Lohrman on Security
APRIL 30, 2023
Yes, generative AI stole the show at RSA Conference 2023 in San Francisco last week. Here’s a roundup of the top news from the biggest cybersecurity conference in the world.
Troy Hunt
MAY 3, 2023
I wish I'd read this blog post years ago. I don't have any expertise whatsoever to be guiding others through this process so please don't look at this as a "how to" But what I do have is an audience, and I've found that each time I've opened up about the more personal aspects of my life and where I've struggled ( such as my post a few years ago on dealing with stress ), I've had a huge amount of feedback from people that have been helped by it.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Krebs on Security
MAY 2, 2023
A sprawling online company based in Georgia that has made tens of millions of dollars purporting to sell access to jobs at the United States Postal Service (USPS) has exposed its internal IT operations and database of nearly 900,000 customers. The leaked records indicate the network’s chief technology officer in Pakistan has been hacked for the past year, and that the entire operation was created by the principals of a Tennessee-based telemarketing firm that has promoted USPS employment we
Schneier on Security
MAY 2, 2023
NIST has release a draft of Special Publication1800-38A: Migration to Post-Quantum Cryptography: Preparation for Considering the Implementation and Adoption of Quantum Safe Cryptography.” It’s only four pages long, and it doesn’t have a lot of detail—more “volumes” are coming, with more information—but it’s well worth reading.
Advertisement
Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.
The Last Watchdog
APRIL 30, 2023
The theme of RSA Conference 2023 — ‘stronger together’ — was certainly well chosen. Related: Demystifying ‘DSPM’ This was my nineteenth RSAC. I attended my first one in 2004, while covering Microsoft for USA TODAY. It certainly was terrific to see the cybersecurity industry’s premier trade event fully restored to its pre-Covid grandeur at San Francisco’s Moscone Center last week.
Tech Republic Security
MAY 4, 2023
Drawing from a recent HackerOne event, HackerOne study and GitLab survey, learn how economic uncertainties are driving budget cuts, layoffs and hiring freezes across the cybersecurity industry. The post HackerOne: How the economy is impacting cybersecurity teams appeared first on TechRepublic.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
|
Schneier on Security
MAY 3, 2023
New reporting from Wired reveals that the Department of Justice detected the SolarWinds attack six months before Mandient detected it in December 2020, but didn’t realize what they detected—and so ignored it. WIRED can now confirm that the operation was actually discovered by the DOJ six months earlier, in late May 2020but the scale and significance of the breach wasn’t immediately apparent.
The Last Watchdog
MAY 2, 2023
The rising complexity and prevalence of cybersecurity threats are making experts anxious. Related: Training employees to mitigate phishing It pressures working analysts to perform 24 hours’ worth of work in an 8-hour day. Automation could alleviate the burden on IT teams and cybersecurity professionals by shouldering some monotonous, time-consuming tasks.
Tech Republic Security
MAY 4, 2023
Storing passkeys directly on devices will cut down on successful phishing, Google suggests. Is it the beginning of the end for passwords? The post Google adds passkey option to replace passwords on Gmail and other account services appeared first on TechRepublic.
Security Boulevard
MAY 2, 2023
PATCH NOW! Oh, wait, you can’t: “You are no longer connected to the internet,” it sneers. The post New Apple ‘Rapid’ Update is Slow, Messy FAIL appeared first on Security Boulevard.
Advertisement
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
SecureList
MAY 4, 2023
Every once in a while, someone will come across malicious apps on Google Play that seem harmless at first. Some of the trickiest of these are subscription Trojans, which often go unnoticed until the user finds they have been charged for services they never intended to buy. This kind of malware often finds its way into the official marketplace for Android apps.
Bleeping Computer
MAY 3, 2023
An APT hacking group known as "Dragon Breath," "Golden Eye Dog," or "APT-Q-27" is demonstrating a new trend of using several complex variations of the classic DLL sideloading technique to evade detection. [.
Tech Republic Security
MAY 4, 2023
Read about the features of Ubuntu Pro, and find out how to get it on AWS. The post Ubuntu Pro now available on Amazon Web Services appeared first on TechRepublic.
Naked Security
APRIL 29, 2023
These malware peddlers are specifically going after Mac users. The hint's in the name: "Atomic macOS Stealer", or AMOS for short.
