Joseph Steinberg

DECEMBER 7, 2021

CyberSecurity and Artificial Intelligence Expert, Joseph Steinberg, will lead a panel discussion on the intersection of CyberSecurity and Artificial Intelligence (AI), to take place on Thursday, December 9, 2021, the second and final day of the AI Summit being held in person in New York’s Javits Center. Steinberg’s session, entitled Key Challenges for Security Leaders Now and Beyond – Not Just Technical Competence , will feature a discussion with four other notable figures from the w

Artificial Intelligence 363

Artificial Intelligence Cybersecurity Technology 363

Troy Hunt

DECEMBER 7, 2021

I was having a coffee with a good mate the other day. He's not a techie (he runs a pizza restaurant), but somehow, we ended up talking about passwords. Because he's a normal person, he has the same 1 or 2 or 3 he uses everywhere and even without telling me what they were, I knew they were terrible. Actually, I'll rephrase that: because he was a normal guy; he's not normal anymore because yesterday I carved out some time to give him an early Christmas present: Today I spent an

Passwords 363

Passwords Password Management Banking Accountability 363

Lohrman on Security

DECEMBER 5, 2021

Underestimating, or not properly preparing for, adversaries can lead to big trouble — in both football and cybersecurity. So what can cyber teams learn from “The Game”?

Cybersecurity 361

Cybersecurity 361

Schneier on Security

DECEMBER 7, 2021

Since 2017, someone is running about a thousand — 10% of the total — Tor servers in an attempt to deanonymize the network: Grouping these servers under the KAX17 umbrella, Nusenu says this threat actor has constantly added servers with no contact details to the Tor network in industrial quantities, operating servers in the realm of hundreds at any given point.

361

361

Speaker: Erroll Amacker

Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.

Risk

Joseph Steinberg

DECEMBER 5, 2021

Innovating Canada recently published a short interview with cybersecurity expert Joseph Steinberg about emerging cybersecurity issues that are not yet getting sufficient mainstream attention. In the discussion, Steinberg focused primarily on artificial intelligence (AI), and noted that whatever attention the intersection of cybersecurity and artificial intelligence is receiving in the media is woefully insufficient relative to the magnitude of the issues that the combination raises.

Artificial Intelligence 337

Artificial Intelligence Cybersecurity Media Risk 337

Krebs on Security

DECEMBER 8, 2021

A 31-year-old Canadian man has been arrested and charged with fraud in connection with numerous ransomware attacks against businesses, government agencies and private citizens throughout Canada and the United States. Canadian authorities describe him as “the most prolific cybercriminal we’ve identified in Canada,” but so far they’ve released few other details about the investigation or the defendant.

Cybercrime 337

Cybercrime Ransomware Accountability Advertising 337

Schneier on Security

DECEMBER 9, 2021

Google took steps to shut down the Glupteba botnet, at least for now. (The botnet uses the bitcoin blockchain as a backup command-and-control mechanism, making it hard to get rid of it permanently.) So Google is also suing the botnet’s operators. It’s an interesting strategy. Let’s see if it’s successful.

Backups 357

Backups Cybersecurity 357

The Last Watchdog

DECEMBER 6, 2021

For IT leaders, passwords no longer cut it. They’re expensive, difficult for employees to keep track of, and easy for hackers to utilize in cyberattacks. So why are they still around? Related: IT pros support passwordless access. This traditional authentication method is challenging to get rid of, mostly because it’s so common. Every new account you sign up for, application you download, or device you purchase requires a password.

Authentication 251

Authentication Passwords Mobile Phishing 251

Anton on Security

DECEMBER 10, 2021

SOC Technology Failures?—?Do They Matter? img src: [link] Most failed Security Operations Centers (SOCs) that I’ve seen have not failed due to a technology failure. Lack of executive commitment, process breakdowns, ineffective workforces (often a result from poor management and lack of commitment … again) and talent shortages have killed more SOCs than any and all technology failures.

