Lohrman on Security
SEPTEMBER 4, 2022
Montenegro, Estonia and new NATO applicant Finland are just three of the countries being hit hard by sophisticated cyber attacks. What’s happening and who’s next?
Joseph Steinberg
SEPTEMBER 6, 2022
It is not a secret that the American people remain in danger of massive, crippling cyberattacks that could impact financial services, utilities, health care, and just about every other area of modern life. What is not often discussed about the danger, however, is that one of the primary reasons that the United States, as a country, remains ill-prepared for fending off cyberattacks, is that decentralized State and Local government agencies, and not the centralized Federal government, run or overs
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Troy Hunt
SEPTEMBER 8, 2022
The first time I ever wrote publicly about a company's security vulnerabilities, my boss came to have a word with me after seeing my name in the news headlines. One of the worst days I've ever had was right in the middle of the Have I Been Pwned sale process, and it left me an absolute emotional wreck. When I wrote about how I deal with online abuse, it was off the back of some pretty nasty stuff. which I've now included in this book 😊 These are the stories behind the stor
Schneier on Security
SEPTEMBER 8, 2022
This is from a court deposition : Facebook’s stonewalling has been revealing on its own, providing variations on the same theme: It has amassed so much data on so many billions of people and organized it so confusingly that full transparency is impossible on a technical level. In the March 2022 hearing, Zarashaw and Steven Elia, a software engineering manager, described Facebook as a data-processing apparatus so complex that it defies understanding from within.
Advertisement
Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.
The Last Watchdog
SEPTEMBER 7, 2022
Finally, Uncle Sam is compelling companies to take cybersecurity seriously. Related: How the Middle East paved the way to CMMC. Cybersecurity Maturity Model Certification version 2.0 could take effect as early as May 2023 mandating detailed audits of the cybersecurity practices of any company that hopes to do business with the Department of Defense.
Tech Republic Security
SEPTEMBER 7, 2022
Learn more about how edge computing can reduce latency, boost performance and improve data security among other benefits. The post Benefits of edge computing appeared first on TechRepublic.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
|
Schneier on Security
SEPTEMBER 9, 2022
Stewart Baker discusses why the industry-norm responsible disclosure for software vulnerabilities fails for cryptocurrency software. Why can’t the cryptocurrency industry solve the problem the way the software and hardware industries do, by patching and updating security as flaws are found? Two reasons: First, many customers don’t have an ongoing relationship with the hardware and software providers that protect their funds—nor do they have an incentive to update security on a regular bas
The Last Watchdog
SEPTEMBER 6, 2022
Network security has been radically altered, two-plus years into the global pandemic. Related: ‘ Attack surface management’ rises to the fore. The new normal CISOs face today is something of a nightmare. They must take into account a widely scattered workforce and somehow comprehensively mitigate new and evolving cyber threats. Criminal hacking collectives are thriving, more than ever.
Jane Frankland
SEPTEMBER 7, 2022
A few weeks ago I wrote to you about toxic masculinity , how it affects all of us, and what we can do about it. This week I want to bring your attention to the Groundwater Approach and Root Cause Analysis. It’s especially relevant considering the brain drain that’s occuring in cyber. Forrester predicts 1 in 10 experienced professionals will leave cyber this year because of a few dynamics that are colliding, namely poor financial and advancement incentives; general stress and burnout
Tech Republic Security
SEPTEMBER 5, 2022
An asset management software is a necessary part of every IT department. Find out which one is best for your business. The post Best IT asset management software of 2022 appeared first on TechRepublic.
Advertisement
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
Schneier on Security
SEPTEMBER 7, 2022
This article makes LockBit sound like a legitimate organization: The DDoS attack last weekend that put a temporary stop to leaking Entrust data was seen as an opportunity to explore the triple extortion tactic to apply more pressure on victims to pay a ransom. LockBitSupp said that the ransomware operator is now looking to add DDoS as an extortion tactic on top of encrypting data and leaking it. “I am looking for dudosers [DDoSers] in the team, most likely now we will attack targets and pr
We Live Security
SEPTEMBER 8, 2022
It pays to do some research before taking a leap into the world of internet-connected toys. The post Toys behaving badly: How parents can protect their family from IoT threats appeared first on WeLiveSecurity.
Security Affairs
SEPTEMBER 9, 2022
Threat actors claimed to have stolen classified NATO documents from the Armed Forces General Staff agency of Portugal (EMGFA). After discovering that Classified NATO documents belonging to the Armed Forces General Staff agency of Portugal (EMGFA) were offered for sale on the darkweb, the Portuguese agency discovered it has suffered a cyberattack. The Armed Forces General Staff (Portuguese: Estado-Maior-General das Forças Armadas), or EMGFA, is the supreme military body of Portugal.
Tech Republic Security
SEPTEMBER 9, 2022
Jack Wallen ponders the rising tide of Linux malware and offers advice on how to help mitigate the issue. The post The rise of Linux malware: 9 tips for securing the OSS appeared first on TechRepublic.
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
The Hacker News
SEPTEMBER 9, 2022
A zero-day flaw in a WordPress plugin called BackupBuddy is being actively exploited, WordPress security company Wordfence has disclosed. "This vulnerability makes it possible for unauthenticated users to download arbitrary files from the affected site which can include sensitive information," it said.