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
CSO Magazine
MAY 5, 2023
Google has announced a new entry-level cybersecurity certificate to teach learners how to identify common risks, threats, and vulnerabilities, as well as the techniques to mitigate them. Designed and taught by Google’s cybersecurity experts, the Google Cybersecurity Certificate aims to prepare learners for entry-level jobs in cybersecurity in less than six months with no prior experience required, create greater opportunities for people around the world, and help fill the growing number of open
Bleeping Computer
MAY 3, 2023
The City of Dallas, Texas, has suffered a Royal ransomware attack, causing it to shut down some of its IT systems to prevent the attack's spread. [.
Tech Republic Security
MAY 4, 2023
The U.K. government has released its annual Cyber Security Breaches Survey. Top cybersecurity threats, supply chain risks, incident responses and more are covered. The post Survey: State of cybersecurity in the UK appeared first on TechRepublic.
CyberSecurity Insiders
MAY 1, 2023
Companies that fail to protect their customers’ information are likely to face lawsuits in the year 2023, as impacted customers are no longer willing to tolerate such acts at the expense of their privacy and financial losses. This legal turn is supported by a study conducted by BakerHostetler, which confirms that lawsuits against companies that suffer data breaches are becoming more common and may increase by the end of this year.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
The Hacker News
MAY 5, 2023
A new Android subscription malware named Fleckpe has been unearthed on the Google Play Store, amassing more than 620,000 downloads in total since 2022. Kaspersky, which identified 11 apps on the official app storefront, said the malware masqueraded as legitimate photo editing apps, camera, and smartphone wallpaper packs. The apps have since been taken down.
Bleeping Computer
MAY 3, 2023
The Russian 'Sandworm' hacking group has been linked to an attack on Ukrainian state networks where WinRar was used to destroy data on government devices. [.
Tech Republic Security
MAY 5, 2023
Google, Apple, Microsoft and other tech giants, as well as the FIDO Alliance, password managers and identity management vendors are all moving to passkeys, thanks to FIDO2. The post RIP World Password Day appeared first on TechRepublic.
Graham Cluley
MAY 4, 2023
Businesses should patch their TP-Link routers as soon as possible, after the revelation that a legendary IoT botnet is targeting them for recruitment. Read more in my article on the Tripwire State of Security blog.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Naked Security
MAY 4, 2023
We've kept it short and simple, with no sermons, no judgmentalism, no tubthumping. and no BUY NOW buttons. Have a nice day!
SecureList
MAY 1, 2023
Can ChatGPT detect phishing links? Hearing all the buzz about the amazing applications of ChatGPT and other language models, our team could not help but ask this question. We work on applying machine learning technologies to cybersecurity tasks, specifically models that analyze websites to detect threats such as phishing. What if all our complex, multi-layered detection systems are now obsolete, and a single LLM (large language model) to rule them all can fight cybercriminals better than we do?
Tech Republic Security
MAY 2, 2023
Domain security firm Infoblox discovered a command-and-control exploit that, while extremely rare and complex, could be a warning growl from a new, as-yet anonymous state actor. The post Infoblox discovers rare Decoy Dog C2 exploit appeared first on TechRepublic.
Trend Micro
MAY 1, 2023
After months of dormancy, Earth Longzhi, a subgroup of advanced persistent threat (APT) group APT41, has reemerged using new techniques in its infection routine. This blog entry forewarns readers of Earth Longzhi’s resilience as a noteworthy threat.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Dark Reading
MAY 3, 2023
Chrome 117 will retire the lock icon and replace it with a "tune" icon, reflecting evolving cybersecurity standards.
CyberSecurity Insiders
MAY 3, 2023
By: Craig Debban , Chief Information Security Officer, QuSecure, Inc. As you may have noticed, daily headlines around quantum computing and its impact on technologies are becoming commonplace. This is driven by the fact that quantum computers will be able to perform certain types of calculations much faster than the classical computers we all use today.
Tech Republic Security
MAY 2, 2023
At the RSA Conference Akamai launched a new security platform for fake websites and touted its focus on protecting application protocol interfaces, or APIs. The post At RSA, Akamai put focus on fake sites, API vulnerabilities appeared first on TechRepublic.
Anton on Security
MAY 5, 2023
Security business is booming! Reportedly 38K people showed up for RSA 2023, and 600+ vendors did too. It is very clear from observing the large booths of many vendors (including some that are doing well unexpectedly ) that “there is lots of money in cyberland.” As somebody cynically pointed out to me, a huge booth at the RSA conference doesn’t indicate that the company is doing well — it only indicates that it was doing well 6–8 months ago when they paid for the booth … This aside, it is very cl
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Expert insights. Personalized for you.
260 
Let's personalize your content