Joseph Steinberg

OCTOBER 12, 2022

What can hospitals learn from an ex-CIA cybersecurity director and a cybersecurity-expert columnist read by millions of people? Join Bonnie Stith, former Director of the CIA’s Center for Cyber Intelligence , and and Joseph Steinberg, renowned cybersecurity expert witness and columnist , for a special, free educational webinar, Best Practices for Asset Risk Management in Hospitals.

Cybersecurity 245

Cybersecurity Technology Risk Artificial Intelligence 245

Schneier on Security

OCTOBER 11, 2022

Interesting research: “ ImpNet: Imperceptible and blackbox-undetectable backdoors in compiled neural networks , by Tim Clifford, Ilia Shumailov, Yiren Zhao, Ross Anderson, and Robert Mullins: Abstract : Early backdoor attacks against machine learning set off an arms race in attack and defence development. Defences have since appeared demonstrating some ability to detect backdoors in models or even remove them.

Architecture 363

Architecture Software 363

Krebs on Security

OCTOBER 11, 2022

Microsoft today released updates to fix at least 85 security holes in its Windows operating systems and related software, including a new zero-day vulnerability in all supported versions of Windows that is being actively exploited. However, noticeably absent from this month’s Patch Tuesday are any updates to address a pair of zero-day flaws being exploited this past month in Microsoft Exchange Server.

DNS 310

DNS Internet Internet Cyber threats 310

Anton on Security

OCTOBER 12, 2022

This is my completely informal, uncertified, unreviewed and otherwise completely unofficial blog inspired by my reading of our fourth Threat Horizons Report ( full version ) that we just released ( the official blog for #1 report , my unofficial blog for #2 , my unofficial blog for #3 ). My favorite quotes from the report follow below: “in Q2 threat actors frequently targeted weak and default-password issues for initial compromise, factoring in over half of identified Incidents.

Cybersecurity 246

Cybersecurity Malware Accountability Authentication 246

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

The Last Watchdog

OCTOBER 10, 2022

As digital technologies become more immersive and tightly integrated with our daily lives, so too do the corresponding intrusive attacks on user privacy. Related: The case for regulating facial recognition. Virtual reality (VR) is well positioned to become a natural continuation of this trend. While VR devices have been around in some form since well before the internet, the true ambition of major corporations to turn these devices into massively-connected social “metaverse” platforms has only r

Risk 222

Risk Data privacy Data collection Technology 222

Schneier on Security

OCTOBER 12, 2022

Researchers have used thermal cameras and ML guessing techniques to recover passwords from measuring the residual heat left by fingers on keyboards. From the abstract: We detail the implementation of ThermoSecure and make a dataset of 1,500 thermal images of keyboards with heat traces resulting from input publicly available. Our first study shows that ThermoSecure successfully attacks 6-symbol, 8-symbol, 12-symbol, and 16-symbol passwords with an average accuracy of 92%, 80%, 71%, and 55% respec

Passwords 340

Passwords 340

Lohrman on Security

OCTOBER 9, 2022

Cybersecurity professionals can learn from teachers, writers, actors and others who have learned how to tell stories in impactful ways. It's a good lesson to keep in mind for Cybersecurity Awareness Month.

Cybersecurity 148

Cybersecurity 148

Security Affairs

OCTOBER 14, 2022

Researchers disclosed details of a now-patched flaw, tracked as CVE-2022-37969, in Windows Common Log File System (CLFS). The CVE-2022-37969 (CVSS score: 7.8) flaw is a Windows Common Log File System Driver Elevation of Privilege Vulnerability. The Common Log File System (CLFS) is a general-purpose logging subsystem that can be used by applications running in both kernel mode and user mode for building high-performance transaction logs, and is implemented in the driver CLFS.sys.

Hacking 145

Hacking Information Security 145

Schneier on Security

OCTOBER 10, 2022

This is a story of one piece of what is probably a complex employment scam. Basically, real programmers are having their resumes copied and co-opted by scammers, who apply for jobs (or, I suppose, get recruited from various job sites), then hire other people with Western looks and language skills are to impersonate those first people on Zoom job interviews.

Scams 304

Scams Banking 304

Tech Republic Security

OCTOBER 14, 2022

Zero trust is one of the most used buzzwords in cybersecurity, but what exactly does this approach entail? The post Zero trust: Data-centric culture to accelerate innovation and secure digital business appeared first on TechRepublic.

Cybersecurity 184

Cybersecurity 184

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

The Hacker News

OCTOBER 14, 2022

Tata Power Company Limited, India's largest integrated power company, on Friday confirmed it was targeted by a cyberattack. The intrusion on IT infrastructure impacted "some of its IT systems," the company said in a filing with the National Stock Exchange (NSE) of India.

Cyber Attacks 145

Cyber Attacks 145

Security Affairs

OCTOBER 13, 2022

The Budworm espionage group resurfaced targeting a U.S.-based organization for the first time, Symantec Threat Hunter team reported. The Budworm cyber espionage group (aka APT27 , Bronze Union , Emissary Panda , Lucky Mouse , TG-3390 , and Red Phoenix) is behind a series attacks conducted over the past six months against a number of high-profile targets, including the government of a Middle Eastern country, a multinational electronics manufacturer, and a U.S. state legislature.

Penetration Testing 145

Penetration Testing Financial Services Surveillance Manufacturing 145

Schneier on Security

OCTOBER 13, 2022

California just legalized digital license plates, which seems like a solution without a problem. The Rplate can reportedly function in extreme temperatures, has some customization features, and is managed via Bluetooth using a smartphone app. Rplates are also equipped with an LTE antenna, which can be used to push updates, change the plate if the vehicle is reported stolen or lost, and notify vehicle owners if their car may have been stolen.

