Dark Reading
OCTOBER 4, 2022
Responding to cyberattacks is extraordinarily stressful, but better planning, frequent practice, and the availability of mental health services can help IR professionals, a survey finds.
Schneier on Security
OCTOBER 3, 2022
This is interesting research : In this paper, we develop a new mechanism for detecting audio deepfakes using techniques from the field of articulatory phonetics. Specifically, we apply fluid dynamics to estimate the arrangement of the human vocal tract during speech generation and show that deepfakes often model impossible or highly-unlikely anatomical arrangements.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Krebs on Security
OCTOBER 5, 2022
A recent proliferation of phony executive profiles on LinkedIn is creating something of an identity crisis for the business networking site, and for companies that rely on it to hire and screen prospective employees. The fabricated LinkedIn identities — which pair AI-generated profile photos with text lifted from legitimate accounts — are creating major headaches for corporate HR departments and for those managing invite-only LinkedIn groups.
Joseph Steinberg
OCTOBER 6, 2022
A jury yesterday found former Uber security chief Joe Sullivan guilty of covering up a massive data breach; the conviction makes Sullivan likely to become the first executive to face prison time over the mishandling of a cyberattack. According to The New York Times , in 2016, while the Federal Trade Commission (FTC) was investigating an earlier breach of Uber’s computer systems, Sullivan learned of a subsequent compromise that affected more than 57 million Uber accounts.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Troy Hunt
OCTOBER 7, 2022
Geez it's nice to be home 😊 It's nice to live in a home that makes you feel that way when returning from a place as beautiful as Bali 😊 This week's video is dominated by the whole discussion around this tweet: I love that part of the Microsoft Security Score for Identity in Azure improves your score if you *don't* enforce password rotation, what a sign of the times!
Schneier on Security
OCTOBER 1, 2022
Back in 2018, we learned that covert system of websites that the CIA used for communications was compromised by —at least—China and Iran, and that the blunder caused a bunch of arrests, imprisonments, and executions. We’re now learning that the CIA is still “using an irresponsibly secured system for asset communication.” Citizen Lab did the research : Using only a single website, as well as publicly available material such as historical internet scanning results and
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Tech Republic Security
OCTOBER 7, 2022
SecureWorks found that business email compromise still generates huge revenues for cybercriminals, while cyberespionage activities tend not to change so much. The post 2022 State of the Threat: Ransomware is still hitting companies hard appeared first on TechRepublic.
Security Boulevard
OCTOBER 1, 2022
There has been significant growth in organizations deploying private blockchain technology. But despite its reputation, it is essential not to assume blockchain is secure just because it relies on cryptography. An appropriate security design with controls that addresses an organization’s acceptable risk should be applied and reviewed before deploying blockchain to a production environment.
Schneier on Security
OCTOBER 4, 2022
An ex-NSA employee has been charged with trying to sell classified data to the Russians (but instead actually talking to an undercover FBI agent). It’s a weird story, and the FBI affidavit raises more questions than it answers. The employee only worked for the NSA for three weeks—which is weird in itself. I can’t figure out how he linked up with the undercover FBI agent.
SecureList
OCTOBER 7, 2022
Targeted attack attribution is always a tricky thing, and in general, we believe that attribution is best left to law enforcement agencies. The reason is that, while in 90%, it is possible to understand a few things about the attackers, such as their native language or even location, the remaining 10% can lead to embarrassing attribution errors or worse.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Tech Republic Security
OCTOBER 4, 2022
Today’s ransomware groups act like regular businesses with PR and advertising, escrow services and even customer support, says Cybersixgill. The post How ransomware gangs operate like legitimate businesses appeared first on TechRepublic.
CSO Magazine
OCTOBER 4, 2022
Employees are often warned about the data exposure risks associated with the likes of phishing emails, credential theft, and using weak passwords. However, they can risk leaking or exposing sensitive information about themselves, the work they do, or their organization without even realizing. This risk frequently goes unexplored in cybersecurity awareness training, leaving employees oblivious to the risks they can pose to the security of data which, if exposed, could be exploited both directly a
Security Affairs
OCTOBER 3, 2022
The Finnish Security Intelligence Service ( SUPO ) warns Russia will highly likely intensify its cyber activity over the winter. The Finnish Security Intelligence Service ( Suojelupoliisi or SUPO ) warn of a highly likely intensification of cyberespionage activities conducted by Russia-linked threat actors over the winter. According to the SUPO, future NATO membership will make the country a privileged target for Russian intelligence and influence operations.
SecureList
OCTOBER 4, 2022
While performing regular threat hunting activities, we identified multiple downloads of previously unclustered malicious Tor Browser installers. According to our telemetry, all the victims targeted by these installers are located in China. As the Tor Browser website is blocked in China, individuals from this country often resort to downloading Tor from third-party websites.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Tech Republic Security
OCTOBER 1, 2022
Number one on Skillsoft's 2022 list of top-paying IT certs is AWS Certified Solutions Architect Professional, with an annual salary of $168,080. The post 15 highest-paying certifications for 2022 appeared first on TechRepublic.
eSecurity Planet
OCTOBER 1, 2022
Vietnamese security firm GTSC published a blog post this week warning of a new zero-day remote code execution (RCE) flaw in Microsoft Exchange Server, which it said has been actively exploited at least since early August. GTSC submitted the vulnerability to the Zero Day Initiative , which verified two flaws on September 8 and 9: ZDI-CAN-18333 and ZDI-CAN-18802, with CVSS scores of 8.8 and 6.3, respectively.
Security Affairs
OCTOBER 1, 2022
Microsoft confirmed that two recently disclosed zero-day flaws in Microsoft Exchange are being actively exploited in the wild. Microsoft confirmed that two zero-day vulnerabilities in Microsoft Exchange recently disclosed by researchers at cybersecurity firm GTSC are being actively exploited in the wild. The IT giant has promptly started the investigation into the two zero-day vulnerabilities that impacts Microsoft Exchange Server 2013, 2016, and 2019.
SecureList
OCTOBER 5, 2022
Introduction. We are often asked how targets are infected with malware. Our answer is nearly always the same: (spear) phishing. There will be exceptions, naturally, as we will encounter RCE vulnerabilities every now and then, or if the attacker is already on the network, they will use tools like PsExec. But that’s it — most of the time, anyway.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Tech Republic Security
OCTOBER 6, 2022
Targeting more than 21,000 users, the phishing email managed to bypass Microsoft Exchange email security, says Armorblox. The post Phishing attack spoofs Zoom to steal Microsoft user credentials appeared first on TechRepublic.
CyberSecurity Insiders
OCTOBER 3, 2022
LinkedIn has publicly announced that for some reasons, its servers are being targeted by fake CISO Profiles that disclose vacant positions at large multinational companies. However, the profiles when probed are found to be fake and being targeted from Asian & African countries that have nothing to do with the company operations or vacancies. Krebs On Security received this update from the professional social media giant and initiated an inquiry along with the public disclosure.
Security Boulevard
OCTOBER 4, 2022
With modern software development reliant on third-party sources — and attacks surging on that supply chain — Gartner expects adoption of software bills of material (SBOM) to go from less than 5% now to 60% in 2025. . The post Gartner explains why SBOMs are critical to software supply chain security management appeared first on Security Boulevard.
Graham Cluley
OCTOBER 1, 2022
Luxury pre-owned watch website Watchfinder has warned its user base that their personal data has been accessed after an employee's account was broken into and a customer list accessed.
Advertisement
Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.
Tech Republic Security
OCTOBER 3, 2022
Cloudflare celebrates its 12th anniversary with the launch of a Zero Trust SIM, an IoT security platform and a Botnet Threat Feed. The post Cloudflare shows flair with new products for mobile and IoT security appeared first on TechRepublic.
Quick Heal Antivirus
OCTOBER 6, 2022
SOVA is an Android banking Trojan with significant capabilities like credential theft, capturing keystrokes, taking screenshots, etc., The post Beware: SOVA Android Banking Trojan emerges more powerful with new capabilities appeared first on Quick Heal Blog | Latest computer security news, tips, and advice.
Security Boulevard
OCTOBER 1, 2022
Software supply chains are vital, especially in the modern economy where businesses must compete against each other to ensure continuous delivery for end users and clients. Without a secure and efficient software supply chain, your company will find it difficult to keep up with competitors, produce software on time and protect itself (and end users).
Thales Cloud Protection & Licensing
OCTOBER 4, 2022
Cybersecurity Awareness Month: Resilient Multi-factor Authentication (MFA) and Strong Passwords. divya. Tue, 10/04/2022 - 05:20. Historically, October has always been an important month for the cybersecurity community and a month of major cybersecurity events. So in 2004, the President of the United States designated October as Cybersecurity Awareness Month.
Advertisement
Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!
Tech Republic Security
OCTOBER 6, 2022
Find out the best practices for securely deploying applications and managing data in the cloud. The post Top 5 best practices for cloud security appeared first on TechRepublic.
CSO Magazine
OCTOBER 5, 2022
Every entity should have an information technology asset disposal (ITAD) program as part of its information security process and procedure. Indeed, every time an IT asset is purchased, the eventual disposal of that asset should already be defined within an ITAD. When one doesn’t exist, data becomes exposed, compromises occur, and in many cases, fines are levied.
Bleeping Computer
OCTOBER 3, 2022
Microsoft has shared mitigations for two new Microsoft Exchange zero-day vulnerabilities tracked as CVE-2022-41040 and CVE-2022-41082, but researchers warn that the mitigation for on-premise servers is far from enough. [.].
eSecurity Planet
OCTOBER 6, 2022
DCSO CyTec researchers Johann Aydinbas and Axel Wauer are warning of new backdoor malware they’re calling “Maggie,” which targets Microsoft SQL servers. Maggie, the researchers say, has already affected at least 285 servers in 42 countries, with a particular focus on South Korea, India, Vietnam, China, and Taiwan. The malware offers a wide range of functionality, including the ability to change file permissions, run commands, and act as a network bridge into the infected server.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Expert insights. Personalized for you.
132 
Let's personalize your content