Dark Reading
OCTOBER 4, 2022
Responding to cyberattacks is extraordinarily stressful, but better planning, frequent practice, and the availability of mental health services can help IR professionals, a survey finds.
Schneier on Security
OCTOBER 3, 2022
This is interesting research : In this paper, we develop a new mechanism for detecting audio deepfakes using techniques from the field of articulatory phonetics. Specifically, we apply fluid dynamics to estimate the arrangement of the human vocal tract during speech generation and show that deepfakes often model impossible or highly-unlikely anatomical arrangements.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Krebs on Security
OCTOBER 5, 2022
A recent proliferation of phony executive profiles on LinkedIn is creating something of an identity crisis for the business networking site, and for companies that rely on it to hire and screen prospective employees. The fabricated LinkedIn identities — which pair AI-generated profile photos with text lifted from legitimate accounts — are creating major headaches for corporate HR departments and for those managing invite-only LinkedIn groups.
Troy Hunt
OCTOBER 7, 2022
Geez it's nice to be home 😊 It's nice to live in a home that makes you feel that way when returning from a place as beautiful as Bali 😊 This week's video is dominated by the whole discussion around this tweet: I love that part of the Microsoft Security Score for Identity in Azure improves your score if you *don't* enforce password rotation, what a sign of the times!
Advertisement
Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.
Joseph Steinberg
OCTOBER 6, 2022
A jury yesterday found former Uber security chief Joe Sullivan guilty of covering up a massive data breach; the conviction makes Sullivan likely to become the first executive to face prison time over the mishandling of a cyberattack. According to The New York Times , in 2016, while the Federal Trade Commission (FTC) was investigating an earlier breach of Uber’s computer systems, Sullivan learned of a subsequent compromise that affected more than 57 million Uber accounts.
Schneier on Security
OCTOBER 1, 2022
Back in 2018, we learned that covert system of websites that the CIA used for communications was compromised by —at least—China and Iran, and that the blunder caused a bunch of arrests, imprisonments, and executions. We’re now learning that the CIA is still “using an irresponsibly secured system for asset communication.” Citizen Lab did the research : Using only a single website, as well as publicly available material such as historical internet scanning results and
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
|
Lohrman on Security
OCTOBER 2, 2022
How can we better plan, strategize and come up with new innovative ideas in our post-COVID world?
Tech Republic Security
OCTOBER 7, 2022
SecureWorks found that business email compromise still generates huge revenues for cybercriminals, while cyberespionage activities tend not to change so much. The post 2022 State of the Threat: Ransomware is still hitting companies hard appeared first on TechRepublic.
Schneier on Security
OCTOBER 4, 2022
An ex-NSA employee has been charged with trying to sell classified data to the Russians (but instead actually talking to an undercover FBI agent). It’s a weird story, and the FBI affidavit raises more questions than it answers. The employee only worked for the NSA for three weeks—which is weird in itself. I can’t figure out how he linked up with the undercover FBI agent.
Krebs on Security
OCTOBER 1, 2022
Microsoft Corp. is investigating reports that attackers are exploiting two previously unknown vulnerabilities in Exchange Server , a technology many organizations rely on to send and receive email. Microsoft says it is expediting work on software patches to plug the security holes. In the meantime, it is urging a subset of Exchange customers to enable a setting that could help mitigate ongoing attacks.
Advertisement
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
The Last Watchdog
OCTOBER 3, 2022
How did America and Americans regress to being much less secure than before the Internet? Everyone knows the many amazing conveniences, benefits, and advances the Internet has enabled. What everyone doesn’t know is how irrational the Internet’s utopian founding premises have proven to be concerning America’s and Americans’ security over the last quarter century.
Tech Republic Security
OCTOBER 4, 2022
Today’s ransomware groups act like regular businesses with PR and advertising, escrow services and even customer support, says Cybersixgill. The post How ransomware gangs operate like legitimate businesses appeared first on TechRepublic.
Schneier on Security
OCTOBER 7, 2022
The Greek journalist Thanasis Koukakis was spied on by his own government, with a commercial spyware product called “Predator.” That product is sold by a company in North Macedonia called Cytrox, which is in turn owned by an Israeli company called Intellexa. Koukakis is suing Intellexa. The lawsuit filed by Koukakis takes aim at Intellexa and its executive, alleging a criminal breach of privacy and communication laws, reports Haaretz.
Jane Frankland
OCTOBER 5, 2022
The world is going through rapid change what with climate change (exceptional droughts, floods hurricanes) high inflation, economic slowdowns, recessions, tech company layoffs, supply chain problems, wars, protests, and a stock market crash. It’s a liminal time and lots of people are in transition right now. Maybe that’s you. Maybe you’re considering or have got yourself a new job, promotion, home, location, relationship, or family.
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
SecureList
OCTOBER 7, 2022
Targeted attack attribution is always a tricky thing, and in general, we believe that attribution is best left to law enforcement agencies. The reason is that, while in 90%, it is possible to understand a few things about the attackers, such as their native language or even location, the remaining 10% can lead to embarrassing attribution errors or worse.
Tech Republic Security
OCTOBER 1, 2022
Number one on Skillsoft's 2022 list of top-paying IT certs is AWS Certified Solutions Architect Professional, with an annual salary of $168,080. The post 15 highest-paying certifications for 2022 appeared first on TechRepublic.
