Krebs on Security

SEPTEMBER 30, 2022

Someone has recently created a large number of fake LinkedIn profiles for Chief Information Security Officer (CISO) roles at some of the world’s largest corporations. It’s not clear who’s behind this network of fake CISOs or what their intentions may be. But the fabricated LinkedIn identities are confusing search engine results for CISO roles at major companies, and they are being indexed as gospel by various downstream data-scraping sources.

Information Security 344

Information Security Communications IT Cybersecurity 344

The Last Watchdog

SEPTEMBER 27, 2022

Digital resiliency has arisen as something of a Holy Grail in the current environment. Related: The big lesson of Log4j. Enterprises are racing to push their digital services out to the far edge of a highly interconnected, cloud-centric operating environment. This has triggered a seismic transition of company networks, one that has put IT teams and security teams under enormous pressure.

IT 234

IT Cloud Security 234

Dark Reading

SEPTEMBER 29, 2022

The previously identified ransomware builder has veered in an entirely new direction, targeting consumers and business of all sizes by exploiting known CVEs through brute-forced and/or stolen SSH keys.

Ransomware 123

Ransomware 123

Data Breach Today

SEPTEMBER 28, 2022

NullMixer Opens Windows To Dozens of Malicious Files A new malware dropper uncovered by Kaspersky targets would-be users of pirated software with a slew of nasty infections including backdoors, Trojan-Bankers, downloaders, spyware and more. The cybersecurity company calls the dropper "NullMixer.

Cybersecurity 240

Cybersecurity 240

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

Krebs on Security

SEPTEMBER 24, 2022

A 36-year-old Russian man recently identified by KrebsOnSecurity as the likely proprietor of the massive RSOCKS botnet has been arrested in Bulgaria at the request of U.S. authorities. At a court hearing in Bulgaria this month, the accused hacker requested and was granted extradition to the United States, reportedly telling the judge, “America is looking for me because I have enormous information and they need it.” A copy of the passport for Denis Kloster, as posted to his Vkontakte

Data breaches 228

Data breaches Ransomware Information Security Security 228

The Last Watchdog

SEPTEMBER 26, 2022

Today’s enterprises are facing more complexities and challenges than ever before. Related: Replacing VPNs with ZTNA. Thanks to the emergence of today’s hybrid and multi-cloud environments and factors like remote work, ransomware attacks continue to permeate each industry. In fact, the 2022 Verizon Data Breach Investigation Report revealed an alarming 13 percent increase in ransomware attacks overall – greater than past five years combined – and the inability to properly manage identities and pri

Access 220

Access Ransomware Passwords Cybersecurity 220

Data Breach Today

SEPTEMBER 24, 2022

While Joe Sullivan Is Accused of Perpetrating Cover-Up, Where Should the Buck Stop? Should the now-former CSO of Uber have reported a security incident to authorities after discovering signs of unusual behavior? That's one of the big questions now being asked in the closely watched trial of Joe Sullivan, who's been charged with covering up a data breach and paying off hackers.

Data breaches 263

Data breaches Security 263

WIRED Threat Level

SEPTEMBER 28, 2022

Want to speak up against Big Tech, unjust data collection, and surveillance? Here's how to be an activist in your community and beyond.

Data Privacy 145

Data Privacy Privacy Data collection Security 145

Security Affairs

SEPTEMBER 26, 2022

A previously undetected hacking group, tracked as Metador, has been targeting telecommunications, internet services providers (ISPs), and universities for about two years. SentinelLabs researchers uncovered a never-before-seen threat actor, tracked as Metador, that primarily targets telecommunications, internet service providers, and universities in several countries in the Middle East and Africa.

Authentication 145

Authentication Communications Security IT 145

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Cloud

eSecurity Planet

SEPTEMBER 24, 2022

Between a plunging stock market, rising interest rates and a slumping economy, raising venture capital has not been easy this year. This has even been the case for high-priority categories like cybersecurity. According to data from PitchBook, venture capital investments have reached about $13.66 billion so far this year, down significantly from $26.52 billion in 2021.

Cybersecurity 137

Cybersecurity Cloud Marketing Risk 137

Data Breach Today

SEPTEMBER 27, 2022

Rob Dartnall of Security Alliance Shares Insights on Current and Emerging Trends Financial services firms in Africa are becoming bigger cyber targets as they expand into new mobile payment and financial inclusion products. Rob Dartnall of Security Alliance explains why these firms need to invest in information sharing, training and new cybersecurity practices to avoid breaches.

Financial Services 245

Financial Services Cybersecurity Security 245

KnowBe4

SEPTEMBER 28, 2022

A phishing campaign is impersonating UK energy regulator Ofgem, according to Action Fraud, the UK’s cybercrime reporting centre.

Phishing 134

Phishing 134

Security Affairs

SEPTEMBER 30, 2022

Researchers from Mandiant have discovered a novel malware persistence technique within VMware ESXi Hypervisors. Mandiant detailed a novel technique used by malware authors to achieve administrative access within VMware ESXi Hypervisors and take over vCenter servers and virtual machines for Windows and Linux to perform the following actions: Send commands to the hypervisor that will be routed to the guest VM for execution Transfer files between the ESXi hypervisor and guest machines running benea

Metadata 145

Metadata Archiving Access IT 145

Advertisement

Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?

WIRED Threat Level

SEPTEMBER 26, 2022

It won’t solve all of your privacy problems, but a virtual private network can make you a less tempting target for hackers.

Privacy 130

Privacy IT Security 130

Data Breach Today

SEPTEMBER 27, 2022

CEO Shares Strategies to Overcome Technical, Cultural Challenges of This Top Threat Too often when software developers change jobs, they take source code they've written with them, feeling the code belongs to them even if it belongs to an employer. Code42's Joe Payne shares the challenges of detecting source code theft and ways to protect intellectual property wherever it resides.

IT 241

IT 241

KnowBe4

SEPTEMBER 24, 2022

With Retail seeing and feeling the impact of more ransomware attacks than nearly every other industry, a new report focuses in on what the repercussions look like for this sector… and it’s not good.

Retail 128

Retail Ransomware 128

Security Affairs

SEPTEMBER 30, 2022

Security researchers are warning of a new Microsoft Exchange zero-day that are being exploited by malicious actors in the wild. Cybersecurity firm GTSC discovered two Microsoft Exchange zero-day vulnerabilities that are under active exploitation in attacks in the wild. Both flaws were discovered by the researchers as part of an incident response activity in August 2022, they are remote code execution issues.

Cybersecurity 144

Cybersecurity Security IT Information Security 144

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

IT

Schneier on Security

SEPTEMBER 28, 2022

The Atlantic Council has published a report on securing the Internet of Things: “Security in the Billions: Toward a Multinational Strategy to Better Secure the IoT Ecosystem.” The report examines the regulatory approaches taken by four countries—the US, the UK, Australia, and Singapore—to secure home, medical, and networking/telecommunications devices.

IoT 125

IoT Security Mining Manufacturing 125

Data Breach Today

SEPTEMBER 27, 2022

Indictment 'Did Not Hinder APT41’s Operations,' says HHS HC3 Two federal indictments against APT41, a Chinese state-sponsored hacking group, haven't slowed down its operations, the U.S. government acknowledges in a warning telling the healthcare sector to be vigilant about the threat actor. The hackers are believed to be at large, likely in China.

Government 241

Government IT 241

The Last Watchdog

SEPTEMBER 28, 2022

Phishing attacks are nothing new, but scammers are getting savvier with their tactics. Related: The threat of ‘business logic’ hacks. The Iranian hacker group TA453 has recently been using a technique that creates multiple personas to trick victims , deploying “social proof” to scam people into engaging in a thread. One example comes from Proofpoint, where a researcher began corresponding with an attacker posing as another researcher.