Risk 55

Risk Mobile Internet Internet 55

Tech Republic Security

OCTOBER 14, 2022

At this week's event, Google presented its latest solutions as it tries to overtake Amazon and Microsoft in the cloud market. The post Google Next ’22: A new era of built-in cloud services appeared first on TechRepublic.

Marketing 181

Marketing Internet Internet Software 181

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

The Hacker News

OCTOBER 13, 2022

A previously undocumented command-and-control (C2) framework dubbed Alchimist is likely being used in the wild to target Windows, macOS, and Linux systems.

Malware 145

Malware 145

SecureList

OCTOBER 12, 2022

Last year, we wrote about the Triada Trojan inside FMWhatsApp, a modified WhatsApp build. At that time, we discovered that a dropper was found inside the distribution, along with an advertising SDK. This year, the situation has repeated, but with a different modified build, YoWhatsApp version 2.22.11.75. Inside it, we found a malicious module that we detect as Trojan.AndroidOS.Triada.eq.

Malware 145

Malware Advertising Accountability Mobile 145

Schneier on Security

OCTOBER 14, 2022

This is a current list of where and when I am scheduled to speak: I’m speaking at the World Ethical Data Forum , online, October 26-28, 2022. I’m speaking at the 24th International Information Security Conference in Madrid, Spain, on November 17, 2022. The list is maintained on this page.

Information Security 214

Information Security 214

Tech Republic Security

OCTOBER 14, 2022

With the end of support looming, you need to plan to replace Exchange Server 2013 in the next few months, but there are more options than just upgrading. The post April is the end of Exchange 2013: Here’s what you need to know appeared first on TechRepublic.

Backups 177

Backups Software 177

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Security Affairs

OCTOBER 14, 2022

Chinese-speaking threat actor, tracked as WIP19, is targeting telecommunications and IT service providers in the Middle East and Asia. SentinelOne researchers uncovered a new threat cluster, tracked as WIP19, which has been targeting telecommunications and IT service providers in the Middle East and Asia. The experts believe the group operated for cyber espionage purposes and is a Chinese-speaking threat group.

Telecommunications 145

Telecommunications Malware Hacking Information Security 145

Graham Cluley

OCTOBER 12, 2022

iOS 16.0.3 has been pushed out by Apple, and my advice is that you should install it.

145

145

Bleeping Computer

OCTOBER 12, 2022

A new version of an unofficial WhatsApp Android application named 'YoWhatsApp' has been found stealing access keys for users' accounts. [.].

Accountability 145

Accountability 145

Tech Republic Security

OCTOBER 13, 2022

At the Samsung Developer Conference 2022, the company also discussed its plans for personalized experiences, security and privacy. The post Samsung unveils latest smartphones, smart devices and Galaxy Watch appeared first on TechRepublic.

Internet 163

Internet Internet IoT Mobile 163

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Dark Reading

OCTOBER 12, 2022

Among other things, users who download the app could end up having their WhatsApp account details stolen.

Mobile 144

Mobile Accountability 144

Security Affairs

OCTOBER 10, 2022

The pro-Russia hacktivist group ‘KillNet’ is behind massive DDoS attacks that hit websites of several major airports in the US. The pro-Russia hacktivist group ‘ KillNet ‘ is claiming responsibility for massive distributed denial-of-service (DDoS) attacks against the websites of several major airports in the US. The DDoS attacks have taken the websites offline, users were not able to access it during the offensive.

DDOS 144

DDOS Hacking Information Security 144

Security Boulevard

OCTOBER 11, 2022

Source code for the Intel Alder Lake processor EUFI BIOS has gone walkies. 4chan is said to be involved. The post LEAKED: Intel’s BIOS Source Code — All 6GB of It appeared first on Security Boulevard.

Social Engineering 144

Social Engineering IoT Engineering Security Awareness 144

Tech Republic Security

OCTOBER 14, 2022

The SplashID Pro password manager helps you securely store and manage your important digital data. Get it for more than 70% off today. The post Protect your digital life with SplashID Pro password manager appeared first on TechRepublic.

Password Management 151

Password Management Passwords Software 151

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

The Hacker News

OCTOBER 14, 2022

Web infrastructure and security company Cloudflare disclosed this week that it halted a 2.5 Tbps distributed denial-of-service (DDoS) attack launched by a Mirai botnet. Characterizing it as a "multi-vector attack consisting of UDP and TCP floods," researcher Omer Yoachimik said the DDoS attack targeted the Minecraft server Wynncraft in Q3 2022. "The entire 2.

DDOS 142

DDOS 142

Security Affairs

OCTOBER 11, 2022

Lockbit ransomware affiliates are compromising Microsoft Exchange servers to deploy their ransomware, experts warn. South-Korean cybersecurity firm AhnLab reported that Lockbit ransomware affiliates are distributing their malware via compromised Microsoft Exchange servers. In July 2022, two servers operated by a customer of the security firm were infected with LockBit 3.0 ransomware. .

Ransomware 144

Ransomware Encryption Malware Hacking 144

Security Boulevard

OCTOBER 10, 2022

It’s never been more challenging to work in cybersecurity. The cost of a breach keeps going up, the number of attacks is constantly increasing and the industry is in the middle of a multi-year staffing crisis. It’s no surprise that 90% of security teams see automation as essential for them to deliver on their mandate. The post Human-Centric No-Code Automation is the Future of Cybersecurity appeared first on Security Boulevard.

Cybersecurity 143

Cybersecurity Security Awareness 143

Tech Republic Security

OCTOBER 13, 2022

Take advantage of this limited-time offer on LastPass. A LastPass Premium membership is now available for only $2 per month. The post This top-rated password manager is just $2/month appeared first on TechRepublic.

Password Management 151

Password Management Passwords Software 151

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity