Sat.Jan 28, 2023 - Fri.Feb 03, 2023

article thumbnail

12 Steps to Take if You’ve Been Laid Off in Cybersecurity (which everyone should read)

Jane Frankland

The past couple of years has seen remote work leveling the playing field in terms of women in cybersecurity. Simply being able to work from home has made it easier for many companies to draw in a more diversified workforce, and boost their presence of women and minorities. But, just as companies made progress, the economic downturn is forcing many companies to lay off staff in droves.

article thumbnail

ChatGPT: Hopes, Dreams, Cheating and Cybersecurity

Lohrman on Security

ChatGPT is an AI-powered chatbot created by OpenAI. So what are the opportunities and risks with using this technology across different domains?

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Ransomware Payments Are Down

Schneier on Security

Chainalysis reports that worldwide ransomware payments were down in 2022. Ransomware attackers extorted at least $456.8 million from victims in 2022, down from $765.6 million the year before. As always, we have to caveat these findings by noting that the true totals are much higher, as there are cryptocurrency addresses controlled by ransomware attackers that have yet to be identified on the blockchain and incorporated into our data.

article thumbnail

Weekly Update 333

Troy Hunt

Getting everything out nice and early today so we can get out there in hit the wake park in the balmy "well over 30C" weather (the radio is talking about "severe heatwave weather" as I write this). But hey, we're surrounded by water and a beer delivery is due today so no crisis 😎 There's also a heap more data breach news and I'll be putting that connected BBQ to use for the first time today, stay tuned for epic pics on all of the above over the coming hours

article thumbnail

How to Avoid Pitfalls In Automation: Keep Humans In the Loop

Speaker: Erroll Amacker

Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.

article thumbnail

The headache of changing passwords

Tech Republic Security

Change Your Password Day — an annual reminder of just how bad passwords really are. The post The headache of changing passwords appeared first on TechRepublic.

Passwords 199
article thumbnail

Clarity and Transparency: How to Build Trust for Zero Trust

Cisco Security

Be impeccable with your words. It’s the first of the Four Agreements – a set of universal life principles outlined in the bestselling book by Don Miguel Ruiz. ‘Being impeccable with your words’ is my favorite, and it’s no surprise. As a product marketer, I spend most of my daily existence casting about for the perfect word to use in web copy, a webinar, or video script.

Marketing 145

LifeWorks

More Trending

article thumbnail

New APT34 Malware Targets The Middle East

Trend Micro

We analyze an infection campaign targeting organizations in the Middle East for cyberespionage in December 2022 using a new backdoor malware. The campaign abuses legitimate but compromised email accounts to send stolen data to external mail accounts controlled by the attackers.

Malware 144
article thumbnail

New cybersecurity BEC attack mimics vendors

Tech Republic Security

A new business email attack threat actor is using a stealth tactic to avoid giveaways of typical social engineering attacks. Learn the best defense for protecting your company. The post New cybersecurity BEC attack mimics vendors appeared first on TechRepublic.

article thumbnail

Come to the dark side: hunting IT professionals on the dark web

SecureList

The dark web is a collective name for a variety of websites and marketplaces that bring together individuals willing to engage in illicit or shady activities. Dark web forums contain ads for selling and buying stolen data, offers to code malware and hack websites, posts seeking like-minded individuals to participate in attacks on companies, and many more.

article thumbnail

NIST Is Updating Its Cybersecurity Framework

Schneier on Security

NIST is planning a significant update of its Cybersecurity Framework. At this point, it’s asking for feedback and comments to its concept paper. Do the proposed changes reflect the current cybersecurity landscape (standards, risks, and technologies)? Are the proposed changes sufficient and appropriate? Are there other elements that should be considered under each area?

article thumbnail

Why Giant Content Libraries Do Nothing for Your Employees’ Cyber Resilience

Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.

article thumbnail

Massive ESXiArgs ransomware attack targets VMware ESXi servers worldwide

Bleeping Computer

Admins, hosting providers, and the French Computer Emergency Response Team (CERT-FR) warn that attackers actively target VMware ESXi servers unpatched against a two-year-old remote code execution vulnerability to deploy ransomware. [.

article thumbnail

IT staff systems and data access policy

Tech Republic Security

IT pros typically have access to company servers, network devices and data so they can perform their jobs. However, that access entails risk, including exposure of confidential information and interruption in essential business services. This policy from TechRepublic Premium offers guidelines for governing access to critical systems and confidential data.

article thumbnail

Command-Injection Bug in Cisco Industrial Gear Opens Devices to Complete Takeover

Dark Reading

Two security holes — one particularly gnarly — could allow hackers the freedom to do as they wish with the popular edge equipment.

142
142
article thumbnail

Passwords Are Terrible (Surprising No One)

Schneier on Security

This is the result of a security audit: More than a fifth of the passwords protecting network accounts at the US Department of the Interior—including Password1234, Password1234!, and ChangeItN0w!—were weak enough to be cracked using standard methods, a recently published security audit of the agency found. […] The results weren’t encouraging.

