WIRED Threat Level

JUNE 11, 2022

Plus: Russia rattles its cyber sword, a huge Facebook phishing operation is uncovered, feds take down the SSNDOB marketplace, and more.

Phishing 115

Phishing IT Security 115

The Last Watchdog

JUNE 13, 2022

At the start of this year, analysts identified a number of trends driving the growth of cybersecurity. Among them: an expanding digital footprint, growing attack surfaces, and increasing government regulation. Related: Taking API proliferation seriously. Last year saw an unprecedented $21.8 billion in venture capital poured into cybersecurity companies globally.

Cybersecurity 257

Cybersecurity Data science Artificial Intelligence Marketing 257

Security Affairs

JUNE 13, 2022

Researchers at the University of Hamburg demonstrated that WiFi connection probe requests expose users to track. A group of academics at the University of Hamburg (Germany) demonstrated that it is possible to use WiFi connection probe requests to identify and track devices and thereby their users. Mobile devices transmit probe requests to receive information about nearby Wi-Fi networks and establish a Wi-Fi connection.

Paper 126

Paper Passwords Privacy Security 126

Data Breach Today

JUNE 17, 2022

DXC Technology's Michael Baker on Top Threats, Recruitment Tips, Career Advice Threat watch: The ongoing Russia-Ukraine war continues to pose both direct and indirect risks to enterprise networks, says Michael Baker, vice president and IT CISO of IT services and consulting firm DXC Technology. He also discusses recruiting and retaining new talent.

Risk 338

Risk IT 338

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Cloud

Krebs on Security

JUNE 14, 2022

Cybercrime groups that specialize in stealing corporate data and demanding a ransom not to publish it have tried countless approaches to shaming their victims into paying. The latest innovation in ratcheting up the heat comes from the ALPHV/BlackCat ransomware group, which has traditionally published any stolen victim data on the Dark Web. Today, however, the group began publishing individual victim websites on the public Internet, with the leaked data made available in an easily searchable form

Ransomware 273

Ransomware Privacy Security IT 273

eSecurity Planet

JUNE 16, 2022

A cyberattack is any action taken by a cyber criminal in an attempt to illegally gain control of a computer, device, network, or system with malicious intent. Cyber criminals may damage, destroy, steal, encrypt, expose, or leak data as well as cause harm to a system. Cyberattacks are on the rise, with cyber criminal trends and techniques becoming increasingly sophisticated and creative.

Ransomware 145

Ransomware Cybersecurity Phishing Encryption 145

Data Breach Today

JUNE 16, 2022

The latest edition of the ISMG Security Report includes highlights and observations from RSA Conference 2022, including a key message from RSA CEO Rohit Ghai. It also discusses the value of automation and the Cybersecurity and Infrastructure Security Agency's mission to grow cyber talent.

Cybersecurity 331

Cybersecurity Security IT 331

Krebs on Security

JUNE 15, 2022

Microsoft on Tuesday released software updates to fix 60 security vulnerabilities in its Windows operating systems and other software, including a zero-day flaw in all supported Microsoft Office versions on all flavors of Windows that’s seen active exploitation for at least two months now. On a lighter note, Microsoft is officially retiring its Internet Explorer (IE) web browser, which turns 27 years old this year.

Cloud 259

Cloud Security IT Cybersecurity 259

Security Affairs

JUNE 11, 2022

Iran-linked Lyceum APT group uses a new.NET-based DNS backdoor to target organizations in the energy and telecommunication sectors. The Iran-linked Lyceum APT group, aka Hexane or Spilrin, used a new.NET-based DNS backdoor in a campaign aimed at companies in the energy and telecommunication sectors, ZScaler researchers warn. The activity of the Lyceum APT group was first documented earlier in August 2019 by researchers at ICS security firm Dragos which tracked it as Hexane.

IT 145

IT Military Communications Phishing 145

Advertisement

Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?

IT Governance

JUNE 15, 2022

In an increasingly digital world, there are an escalating number of cyber security risks for business to address. Criminal hackers are adept at spotting weaknesses, while organisations do themselves no favours when they fail to adequately protect their systems. IT Governance identified more than 1,200 publicly disclosed data breaches in 2021 , while another report found that security incidents cost almost £3 million on average.

