Schneier on Security
MAY 31, 2022
Interesting paper by Lennart Maschmeyer: “ The Subversive Trilemma: Why Cyber Operations Fall Short of Expectations “: Abstract: Although cyber conflict has existed for thirty years, the strategic utility of cyber operations remains unclear. Many expect cyber operations to provide independent utility in both warfare and low-intensity competition.
The Last Watchdog
MAY 30, 2022
It’s no secret that cybersecurity roles are in high demand. Today there are more than 500,000 open cybersecurity roles in the U.S., leaving organizations vulnerable to cyber threats. Related: Deploying employees as threat sensors. Meanwhile, 200,000 well-trained and technically skilled military service members are discharged each year. These individuals have many transferable skills that would make cybersecurity a prosperous civilian career.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Krebs on Security
MAY 31, 2022
Costa Rica’s national health service was hacked sometime earlier this morning by a Russian ransomware group known as Hive. The intrusion comes just weeks after Costa Rican President Rodrigo Chaves declared a state of emergency in response to a data ransom attack from a different Russian ransomware gang — Conti. Ransomware experts say there is good reason to believe the same cybercriminals are behind both attacks, and that Hive has been helping Conti rebrand and evade international sa
Tech Republic Security
JUNE 3, 2022
Learn about and compare the key features of two top password managers, 1Password and Dashlane, to choose the best option for your business. The post 1Password vs Dashlane: Password manager comparison appeared first on TechRepublic.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Schneier on Security
JUNE 2, 2022
Researchers have demonstrated controlling touchscreens at a distance, at least in a laboratory setting: The core idea is to take advantage of the electromagnetic signals to execute basic touch events such as taps and swipes into targeted locations of the touchscreen with the goal of taking over remote control and manipulating the underlying device. The attack, which works from a distance of up to 40mm, hinges on the fact that capacitive touchscreens are sensitive to EMI, leveraging it to inject
The Last Watchdog
JUNE 2, 2022
Third-Party Risk Management ( TPRM ) has been around since the mid-1990s – and has become something of an auditing nightmare. Related: A call to share risk assessments. Big banks and insurance companies instilled the practice of requesting their third-party vendors to fill out increasingly bloated questionnaires, called bespoke assessments, which they then used as their sole basis for assessing third-party risk.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Tech Republic Security
JUNE 3, 2022
Digital twins, popular in manufacturing for decades, are gaining traction across verticals. The post Digital twins are moving into the mainstream appeared first on TechRepublic.
Schneier on Security
JUNE 1, 2022
Researchers have reported a still-unpatched Windows zero-day that is currently being exploited in the wild. Here’s the advisory , which includes a work-around until a patch is available.
The Last Watchdog
JUNE 3, 2022
The zero trust approach to enterprise security is well on its way to mainstream adoption. This is a very good thing. Related: Covid 19 ruses used in email attacks. At RSA Conference 2022 , which takes place next week in San Francisco, advanced technologies to help companies implement zero trust principals will be in the spotlight. Lots of innovation has come down the pike with respect to imbuing zero trust into two pillars of security operations: connectivity and authentication.
Malwarebytes
JUNE 1, 2022
In a short post on LinkedIn Rahul Sasi, founder and CEO of CloudSEK, explains how WhatsApp account takeovers are possible. The methods consists of several steps and it takes some social engineering skills, but it’s good to be aware of the possibility and how it works. It starts with the threat actor reaching out to a victim and convincing them to call a specific number.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Tech Republic Security
JUNE 2, 2022
The vulnerability was discovered by Check Point Research. UNISOC processes 11% of the world's smartphones. The post Critical flaw found inside the UNISOC smartphone chip appeared first on TechRepublic.
Bleeping Computer
JUNE 1, 2022
A new Windows Search zero-day vulnerability can be used to automatically open a search window containing remotely-hosted malware executables simply by launching a Word document. [.].
Security Affairs
MAY 30, 2022
A zero-day flaw in Microsoft Office that could be exploited by attackers to achieve arbitrary code execution on Windows systems. The cybersecurity researcher nao_sec discovered a malicious Word document (“05-2022-0438.doc”) that was uploaded to VirusTotal from Belarus. The document uses the remote template feature to fetch an HTML and then uses the “ms-msdt” scheme to execute PowerShell code.
CSO Magazine
MAY 30, 2022
Linux is a coveted target. It is the host operating system for numerous application backends and servers and powers a wide variety of internet of things (IoT) devices. Still, not enough is done to protect the machines running it. "Linux malware has been massively overlooked," says Giovanni Vigna, senior director of threat intelligence at VMware. "Since most of the cloud hosts run Linux, being able to compromise Linux-based platforms allows the attacker to access an enormous amount of resources o
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Tech Republic Security
JUNE 1, 2022
The latest move will enable MFA as the default security setting even for older Azure accounts. The post Microsoft sets multi-factor authentication as default for all Azure AD customers appeared first on TechRepublic.
