Tech Republic Security
AUGUST 25, 2022
Mitiga says that MFA, even if improperly configured, is no panacea for preventing attackers from abusing compromised credentials. The post How a business email compromise attack exploited Microsoft’s multi-factor authentication appeared first on TechRepublic.
Lohrman on Security
AUGUST 21, 2022
2022 has brought a surge in distributed denial-of-service attacks as well as a dramatic rise in patriotic hacktivism. What’s ahead for these trends as the year continues?
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Schneier on Security
AUGUST 22, 2022
This is a dumb crypto mistake I had not previously encountered: A developer says it was possible to run their own software on the car infotainment hardware after discovering the vehicle’s manufacturer had secured its system using keys that were not only publicly known but had been lifted from programming examples. […]. “Turns out the [AES] encryption key in that script is the first AES 128-bit CBC example key listed in the NIST document SP800-38A [PDF]” […].
CSO Magazine
AUGUST 23, 2022
The cost of a data breach is not easy to define, but as more organizations fall victim to attacks and exposures, the potential financial repercussions are becoming clearer. For modern businesses of all shapes and sizes, the monetary impact of suffering a data breach is substantial. IBM’s latest Cost of a Data Breach report discovered that, in 2022, the average cost of a data breach globally reached an all-time high of $4.35 million.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Tech Republic Security
AUGUST 25, 2022
Apple updates, cookie theft, tech tips and a 5G cheat sheet top this week’s most-read news on TechRepublic. The post Tech news you may have missed: August 18 – 25 appeared first on TechRepublic.
Trend Micro
AUGUST 23, 2022
We investigate mhyprot2.sys, a vulnerable anti-cheat driver for the popular role-playing game Genshin Impact. The driver is currently being abused by a ransomware actor to kill antivirus processes and services for mass-deploying ransomware.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Bleeping Computer
AUGUST 25, 2022
Microsoft has discovered a new malware used by the Russian hacker group APT29 (a.k.a. NOBELIUM, Cozy Bear) that enables authentication as anyone in a compromised network. [.].
Tech Republic Security
AUGUST 25, 2022
In a scam analyzed by Avanan, the victim received an email claiming to be from the CFO directing them to make a payment to their insurance company. The post How a business email compromise scam spoofed the CFO of a major corporation appeared first on TechRepublic.
Security Boulevard
AUGUST 25, 2022
It probably isn’t a surprise to any skeptics of the security practices of social media platforms—or who specifically remember Twitter’s previous security mishaps, including the hack of high-profile blue-check accounts—that Twitter’s cybersecurity practices are less than stellar and may even leave the platform open to attacks by nation-states. This, according to a former Twitter security.
Schneier on Security
AUGUST 24, 2022
Peiter Zatko, aka Mudge, has filed a whistleblower complaint with the SEC against Twitter, claiming that they violated an eleven-year-old FTC settlement by having lousy security. And he should know; he was Twitter’s chief security officer until he was fired in January. The Washington Post has the scoop (with documents) and companion backgrounder.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Bleeping Computer
AUGUST 25, 2022
Password management firm LastPass was hacked two weeks ago, enabling threat actors to steal the company's source code and proprietary technical information. [.].
Tech Republic Security
AUGUST 24, 2022
Analyzing over 100 prominent ransomware incidents, Barracuda found the top targeted sectors to be education, municipalities, healthcare, infrastructure and financial. The post How ransomware attacks target specific industries appeared first on TechRepublic.
Security Boulevard
AUGUST 25, 2022
This week: cybercriminals are continuing to target medical facilities, Twitter’s alleged lack of cybersecurity measures, and more. . The post The Week in Cybersecurity: French hospital hit with ransomware attack appeared first on Security Boulevard.
Schneier on Security
AUGUST 26, 2022
I’ve been saying that complexity is the worst enemy of security for a long time now. ( Here’s me in 1999.) And it’s been true for a long time. In 2018, Thomas Dullin of Google’s Project Zero talked about “cheap complexity.” Andrew Appel summarizes : The anomaly of cheap complexity. For most of human history, a more complex device was more expensive to build than a simpler device.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Bleeping Computer
AUGUST 25, 2022
Threat analysts have discovered the phishing kit responsible for thousands of attacks against 136 high-profile organizations that have compromised 9,931 accounts. [.].