Risk 142

Risk Security Passwords Phishing 142

Data Breach Today

JUNE 17, 2022

KnowBe4's Roger Grimes on Why MFA Alone Isn't a Successful Hack Prevention Strategy Phishing is no longer restricted to just emails. As attackers broaden their arsenal, businesses today also need to be on the lookout for impersonation attempts via SMS text messages or voice calls, says Roger Grimes, a data-driven defense evangelist at KnowBe4.

Phishing 305

Phishing 305

Krebs on Security

JUNE 14, 2022

A 33-year-old Illinois man was sentenced to two years in prison today following his conviction last year for operating services that allowed paying customers to launch powerful distributed denial-of-service (DDoS) attacks against hundreds of thousands of Internet users and websites. The user interface for Downthem[.]org. Matthew Gatrel of St. Charles, Ill. was found guilty for violations of the Computer Fraud and Abuse Act (CFAA) related to his operation of downthem[.]org and ampnode[.]com , two

Government 154

Government IT 154

Security Affairs

JUNE 17, 2022

China-linked threat actors exploited the zero-day flaw CVE-2022-1040 in Sophos Firewall weeks before it was fixed by the security vendor. Volexity researchers discovered that the zero-day vulnerability, tracked as CVE-2022-1040 , in Sophos Firewall was exploited by Chinese threat actors to compromise a company and cloud-hosted web servers it was operating.

CMS 144

CMS IT Authentication Access 144

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

IT

KnowBe4

JUNE 13, 2022

Researchers at PIXM have uncovered a major Facebook Messenger phishing scam that’s “potentially impacted hundreds of millions of Facebook users.” More than eight million people have visited just one of these phishing pages so far this year.

Phishing 133

Phishing 133

Data Breach Today

JUNE 17, 2022

The State of Passwordless in 2022, New Identity Technologies In the latest weekly update, Jeremy Grant, coordinator of the Better Identity Coalition, joins three editors at ISMG to discuss important cybersecurity issues, including where we are with passwordless, if we are getting closer to a U.S. federal privacy law, and next-gen authentication technologies.

Privacy 303

Privacy Authentication Cybersecurity 303

Schneier on Security

JUNE 17, 2022

We’ve always known that phones—and the people carrying them—can be uniquely identified from their Bluetooth signatures, and that we need security techniques to prevent that. This new research shows that that’s not enough. Computer scientists at the University of California San Diego proved in a study published May 24 that minute imperfections in phones caused during manufacturing create a unique Bluetooth beacon , one that establishes a digital signature or fingerprint di

Manufacturing 129

Manufacturing Security IT Paper 129

Security Affairs

JUNE 12, 2022

Ransomware gangs are actively exploiting CVE-2022-26134 remote code execution (RCE) flaw in Atlassian Confluence Server and Data Center. Multiple ransomware groups are actively exploiting the recently disclosed remote code execution (RCE) vulnerability, tracked as CVE-2022-26134 , affecting Atlassian Confluence Server and Data Center. Proof-of-concept exploits for the CVE-2022-26134 vulnerability have been released online, Bleeping Computer reported that starting from Friday afternoon, a proo

Ransomware 145

Ransomware Cybersecurity Encryption Security 145

Speaker: Anindo Banerjea, CTO at Civio & Tony Karrer, CTO at Aggregage

When developing a Gen AI application, one of the most significant challenges is improving accuracy. This can be especially difficult when working with a large data corpus, and as the complexity of the task increases. The number of use cases/corner cases that the system is expected to handle essentially explodes. 💥 Anindo Banerjea is here to showcase his significant experience building AI/ML SaaS applications as he walks us through the current problems his company, Civio, is solving.

eSecurity Planet

JUNE 14, 2022

With the plunge in tech stocks and the freeze in the IPO market, the funding environment for cybersecurity startups has come under pressure. According to Pitchbook, the amount of venture capital investment in the first quarter was off by 35.8% to $5.1 billion on a quarter-over-quarter basis. The median late-stage valuation fell by 26.1%. VCs are certainly getting pickier with their investments.

Cybersecurity 125

Cybersecurity Cloud Marketing Digital transformation 125

Data Breach Today

JUNE 15, 2022

CISO of Maricopa County, Arizona on Strengthening Election Security "Social media is probably the newest and most impactful thing that we've seen from a cybersecurity perspective at Maricopa County," says its CISO, Lester Godsey. The only response to misinformation and disinformation campaigns, he says, is to use the same platform and respond with the facts.

