Lohrman on Security
OCTOBER 16, 2022
What were the top cybersecurity themes, including several unexpected narratives, that emerged from the 2022 NASCIO Annual Conference held in Louisville, Ky., this past week?
Joseph Steinberg
OCTOBER 24, 2022
An online cybersecurity event with 2,500 people already logged in had to be cancelled after suspected cybercriminals launched a social engineering attack in the event’s chat window. According to multiple media reports, the Australian Institute of Company Directors had been scheduled to run an an online event today for nearly 5,000 registrants at which the organization planned to discuss its new “cybersecurity governance principles.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Schneier on Security
OCTOBER 3, 2022
This is interesting research : In this paper, we develop a new mechanism for detecting audio deepfakes using techniques from the field of articulatory phonetics. Specifically, we apply fluid dynamics to estimate the arrangement of the human vocal tract during speech generation and show that deepfakes often model impossible or highly-unlikely anatomical arrangements.
Krebs on Security
OCTOBER 31, 2022
A 26-year-old Ukrainian man is awaiting extradition from The Netherlands to the United States on charges that he acted as a core developer for Raccoon , a popular “malware-as-a-service” offering that helped paying customers steal passwords and financial data from millions of cybercrime victims. KrebsOnSecurity has learned that the defendant was busted in March 2022, after fleeing mandatory military service in Ukraine in the weeks following the Russian invasion.
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
Troy Hunt
OCTOBER 27, 2022
Just over 3 years ago now, I sat down at a makeshift desk (ok, so it was a kitchen table) in an Airbnb in Olso and built the authenticated API for Have I Been Pwned (HIBP). As I explained at the time, the primary goal was to combat abuse of the service and by adding the need to supply a credit card, my theory was that the bad guys would be very reluctant to, well, be bad guys.
Anton on Security
OCTOBER 12, 2022
This is my completely informal, uncertified, unreviewed and otherwise completely unofficial blog inspired by my reading of our fourth Threat Horizons Report ( full version ) that we just released ( the official blog for #1 report , my unofficial blog for #2 , my unofficial blog for #3 ). My favorite quotes from the report follow below: “in Q2 threat actors frequently targeted weak and default-password issues for initial compromise, factoring in over half of identified Incidents.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Joseph Steinberg
OCTOBER 6, 2022
A jury yesterday found former Uber security chief Joe Sullivan guilty of covering up a massive data breach; the conviction makes Sullivan likely to become the first executive to face prison time over the mishandling of a cyberattack. According to The New York Times , in 2016, while the Federal Trade Commission (FTC) was investigating an earlier breach of Uber’s computer systems, Sullivan learned of a subsequent compromise that affected more than 57 million Uber accounts.
Schneier on Security
OCTOBER 11, 2022
Interesting research: “ ImpNet: Imperceptible and blackbox-undetectable backdoors in compiled neural networks , by Tim Clifford, Ilia Shumailov, Yiren Zhao, Ross Anderson, and Robert Mullins: Abstract : Early backdoor attacks against machine learning set off an arms race in attack and defence development. Defences have since appeared demonstrating some ability to detect backdoors in models or even remove them.
Krebs on Security
OCTOBER 20, 2022
On October 10, 2022, there were 576,562 LinkedIn accounts that listed their current employer as Apple Inc. The next day, half of those profiles no longer existed. A similarly dramatic drop in the number of LinkedIn profiles claiming employment at Amazon comes as LinkedIn is struggling to combat a significant uptick in the creation of fake employee accounts that pair AI-generated profile photos with text lifted from legitimate users.
Troy Hunt
OCTOBER 7, 2022
Geez it's nice to be home 😊 It's nice to live in a home that makes you feel that way when returning from a place as beautiful as Bali 😊 This week's video is dominated by the whole discussion around this tweet: I love that part of the Microsoft Security Score for Identity in Azure improves your score if you *don't* enforce password rotation, what a sign of the times!
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Lohrman on Security
OCTOBER 2, 2022
How can we better plan, strategize and come up with new innovative ideas in our post-COVID world?
The Last Watchdog
OCTOBER 10, 2022
As digital technologies become more immersive and tightly integrated with our daily lives, so too do the corresponding intrusive attacks on user privacy. Related: The case for regulating facial recognition. Virtual reality (VR) is well positioned to become a natural continuation of this trend. While VR devices have been around in some form since well before the internet, the true ambition of major corporations to turn these devices into massively-connected social “metaverse” platforms has only r
Joseph Steinberg
OCTOBER 12, 2022
What can hospitals learn from an ex-CIA cybersecurity director and a cybersecurity-expert columnist read by millions of people? Join Bonnie Stith, former Director of the CIA’s Center for Cyber Intelligence , and and Joseph Steinberg, renowned cybersecurity expert witness and columnist , for a special, free educational webinar, Best Practices for Asset Risk Management in Hospitals.
Schneier on Security
OCTOBER 18, 2022
Everyone visiting Qatar for the World Cup needs to install spyware on their phone. Everyone travelling to Qatar during the football World Cup will be asked to download two apps called Ehteraz and Hayya. Briefly, Ehteraz is an covid-19 tracking app, while Hayya is an official World Cup app used to keep track of match tickets and to access the free Metro in Qatar.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Krebs on Security
OCTOBER 5, 2022
A recent proliferation of phony executive profiles on LinkedIn is creating something of an identity crisis for the business networking site, and for companies that rely on it to hire and screen prospective employees. The fabricated LinkedIn identities — which pair AI-generated profile photos with text lifted from legitimate accounts — are creating major headaches for corporate HR departments and for those managing invite-only LinkedIn groups.
