Trends in Developing a New Cyber Workforce Strategy
Lohrman on Security
SEPTEMBER 18, 2022
White House efforts to strengthen the cybersecurity workforce nationwide took several new steps forward over the past few months.
Sat.Sep 17, 2022 - Fri.Sep 23, 2022
269 
Leaking Screen Information on Zoom Calls through Reflections in Eyeglasses
Schneier on Security
SEPTEMBER 23, 2022
Okay, it’s an obscure threat. But people are researching it : Our models and experimental results in a controlled lab setting show it is possible to reconstruct and recognize with over 75 percent accuracy on-screen texts that have heights as small as 10 mm with a 720p webcam.” That corresponds to 28 pt, a font size commonly used for headings and small headlines. […].
Join 28,000+
Insiders
Sign Up for our Newsletter
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
SIM Swapper Abducted, Beaten, Held for $200k Ransom
Krebs on Security
SEPTEMBER 22, 2022
A Florida teenager who served as a lackey for a cybercriminal group that specializes in cryptocurrency thefts was beaten and kidnapped last week by a rival cybercrime gang. The teen’s captives held guns to his head while forcing him to record a video message pleading with his crew to fork over a $200,000 ransom in exchange for his life. The youth is now reportedly cooperating with U.S. federal investigators, who are responding to an alarming number of reports of physical violence tied to c
SHARED INTEL: Poll highlights the urgency to balance digital resiliency, cybersecurity
The Last Watchdog
SEPTEMBER 21, 2022
The pace and extent of digital transformation that global enterprise organizations have undergone cannot be overstated. Related: The criticality of ‘attack surface management’ Massive global macro-economic shifts have fundamentally changed the way companies operate. Remote work already had an impact on IT strategy and the shift to cloud, including hybrid cloud , well before the onset of Covid 19.
Prevent Data Breaches With Zero-Trust Enterprise Password Management
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
Uber investigating security breach of several internal systems
Tech Republic Security
SEPTEMBER 17, 2022
Communications and engineering systems were taken offline after hacker sends images of repositories to cybersecurity researchers and The New York Times. The post Uber investigating security breach of several internal systems appeared first on TechRepublic.
Credit Card Fraud That Bypasses 2FA
Schneier on Security
SEPTEMBER 20, 2022
Someone in the UK is stealing smartphones and credit cards from people who have stored them in gym lockers, and is using the two items in combination to commit fraud: Phones, of course, can be made inaccessible with the use of passwords and face or fingerprint unlocking. And bank cards can be stopped. But the thief has a method which circumnavigates those basic safety protocols.
Sign up to get articles personalized to your interests!
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
More Trending
GUEST ESSAY: The rise of ‘PhaaS’ — and a roadmap to mitigate ‘Phishing-as-a-Service’
The Last Watchdog
SEPTEMBER 21, 2022
Cybersecurity is a top concern for individuals and businesses in the increasingly digital world. Billion-dollar corporations, small mom-and-pop shops and average consumers could fall victim to a cyberattack. Related: Utilizing humans as security sensors. Phishing is one of the most common social engineering tactics cybercriminals use to target their victims.
BSides Tallinn 2022
Javvad Malik
SEPTEMBER 23, 2022
I love myself a good Security BSides, and I’ve never been to Tallin in Estonia. So when I saw the CFP was open I submitted and was delighted to be selected. View of Riga, Latvia. Unable to find a reliable direct flight to Tallin, and horrendously long connecting flights – I opted for the scenic route which involved flying into Riga in Latvia, and then driving across the border to Tallinn in the fastest car ever made… a rental car.
Automatic Cheating Detection in Human Racing
Schneier on Security
SEPTEMBER 21, 2022
This is a fascinating glimpse of the future of automatic cheating detection in sports: Maybe you heard about the truly insane false-start controversy in track and field? Devon Allen—a wide receiver for the Philadelphia Eagles—was disqualified from the 110-meter hurdles at the World Athletics Championships a few weeks ago for a false start.