Cybersecurity 298

Cybersecurity Security IT 298

Schneier on Security

JUNE 16, 2022

Interesting research: “ Sponge Examples: Energy-Latency Attacks on Neural Networks “: Abstract: The high energy costs of neural network training and inference led to the use of acceleration hardware such as GPUs and TPUs. While such devices enable us to train large-scale neural networks in datacenters and deploy them on edge devices, their designers’ focus so far is on average-case performance.

Paper 129

Paper 129

Security Affairs

JUNE 12, 2022

A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs for free in your email box. If you want to also receive for free the newsletter with the international press subscribe here. Ransomware gangs are exploiting CVE-2022-26134 RCE in Atlassian Confluence servers HID Mercury Access Controller flaws could allow to unlock Doors Iran-linked Lyceum APT adds a new.NET DNS Backdoor to its arsenal PACMAN, a new attack technique against

Security 143

Security Ransomware Cybersecurity Encryption 143

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Cloud

KnowBe4

JUNE 14, 2022

Attackers are taking advantage of the current news about monkeypox to trick people into clicking on malicious links, Pickr reports. Researchers at Mimecast have spotted a phishing campaign that impersonates companies in an attempt to trick employees into visiting phony health safety sites that steal their information.

Phishing 127

Phishing 127

Data Breach Today

JUNE 15, 2022

Incident Is Latest on Growing List of Recent Major Healthcare Data Hacks An Arizona medical center that suffered a ransomware attack in April has begun notifying 700,000 individuals of a data breach compromising sensitive medical and personal information. The incident is among the latest major health data breaches involving ransomware.

Ransomware 292

Ransomware Data breaches 292

eSecurity Planet

JUNE 14, 2022

The Metasploit project contains some of the best security tools available, including the open source Metasploit Framework. Both pen testers and hackers use it to find and exploit vulnerabilities as well as to set up reverse shells, develop malicious payloads , or generate reports. The tool, maintained by Rapid7 , even offers comprehensive documentation , where you can learn the basics to start using it.

Access 117

Access IT Security 117

Security Affairs

JUNE 16, 2022

The BlackCat ransomware gang is targeting unpatched Exchange servers to compromise target networks, Microsoft warns. Microsoft researchers have observed BlackCat ransomware gang targeting unpatched Exchange servers to compromise organizations worldwide. The compromise of Exchange servers allows threat actors to access the target networks, perform internal reconnaissance and lateral movement activities, and steal sensitive documents before encrypting them. “For example, while the common ent

Ransomware 128

Ransomware Archiving Access Encryption 128

Speaker: Aindra Misra, Senior Manager, Product Management (Data, ML, and Cloud Infrastructure) at BILL

Join us for an insightful webinar that explores the critical intersection of data privacy and AI governance. In today’s rapidly evolving tech landscape, building robust governance frameworks is essential to fostering innovation while staying compliant with regulations. Our expert speaker, Aindra Misra, will guide you through best practices for ensuring data protection while leveraging AI capabilities.

Data Privacy

Data Matters

JUNE 14, 2022

Certification by a professional institution is one of the mechanisms permitted under China’s Personal Information Protection Law ( PIPL ) to legitimizing cross-border transfers of personal information. Other permitted mechanisms include governmental security review and standard contractual clauses to be issued by Chinese government. However, to date, there have been no clear rules on the criteria and procedures for obtaining the PIPL certification.

Privacy 100

Privacy Government Security Information Security 100

Data Breach Today

JUNE 14, 2022

CEO Wael Mohamed on Why Forescout Bought IoMT Firm CyberMDX, Analytics Firm Cysiv Since joining Forescout 15 months ago as CEO, Wael Mohamed has aggressively pursued acquisitions, scooping up CyberMDX in February to safeguard internet of medical things devices and Cysiv in June to help OT and IoT customers analyze, detect and respond to threats using cloud-native data analytics.

Analytics 246

Analytics IoT Cloud 246

Collibra

JUNE 15, 2022

We are incredibly honored and excited to share that Great Place to Work and Fortune magazine have included Collibra as one of this year’s Best Workplaces in New York! This is our first time being named to this list, coming in at #4, and we are incredibly grateful to our employees for their contributions to our culture and work environment – leading to this recognition. .

Analytics 111

Analytics 111