Cyber Security Informer

Long Article on GM Spying on Its Cars’ Drivers

Schneier on Security

APRIL 26, 2024

Kashmir Hill has a really good article on how GM tricked its drivers into letting it spy on them—and then sold that data to insurance companies.

Insurance

Insurance Surveillance

Microsoft Is Spying on Users of Its AI Tools

Schneier on Security

FEBRUARY 20, 2024

Microsoft announced that it caught Chinese, Russian, and Iranian hackers using its AI tools—presumably coding tools—to improve their hacking abilities. I’m sure the terms of service—if I bothered to read them—gives them that permission.

Hacking

Hacking Artificial Intelligence

Smuggling Gold by Disguising it as Machine Parts

Schneier on Security

APRIL 12, 2024

Someone got caught trying to smuggle 322 pounds of gold (that’s about 1/4 of a cubic foot) out of Hong Kong. It was disguised as machine parts: On March 27, customs officials x-rayed two air compressors and discovered that they contained gold that had been “concealed in the integral parts” of the compressors.

The Digital Trust Factor. Have We Got It All Wrong?

Jane Frankland

APRIL 17, 2024

When you think about trust in the digital landscape, what comes to mind? Is it the security of personal information, the reliability of online transactions, the authenticity of digital identities? Or is it ISACA’s definition of digital trust as being the confidence in relationships and transactions.

Identity Theft

Identity Theft Digital transformation Technology Risk

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it.

Risk

Top IT Trends in Australia for IT Pros to Prepare For in 2024

Tech Republic Security

JANUARY 19, 2024

IT spending in Australia is forecast to increase significantly in 2024. This means that IT pros who spend time on skills development will be able to instead focus on growth in their career.

Big data

Shadow IT: Fear it or embrace it?

Tech Republic Security

OCTOBER 5, 2022

CMO of Holm Security says that, as more businesses turn to cloud-based applications, the concept of shadow IT will not remain in the shadows. The post Shadow IT: Fear it or embrace it? appeared first on TechRepublic.

Barracuda Urges Replacing — Not Patching — Its Email Security Gateways

Krebs on Security

JUNE 8, 2023

It’s not often that a zero-day vulnerability causes a network security vendor to urge customers to physically remove and decommission an entire line of affected hardware — as opposed to just applying software updates. The Barracuda Email Security Gateway (ESG) 900 appliance. Campbell, Calif.

Firmware

Firmware Malware Software Ransomware

Click Fraud: What it is & How it Works

Security Boulevard

APRIL 22, 2024

Click fraud happens with the intention of influencing traffic statistics, votes, or rankings—usually at a large scale. Here's how DataDome stops it. The post Click Fraud: What it is & How it Works appeared first on Security Boulevard.

The Anti-Money Laundering Act of 2020: Initial Catalysts, Current Implications, and Future Impacts

Speaker: Elizabeth "Paige" Baumann, Founder and CEO of Paige Baumann Advisory, LLC

The AMLA represents the most significant changes in U.S. anti-money laundering laws since the USA PATRIOT Act of 2001. Treasury’s Financial Crimes Enforcement Network (FinCEN) pursuant to the AMLA so far Anticipated impacts of the AMLA to financial institutions required to have AML programs and other entities Save your seat and register today!

Banking

House Passes Privacy-Preserving Bill, but Biden Blasts it

Security Boulevard

APRIL 18, 2024

Are you a FANFSA fan? The White House isn’t. It says the bill “threatens national security.” The post House Passes Privacy-Preserving Bill, but Biden Blasts it appeared first on Security Boulevard.

Social Engineering

Social Engineering Advertising Data privacy Engineering

The Quantum Computing Cryptopocalypse – I’ll Know It When I See It

Security Affairs

JANUARY 19, 2024

Can quantum computing break cryptography? Can it do it within a person’s lifetime? Will it be a cryptopocalypse, as some experts suggest? Can quantum computing break cryptography? Sure, it can. Can it do it within a person’s lifetime? In fact, it will likely achieve this sometime within your career.

Technology

Technology Encryption Hacking Internet

CISA adds Microsoft Windows Print Spooler flaw to its Known Exploited Vulnerabilities catalog

Security Affairs

APRIL 25, 2024

CISA added the Windows Print Spooler flaw CVE-2022-38028 to its Known Exploited Vulnerabilities catalog. Cybersecurity and Infrastructure Security Agency (CISA) added the CVE-2022-38028 Microsoft Windows Print Spooler Privilege Escalation vulnerability to its Known Exploited Vulnerabilities (KEV) catalog.

