Schneier on Security

FEBRUARY 23, 2023

The Aspen Institute has published a good analysis of the successes, failures, and absences of cyberattacks as part of the current war in Ukraine: “ The Cyber Defense Assistance Imperative ­ Lessons from Ukraine.” Its conclusion: Cyber defense assistance in Ukraine is working. The Ukrainian government and Ukrainian critical infrastructure organizations have better defended themselves and achieved higher levels of resiliency due to the efforts of CDAC and many others.

Government 277

Government 277

Krebs on Security

FEBRUARY 24, 2023

A security firm has discovered that a six-year-old crafty botnet known as Mylobot appears to be powering a residential proxy service called BHProxies , which offers paying customers the ability to route their web traffic anonymously through compromised computers. Here’s a closer look at Mylobot, and a deep dive into who may be responsible for operating the BHProxies service.

Accountability 214

Accountability Advertising Marketing Malware 214

Tech Republic Security

FEBRUARY 21, 2023

A new study from IBM Security suggests cyberattackers are taking side routes that are less visible, and they are getting much faster at infiltrating perimeters. The post IBM: Most ransomware blocked last year, but cyberattacks are moving faster appeared first on TechRepublic.

Ransomware 216

Ransomware Malware Cybersecurity 216

Bleeping Computer

FEBRUARY 24, 2023

Brave Software, the developer of the privacy-focused web browser, has announced some plants for the upcoming version 1.49 that will block everyday browsing annoyances like "open in app" prompts and add better protections against pool-party attacks, [.

Software 145

Software 145

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Security Boulevard

FEBRUARY 24, 2023

Google doesn’t want you to know what your Android apps do with your data. That seems to be the conclusion from a Mozilla study into the Play Store. The post ‘See No Evil’ — Mozilla SLAMS Google’s App Privacy Labels appeared first on Security Boulevard.

Social Engineering 145

Social Engineering Security Awareness Engineering Risk 145

Google Security

FEBRUARY 22, 2023

Posted by Sarah Jacobus, Vulnerability Rewards Team It has been another incredible year for the Vulnerability Reward Programs (VRPs) at Google! Working with security researchers throughout 2022, we have been able to identify and fix over 2,900 security issues and continue to make our products more secure for our users around the world. We are thrilled to see significant year over year growth for our VRPs, and have had yet another record breaking year for our programs!

Manufacturing 143

Manufacturing Internet Internet Software 143

Bleeping Computer

FEBRUARY 24, 2023

American TV giant and satellite broadcast provider, Dish Network has mysteriously gone offline with its websites and apps ceasing to function over the past 24 hours. [.

143

143

Security Boulevard

FEBRUARY 23, 2023

In this blog, we will discuss what GDPR compliance entails and provide tips on how to create an effective GDPR data protection policy. The post How to Create a GDPR Data Protection Policy appeared first on Scytale. The post How to Create a GDPR Data Protection Policy appeared first on Security Boulevard.

Risk 145

Risk Government 145

Graham Cluley

FEBRUARY 22, 2023

Russian media has blamed hackers after commercial radio stations in the country broadcast bogus warnings about air raids and missile strikes, telling listeners to head to shelters.

Media 137

Media 137

Tech Republic Security

FEBRUARY 24, 2023

A new State of Enterprise DFIR survey covers findings related to automation, hiring, data and regulations and more. The post Digital forensics and incident response: The most common DFIR incidents appeared first on TechRepublic.

Cybersecurity 178

Cybersecurity 178

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Bleeping Computer

FEBRUARY 24, 2023

American TV giant and satellite broadcast provider, Dish Network has mysteriously gone offline with its websites and apps ceasing to function over the past 24 hours. [.

143

143

Security Boulevard

FEBRUARY 24, 2023

Earlier this month, Jen Easterly and Eric Goldstein of the Cybersecurity and Infrastructure Security Agency (CISA) at the Department of Homeland Security signaled a major shift in the federal government’s approach to cybersecurity risk and responsibility. In their Foreign Affairs article Stop Passing the Buck on Cybersecurity, Easterly and Goldstein make a strong case for.

Cybersecurity 144

Cybersecurity Risk CISO Security Awareness 144

Graham Cluley

FEBRUARY 23, 2023

Malicious hackers are taking advantage of people searching the internet for free access to ChatGPT in order to direct them to malware and phishing sites. Read more in my article on the Hot for Security blog.

Malware 137

Malware Phishing Internet Internet 137

Tech Republic Security

FEBRUARY 21, 2023

Explore search services beyond Google and Bing for a wider range of results, customization and privacy options. The post How to expand your search sources appeared first on TechRepublic.

Engineering 160

Engineering Software 160

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

CyberSecurity Insiders

FEBRUARY 20, 2023

IBM Chief felt ChatGPT, an OpenAI developed a platform of Microsoft, has the potential to replace white-collar jobs such as insurance consultants, lawyers, accountants, computer programmers and admin roles. Arvind Krishna, the lead of the technology at IBM, predicts that some sort of jobs will replace by AI models and so job steal is predictably possible.

Insurance 137

Insurance Engineering Accountability Technology 137

Security Boulevard

FEBRUARY 22, 2023

Sensitive military data found on unprotected Microsoft Azure server. Defense Department email store left insecure for at least 11 days. The post Surprise! US DoD Server Had no Password — 3TB of Sensitive Data Leaked appeared first on Security Boulevard.

