CyberSecurity Insiders

JUNE 16, 2023

They typically safeguard web applications with application security tooling or Web Application Firewalls (WAF). Data loss at the API layer needs to be high on the list of priorities for security and privacy teams in addition to protecting sensitive data with SASE, CASB solutions and NextGen firewalls.

Risk 131

Risk Firewall Data breaches InfoSec 131

Digital Shadows

OCTOBER 23, 2024

The attacker gained initial access to two employee accounts by carrying out social engineering attacks on the organization’s help desk twice. Scattered Spider previously targeted telecommunications firms, likely to support its SIM-swapping activities that facilitate account takeovers.

Social Engineering 122

Social Engineering Engineering Accountability Backups 122

SecureWorld News

APRIL 17, 2022

It was once the case that cybersecurity technology consisted of little more than a firewall and antivirus software. You would choose a password that only you knew, and without that password, no one could get access to your account. This essentially fulfills the same role as a Google Account, with all of your passwords stored for you.

Cybersecurity 96

Cybersecurity Passwords Technology Password Management 96

CyberSecurity Insiders

JUNE 18, 2022

Last week the infosec community was hit with news about a new Windows 0-day vulnerability, Follina. The attacker can then install programs; view, change, or delete data; or create new accounts in the context allowed by the user’s rights. Mike Walters, President and Co-founder of Action1.

Risk 96

Risk Phishing InfoSec Antivirus 96

Cisco Security

JANUARY 28, 2021

When boiled down to its essence, InfoSec is all about risk mitigation, and risk is based on probability and impact. If you have a different kind of firewall, if you have a different kind of antivirus, you can get the same intel within the same dashboard. You don’t need to have just Cisco products.

Technology 131

Technology InfoSec Antivirus Architecture 131

eSecurity Planet

MARCH 31, 2022

Attackers may try to get their victims to reveal their date of birth, social security number, credit card information, or account passwords. Additionally, they may be able to manipulate these high-level employees into wiring large amounts of money into the attacker’s account. Whaling Defenses. Cybersecurity Awareness Training.

Phishing 131

Phishing Banking Social Engineering Scams 131

SecureWorld News

OCTOBER 19, 2023

Economic effects, including inflationary pressures, have had a broad impact across the InfoSec landscape," Smeaton said. Reanna Schultz is a cybersecurity professional and frequent SecureWorld speaker whose day job is as Team Leader of InfoSec at Garmin. These comments are her own and do not reflect those of her company, necessarily.

Cybersecurity 103

Cybersecurity CISO Education Phishing 103

SecureList

NOVEMBER 23, 2021

Further evolution of cyberthreats as a response to infosec tools and measures. For example, a popular tactic in spyware attacks is now to send phishing e-mails from compromised corporate mail accounts of a partner organization of the intended victim. Update firewalls and SSL VPN gateways in good time.

Spyware 138

Spyware Phishing Cybercrime Energy and Utilities 138

Security Boulevard

OCTOBER 11, 2023

I love using this one to help infosec professionals gauge how bad an incident is. Cross-account sharing of an image or snapshot with an unknown account. The entire management plane is on the Internet, so if an attacker gets credentials, you can’t stop them with a firewall or by shutting down access to a server.

Accountability 59

Accountability Internet Internet InfoSec 59

Digital Shadows

OCTOBER 23, 2024

The attacker gained initial access to two employee accounts by carrying out social engineering attacks on the organization’s help desk twice. Scattered Spider previously targeted telecommunications firms, likely to support its SIM-swapping activities that facilitate account takeovers.

Social Engineering 52

Social Engineering Engineering Accountability Backups 52

Andrew Hay

JUNE 29, 2017

The initial infection appears to involve a software supply-chain threat involving the Ukrainian company M.E.Doc, which develops tax accounting software, MeDoc. Checking out the new Petya variant – SANS ISC InfoSec Forums. Disable remote WMI and file sharing, where possible, in favor of more secure file sharing protocols.

Ransomware 45

Ransomware Firewall Malware InfoSec 45

Errata Security

SEPTEMBER 12, 2020

Infosec is a largely non-technical field. The (hypothetical) reason is that your organization immediately put a filter for port 22 on the firewalls, scanned the network for all SSH servers, and patched the ones they found. Sensitive servers need to have canary accounts that will trigger alarms if they ever get compromised.

InfoSec 75

InfoSec Passwords Accountability CISO 75

Notice Bored

NOVEMBER 14, 2020

A dubious firewall rule, for example, might be set to 'warn and log only', rather than simply being dropped from the ruleset, the reverse of how new firewall rules can be introduced.

