Sat.Nov 19, 2022 - Fri.Nov 25, 2022

Holiday Shopping Online: Safety on Black Friday, Cyber Monday

Lohrman on Security

What are the latest online security tips as we head into another holiday season? What’s the best cyber advice, and what shopping trends should you watch out for

191
191

Apple’s Device Analytics Can Identify iCloud Users

Schneier on Security

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Data Breach Misattribution, Acxiom & Live Ramp

Troy Hunt

If you find your name and home address posted online, how do you know where it came from? Let's assume there's no further context given, it's just your legitimate personal data and it also includes your phone number, email address. and over 400 other fields of data.

FIRESIDE CHAT: Anchoring security on granular visibility, proactive management of all endpoints

The Last Watchdog

Endpoints are where all are the connectivity action is. Related: Ransomware bombardments. And securing endpoints has once more become mission critical. This was the focal point of presentations at Tanium’s Converge 2022 conference which I had the privilege to attend last week at the Fairmont Austin in the Texas capital. I had the chance to visit with Peter Constantine, Tanium’s Senior Vice President Product Management.

Successful Change Management with Enterprise Risk Management

Speaker: William Hord, Vice President of ERM Services

Join us as we discuss the various tangents of data and the change management process that will help you make better risk-based business decisions to save time and money for your organization.

$1200 for acceleration on a Merc

Javvad Malik

Mercedes is one of the latest car companies to think, “hey, what do we do in a global downturn when new sales are low… I know, let’s limit some features on our car, then when people buy them, charge them extra to unlock it via a subscription model. If it’s worked for SaaS, it can work for us!” ” According to their site , a mere $1200 a month can give you a “noticeable improvement in acceleration of 0.8

Breaking the Zeppelin Ransomware Encryption Scheme

Schneier on Security

More Trending

Expert published PoC exploit code for macOS sandbox escape flaw

Security Affairs

A researcher published details and proof-of-concept (PoC) code for High-Severity macOS Sandbox escape vulnerability tracked as CVE-2022-26696. Researcher Wojciech Regu?a

GUEST ESSAY: The rising need to defend against super hackers, master thieves and digital ghosts

The Last Watchdog

Consider what might transpire if malicious hackers began to intensively leverage Artificial Intelligence (AI) to discover and exploit software vulnerabilities systematically? Related: Cyber spying on the rise. Cyber-attacks would become much more dangerous and much harder to detect. Currently, human hackers often discover security holes by chance; AI could make their hacking tools faster and the success of their tactics and techniques much more systematic.

The US Has a Shortage of Bomb-Sniffing Dogs

Schneier on Security

Nothing beats a dog’s nose for detecting explosives. Unfortunately, there aren’t enough dogs : Last month, the US Government Accountability Office (GAO) released a nearly 100-page report about working dogs and the need for federal agencies to better safeguard their health and wellness.

Weekly Update 322

Troy Hunt

It's very strange to have gone 1,051 days without spending more than a few hours apart, but here we are.

Cover Your SaaS: How to Overcome Security Challenges and Risks For Your Organization

Speaker: Ronald Eddings, Cybersecurity Expert and Podcaster

In this webinar, Ronald Eddings, Cybersecurity Expert, will outline the relationship between SaaS apps and IT & security teams, along with several actionable solutions to overcome the new difficulties facing your organization.

Experts claim that iPhone’s analytics data is not anonymous

Security Affairs

Researchers discovered that analytics data associated with iPhone include Directory Services Identifier (DSID) that could allow identifying users.

Top 6 security risks associated with industrial IoT

Tech Republic Security

Industrial IoT is gaining adoption, but this comes with some security risks. Check out the dangers and how you can avoid them. The post Top 6 security risks associated with industrial IoT appeared first on TechRepublic.

IoT 149

How to Avoid Black Friday Scams Online

WIRED Threat Level

Tis the season for swindlers and hackers. Use these tips to spot frauds and keep your payment info secure. Security Security / Security Advice Gear / How To and Advice

Scams 100

Google Blocks 231B Spam, Phishing Emails in Past 2 Weeks

Dark Reading

Google Workspace's team is seeing a spike in phishing and spam hitting Gmail — up 10% in just the last two weeks

How Preparation and Strategy Can Be Used to Fight and Defeat Any Ransomware Attack

Speaker: Karl Camilleri, Cloud Services Product Manager at phoenixNAP

Through a detailed analysis of major attacks and their consequences, Karl Camilleri, Cloud Services Product Manager at phoenixNAP, will discuss the state of ransomware and future predictions, as well as provide best practices for attack prevention and recovery.

5 API Vulnerabilities That Get Exploited by Criminals

Security Affairs

Let’s give a look at API vulnerabilities by reading the API Security Top 10 published by the Open Web Application Security Project (OWASP).

B2B 106

GUEST ESSAY — Security practices companies must embrace to stop AI-infused cyber attacks

The Last Watchdog

Consider what might transpire if malicious hackers began to intensively leverage Artificial Intelligence (AI) to discover and exploit software vulnerabilities systematically? Related: Bio digital twin can eradicate heart failure. Cyber-attacks would become much more dangerous and much harder to detect. Currently, human hackers often discover security holes by chance; AI could make their hacking tools faster and the success of their tactics and techniques much more systematic.

Identity-Based Attacks Increase, MFA-Thwarting Tactics Rise 

Security Boulevard

Multifactor authentication (MFA) push notification fatigue attacks are increasing and are proving more effective, according to Expel’s quarterly threat report, based on data from the company’s customer base.

Cybersecurity Pros Put Mastodon Flaws Under the Microscope

Dark Reading

As the open source social media network blows up due to Twitter's troubles, researchers caution about vulnerabilities within the application

Media 103

How to Avoid the Pain and Cost of PCI Compliance While Optimizing Payments

Speaker: P. Andrew Sjogren, Sr. Product Marketing Manager at Very Good Security, Matt Doka, Co-Founder and CTO of Fivestars, and Steve Andrews, President & CEO of the Western Bankers Association 

In this webinar, we have a great set of panelists who will take you through how Zero Data strategies can be used as part of a well-rounded compliance and security approach, and get you to market much sooner by also allowing for payment optimization. They’ll share how to grow your business faster and minimize costs for both security and compliance

How to hack an unpatched Exchange server with rogue PowerShell code

Naked Security

Review your servers, your patches and your authentication policies - there's a proof-of-concept out. Microsoft Uncategorized Vulnerability 0 day :ProxyNotShell CVE-2022-41040 CVE-2022-41082 Zero Day

Most popular passwords are 123456 and ILoveYou

CyberSecurity Insiders

Every year, NordPass makes it a point to release a report on the most popular passwords that are being used in the UK and as usual, it released a report even in this year as well.

Ducktail information stealer continues to evolve

Security Affairs

The operators behind the Ducktail information stealer continue to improve their malicious code, operators experts warn.

Microsoft: Popular IoT SDKs Leave Critical Infrastructure Wide Open to Cyberattack

Dark Reading

Chinese threat actors have already used the vulnerable and pervasive Boa server to infiltrate the electrical grid in India, in spate of malicious incidents

IoT 97

Back to the Office: Privacy and Security Solutions to Compliance Issues for 2021 and Beyond

Speaker: Mike Cramer, Director of HIPAA & Data Security at The Word & Brown Companies

Now that companies are slowly allowing employees to return to work at the office, it's time to re-evaluate your company’s posture towards privacy and security. Join Mike Cramer, Director of HIPAA & Data Security at The Word & Brown Companies, for a discussion that will focus on compliance and the types of privacy and security measures your company should be aware of, as well as tips and methods for implementing these measures.

‘This is Appalling’ — Tax-Prep Sites Leak PII to Facebook

Security Boulevard

Some incredibly personal details are being sent to Facebook, without your consent, using the “Meta Pixel.”. The post ‘This is Appalling’ — Tax-Prep Sites Leak PII to Facebook appeared first on Security Boulevard.

CISO 94

Details of Google going against Glupteba Botnet Operators

CyberSecurity Insiders

In December 2021, Google’s Threat Analysis Group (TAG) discovered the intense activities being conducted by Glupteba Botnet on the internet and filed a lawsuit in a district court of New York.

Black Friday and Cyber Monday, crooks are already at work

Security Affairs

Every year during Black Friday and Cyber Monday, crooks take advantage of the bad habits of users with fraudulent schema. Researchers at Bitdefender Antispam Lab have analyzed during the last weeks the fraudulent activities associated with Black Friday and Cyber Monday.

Retail 106

'Patch Lag' Leaves Millions of Android Devices Vulnerable

Dark Reading

Months after a fix was issued by a vendor, downstream Android device manufacturers still haven't patched, highlighting a troubling trend

Microsoft Defender protects Mac and Linux from malicious websites

Tech Republic Security

Now that attackers can phish employees on any device and try to extract credentials, endpoint protection has to cover more than just Windows. The post Microsoft Defender protects Mac and Linux from malicious websites appeared first on TechRepublic. Microsoft Security Software security software

Ransomware gang repents for spreading ransomware to AirAsia

CyberSecurity Insiders

Daixin, the Ransomware spreading group that hacked into the servers of AirAsia now seems to repent for its deeds, as it released a press statement that confirms that the victimized firm’s IT infrastructure, staff, and security are so poorly aligned that the said group of cyber criminals do not want to strike the same victim twice.

New improved versions of LodaRAT spotted in the wild

Security Affairs

Cisco Talos spotted multiple updated versions of LodaRAT that were deployed alongside other malware families, including RedLine and Neshta.

Hot Ticket: 'Aurora' Go-Based InfoStealer Finds Favor Among Cyber-Threat Actors

Dark Reading

The infostealer Aurora’s low detection rates and newcomer status are helping it fly under the radar, as more cybercriminal gangs target cryptocurrency wallets and communications apps

BSidesKC 2022 – Dale Hollis’ ‘Frustrating The PenTester With Active Directory’

Security Boulevard

Our sincere thanks to BSidesKC 2022 for publishing their outstanding conference videos on the organization's YouTube channel. Permalink. The post BSidesKC 2022 – Dale Hollis’ ‘Frustrating The PenTester With Active Directory’ appeared first on Security Boulevard.

Ransomware threats grow as new vulnerabilities and threat actors are identified

CyberSecurity Insiders

Researchers at Cyber Security Works, Ivanti, and Cyware identify new vulnerabilities, blindspots in popular network scanners, and emerging Advanced Persistent Threat (APT) groups in a joint ransomware report. By Aaron Sandeen, CEO and co-founder of Cyber Security Works.