Sat.Jan 28, 2023 - Fri.Feb 03, 2023

article thumbnail

GUEST ESSAY: The role ‘deep learning’ AI can play relieving security teams of debilitating stress

The Last Watchdog

The cybersecurity profession can be very rewarding, but at the same time quite taxing. Related: Equipping SOCs for the long haul In fact, stress factors have risen to where some 45 percent of the security professionals polled in Deep Instinct’s third annual Voice of SecOps report said they’ve considered leaving the industry altogether. Ransomware is at an all-time high; attackers are as elusive as ever.

Security 203
article thumbnail

OneNote Attachments Used as Phish Hooks

KnowBe4

Threat actors are using malicious attachments in OneNote in order to distribute malware, BleepingComputer reports. The attackers attach VBS files that instruct the user to double-click on the file. Most of the phishing lures pose as shipping notifications, invoices, or mechanical drawings.

Phishing 111
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

AIs as Computer Hackers

Schneier on Security

Hacker “Capture the Flag” has been a mainstay at hacker gatherings since the mid-1990s. It’s like the outdoor game, but played on computer networks. Teams of hackers defend their own computers while attacking other teams’. It’s a controlled setting for what computer hackers do in real life: finding and fixing vulnerabilities in their own systems and exploiting them in others’ It’s the software vulnerability lifecycle.

article thumbnail

Command-Injection Bug in Cisco Industrial Gear Opens Devices to Complete Takeover

Dark Reading

Two security holes — one particularly gnarly — could allow hackers the freedom to do as they wish with the popular edge equipment.

Security 142
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Dragos CEO on Opening Execs' Eyes to OT Security Threats

Data Breach Today

Why COVID-19 Made Leaders Realize Just How Connected OT Networks Really Are Executives underestimated the security risk associated with operational technology based on the erroneous belief that OT networks are highly segmented or air gapped. But COVID-19 made executives realize their OT networks are more connected than they previously thought, says Dragos CEO Robert M.

Security 208

More Trending

article thumbnail

Introducing the Jamf Learning Hub

Jamf

Check out the new Jamf Learning Hub to find the product technical content you need, when you need it to get the most out of Jamf products and succeed with Apple.

IT 141
article thumbnail

Inside Killnet: Pro-Russia Hacktivist Group's Support and Influence Grows

Dark Reading

Killnet is building its profile, inspiring jewelry sales and rap anthems. But the impact of its DDoS attacks, like the ones that targeted 14 major US hospitals this week, remain largely questionable.

Sales 131
article thumbnail

Ransomware Gang Stole Customer Data, Arnold Clark Confirms

Data Breach Today

Extortionists Dump Private and Corporate Customer Data From European Car Giant Christmastime was bleak for a number of organizations in Britain that got hit with ransomware, including car dealership giant Arnold Clark, which originally reported that no customer data had been stolen. But the business subsequently revised its assessment, after attackers dumped stolen data.

article thumbnail

OpenText Welcomes Micro Focus Customers, Partners and Employees

OpenText Information Management

OpenText has completed the acquisition of Micro Focus and I am delighted to welcome customers, partners and employees to OpenText. We are the platform of platforms for Information Management. Digital life is life, and with Micro Focus’ great products, amazing talent and strategic partners, we will help organizations of all sizes accelerate their digital transformations. … The post OpenText Welcomes Micro Focus Customers, Partners and Employees appeared first on OpenText Blogs.

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Russian and Iranian Spear Phishing Campaigns are Running Rampant in the UK

KnowBe4

The UK’s National Cyber Security Centre (NCSC) has described two separate spear phishing campaigns launched by Russia’s SEABORGIUM threat actor and Iran’s TA453 (also known as Charming Kitten). The NCSC says both threat actors have targeted entities in the UK, including “academia, defence, governmental organisations, NGOs, think-tanks, as well as politicians, journalists, and activists.

Phishing 128
article thumbnail

Phishers Trick Microsoft Into Granting Them 'Verified' Cloud Partner Status

Dark Reading

Everyone on Twitter wants a blue check mark. But Microsoft Azure's blue badges are even more valuable to a threat actor stealing your data via malicious OAuth apps.

Cloud 126
article thumbnail

JD Sports Details Data Breach Affecting 10 Million Customers

Data Breach Today

Exposed: Online Customer Details, But Not Complete Payment Card Data JD Sports, a sports fashion retailer with global operations, says personal details pertaining to about 10 million online customers of JD Sports and its Size?, Millets, Blacks, Scotts and MilletSport brands from 2018 to 2020 have been stolen by attackers and warns customers to beware of scammers.

article thumbnail

Ransomware Payments Are Down

Schneier on Security

Chainalysis reports that worldwide ransomware payments were down in 2022. Ransomware attackers extorted at least $456.8 million from victims in 2022, down from $765.6 million the year before. As always, we have to caveat these findings by noting that the true totals are much higher, as there are cryptocurrency addresses controlled by ransomware attackers that have yet to be identified on the blockchain and incorporated into our data.

article thumbnail

15 Modern Use Cases for Enterprise Business Intelligence

Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?

article thumbnail

Open Source Security Index Lists Top Projects

eSecurity Planet

Two venture investors have launched an index to track the most popular open source security projects. Chenxi Wang of Rain Capital and Andrew Smyth of Atlantic Bridge unveiled the Open Source Security Index last month. The website leverages GitHub application programming interfaces (APIs) to make “finding open-source security projects easier for everyone.” Anyone can go to the site to discover “the most popular and fastest-growing open-source security (OSS) projects.” OSS

Security 120
article thumbnail

CISA to Open Supply Chain Risk Management Office

Dark Reading

A new supply chain risk management office aims to help public and private sectors implement recent CISA policies and guidance.

Risk 117
article thumbnail

Hackers Posing as Ukrainian Ministry Deploy Info Stealers

Data Breach Today

Spoofed Polish Police Websites Also Found Ukrainian and Polish cyber defenders are warning against a slew of phishing websites that mimic official sites, in particular a page that mimics the Ministry of Foreign Affairs of Ukraine. A hacking group likely comprised of Russian speakers uses the pages to lure users into downloading software.

Phishing 244
article thumbnail

Travel-Themed Phishing Attacks Lure Victims with Promises of Free Tickets, Points, and Exclusive Deals

KnowBe4

New analysis of December and January emails shows massive spikes in attacks aimed at stealing personal information and credit cards under the guise of once-in-a-lifetime travel deals.

Phishing 116
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

ICYMI – Late December in privacy and cybersecurity

Data Protection Report

Late December and early January tend to be a busy time for everyone, so you may have missed a privacy update or two during that time. We have set out some updates in the form of questions, with some links where you can find more information. Answers are below. 1. Colorado issued a revised draft of its privacy regulations, which added a list of what could be “substantial or material changes” to a privacy policy, which would require notice communicated to consumers in the manner by which

Privacy 115
article thumbnail

Beating the Odds: 3 Challenges Women Face in the Cybersecurity Industry

Dark Reading

Companies need to be aware of the work culture they foster. Diversity and inclusion aren't just buzzwords. Increasing female visibility and improving female mentoring to help women enter and advance within the cybersecurity industry are key steps forward.

article thumbnail

CISA to Set Up New Office for Supply Chain Security

Data Breach Today

Former GSA Administrator Leading Effort to Tackle Software Supply Chain Issues U.S. Federal authorities are establishing a new office to tackle supply chain security issues and help industry partners put federal guidance and policies into practice. Former GSA administrator Shon Lyublanovits says she is spearheading the launch of the new organization.

Security 237
article thumbnail

How Technology Can Help With HR Investigations

Hanzo Learning Center

Workplace complaints are serious. Even if a claim doesn’t lead to disciplinary action, the fact that an employee has made an accusation usually indicates workplace problems that need to be addressed for productivity, morale, and quality of work life.

113
113
article thumbnail

Improving the Accuracy of Generative AI Systems: A Structured Approach

Speaker: Anindo Banerjea, CTO at Civio & Tony Karrer, CTO at Aggregage

When developing a Gen AI application, one of the most significant challenges is improving accuracy. This can be especially difficult when working with a large data corpus, and as the complexity of the task increases. The number of use cases/corner cases that the system is expected to handle essentially explodes. 💥 Anindo Banerjea is here to showcase his significant experience building AI/ML SaaS applications as he walks us through the current problems his company, Civio, is solving.

article thumbnail

Passwords Are Terrible (Surprising No One)

Schneier on Security

This is the result of a security audit: More than a fifth of the passwords protecting network accounts at the US Department of the Interior—including Password1234, Password1234!, and ChangeItN0w!—were weak enough to be cracked using standard methods, a recently published security audit of the agency found. […] The results weren’t encouraging.

Passwords 111
article thumbnail

KnowBe4 Wins Winter 2023 "Best of" Awards From TrustRadius in Multiple Categories

KnowBe4

KnowBe4 is proud to be recognized by TrustRadius in the “Best Of” Awards for overall, best feature set, best relationship, and best value for price in the Security Awareness Training software category.

article thumbnail

IBM Security GM on Seeing a Target Through the Hacker's Eyes

Data Breach Today

Mary O'Brien on How External Attack Surface Management Finds Internet-Facing Issues Companies can be blinded by their inside-out view and often benefit from another set of eyes that see their business the same way an attacker would, says IBM's Mary O'Brien. IBM's acquisition of attack surface management firm Randori gives clients another view of areas that need to be remediated.

Security 233
article thumbnail

Should you block TikTok?

Jamf

An increasing number of governmental and educational organizations have decided to block TikTok from their networks. Here's why, and how you can do the same if you wish.

Education 105
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

NIST Is Updating Its Cybersecurity Framework

Schneier on Security

NIST is planning a significant update of its Cybersecurity Framework. At this point, it’s asking for feedback and comments to its concept paper. Do the proposed changes reflect the current cybersecurity landscape (standards, risks, and technologies)? Are the proposed changes sufficient and appropriate? Are there other elements that should be considered under each area?

article thumbnail

Microsoft OneNote Attachments Become the Latest Method to Spread Malware

KnowBe4

With Microsoft disabling macros by default on Office documents, cybercriminals are left needing another means to launch malware that’s victim-supported by default.

111
111
article thumbnail

Illumio CEO on Fighting Ransomware via Endpoint Segmentation

Data Breach Today

Andrew Rubin on Contrasts Among Segmenting Endpoints, Servers and Cloud Workloads Illumio has extended its segmentation capabilities from servers and workloads to endpoints to minimize damage in the event of a ransomware attack, CEO Andrew Rubin says. The Silicon Valley-based company can now stop the spread of breaches and ransomware inside servers, cloud workloads and endpoints.