CyberSecurity Insiders
SEPTEMBER 26, 2022
Staffing shortages in some industries have worsened since the COVID-19 pandemic began wreaking havoc in 2020, especially in cybersecurity. Cyberattacks have increased in many sectors, primarily targeting education and healthcare. What can employers do for their businesses with attacks rising alongside the widening cybersecurity skills gap? What Is the Cybersecurity Skills Gap?
Krebs on Security
SEPTEMBER 30, 2022
Someone has recently created a large number of fake LinkedIn profiles for Chief Information Security Officer (CISO) roles at some of the world’s largest corporations. It’s not clear who’s behind this network of fake CISOs or what their intentions may be. But the fabricated LinkedIn identities are confusing search engine results for CISO roles at major companies, and they are being indexed as gospel by various downstream data-scraping sources.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Schneier on Security
SEPTEMBER 29, 2022
Found documents in Poland detail US spying operations against the former Soviet Union. The file details a number of bugs found at Soviet diplomatic facilities in Washington, D.C., New York, and San Francisco, as well as in a Russian government-owned vacation compound, apartments used by Russia personnel, and even Russian diplomats’ cars. And the bugs were everywhere : encased in plaster in an apartment closet; behind electrical and television outlets; bored into concrete bricks and threaded into
Troy Hunt
SEPTEMBER 30, 2022
How's this weeks video for a view?! It's a stunning location here in Bali and it's just been the absolute most perfect spot for a honeymoon, especially after weeks of guests and celebrations. But whoever hacked and ransom'd Optus didn't care about me taking time out and I've done more media in the last week than I have in a long time.
Advertisement
Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.
The Last Watchdog
SEPTEMBER 27, 2022
Digital resiliency has arisen as something of a Holy Grail in the current environment. Related: The big lesson of Log4j. Enterprises are racing to push their digital services out to the far edge of a highly interconnected, cloud-centric operating environment. This has triggered a seismic transition of company networks, one that has put IT teams and security teams under enormous pressure.
Krebs on Security
SEPTEMBER 24, 2022
A 36-year-old Russian man recently identified by KrebsOnSecurity as the likely proprietor of the massive RSOCKS botnet has been arrested in Bulgaria at the request of U.S. authorities. At a court hearing in Bulgaria this month, the accused hacker requested and was granted extradition to the United States, reportedly telling the judge, “America is looking for me because I have enormous information and they need it.” A copy of the passport for Denis Kloster, as posted to his Vkontakte
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
|
Troy Hunt
SEPTEMBER 24, 2022
Wow, what a week! Of course there's lots of cyber / tech stuff in this week's update, but it was really only the embedded tweet below on my mind so I'm going to leave you with this then come to you from somewhere much more exotic than usual (and I reckon that's a pretty high bar for me!) next week 😎 Absolutely over the moon to formally make @Charlotte_Hunt_ a part of our family ❤️ 💍 pic.twitter.com/XfahXElboC — Troy Hunt (@troyhunt) Septem
The Last Watchdog
SEPTEMBER 26, 2022
Today’s enterprises are facing more complexities and challenges than ever before. Related: Replacing VPNs with ZTNA. Thanks to the emergence of today’s hybrid and multi-cloud environments and factors like remote work, ransomware attacks continue to permeate each industry. In fact, the 2022 Verizon Data Breach Investigation Report revealed an alarming 13 percent increase in ransomware attacks overall – greater than past five years combined – and the inability to properly manage identities and pri
Tech Republic Security
SEPTEMBER 29, 2022
Enterprise software delivery company CloudBees has a new SaaS offering to discuss, and the firm's CEO gets philosophical. The post CloudBees CEO: Software delivery is now ‘release orchestration’ appeared first on TechRepublic.
Schneier on Security
SEPTEMBER 26, 2022
Sometimes browser spellcheckers leak passwords : When using major web browsers like Chrome and Edge, your form data is transmitted to Google and Microsoft, respectively, should enhanced spellcheck features be enabled. Depending on the website you visit, the form data may itself include PII—including but not limited to Social Security Numbers (SSNs)/Social Insurance Numbers (SINs), name, address, email, date of birth (DOB), contact information, bank and payment information, and so on.
Advertisement
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
Lohrman on Security
SEPTEMBER 25, 2022
This review covers Mikko Hypponen’s latest book, If It’s Smart, It’s Vulnerable. This is an excellent book that is highly recommended.
Cisco Security
SEPTEMBER 28, 2022
Explore the nature of vulnerabilities in this episode of ThreatWise TV. It’s shaping up to be another big year for vulnerability disclosure. Already the number of Common Vulnerabilities and Exposures (CVEs) disclosed has crossed 18,000 and it’s on track to make this another record-breaking year. With new CVEs being disclosed daily, it has become increasingly difficult for security teams to stay abreast of the latest risks, let alone quickly determine which ones apply to their network environment
Tech Republic Security
SEPTEMBER 28, 2022
Microsoft investigated a new kind of attack where malicious OAuth applications were deployed on compromised cloud tenants before being used for mass spamming. The post Malicious Oauth app enables attackers to send spam through corporate cloud tenants appeared first on TechRepublic.
We Live Security
SEPTEMBER 26, 2022
Had your Instagram account stolen? Don’t panic – here’s how to get your account back and how to avoid getting hacked (again). The post What happens with a hacked Instagram account – and how to recover it appeared first on WeLiveSecurity.
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
Security Affairs
SEPTEMBER 26, 2022
A previously undetected hacking group, tracked as Metador, has been targeting telecommunications, internet services providers (ISPs), and universities for about two years. SentinelLabs researchers uncovered a never-before-seen threat actor, tracked as Metador, that primarily targets telecommunications, internet service providers, and universities in several countries in the Middle East and Africa.
Bleeping Computer
SEPTEMBER 30, 2022
The Brave browser will soon allows users to block annoying and potentially privacy-harming cookie consent banners on all websites they visit. [.].
Tech Republic Security
SEPTEMBER 26, 2022
Jack Wallen details a recent hack and why he believes one aspect of two-factor authentication is part of the problem. The post Why 2FA is failing and what should be done about it appeared first on TechRepublic.
Cisco Security
SEPTEMBER 26, 2022
As Technology Audit Director at Cisco, Jacob Bolotin focuses on assessing Cisco’s technology, business, and strategic risk. Providing assurance that residual risk posture falls within business risk tolerance is critical to Cisco’s Audit Committee and executive leadership team, especially during the mergers and acquisitions (M&A) process. . Bolotin champions the continued advancement of the technology audit profession and received a master’s degree in cybersecurity from the University of Cali
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
We Live Security
SEPTEMBER 30, 2022
ESET researchers have discovered Lazarus attacks against targets in the Netherlands and Belgium that use spearphishing emails connected to fake job offers. The post Amazon‑themed campaigns of Lazarus in the Netherlands and Belgium appeared first on WeLiveSecurity.
Security Affairs
SEPTEMBER 30, 2022
Researchers from Mandiant have discovered a novel malware persistence technique within VMware ESXi Hypervisors. Mandiant detailed a novel technique used by malware authors to achieve administrative access within VMware ESXi Hypervisors and take over vCenter servers and virtual machines for Windows and Linux to perform the following actions: Send commands to the hypervisor that will be routed to the guest VM for execution Transfer files between the ESXi hypervisor and guest machines running benea
Tech Republic Security
SEPTEMBER 30, 2022
A new malware named Chaos raises concerns as it spreads on multiple architectures and operating systems. The post New Chaos malware spreads over multiple architectures appeared first on TechRepublic.
Security Boulevard
SEPTEMBER 28, 2022
Netography today added support for context labels and tagging to a software-as-a-service (SaaS) platform that provides deep packet inspection capabilities to identify cybersecurity threats in near-real-time. Netography CEO Martin Roesch said labels and tags will make it easier for cybersecurity teams to use flow logs to visualize and analyze network traffic by application, location, compliance.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
We Live Security
SEPTEMBER 28, 2022
Online predators increasingly trick or coerce youth into sharing explicit videos and photos of themselves before threatening to post the content online. The post Protecting teens from sextortion: What parents should know appeared first on WeLiveSecurity.
Cisco Security
SEPTEMBER 29, 2022
Ransomware is one of the most dangerous threats organizations face today, so it’s no wonder that Cisco Talos Incident Response named it the top threat of the year in 2021. These attacks continue to grow and become more advanced, with ransomware attacks (see Figure 1 below). 1 Stopping ransomware attacks isn’t easy either, as adversaries continue to change their techniques and attacks become increasingly sophisticated.
Tech Republic Security
SEPTEMBER 30, 2022
Professional risk factors into career decisions, and successful women need to encourage other women to accept the risks, says Accenture. The post Report finds women are declining CISO/CSO roles appeared first on TechRepublic.
CSO Magazine
SEPTEMBER 26, 2022
In August, Patrick Hillman, chief communications officer of blockchain ecosystem Binance, knew something was off when he was scrolling through his full inbox and found six messages from clients about recent video calls with investors in which he had allegedly participated. “Thanks for the investment opportunity,” one of them said. “I have some concerns about your investment advice,” another wrote.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Trend Micro
SEPTEMBER 27, 2022
The growing appearance of deepfake attacks is significantly reshaping the threat landscape. These fakes brings attacks such as business email compromise (BEC) and identity verification bypassing to new levels.
Security Affairs
SEPTEMBER 30, 2022
Security researchers are warning of a new Microsoft Exchange zero-day that are being exploited by malicious actors in the wild. Cybersecurity firm GTSC discovered two Microsoft Exchange zero-day vulnerabilities that are under active exploitation in attacks in the wild. Both flaws were discovered by the researchers as part of an incident response activity in August 2022, they are remote code execution issues.
Tech Republic Security
SEPTEMBER 29, 2022
Get a great deal on 110 hours of IT training in these online courses focused on tech basics in the CompTIA and Microsoft certification exams. The post Launch an IT career after taking these eight courses for under $50 appeared first on TechRepublic.
SecureList
SEPTEMBER 26, 2022
Executive Summary. NullMixer is a dropper leading to an infection chain of a wide variety of malware families. NullMixer spreads via malicious websites that can be found mainly via search engines. These websites are often related to crack, keygen and activators for downloading software illegally, and while they may pretend to be legitimate software, they actually contain a malware dropper.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Expert insights. Personalized for you.
122 
Let's personalize your content