Mon.Oct 30, 2023

article thumbnail

Author Q&A: Here’s why the good guys must continually test the limitations of ‘EDR’

The Last Watchdog

A new tier of overlapping, interoperable, highly automated security platforms must, over the next decade, replace the legacy, on-premise systems that enterprises spent multiple kings’ fortunes building up over the past 25 years. Related: How ‘XDR’ defeats silos Now along comes a new book, Evading EDR: The Definitive Guide for Defeating Endpoint Detection Systems , by a red team expert, Matt Hand, that drills down a premier legacy security system that is in the midst of this transitio

article thumbnail

Hacking Scandinavian Alcohol Tax

Schneier on Security

The islands of Åland are an important tax hack : Although Åland is part of the Republic of Finland, it has its own autonomous parliament. In areas where Åland has its own legislation, the group of islands essentially operates as an independent nation. This allows Scandinavians to avoid the notoriously high alcohol taxes: Åland is a member of the EU and its currency is the euro, but Åland’s relationship with the EU is regulated by way of a special protocol.

Hacking 280
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Microsoft Exposes Octo Tempest, One of the Most Dangerous Financial Threat Actors to Date

Tech Republic Security

Microsoft exposes Octo Tempest, an English-speaking threat actor that runs extortion, encryption and destruction campaigns at a wide variety of industries. Protect your company from Octo Tempest with these tips.

article thumbnail

Canada bans WeChat and Kaspersky apps on government-issued mobile devices

Security Affairs

Canada banned the Chinese messaging app WeChat and Kaspersky antivirus on government mobile devices due to privacy and security risks. The Government of Canada announced a ban on the use of the WeChat and Kaspersky applications on government-issued mobile devices due to privacy and security risks. The ban will be effective starting from October 30, 2023, after this date, the apps will be uninstalled from the devices and users will be blocked from downloading the apps. “The Chief Informatio

Mobile 141
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Get a Lifetime of Secure VPN Protection for Just $28.97 Until 10/31

Tech Republic Security

Keep your most sensitive data safe and access your favorite content no matter where you are with a lifetime VPN subscription offered at an exclusive price drop.

VPN 150
article thumbnail

StripedFly, a complex malware that infected one million devices without being noticed

Security Affairs

A sophisticated malware tracked as StripedFly remained undetected for five years and infected approximately one million devices. Researchers from Kaspersky discovered a sophisticated malware, dubbed StripedFly, that remained under the radar for five years masquerading as a cryptocurrency miner. In 2022, the researchers detected within the WININIT.EXE process an older code that was associated with the NSA-linked Equation malware.

Malware 141

More Trending

article thumbnail

Wiki-Slack attack allows redirecting business professionals to malicious websites

Security Affairs

eSentire researchers devised a new attack technique, named Wiki-Slack attack, that can be used to redirect business professionals to malicious websites. eSentire Threat Response Unit (TRU) security researchers discovered a new attack technique, named Wiki-Slack attack, that can be used to redirect business professionals to malicious websites. The attackers choose a subject in Wikipedia that can be of interest to the potential victims, then they will go to the first page of the Wikipedia entry

Malware 139
article thumbnail

20 scary cybersecurity facts and figures for a haunting Halloween

We Live Security

Cybersecurity Awareness Month draws to a close and Halloween is just around the corner, so here is a bunch of spine-tingling figures about some very real tricks and threats lurking online

article thumbnail

HackerOne awarded over $300 million bug hunters

Security Affairs

HackerOne announced that it has awarded over $300 million bug hunters as part of its bug bounty programs since the launch of its platform. HackerOne announced that it has surpassed $300 million in total all-time rewards on the HackerOne platform. Thirty white hat hackers have earned more than one million dollars submitting vulnerabilities through the platform, with one hacker surpassing four million dollars in total earnings.

article thumbnail

CyberSecurity: The Most Important Thing To Do

Joseph Steinberg

Few days go by without someone asking me some form of one of the following types of questions: “What is your number one cybersecurity tip?” “What is the most important thing that I should do in order to stay cyber-secure?” “What would you do if you had to protect my business online but could only choose one ‘cybersecurity thing’ to do?

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Florida man sentenced to prison for SIM Swapping conspiracy that led to theft of $1M in cryptocurrency

Security Affairs

A man from Orlando was sentenced to prison for SIM Swapping conspiracy that led to the theft of approximately $1M in cryptocurrency. Jordan Dave Persad (20), from Orlando, Florida, was sentenced to 30 months in prison for SIM Swapping conspiracy, followed by three years of supervised release. He pleaded guilty to Conspiracy to Commit Computer Fraud.

article thumbnail

How to Associate an Apple ID with a Second iPhone That Has Completed Setup

Tech Republic Security

Learn how to easily associate an Apple ID with a second iPhone to access all your apps, media and iCloud services seamlessly with this step-by-step guide.

Media 127
article thumbnail

Meta Launches Paid Ad-Free Subscription in Europe to Satisfy Privacy Laws

The Hacker News

Meta on Monday announced plans to offer an ad-free option to access Facebook and Instagram for users in the European Union (EU), European Economic Area (EEA), and Switzerland to comply with "evolving" data protection regulations in the region. The ad-free subscription, which costs €9.99/month on the web or €12.

