Sat.Oct 22, 2022 - Fri.Oct 28, 2022

article thumbnail

Cybersecurity Event Cancelled After Being Hit By Cybercriminals

Joseph Steinberg

An online cybersecurity event with 2,500 people already logged in had to be cancelled after suspected cybercriminals launched a social engineering attack in the event’s chat window. According to multiple media reports, the Australian Institute of Company Directors had been scheduled to run an an online event today for nearly 5,000 registrants at which the organization planned to discuss its new “cybersecurity governance principles.

article thumbnail

Critical Vulnerability in Open SSL

Schneier on Security

There are no details yet, but it’s really important that you patch Open SSL 3.x when the new version comes out on Tuesday. How bad is “Critical”? According to OpenSSL, an issue of critical severity affects common configurations and is also likely exploitable. It’s likely to be abused to disclose server memory contents, and potentially reveal user details, and could be easily exploited remotely to compromise server private keys or execute code execute remotely.

290
290
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Big Changes are Afoot: Expanding and Enhancing the Have I Been Pwned API

Troy Hunt

Just over 3 years ago now, I sat down at a makeshift desk (ok, so it was a kitchen table) in an Airbnb in Olso and built the authenticated API for Have I Been Pwned (HIBP). As I explained at the time, the primary goal was to combat abuse of the service and by adding the need to supply a credit card, my theory was that the bad guys would be very reluctant to, well, be bad guys.

article thumbnail

FIRESIDE CHAT: Timely employee training, targeted testing needed to quell non-stop phishing

The Last Watchdog

Humans are rather easily duped. And this is the fundamental reason phishing persists as a predominant cybercriminal activity. Related: How MSSPs help secure business networks. Tricking someone into clicking to a faked landing page and typing in their personal information has become an ingrained pitfall of digital commerce. The deleterious impact on large enterprises and small businesses alike has been – and continues to be — profound.

Phishing 234
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

What Should CISOs Prioritize In A Volatile Landscape?: A Webinar With Top CyberSecurity Columnist Joseph Steinberg

Joseph Steinberg

Have you been prioritizing Detection and Response over Protection when it comes to your cybersecurity strategy? All three, of course, are key pillars of the NIST cybersecurity framework – so, why are you prioritizing two of them over the third? In fact, in most cases, “Protect” should be the top priority. Join us for an insightful discussion with Joseph Steinberg and Venky Raju, as they discuss all manner of things related to proactive cybersecurity and Zero Trust.

CISO 245
article thumbnail

Australia Increases Fines for Massive Data Breaches

Schneier on Security

After suffering two large, and embarrassing, data breaches in recent weeks, the Australian government increased the fine for serious data breaches from $2.2 million to a minimum of $50 million. (That’s $50 million AUD, or $32 million USD.). This is a welcome change. The problem is one of incentives, and Australia has now increased the incentive for companies to secure the personal data or their users and customers.

More Trending

article thumbnail

Urgent: Patch OpenSSL on November 1 to avoid “Critical” Security Vulnerability

GlobalSign

A critical vulnerability has been discovered in current versions of OpenSSL and will need to be patched immediately. The OpenSSL Project will release version 3.0.7 on Tuesday, November 1st, 2022. This is a critical update that needs to be made immediately.

145
145
article thumbnail

Cybercriminals Use Fake Public PoCs to Spread Malware and Steal Data

eSecurity Planet

GitHub proofs of concept (PoCs) for known vulnerabilities could themselves contain malware as often as 10% of the time, security researchers have found. Researchers at the Leiden Institute of Advanced Computer Science have alerted security professionals about risks associated with GitHub and other platforms like pastebin that host public PoCs of exploits for known vulnerabilities.

Malware 142
article thumbnail

CISA says hospitals should be wary of new Daixin Team Ransomware

CyberSecurity Insiders

United States Cybersecurity and Infrastructure Security Agency(CISA) has issued an advisory to all hospitals and healthcare providers about a new ransomware dubbed ‘Daixin Team’ doing rounds on the internet. Information is out that the said hackers group is spreading malware to healthcare and the public sector and is demanding cryptocurrency in Bitcoins for an exchange of decryption key.

article thumbnail

Cranefly uses new communication technique in attack campaigns

Tech Republic Security

A threat actor dubbed "Cranefly" uses a new technique for its communications on infected targets. The post Cranefly uses new communication technique in attack campaigns appeared first on TechRepublic.

Malware 161
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Chrome extensions with 1 million installs hijack targets’ browsers

Bleeping Computer

Researchers at Guardio Labs have discovered a new malvertizing campaign pushing Google Chrome and Microsoft Edge extensions that hijack searches and insert affiliate links into webpages. [.].

140
140
article thumbnail

OpenSSL ‘CRITICAL’ Bug — Sky Falling — Patch Hits 11/1

Security Boulevard

OpenSSL has a new ‘critical’ bug. But it’s a secret until next month. The post OpenSSL ‘CRITICAL’ Bug — Sky Falling — Patch Hits 11/1 appeared first on Security Boulevard.

article thumbnail

Adoption of Secure Cloud Services in Critical Infrastructure

CyberSecurity Insiders

Adoption of cloud services, whether consumed as 3 rd party services provided by various vendors or in the form in-house developed software and/or services leveraging Platform-as-a-Service (PaaS) from major Cloud Service Providers (CSPs) has been steadily on the rise in critical infrastructure (CI) related industries [i]. This represents a significant shift for such industries which have traditionally relied on isolation via air-gapped networks.

IoT 134
article thumbnail

Optimize and secure your team’s Apple devices with Jamf Now

Tech Republic Security

Learn how Jamf Now’s features can streamline your company’s Apple mobile device management. The post Optimize and secure your team’s Apple devices with Jamf Now appeared first on TechRepublic.

Mobile 156
article thumbnail

The Importance of User Roles and Permissions in Cybersecurity Software

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

article thumbnail

Multiple vulnerabilities affect the Juniper Junos OS

Security Affairs

Juniper Networks devices are affected by multiple high-severity issues, including code execution vulnerabilities. Multiple high-severity security vulnerabilities have been discovered in Juniper Networks devices. “Multiple vulnerabilities have been found in the J-Web component of Juniper Networks Junos OS. One or more of these issues could lead to unauthorized local file access, cross-site scripting attacks, path injection and traversal, or local file inclusion.” reads the advisory pu

article thumbnail

Why the Math Around Adaptive AI is Painful

Security Boulevard

Why the Math Around Adaptive AI is Painful. Artificial intelligence (AI) is expensive. Companies driving costs down while investing in digital transformations to become more agile, lean, and profitable, I get the physics! Just don’t look too deep into it yet. Artificial intelligence strategies are not built on being a costing savings model. Adaptive artificial intelligence and machine learning business models combine the promise to process, automation, and respond with sheer velocity; many organ

article thumbnail

Employees leaving jobs because of Cyber Attacks

CyberSecurity Insiders

Encore, a security stack management business held a survey recently and found that employees will leave their jobs on a respective note as their business firm has fallen victim to a cyber attack. The study was conducted on C-suite employees, CIOs and CTOs and some office workers among whom about 60% of them believed they will leave their jobs as soon as a digital attack strikes their firm.

article thumbnail

What is data migration?

Tech Republic Security

In business and technology, migrating data means moving it from one system or platform to another. Learn the processes and challenges of data migration. The post What is data migration? appeared first on TechRepublic.

article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

Heartbleed 2.0? OpenSSL Warns of Second-Ever Critical Security Flaw

eSecurity Planet

The OpenSSL project this week announced plans to release version 3.0.7 on November 1 to patch a critical security flaw affecting versions 3.0 and later. Co-founder Mark J. Cox noted it’s only the second critical patch “since we started rating flaws back in 2014.” OpenSSL identifies critical issues as those affecting common configurations and likely to be exploitable, with examples including “significant disclosure of the contents of server memory (potentially revealing us

article thumbnail

Car dealer group Pendragon refuses to pay $60 million to ransomware extortionists

Graham Cluley

Pendragon - the car dealership group which owns Evans Halshaw, CarStore, and Stratstone, and operates around 160 showrooms across the UK - has confirmed that its IT servers have been hacked by cybercriminals who claim to have stolen five per cent of its data.

article thumbnail

What Cybersecurity Professionals Can Learn from First Responders

Security Boulevard

We’re almost at the end of Cybersecurity Awareness Month. For me, working in the cybersecurity space truly is a rewarding experience. It has been more than just a job or even a career. Working with solutions that protect companies from cyberattacks makes me proud. In some ways, it is a calling similar to the calling …. Read More. The post What Cybersecurity Professionals Can Learn from First Responders appeared first on Security Boulevard.

article thumbnail

The most dangerous and destructive ransomware groups of 2022

Tech Republic Security

As ransomware attacks continued this year, a few key groups inflicted some of the greatest damage to their victims. The post The most dangerous and destructive ransomware groups of 2022 appeared first on TechRepublic.

article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

Apple backports fixes for CVE-2022-42827 zero-day to older iPhones, iPads

Security Affairs

Apple released updates to backport the recently released security patches for CVE-2022-42827 zero-day to older iPhones and iPads. Apple has released new security updates to backport security patches released this week to address actively exploited CVE-2022-42827 in older iPhones and iPads, addressing an actively exploited zero-day bug. Early this week, Apple addressed the ninth zero-day vulnerability exploited in attacks in the wild since the start of the year.

Hacking 134
article thumbnail

LinkedIn added new security features to weed out fraud and fake profiles

CyberSecurity Insiders

LinkedIn is a professional social media platform where learnt people interact to take their businesses to next level. But there are N number of instances where the platform has/is serving as a medium for criminals to create fake profiles to lure C-level employees with malicious intentions, sell fake counterfeit products, and act as a medium to conduct monetary scams.

Scams 131
article thumbnail

BrandPost: Cybersecurity Executives Say These are the Most Pressing Challenges They Face

CSO Magazine

Most cybersecurity teams grapple with similar issues, from defending against the ever-changing threat landscape to finding time for training and upskilling opportunities. I recently had the chance to speak with numerous security executives and industry experts at the Fortinet Security Summit, held in conjunction with the second annual PGA Fortinet Championship in Napa Valley, to discuss some of these challenges, insights, and potential solutions for addressing them.

article thumbnail

How to improve security awareness and training for your employees

Tech Republic Security

Just training people periodically using generic content won’t help them or your organization reduce the risk of security threats, says Egress. The post How to improve security awareness and training for your employees appeared first on TechRepublic.

article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

article thumbnail

GUEST ESSAY: Sure steps to achieve a robust employee cybersecurity awareness training regimen

Security Boulevard

Employee security awareness is the most important defense against data breaches. Related: Leveraging security standards to protect your company. It involves regularly changing passwords and inventorying sensitive data. Cybercriminals view employees as a path of least resistance. As such, you … (more…). The post GUEST ESSAY: Sure steps to achieve a robust employee cybersecurity awareness training regimen appeared first on Security Boulevard.

article thumbnail

Google fixes a new actively exploited Chrome zero-day, it is the seventh one this year

Security Affairs

Google Thursday released an emergency patch for Chrome 107 to address the actively exploited zero-day vulnerability CVE-2022-3723. Google released an emergency update for the Chrome 107 to address an actively exploited zero-day vulnerability tracked as CVE-2022-3723. The CVE-2022-3723 flaw is a type confusion issue that resides in the Chrome V8 Javascript engine.

article thumbnail

Phishing attacks increase by over 31% in third quarter: Report

CSO Magazine

Email security and threat detection company Vade has found that phishing emails in the third quarter this year increased by more than 31% quarter on quarter, with the number of emails containing malware in the first three quarters surpassing the 2021 level by 55.8 million. Malware emails in the third quarter of 2022 alone increased by 217% compared to same period in 2021.

Phishing 128
article thumbnail

Here’s how you can become a highly-paid ethical hacker

Tech Republic Security

Get six training courses for just eight dollars each with The Complete 2022 PenTest & Ethical Hacking Bundle. The post Here’s how you can become a highly-paid ethical hacker appeared first on TechRepublic.

Hacking 140
article thumbnail

Cybersecurity Predictions for 2024

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.