Tech Republic Security
AUGUST 22, 2022
RaaS kits are easy to find on the Dark Web, lowering the barrier of entry so that virtually any cybercriminal can launch successful ransomware attacks, says Microsoft. The post How to protect your organization from ransomware-as-a-service attacks appeared first on TechRepublic.
Trend Micro
AUGUST 24, 2022
A new ransomware written in the Go language has been targeting healthcare and education enterprises in Asia and Africa. This ransomware is called Agenda and is customized per victim.
We Live Security
AUGUST 25, 2022
Doxing can happen to anyone – here’s how you can reduce the odds that your personal information will be weaponized against you. The post What is doxing and how to protect yourself appeared first on WeLiveSecurity.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
CyberSecurity Insiders
AUGUST 24, 2022
Plex, an American Streaming platform, has officially sent out email notifications to all its users urging them to change their passwords. The entertainment offering company added in its update that the reason to send a notification to all its users was because of the discovery of suspicious activity on one of its IT databases. In the statement issued by Plex, the streaming media specified that the activity was discovered by it on August 23rd of this year and soon its IT staff, along with a third
Tech Republic Security
AUGUST 25, 2022
As the facial recognition market continues to grow, business leaders should consider these issues before deciding whether to implement the technology. The post Privacy and security issues associated with facial recognition software appeared first on TechRepublic.
CSO Magazine
AUGUST 24, 2022
Cybersecurity spending in the coming year may not be recession-proof, but it's likely to be recession-resistant. Still, pressure remains on security leaders to prioritize technologies that generate the most bang for the buck. Forrester released a report Tuesday to help organizations do just that. "It's hard to assess what 2023 budgets will look like because most companies are in their budget planning for 2023 now, but I think most companies are taking a cautious approach," says Forrester Vice Pr
Bleeping Computer
AUGUST 25, 2022
Hackers are abusing an anti-cheat system driver for the immensely popular Genshin Impact game to disable antivirus software while conducting ransomware attacks. [.].
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
CyberSecurity Insiders
AUGUST 21, 2022
Google has released a formal statement that it has one of the largest Distributed Denial of Service attack (DDoS) for one its customers, thus avoiding large scale disruption and downtime that could have lasted for days. “It was a Layer 7 DDoS attack and was observed to have been 76% larger than the previous one that was recorded last year”, said Google.
Tech Republic Security
AUGUST 26, 2022
Enterprise accounting software is designed for large companies and businesses. Here are the top eight enterprise accounting software suites. The post 8 best enterprise accounting software suites appeared first on TechRepublic.
CSO Magazine
AUGUST 24, 2022
The metaverse is seen by many companies as a great business opportunity and for new ways of working. Security provider Trend Micro, however, warns in a recent research report that cybercriminals could misuse the technology for their own purposes. Security researchers predict that a kind of darknet structure could emerge there, similar to today's Internet.
Bleeping Computer
AUGUST 22, 2022
Security researchers have discovered over 80,000 Hikvision cameras vulnerable to a critical command injection flaw that's easily exploitable via specially crafted messages sent to the vulnerable web server. [.].
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
CyberSecurity Insiders
AUGUST 23, 2022
Ragnar Locker Ransomware gang has officially declared that they are responsible for the disruption of servers related to a Greece-based gas operator DESFA. And reports are in that Ragnar Locker Gang is demanding $12 million to free up data from encryption. DESFA released a press statement that it became a victim of a ransomware attack on Saturday last week and assured that its business continuity plan will surely bail them out of the present situation, without paying a penny.
Tech Republic Security
AUGUST 22, 2022
A lot of companies have deployed multi-factor authentication, yet attackers have some ways to bypass it—the most used one being cookie theft. The post Cookie theft threat: When Multi-Factor authentication is not enough appeared first on TechRepublic.
PCI perspectives
AUGUST 22, 2022
Although Viviana Wesley always knew that she wanted a career in computers and technology, when she first started pursuing it, she realized her strengths were not in coding. But, through the guidance of a friend, she was redirected into IT Support and a new world opened for her; a dynamic world where she could use her technical expertise to help people, which is what she truly wanted to do.
Security Boulevard
AUGUST 25, 2022
Wondering about CI/CD security? We explain why CI/CD security is essential, how it works, the tools you need, and best practices to overcome its challenges. The post What Is CI/CD Security & Why Does It Matter? appeared first on Security Boulevard.
Speaker: William Hord, Vice President of ERM Services
A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.
Expert insights. Personalized for you.
167 
Let's personalize your content