Lohrman on Security
SEPTEMBER 4, 2022
Montenegro, Estonia and new NATO applicant Finland are just three of the countries being hit hard by sophisticated cyber attacks. What’s happening and who’s next?
Troy Hunt
SEPTEMBER 8, 2022
The first time I ever wrote publicly about a company's security vulnerabilities, my boss came to have a word with me after seeing my name in the news headlines. One of the worst days I've ever had was right in the middle of the Have I Been Pwned sale process, and it left me an absolute emotional wreck. When I wrote about how I deal with online abuse, it was off the back of some pretty nasty stuff. which I've now included in this book 😊 These are the stories behind the stor
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Joseph Steinberg
SEPTEMBER 6, 2022
It is not a secret that the American people remain in danger of massive, crippling cyberattacks that could impact financial services, utilities, health care, and just about every other area of modern life. What is not often discussed about the danger, however, is that one of the primary reasons that the United States, as a country, remains ill-prepared for fending off cyberattacks, is that decentralized State and Local government agencies, and not the centralized Federal government, run or overs
Krebs on Security
SEPTEMBER 9, 2022
Communities like Craigslist , OfferUp , Facebook Marketplace and others are great for finding low- or no-cost stuff that one can pick up directly from a nearby seller, and for getting rid of useful things that don’t deserve to end up in a landfill. But when dealing with strangers from the Internet, there is always a risk that the person you’ve agreed to meet has other intentions.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Schneier on Security
SEPTEMBER 8, 2022
This is from a court deposition : Facebook’s stonewalling has been revealing on its own, providing variations on the same theme: It has amassed so much data on so many billions of people and organized it so confusingly that full transparency is impossible on a technical level. In the March 2022 hearing, Zarashaw and Steven Elia, a software engineering manager, described Facebook as a data-processing apparatus so complex that it defies understanding from within.
Troy Hunt
SEPTEMBER 4, 2022
Well, after a crazy amount of work, a lot of edits, reflection, and feedback cycles, "Pwned" is almost here: This better be a sizzling read @troyhunt or I'll be crashing the wedding in ways never done before. Also, I thought they'd cancelled Neighbours? 😉❤️ pic.twitter.com/jrYIKtL0Uh — Mike Thompson (@AppSecBloke) August 30, 2022 The preview cycle is in full swing with lots of feedback coming in and revisions being made before we push it live to the
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
We Live Security
SEPTEMBER 8, 2022
It pays to do some research before taking a leap into the world of internet-connected toys. The post Toys behaving badly: How parents can protect their family from IoT threats appeared first on WeLiveSecurity.
Schneier on Security
SEPTEMBER 9, 2022
Stewart Baker discusses why the industry-norm responsible disclosure for software vulnerabilities fails for cryptocurrency software. Why can’t the cryptocurrency industry solve the problem the way the software and hardware industries do, by patching and updating security as flaws are found? Two reasons: First, many customers don’t have an ongoing relationship with the hardware and software providers that protect their funds—nor do they have an incentive to update security on a regular bas
Bleeping Computer
SEPTEMBER 6, 2022
A reverse-proxy Phishing-as-a-Service (PaaS) platform called EvilProxy has emerged, promising to steal authentication tokens to bypass multi-factor authentication (MFA) on Apple, Google, Facebook, Microsoft, Twitter, GitHub, GoDaddy, and even PyPI. [.].
Tech Republic Security
SEPTEMBER 5, 2022
An asset management software is a necessary part of every IT department. Find out which one is best for your business. The post Best IT asset management software of 2022 appeared first on TechRepublic.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Security Affairs
SEPTEMBER 3, 2022
Electronics giant Samsung has confirmed a new data breach after some of its US systems were compromised in July. After the attack that hit the company in late July 2022, Samsung disclosed a data breach. The Electronics giant discovered on August 4 that threat actors have had access to its systems and exfiltrated customer personal information. The threat actors had access to Samsung customers’ names, contacts, dates of birth, product registration data, and demographic information.
Schneier on Security
SEPTEMBER 7, 2022
This article makes LockBit sound like a legitimate organization: The DDoS attack last weekend that put a temporary stop to leaking Entrust data was seen as an opportunity to explore the triple extortion tactic to apply more pressure on victims to pay a ransom. LockBitSupp said that the ransomware operator is now looking to add DDoS as an extortion tactic on top of encrypting data and leaking it. “I am looking for dudosers [DDoSers] in the team, most likely now we will attack targets and pr
Bleeping Computer
SEPTEMBER 3, 2022
The Internal Revenue Service has accidentally leaked confidential information for approximately 120,000 taxpayers who filed a form 990-T as part of their tax returns. [.].
Tech Republic Security
SEPTEMBER 9, 2022
Jack Wallen ponders the rising tide of Linux malware and offers advice on how to help mitigate the issue. The post The rise of Linux malware: 9 tips for securing the OSS appeared first on TechRepublic.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Security Boulevard
SEPTEMBER 8, 2022
By Source Defense Now in its fourth year, the European Union’s General Data Protection Regulation (GDPR) is one of the strictest, most complex, and most confusing data privacy laws in the world. Although that complexity initially meant that accountability got off to a slow start, GDPR fines are now becoming more common and costly. During. The post GDPR and Website Data Leakage:<br>A Complex Problem With a Simple Solution appeared first on Source Defense.
The Hacker News
SEPTEMBER 9, 2022
A zero-day flaw in a WordPress plugin called BackupBuddy is being actively exploited, WordPress security company Wordfence has disclosed. "This vulnerability makes it possible for unauthenticated users to download arbitrary files from the affected site which can include sensitive information," it said.
Bleeping Computer
SEPTEMBER 3, 2022
The source code of a remote access trojan (RAT) dubbed 'CodeRAT' has been leaked on GitHub after malware analysts confronted the developer about attacks that used the tool. [.].
Tech Republic Security
SEPTEMBER 8, 2022
The new PCI DSS 4.0 standard means organizations will have to up their game beginning in 2024. The post PCI DSS compliance improving but still lags highs appeared first on TechRepublic.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Security Boulevard
SEPTEMBER 7, 2022
TikTok was hacked, with over two billion records stolen. Or so says notorious leak group BlueHornet (a/k/a AgainstTheWest, @AggressiveCurl). The post TikTok Hack: 2B Records Leak — but ByteDance Denies appeared first on Security Boulevard.
CSO Magazine
SEPTEMBER 6, 2022
In-app browsers can pose significant security risks to businesses, with their tendency to track data a primary concern. This was highlighted in recent research which examined how browsers within apps like Facebook, Instagram and TikTok can be a data privacy risk for iOS users. Researcher Felix Krause detailed how popular in-app browsers inject JavaScript code into third-party websites, granting host apps the ability to track certain interactions, including form inputs like passwords and addresse
CyberSecurity Insiders
SEPTEMBER 5, 2022
By Jim Jackson, President and Chief Revenue Officer at TuxCare. Compliance is a serious duty within cybersecurity, IT and related management roles. It’s only getting more stringent as industry regulations and legal requirements continually expand. And potentially creating a perfect storm, that duty is getting all-too-real with a growing number of legal actions that illustrate there is now a clear and escalating desire to more directly hold c-level and even board-level personnel more accountable
Tech Republic Security
SEPTEMBER 9, 2022
The lack of transparency could be cause for concern, but the data stolen is not high value. The post Impact of Samsung’s most recent data breach unknown appeared first on TechRepublic.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Security Boulevard
SEPTEMBER 3, 2022
The financial services industry – from retail banking to insurance – is facing challenges from multiple different channels: from competitive pressure and regulation to the evolving security landscape. These challenges need to be addressed whilst delivering technological and business transformation that is customer centric, cloud native and mobile ready.
Bleeping Computer
SEPTEMBER 7, 2022
Outdoor apparel brand 'The North Face' was targeted in a large-scale credential stuffing attack that has resulted in the hacking of 194,905 accounts on the thenorthface.com website. [.].
eSecurity Planet
SEPTEMBER 9, 2022
Nearly a quarter of healthcare organizations hit by ransomware attacks experienced an increase in patient mortality, according to a study from Ponemon Institute and Proofpoint released today. The report , “Cyber Insecurity in Healthcare: The Cost and Impact on Patient Safety and Care,” surveyed 641 healthcare IT and security practitioners and found that the most common consequences of cyberattacks are delayed procedures and tests, resulting in poor patient outcomes for 57% of the healthcare prov
Tech Republic Security
SEPTEMBER 8, 2022
Jack Wallen shows you how to take control of online advertisements in the Opera web browser, so you can stop worrying ads will take control of you. The post How to manage ad blocking in Opera appeared first on TechRepublic.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Security Boulevard
SEPTEMBER 3, 2022
By now, you’ve surely heard about some of the breaches that have been happening when company A gets illegally accessed via the threat actors hacking into one of company A’s vendors. Microsoft was breached when hackers got into SolarWinds. Twilio was recently breached when hackers were able to hack Okta. Learn more about what exactly […]. The post Multi-Factor Authentication (MFA) Is Not Enough first appeared on Banyan Security.
Bleeping Computer
SEPTEMBER 9, 2022
The Armed Forces General Staff agency of Portugal (EMGFA) has suffered a cyberattack that allegedly allowed the theft of classified NATO documents, which are now sold on the dark web. [.].
Security Affairs
SEPTEMBER 9, 2022
Threat actors claimed to have stolen classified NATO documents from the Armed Forces General Staff agency of Portugal (EMGFA). After discovering that Classified NATO documents belonging to the Armed Forces General Staff agency of Portugal (EMGFA) were offered for sale on the darkweb, the Portuguese agency discovered it has suffered a cyberattack. The Armed Forces General Staff (Portuguese: Estado-Maior-General das Forças Armadas), or EMGFA, is the supreme military body of Portugal.
Tech Republic Security
SEPTEMBER 7, 2022
Learn all about the key features, specs, pricing, availability and other details about Apple's 2022 release of iPhone 14 and iPhone 14 Pro. The post iPhone 14 cheat sheet: Everything to know about Apple’s 2022 flagship phones appeared first on TechRepublic.
Speaker: William Hord, Vice President of ERM Services
A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.
Expert insights. Personalized for you.
279 
Let's personalize your content