Passwords 286
article thumbnail

Zero Trust Mandate: The Realities, Requirements and Roadmap

The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.

article thumbnail

TgToxic Malware’s Automated Framework Targets Southeast Asia Android Users

Trend Micro

We look into an ongoing malware campaign we named TgToxic, targeting Android mobile users in Taiwan, Thailand, and Indonesia since July 2022. The malware steals users’ credentials and assets such as cryptocurrency from digital wallets, as well as money from bank and finance apps. Analyzing the automated features of the malware, we found that the threat actor abused legitimate test framework Easyclick to write a Javascript-based automation script for functions such as clicks and gestures.

article thumbnail

CIOs hold greater organizational leadership status

Tech Republic Security

Foundry’s study found the role has been significantly elevated because of the economy, and CIOs are recognized as strategic business partners by their LOB peers. The post CIOs hold greater organizational leadership status appeared first on TechRepublic.

180
180
article thumbnail

Take a tour of the Edgescan Cybersecurity Platform

Graham Cluley

Graham Cluley Security News is sponsored this week by the folks at Edgescan. Thanks to the great team there for their support! Edgescan simplifies Vulnerability Management (VM) by delivering a single full-stack SaaS solution integrated with world-class security professionals.

article thumbnail

Manipulating Weights in Face-Recognition AI Systems

Schneier on Security

Interesting research: “ Facial Misrecognition Systems: Simple Weight Manipulations Force DNNs to Err Only on Specific Persons “: Abstract: In this paper we describe how to plant novel types of backdoors in any facial recognition model based on the popular architecture of deep Siamese neural networks, by mathematically changing a small fraction of its weights (i.e., without using any additional training or optimization).

article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

What SOCs Need to Know About Water Dybbuk, A BEC Actor Using Open-Source Toolkits

Trend Micro

We analyze a BEC campaign targeting large companies around the world that was leveraging open-source tools to stay under the radar.

137
137
article thumbnail

Study: Companies have upwards of 1,000 apps but only a third are integrated

Tech Republic Security

A new study by Salesforce’s MuleSoft suggests more isn’t necessarily better if an organization’s applications are not playing well together. Unfortunately, more than 70% remain disconnected from one another and the core business. The post Study: Companies have upwards of 1,000 apps but only a third are integrated appeared first on TechRepublic.

180
180
article thumbnail

Why Traditional Approaches Don’t Work for API Security

Security Boulevard

API sprawl, which Brian Otten, VP of the digital transformation catalysts division with Axway, defined as “an uncontrolled proliferation of APIs in an organization,” is creating a flood of new security headaches for organizations. One of the biggest problems in providing security for APIs is that sprawl makes them difficult to track and inventory. And.

article thumbnail

A Hacker’s Mind News

Schneier on Security

A Hacker’s Mind will be published on Tuesday. I have done a written interview and a podcast interview about the book. It’s been chosen as a “ February 2023 Must-Read Book ” by the Next Big Idea Club. And an “Editor’s Pick”—whatever that means—on Amazon. There have been three reviews so far. I am hoping for more.

185
185
article thumbnail

Next-Level Fraud Prevention: Strategies for Today’s Threat Landscape

Speaker: Sierre Lindgren

Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.

article thumbnail

Is that survey real or fake? How to spot a survey scam

We Live Security

“Can I tell a legitimate survey apart from a fake one?” is the single most important question you need to answer for yourself before taking any surveys online The post Is that survey real or fake?

Scams 136
article thumbnail

Prilex POS malware evolves to block contactless transactions

Tech Republic Security

A new version of the Prilex POS malware has found a novel way to steal your credit card information. The post Prilex POS malware evolves to block contactless transactions appeared first on TechRepublic.

Malware 170
article thumbnail

Security, Compliance Risks Complicate Cloud Migration Efforts 

Security Boulevard

Security and compliance risks are ranked as among the top barriers to achieving value from investments moving to the cloud as organizations grapple with what they consider an “urgent priority,” according to a recent report from Accenture. The global survey of 800 business and IT leaders revealed security continues to be one of the top. The post Security, Compliance Risks Complicate Cloud Migration Efforts appeared first on Security Boulevard.

article thumbnail

Google Fi data breach let hackers carry out SIM swap attacks

Bleeping Computer

Google Fi, Google's U.S.-only telecommunications and mobile internet service, has informed customers that personal data was exposed by a data breach at one of its primary network providers, with some customers warned that it allowed SIM swapping attacks. [.

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

How to survive below the cybersecurity poverty line

CSO Magazine

The security poverty line broadly defines a divide between the organizations that have the means and resources to achieve and maintain mature security postures to protect data, and those that do not. It was first coined by cybersecurity expert Wendy Nather in 2011, and the concept is just as relevant today as it was then (if not more so). It has widely become the benchmark for acceptable cybersecurity, often associated with factors such as company size, sector and disposable income, but also kno

article thumbnail

OneNote documents spread malware in several countries

Tech Republic Security

A new phishing campaign abuses OneNote documents to infect computers with the infamous AsyncRAT malware, targeting users in the U.K., Canada and the U.S. The post OneNote documents spread malware in several countries appeared first on TechRepublic.

Malware 170
article thumbnail

6 misconceptions about Software Bills of Materials

Security Boulevard

There is no debate that the software supply chain is filled with action. It’s the front lines of the security world these days. If you have a shadow of a doubt, search the history of SolarWinds, Codecov , or CircleCI for examples of how attackers use the supply chain as a gateway of compromise. The post 6 misconceptions about Software Bills of Materials appeared first on Security Boulevard.

Software 133
article thumbnail

Password-stealing “vulnerability” reported in KeePass – bug or feature?

Naked Security

Is it a vulnerability if someone with control over your account can mess with files that your account is allowed to access anyway?

Passwords 132
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!