Technology 242

Technology CISO Data collection Threat Detection 242

Tech Republic Security

DECEMBER 10, 2021

Research from Kaspersky finds that a quarter of phishing sites are gone within 13 hours — how in the world can we catch and stop cyber criminals that move so quickly?

Phishing 218

Phishing 218

Advertisement

Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.

Cyber threats

Schneier on Security

DECEMBER 8, 2021

I hope this is true: According to Jens Zimmermann, the German coalition negotiations had made it “quite clear” that the incoming government of the Social Democrats (SPD), the Greens and the business-friendly liberal FDP would reject “the weakening of encryption, which is being attempted under the guise of the fight against child abuse” by the coalition partners.

Encryption 353

Encryption Government 353

The Last Watchdog

DECEMBER 9, 2021

In 2021 we witnessed the continuation of the seismic shift in how people work, a change that started at the beginning of the global pandemic. The acceleration of cloud, mobility, and security initiatives proved to be critical for organizations looking to weather the new threats and disruptions. Related: How ‘SASE’ blends connectivity, security. In fact, the Verizon 2021 Data Breach Investigations Report found that “with an unprecedented number of people working remotely, phishing and ransomware

Mobile 177

Mobile IoT Cybersecurity Digital transformation 177

Security Affairs

DECEMBER 10, 2021

Experts publicly disclose Proof-of-concept exploits for a critical zero-day vulnerability in the Apache Log4j Java-based logging library. Experts publicly disclose Proof-of-concept exploits for a critical remote code execution zero-day vulnerability, tracked a CVE-2021-44228 (aka Log4Shell ), in the Apache Log4j Java-based logging library. Apache Log4j2 jndi RCE #apache #rce [link] pic.twitter.com/CdSlSCytaD — p0rz9 (@P0rZ9) December 9, 2021.

Data breaches 145

Data breaches Marketing Hacking Information Security 145

Tech Republic Security

DECEMBER 9, 2021

Attackers can capitalize on a feature in Outlook that makes spoofed messages appear legitimate, says email security provider Avanan.

Phishing 218

Phishing 218

Advertisement

The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.

Cybersecurity

Schneier on Security

DECEMBER 10, 2021

A January 2021 FBI document outlines what types of data and metadata can be lawfully obtained by the FBI from messaging apps. Rolling Stone broke the story and it’s been written about elsewhere. I don’t see a lot of surprises in the document. Lots of apps leak all sorts of metadata: iMessage and WhatsApp seem to be the worst. Signal protects the most metadata.

Backups 343

Backups Encryption 343

Bleeping Computer

DECEMBER 10, 2021

Wordfence analysts report having detected a massive wave of attacks in the last couple of days, originating from 16,000 IPs and targeting over 1.6 million WordPress sites. [.].

145

145

Security Affairs

DECEMBER 9, 2021

A botnet tracked as Dark Mirai spreads by exploiting a new vulnerability affecting TP-Link TL-WR840N EU V5 home routers. Dark Mirai botnet spreads by exploiting a new vulnerability, tracked as CVE-2021-41653, affecting TP-Link TL-WR840N EU V5 home routers. “The PING function on the TP-Link TL-WR840N EU v5 router with firmware through TL-WR840N(EU)_V5_171211 is vulnerable to remote code execution via a crafted payload in an IP address input field.” reads the description for the CVE-20

Firmware 145

Firmware Architecture Malware Hacking 145

Tech Republic Security

DECEMBER 9, 2021

The number of new security flaws recorded by NIST has already surpassed the total for 2020, the fifth record-breaking year in a row.

218

218

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

Acunetix

DECEMBER 9, 2021

In the latest release of Acunetix, we added support for the HTTP/2 protocol and introduced several checks specific to the vulnerabilities associated with this protocol. For example, we introduced checks for misrouting, server-side request forgery (SSRF), and web cache poisoning. In this article, we’d like. Read more. The post How Acunetix addresses HTTP/2 vulnerabilities appeared first on Acunetix.