SecureWorld News
SEPTEMBER 4, 2022
Trust can be a hard thing to come by in this world but in the world of cybersecurity, trust is virtually non-existent, or at least it should be. VPNs got us all from crawling to walking in the early days of the internet, but security needs have outpaced VPNs' abilities to deliver true security and privacy for users and organizations so we now look to more advanced solutions to keep us cybersafe.
Security Affairs
SEPTEMBER 3, 2022
Electronics giant Samsung has confirmed a new data breach after some of its US systems were compromised in July. After the attack that hit the company in late July 2022, Samsung disclosed a data breach. The Electronics giant discovered on August 4 that threat actors have had access to its systems and exfiltrated customer personal information. The threat actors had access to Samsung customers’ names, contacts, dates of birth, product registration data, and demographic information.
Tech Republic Security
SEPTEMBER 9, 2022
The lack of transparency could be cause for concern, but the data stolen is not high value. The post Impact of Samsung’s most recent data breach unknown appeared first on TechRepublic.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
eSecurity Planet
SEPTEMBER 3, 2022
Distributed denial-of-service (DDoS) attacks cause problems for organizations of all sizes. To fight DDoS attacks, organizations and teams need to implement the three standard phases for any IT threat: preparation, reaction, and recovery. However, to plan the phases properly, organizations need to first understand the nature of DDoS attacks and why attackers use them.
Bleeping Computer
SEPTEMBER 3, 2022
The Internal Revenue Service has accidentally leaked confidential information for approximately 120,000 taxpayers who filed a form 990-T as part of their tax returns. [.].
Security Affairs
SEPTEMBER 9, 2022
Threat actors are exploiting a zero-day vulnerability in a WordPress plugin called BackupBuddy, Wordfence researchers warned. On September 6, 2022, the Wordfence Threat Intelligence team was informed of a vulnerability being actively exploited in the BackupBuddy WordPress plugin. This plugin allows users to back up an entire WordPress installation, including theme files, pages, posts, widgets, users, and media files.
Tech Republic Security
SEPTEMBER 8, 2022
The new PCI DSS 4.0 standard means organizations will have to up their game beginning in 2024. The post PCI DSS compliance improving but still lags highs appeared first on TechRepublic.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Security Boulevard
SEPTEMBER 8, 2022
By Source Defense Now in its fourth year, the European Union’s General Data Protection Regulation (GDPR) is one of the strictest, most complex, and most confusing data privacy laws in the world. Although that complexity initially meant that accountability got off to a slow start, GDPR fines are now becoming more common and costly. During. The post GDPR and Website Data Leakage:<br>A Complex Problem With a Simple Solution appeared first on Source Defense.
Bleeping Computer
SEPTEMBER 6, 2022
A reverse-proxy Phishing-as-a-Service (PaaS) platform called EvilProxy has emerged, promising to steal authentication tokens to bypass multi-factor authentication (MFA) on Apple, Google, Facebook, Microsoft, Twitter, GitHub, GoDaddy, and even PyPI. [.].
Security Affairs
SEPTEMBER 8, 2022
Cisco fixed new security flaws affecting its products, including a recently disclosed high-severity issue in NVIDIA Data Plane Development Kit. The most severe issues fixed by Cisco are an unauthenticated Access to Messaging Services Vulnerability affecting Cisco SD-WAN vManage software and a vulnerability in NVIDIA Data Plane Development Kit. The two issues have been tracked as CVE-2022-20696 (CVSS score: 7.5) and CVE-2022-28199 (CVSS score: 8.6) respectively.
Tech Republic Security
SEPTEMBER 8, 2022
Jack Wallen shows you how to take control of online advertisements in the Opera web browser, so you can stop worrying ads will take control of you. The post How to manage ad blocking in Opera appeared first on TechRepublic.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Security Boulevard
SEPTEMBER 7, 2022
TikTok was hacked, with over two billion records stolen. Or so says notorious leak group BlueHornet (a/k/a AgainstTheWest, @AggressiveCurl). The post TikTok Hack: 2B Records Leak — but ByteDance Denies appeared first on Security Boulevard.
Bleeping Computer
SEPTEMBER 3, 2022
Google has released Chrome 105.0.5195.102 for Windows, Mac, and Linux users to address a single high-severity security flaw, the sixth Chrome zero-day exploited in attacks patched this year. [.].
Security Affairs
SEPTEMBER 9, 2022
Iran-linked APT group DEV-0270 (aka Nemesis Kitten) is abusing the BitLocker Windows feature to encrypt victims’ devices. Microsoft Security Threat Intelligence researchers reported that Iran-linked APT group DEV-0270 ( Nemesis Kitten ) has been abusing the BitLocker Windows feature to encrypt victims’ devices. The researchers tracked multiple ransomware attacks conducted by the DEV-0270 group, which is a unit of the Iranian actor PHOSPHORUS.
Tech Republic Security
SEPTEMBER 7, 2022
Learn all about the key features, specs, pricing, availability and other details about Apple's 2022 release of iPhone 14 and iPhone 14 Pro. The post iPhone 14 cheat sheet: Everything to know about Apple’s 2022 flagship phones appeared first on TechRepublic.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Expert insights. Personalized for you.
301 
Let's personalize your content