Schneier on Security

MARCH 22, 2023

OpenAI has disabled ChatGPT’s privacy history, almost certainly because they had a security flaw where users were seeing each others’ histories.

Cybersecurity 338

Cybersecurity 338

Krebs on Security

MARCH 20, 2023

A new breach involving data from nine million AT&T customers is a fresh reminder that your mobile provider likely collects and shares a great deal of information about where you go and what you do with your mobile device — unless and until you affirmatively opt out of this data collection. Here’s a primer on why you might want to do that, and how.

Mobile 323

Mobile Wireless Advertising Telecommunications 323

Tech Republic Security

MARCH 24, 2023

Cisco’s just-released 2023 Cybersecurity Index shows companies will invest more in security, but the solution may be a larger tent, not more umbrellas. The post Even after armed with defense tools, CISOs say successful cyberattacks are ‘inevitable’: New study appeared first on TechRepublic.

CISO 213

CISO Cybersecurity Software 213

The Last Watchdog

MARCH 20, 2023

One common misconception is that scammers usually possess a strong command of computer science and IT knowledge. Related: How Google, Facebook enable snooping In fact, a majority of scams occur through social engineering. The rise of social media has added to the many user-friendly digital tools scammers, sextortionists, and hackers can leverage in order to manipulate their victims.

Media 214

Media Identity Theft Internet Internet 214

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

Schneier on Security

MARCH 24, 2023

In case you don’t have enough to worry about, people are hiding explosives —actual ones—in USB sticks: In the port city of Guayaquil, journalist Lenin Artieda of the Ecuavisa private TV station received an envelope containing a pen drive which exploded when he inserted it into a computer, his employer said. Artieda sustained slight injuries to one hand and his face, said police official Xavier Chango.

290

290

Dark Reading

MARCH 24, 2023

In two days, ethical researchers from 10 countries have unearthed more than 22 zero-day bugs in a wide range of technologies at the annual hacking contest.

Hacking 145

Hacking Technology 145

The Last Watchdog

MARCH 22, 2023

APIs have been a linchpin as far as accelerating digital transformation — but they’ve also exponentially expanded the attack surface of modern business networks. Related: Why ‘attack surface management’ has become crucial The resultant benefits-vs-risks gap has not surprisingly attracted the full attention of cyber criminals who now routinely leverage API weaknesses in all phases of sophisticated, multi-stage network attacks.

Risk 202

Risk Digital transformation Banking Authentication 202

Schneier on Security

MARCH 23, 2023

A vulnerability in a popular data transfer tool has resulted in a mass ransomware attack : TechCrunch has learned of dozens of organizations that used the affected GoAnywhere file transfer software at the time of the ransomware attack, suggesting more victims are likely to come forward. However, while the number of victims of the mass-hack is widening, the known impact is murky at best.

Ransomware 249

Ransomware Hacking Software 249

Dark Reading

MARCH 24, 2023

GitHub hastens to replace its RSA SSH host key after an exposure mishap threatens users with man-in-the-middle attacks and organization impersonation.

142

142

Tech Republic Security

MARCH 20, 2023

Learn how this cryptocurrency campaign operates and its scope. Then, get tips on protecting vulnerable Kubernetes instances from this cybersecurity threat. The post First Dero cryptojacking campaign targets unprotected Kubernetes instances appeared first on TechRepublic.

Cryptocurrency 197

Cryptocurrency Cybersecurity Network Security 197

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Naked Security

MARCH 22, 2023

Turns out that the Windows 11 Snipping Tool has the same "aCropalypse" data leakage bug as Pixel phones. Here's how to work around the problem.

141

141

Schneier on Security

MARCH 21, 2023

The New York Times is reporting that a US citizen’s phone was hacked by the Predator spyware. A U.S. and Greek national who worked on Meta’s security and trust team while based in Greece was placed under a yearlong wiretap by the Greek national intelligence service and hacked with a powerful cyberespionage tool, according to documents obtained by The New York Times and officials with knowledge of the case.

Spyware 232

Spyware Hacking Government Technology 232

The Hacker News

MARCH 24, 2023

A recent campaign undertaken by Earth Preta indicates that nation-state groups aligned with China are getting increasingly proficient at bypassing security solutions. The threat actor, active since at least 2012, is tracked by the broader cybersecurity community under Bronze President, HoneyMyte, Mustang Panda, RedDelta, and Red Lich.

Cybersecurity 140

Cybersecurity 140

Tech Republic Security

MARCH 24, 2023

Addressing cybersecurity can be a challenge when the focus is on speed in software development and production life cycles. The post DevSecOps puts security in the software cycle appeared first on TechRepublic.

Software 196

Software Cybersecurity 196

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

SecureList

MARCH 24, 2023

The security operations center (SOC) plays a critical role in protecting an organization’s assets and reputation by identifying, analyzing, and responding to cyberthreats in a timely and effective manner. Additionally, SOCs also help to improve overall security posture by providing add-on services like vulnerability identification, inventory tracking, threat intelligence, threat hunting, log management, etc.

