Trends in Developing a New Cyber Workforce Strategy
Lohrman on Security
SEPTEMBER 18, 2022
White House efforts to strengthen the cybersecurity workforce nationwide took several new steps forward over the past few months.
Sat.Sep 17, 2022 - Fri.Sep 23, 2022
267 
Leaking Screen Information on Zoom Calls through Reflections in Eyeglasses
Schneier on Security
SEPTEMBER 23, 2022
Okay, it’s an obscure threat. But people are researching it : Our models and experimental results in a controlled lab setting show it is possible to reconstruct and recognize with over 75 percent accuracy on-screen texts that have heights as small as 10 mm with a 720p webcam.” That corresponds to 28 pt, a font size commonly used for headings and small headlines. […].
Join 28,000+
Insiders
Sign Up for our Newsletter
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Trending Sources
Botched Crypto Mugging Lands Three U.K. Men in Jail
Krebs on Security
SEPTEMBER 17, 2022
Three men in the United Kingdom were arrested this month for attempting to assault a local man and steal his virtual currencies. The incident is the latest example of how certain cybercriminal communities are increasingly turning to physical violence to settle scores and disputes. Shortly after 11 p.m. on September 6, a resident in the Spalding Common area in the district of Lincolnshire, U.K. phoned police to say three men were acting suspiciously, and had jumped a nearby fence. “The thre
Uber investigating security breach of several internal systems
Tech Republic Security
SEPTEMBER 17, 2022
Communications and engineering systems were taken offline after hacker sends images of repositories to cybersecurity researchers and The New York Times. The post Uber investigating security breach of several internal systems appeared first on TechRepublic.
Optimizing The Modern Developer Experience with Coder
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Energy bill rebate scams spread via SMS and email
Graham Cluley
SEPTEMBER 21, 2022
The UK’s National Cyber Security Centre (NCSC) has warned that fraudsters are sending out emails and SMS texts urging homeowners to sign up for a discount on their energy bills.
Credit Card Fraud That Bypasses 2FA
Schneier on Security
SEPTEMBER 20, 2022
Someone in the UK is stealing smartphones and credit cards from people who have stored them in gym lockers, and is using the two items in combination to commit fraud: Phones, of course, can be made inaccessible with the use of passwords and face or fingerprint unlocking. And bank cards can be stopped. But the thief has a method which circumnavigates those basic safety protocols.
Sign up to get articles personalized to your interests!
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
More Trending
SEC fines Morgan Stanley Smith Barney $35 million over failure to secure customer data
Tech Republic Security
SEPTEMBER 22, 2022
The financial giant hired a moving company with no experience in data destruction to dispose of hard drives with the personal data of around 15 million customers, said the SEC. The post SEC fines Morgan Stanley Smith Barney $35 million over failure to secure customer data appeared first on TechRepublic.
Corrupting files is easy than spreading Ransomware
CyberSecurity Insiders
SEPTEMBER 23, 2022
Cyderes, a Cybersecurity Risk Management firm from Missouri, has discovered that corrupting files are proving cheaper, is faster and is less likely to be detected by security solutions. For this reason, some hacking groups who were into ransomware attacks have set up a separate sect of threat actors who are being assigned the job of target corporate networks and corrupt files.
Automatic Cheating Detection in Human Racing
Schneier on Security
SEPTEMBER 21, 2022
This is a fascinating glimpse of the future of automatic cheating detection in sports: Maybe you heard about the truly insane false-start controversy in track and field? Devon Allen—a wide receiver for the Philadelphia Eagles—was disqualified from the 110-meter hurdles at the World Athletics Championships a few weeks ago for a false start.
Multi-factor authentication fatigue attacks are on the rise: How to defend against them
CSO Magazine
SEPTEMBER 22, 2022
Credential compromise has been one of the top causes for network security breaches for a long time, which has prompted more organizations to adopt multi-factor authentication (MFA) as a defense. While enabling MFA for all accounts is highly encouraged and a best practice, the implementation details matter because attackers are finding ways around it.
The Tumultuous IT Landscape Is Making Hiring More Difficult
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Software supply chain security gets its first Linux distro, Wolfi
Tech Republic Security
SEPTEMBER 22, 2022
A new approach to Linux offers hope to those who want to improve their security posture. The post Software supply chain security gets its first Linux distro, Wolfi appeared first on TechRepublic.
Software Supply Chain Security Guidance for Developers
eSecurity Planet
SEPTEMBER 23, 2022
Whether it’s package hijacking, dependency confusing, typosquatting, continuous integration and continuous delivery ( CI/CD ) compromises, or basic web exploitation of outdated dependencies , there are many software supply chain attacks adversaries can perform to take down their victims, hold them to ransom , and exfiltrate critical data. It’s often more efficient to attack a weak link in the chain to reach a bigger target, like what happened to Kaseya or SolarWinds in the last couple of years.
Large-Scale Collection of Cell Phone Data at US Borders
Schneier on Security
SEPTEMBER 19, 2022
The Washington Post is reporting that the US Customs and Border Protection agency is seizing and copying cell phone, tablet, and computer data from “as many as” 10,000 phones per year, including an unspecified number of American citizens. This is done without a warrant, because “…courts have long granted an exception to border authorities, allowing them to search people’s devices without a warrant or suspicion of a crime.” CBP’s inspection of people̵
Attacker Apparently Didn't Have to Breach a Single System to Pwn Uber
Dark Reading
SEPTEMBER 17, 2022
Alleged teen hacker claims he found an admin password in a network share inside Uber that allowed complete access to ride-sharing giant's AWS, Windows, Google Cloud, VMware, and other environments.
The Importance of User Roles and Permissions in Cybersecurity Software
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Account takeover attacks on the rise, impacting almost 25% of people in the US
Tech Republic Security
SEPTEMBER 23, 2022
Losses triggered by account takeovers have averaged $12,000 per incident, according to data cited by SEON. The post Account takeover attacks on the rise, impacting almost 25% of people in the US appeared first on TechRepublic.
Data Security Training Needs an Update
CyberSecurity Insiders
SEPTEMBER 21, 2022
By Robert Fleming, Chief Marketing Officer at Zivver. Employees are constantly overloaded with the ‘we need to be more secure’ mantra from their employers but, as found in our recent report, out of the 67% of employees who had security training in the last two years, only 36% applied these tips and techniques to their core role. This means one thing: security training alone isn’t getting the job done.
Prompt Injection/Extraction Attacks against AI Systems
Schneier on Security
SEPTEMBER 22, 2022
This is an interesting attack I had not previously considered. The variants are interesting , and I think we’re just starting to understand their implications.
LastPass says hackers had internal access for four days
Bleeping Computer
SEPTEMBER 17, 2022
LastPass says the attacker behind the August security breach had internal access to the company's systems for four days until they were detected and evicted. [.].
IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
How to protect your organization’s single sign-on credentials from compromise
Tech Republic Security
SEPTEMBER 19, 2022
Half of the top 20 most valuable public U.S. companies had at least one single sign-on credential up for sale on the Dark Web in 2022, says BitSight. The post How to protect your organization’s single sign-on credentials from compromise appeared first on TechRepublic.
How to Prepare for the Future of Vulnerability Management
CyberSecurity Insiders
SEPTEMBER 19, 2022
By Lisa Xu [Lisa Xu is CEO of the risk-based vulnerability management platform NopSec ]. To better understand how organizations approach vulnerability management, oversee their attack surface, and control risk, NopSec surveyed 426 security professionals with questions designed to illuminate and quantify their day-to-day challenges, frustrations, and priorities.
Threat Group TeamTNT Returns with New Cloud Attacks
eSecurity Planet
SEPTEMBER 21, 2022
A retired threat actor has returned with new attacks aimed at the cloud, containers – and encryption keys. The Aqua Nautilus research team observed three attacks that appeared very similar to those performed by TeamTNT, a threat actor specializing in cloud platforms and online instances such as Kubernetes clusters, Redis servers, and Docker APIs.