SEC fines Morgan Stanley Smith Barney $35 million over failure to secure customer data
Tech Republic Security
SEPTEMBER 22, 2022
The financial giant hired a moving company with no experience in data destruction to dispose of hard drives with the personal data of around 15 million customers, said the SEC. The post SEC fines Morgan Stanley Smith Barney $35 million over failure to secure customer data appeared first on TechRepublic.
Optimizing The Modern Developer Experience with Coder
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Can your iPhone be hacked? What to know about iOS security
We Live Security
SEPTEMBER 19, 2022
Here are some of the most common ways that an iPhone can be compromised with malware, how to tell it’s happened to you, and how to remove a hacker from your device. The post Can your iPhone be hacked? What to know about iOS security appeared first on WeLiveSecurity.
Energy bill rebate scams spread via SMS and email
Graham Cluley
SEPTEMBER 21, 2022
The UK’s National Cyber Security Centre (NCSC) has warned that fraudsters are sending out emails and SMS texts urging homeowners to sign up for a discount on their energy bills.
Prompt Injection/Extraction Attacks against AI Systems
Schneier on Security
SEPTEMBER 22, 2022
This is an interesting attack I had not previously considered. The variants are interesting , and I think we’re just starting to understand their implications.
Software supply chain security gets its first Linux distro, Wolfi
Tech Republic Security
SEPTEMBER 22, 2022
A new approach to Linux offers hope to those who want to improve their security posture. The post Software supply chain security gets its first Linux distro, Wolfi appeared first on TechRepublic.
The Tumultuous IT Landscape Is Making Hiring More Difficult
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
LastPass says hackers had internal access for four days
Bleeping Computer
SEPTEMBER 17, 2022
LastPass says the attacker behind the August security breach had internal access to the company's systems for four days until they were detected and evicted. [.].
Analyzing IP Addresses to Prevent Fraud for Enterprises
Security Affairs
SEPTEMBER 20, 2022
How can businesses protect themselves from fraudulent activities by examining IP addresses? The police would track burglars if they left calling cards at the attacked properties. Internet fraudsters usually leave a trail of breadcrumbs whenever they visit websites through specific IP addresses. They reveal their physical location and the device they used to connect to the web.
Large-Scale Collection of Cell Phone Data at US Borders
Schneier on Security
SEPTEMBER 19, 2022
The Washington Post is reporting that the US Customs and Border Protection agency is seizing and copying cell phone, tablet, and computer data from “as many as” 10,000 phones per year, including an unspecified number of American citizens. This is done without a warrant, because “…courts have long granted an exception to border authorities, allowing them to search people’s devices without a warrant or suspicion of a crime.” CBP’s inspection of people̵
Account takeover attacks on the rise, impacting almost 25% of people in the US
Tech Republic Security
SEPTEMBER 23, 2022
Losses triggered by account takeovers have averaged $12,000 per incident, according to data cited by SEON. The post Account takeover attacks on the rise, impacting almost 25% of people in the US appeared first on TechRepublic.
The Importance of User Roles and Permissions in Cybersecurity Software
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Hackers Had Access to LastPass's Development Systems for Four Days
The Hacker News
SEPTEMBER 17, 2022
Password management solution LastPass shared more details pertaining to the security incident last month, disclosing that the threat actor had access to its systems for a four-day period in August 2022.
Corrupting files is easy than spreading Ransomware
CyberSecurity Insiders
SEPTEMBER 23, 2022
Cyderes, a Cybersecurity Risk Management firm from Missouri, has discovered that corrupting files are proving cheaper, is faster and is less likely to be detected by security solutions. For this reason, some hacking groups who were into ransomware attacks have set up a separate sect of threat actors who are being assigned the job of target corporate networks and corrupt files.
A disgruntled developer is the alleged source of the leak of the Lockbit 3.0 builder
Security Affairs
SEPTEMBER 22, 2022
A disgruntled developer seems to be responsible for the leak of the builder for the latest encryptor of the LockBit ransomware gang. The leak of the builder for the latest encryptor of the LockBit ransomware gang made the headlines, it seems that the person who published it is a disgruntled developer. The latest version of the encryptor, version 3.0 , was released by the gang in June.