Data collection 139

Data collection Banking Cybersecurity Accountability 139

Schneier on Security

MARCH 24, 2023

My latest book continues to sell well. Its ranking hovers between 1,500 and 2,000 on Amazon. It’s been spied in airports. Reviews are consistently good. I have been enjoying giving podcast interviews. It all feels pretty good right now. You can order a signed book from me here. For those of you in New York, I’m giving at book talk at the Ford Foundation on Thursday, April 6.

185

185

CyberSecurity Insiders

MARCH 22, 2023

Cybercriminals are smarter, faster, and more relentless in their attacks than in times past. Data breaches are a serious threat to organizations, but vulnerability management automation can help reduce the number of incidents businesses face each year. Managing vulnerabilities is difficult in an increasingly connected cyber environment. Companies have their own networks, networks connected to their supply chains, vendor access, remote workers, and other entry points, all creating security gaps.

Data breaches 139

Data breaches Cyber threats Government Risk 139

Tech Republic Security

MARCH 21, 2023

The harassment reported by Palo Alto Networks Unit 42 typically takes the form of phone calls and emails directed toward employees, C-suite executives and even customers. The post Ransomware gangs’ harassment of victims is increasing appeared first on TechRepublic.

Ransomware 177

Ransomware Cybersecurity 177

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

SecureList

MARCH 23, 2023

An incident response playbook is a predefined set of actions to address a specific security incident such as malware infection, violation of security policies, DDoS attack, etc. Its main goal is to enable a large enterprise security team to respond to cyberattacks in a timely and effective manner. Such playbooks help optimize the SOC processes, and are a major step forward to SOC maturity, but can be challenging for a company to develop.

Accountability 139

Accountability Risk DDOS Malware 139

Lohrman on Security

MARCH 19, 2023

Hong Sae is the CIO for the city of Roseville, Calif., and he has a tremendous track record of success in both Texas and California local government.

Government 138

Government 138

Graham Cluley

MARCH 23, 2023

The world has gone ChatGPT bonkers. Which makes it an effective lure for cybercriminals who may want to break into accounts.

Accountability 137

Accountability Malware 137

Tech Republic Security

MARCH 20, 2023

A look at 4th quarter 2022, data suggests that new threat surfaces notwithstanding, low-code cybersecurity business email compromises including phishing, as well as MFA bombing are still the prevalent exploits favored by threat actors. The post BECs double in 2022, overtaking ransomware appeared first on TechRepublic.

Ransomware 176

Ransomware Phishing Cybersecurity 176

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

SecureList

MARCH 21, 2023

Since the start of the Russo-Ukrainian conflict, Kaspersky researchers and the international community at large have identified a significant number of cyberattacks executed in a political and geopolitical context. We previously published an overview of cyber activities and the threat landscape related to the conflict between Russia and Ukraine and continue to monitor new threats in these regions.

Encryption 139

Encryption Architecture Malware Phishing 139

CyberSecurity Insiders

MARCH 19, 2023

After the release of ChatGPT in November 2022, the OpenAI CEO and the people behind the conversational chatbot launch say that they are equally scared of the negative consequences that the newly developed technology can fetch in the future. Sam Altman, the tech brain leading the company, now owned by Microsoft, spoke a few words about what the world was intending to say about the tech.

Artificial Intelligence 138

Artificial Intelligence Technology Cyber Attacks Internet 138

CSO Magazine

MARCH 20, 2023

The emergence of effective natural language processing tools such as ChatGPT means it's time to begin understanding how to harden against AI-enabled cyberattacks. The natural language generation capabilities of large language models (LLMs) are a natural fit for one of cybercrime’s most important attack vectors: phishing. Phishing relies on fooling people and the ability to generate effective language and other content at scale is a major tool in the hacker’s kit.

Phishing 136

Phishing 136

Tech Republic Security

MARCH 20, 2023

Learn about Microsoft's WordPress on Azure App Service, as well as an interesting alternative from WP Engine. The post Running WordPress on Azure for secure, fast and global content delivery appeared first on TechRepublic.

Engineering 172

Engineering 172

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

We Live Security

MARCH 24, 2023

As TikTok CEO attempts to placate U.S.

Media 134

Media 134

IT Security Guru

MARCH 21, 2023

As information technology continues to evolve, more and more people are penetrating cyberspace. Most organizations, companies, individuals, and even governments are now doing their activities in the digital world. This allows them to enjoy great benefits such as instant access from anywhere, less usage costs, and worldwide reach. A lot of internet users cannot imagine having a life without technology or access to e-ticket booking, e-commerce, online banking, the latest news, or getting in touch

Cybersecurity 131

Cybersecurity Cyber threats Technology Risk 131

CSO Magazine

MARCH 23, 2023

The US Cybersecurity and Infrastructure Security Agency (CISA) has issued advisories on 49 vulnerabilities in eight industrial control systems (ICS) this week, which are used across multiple critical infrastructure sectors. The vulnerabilities identified by CISA were tracked in products from ICS providers including Siemens, Hitachi, Rockwell, Delta Electronics, VISAM, and Keysight.

Cybersecurity 133

Cybersecurity 133

Tech Republic Security

MARCH 22, 2023

New report says far too many firms have too many IT assets they cannot see or aren’t using, with some Windows servers lacking endpoint protection and patch management. The post Report: Too many enterprises have shadow IT – unlocked doors with no cameras appeared first on TechRepublic.

Cybersecurity 162

Cybersecurity 162

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity