Jane Frankland

FEBRUARY 1, 2023

The past couple of years has seen remote work leveling the playing field in terms of women in cybersecurity. Simply being able to work from home has made it easier for many companies to draw in a more diversified workforce, and boost their presence of women and minorities. But, just as companies made progress, the economic downturn is forcing many companies to lay off staff in droves.

Cybersecurity 130

Cybersecurity Accountability Media Government 130

Lohrman on Security

JANUARY 29, 2023

ChatGPT is an AI-powered chatbot created by OpenAI. So what are the opportunities and risks with using this technology across different domains?

Cybersecurity 357

Cybersecurity Technology Risk 357

Schneier on Security

JANUARY 31, 2023

Chainalysis reports that worldwide ransomware payments were down in 2022. Ransomware attackers extorted at least $456.8 million from victims in 2022, down from $765.6 million the year before. As always, we have to caveat these findings by noting that the true totals are much higher, as there are cryptocurrency addresses controlled by ransomware attackers that have yet to be identified on the blockchain and incorporated into our data.

Ransomware 326

Ransomware Cryptocurrency Cybercrime 326

Troy Hunt

FEBRUARY 2, 2023

Getting everything out nice and early today so we can get out there in hit the wake park in the balmy "well over 30C" weather (the radio is talking about "severe heatwave weather" as I write this). But hey, we're surrounded by water and a beer delivery is due today so no crisis 😎 There's also a heap more data breach news and I'll be putting that connected BBQ to use for the first time today, stay tuned for epic pics on all of the above over the coming hours

Data breaches 278

Data breaches Accountability 278

Speaker: Erroll Amacker

Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.

Risk

Tech Republic Security

FEBRUARY 1, 2023

Change Your Password Day — an annual reminder of just how bad passwords really are. The post The headache of changing passwords appeared first on TechRepublic.

Passwords 199

Passwords Password Management Authentication 199

Cisco Security

FEBRUARY 2, 2023

Be impeccable with your words. It’s the first of the Four Agreements – a set of universal life principles outlined in the bestselling book by Don Miguel Ruiz. ‘Being impeccable with your words’ is my favorite, and it’s no surprise. As a product marketer, I spend most of my daily existence casting about for the perfect word to use in web copy, a webinar, or video script.

Marketing 145

Marketing Authentication CISO Architecture 145

Trend Micro

FEBRUARY 1, 2023

We analyze an infection campaign targeting organizations in the Middle East for cyberespionage in December 2022 using a new backdoor malware. The campaign abuses legitimate but compromised email accounts to send stolen data to external mail accounts controlled by the attackers.

Malware 144

Malware Accountability Mobile 144

Tech Republic Security

FEBRUARY 1, 2023

A new business email attack threat actor is using a stealth tactic to avoid giveaways of typical social engineering attacks. Learn the best defense for protecting your company. The post New cybersecurity BEC attack mimics vendors appeared first on TechRepublic.

Social Engineering 190

Social Engineering Cybersecurity Engineering 190

SecureList

JANUARY 30, 2023

The dark web is a collective name for a variety of websites and marketplaces that bring together individuals willing to engage in illicit or shady activities. Dark web forums contain ads for selling and buying stolen data, offers to code malware and hack websites, posts seeking like-minded individuals to participate in attacks on companies, and many more.

Cybercrime 144

Cybercrime Marketing Encryption Risk 144

Schneier on Security

JANUARY 30, 2023

NIST is planning a significant update of its Cybersecurity Framework. At this point, it’s asking for feedback and comments to its concept paper. Do the proposed changes reflect the current cybersecurity landscape (standards, risks, and technologies)? Are the proposed changes sufficient and appropriate? Are there other elements that should be considered under each area?

Cybersecurity 59

Cybersecurity Technology Risk 59

Advertisement

Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.

Cyber threats

Bleeping Computer

FEBRUARY 3, 2023

Admins, hosting providers, and the French Computer Emergency Response Team (CERT-FR) warn that attackers actively target VMware ESXi servers unpatched against a two-year-old remote code execution vulnerability to deploy ransomware. [.

Ransomware 142

Ransomware 142

Tech Republic Security

JANUARY 31, 2023

IT pros typically have access to company servers, network devices and data so they can perform their jobs. However, that access entails risk, including exposure of confidential information and interruption in essential business services. This policy from TechRepublic Premium offers guidelines for governing access to critical systems and confidential data.

Business Services 183

Business Services Government Risk 183

Dark Reading

FEBRUARY 1, 2023

Two security holes — one particularly gnarly — could allow hackers the freedom to do as they wish with the popular edge equipment.

142

142

Schneier on Security

FEBRUARY 1, 2023

This is the result of a security audit: More than a fifth of the passwords protecting network accounts at the US Department of the Interior—including Password1234, Password1234!, and ChangeItN0w!—were weak enough to be cracked using standard methods, a recently published security audit of the agency found. […] The results weren’t encouraging.

Passwords 286

Passwords Accountability Authentication Government 286

Advertisement

The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.

Cybersecurity

Trend Micro

FEBRUARY 2, 2023

We look into an ongoing malware campaign we named TgToxic, targeting Android mobile users in Taiwan, Thailand, and Indonesia since July 2022. The malware steals users’ credentials and assets such as cryptocurrency from digital wallets, as well as money from bank and finance apps. Analyzing the automated features of the malware, we found that the threat actor abused legitimate test framework Easyclick to write a Javascript-based automation script for functions such as clicks and gestures.

Cryptocurrency 138

Cryptocurrency Mobile Banking Malware 138

Tech Republic Security

JANUARY 31, 2023

Foundry’s study found the role has been significantly elevated because of the economy, and CIOs are recognized as strategic business partners by their LOB peers. The post CIOs hold greater organizational leadership status appeared first on TechRepublic.

180

180

Graham Cluley

FEBRUARY 1, 2023

Graham Cluley Security News is sponsored this week by the folks at Edgescan. Thanks to the great team there for their support! Edgescan simplifies Vulnerability Management (VM) by delivering a single full-stack SaaS solution integrated with world-class security professionals.

Cybersecurity 138

Cybersecurity 138

Schneier on Security

FEBRUARY 3, 2023

Interesting research: “ Facial Misrecognition Systems: Simple Weight Manipulations Force DNNs to Err Only on Specific Persons “: Abstract: In this paper we describe how to plant novel types of backdoors in any facial recognition model based on the popular architecture of deep Siamese neural networks, by mathematically changing a small fraction of its weights (i.e., without using any additional training or optimization).

Architecture 246

Architecture 246

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

Trend Micro

FEBRUARY 1, 2023

We analyze a BEC campaign targeting large companies around the world that was leveraging open-source tools to stay under the radar.

137

137

Tech Republic Security

FEBRUARY 2, 2023

A new study by Salesforce’s MuleSoft suggests more isn’t necessarily better if an organization’s applications are not playing well together. Unfortunately, more than 70% remain disconnected from one another and the core business. The post Study: Companies have upwards of 1,000 apps but only a third are integrated appeared first on TechRepublic.

180

180

Security Boulevard

JANUARY 31, 2023

API sprawl, which Brian Otten, VP of the digital transformation catalysts division with Axway, defined as “an uncontrolled proliferation of APIs in an organization,” is creating a flood of new security headaches for organizations. One of the biggest problems in providing security for APIs is that sprawl makes them difficult to track and inventory. And.

Digital transformation 137

Digital transformation Cybersecurity 137

Schneier on Security

FEBRUARY 3, 2023

A Hacker’s Mind will be published on Tuesday. I have done a written interview and a podcast interview about the book. It’s been chosen as a “ February 2023 Must-Read Book ” by the Next Big Idea Club. And an “Editor’s Pick”—whatever that means—on Amazon. There have been three reviews so far. I am hoping for more.

185

185

Speaker: Sierre Lindgren

Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.

Scams

We Live Security

FEBRUARY 2, 2023

“Can I tell a legitimate survey apart from a fake one?” is the single most important question you need to answer for yourself before taking any surveys online The post Is that survey real or fake?

Scams 136

Scams 136

Tech Republic Security

FEBRUARY 2, 2023

A new version of the Prilex POS malware has found a novel way to steal your credit card information. The post Prilex POS malware evolves to block contactless transactions appeared first on TechRepublic.

Malware 170

Malware Phishing 170

Security Boulevard

JANUARY 30, 2023

Security and compliance risks are ranked as among the top barriers to achieving value from investments moving to the cloud as organizations grapple with what they consider an “urgent priority,” according to a recent report from Accenture. The global survey of 800 business and IT leaders revealed security continues to be one of the top. The post Security, Compliance Risks Complicate Cloud Migration Efforts appeared first on Security Boulevard.

Cloud Migration 136

Cloud Migration Risk Government Cybersecurity 136

Bleeping Computer

FEBRUARY 1, 2023

Google Fi, Google's U.S.-only telecommunications and mobile internet service, has informed customers that personal data was exposed by a data breach at one of its primary network providers, with some customers warned that it allowed SIM swapping attacks. [.

Data breaches 135

Data breaches Telecommunications Mobile Internet 135

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

CSO Magazine

JANUARY 30, 2023

The security poverty line broadly defines a divide between the organizations that have the means and resources to achieve and maintain mature security postures to protect data, and those that do not. It was first coined by cybersecurity expert Wendy Nather in 2011, and the concept is just as relevant today as it was then (if not more so). It has widely become the benchmark for acceptable cybersecurity, often associated with factors such as company size, sector and disposable income, but also kno

Cybersecurity 133

Cybersecurity 133

Tech Republic Security

FEBRUARY 1, 2023

A new phishing campaign abuses OneNote documents to infect computers with the infamous AsyncRAT malware, targeting users in the U.K., Canada and the U.S. The post OneNote documents spread malware in several countries appeared first on TechRepublic.

Malware 170

Malware Phishing Ransomware 170

Security Boulevard

JANUARY 30, 2023

There is no debate that the software supply chain is filled with action. It’s the front lines of the security world these days. If you have a shadow of a doubt, search the history of SolarWinds, Codecov , or CircleCI for examples of how attackers use the supply chain as a gateway of compromise. The post 6 misconceptions about Software Bills of Materials appeared first on Security Boulevard.

Software 133

Software 133

Naked Security

FEBRUARY 1, 2023

Is it a vulnerability if someone with control over your account can mess with files that your account is allowed to access anyway?

Passwords 132

Passwords Accountability 132

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!