Uber exposes Lapsus$ extortion group for security breach
Tech Republic Security
SEPTEMBER 21, 2022
In last week’s security breach against Uber, the attackers downloaded internal messages from Slack as well as information from a tool used to manage invoices. The post Uber exposes Lapsus$ extortion group for security breach appeared first on TechRepublic.
IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Multi-factor authentication fatigue attacks are on the rise: How to defend against them
CSO Magazine
SEPTEMBER 22, 2022
Credential compromise has been one of the top causes for network security breaches for a long time, which has prompted more organizations to adopt multi-factor authentication (MFA) as a defense. While enabling MFA for all accounts is highly encouraged and a best practice, the implementation details matter because attackers are finding ways around it.
Attacker Apparently Didn't Have to Breach a Single System to Pwn Uber
Dark Reading
SEPTEMBER 17, 2022
Alleged teen hacker claims he found an admin password in a network share inside Uber that allowed complete access to ride-sharing giant's AWS, Windows, Google Cloud, VMware, and other environments.
Atlassian Confluence bug CVE-2022-26134 exploited in cryptocurrency mining campaign
Security Affairs
SEPTEMBER 22, 2022
Threat actors are targeting unpatched Atlassian Confluence servers as part of an ongoing crypto mining campaign. Trend Micro researchers warn of an ongoing crypto mining campaign targeting Atlassian Confluence servers affected by the CVE-2022-26134 vulnerability. The now-patched critical security flaw was disclosed by Atlassian in early June, at the time the company warned of a critical unpatched remote code execution vulnerability affecting all Confluence Server and Data Center supported versio
350,000 open source projects at risk from Python vulnerability
Tech Republic Security
SEPTEMBER 22, 2022
Fifteen-year-old N-day Python tarfile module vulnerability puts software supply chain under the microscope. The post 350,000 open source projects at risk from Python vulnerability appeared first on TechRepublic.
The Cloud Development Environment Adoption Report
Advertisement
Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.
Data Security Training Needs an Update
CyberSecurity Insiders
SEPTEMBER 21, 2022
By Robert Fleming, Chief Marketing Officer at Zivver. Employees are constantly overloaded with the ‘we need to be more secure’ mantra from their employers but, as found in our recent report, out of the 67% of employees who had security training in the last two years, only 36% applied these tips and techniques to their core role. This means one thing: security training alone isn’t getting the job done.
Software Supply Chain Security Guidance for Developers
eSecurity Planet
SEPTEMBER 23, 2022
Whether it’s package hijacking, dependency confusing, typosquatting, continuous integration and continuous delivery ( CI/CD ) compromises, or basic web exploitation of outdated dependencies , there are many software supply chain attacks adversaries can perform to take down their victims, hold them to ransom , and exfiltrate critical data. It’s often more efficient to attack a weak link in the chain to reach a bigger target, like what happened to Kaseya or SolarWinds in the last couple of years.
Bitdefender releases Universal LockerGoga ransomware decryptor
Security Affairs
SEPTEMBER 17, 2022
Bitdefender has released a free decryptor to allow the victims of the LockerGoga ransomware to recover their files without paying a ransom. The cybersecurity firm Bitdefender has released a free decryptor to allow LockerGoga ransomware victims to recover their encrypted files without paying a ransom. “We’re pleased to announce the availability of a new decryptor for LockerGoga, a strain of ransomware that rose to fame in 2019 with the attack of the Norsk Hydro company.” reads the ann
How to protect your organization’s single sign-on credentials from compromise
Tech Republic Security
SEPTEMBER 19, 2022
Half of the top 20 most valuable public U.S. companies had at least one single sign-on credential up for sale on the Dark Web in 2022, says BitSight. The post How to protect your organization’s single sign-on credentials from compromise appeared first on TechRepublic.
Bringing the Cybersecurity Imperative Into Focus
Advertisement
Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!
Let's personalize your content