Krebs on Security

AUGUST 18, 2022

Scammers are using invoices sent through PayPal.com to trick recipients into calling a number to dispute a pending charge. The missives — which come from Paypal.com and include a link at Paypal.com that displays an invoice for the supposed transaction — state that the user’s account is about to be charged hundreds of dollars. Recipients who call the supplied toll-free number to contest the transaction are soon asked to download software that lets the scammers assume remote cont

Phishing 339

Phishing IT Access 339

Dark Reading

AUGUST 19, 2022

To lessen burnout and prioritize staff resiliency, put people in a position to succeed with staffwide cybersecurity training to help ease the burden on IT and security personnel.

IT 137

IT Cybersecurity Security 137

KnowBe4

AUGUST 18, 2022

Tailgating or piggybacking is an old but effective social engineering technique to gain physical access to restricted areas, according to Rahul Awati at TechTarget. Tailgating is when a bad actor simply follows an employee through a door that requires authentication.

Access 117

Access Authentication 117

Security Affairs

AUGUST 18, 2022

Google announced to have blocked the largest ever HTTPs DDoS attack, which reached 46 million requests per second (RPS). Google announced to have blocked the largest ever HTTPs DDoS attack that hit one of its Cloud Armor customers. The IT giant revealed that the attack reached 46 million requests per second (RPS). The attack took place on June 1st, at 09:45, it started with more than 10,000 requests per second (rps) and targeted a customer’s HTTP/S Load Balancer.

Cloud 144

Cloud IT Security Information Security 144

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Cloud

The Last Watchdog

AUGUST 15, 2022

The top ransomware gangs have become so relentless that it’s not unusual for two or more of them to attack the same company within a few days – or even a few hours. Related: How ‘IABs’ foster ransomware. And if an enterprise is under an active ransomware attack, or a series of attacks, that’s a pretty good indication several other gangs of hacking specialists came through earlier and paved the way.

Ransomware 214

Ransomware Systems administration Encryption Paper 214

Krebs on Security

AUGUST 16, 2022

Earlier this month, the administrator of the cybercrime forum Breached received a cease-and-desist letter from a cybersecurity firm. The missive alleged that an auction on the site for data stolen from 10 million customers of Mexico’s second-largest bank was fake news and harming the bank’s reputation. The administrator responded to this empty threat by purchasing the stolen banking data and leaking it on the forum for everyone to download.

Data breaches 286

Data breaches Sales Marketing Cybersecurity 286

eSecurity Planet

AUGUST 17, 2022

A new Linux kernel exploitation called Dirty Cred was revealed at last week’s Black Hat security conference. Zhenpeng Lin, a PhD student, and a team of researchers worked on an alternative approach to the infamous Dirty Pipe vulnerability that affected Linux kernel versions 8 and later. Dity Pipe is a major flaw that allows attackers to elevate least-privileged accounts to the maximum level (root) by exploiting the way the kernel uses pipes to pass data.

Access 145

Access Risk Security IT 145

The Last Watchdog

AUGUST 17, 2022

Network security is in dire straits. Security teams must defend an expanding attack surface, skilled IT professionals are scarce and threat actors are having a field day. Related: The role of attack surface management. That said, Managed Security Services Providers – MSSPs — are in a position to gallop to the rescue. MSSPs arrived on the scene 15 years ago to supply device security as a contracted service: antivirus, firewalls, email security and the like.

Compliance 222

Compliance Cybersecurity Risk Security 222

Data Breach Today

AUGUST 15, 2022

Ifigeneia Lella of ENISA Calls Out Major Gaps in Incident Reporting ENISA’s new "Threat Landscape for Ransomware Attacks" report analyzes 623 ransomware incidents in the EU, U.K. and U.S. from 2021 to 2022. ENISA cybersecurity officer Ifigeneia Lella shares how attacks have evolved and how 95% of reported incidents lack key data about how the breaches occurred.

Ransomware 246

Ransomware Cybersecurity 246

Advertisement

Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?

Schneier on Security

AUGUST 18, 2022

The USB Rubber Ducky is getting better and better. Already, previous versions of the Rubber Ducky could carry out attacks like creating a fake Windows pop-up box to harvest a user’s login credentials or causing Chrome to send all saved passwords to an attacker’s webserver. But these attacks had to be carefully crafted for specific operating systems and software versions and lacked the flexibility to work across platforms.

