Schneier on Security
DECEMBER 5, 2022
This is an actual CAPTCHA I was shown when trying to log into PayPal. As an actual human and not a bot, I had no idea how to answer. Is this a joke? (Seems not.) Is it a Magritte-like existential question? (It’s not a bicycle. It’s a drawing of a bicycle. Actually, it’s a photograph of a drawing of a bicycle. No, it’s really a computer image of a photograph of a drawing of a bicycle.
Joseph Steinberg
DECEMBER 5, 2022
Don’t open attachments. Change your password often. Don’t click on any links sent in emails or text messages. We have all received plenty of advice on how to avoid being harmed by cyber-attacks, but staying safe can often be confusing, complicated, or impractical. Joseph Steinberg, author of the best-selling book, “Cybersecurity for Dummies,” is here to cut through the noise and give you practical tips on how to practice smart digital security — without you having to spend a ton of time or any m
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Krebs on Security
DECEMBER 8, 2022
Ransomware groups are constantly devising new methods for infecting victims and convincing them to pay up, but a couple of strategies tested recently seem especially devious. The first centers on targeting healthcare organizations that offer consultations over the Internet and sending them booby-trapped medical records for the “patient.” The other involves carefully editing email inboxes of public company executives to make it appear that some were involved in insider trading.
Troy Hunt
DECEMBER 4, 2022
We're in Copenhagen! Scott and family joined us in Oslo for round 2 of wedding celebrations this week before jumping on the ferry to Copenhagen and seeing the sights here. There's lots of cyber things in this week's vid relating to HIBP's birthday, Medibank and financial penalties for breaches, but I'm just going to leave you with one of the most amazing moments of my life captured in pics: 🇳🇴 ❤️ 👰♀️ 🤵 p
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Schneier on Security
DECEMBER 8, 2022
A bunch of Android OEM signing keys have been leaked or stolen, and they are actively being used to sign malware. Łukasz Siewierski, a member of Google’s Android Security Team, has a post on the Android Partner Vulnerability Initiative (AVPI) issue tracker detailing leaked platform certificate keys that are actively being used to sign malware.
Joseph Steinberg
DECEMBER 6, 2022
The era of cyberwar has not only arrived, but is advancing rapidly – and the repercussions of the march forward are nothing short of terrifying. The following infographic, reproduced with permission from Nowsourcing, highlights how Ukraine has become the battleground between Russia and the United States, in a 21st Century epilogue to the Cold War: This infographic originally appeared here , and is reproduced with permission.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Bleeping Computer
DECEMBER 9, 2022
A security researcher has found a way to exploit the data deletion capabilities of widely used endpoint detection and response (EDR) and antivirus (AV) software from Microsoft, SentinelOne, TrendMicro, Avast, and AVG to turn them into data wipers. [.].
Schneier on Security
DECEMBER 9, 2022
Eufy cameras claim to be local only, but upload data to the cloud. The company is basically lying to reporters, despite being shown evidence to the contrary. The company’s behavior is so egregious that ReviewGeek is no longer recommending them. This will be interesting to watch. If Eufy can ignore security researchers and the press without there being any repercussions in the market, others will follow suit.
Security Boulevard
DECEMBER 9, 2022
Four U.S. states have now banned TikTok on government workers’ devices. Plus, Indiana has sued the app’s owner. The post TikTok Ban: Texas is Fourth State to Join; Indiana Sues appeared first on Security Boulevard.
Tech Republic Security
DECEMBER 9, 2022
Tech firm aims to strengthen security for users and meet modern cyber threat challenges with new cybersecurity technology and end-to-end cloud encryption. The post Apple unveils new iMessage, Apple ID and iCloud security for high-value targets appeared first on TechRepublic.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Bleeping Computer
DECEMBER 6, 2022
Offensive Security has released Kali Linux 2022.4, the fourth and final version of 2022, with new Azure and QEMU images, six new tools, and improved desktop experiences. [.].
DoublePulsar
DECEMBER 3, 2022
Thousands of small to medium size businesses are suffering as Rackspace have suffered a security incident on their Hosted Exchange service. Continue reading on DoublePulsar ».
CyberSecurity Insiders
DECEMBER 6, 2022
By Mike Wilkinson. Mike Tyson famously said, “Everyone has a plan until they get punched in the mouth.” That applies to the world of boxing—and to the world of cyberattacks. Many companies have an Incident Response (IR) plan in place. But those plans don’t always hold up when an actual cyberattack occurs. At Avertium , we carry out hundreds of IR engagements a year, so I’m highly familiar with what makes IR plans useful—and what doesn’t.
Tech Republic Security
DECEMBER 9, 2022
2022 is almost over, and the threats seen during the year have built the foundations for 2023's threat landscape, according to McAfee. Cyber criminals will benefit from new technologies such as AI or Web3. The post McAfee 2023 Threat Predictions appeared first on TechRepublic.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Bleeping Computer
DECEMBER 6, 2022
Contestants have hacked the Samsung Galaxy S22 smartphone twice during the first day of the Pwn2Own Toronto 2022 hacking competition, the 10th edition of the consumer-focused event. [.].