Bitdefender releases Universal LockerGoga ransomware decryptor
Security Affairs
SEPTEMBER 17, 2022
Bitdefender has released a free decryptor to allow the victims of the LockerGoga ransomware to recover their files without paying a ransom. The cybersecurity firm Bitdefender has released a free decryptor to allow LockerGoga ransomware victims to recover their encrypted files without paying a ransom. “We’re pleased to announce the availability of a new decryptor for LockerGoga, a strain of ransomware that rose to fame in 2019 with the attack of the Norsk Hydro company.” reads the ann
The Cloud Development Environment Adoption Report
Advertisement
Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.
350,000 open source projects at risk from Python vulnerability
Tech Republic Security
SEPTEMBER 22, 2022
Fifteen-year-old N-day Python tarfile module vulnerability puts software supply chain under the microscope. The post 350,000 open source projects at risk from Python vulnerability appeared first on TechRepublic.
MSSP Focus: Three ways your SIEM (even NG-SIEM) is hurting your ability to grow
CyberSecurity Insiders
SEPTEMBER 22, 2022
In today’s ultra-competitive MSSP market , business owners are looking for ways to make their offerings more attractive to customers and their SOCs more effective. To that end MSSPs add new technology to their security offering stack with the hopes that prospective customers will see this addition as an opportunity to outsource some, or all, of their security monitoring.
Ransomware Groups Turn to Intermittent Encryption to Speed Attack Times
eSecurity Planet
SEPTEMBER 22, 2022
During a cyberattack, time is of the essence for both attackers and defenders. To accelerate the ransomware encryption process and make it harder to detect, cybercriminal groups have begun using a new technique: intermittent encryption. Intermittent encryption allows the ransomware encryption malware to encrypt files partially or only encrypt parts of the files.
Analyzing IP Addresses to Prevent Fraud for Enterprises
Security Affairs
SEPTEMBER 20, 2022
How can businesses protect themselves from fraudulent activities by examining IP addresses? The police would track burglars if they left calling cards at the attacked properties. Internet fraudsters usually leave a trail of breadcrumbs whenever they visit websites through specific IP addresses. They reveal their physical location and the device they used to connect to the web.
Bringing the Cybersecurity Imperative Into Focus
Advertisement
Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!
Learn Palo Alto Networks cybersecurity with this $20 training
Tech Republic Security
SEPTEMBER 20, 2022
Start deploying cutting-edge firewalls with this training certification course. The post Learn Palo Alto Networks cybersecurity with this $20 training appeared first on TechRepublic.
How to have fun negotiating with a ransomware gang
Graham Cluley
SEPTEMBER 22, 2022
Can negotiating your firm’s ransomware payment actually be fun? Well, if it’s a game rather than the real thing then yes! The inventive bods at the Financial Times have created an imaginative ransomware negotiation simulator which lets you imagine you’re in the hot seat at a hacked company, trying to stop cybercriminals from releasing sensitive … Continue reading "How to have fun negotiating with a ransomware gang".
Unpatched 15-year old Python bug allows code execution in 350k projects
Bleeping Computer
SEPTEMBER 22, 2022
A vulnerability in the Python programming language that has been overlooked for 15 years is now back in the spotlight as it likely affects more than 350,000 open-source repositories and can lead to code execution. [.].
New SEC Cybersecurity Rules Could Affect Private Companies Too
eSecurity Planet
SEPTEMBER 23, 2022
For years, the U.S. Securities and Exchange Commission (SEC) strongly advised public companies to improve their cybersecurity. However, after minimal corporate adoption of stronger cybersecurity, the SEC has drafted rules to require more formal cybersecurity reporting and disclosure. This requirement copies the strategies of previous legislation that dramatically improved financial reporting for both public and private companies.
Cybersecurity Predictions for 2024
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Let's personalize your content