Dark Reading
NOVEMBER 17, 2022
Researchers find current data protections strategies are failing to get the job done, and IT leaders are concerned, while a lack of qualified IT security talent hampers cyber-defense initiatives.
Schneier on Security
NOVEMBER 17, 2022
Twitter is having intermittent problems with its two-factor authentication system: Not all users are having problems receiving SMS authentication codes, and those who rely on an authenticator app or physical authentication token to secure their Twitter account may not have reason to test the mechanism. But users have been self-reporting issues on Twitter since the weekend, and WIRED confirmed that on at least some accounts, authentication texts are hours delayed or not coming at all.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Krebs on Security
NOVEMBER 17, 2022
Peter is an IT manager for a technology manufacturer that got hit with a Russian ransomware strain called “ Zeppelin ” in May 2020. He’d been on the job less than six months, and because of the way his predecessor architected things, the company’s data backups also were encrypted by Zeppelin. After two weeks of stalling their extortionists, Peter’s bosses were ready to capitulate and pay the ransom demand.
Troy Hunt
NOVEMBER 12, 2022
What a week to pick to be in Canberra. Planned well before things got cyber-crazy in Australia, I spent a few days catching up with folks in our capital and talking to the Australia Federal Police for scam awareness week. That it coincided with the dumping of Medibank customer health records made it an especially interesting time to talk with police, politicians and industry leaders.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Tech Republic Security
NOVEMBER 14, 2022
Next year, cybercriminals will be as busy as ever. Are IT departments ready? The post Top cybersecurity threats for 2023 appeared first on TechRepublic.
Schneier on Security
NOVEMBER 15, 2022
Last month, we were warned not to install Qatar’s World Cup app because it was spyware. This month, it’s Egypt’s COP27 Summit app : The app is being promoted as a tool to help attendees navigate the event. But it risks giving the Egyptian government permission to read users’ emails and messages. Even messages shared via encrypted services like WhatsApp are vulnerable, according to POLITICO’s technical review of the application, and two of the outside experts.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
We Live Security
NOVEMBER 18, 2022
Both Tor and a VPN can greatly help you keep prying eyes away from your online life, but they’re also two very different beasts. Which is better for you? The post Tor vs. VPN: Which should you choose? appeared first on WeLiveSecurity.
Tech Republic Security
NOVEMBER 15, 2022
Windows 10 in S mode is an operating system option that prioritizes security and performance. Learn the pros and cons of Windows 10 in S mode here. The post Windows 10 in S mode: Pros and cons appeared first on TechRepublic.
Schneier on Security
NOVEMBER 16, 2022
Computer code developed by a company called Pushwoosh is in about 8,000 Apple and Google smartphone apps. The company pretends to be American when it is actually Russian. According to company documents publicly filed in Russia and reviewed by Reuters, Pushwoosh is headquartered in the Siberian town of Novosibirsk, where it is registered as a software company that also carries out data processing.
Bleeping Computer
NOVEMBER 17, 2022
Microsoft has released optional out-of-band (OOB) updates to fix a known issue triggering Kerberos sign-in failures and other authentication problems on enterprise Windows domain controllers after installing cumulative updates released during November's Patch Tuesday. [.].
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Security Boulevard
NOVEMBER 16, 2022
Privacy on social media has taken a hit this month, which should surprise no one. Just days after Elon Musk took over Twitter, the platform’s chief privacy officer resigned, as did others germane to the company’s safety and security. That was on the heels of reports that TikTok’s privacy policy shows that Chinese staff can. The post Privacy Hits a Low at TikTok, Twitter appeared first on Security Boulevard.
Tech Republic Security
NOVEMBER 14, 2022
With data breaches on the rise, encryption has never been more important for protecting companies against hackers and cyberattacks. The post Data encryption as a crucial step to manage data access and security appeared first on TechRepublic.
We Live Security
NOVEMBER 14, 2022
An overview of the activities of selected APT groups investigated and analyzed by ESET Research in T2 2022. The post ESET APT Activity Report T2 2022 appeared first on WeLiveSecurity.
eSecurity Planet
NOVEMBER 18, 2022
John Jay Ray III is one of the world’s top bankruptcy lawyers. He has worked on cases like Enron and Nortel. But his latest gig appears to be the most challenging. On November 11, he took the helm at FTX, a massive crypto platform, which has plunged into insolvency. His Chapter 11 filing reads more like a Netflix script. In it, he notes : “Never in my career have I seen such a complete failure of corporate controls and such a complete absence of trustworthy financial information as occurred here
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
CyberSecurity Insiders
NOVEMBER 15, 2022
By Kathy Quashie, Chief Growth Officer at Capita . It’s well known that cracks are beginning to show in the workforce of today. Demand for digital skills, permeating each and every industry, is not being met with supply. This digital skills gap is harming UK productivity – and will continue to do so until it is addressed by employers up and down the country.
Tech Republic Security
NOVEMBER 16, 2022
Prevent cybercriminals from stealing your identity by acting on this great deal for IDX, which will monitor the Dark Web, your social media accounts and more for suspicious activity and help you recover your identity, if needed. The post Get elite identity theft protection from a top-rated provider appeared first on TechRepublic.
Graham Cluley
NOVEMBER 15, 2022
Twitter is in chaos. I'd rather delete my Direct Messages one-by-one than one day find that they are in the hands of a hacker or a disgruntled Twitter employee who goes rogue.
SecureList
NOVEMBER 15, 2022
Introduction. DTrack is a backdoor used by the Lazarus group. Initially discovered in 2019 , the backdoor remains in use three years later. It is used by the Lazarus group against a wide variety of targets. For example, we’ve seen it being used in financial environments where ATMs were breached, in attacks on a nuclear power plant and also in targeted ransomware attacks.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
CyberSecurity Insiders
NOVEMBER 18, 2022
Kaspersky, a security firm having roots in Russia, has released a prediction filled report stating email servers and satellites becoming key cyber attack targets in the year 2023. The threat will come majorly from APTs and the forecast was made after tracking and analyzing over 900 APTs on a global note. Strangely, the Eugene Kaspersky led the firm revealed something astonishing in its report.
Tech Republic Security
NOVEMBER 14, 2022
TechRepublic readers can get this tiny mesh router that blocks security threats for only $79. The post Get instant malware filtering with Gryphon Guardian appeared first on TechRepublic.
Security Affairs
NOVEMBER 16, 2022
Researchers at cybersecurity firm Rapid7 have identified several vulnerabilities and other potential security issues affecting F5 products. Rapid7 researchers discovered several vulnerabilities in F5 BIG-IP and BIG-IQ devices running a customized distribution of CentOS. The experts also discovered several bypasses of security controls that the security vendor F5 does not recognize as exploitable vulnerabilities.
Bleeping Computer
NOVEMBER 16, 2022
DuckDuckGo for Android's 'App Tracking Protection' feature has reached open beta, allowing all Android users to block third-party trackers across all their installed apps. [.].
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
CyberSecurity Insiders
NOVEMBER 16, 2022
As holidays season is fast approaching, most of the companies are interested in cutting down their operational costs by cutting security staff by 70% on weekend and holidays. But such a trend could lead to a serious scenario, where hackers can infiltrate the database, but the activity remains anonymous till the staff count returns to normalcy after the second week of January 2023.
We Live Security
NOVEMBER 16, 2022
The convenience with which you manage all your financial wants and needs may come at a cost. The post Open banking: Tell me what you buy, and I’ll tell you who you are appeared first on WeLiveSecurity.
eSecurity Planet
NOVEMBER 17, 2022
Public-facing cloud storage buckets are a data privacy nightmare, according to a study released today. Members of Laminar Labs’ research team recently found that one in five public-facing cloud storage buckets contains personally identifiable information (PII) – and the majority of that data isn’t even supposed to be online in the first place.
Bleeping Computer
NOVEMBER 16, 2022
The FBI and CISA revealed in a joint advisory published today that an unnamed Iranian-backed threat group hacked a Federal Civilian Executive Branch (FCEB) organization to deploy XMRig cryptomining malware. [.].
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
CyberSecurity Insiders
NOVEMBER 15, 2022
FIFA World Cup 2022 is all set to start in a couple of days and authorities managing the event are busy taking many measures to keep the venues, players, viewers, audiences, fans and broadcasting free from cyber threats of all kinds. All football fans who are visiting Qatar for the sporting event are being urged to download two apps: Ehteraz and Hayya.
PCI perspectives
NOVEMBER 16, 2022
The PCI Security Standards Council (PCI SSC) has published a new standard designed to support the evolution of mobile payment acceptance solutions. PCI Mobile Payments on COTS (MPoC) builds on the existing PCI Software-based PIN Entry on COTS (SPoC) and PCI Contactless Payments on COTS (CPoC) Standards which individually address security requirements for solutions that enable merchants to accept cardholder PINs or contactless payments, using a smartphone or other commercial off-the-shelf (COTS)
Security Boulevard
NOVEMBER 16, 2022
When the director of technology for a higher education organization went looking for a better way to identify and prioritize security weaknesses on the school’s servers and networks, his first interaction with Horizon3.ai and NodeZero started off with an impressive bang. “I wanted to see proof of concept, and Horizon3.ai solved one of our biggest security holes because of that PoC,”.
Bleeping Computer
NOVEMBER 14, 2022
Microsoft is investigating a new known issue causing enterprise domain controllers to experience Kerberos sign-in failures and other authentication problems after installing cumulative updates released during this month's Patch Tuesday. [.].
Speaker: William Hord, Vice President of ERM Services
A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.
Expert insights. Personalized for you.
129 
Let's personalize your content