Lohrman on Security
SEPTEMBER 4, 2022
Montenegro, Estonia and new NATO applicant Finland are just three of the countries being hit hard by sophisticated cyber attacks. What’s happening and who’s next?
Troy Hunt
SEPTEMBER 8, 2022
The first time I ever wrote publicly about a company's security vulnerabilities, my boss came to have a word with me after seeing my name in the news headlines. One of the worst days I've ever had was right in the middle of the Have I Been Pwned sale process, and it left me an absolute emotional wreck. When I wrote about how I deal with online abuse, it was off the back of some pretty nasty stuff. which I've now included in this book 😊 These are the stories behind the stor
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Krebs on Security
SEPTEMBER 9, 2022
Communities like Craigslist , OfferUp , Facebook Marketplace and others are great for finding low- or no-cost stuff that one can pick up directly from a nearby seller, and for getting rid of useful things that don’t deserve to end up in a landfill. But when dealing with strangers from the Internet, there is always a risk that the person you’ve agreed to meet has other intentions.
Schneier on Security
SEPTEMBER 8, 2022
This is from a court deposition : Facebook’s stonewalling has been revealing on its own, providing variations on the same theme: It has amassed so much data on so many billions of people and organized it so confusingly that full transparency is impossible on a technical level. In the March 2022 hearing, Zarashaw and Steven Elia, a software engineering manager, described Facebook as a data-processing apparatus so complex that it defies understanding from within.
Speaker: Erroll Amacker
Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.
The Last Watchdog
SEPTEMBER 7, 2022
Finally, Uncle Sam is compelling companies to take cybersecurity seriously. Related: How the Middle East paved the way to CMMC. Cybersecurity Maturity Model Certification version 2.0 could take effect as early as May 2023 mandating detailed audits of the cybersecurity practices of any company that hopes to do business with the Department of Defense.
Troy Hunt
SEPTEMBER 4, 2022
Well, after a crazy amount of work, a lot of edits, reflection, and feedback cycles, "Pwned" is almost here: This better be a sizzling read @troyhunt or I'll be crashing the wedding in ways never done before. Also, I thought they'd cancelled Neighbours? 😉❤️ pic.twitter.com/jrYIKtL0Uh — Mike Thompson (@AppSecBloke) August 30, 2022 The preview cycle is in full swing with lots of feedback coming in and revisions being made before we push it live to the
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
|
Schneier on Security
SEPTEMBER 9, 2022
Stewart Baker discusses why the industry-norm responsible disclosure for software vulnerabilities fails for cryptocurrency software. Why can’t the cryptocurrency industry solve the problem the way the software and hardware industries do, by patching and updating security as flaws are found? Two reasons: First, many customers don’t have an ongoing relationship with the hardware and software providers that protect their funds—nor do they have an incentive to update security on a regular bas
The Last Watchdog
SEPTEMBER 6, 2022
Network security has been radically altered, two-plus years into the global pandemic. Related: ‘ Attack surface management’ rises to the fore. The new normal CISOs face today is something of a nightmare. They must take into account a widely scattered workforce and somehow comprehensively mitigate new and evolving cyber threats. Criminal hacking collectives are thriving, more than ever.
Bleeping Computer
SEPTEMBER 9, 2022
A new attack technique called 'GIFShell' allows threat actors to abuse Microsoft Teams for novel phishing attacks and covertly executing commands to steal data using. GIFs. [.].
Tech Republic Security
SEPTEMBER 5, 2022
An asset management software is a necessary part of every IT department. Find out which one is best for your business. The post Best IT asset management software of 2022 appeared first on TechRepublic.
Advertisement
Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.
Schneier on Security
SEPTEMBER 7, 2022
This article makes LockBit sound like a legitimate organization: The DDoS attack last weekend that put a temporary stop to leaking Entrust data was seen as an opportunity to explore the triple extortion tactic to apply more pressure on victims to pay a ransom. LockBitSupp said that the ransomware operator is now looking to add DDoS as an extortion tactic on top of encrypting data and leaking it. “I am looking for dudosers [DDoSers] in the team, most likely now we will attack targets and pr
We Live Security
SEPTEMBER 8, 2022
It pays to do some research before taking a leap into the world of internet-connected toys. The post Toys behaving badly: How parents can protect their family from IoT threats appeared first on WeLiveSecurity.
Security Affairs
SEPTEMBER 9, 2022
Threat actors claimed to have stolen classified NATO documents from the Armed Forces General Staff agency of Portugal (EMGFA). After discovering that Classified NATO documents belonging to the Armed Forces General Staff agency of Portugal (EMGFA) were offered for sale on the darkweb, the Portuguese agency discovered it has suffered a cyberattack. The Armed Forces General Staff (Portuguese: Estado-Maior-General das Forças Armadas), or EMGFA, is the supreme military body of Portugal.
Tech Republic Security
SEPTEMBER 9, 2022
The lack of transparency could be cause for concern, but the data stolen is not high value. The post Impact of Samsung’s most recent data breach unknown appeared first on TechRepublic.
Advertisement
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
The Hacker News
SEPTEMBER 9, 2022
A zero-day flaw in a WordPress plugin called BackupBuddy is being actively exploited, WordPress security company Wordfence has disclosed. "This vulnerability makes it possible for unauthenticated users to download arbitrary files from the affected site which can include sensitive information," it said.