Passwords 144

Passwords CISO Security Awareness Government 144

Bleeping Computer

FEBRUARY 24, 2023

Mass media and publishing giant News Corporation (News Corp) says that attackers behind a breach disclosed in 2022 first gained access to its systems two years before, in February 2020. [.

Media 129

Media 129

Tech Republic Security

FEBRUARY 24, 2023

Studies from Bitdefender and Arctic Wolf show that new tactics are using twists on concealment in social media and old vulnerabilities in third-party software. The post DLL sideloading and CVE attacks show diversity of threat landscape appeared first on TechRepublic.

Media 155

Media Software Network Security 155

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Graham Cluley

FEBRUARY 20, 2023

Many Twitter users have been presented with a message telling them that SMS-based two-factor authentication (2FA) will be removed next month. According to Twitter, only subscribers to its premium Twitter Blue service will be able to use text message-based 2FA to protect their accounts. Is that such a good idea?

Authentication 128

Authentication Accountability Mobile 128

Security Boulevard

FEBRUARY 20, 2023

GoDaddy’s web hosting service breached yet again. This time, the perps were redirecting legit websites to malware. The post GoDaddy Hosting Hacked — for FOURTH Time in 4 Years appeared first on Security Boulevard.

Hacking 143

Hacking Malware Social Engineering CISO 143

Heimadal Security

FEBRUARY 20, 2023

GoDaddy, a major provider of web hosting services, claims that a multi-year attack on its cPanel shared hosting environment resulted in a breach where unidentified attackers stole source code and installed malware on its servers. While the attackers had access to the company’s network for a number of years, GoDaddy only learned about the security […] The post GoDaddy Discloses Data Breach Spanning Multiple Years appeared first on Heimdal Security Blog.

Data breaches 128

Data breaches Malware Cybersecurity 128

CyberSecurity Insiders

FEBRUARY 19, 2023

First is the news related to China. However, this time it’s different and is interesting. To go on with, all these days we have N number of stories about Chinese hackers infiltrating networks across the world. But the current news piece is related to a new hacking group that has been assigned the duty to target government servers of the Xi Jinping led nation.

Cyber Attacks 128

Cyber Attacks Manufacturing Malware Government 128

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

CSO Magazine

FEBRUARY 24, 2023

Microsoft is advising Exchange Server administrators to remove some of the endpoint antivirus exclusions that the company's own documentation recommended in the past. The rules are no longer needed for server stability and their presence could prevent the detection of backdoors deployed by attackers. "Times have changed, and so has the cybersecurity landscape," the Exchange Server team said in a blog post.

Antivirus 127

Antivirus Cybersecurity 127

Security Boulevard

FEBRUARY 22, 2023

Modern technology has created a world where threat actors are continuously adapting new tools and techniques with the main goal of stealing data from companies. In today’s digital age, traditional defensive security measures are no longer effective at protecting business assets appropriately. Therefore, businesses must be willing to evolve and adapt their cyber strategies to […] The post Strategic Threat Intelligence: The Definitive Guide appeared first on Flare | Cyber Threat Intel |

Cyber threats 128

Cyber threats Technology Risk 128

Trend Micro

FEBRUARY 23, 2023

Trend Micro’s Managed Extended Detection and Response (MxDR) team discovered that a file called x32dbg.exe was used to sideload a malicious DLL we identified as a variant of PlugX.

Malware 122

Malware 122

CyberSecurity Insiders

FEBRUARY 21, 2023

All these days we have read about ransomware spreading groups stealing data and then threatening to release it online, if the victim fails to pay heed to their demands. But now a new file encrypting malware variant has emerged onto the block that demands ransom, based on the insurance cover. HardBit 2.0 ransomware does so during negotiations and tries to find the exact amount to be covered with the cyber insurance and then demands ransom.

Insurance 124

Insurance Ransomware Cyber Insurance Encryption 124

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

CSO Magazine

FEBRUARY 21, 2023

IT security leaders at three-out-of-four global businesses expect an email-borne attack will have serious consequences for their organization in the coming year, with the increasing sophistication of attacks a top concern, according to the 2023 State of Email Security (SOES) report. Businesses’ use of email is increasing, with 82% of companies reporting a higher volume of email in 2022 compared with 2021 and 2020, the 2023 SOES report found.

Technology 124

Technology Malware 124

Security Boulevard

FEBRUARY 24, 2023

The benefits of threat modeling are significant. Not only does it provide a systematic process for evaluating potential threats to an organization’s system, but it also creates a framework for informed decision-making, ensuring the best use of limited resources. Despite threat modeling existing as a proven way to mitigate risk, in 2021, we saw a. The post Debunking Three Common Threat Modeling Myths appeared first on Security Boulevard.

Risk 125

Risk Security Awareness Cybersecurity 125

Bleeping Computer

FEBRUARY 23, 2023

Dole Food Company, one of the world's largest producers and distributors of fresh fruit and vegetables, has announced that it is dealing with a ransomware attack that impacted its operations. [.

Ransomware 121

Ransomware 121

CyberSecurity Insiders

FEBRUARY 22, 2023

Every professional in cybersecurity dreams of being a CTO or CIO someday. They think the job is having fewer worries and offers a pay-cheque. But in reality, the practical situation is different and isn’t rosy as said. According to an analysis gathered by Gartner, about half of the security leaders are planning to switch to different roles by 2025, citing extreme stress, budget issues that cannot be convinced about the board and ever-increasing sophistication on cyber impact threats.

Social Engineering 123

Social Engineering Engineering Cybersecurity Internet 123

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

Risk