145

145

InfoWorld on Security

DECEMBER 10, 2021

Yesterday the Apache Foundation released an emergency update for a critical zero-day vulnerability in Log4j, a ubiquitous logging tool included in almost every Java application. The issue has been named Log4Shell and received the identifier CVE-2021-44228. The problem revolves around a bug in the Log4j library that can allow an attacker to execute arbitrary code on a system that is using Log4j to write out log messages.

145

145

Bleeping Computer

DECEMBER 10, 2021

Proof-of-concept exploits for a critical zero-day vulnerability in the ubiquitous Apache Log4j Java-based logging library are currently being shared online, exposing home users and enterprises alike to remote code execution attacks. [.].

145

145

Tech Republic Security

DECEMBER 8, 2021

Security pros surveyed by One Identity cited a lack of clarity, other priorities and a lack of resources as bumps on the road to Zero Trust.

Cybersecurity 218

Cybersecurity 218

Speaker: Sierre Lindgren

Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.

Scams

Cisco Security

DECEMBER 6, 2021

Digital attacks grew in both volume and sophistication in 2020. As reported by PR Newswire , the number of complaints received by the FBI’s Cyber Division numbered as many as 4,000 a day during the first half of 2020—400% more than it was in the first few months of that year. (Interpol warned of an “alarming rate of cyberattacks aimed at major corporations, governments, and critical infrastructure” around that same time, as noted by ABC News.

Firewall 145

Firewall Threat Detection Technology Marketing 145

Security Affairs

DECEMBER 5, 2021

Researchers discovered a total of 226 potential security vulnerabilities in nine Wi-Fi popular routers from known manufacturers. Security researchers and editors with the German IT magazine CHIP have discovered 226 potential security defects in nine Wi-Fi routers from known manufacturers (Asus, AVM, D-Link, Netgear, Edimax, TP-Link, Synology, and Linksys).

Manufacturing 145

Manufacturing IoT Firmware VPN 145

Security Boulevard

DECEMBER 10, 2021

Makers of ad-blocker and anti-tracking browser extensions are spitting blood over Google’s Manifest V3—EFF calls it a “conflict of interest.”. The post Google Nukes Ad-Blockers—Manifest V3 is Coming appeared first on Security Boulevard.

Malware 145

Malware Cybersecurity Network Security 145

Tech Republic Security

DECEMBER 10, 2021

HackerOne reports that hackers are reporting more bugs and earning bigger bounties, but is an increase in testing or an increase in software vulnerabilities the cause of the jump?

Software 218

Software 218

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Cisco Security

DECEMBER 7, 2021

What if you could build a successful, world-class security program with just five practices? . And what if shifting focus to these areas could put your security program ahead of 79% of other organizations? Our latest cybersecurity research study suggests that this is not only true but is also a tangible reality for organizations that choose to follow some practical steps.

Threat Detection 145

Threat Detection Technology Cybersecurity CISO 145

Security Affairs

DECEMBER 4, 2021

The FBI has revealed that the Cuba ransomware gang breached the networks of at least 49 US critical infrastructure organizations. A flash alert published by the FBI has reported that the Cuba ransomware gang breached the networks of at least 49 US critical infrastructure organizations. “The FBI has identified, as of early November 2021 that Cuba ransomware actors have compromised at least 49 entities in five critical infrastructure sectors, including but not limited to the financial, gover

Ransomware 145

Ransomware Hacking Malware Encryption 145

We Live Security

DECEMBER 6, 2021

Ever since the Morris worm, buffer overflows have become notorious fare in the world of vulnerabilities. The post What are buffer overflow attacks and how are they thwarted? appeared first on WeLiveSecurity.

144

144

Tech Republic Security

DECEMBER 6, 2021

From 5G transforming personal computing to better healthcare, technology in 2022 will do a lot of heavy lifting.

Technology 218

Technology Healthcare 218

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!