CyberSecurity Insiders

APRIL 23, 2023

In recent years, the term “offensive cyber capabilities” has become increasingly common in discussions around national security and military strategies. Offensive cyber capabilities refer to the ability of a nation or organization to launch cyber attacks on other countries, groups, or individuals. Offensive cyber capabilities are a powerful tool in modern warfare, as they can be used to disrupt enemy operations, steal sensitive information, and even cause physical damage to infrastru

Cyber Attacks 121

Cyber Attacks Technology Government Ransomware 121

Schneier on Security

APRIL 24, 2023

In an open letter , seven secure messaging apps—including Signal and WhatsApp—point out that the UK’s Online Safety Bill could destroy end-to-end encryption: As currently drafted, the Bill could break end-to-end encryption,opening the door to routine, general and indiscriminate surveillance of personal messages of friends, family members, employees, executives, journalists, human rights activists and even politicians themselves, which would fundamentally undermine everyone’s ab

Encryption 330

Encryption Surveillance Government 330

Krebs on Security

APRIL 27, 2023

A shocking number of organizations — including banks and healthcare providers — are leaking private and sensitive information from their public Salesforce Community websites, KrebsOnSecurity has learned. The data exposures all stem from a misconfiguration in Salesforce Community that allows an unauthenticated user to access records that should only be available after logging in.

Banking 317

Banking Government Information Security Authentication 317

Joseph Steinberg

APRIL 25, 2023

It is hardly a secret that, for nearly 30 years, I have been warning about the danger posed to US national security by the simultaneous combination of our growing reliance on Chinese technology, and our general indifference to China’s huge technological “leaps forward” in the realm of cybersecurity. At the same time, I do use Tik Tok, an app that many American officials would like to ban due to the app being owned and operated by a Chinese concern.

Cybersecurity 244

Cybersecurity Artificial Intelligence Software Manufacturing 244

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Troy Hunt

APRIL 27, 2023

I stand by my expression in the image above. It's a perfectly accurate representation of how I looked after receiving the CityJerks breach, clicking on the link to the website then seeing what it actually was 😳 Fortunately, the published email address on their site did go through to someone at TruckerSucker (😳😳) so they're aware of the breach and that it's circulating broadly via a public hacking website.

Accountability 216

Accountability Hacking 216

Schneier on Security

APRIL 27, 2023

Stanford and Georgetown have a new report on the security risks of AI—particularly adversarial machine learning—based on a workshop they held on the topic. Jim Dempsey, one of the workshop organizers, wrote a blog post on the report: As a first step, our report recommends the inclusion of AI security concerns within the cybersecurity programs of developers and users.

Risk 267

Risk Cybersecurity Government Engineering 267

We Live Security

APRIL 26, 2023

ESET Research uncovers a campaign by the APT group known as Evasive Panda targeting an international NGO in China with malware delivered through updates of popular Chinese software The post Evasive Panda APT group delivers malware via updates for popular Chinese software appeared first on WeLiveSecurity

Software 145

Software Malware 145

Security Boulevard

APRIL 25, 2023

2FA OTP ASAP? Google Authenticator app now syncs your secrets: No stress if you break your phone. The post FINALLY! Google Makes 2FA App Useable — BUT There’s a Catch appeared first on Security Boulevard.

Authentication 144

Authentication Social Engineering Engineering Security Awareness 144

Schneier on Security

APRIL 25, 2023

Following a report on its activities , the Israeli spyware company QuaDream has shut down. This was QuadDream: Key Findings Based on an analysis of samples shared with us by Microsoft Threat Intelligence , we developed indicators that enabled us to identify at least five civil society victims of QuaDream’s spyware and exploits in North America, Central Asia, Southeast Asia, Europe, and the Middle East.