Risk 52

Risk Firewall Accountability Information Security 52

Security Boulevard

OCTOBER 12, 2021

These machines are usually the heaviest guarded against attacks: they are protected by firewalls and monitored for suspicious activities. The network perimeter refers to public-facing machines exposed to people outside an organization’s network, like public web servers or even public cloud services.

Social Engineering 78

Social Engineering Penetration Testing Authentication Engineering 78

Security Boulevard

OCTOBER 10, 2022

Every aspect of human life is influenced and changed by machines — from visiting the doctor, to purchasing online, to accessing bank accounts, to flying on an airplane. Developers want to go incredibly fast and infosec wants to be secure even if it slows down development. Mon, 10/10/2022 - 08:15. Software is rapidly eating the world.

Digital transformation 59

Digital transformation Software Authentication InfoSec 59

eSecurity Planet

DECEMBER 3, 2021

Here are the top Twitter accounts to follow for the latest commentary, research, and much-needed humor in the ever-evolving information security space. Lots of accounts including Bezos, Elon Musk, Joe Biden, Barack Obama, Bill Gates, Mr Beast, and a ton more getting hacked for a bitcoin scheme. Exploit bugs not people.

Accountability 139

Accountability Cybersecurity Penetration Testing InfoSec 139

ForAllSecure

JANUARY 15, 2021

And what parallels might infosec learn from COVID-19? In this episode, Mike Ahmadi draws on his years of experience in infosec, his years hacking medical devices. If you’ve been in the infosec world as long as I have, you have probably encountered Mike Amadhi. Again, maybe infosec can learn from the biological pandemic.

Healthcare 52

Healthcare Hacking InfoSec Software 52

ForAllSecure

JANUARY 15, 2021

And what parallels might infosec learn from COVID-19? In this episode, Mike Ahmadi draws on his years of experience in infosec, his years hacking medical devices. If you’ve been in the infosec world as long as I have, you have probably encountered Mike Amadhi. Again, maybe infosec can learn from the biological pandemic.

Healthcare 52

Healthcare Hacking InfoSec Software 52

ForAllSecure

MAY 2, 2023

I’m Robert Vamosi and in this episode I’m talking about online criminal investigations conducted by someone who is inside the infosec community, and how your social media posts -- no matter how good you think you are about hiding -- can reveal a lot about your true identity. Daniel, he keeps a low profile. CLEMENS: I do.

Hacking 40

Hacking Media InfoSec Internet 40

ForAllSecure

MARCH 24, 2021

That meant I tested the release candidates -- not the final product you’d buy in the stores - for consumer-grade antivirus programs, desktop firewalls, and desktop Intrusion detection systems. Years ago, I was the lead security software reviewer at ZDNet and then at CNET. Shellshock, as a name, stuck and became the name going forward.

Software 52

Software Passwords Internet Internet 52

ForAllSecure

MARCH 24, 2021

That meant I tested the release candidates -- not the final product you’d buy in the stores - for consumer-grade antivirus programs, desktop firewalls, and desktop Intrusion detection systems. Years ago, I was the lead security software reviewer at ZDNet and then at CNET. Shellshock, as a name, stuck and became the name going forward.

Software 52

Software Passwords Internet Internet 52

eSecurity Planet

DECEMBER 19, 2023

The China News Service used to hijack permissions to invasively access and potentially take over subscribers’ Twitter, Sina Weibo, and Weixin accounts to push pro-Beijing content. It’s no secret that the SEC is now holding CISOs accountable for the risks organizations take on.

Cybersecurity 140

Cybersecurity CISO Government Technology 140

ForAllSecure

JANUARY 22, 2023

Having a common framework around vulnerabilities, around threats , helps us understand the infosec landscape better. Adam has more than 20 years in the infosec world, and he even helped create the CVE system that we all use today. STRIDE provides an easy mnemonic. And why should he? Here, many of us have seen Star Wars: A New Hope.

Engineering 40

Engineering Technology Information Security Authentication 40

DoublePulsar

DECEMBER 28, 2023

Three of the victims are cybersecurity vendors, and I suspect they may have access to another larger infosec vendor that they haven’t disclosed. So even if you firewall off all incoming network traffic, if outgoing traffic is allowed they can still reach back to the server. Yes, hacks now lead to *checks notes* war lobbying.

Backups 78

Backups DDOS Accountability Hacking 78