Lohrman on Security

SEPTEMBER 18, 2022

White House efforts to strengthen the cybersecurity workforce nationwide took several new steps forward over the past few months.

Cybersecurity 265

Cybersecurity 265

Schneier on Security

SEPTEMBER 23, 2022

Okay, it’s an obscure threat. But people are researching it : Our models and experimental results in a controlled lab setting show it is possible to reconstruct and recognize with over 75 percent accuracy on-screen texts that have heights as small as 10 mm with a 720p webcam.” That corresponds to 28 pt, a font size commonly used for headings and small headlines. […].

356

356

Krebs on Security

SEPTEMBER 22, 2022

A Florida teenager who served as a lackey for a cybercriminal group that specializes in cryptocurrency thefts was beaten and kidnapped last week by a rival cybercrime gang. The teen’s captives held guns to his head while forcing him to record a video message pleading with his crew to fork over a $200,000 ransom in exchange for his life. The youth is now reportedly cooperating with U.S. federal investigators, who are responding to an alarming number of reports of physical violence tied to c

Mobile 57

Mobile Cryptocurrency Scams Cybercrime 57

The Last Watchdog

SEPTEMBER 21, 2022

The pace and extent of digital transformation that global enterprise organizations have undergone cannot be overstated. Related: The criticality of ‘attack surface management’ Massive global macro-economic shifts have fundamentally changed the way companies operate. Remote work already had an impact on IT strategy and the shift to cloud, including hybrid cloud , well before the onset of Covid 19.

Digital transformation 214

Digital transformation Cybersecurity Cyber threats Technology 214

Advertisement

Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.

Cyber threats

Javvad Malik

SEPTEMBER 23, 2022

I love myself a good Security BSides, and I’ve never been to Tallin in Estonia. So when I saw the CFP was open I submitted and was delighted to be selected. View of Riga, Latvia. Unable to find a reliable direct flight to Tallin, and horrendously long connecting flights – I opted for the scenic route which involved flying into Riga in Latvia, and then driving across the border to Tallinn in the fastest car ever made… a rental car.

Phishing 182

Phishing Architecture Education Banking 182

Schneier on Security

SEPTEMBER 20, 2022

Someone in the UK is stealing smartphones and credit cards from people who have stored them in gym lockers, and is using the two items in combination to commit fraud: Phones, of course, can be made inaccessible with the use of passwords and face or fingerprint unlocking. And bank cards can be stopped. But the thief has a method which circumnavigates those basic safety protocols.

Banking 345

Banking Accountability Passwords Authentication 345

The Last Watchdog

SEPTEMBER 21, 2022

Cybersecurity is a top concern for individuals and businesses in the increasingly digital world. Billion-dollar corporations, small mom-and-pop shops and average consumers could fall victim to a cyberattack. Related: Utilizing humans as security sensors. Phishing is one of the most common social engineering tactics cybercriminals use to target their victims.

Phishing 198

Phishing Artificial Intelligence Cybercrime Social Engineering 198

Tech Republic Security

SEPTEMBER 17, 2022

Communications and engineering systems were taken offline after hacker sends images of repositories to cybersecurity researchers and The New York Times. The post Uber investigating security breach of several internal systems appeared first on TechRepublic.

Engineering 173

Engineering Cybersecurity Social Engineering Phishing 173

Schneier on Security

SEPTEMBER 21, 2022

This is a fascinating glimpse of the future of automatic cheating detection in sports: Maybe you heard about the truly insane false-start controversy in track and field? Devon Allen—a wide receiver for the Philadelphia Eagles—was disqualified from the 110-meter hurdles at the World Athletics Championships a few weeks ago for a false start.

308

308

We Live Security

SEPTEMBER 19, 2022

Here are some of the most common ways that an iPhone can be compromised with malware, how to tell it’s happened to you, and how to remove a hacker from your device. The post Can your iPhone be hacked? What to know about iOS security appeared first on WeLiveSecurity.

Hacking 145

Hacking Malware Mobile 145

Advertisement

The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.

Cybersecurity

Graham Cluley

SEPTEMBER 21, 2022

The UK’s National Cyber Security Centre (NCSC) has warned that fraudsters are sending out emails and SMS texts urging homeowners to sign up for a discount on their energy bills.

Scams 145

Scams Phishing 145

Tech Republic Security

SEPTEMBER 22, 2022

The financial giant hired a moving company with no experience in data destruction to dispose of hard drives with the personal data of around 15 million customers, said the SEC. The post SEC fines Morgan Stanley Smith Barney $35 million over failure to secure customer data appeared first on TechRepublic.

169

169

Schneier on Security

SEPTEMBER 22, 2022

This is an interesting attack I had not previously considered. The variants are interesting , and I think we’re just starting to understand their implications.

Artificial Intelligence 288

Artificial Intelligence Engineering 288

Cisco Security

SEPTEMBER 22, 2022

In the first part of this blog series on Unscrambling Cybersecurity Acronyms , we provided a high-level overview of the different threat detection and response solutions and went over how to find the right solution for your organization. In this blog, we’ll do a deeper dive on two of these solutions – Endpoint Detection and Response (EDR) and Managed Endpoint Detection and Response (MEDR).

Cybersecurity 145

Cybersecurity Threat Detection Malware Technology 145

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

Bleeping Computer

SEPTEMBER 17, 2022

LastPass says the attacker behind the August security breach had internal access to the company's systems for four days until they were detected and evicted. [.].

