

Alarming attacks on Internet of Medical Things (IoMT)

CyberSecurity Insiders

This blog was written by an independent guest blogger. The impact of ransomware attacks on healthcare is as alarming as it is under-addressed. The United States healthcare system alone faces an annual burden of nearly $21 billion due to these attacks.

Researchers Keep a Wary Eye on Critical New Vulnerability in Apache Commons Text

Dark Reading

There's nothing yet to suggest CVE-2022-42889 is the next Log4j. But proof-of-concept code is available, and interest appears to be ticking up

108
108

Asana launches enterprise-level workplace tools for prioritization and planning

Tech Republic Security

A slew of new Asana capabilities are geared toward enhancing reporting, decreasing duplicate cross-functional work and costs, and strengthening security. The post Asana launches enterprise-level workplace tools for prioritization and planning appeared first on TechRepublic.

How to Avoid the Pain and Cost of PCI Compliance While Optimizing Payments

Speaker: P. Andrew Sjogren, Sr. Product Marketing Manager at Very Good Security, Matt Doka, Co-Founder and CTO of Fivestars, and Steve Andrews, President & CEO of the Western Bankers Association 

In this webinar, we have a great set of panelists who will take you through how Zero Data strategies can be used as part of a well-rounded compliance and security approach, and get you to market much sooner by also allowing for payment optimization. They’ll share how to grow your business faster and minimize costs for both security and compliance

Palo Alto Networks fixed a high-severity auth bypass flaw in PAN-OS

Security Affairs

Palo Alto Networks addressed a high-severity authentication bypass vulnerability affecting the PAN-OS 8.1 software. Palo Alto Networks released security patches to address a high-severity authentication bypass flaw, tracked as CVE-2022-0030 (CVSS score 8.1), impacting the PAN-OS 8.1 software.

Early detection is the key to tackling security breaches

CyberSecurity Insiders

By Jason Dover, VP of Product Strategy at Progress. With the growing complexity and sophistication of modern security threats, organizations must make suitable investments and develop comprehensive strategies to keep their digital assets secure.

Are You a CISO Building Your Risk Register for 2023? Read This First

Dark Reading

Achieving basic IT hygiene is 99% of the game

CISO 106

5 steps to protect your school from cyberattacks

We Live Security

What can schools, which all too often make easy prey for cybercriminals, do to bolster their defenses and keep threats at bay? The post 5 steps to protect your school from cyberattacks appeared first on WeLiveSecurity. Cybersecurity

Back to the Office: Privacy and Security Solutions to Compliance Issues for 2021 and Beyond

Speaker: Mike Cramer, Director of HIPAA & Data Security at The Word & Brown Companies

Now that companies are slowly allowing employees to return to work at the office, it's time to re-evaluate your company’s posture towards privacy and security. Join Mike Cramer, Director of HIPAA & Data Security at The Word & Brown Companies, for a discussion that will focus on compliance and the types of privacy and security measures your company should be aware of, as well as tips and methods for implementing these measures.

Over 17000 Fortinet devices exposed online are very likely vulnerable to CVE-2022-40684

Security Affairs

Fortinet confirmed that many systems are still vulnerable to attacks exploiting the CVE-2022-40684 zero-day vulnerability. Fortinet is urging customers to address the recently discovered CVE-2022-40684 zero-day vulnerability.

Australian Population Counting Faces consistent Cyber Threats

CyberSecurity Insiders

Australian Bureau of Statistics has made an official confirmation that it has defended its IT infrastructure from over a billion cyber-attacks.

Cybersecurity's Hiring Spree Requires a Recruiting Rethink

Dark Reading

Just 65 cybersecurity professionals are in the workforce for every 100 available jobs, new study shows

The Five Ws of Cryptocurrency Fraud — and How We Can Stop It

Security Boulevard

Cryptocurrency is becoming mainstream—both as a digital currency and as a fraud target. More than 300 million people use crypto worldwide and 16% of Americans say they have invested in, traded or used cryptocurrency.

BlueBleed: Microsoft confirmed data leak exposing customers’ info

Security Affairs

Microsoft disclosed a data leak, sensitive data of some of its customers were exposed by a misconfigured Microsoft server accessible online. Microsoft announced that sensitive data belonging to some of its customers were exposed on the Internet due to a misconfigured Microsoft server.

Microsoft suffers data breach leaking sensitive customer information

CyberSecurity Insiders

Microsoft has suffered a data breach that leads to leak of sensitive information of some of its customers.

Signal to Ditch SMS/MMS Messaging on Android

Dark Reading

Main driver for the change: "Plaintext SMS messages are inherently insecure

102
102

There’s no better time for zero trust

Cisco CSR

Security resilience requires strong, user-friendly defenses. The concept of zero trust is not a new one, and some may even argue that the term is overused. In reality, however, its criticality is growing with each passing day. Because many of today’s attacks begin with the user.

Japanese tech firm Oomiya hit by LockBit 3.0. Multiple supply chains potentially impacted

Security Affairs

The IT infrastructure of the Japanese tech company Oomiya was infected with the LockBit 3.0 ransomware. One of the affiliates for the LockBit 3.0 RaaS hit the Japanese tech company Oomiya. Oomiya is focused on designing and manufacturing microelectronics and facility system equipment.

Blockchain as a Service (BaaS)

CyberSecurity Insiders

This blog was written by an independent guest blogger. A key share of growing technology is blockchain. Blockchain technology permits entities to share information quickly and firmly while not compromising on security. The engineering blockchain has hit the marketplaces everywhere nowadays.