Sat.Jun 17, 2023 - Fri.Jun 23, 2023

article thumbnail

Burnout: The Hidden Cost of Working in Cybersecurity & Other High Risk Fields

Jane Frankland

Over the years, I’ve come close to burnout but in the fast-paced digital world, especially since the pandemic, burnout has become a silent epidemic. With long hours, tight deadlines, a constant demand for new innovations, and hybrid working, employees are feeling its effects more than ever. But although burnout is a prevalent issue, many people still feel uncomfortable discussing it openly.

article thumbnail

SMS Phishers Harvested Phone Numbers, Shipment Data from UPS Tracking Tool

Krebs on Security

The United Parcel Service (UPS) says fraudsters have been harvesting phone numbers and other information from its online shipment tracking tool in Canada to send highly targeted SMS phishing (a.k.a. “smishing”) messages that spoofed UPS and other top brands. The missives addressed recipients by name, included details about recent orders, and warned that those orders wouldn’t be shipped unless the customer paid an added delivery fee.

Phishing 324
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Ethical Problems in Computer Security

Schneier on Security

Tadayoshi Kohno, Yasemin Acar, and Wulf Loh wrote excellent paper on ethical thinking within the computer security community: “ Ethical Frameworks and Computer Security Trolley Problems: Foundations for Conversation “: Abstract: The computer security research community regularly tackles ethical questions. The field of ethics / moral philosophy has for centuries considered what it means to be “morally good” or at least “morally allowed / acceptable.” Among phil

Education 323
article thumbnail

Is a ‘ChaptGPT Moment’ Coming for Quantum Computing?

Lohrman on Security

Will all the buzz surrounding new artificial intelligence applications like ChatGPT soon be spreading to other tech areas like quantum computing?

article thumbnail

How to Avoid Pitfalls In Automation: Keep Humans In the Loop

Speaker: Erroll Amacker

Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.

article thumbnail

Weekly Update 352

Troy Hunt

Domain searches in HIBP - that's the story this week - and I'm grateful for all the feedback I've received. I've had a few messages in particular since this live stream where people gave me some really excellent feedback to the point where I've now got a much clearer plan in head as to what this will look like. I need to keep writing code, revising the draft blog post to announce it then sometime in hopefully about a month, push it all live.

article thumbnail

Dell Technologies World 2023: Q&A on how Dell sees security at the edge

Tech Republic Security

Read our interview from Dell Technologies World 2023 about cloud and edge workloads and Dell's NativeEdge product. The post Dell Technologies World 2023: Q&A on how Dell sees security at the edge appeared first on TechRepublic.

LifeWorks

More Trending

article thumbnail

News Alert: IRONSCALES beta-launches a new generative AI tool to improve email security

The Last Watchdog

Atlanta, Ga. June 20, 2023 – IRONSCALES, the leading enterprise cloud email security platform protecting more than 10,000 global organizations worldwide, today announced the Beta launch of Themis Co-pilot for Microsoft Outlook , a GPT-powered chat assistant for self-service threat reporting. Powering Themis Co-pilot is PhishLLM, a cutting-edge large language model (LLM) hosted within the IRONSCALES infrastructure, which is the first in the IRONSCALES suite of generative AI apps for email securit

Phishing 183
article thumbnail

Dissecting TriangleDB, a Triangulation spyware implant

SecureList

Over the years, there have been multiple cases when iOS devices were infected with targeted spyware such as Pegasus, Predator, Reign and others. Often, the process of infecting a device involves launching a chain of different exploits, e.g. for escaping the iMessage sandbox while processing a malicious attachment, and for getting root privileges through a vulnerability in the kernel.

Spyware 145
article thumbnail

Dell Technologies World 2023: Interview with Rob Emsley on data protection, recovery and more

Tech Republic Security

Explore what matters in data protection today. Cyber resilience, recovery and streamlined software make the list. The post Dell Technologies World 2023: Interview with Rob Emsley on data protection, recovery and more appeared first on TechRepublic.

article thumbnail

UPS Data Harvested for SMS Phishing Attacks

Schneier on Security

I get UPS phishing spam on my phone all the time. I never click on it, because it’s so obviously spam. Turns out that hackers have been harvesting actual UPS delivery data from a Canadian tracking tool for its phishing SMSs.

Phishing 263
article thumbnail

Why Giant Content Libraries Do Nothing for Your Employees’ Cyber Resilience

Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.

article thumbnail

GUEST ESSAY: Taking a fresh approach to privileged access management — to curtail abuse

The Last Watchdog

To be productive in an interconnected work environment, employees need immediate access to numerous platforms, both on- and off-premises. Related: Why SMBs need to do PAM well Keeping track of user activity and effecting proper on- and off-boarding are becoming more and more difficult, even as unauthorized access via unused, expired, or otherwise compromised access credentials has become the number one cybersecurity threat vector.

article thumbnail

Microsoft Teams bug allows malware delivery from external accounts

Bleeping Computer

Security researchers have found a simple way to deliver malware to an organization with Microsoft Teams, despite restrictions in the application for files from external sources. [.

Malware 145
article thumbnail

Palo Alto Networks CTO Talks Securing ‘Code to Cloud’

Tech Republic Security

The company’s CTO of its Prisma Cloud says that when the software development process meets continuous integration and development, security must be efficient and holistic. The post Palo Alto Networks CTO Talks Securing ‘Code to Cloud’ appeared first on TechRepublic.