We Live Security
DECEMBER 7, 2022
ESET researchers analyzed a supply-chain attack abusing an Israeli software developer to deploy Fantasy, Agrius’s new wiper, with victims including the diamond industry. The post Fantasy – a new Agrius wiper deployed through a supply‑chain attack appeared first on WeLiveSecurity.
CyberSecurity Insiders
DECEMBER 6, 2022
By Doriel Abrahams, Head of U.S. Analytics, Forter. ‘Tis the season for holiday shopping, and with it, a surge in e-commerce transactions. While this festive time of year presents a big opportunity for retailers, it is also rife with fraudsters hoping to catch them off guard. From new, sophisticated scams to variations on tried-and-true tactics, cybercriminals are hard at work devising ways to take advantage of eager shoppers and their spike in online activity.
Tech Republic Security
DECEMBER 9, 2022
A new alert from the HHS warns of the Royal ransomware threat actor’s aim on the healthcare sector. The post Healthcare systems face a “royal” cybersecurity threat from new hacker group appeared first on TechRepublic.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Bleeping Computer
DECEMBER 6, 2022
Texas-based cloud computing provider Rackspace has confirmed today that a ransomware attack is behind an ongoing Hosted Exchange outage described as an "isolated disruption." [.].
Dark Reading
DECEMBER 6, 2022
Threat actors can weaponize code within AI technology to gain initial network access, move laterally, deploy malware, steal data, or even poison an organization's supply chain.
We Live Security
DECEMBER 5, 2022
Forget pests for a minute. Modern farms also face another – and more insidious – breed of threat. The post Tractors vs. threat actors: How to hack a farm appeared first on WeLiveSecurity.
Tech Republic Security
DECEMBER 7, 2022
A limited security budget was also a top obstacle for CISOs and IT decision makers, according to a recent survey from BlackFog. The post Cybersecurity adoption hampered by shortage of skills and poor product integration appeared first on TechRepublic.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Quick Heal Antivirus
DECEMBER 9, 2022
Ransomware is a sophisticated malware that infects computing devices and holds the data hostage intending to extort. The post Proactive Measures to Safeguard against the Ransomware Menace appeared first on Quick Heal Blog | Latest computer security news, tips, and advice.
CyberSecurity Insiders
DECEMBER 8, 2022
Twitter, the world’s second largest social media platform has being caught in a data privacy issue as for the first time, the company that is now being led by Elon Musk is found collecting data from over 70,000 websites that include those belonging to government, retailers, manufacturers, car companies and healthcare related business firms. Going deep into the details, Twitter provides an analytics tool to interested parties that helps in keeping a track of visitors on a website.
Bleeping Computer
DECEMBER 9, 2022
On the third day of Pwn2Own, contestants hacked the Samsung Galaxy S22 a fourth time since the start of the competition, and this time they did it in just 55 seconds. [.].
Tech Republic Security
DECEMBER 6, 2022
At 75% off, this affordable VPN service is more affordable than ever and capable of defending your business from cybercrime while browsing the internet. The post Protect yourself and your business on public Wi-Fi appeared first on TechRepublic.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Security Affairs
DECEMBER 9, 2022
Claroty researchers devised a technique for bypassing the web application firewalls (WAF) of several vendors. Researchers at industrial and IoT cybersecurity firm Claroty devised an attack technique for bypassing the web application firewalls (WAF) of several industry-leading vendors. The technique was discovered while conducting unrelated research on Cambium Networks’ wireless device management platform.
CyberSecurity Insiders
DECEMBER 6, 2022
By: Matt Lindley, COO and CISO of NINJIO. Companies have struggled to cope with surging costs, an extremely tight labor market, a looming recession, and many other issues that have made 2022 a uniquely turbulent and unpredictable year. Likewise, the cyberthreat landscape is undergoing several tectonic shifts, such as the increasing frequency of state-sponsored cyberattacks, the infiltration of supply chains, and the exploitation of a widening array of attack vectors.
SecureList
DECEMBER 9, 2022
Getting started with Ghidra. For about two decades, being a reverse engineer meant that you had to master the ultimate disassembly tool, IDA Pro. Over the years, many other tools were created to complement or directly replace it, but only a few succeeded. Then came the era of decompilation, adding even more to the cost and raising the barrier to entry into the RE field.
eSecurity Planet
DECEMBER 7, 2022
It has certainly been a rough year for the tech industry. There have been many layoffs, the IPO market has gone mostly dark, and venture funding has decelerated. Despite all this, there is one tech category that has held up fairly well: Cybersecurity. Just look at a report from M&A advisory firm Houlihan Lokey , which found that private cybersecurity company funding grew by 9.4% to $26.9 billion between September 2021 and September 2022.
Speaker: William Hord, Vice President of ERM Services
A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.
Expert insights. Personalized for you.
304 
Let's personalize your content