Bleeping Computer
MAY 30, 2022
Security researchers have discovered a new Microsoft Office zero-day vulnerability that is being used in attacks to execute malicious PowerShell commands via Microsoft Diagnostic Tool (MSDT) simply by opening a Word document. [.].
Security Affairs
JUNE 3, 2022
Atlassian warned of an actively exploited critical unpatched remote code execution flaw (CVE-2022-26134) in Confluence Server and Data Center products. Atlassian is warning of a critical unpatched remote code execution vulnerability affecting all Confluence Server and Data Center supported versions, tracked as CVE-2022-26134, that is being actively exploited in attacks in the wild. “Atlassian has been made aware of current active exploitation of a critical severity unauthenticated remote c
Security Boulevard
MAY 30, 2022
It’s time for the annual Verizon Data Breach Investigation Report (DBIR), a compendium of cybersecurity and malware trends that offers some of the best analyses in our field. It examines more than 5,000 data breaches collected from 80 partners from around the world. If you'd like to explore the report from previous years, we’ve also written up summaries of the 2021 and 2020 reports.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Tech Republic Security
JUNE 3, 2022
Karakurt Team attacks are hitting indiscriminate targets in North America and Europe with data theft, requesting a ransom to delete stolen data. Learn more about their methods and how to protect from it. The post Karakurt Team hits North America and Europe with data theft and extortion appeared first on TechRepublic.
Bleeping Computer
MAY 28, 2022
Hackers are showing an increased interest in the Windows Subsystem for Linux (WSL) as an attack surface as they build new malware, the more advanced samples being suitable for espionage and downloading additional malicious modules. [.].
Security Affairs
MAY 30, 2022
The operators of the EnemyBot botnet added exploits for recently disclosed flaws in VMware, F5 BIG-IP, and Android systems. Operators behind the EnemyBot botnet are expanding the list of potential targets adding exploits for recently disclosed critical vulnerabilities in from VMware, F5 BIG-IP, and Android. The botnet was first discovered by Fortinet in March, the DDoS botnet targeted several routers and web servers by exploiting known vulnerabilities.
CSO Magazine
JUNE 2, 2022
The 32 nd edition of the annual security event RSA Conference (RSAC 2022) kicks off on June 6, allowing a fresh breed of security vendors to showcase their capabilities. Back to being an in-person event after going virtual last year because of the pandemic, RSAC 2022 has booked a formidable mix of security startup debuts, featuring technology and approaches to security that include devsecops , identity and access management (IAM), threat management, and cloud security.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Tech Republic Security
JUNE 3, 2022
The cybercrime group has disbanded, but still may pose a severe threat to a number of businesses in a different way. The post Conti reforms into several smaller groups, are they now more dangerous than ever? appeared first on TechRepublic.
Bleeping Computer
JUNE 1, 2022
The duration of ransomware attacks in 2021 averaged 92.5 hours, measured from initial network access to payload deployment. In 2020, ransomware actors spent an average of 230 hours to complete their attacks and 1637.6 hours in 2019. [.].
Security Affairs
MAY 30, 2022
Experts warn of a new ongoing WhatsApp OTP scam that could allow attackers to hijack users’ accounts through phone calls. Recently CloudSEK founder Rahul Sasi warned of an ongoing WhatsApp OTP scam that could allow threat actors to hijack users’ accounts through phone calls. The fraudulent scheme is simple, threat actors make a phone call to the victims to trick them into making a call at a phone number starting either with 405 or 67.
Graham Cluley
MAY 30, 2022
The world is waiting for a patch from Microsoft, after a zero-day vulnerability in Microsoft Office was found to be being exploited in boobytrapped Word documents to remotely execute code on victims' PCs.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Tech Republic Security
JUNE 3, 2022
If you've been researching antivirus software, then Malwarebytes and Norton are likely two products you're considering. Get a feature comparison of the antivirus software to help you make your selection. The post Malwarebyes vs Norton: Compare top antivirus software solutions appeared first on TechRepublic.
Bleeping Computer
MAY 30, 2022
The Computer Security Incident Response Team in Italy issued an urgent alert yesterday to raise awareness about the high risk of cyberattacks against national bodies and organizations on Monday. [.].
Security Affairs
MAY 29, 2022
Pro-Russian hacker group KillNet is threatening again Italy, it announced a massive and unprecedented attack on May 30. Pro-Russian hacker group KillNet is threatening again Italy, it announced a massive and unprecedented attack on May 30. Pro-Russian ‘hacktivist’ group Killnet is one of the most active non-state actors operating since the beginning of the Russian invasion of Ukraine.
CyberSecurity Insiders
MAY 31, 2022
Italy has placed all its Critical Infrastructure on high alert as it is facing a cyber threat from the Pro-Russian hacking group Killnet. Information is out that the group of cybercriminals has already hit the infrastructure with digital assaults that have been neutralized by Italy’s Computer Security Incident Response Team(CSIRT). However, the intensity of the attacks is increasing because of sophistication and so CSIRT has asked all public and private entities to increase vigil over their digi
Speaker: William Hord, Vice President of ERM Services
A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.
Expert insights. Personalized for you.
260 
Let's personalize your content