Education

Education Government Hacking Risk

Python's PyPI Reveals Its Secrets

The Hacker News

APRIL 11, 2024

GitGuardian is famous for its annual State of Secrets Sprawl report. In their 2023 report, they found over 10 million exposed passwords, API keys, and other credentials exposed in public GitHub commits. The takeaways in their 2024 report did not just highlight 12.8

Passwords

From Complexity to Clarity: Strategies for Effective Compliance and Security Measures

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place.

SOC Automation: What is it and Why it Matters

Security Boulevard

APRIL 17, 2024

The post SOC Automation: What is it and Why it Matters appeared first on AI Enabled Security Automation. The post SOC Automation: What is it and Why it Matters appeared first on Security Boulevard.

Network Security

Ivanti fixed two critical flaws in its Avalanche MDM

Security Affairs

APRIL 17, 2024

Ivanti addressed two critical vulnerabilities in its Avalanche mobile device management (MDM) solution, that can lead to remote command execution. The MDM software allows administrators to configure, deploy, update, and maintain up to 100,000 mobile IT assets all in one system. These vulnerabilities affect any older versions of Avalanche.

Mobile

Mobile Software Hacking Information Security

IT Email Templates: Security Alerts

Tech Republic Security

FEBRUARY 21, 2024

All company communication needs may vary but certain standard template messages can come in handy for IT staff to keep employees up to date on “need to know” informational bulletins.

Technology

IT Physical Security Policy

Tech Republic Security

JULY 2, 2023

This policy will help your organization safeguard its hardware, software and data from exposure to persons (internal or external) who could intentionally or inadvertently harm your business and/or damage physical assets. Server room/IT. The post IT Physical Security Policy appeared first on TechRepublic.

Software

Cover Your SaaS: How to Overcome Security Challenges and Risks For Your Organization

Speaker: Ronald Eddings, Cybersecurity Expert and Podcaster

So, you’ve accomplished an organization-wide SaaS adoption. It started slow, and now just a few team members might be responsible for running Salesforce, Slack, and a few others applications that boost productivity, but it’s all finished. Register now for this exclusive webinar on March 24th, 2022 at 9:30 am PDT, 12:30 pm EDT, 5:30 pm GMT

Risk

UnitedHealth confirms it paid ransomware gang to stop data leak

Bleeping Computer

APRIL 23, 2024

The UnitedHealth Group has confirmed that it paid a ransom to cybercriminals to protect sensitive data stolen during the Optum ransomware attack in late February. [.]

Ransomware

Ransomware Healthcare

McDonald's IT systems outage impacts restaurants worldwide

Bleeping Computer

MARCH 15, 2024

McDonald's restaurants are suffering global IT outages that prevent employees from taking orders and accepting payments, causing some stores to close for the day. [.]

Technology

Australian IT Skills Shortage: 2024 Is The Year To Self-Upskill

Tech Republic Security

APRIL 8, 2024

Find out why IT pros in Australia need to take the initiative to self-upskill, and learn how this could lead to salary increases and promotions.

Artificial Intelligence

Palo Alto Networks fixed multiple DoS bugs in its firewalls

Security Affairs

APRIL 11, 2024

Palo Alto Networks fixed several vulnerabilities in its PAN-OS operating system, including 3 issues that can trigger a DoS condition on its firewalls. Palo Alto Networks released security updates to address several high-severity vulnerabilities in its PAN-OS operating system.

Firewall

Firewall Software Engineering Authentication

Successful Change Management with Enterprise Risk Management

Speaker: William Hord, Vice President of ERM Services

Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization. It is the tangents of this data that are vital to a successful change management process.

Risk

What is Data Recovery: Its Importance and Application?

SecureBlitz

APRIL 23, 2024

Today, we give you a concise data recovery guide, emphasising its importance and application. It's general knowledge that every device hosts a database (storage), and every database or storage is liable to compromise and data loss. Hence, data recovery is paramount to every smartphone or computer user. appeared first on SecureBlitz Cybersecurity.

Cybersecurity

Panera Bread experiencing nationwide IT outage since Saturday

Bleeping Computer

MARCH 25, 2024

Since Saturday, U.S. food chain giant Panera Bread has been experiencing a nationwide outage that has impacted its IT systems, including online ordering, POS systems, phones, and various internal systems. [.]

HideMy.name VPN Review 2024: Is It Worth It?

SecureBlitz

JANUARY 29, 2024

However, reading this means you have your eyes set on HideMy.name VPN. The service has been around since 2017, meaning it’s not a new player in the cybersecurity space. Nevertheless, being […] The post HideMy.name VPN Review 2024: Is It Worth It? appeared first on SecureBlitz Cybersecurity.

VPN

VPN Cybersecurity

MITRE revealed that nation-state actors breached its systems via Ivanti zero-days

Security Affairs

APRIL 19, 2024

The MITRE Corporation revealed that a nation-state actor compromised its systems in January 2024 by exploiting Ivanti VPN zero-days. In April 2024, MITRE disclosed a security breach in one of its research and prototyping networks. The organization immediately started mitigation actions which included taking NERVE offline.

Cyber Attacks

Cyber Attacks VPN Authentication Hacking

How to Generate Revenue Using Software Intelligence

Advertiser: Revenera

Add More Opportunities to Your Pipeline. Did you know there are people who already use and love your software, but aren't paying for it? Compliance analytics allow you to quantify unlicensed use of your products and accelerate your revenue recovery efforts.

Software

Cyber Insurance Explained: What It Covers, Who Needs It

Security Boulevard

SEPTEMBER 3, 2023

The cyber insurance market is currently experiencing a state of flux due […] The post Cyber Insurance Explained: What It Covers, Who Needs It appeared first on Centraleyes. The post Cyber Insurance Explained: What It Covers, Who Needs It appeared first on Security Boulevard.

Cyber Insurance

Cyber Insurance Insurance Marketing Data breaches

Is the LockBit gang resuming its operation?

Security Affairs

FEBRUARY 29, 2024

Experts warn that the LockBit ransomware group has started using updated encryptors in new attacks, after the recent law enforcement operation. The LockBit ransomware group appears to have fully recovered its operations following the recent law enforcement initiative, code-named Operation Cronos , which aimed to disrupt its activities.

Ransomware

Ransomware Hacking Cyber Attacks Encryption

Python's PyPI Reveals Its Secrets

The Hacker News

APRIL 11, 2024

GitGuardian is famous for its annual State of Secrets Sprawl report. In their 2023 report, they found over 10 million exposed passwords, API keys, and other credentials exposed in public GitHub commits. The takeaways in their 2024 report did not just highlight 12.8

Passwords

HIPAA Compliance: Why It Matters and How to Obtain It

Security Boulevard

MARCH 26, 2024

The Health Insurance Portability and Accountability Act (HIPAA) of 1996 Security Rule established standards for protecting individuals’ electronic personal health information (PHI) (which includes any identifiable health information, such as health records and histories, medical bills, lab results, etc.)

Insurance

Insurance Accountability Data privacy Cybersecurity

The Power of Storytelling in Risk Management

Speaker: Dr. Karen Hardy, CEO and Chief Risk Officer of Strategic Leadership Advisors LLC

However, risk communication involves more than just reporting information and populating dashboards, and we may be limiting our skillset. Storytelling is the ability to express ideas and convey messages to others, including stakeholders.

Risk

OAuth Token: What It Is, How It Works, and Its Vulnerabilities

Security Boulevard

JULY 12, 2023

Learn how OAuth works and the risks of improper OAuth implementation that may introduce attack vectors on your SaaS estate. The post OAuth Token: What It Is, How It Works, and Its Vulnerabilities appeared first on AppOmni. The post OAuth Token: What It Is, How It Works, and Its Vulnerabilities appeared first on Security Boulevard.

Risk

MITRE says state hackers breached its network via Ivanti zero-days

Bleeping Computer

APRIL 19, 2024

The MITRE Corporation says a state-backed hacking group breached its systems in January 2024 by chaining two Ivanti VPN zero-days. [.]

VPN

VPN Hacking

IT Leaders Lack Confidence in IoT Security Plans

Security Boulevard

MARCH 1, 2024

There is a significant lack of confidence among IT leaders regarding their internet-of-things (IoT) security plans. The post IT Leaders Lack Confidence in IoT Security Plans appeared first on Security Boulevard.

IoT

IoT Internet Internet Mobile

HHS: Heath Care IT Helpdesks Under Attack in Voice Scams

Security Boulevard

APRIL 8, 2024

A beleaguered health care industry that already is a top target of cybercriminals is under attack again, with bad actors recently using social engineering techniques in calls to IT helpdesks to gain access into the systems of targeted organizations.