145

145

Tech Republic Security

SEPTEMBER 22, 2022

A new approach to Linux offers hope to those who want to improve their security posture. The post Software supply chain security gets its first Linux distro, Wolfi appeared first on TechRepublic.

Software 165

Software Cybersecurity 165

Schneier on Security

SEPTEMBER 19, 2022

The Washington Post is reporting that the US Customs and Border Protection agency is seizing and copying cell phone, tablet, and computer data from “as many as” 10,000 phones per year, including an unspecified number of American citizens. This is done without a warrant, because “…courts have long granted an exception to border authorities, allowing them to search people’s devices without a warrant or suspicion of a crime.” CBP’s inspection of people̵

Computers and Electronics 265

Computers and Electronics Surveillance 265

Security Affairs

SEPTEMBER 20, 2022

How can businesses protect themselves from fraudulent activities by examining IP addresses? The police would track burglars if they left calling cards at the attacked properties. Internet fraudsters usually leave a trail of breadcrumbs whenever they visit websites through specific IP addresses. They reveal their physical location and the device they used to connect to the web.

Internet 143

Internet Internet Risk Big data 143

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

CyberSecurity Insiders

SEPTEMBER 23, 2022

Cyderes, a Cybersecurity Risk Management firm from Missouri, has discovered that corrupting files are proving cheaper, is faster and is less likely to be detected by security solutions. For this reason, some hacking groups who were into ransomware attacks have set up a separate sect of threat actors who are being assigned the job of target corporate networks and corrupt files.

Ransomware 142

Ransomware Encryption Cryptocurrency Malware 142

Tech Republic Security

SEPTEMBER 23, 2022

Losses triggered by account takeovers have averaged $12,000 per incident, according to data cited by SEON. The post Account takeover attacks on the rise, impacting almost 25% of people in the US appeared first on TechRepublic.

Accountability 157

Accountability Password Management Passwords Cybersecurity 157

Cisco Security

SEPTEMBER 20, 2022

We’ve been talking a lot about security resilience recently, and for good reason. It’s clear the only way businesses can operate in today’s hybrid world is by taking bold steps to increase visibility, awareness, and integration across their systems. All while maintaining a singular goal of becoming more resilient in the face of evolving threats. But that doesn’t just mean expanding the scope of your security stack.

CISO 142

CISO CSO Risk 142

The Hacker News

SEPTEMBER 17, 2022

Password management solution LastPass shared more details pertaining to the security incident last month, disclosing that the threat actor had access to its systems for a four-day period in August 2022.

Password Management 142

Password Management Passwords 142

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

CSO Magazine

SEPTEMBER 22, 2022

Credential compromise has been one of the top causes for network security breaches for a long time, which has prompted more organizations to adopt multi-factor authentication (MFA) as a defense. While enabling MFA for all accounts is highly encouraged and a best practice, the implementation details matter because attackers are finding ways around it.

Authentication 141

Authentication Network Security Accountability 141

Tech Republic Security

SEPTEMBER 21, 2022

In last week’s security breach against Uber, the attackers downloaded internal messages from Slack as well as information from a tool used to manage invoices. The post Uber exposes Lapsus$ extortion group for security breach appeared first on TechRepublic.

Authentication 152

Authentication Data breaches 152

eSecurity Planet

SEPTEMBER 23, 2022

Whether it’s package hijacking, dependency confusing, typosquatting, continuous integration and continuous delivery ( CI/CD ) compromises, or basic web exploitation of outdated dependencies , there are many software supply chain attacks adversaries can perform to take down their victims, hold them to ransom , and exfiltrate critical data. It’s often more efficient to attack a weak link in the chain to reach a bigger target, like what happened to Kaseya or SolarWinds in the last couple of years.

Software 141

Software Authentication VPN Architecture 141

Dark Reading

SEPTEMBER 17, 2022

Alleged teen hacker claims he found an admin password in a network share inside Uber that allowed complete access to ride-sharing giant's AWS, Windows, Google Cloud, VMware, and other environments.

Passwords 141

Passwords 141

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

CyberSecurity Insiders

SEPTEMBER 21, 2022

By Robert Fleming, Chief Marketing Officer at Zivver. Employees are constantly overloaded with the ‘we need to be more secure’ mantra from their employers but, as found in our recent report, out of the 67% of employees who had security training in the last two years, only 36% applied these tips and techniques to their core role. This means one thing: security training alone isn’t getting the job done.

Technology 140

Technology Risk Marketing Cybersecurity 140

Tech Republic Security

SEPTEMBER 22, 2022

Fifteen-year-old N-day Python tarfile module vulnerability puts software supply chain under the microscope. The post 350,000 open source projects at risk from Python vulnerability appeared first on TechRepublic.

Risk 148

Risk Software 148

SecureBlitz

SEPTEMBER 18, 2022

For those currently working on metaverse creation, we strongly recommend that you address the issues of protection against DDoS attacks and resilience to DDoS impacts in advance. Otherwise, there is a high probability that one day these metaverses will literally collapse in front of many thousands or even millions of their users. Metaverses – At […].

DDOS 139

DDOS Cybersecurity 139

Security Affairs

SEPTEMBER 22, 2022

A disgruntled developer seems to be responsible for the leak of the builder for the latest encryptor of the LockBit ransomware gang. The leak of the builder for the latest encryptor of the LockBit ransomware gang made the headlines, it seems that the person who published it is a disgruntled developer. The latest version of the encryptor, version 3.0 , was released by the gang in June.

Ransomware 138

Ransomware Hacking Passwords Accountability 138

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk