Sat.Nov 12, 2022 - Fri.Nov 18, 2022

Zero-Trust Initiatives Stall, as Cyberattack Costs Rocket to $1M per Incident

Dark Reading

Researchers find current data protections strategies are failing to get the job done, and IT leaders are concerned, while a lack of qualified IT security talent hampers cyber-defense initiatives

106
106

Failures in Twitter’s Two-Factor Authentication System

Schneier on Security

Twitter is having intermittent problems with its two-factor authentication system: Not all users are having problems receiving SMS authentication codes, and those who rely on an authenticator app or physical authentication token to secure their Twitter account may not have reason to test the mechanism.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Researchers Quietly Cracked Zeppelin Ransomware Keys

Krebs on Security

Peter is an IT manager for a technology manufacturer that got hit with a Russian ransomware strain called “ Zeppelin ” in May 2020.

Where Next for Blockchain Technology After FTX Collapse?

Lohrman on Security

The bankruptcy filing by crypto giant FTX, along with the dramatic drop in the value of most cryptocurrencies in 2022, has raised new questions regarding the future of blockchain technology.

Successful Change Management with Enterprise Risk Management

Speaker: William Hord, Vice President of ERM Services

Join us as we discuss the various tangents of data and the change management process that will help you make better risk-based business decisions to save time and money for your organization.

MY TAKE: Can Matter 1.0 springboard us from truly smart homes to the Internet of Everything?

The Last Watchdog

Ever feel like your smart home has dyslexia? Siri and Alexa are terrific at gaining intelligence with each additional voice command. And yet what these virtual assistants are starkly missing is interoperability. Related: Why standards are so vital. Matter 1.0 is about to change that. This new home automation connectivity standard rolls out this holiday season with sky high expectations. The technology industry hopes that Matter arises as the lingua franca for the Internet of Things.

Another Event-Related Spyware App

Schneier on Security

Last month, we were warned not to install Qatar’s World Cup app because it was spyware. This month, it’s Egypt’s COP27 Summit app : The app is being promoted as a tool to help attendees navigate the event.

More Trending

Weekly Update 321

Troy Hunt

What a week to pick to be in Canberra. Planned well before things got cyber-crazy in Australia, I spent a few days catching up with folks in our capital and talking to the Australia Federal Police for scam awareness week.

Scams 185

GUEST ESSAY: How humans and machines can be melded to thwart email-borne targeted attacks

The Last Watchdog

Phishing emails continue to plague organizations and their users. Related: Botnets accelerate business-logic hacking. No matter how many staff training sessions and security tools IT throws at the phishing problem, a certain percentage of users continues to click on their malicious links and attachments or approve their bogus payment requests. A case in point: With business losses totaling a staggering $2.4

Russian Software Company Pretending to Be American

Schneier on Security

Computer code developed by a company called Pushwoosh is in about 8,000 Apple and Google smartphone apps. The company pretends to be American when it is actually Russian.

Disneyland Malware Team: It’s a Puny World After All

Krebs on Security

A financial cybercrime group calling itself the Disneyland Team has been making liberal use of visually confusing phishing domains that spoof popular bank brands using Punycode , an Internet standard that allows web browsers to render domain names with non-Latin alphabets like Cyrillic.

Cover Your SaaS: How to Overcome Security Challenges and Risks For Your Organization

Speaker: Ronald Eddings, Cybersecurity Expert and Podcaster

In this webinar, Ronald Eddings, Cybersecurity Expert, will outline the relationship between SaaS apps and IT & security teams, along with several actionable solutions to overcome the new difficulties facing your organization.

Email Servers and Satellites will become key cyber-attack targets in 2023

CyberSecurity Insiders

Kaspersky, a security firm having roots in Russia, has released a prediction filled report stating email servers and satellites becoming key cyber attack targets in the year 2023.

Top cybersecurity threats for 2023

Tech Republic Security

Next year, cybercriminals will be as busy as ever. Are IT departments ready? The post Top cybersecurity threats for 2023 appeared first on TechRepublic. Security malware phishing ransomware

Successful Hack of Time-Triggered Ethernet

Schneier on Security

Time-triggered Ethernet (TTE) is used in spacecraft, basically to use the same hardware to process traffic with different timing and criticality. Researchers have defeated it : On Tuesday, researchers published findings that, for the first time, break TTE’s isolation guarantees.

F5 fixed 2 high-severity Remote Code Execution bugs in its products

Security Affairs

Researchers at cybersecurity firm Rapid7 have identified several vulnerabilities and other potential security issues affecting F5 products. Rapid7 researchers discovered several vulnerabilities in F5 BIG-IP and BIG-IQ devices running a customized distribution of CentOS.

How Preparation and Strategy Can Be Used to Fight and Defeat Any Ransomware Attack

Speaker: Karl Camilleri, Cloud Services Product Manager at phoenixNAP

Through a detailed analysis of major attacks and their consequences, Karl Camilleri, Cloud Services Product Manager at phoenixNAP, will discuss the state of ransomware and future predictions, as well as provide best practices for attack prevention and recovery.

Cyber threat as security staff reduction increases during holidays

CyberSecurity Insiders

As holidays season is fast approaching, most of the companies are interested in cutting down their operational costs by cutting security staff by 70% on weekend and holidays.

Instagram Impersonators Target Thousands, Slipping by Microsoft's Cybersecurity

Dark Reading

The socially engineered campaign used a legitimate domain to send phishing emails to large swaths of university targets

A Digital Red Cross

Schneier on Security

The International Committee of the Red Cross wants some digital equivalent to the iconic red cross, to alert would-be hackers that they are accessing a medical network.

Privacy Hits a Low at TikTok, Twitter

Security Boulevard

Privacy on social media has taken a hit this month, which should surprise no one. Just days after Elon Musk took over Twitter, the platform’s chief privacy officer resigned, as did others germane to the company’s safety and security.

Media 108

How to Avoid the Pain and Cost of PCI Compliance While Optimizing Payments

Speaker: P. Andrew Sjogren, Sr. Product Marketing Manager at Very Good Security, Matt Doka, Co-Founder and CTO of Fivestars, and Steve Andrews, President & CEO of the Western Bankers Association 

In this webinar, we have a great set of panelists who will take you through how Zero Data strategies can be used as part of a well-rounded compliance and security approach, and get you to market much sooner by also allowing for payment optimization. They’ll share how to grow your business faster and minimize costs for both security and compliance

All Cyberattacks Have This in Common

CyberSecurity Insiders

We’re all aware that cybercrime is everywhere. FUD to the max. When things become commonplace, we start to become numb to the news. We are no longer surprised or shocked that these things happen, or who they happen to. There is no instruction manual to perfect security.

Two public schools in Michigan hit by a ransomware attack

Security Affairs

Public schools in two Michigan counties were forced to halt their activities, including the lessons, after a ransomware attack. Public schools in Jackson and Hillsdale counties, Michigan, reopen after a closure of two days caused by a ransomware attack that hit its systems.

Upcoming Speaking Engagements

Schneier on Security

This is a current list of where and when I am scheduled to speak: I’m speaking at the 24th International Information Security Conference in Madrid, Spain, on November 17, 2022. The list is maintained on this page. Uncategorized Schneier news

The Next Generation of Supply Chain Attacks Is Here to Stay

Dark Reading

With the proliferation of interconnected third-party applications, new strategies are needed to close the security gap

102
102

Back to the Office: Privacy and Security Solutions to Compliance Issues for 2021 and Beyond

Speaker: Mike Cramer, Director of HIPAA & Data Security at The Word & Brown Companies

Now that companies are slowly allowing employees to return to work at the office, it's time to re-evaluate your company’s posture towards privacy and security. Join Mike Cramer, Director of HIPAA & Data Security at The Word & Brown Companies, for a discussion that will focus on compliance and the types of privacy and security measures your company should be aware of, as well as tips and methods for implementing these measures.

Data Security alert for FIFA World Cup 2022 Qatar

CyberSecurity Insiders

FIFA World Cup 2022 is all set to start in a couple of days and authorities managing the event are busy taking many measures to keep the venues, players, viewers, audiences, fans and broadcasting free from cyber threats of all kinds.

Higher Education Organization Improves Cybersecurity Posture with NodeZero

Security Boulevard

When the director of technology for a higher education organization went looking for a better way to identify and prioritize security weaknesses on the school’s servers and networks, his first interaction with Horizon3.ai and NodeZero started off with an impressive bang. “I

First Review of A Hacker’s Mind

Schneier on Security

Kirkus reviews A Hacker’s Mind : A cybersecurity expert examines how the powerful game whatever system is put before them, leaving it to others to cover the cost. Schneier, a professor at Harvard Kennedy School and author of such books as Data and Goliath and Click Here To Kill Everybody , regularly challenges his students to write down the first 100 digits of pi, a nearly impossible task­—but not if they cheat, concerning which he admonishes, “Don’t get caught.”

Vulnerability Patching: How to Prioritize and Apply Patches

eSecurity Planet

Every IT environment and cybersecurity strategy has vulnerabilities. To avoid damage or loss, organizations need to find and eliminate those vulnerabilities before attackers can exploit them.

Cyber Attack on HaveIBeenPwned leaks email data to hackers

CyberSecurity Insiders

HaveIBeenPwned serves as a platform for those who can search for their email address to find whether it was accessed by hackers via a data breach. But what if the platform itself gets infiltrated and leaks the whole of its database to cyber crooks?

Ukraine's 'IT Army' Stops 1,300 Cyberattacks in 8 Months of War

Dark Reading

President Zelensky offers hard-won Ukrainian cybersecurity expertise to other countries that want to protect citizen populations

Tor vs. VPN: Which should you choose?

We Live Security

Both Tor and a VPN can greatly help you keep prying eyes away from your online life, but they’re also two very different beasts. Which is better for you? The post Tor vs. VPN: Which should you choose? appeared first on WeLiveSecurity. Privacy

VPN 101

Cyberattacks Are the Most Cited Risk to the UK Financial System

Security Boulevard

The latest research from The Bank of England has revealed that 74% of financial institutions declared that a cyberattack was amongst the top risks they thought would have the greatest impact on the UK financial system if they were to….

Microsharding can help in protecting cloud data from ransomware attacks

CyberSecurity Insiders

Companies are nowadays showing more interest in moving their data and application assets onto Cloud. But are still concerned about how well the CSP will protect their data against hacks and data breaches, although it allows users to encrypt it to the core.

Just Published: PCI Mobile Payments on COTS

PCI perspectives

The PCI Security Standards Council (PCI SSC) has published a new standard designed to support the evolution of mobile payment acceptance solutions.

Mobile 103