119
119
article thumbnail

Google Dynamic Search Ads Abused to Unleash Malware 'Deluge'

Dark Reading

An advanced feature of Google targeted ads can allow a rarely precedented flood of malware infections, rendering machines completely useless.

Malware 117
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

What Is Sensitive Information? How to Classify & Protect It

Digital Guardian

Curious how sensitive information differs from personal information? We break down examples, what can happen when that data is exposed, and best practices for protecting sensitive data in this blog.

111
111
article thumbnail

Boeing Breached by Ransomware, LockBit Gang Claims

Dark Reading

LockBit gives Boeing a Nov. 2 deadline to pay the ransom or have its sensitive documents leaked to the public, but it hasn't given evidence of the compromise.

article thumbnail

EleKtra-Leak Cryptojacking Attacks Exploit AWS IAM Credentials Exposed on GitHub

The Hacker News

A new ongoing campaign dubbed EleKtra-Leak has set its eyes on exposed Amazon Web Service (AWS) identity and access management (IAM) credentials within public GitHub repositories to facilitate cryptojacking activities.

107
107
article thumbnail

Exploit released for critical Cisco IOS XE flaw, many hosts still hacked

Bleeping Computer

Public exploit code is now available for the critical Cisco IOS XE vulnerability tracked as CVE-2023-20198 that was leveraged as a zero-day to hack tens of thousands of devices. [.

Hacking 107
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

Top 50 Cybersecurity Threats

Tech Republic Security

Cybercriminals continue to look for new and innovative ways to infiltrate organizations. As threats continue to grow and evolve, you need to understand what your organization is up against to defend against cybersecurity threats from criminals who exploit vulnerabilities to gain access to networks, data and confidential information. This book arms you with 50 of.

article thumbnail

UAE Bolsters Cyber Future With US Treasury Partnership, Collaborations

Dark Reading

A determination to be taken seriously as a cyber player sees the United Arab Emirates announce a series of collaborations.

96
article thumbnail

The Essential Guide to Security Data

Tech Republic Security

Organizations must use every available resource to protect against the latest cyberattacks, the persistent nature of advanced threats, as well as the ease with which malware can cripple an entire network. One of the most important — and often overlooked — resources that organizations can tap into to solve these security challenges is data. This.

Malware 100
article thumbnail

UAE Cyber Council Warns of Google Chrome Vulnerability

Dark Reading

The country has issued a recommendation to update after a high-risk vulnerability was disclosed last week in the browser.

Risk 96
article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

article thumbnail

New Webinar: 5 Must-Know Trends Impacting AppSec

The Hacker News

Modern web app development relies on cloud infrastructure and containerization. These technologies scale on demand, handling millions of daily file transfers – it's almost impossible to imagine a world without them.

article thumbnail

Ingenious Phishing Tactics in the Modern Scammer's Toolbox

SecureWorld News

When it comes to impactful types of internet-borne crime, phishing is the name of the game. And for good reason. It serves as a vessel for various strains of malware, including ransomware, and underlies data-stealing campaigns that target large organizations and individuals alike. According to Verizon's 2023 Data Breach Investigations Report (DBIR), a whopping 74% of breaches involve a human element, which is exactly what phishing aims to exploit.

article thumbnail

What the Boardroom Is Missing: CISOs

Dark Reading

From communicating why security should be a priority to advocating for accountability and greater focus on protecting data in the cloud, CISOs can make the case for keeping people and sensitive data secure.

CISO 93
article thumbnail

The Top 5: What You’ll Bring to the Table With the New CompTIA Security+

CompTIA on Cybersecurity

The new CompTIA Security+ represents the latest and greatest in cybersecurity, covering the most in-demand skills and current trends.

article thumbnail

Introducing CDEs to Your Enterprise

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

article thumbnail

The CISO Report: Emerging Trends, Threats, and Strategies for Security Leaders

Tech Republic Security

The job of a chief information security officer (CISO) isn’t what it used to be — in fact, 86% of CISOs say their role has changed so much since they started, it’s almost a different job. More CISOs are emerging as cybersecurity strategists and leaders, participating in board level committees and growing their influence within.

CISO 91
article thumbnail

Weekly Vulnerability Recap – October 30, 2023 – Citrix & Cisco Haunted by Vulnerabilities

eSecurity Planet

Is it better to stress now, or stress more later? Organizations that possess effective patch and vulnerability management suffer stress earlier as vulnerabilities are announced and their teams work hard to eliminate them. Organizations that don’t patch promptly likely suffer additional stress when the unpatched vulnerabilities are targeted by attackers.

article thumbnail

Securing Modern Enterprises in a Borderless Landscape

Dark Reading

CISOs offer recommendations to help secure identities, data, code, and cloud infrastructure and protect against evolving threats and vulnerabilities.

CISO 85
article thumbnail

The SIEM Buyer’s Guide

Tech Republic Security

With a data-driven, modern security information and event management (SIEM) solution, your organization can strengthen cybersecurity, drive resilience and unlock innovation across cloud, multicloud and hybrid environments. Download The SIEM Buyer’s Guide to discover how the right SIEM solution can help you: Gain full visibility across your environment.

article thumbnail

IT Leadership Agrees AI is Here, but Now What?

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.