Bleeping Computer
SEPTEMBER 3, 2022
The Internal Revenue Service has accidentally leaked confidential information for approximately 120,000 taxpayers who filed a form 990-T as part of their tax returns. [.].
Security Affairs
SEPTEMBER 3, 2022
Electronics giant Samsung has confirmed a new data breach after some of its US systems were compromised in July. After the attack that hit the company in late July 2022, Samsung disclosed a data breach. The Electronics giant discovered on August 4 that threat actors have had access to its systems and exfiltrated customer personal information. The threat actors had access to Samsung customers’ names, contacts, dates of birth, product registration data, and demographic information.
Tech Republic Security
SEPTEMBER 9, 2022
Jack Wallen ponders the rising tide of Linux malware and offers advice on how to help mitigate the issue. The post The rise of Linux malware: 9 tips for securing the OSS appeared first on TechRepublic.
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
Security Boulevard
SEPTEMBER 8, 2022
By Source Defense Now in its fourth year, the European Union’s General Data Protection Regulation (GDPR) is one of the strictest, most complex, and most confusing data privacy laws in the world. Although that complexity initially meant that accountability got off to a slow start, GDPR fines are now becoming more common and costly. During. The post GDPR and Website Data Leakage:<br>A Complex Problem With a Simple Solution appeared first on Source Defense.
Bleeping Computer
SEPTEMBER 6, 2022
A reverse-proxy Phishing-as-a-Service (PaaS) platform called EvilProxy has emerged, promising to steal authentication tokens to bypass multi-factor authentication (MFA) on Apple, Google, Facebook, Microsoft, Twitter, GitHub, GoDaddy, and even PyPI. [.].
Security Affairs
SEPTEMBER 9, 2022
Threat actors are exploiting a zero-day vulnerability in a WordPress plugin called BackupBuddy, Wordfence researchers warned. On September 6, 2022, the Wordfence Threat Intelligence team was informed of a vulnerability being actively exploited in the BackupBuddy WordPress plugin. This plugin allows users to back up an entire WordPress installation, including theme files, pages, posts, widgets, users, and media files.
Tech Republic Security
SEPTEMBER 9, 2022
Edge computing opens organizations up to some security risks, but they can be mitigated with the proper planning. The post The risks of edge computing appeared first on TechRepublic.
Speaker: Sierre Lindgren
Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.
Security Boulevard
SEPTEMBER 7, 2022
TikTok was hacked, with over two billion records stolen. Or so says notorious leak group BlueHornet (a/k/a AgainstTheWest, @AggressiveCurl). The post TikTok Hack: 2B Records Leak — but ByteDance Denies appeared first on Security Boulevard.
Bleeping Computer
SEPTEMBER 3, 2022
Google has released Chrome 105.0.5195.102 for Windows, Mac, and Linux users to address a single high-severity security flaw, the sixth Chrome zero-day exploited in attacks patched this year. [.].
Security Affairs
SEPTEMBER 8, 2022
Cisco fixed new security flaws affecting its products, including a recently disclosed high-severity issue in NVIDIA Data Plane Development Kit. The most severe issues fixed by Cisco are an unauthenticated Access to Messaging Services Vulnerability affecting Cisco SD-WAN vManage software and a vulnerability in NVIDIA Data Plane Development Kit. The two issues have been tracked as CVE-2022-20696 (CVSS score: 7.5) and CVE-2022-28199 (CVSS score: 8.6) respectively.
Tech Republic Security
SEPTEMBER 8, 2022
Jack Wallen shows you how to take control of online advertisements in the Opera web browser, so you can stop worrying ads will take control of you. The post How to manage ad blocking in Opera appeared first on TechRepublic.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Security Boulevard
SEPTEMBER 3, 2022
The financial services industry – from retail banking to insurance – is facing challenges from multiple different channels: from competitive pressure and regulation to the evolving security landscape. These challenges need to be addressed whilst delivering technological and business transformation that is customer centric, cloud native and mobile ready.
CSO Magazine
SEPTEMBER 6, 2022
In-app browsers can pose significant security risks to businesses, with their tendency to track data a primary concern. This was highlighted in recent research which examined how browsers within apps like Facebook, Instagram and TikTok can be a data privacy risk for iOS users. Researcher Felix Krause detailed how popular in-app browsers inject JavaScript code into third-party websites, granting host apps the ability to track certain interactions, including form inputs like passwords and addresse
Security Affairs
SEPTEMBER 9, 2022
Iran-linked APT group DEV-0270 (aka Nemesis Kitten) is abusing the BitLocker Windows feature to encrypt victims’ devices. Microsoft Security Threat Intelligence researchers reported that Iran-linked APT group DEV-0270 ( Nemesis Kitten ) has been abusing the BitLocker Windows feature to encrypt victims’ devices. The researchers tracked multiple ransomware attacks conducted by the DEV-0270 group, which is a unit of the Iranian actor PHOSPHORUS.
Tech Republic Security
SEPTEMBER 8, 2022
The new PCI DSS 4.0 standard means organizations will have to up their game beginning in 2024. The post PCI DSS compliance improving but still lags highs appeared first on TechRepublic.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Expert insights. Personalized for you.
304 
Let's personalize your content