Manufacturing 266

Manufacturing Spyware Internet Internet 266

Tech Republic Security

APRIL 28, 2023

Data synced between devices with the new Google Authenticator app update could be viewed by third parties. Google says the app works as planned. The post Google’s 2FA app update lacks end-to-end encryption, researchers find appeared first on TechRepublic.

Encryption 182

Encryption Authentication Big data Mobile 182

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

CSO Magazine

APRIL 28, 2023

The Cloud Security Alliance (CSA) has revealed five ways malicious actors can use ChatGPT to enhance their attack toolset in a new report exploring the cybersecurity implications of large language models (LLMs). The Security Implications of ChatGPT paper details how threat actors can exploit AI-driven systems in different aspects of cyberattacks including enumeration, foothold assistance, reconnaissance, phishing, and the generation of polymorphic code.

Phishing 138

Phishing Cybersecurity 138

Security Boulevard

APRIL 28, 2023

40-year-old code: Starting with ancient, vulnerable legacy, Redmond team is rewriting chunks in the trendy secure language. The post Rust in Windows — it’s Official — Safe and Fast appeared first on Security Boulevard.

IoT 143

IoT Security Awareness Ransomware Cybersecurity 143

Schneier on Security

APRIL 28, 2023

My latest book, A Hacker’s Mind , is filled with stories about the rich and powerful hacking systems, but it was hard to find stories of the hacking by the less powerful. Here’s one I just found. An article on how layoffs at big companies work inadvertently suggests an employee hack to avoid being fired: …software performs a statistical analysis during terminations to see if certain groups are adversely affected, said such reviews can uncover other problems.

Hacking 246

Hacking Software 246

Tech Republic Security

APRIL 26, 2023

This recent survey reveals the top 10 companies seeking cybersecurity professionals; the list includes Deloitte, VMware and IBM. The post Find high-paying cybersecurity and IT support jobs in these U.S. cities appeared first on TechRepublic.

Cybersecurity 169

Cybersecurity 169

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

CSO Magazine

APRIL 27, 2023

Cyber experts from the SANS Institute have revealed the five most dangerous new attack techniques being used by attackers including cyber criminals and nation-state actors. They were presented in a session at the RSA Conference in San Francisco, where a panel of SANS analysts explored emerging Tactics, Techniques, and Procedures (TTPs) and advised organizations on how to prepare for them.

Social Engineering 137

Social Engineering Cyber Attacks Advertising Engineering 137

CyberSecurity Insiders

APRIL 28, 2023

Google has issued a ban on approximately 173,000 application developers who tried various methods to get their software published on its Play Store. The web search giant has officially confirmed that it has weeded out a large number of bad accounts and has announced that it will raise the bar even further this year. According to a source at the technology giant, the company has taken stringent action against those spreading malware and spying tools under the guise of renowned applications and wi

Accountability 135

Accountability Internet Internet Government 135

WIRED Threat Level

APRIL 27, 2023

No matter what happens with generative AI, its disruptive forces are already beginning to play a role in the fast-approaching US presidential race.

Artificial Intelligence 143

Artificial Intelligence 143

Tech Republic Security

APRIL 28, 2023

The U.S., Europe and Ukraine are reportedly targets in this malware threat. Learn how to protect affected Cisco routers. The post Threat actor APT28 targets Cisco routers with an old vulnerability appeared first on TechRepublic.

Malware 165

Malware Cybersecurity Network Security 165

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Bleeping Computer

APRIL 22, 2023

The enterprise-targeting Bumblebee malware is distributed through Google Ads and SEO poisoning that promote popular software like Zoom, Cisco AnyConnect, ChatGPT, and Citrix Workspace. [.

Malware 128

Malware Ransomware Software 128

CSO Magazine

APRIL 24, 2023

One of the greatest fears among government officials and security experts is a crippling cyberattack on industrial organizations that run essential services, including electricity, water, oil and gas production, and manufacturing systems. The proprietary and complex nature of the operational technology (OT) tools used in these systems, not to mention their rapid convergence with IT technology, makes securing OT systems a chronic, high-stakes challenge.

Manufacturing 126

Manufacturing Technology Government 126

Security Boulevard

APRIL 24, 2023

Torq, today at the RSA 2023 conference, launched a hyperautomation platform for automating cybersecurity workflows and processes that includes an analytics capability enabled by a generative artificial intelligence (AI) capability. Torq co-founder and CTO Leonid Belkin said the Torq Hyperautomation Platform is distinguished from legacy security operations automation and response (SOAR) platforms in that it.

Artificial Intelligence 124

Artificial Intelligence Cybersecurity 124

Tech Republic Security

APRIL 25, 2023

Cisco took the stage at RSA 2023 to tout extended detection and response as key to a unified cross-domain security platform, plus new Duo MFA features. The post RSA: Cisco launches XDR, with focus on platform-based cybersecurity appeared first on TechRepublic.

Cybersecurity 162

Cybersecurity Authentication 162

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

CyberSecurity Insiders

APRIL 27, 2023

Apple Inc’s released products are known for their progressive innovation, and the best example to prove it is the invention of a glass-driven touch screen that was first introduced to the world via the first iPhone in-series and is now a part of every electronic appliance in today’s world. As expected, the next version of iOS 17, which might be unveiled in about a couple of months or so, is also expected to have mind-blowing features, and leaks suggest that it will include a feature that c

Software 123

Software Technology Hacking Cybersecurity 123

CSO Magazine

APRIL 24, 2023

The hacking group responsible for the supply-chain attack targeting VoIP company 3CX also breached two critical infrastructure organizations in the energy sector and two financial trading organizations using the trojanized X_TRADER application, according to a report by Symantec. Among the two affected critical infrastructure organizations, one is located in the US while the other is in Europe, Symantec told Bleeping Computer.

Hacking 125

Hacking 125

Bleeping Computer

APRIL 24, 2023

A new side-channel attack impacting multiple generations of Intel CPUs has been discovered, allowing data to be leaked through the EFLAGS register. [.

135

135

Tech Republic Security

APRIL 24, 2023

PURPOSE This Mobile Device Security Policy from TechRepublic Premium provides guidelines for mobile device security needs in order to protect businesses and their employees. This policy can be customized as needed to fit the needs of your organization. From the policy: REQUIREMENT FOR USERS If using a company-owned device, ensure that all mobile device use.

Mobile 142

Mobile 142

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

CyberSecurity Insiders

APRIL 25, 2023

The Quad nations comprising India, Japan, Australia, and the United States will reach an agreement on how to create a collective approach to blocking cyber attacks on critical public infrastructure, such as the power and communication sectors. The Quad countries have devised a plan to meet next month in Australia to reach an agreement on how to involve, deal with, and address state-funded attacks on national infrastructure.

Cyber Attacks 123

Cyber Attacks Ransomware Cybersecurity 123

Security Boulevard

APRIL 26, 2023

When the Cybersecurity and Infrastructure Security Agency (CISA) announced its guidelines to promote better security of the software supply chain, the agency touted the software bill of materials (SBOM) as “a key building block in software security and software supply chain risk management.” One of the key areas in CISA’s strategy is to improve security.

Software 122

Software Risk Cybersecurity Security Awareness 122

WIRED Threat Level

APRIL 28, 2023

In May 2020, the US Department of Justice noticed Russian hackers in its network but did not realize the significance of what it had found for six months.

Hacking 132

Hacking 132

Tech Republic Security

APRIL 23, 2023

PURPOSE Every enterprise needs to establish a plan of action to assess and then recover from unauthorized access to its network. This policy from TechRepublic Premium provides a foundation from which to start building your specific procedures. From the policy: ASSIGN AN INCIDENT RESPONSE TEAM An incident response team should be put together and a. The post Incident response policy appeared first on TechRepublic.

124

124

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity