Major Cyber Insurance Overhaul Begins Now
Lohrman on Security
APRIL 9, 2023
From Lloyd’s of London to the new National Cybersecurity Strategy, the future of cyber insurance is evolving fast. What do you need to watch?
Lohrman on Security
APRIL 9, 2023
From Lloyd’s of London to the new National Cybersecurity Strategy, the future of cyber insurance is evolving fast. What do you need to watch?
Schneier on Security
APRIL 12, 2023
The FBI is warning people against using public phone-charging stations, worrying that the combination power-data port can be used to inject malware onto the devices: Avoid using free charging stations in airports, hotels, or shopping centers. Bad actors have figured out ways to use public USB ports to introduce malware and monitoring software onto devices that access these ports.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Krebs on Security
APRIL 14, 2023
KrebsOnSecurity received a nice bump in traffic this week thanks to tweets from the Federal Bureau of Investigation (FBI) and the Federal Communications Commission (FCC) about “ juice jacking ,” a term first coined here in 2011 to describe a potential threat of data theft when one plugs their mobile device into a public charging kiosk. It remains unclear what may have prompted the alerts, but the good news is that there are some fairly basic things you can do to avoid having to worry
Tech Republic Security
APRIL 14, 2023
A new report from cyberthreat intelligence company Cybersixgill sees threat actors swarming to digital bazaars to collaborate, buy and sell malware and credentials. The post For cybercriminal mischief, it’s dark web vs deep web appeared first on TechRepublic.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Bleeping Computer
APRIL 10, 2023
Yum! Brands, the brand owner of the KFC, Pizza Hut, and Taco Bell fast food chains, is now sending data breach notification letters to an undisclosed number of individuals whose personal information was stolen in a January 13 ransomware attack. [.
Schneier on Security
APRIL 11, 2023
Car thieves are injecting malicious software into a car’s network through wires in the headlights (or taillights) that fool the car into believing that the electronic key is nearby. News articles.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Tech Republic Security
APRIL 13, 2023
Android infections are also prevalent on the dark web, according to Kaspersky. Learn how to keep your workforce safe from these mobile and BYOD security threats. The post Google Play threats on the dark web are big business appeared first on TechRepublic.
Bleeping Computer
APRIL 11, 2023
Microsoft has patched a zero-day vulnerability in the Windows Common Log File System (CLFS), actively exploited by cybercriminals to escalate privileges and deploy Nokoyawa ransomware payloads. [.
Schneier on Security
APRIL 14, 2023
You can beat the game without a computer : On a perfect [roulette] wheel, the ball would always fall in a random way. But over time, wheels develop flaws, which turn into patterns. A wheel that’s even marginally tilted could develop what Barnett called a ‘drop zone.’ When the tilt forces the ball to climb a slope, the ball decelerates and falls from the outer rim at the same spot on almost every spin.
Security Boulevard
APRIL 10, 2023
CAN You Not? Toyota RAV4 and many others vulnerable to CAN bus injection attack. Cars need zero-trust too. The post Yes, You CAN Steal This Car — by Opening the Fender appeared first on Security Boulevard.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Tech Republic Security
APRIL 10, 2023
With PingOne Neo, PingIdentity aims to accelerate “speed to trust”, supercharge identity management and put control of a user’s identity in the user’s pocket. The post PingIdentity launches decentralized identity management appeared first on TechRepublic.
CyberSecurity Insiders
APRIL 13, 2023
Quantum computing, while still in its infancy, is developing rapidly and holds tremendous potential for solving complex computational problems. However, its growth also presents significant challenges to cybersecurity, as it has the potential to render traditional cryptographic algorithms obsolete. This guide aims to provide a comprehensive understanding of the implications of quantum computing on cybersecurity, review the most notable quantum security technologies and vendors, and offer real-wo
Schneier on Security
APRIL 13, 2023
Thieves cut through the wall of a coffee shop to get to an Apple store, bypassing the alarms in the process. I wrote about this kind of thing in 2000, in Secrets and Lies (page 318): My favorite example is a band of California art thieves that would break into people’s houses by cutting a hole in their walls with a chainsaw. The attacker completely bypassed the threat model of the defender.
CSO Magazine
APRIL 10, 2023
Will artificial intelligence become clever enough to upend computer security? AI is already surprising the world of art by producing masterpieces in any style on demand. It’s capable of writing poetry while digging up arcane facts in a vast repository. If AIs can act like a bard while delivering the comprehensive power of the best search engines, why can’t they shatter security protocols, too?
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Tech Republic Security
APRIL 12, 2023
In the face of growing risks from open-source software dependencies, Google Cloud is releasing its Assured Open Source Software (Assured OSS) service for Java and Python ecosystems at no cost. The post Google Cloud offers Assured Open Source Software for free appeared first on TechRepublic.
Bleeping Computer
APRIL 14, 2023
Google has released an emergency Chrome security update to address the first zero-day vulnerability exploited in attacks since the start of the year. [.
The Hacker News
APRIL 10, 2023
Over one million WordPress websites are estimated to have been infected by an ongoing campaign to deploy malware called Balada Injector since 2017. The massive campaign, per GoDaddy's Sucuri, "leverages all known and recently discovered theme and plugin vulnerabilities" to breach WordPress sites. The attacks are known to play out in waves once every few weeks.
CyberSecurity Insiders
APRIL 12, 2023
By Jaye Tillson, Director of Strategy, Axis Security The iconic 1986 film “Top Gun” is one of my favorite films. In the movie, a group of elite fighter pilots train to become the best of the best. The film depicts a world of intense competition and high stakes, where the pilots must constantly prove themselves in order to earn their place among the elite.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Tech Republic Security
APRIL 12, 2023
Graymail, phishing, vendor impersonation, and other BECs clogging up security teams’ time. The post Cybersecurity leaders see risk from email attacks, hybrid work appeared first on TechRepublic.
Security Boulevard
APRIL 14, 2023
Your Cloud — But For How Long? WD’s My Cloud service is finally back online, but ransomware scrotes demand “eight figures.” The post Western Digital Redux: My Cloud Alive Again, Ransom is $10M+ appeared first on Security Boulevard.
CSO Magazine
APRIL 14, 2023
The European Data Protection Board (EDPB) plans to launch a dedicated task force to investigate ChatGPT after a number of European privacy watchdogs raised concerns about whether the technology is compliant with the EU's General Data Protection Regulation (GDPR). Europe's national privacy regulators said on Thursday that the decision came following discussions about recent enforcement action undertaken by the Italian data protection authority against OpenAI regarding its ChatGPT service.
Thales Cloud Protection & Licensing
APRIL 13, 2023
Post-Quantum Cryptography (PQC): Three Easy Ways to Prepare madhav Fri, 04/14/2023 - 06:05 The infamous Y2K “disaster” was successfully averted because people paid heed and prepared well in advance. Likewise, many Post-Quantum Computing (PCQ) security concerns can be addressed ahead of time with proper planning. Organizations that rely on data security and protection need to start preparing and refining strategies immediately.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Tech Republic Security
APRIL 10, 2023
There are courses in this bundle for all skill levels; several require no previous tech background whatsoever. The post Learn what you need to protect your business with ethical hacking for just $45 appeared first on TechRepublic.
Naked Security
APRIL 10, 2023
That double-whammy Apple browser-to-kernel spyware bug combo we wrote up last week? Turns out it applies to all supported Macs and iDevices - patch now!
Bleeping Computer
APRIL 8, 2023
On Friday, five days into a massive outage impacting its cloud services, Western Digital finally provided customers with a workaround to access their files. [.
CyberSecurity Insiders
APRIL 12, 2023
StormWall , a premier cybersecurity firm specializing in the defense of websites, networks, and online services from Distributed Denial of Service (DDoS) attacks, has published an in-depth report on the DDoS landscape during the first quarter of 2023. The report stems from a detailed analysis of attacks targeting StormWall’s clientele, which spans various sectors such as finance, e-commerce, telecommunications, entertainment, transportation, education, and logistics.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Tech Republic Security
APRIL 11, 2023
The service previously won the BestVPN.com Fastest VPN Award. The post Protect your company data with an Ivacy VPN lifetime subscription for $18 appeared first on TechRepublic.
Naked Security
APRIL 11, 2023
Stealing private keys is like getting hold of a medieval monarch's personal signet ring. you get to put an official seal on treasonous material.
Bleeping Computer
APRIL 10, 2023
Apple has released emergency updates to backport security patches released on Friday, addressing two actively exploited zero-day flaws also affecting older iPhones, iPads, and Macs. [.
CSO Magazine
APRIL 13, 2023
The Polish government warns that a cyberespionage group linked to Russia's intelligence services is targeting diplomatic and foreign ministries from NATO and EU member states in an ongoing campaign that uses previously undocumented malware payloads. The group, known in the security industry as APT29, Cozy Bear, and NOBELIUM, is believed to be part of Russia's Foreign Intelligence Service (SVR) and is the group behind the 2020 supply chain attack against software company SolarWinds that led to th
Speaker: William Hord, Vice President of ERM Services
A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.
Let's personalize your content