Phishing 124

Phishing Passwords Cybersecurity Government 124

Security Affairs

SEPTEMBER 25, 2022

OpIran: Anonymous launched Operation Iran against Teheran due to the ongoing crackdown on dissent after Mahsa Amini’s death. Anonymous launched OpIran against Iran due to the ongoing crackdown on dissent after Mahsa Amini’s death. The protests began after the death of Mahsa Amini from Saqqez in Kurdistan province after her arrest by Iran’s morality police for allegedly wearing her hijab too loosely.

Government 144

Government Security IT Information Security 144

Speaker: Anindo Banerjea, CTO at Civio & Tony Karrer, CTO at Aggregage

When developing a Gen AI application, one of the most significant challenges is improving accuracy. This can be especially difficult when working with a large data corpus, and as the complexity of the task increases. The number of use cases/corner cases that the system is expected to handle essentially explodes. 💥 Anindo Banerjea is here to showcase his significant experience building AI/ML SaaS applications as he walks us through the current problems his company, Civio, is solving.

Schneier on Security

SEPTEMBER 26, 2022

Sometimes browser spellcheckers leak passwords : When using major web browsers like Chrome and Edge, your form data is transmitted to Google and Microsoft, respectively, should enhanced spellcheck features be enabled. Depending on the website you visit, the form data may itself include PII­—including but not limited to Social Security Numbers (SSNs)/Social Insurance Numbers (SINs), name, address, email, date of birth (DOB), contact information, bank and payment information, and so on.

Passwords 125

Passwords Insurance Cloud Security 125

Data Breach Today

SEPTEMBER 27, 2022

National Nuclear Security Administration Made 'Limited Progress,' Says GAO The U.S. federal agency responsible for the ongoing functionality of the nuclear weapons stockpile hasn't gotten its arms around how to secure operational technology, says the Government Accountability Office. More than 200,000 unique pieces of OT are deployed across nuclear weapon centers.

Security 237

Security Government IT 237

eSecurity Planet

SEPTEMBER 25, 2022

For years the tech industry has promised a shift toward a passwordless future. In 2013, for example, the FIDO Alliance was created to solve the world’s password problem by replacing login technology. Google, Paypal, and Lenovo were among the original FIDO founding members. By 2015, Microsoft joined, and in 2020, Apple followed. The road to a passwordless world has been slow, but seems to have accelerated in the past year, helped in part by Microsoft’s move to passwordless sign-on.

Passwords 123

Passwords Authentication Marketing Access 123

Security Affairs

SEPTEMBER 29, 2022

The recently discovered malware builder Quantum Builder is being used by threat actors to deliver the Agent Tesla RAT. A recently discovered malware builder called Quantum Builder is being used to deliver the Agent Tesla remote access trojan (RAT), Zscaler ThreatLabz researchers warn. “Quantum Builder (aka “Quantum Lnk Builder”) is used to create malicious shortcut files.

Archiving 143

Archiving Phishing Access IT 143

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Cloud

KnowBe4

SEPTEMBER 29, 2022

American Airlines has disclosed that an attacker used phishing attacks to breach the company’s systems, BleepingComputer reports.

Phishing 122

Phishing 122

Data Breach Today

SEPTEMBER 28, 2022

A Raft of Cyber Disruptions Hit the South American Country in September A phishing email led to the spread of the Cryptolocker Trojan inside the court system of Chile, adding to a growing list of cyber disruptions affecting the South American country. Court officials stressed that the virus was contained before it could disrupt judicial proceedings.

Ransomware 221

Ransomware Phishing IT 221

Troy Hunt

SEPTEMBER 30, 2022

How's this weeks video for a view?! It's a stunning location here in Bali and it's just been the absolute most perfect spot for a honeymoon, especially after weeks of guests and celebrations. But whoever hacked and ransom'd Optus didn't care about me taking time out and I've done more media in the last week than I have in a long time.

Data breaches 24

Data breaches IT Security 24