Passwords 141

Passwords IT Cybersecurity 141

eSecurity Planet

AUGUST 15, 2022

Continuous integration and development (CI/CD) pipelines are the most dangerous potential attack surface of the software supply chain , according to NCC researchers. The presentation at last week’s Black Hat security conference by NCC’s Iain Smart and Viktor Gazdag, titled “RCE-as-a-Service: Lessons Learned from 5 Years of Real-World CI/CD Pipeline Compromise,” builds on previous work NCC researchers have done on compromised CI/CD pipelines.

Risk 145

Risk Access Security Encryption 145

The Last Watchdog

AUGUST 19, 2022

The sunsetting of Virtual Private Networks is underway. Related: VPNs as a DIY tool for consumers, small businesses. VPNs are on a fast track to becoming obsolete, at least when it comes to defending enterprise networks. VPNs are being replaced by zero trust network access, or ZTNA. VPNs encrypt data streams and protect endpoints from unauthorized access, essentially by requiring all network communications to flow over a secured pipe.

Cloud 213

Cloud Encryption Communications Access 213

Data Breach Today

AUGUST 17, 2022

Identity, observability, log management and cloud security have been CrowdStrike's biggest areas of investment during 2022, says CTO Michael Sentonas. The company protects against the abuse of identities through a stand-alone capability embedded on the Falcon sensor.

Cloud 275

Cloud Security 275

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

IT

Security Affairs

AUGUST 18, 2022

Apple released Safari 15.6.1 for macOS Big Sur and Catalina to address a zero-day vulnerability actively exploited in the wild. Safari 15.6.1 for macOS Big Sur and Catalina addressed an actively exploited zero-day vulnerability tracked as CVE-2022-32893. The flaw is an out-of-bounds write issue in WebKit and the IT giant fixed it with improved bounds checking.

IT 140

IT Security Information Security 140

eSecurity Planet

AUGUST 19, 2022

Cyber attackers continue to up their game. One new tactic hackers have been using is to steal cookies from current or recent web sessions to bypass multi-factor authentication (MFA). The new attack method, reported by Sophos researchers yesterday, is already growing in use. The “cookie-stealing cybercrime spectrum” is broad, the researchers wrote, ranging from “entry-level criminals” to advanced adversaries, using various techniques.

Authentication 142

Authentication Passwords Encryption Cybersecurity 142

The Last Watchdog

AUGUST 16, 2022

Migrating to and utilizing cloud environments – public, hybrid, or multi – is a source of real investment and positive change for businesses. Cloud is the powerhouse that drives digital organizations. Related: Cloud security frameworks take hold. Gartner predicts that spending on public cloud alone is set to top $500 billion in 2022 – a 20% growth over last year.

Cloud 202

Cloud Security Digital transformation Compliance 202

Data Breach Today

AUGUST 16, 2022

CISO Marco Túlio Moraes on the Difference Between Being Aware and Being Educated When security practitioners lose their initial enthusiam for hunting cyberthreats, their companies begin to fail at cybersecurity, says CISO Marco Túlio Moraes. He discusses how collaborating with the business lines and moving from awareness to education all around can help fix this problem.

Cybersecurity 246

Cybersecurity Education Security 246

Speaker: Anindo Banerjea, CTO at Civio & Tony Karrer, CTO at Aggregage

When developing a Gen AI application, one of the most significant challenges is improving accuracy. This can be especially difficult when working with a large data corpus, and as the complexity of the task increases. The number of use cases/corner cases that the system is expected to handle essentially explodes. 💥 Anindo Banerjea is here to showcase his significant experience building AI/ML SaaS applications as he walks us through the current problems his company, Civio, is solving.

Security Affairs

AUGUST 18, 2022

Apple addressed two zero-day vulnerabilities, exploited by threat actors, affecting iOS, iPadOS , and macOS devices. Apple this week released security updates for iOS, iPadOS , and macOS platforms to address two zero-day vulnerabilities exploited by threat actors. Apple did not share details about these attacks. The two flaws are: CVE-2022-32893 – An out-of-bounds issue in WebKit which.

Security 143

Security IT Information Security 143

eSecurity Planet

AUGUST 17, 2022

The editors of eSecurity Planet have been giving advice to enterprise security buyers for more than a decade, and for the last five years we’ve been rating the top enterprise cybersecurity products, compiling roughly 50 lists to date on every product imaginable, from networks to endpoints and out to the cloud and beyond. This year, for the first time, we’re ranking the overall best companies and products in 14 of those categories.

Cybersecurity 133

Cybersecurity Security awareness Marketing Cloud 133

KnowBe4

AUGUST 15, 2022

Cisco has disclosed a security incident that occurred as a result of sophisticated voice phishing attacks that targeted employees, according to researchers at Cisco Talos. The researchers believe the attack was carried out by an initial access broker with the intent of selling access to the compromised accounts to other threat actors.

Phishing 133

Phishing Access Security 133

Data Breach Today

AUGUST 19, 2022

No, the Sky Isn't Falling; Yes, Do Patch Quickly to Minimize Attack Surface Calling all Apple users: It's time to once again patch your devices to protect them against two zero-day vulnerabilities that attackers are actively exploiting in the wild to take complete control of devices. While there's no need to panic, security experts advise moving quickly.

Security 246

Security IT 246

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Cloud

Security Affairs

AUGUST 19, 2022

Estonia announced to have blocked a wave of cyber attacks conducted by Russian hackers against local institutions. Undersecretary for Digital Transformation Luukas Ilves announced that Estonia was hit by the most extensive wave of DDoS attacks it has faced since 2007. The DDoS attacks targeted both public institutions and the private sector. The Pro-Russia hacker group Killnet claimed responsibility for the attacks.

Computer and Electronics 141

Computer and Electronics Digital transformation Government IT 141

Schneier on Security

AUGUST 17, 2022

This vulnerability was reported to Zoom last December: The exploit works by targeting the installer for the Zoom application, which needs to run with special user permissions in order to install or remove the main Zoom application from a computer. Though the installer requires a user to enter their password on first adding the application to the system, Wardle found that an auto-update function then continually ran in the background with superuser privileges.

Passwords 125

Passwords IT 125

Hunton Privacy

AUGUST 15, 2022

On June 10, 2022, New York became the first state to require attorneys to complete at least one credit of cybersecurity, privacy and data protection training as part of their continuing legal education (“CLE”) requirements. The new requirement will take effect July 1, 2023. The New York State Bar Association’s (“NYSBA”) Committee on Technology and the Legal Profession initially recommended the new requirement in a 2020 report.

Cybersecurity 114

Cybersecurity Privacy Data Privacy Data breaches 114

Data Breach Today

AUGUST 16, 2022

Darktrace Talks Follow Recent Thoma Bravo Moves to Buy SailPoint and Ping Identity Thoma Bravo is eyeing its third take-private security deal of 2022, initiating talks with Darktrace months after agreeing to buy SailPoint and Ping Identity. The cybersecurity AI firm says it's in early discussions with private equity giant Thoma Bravo on a possible cash offer for the business.

Cybersecurity 280

Cybersecurity Security IT 280

Speaker: Aindra Misra, Senior Manager, Product Management (Data, ML, and Cloud Infrastructure) at BILL

Join us for an insightful webinar that explores the critical intersection of data privacy and AI governance. In today’s rapidly evolving tech landscape, building robust governance frameworks is essential to fostering innovation while staying compliant with regulations. Our expert speaker, Aindra Misra, will guide you through best practices for ensuring data protection while leveraging AI capabilities.

Data Privacy

Security Affairs

AUGUST 19, 2022

Cisco addressed a high-severity escalation of privilege vulnerability ( CVE-2022-20871 ) in AsyncOS for Cisco Secure Web Appliance. Cisco Secure Web Appliance (formerly Secure Web Appliance (WSA)) offers protection from malware and web-based attacks and provides application visibility and control. Cisco has addressed a high-severity escalation of privilege vulnerability, tracked as CVE-2022-20871 , that resides in the web management interface of AsyncOS for Cisco Secure Web Appliance.

Security 131

Security Authentication IT Information Security 131

eSecurity Planet

AUGUST 15, 2022

Security Information and Event Management (SIEM) is a crucial enterprise technology that ties the stack of cybersecurity systems together to assess threats and manage risks. This guide evaluates the leading SIEM software solutions in the marketplace, followed by a dive into what SIEM is, how it works, and how to choose a solution. Best SIEM Tools & Software. 1.

Analytics 113

Analytics Cloud Compliance Cybersecurity 113

Dark Reading

AUGUST 17, 2022

Especially if your e-commerce and CMS platforms are integrated, you risk multiple potential sources of intrusion, and the integration points themselves may be vulnerable to attack.

CMS 104

CMS Security Risk 104