Scams

Scams Social Engineering Engineering Healthcare

Back to the Office: Privacy and Security Solutions to Compliance Issues for 2021 and Beyond

Speaker: Mike Cramer, Director of HIPAA & Data Security at The Word & Brown Companies

The COVID-19 pandemic forced many people into working remotely, opening the floodgates for a host of digital compliance issues. Now that companies are slowly allowing employees to return to work at the office, it's time to re-evaluate your company’s posture towards privacy and security. This is especially vital if your workers were (and still are!)

Data privacy

Cisco warns of a command injection escalation flaw in its IMC. PoC publicly available

Security Affairs

APRIL 18, 2024

Cisco has addressed a high-severity vulnerability in its Integrated Management Controller (IMC) for which publicly available exploit code exists. Cisco has addressed a high-severity Integrated Management Controller (IMC) vulnerability and is aware of a public exploit code for this issue.

Authentication

Authentication Hacking Information Security

Should IT and Security Teams Play a Role in Crisis Communications?

Tech Republic Security

FEBRUARY 21, 2024

Australian IT and security teams should play key roles in communications during outages and cyber attacks; they also need to be prepared to act when such a tech-related crisis occurs.

Cyber Attacks

Cyber Attacks Cybersecurity

Understanding the Change Healthcare Breach and Its Impact on Security Compliance

Security Boulevard

APRIL 25, 2024

Rick Pollack, President and CEO of the American Hospital Association stated that “the Change Healthcare cyberattack is the most significant and consequential incident of its kind against the U.S. healthcare system in history.” And congress.

Healthcare

Healthcare Ransomware Cybersecurity

Breakthrough in Quantum Cloud Computing Ensures its Security and Privacy

Tech Republic Security

APRIL 19, 2024

Oxford University researchers used an approach dubbed “blind quantum computing” to connect two quantum computing entities in a way that is completely secure.

Artificial Intelligence

Artificial Intelligence Network Security

Long Article on GM Spying on Its Cars’ Drivers

Microsoft Is Spying on Users of Its AI Tools

Trending Sources

Smuggling Gold by Disguising it as Machine Parts

The Digital Trust Factor. Have We Got It All Wrong?

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

Top IT Trends in Australia for IT Pros to Prepare For in 2024

Shadow IT: Fear it or embrace it?

Barracuda Urges Replacing — Not Patching — Its Email Security Gateways

Click Fraud: What it is & How it Works

The Anti-Money Laundering Act of 2020: Initial Catalysts, Current Implications, and Future Impacts

House Passes Privacy-Preserving Bill, but Biden Blasts it

The Quantum Computing Cryptopocalypse – I’ll Know It When I See It

CISA adds Microsoft Windows Print Spooler flaw to its Known Exploited Vulnerabilities catalog

Python's PyPI Reveals Its Secrets

From Complexity to Clarity: Strategies for Effective Compliance and Security Measures

SOC Automation: What is it and Why it Matters

Ivanti fixed two critical flaws in its Avalanche MDM

IT Email Templates: Security Alerts

IT Physical Security Policy

Cover Your SaaS: How to Overcome Security Challenges and Risks For Your Organization

UnitedHealth confirms it paid ransomware gang to stop data leak

McDonald's IT systems outage impacts restaurants worldwide

Australian IT Skills Shortage: 2024 Is The Year To Self-Upskill

Palo Alto Networks fixed multiple DoS bugs in its firewalls

Successful Change Management with Enterprise Risk Management

What is Data Recovery: Its Importance and Application?

Panera Bread experiencing nationwide IT outage since Saturday

HideMy.name VPN Review 2024: Is It Worth It?

MITRE revealed that nation-state actors breached its systems via Ivanti zero-days

How to Generate Revenue Using Software Intelligence

Cyber Insurance Explained: What It Covers, Who Needs It

Is the LockBit gang resuming its operation?

Python's PyPI Reveals Its Secrets

HIPAA Compliance: Why It Matters and How to Obtain It

The Power of Storytelling in Risk Management

OAuth Token: What It Is, How It Works, and Its Vulnerabilities

MITRE says state hackers breached its network via Ivanti zero-days

IT Leaders Lack Confidence in IoT Security Plans

HHS: Heath Care IT Helpdesks Under Attack in Voice Scams

Back to the Office: Privacy and Security Solutions to Compliance Issues for 2021 and Beyond

Cisco warns of a command injection escalation flaw in its IMC. PoC publicly available

Should IT and Security Teams Play a Role in Crisis Communications?

Understanding the Change Healthcare Breach and Its Impact on Security Compliance

Breakthrough in Quantum Cloud Computing Ensures its Security and Privacy

Stay Connected