Schneier on Security
OCTOBER 5, 2022
For the past nineteen years, October has been Cybersecurity Awareness Month here in the US, and that event that has always been part advice and part ridicule. I tend to fall on the apathy end of the spectrum; I don’t think I’ve ever mentioned it before. But the memes can be funny. Here’s a decent rundown of some of the chatter.
Security Boulevard
OCTOBER 1, 2022
There has been significant growth in organizations deploying private blockchain technology. But despite its reputation, it is essential not to assume blockchain is secure just because it relies on cryptography. An appropriate security design with controls that addresses an organization’s acceptable risk should be applied and reviewed before deploying blockchain to a production environment.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
SecureList
OCTOBER 4, 2022
While performing regular threat hunting activities, we identified multiple downloads of previously unclustered malicious Tor Browser installers. According to our telemetry, all the victims targeted by these installers are located in China. As the Tor Browser website is blocked in China, individuals from this country often resort to downloading Tor from third-party websites.
Tech Republic Security
OCTOBER 6, 2022
Targeting more than 21,000 users, the phishing email managed to bypass Microsoft Exchange email security, says Armorblox. The post Phishing attack spoofs Zoom to steal Microsoft user credentials appeared first on TechRepublic.
Cisco Security
OCTOBER 3, 2022
Jason Button is a director at Cisco and leads the company’s Security and Trust Mergers and Acquisitions (M&A) team. He was formerly the director of IT at Duo Security, a company Cisco acquired in 2018, making him uniquely positioned to lend his expertise to the M&A process. This blog is the second in a series focused on M&A cybersecurity, following Jacob Bolotin’s post on Managing Cybersecurity Risk in M&A.
CSO Magazine
OCTOBER 4, 2022
Employees are often warned about the data exposure risks associated with the likes of phishing emails, credential theft, and using weak passwords. However, they can risk leaking or exposing sensitive information about themselves, the work they do, or their organization without even realizing. This risk frequently goes unexplored in cybersecurity awareness training, leaving employees oblivious to the risks they can pose to the security of data which, if exposed, could be exploited both directly a
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
SecureList
OCTOBER 5, 2022
Introduction. We are often asked how targets are infected with malware. Our answer is nearly always the same: (spear) phishing. There will be exceptions, naturally, as we will encounter RCE vulnerabilities every now and then, or if the attacker is already on the network, they will use tools like PsExec. But that’s it — most of the time, anyway.
Tech Republic Security
OCTOBER 6, 2022
Find out the best practices for securely deploying applications and managing data in the cloud. The post Top 5 best practices for cloud security appeared first on TechRepublic.
Cisco Security
OCTOBER 7, 2022
Whether or not you’ve heard the term “doxxing” before, you’re probably familiar with the problem it names: collecting personal information about someone online to track down and reveal their real-life identity. The motivations for doxxing are many, and mostly malicious: for some doxxers, the goal in tracking someone is identity theft. For others, it’s part of a pattern of stalking or online harassment to intimidate, silence or punish their victim – and overwhelmingly, victims are youth and youn
Security Affairs
OCTOBER 3, 2022
The Finnish Security Intelligence Service ( SUPO ) warns Russia will highly likely intensify its cyber activity over the winter. The Finnish Security Intelligence Service ( Suojelupoliisi or SUPO ) warn of a highly likely intensification of cyberespionage activities conducted by Russia-linked threat actors over the winter. According to the SUPO, future NATO membership will make the country a privileged target for Russian intelligence and influence operations.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
SecureList
OCTOBER 6, 2022
During the pandemic, lockdowns forced people to stay at home and do their shopping online, which was mirrored in point-of-sale (PoS) and ATM malware activity, as certain regions saw malicious transactions drop significantly. Now, as we predicted in last year’s forecast , many are returning to their usual ways of life, visiting stores and withdrawing cash, and the threat of PoS/ATM malware is also making a comeback: the cybercriminals are already implementing new ways to steal from banks an
Tech Republic Security
OCTOBER 4, 2022
Cloud security solutions continue to emerge as threats to cloud resources evolve. However, what are the common trends to look out for in cloud security in the coming years? Let's find out. The post Top 5 trends to watch in cloud security appeared first on TechRepublic.
Cisco Security
OCTOBER 3, 2022
In November 2020, the Telecommunications (Security) Bill was formally introduced to the UK’s House of Commons by the department for Digital, Culture, Media & Sport. Now, after several readings, debates, committee hearings, and periods of consultation, the Telecommunications (Security) Act is quickly becoming reality for providers of public telecoms networks and services in the UK, going live on 1 October 2022.
Security Affairs
OCTOBER 1, 2022
Microsoft confirmed that two recently disclosed zero-day flaws in Microsoft Exchange are being actively exploited in the wild. Microsoft confirmed that two zero-day vulnerabilities in Microsoft Exchange recently disclosed by researchers at cybersecurity firm GTSC are being actively exploited in the wild. The IT giant has promptly started the investigation into the two zero-day vulnerabilities that impacts Microsoft Exchange Server 2013, 2016, and 2019.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Expert insights. Personalized for you.
102 
Let's personalize your content