Software 183
article thumbnail

AI as Sensemaking for Public Comments

Schneier on Security

It’s become fashionable to think of artificial intelligence as an inherently dehumanizing technology , a ruthless force of automation that has unleashed legions of virtual skilled laborers in faceless form. But what if AI turns out to be the one tool able to identify what makes your ideas special, recognizing your unique perspective and potential on the issues where it matters most?

article thumbnail

Zero Trust Mandate: The Realities, Requirements and Roadmap

The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.

article thumbnail

Apple Fixes 0-Days — Russia Says US Used for Spying

Security Boulevard

Vulns unpatched for FOUR years: ‘Triangulation’ spyware said to use backdoor Apple gave to NSA. The post Apple Fixes 0-Days — Russia Says US Used for Spying appeared first on Security Boulevard.

Spyware 145
article thumbnail

Microsoft confirms Azure, Outlook outages caused by DDoS attacks

Bleeping Computer

Microsoft has confirmed that recent outages to Azure, Outlook, and OneDrive web portals resulted from Layer 7 DDoS attacks against the company's services. [.

DDOS 145
article thumbnail

Remote work and the cloud create new endpoint security challenges

Tech Republic Security

Cybersecurity has always been challenging, but with the cloud becoming more complex, the Internet of Things more advanced and remote work more embraced, security and endpoint management face a host of new challenges. Experts weighed in on the subject at the recent Syxsense Synergy event. The post Remote work and the cloud create new endpoint security challenges appeared first on TechRepublic.

Internet 183
article thumbnail

ASUS warns router customers: Patch now, or block all inbound requests

Naked Security

“Do as we say, not as we do!” – The patches took ages to come out, but don’t let that lure you into taking ages to install them.

140
140
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Microsoft Repeatedly Burned in ‘Layer 7’ DDoS

Security Boulevard

Unlucky number: Time and again this month, “Russian” hackers bring down Microsoft clouds. The post Microsoft Repeatedly Burned in ‘Layer 7’ DDoS appeared first on Security Boulevard.

DDOS 144
article thumbnail

Exploit released for Cisco AnyConnect bug giving SYSTEM privileges

Bleeping Computer

Proof-of-concept exploit code is now available for a high-severity flaw in Cisco Secure Client Software for Windows (formerly AnyConnect Secure Mobility Client) that can let attackers elevate privileges to SYSTEM. [.

Mobile 145
article thumbnail

One overlooked element of executive safety: Data privacy

Tech Republic Security

Practices such as using a separate email for sensitive activities and removing personal data from people search sites can help executives improve their data privacy. The post One overlooked element of executive safety: Data privacy appeared first on TechRepublic.

article thumbnail

Schneider Power Meter Vulnerability Opens Door to Power Outages

Dark Reading

A severe security vulnerability allows credentials for the power meters to continuously transmit in cleartext, allowing device takeover.

138
138
article thumbnail

Next-Level Fraud Prevention: Strategies for Today’s Threat Landscape

Speaker: Sierre Lindgren

Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.

article thumbnail

List of victimized companies of MOVEit Cyber Attack

CyberSecurity Insiders

At the end of May 2023, a Zero Day vulnerability was discovered by risk analysing firm Kroll and on June 7th of this year, Clop ransomware gang published on its blog that they have gained access to the servers of MOVEit software via Zellis Payroll software and urged the victims to contact via the blog post, as their email response could go at snail pace as the number of victims related to the incident was large.

article thumbnail

SMS delivery reports can be used to infer recipient's location

Bleeping Computer

A team of university researchers has devised a new side-channel attack named 'Freaky Leaky SMS,' which relies on the timing of SMS delivery reports to deduce a recipient's location. [.

article thumbnail

Okta moves passkeys to cloud, allowing multi-device authentication

Tech Republic Security

Okta’s formula for multi-device identity authentication for a hybrid workforce: extract passwords, add ease of passkeys across devices. The post Okta moves passkeys to cloud, allowing multi-device authentication appeared first on TechRepublic.

article thumbnail

LockBit Green and phishing that targets organizations

SecureList

Introduction In recent months, we published private reports on a broad range of subjects. We wrote about malware targeting Brazil, about CEO fraud attempts, Andariel, LockBit and others. For this post, we selected three private reports, namely those related to LockBit and phishing campaigns targeting businesses, and prepared excerpts from these. If you have questions or need more information about our crimeware reporting service, contact crimewareintel@kaspersky.com.

Phishing 131
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

NSA Releases Guide to Combat Powerful BlackLotus Bootkit Targeting Windows Systems

The Hacker News

The U.S. National Security Agency (NSA) on Thursday released guidance to help organizations detect and prevent infections of a Unified Extensible Firmware Interface (UEFI) bootkit called BlackLotus. To that end, the agency is recommending that "infrastructure owners take action by hardening user executable policies and monitoring the integrity of the boot partition.

Firmware 130
article thumbnail

Hackers infect Linux SSH servers with Tsunami botnet malware

Bleeping Computer

An unknown threat actor is brute-forcing Linux SSH servers to install a wide range of malware, including the Tsunami DDoS (distributed denial of service) bot, ShellBot, log cleaners, privilege escalation tools, and an XMRig (Monero) coin miner. [.

Malware 137
article thumbnail

5 Best Chrome VPN Extensions for 2023

Tech Republic Security

Looking for the best VPNs for Chrome extension to enhance your online security and privacy? Dive into our list of top rated VPNs and find your best fit. The post 5 Best Chrome VPN Extensions for 2023 appeared first on TechRepublic.

VPN 158
article thumbnail

Over 100,000 ChatGPT Accounts Compromised by Cybercriminals

SecureWorld News

Cybersecurity firm Group-IB recently uncovered a significant security breach involving ChatGPT accounts. The company's Threat Intelligence platform detected more than 100,000 compromised devices with saved ChatGPT credentials traded on illicit Dark Web marketplaces over the past year. These compromised accounts pose a serious risk to businesses, especially in the Asia-Pacific region, which has experienced the highest concentration of ChatGPT credentials for sale.

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!