Troy Hunt
OCTOBER 15, 2022
I decided to do something a bit different this week and mostly just answer questions from my talk at GOTO Copenhagen last week. I wasn't actually in Denmark this time, but a heap of really good questions came through and as I started reading them, I thought "this would actually make for a really good weekly update" So here we are, and those questions then spurned on a whole heap more from the live audience too so this week's video became one large Q&A.
Tech Republic Security
OCTOBER 13, 2022
The attack framework of probable Chinese origin used by cybercriminals has been discovered. The post New Alchimist attack framework hits Windows, Linux and Mac appeared first on TechRepublic.
The Last Watchdog
OCTOBER 19, 2022
Standards. Where would we be without them? Universally accepted protocols give us confidence that our buildings, utilities, vehicles, food and medicines are uniformly safe and trustworthy. At this moment, we’re in dire need of implementing standards designed to make digital services as private and secure as they need to be. Related: How matter addresses vulnerabilities of smart home devices.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Joseph Steinberg
OCTOBER 27, 2022
Have you been prioritizing Detection and Response over Protection when it comes to your cybersecurity strategy? All three, of course, are key pillars of the NIST cybersecurity framework – so, why are you prioritizing two of them over the third? In fact, in most cases, “Protect” should be the top priority. Join us for an insightful discussion with Joseph Steinberg and Venky Raju, as they discuss all manner of things related to proactive cybersecurity and Zero Trust.
Schneier on Security
OCTOBER 17, 2022
Suspected members of a European car-theft ring have been arrested : The criminals targeted vehicles with keyless entry and start systems, exploiting the technology to get into the car and drive away. As a result of a coordinated action carried out on 10 October in the three countries involved, 31 suspects were arrested. A total of 22 locations were searched, and over EUR 1 098 500 in criminal assets seized.
Krebs on Security
OCTOBER 11, 2022
Microsoft today released updates to fix at least 85 security holes in its Windows operating systems and related software, including a new zero-day vulnerability in all supported versions of Windows that is being actively exploited. However, noticeably absent from this month’s Patch Tuesday are any updates to address a pair of zero-day flaws being exploited this past month in Microsoft Exchange Server.
Troy Hunt
OCTOBER 29, 2022
Geez we've been getting hammered down here: Optus, MyDeal, Vinomofo, Medibank and now Australian Clinical Labs. It's crazy how much press interest there's been down here and whilst I think some of it is a bit hyperbolic, bringing the issue to the forefront and ensuring it's being discussed is certainly a good thing. Anyway, let's see what happens between now and next week's video, at this rate there'll be at least one more major Aussie breach to talk about!
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Tech Republic Security
OCTOBER 7, 2022
SecureWorks found that business email compromise still generates huge revenues for cybercriminals, while cyberespionage activities tend not to change so much. The post 2022 State of the Threat: Ransomware is still hitting companies hard appeared first on TechRepublic.
The Last Watchdog
OCTOBER 24, 2022
Employee security awareness is the most important defense against data breaches. Related: Leveraging security standards to protect your company. It involves regularly changing passwords and inventorying sensitive data. Cybercriminals view employees as a path of least resistance. As such, you should limit the amount of information that employees have access to.
Lohrman on Security
OCTOBER 30, 2022
Cyber summits were held this past week in Michigan and Kansas, and hot topics ranged from workforce development to ransomware to growing global cyber threats. Here’s a rundown.
Schneier on Security
OCTOBER 12, 2022
Researchers have used thermal cameras and ML guessing techniques to recover passwords from measuring the residual heat left by fingers on keyboards. From the abstract: We detail the implementation of ThermoSecure and make a dataset of 1,500 thermal images of keyboards with heat traces resulting from input publicly available. Our first study shows that ThermoSecure successfully attacks 6-symbol, 8-symbol, 12-symbol, and 16-symbol passwords with an average accuracy of 92%, 80%, 71%, and 55% respec
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Krebs on Security
OCTOBER 7, 2022
When U.S. consumers have their online bank accounts hijacked and plundered by hackers, U.S. financial institutions are legally obligated to reverse any unauthorized transactions as long as the victim reports the fraud in a timely manner. But new data released this week suggests that for some of the nation’s largest banks, reimbursing account takeover victims has become more the exception than the rule.
Troy Hunt
OCTOBER 22, 2022
Aussie breachapalooza! That what it feels like this week between Optus (ok, it was weeks ago but it's still in the news), Vinomofo, My Deal and the mother of all of them (at least as far as media interest goes), Medibank. That last one totally smashed my week out with unprecedented press enquiries, so is it any wonder I totally missed the Microsoft one?
Tech Republic Security
OCTOBER 27, 2022
SonicWall’s mid-year report update has been released with new information on malware, ransomware, cryptojacking and more. The post 2022 cyber threat report details growing trends appeared first on TechRepublic.
The Last Watchdog
OCTOBER 31, 2022
Here’s a frustrating reality about securing an enterprise network: the more closely you inspect network traffic, the more it deteriorates the user experience. Related: Taking a risk-assessment approach to vulnerabilities. Slow down application performance a little, and you’ve got frustrated users. Slow it down a lot, and most likely, whichever knob you just turned gets quickly turned back again—potentially leaving your business exposed.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Expert insights. Personalized for you.
230 
Let's personalize your content