The CISO Mantra: Get Ready to Do More With Less
For the foreseeable future, with the spigots closing shut, CISOs will need to find ways to do more with less.
29-03-2023 14:00

New API Report Shows 400% Increase in Attackers
Today Salt Security have released the findings from their latest Salt Labs State of API Security Report, Q1 2023, which found that there has been a 400% increase in unique attackers (over 4800) in the last six months. The report makes it clear that attac
29-03-2023 12:55

Cato Networks Recognised as Leader in Single-Vendor SASE Quadrant Analysis
Today, Cato Networks has been named the Leader in the Single-Vendor SASE Quadrant Analysis published in TechTarget. “We’re honoured to be identified as the Leader in single-vendor SASE market,” says Shlomo Kramer, CEO and co-founder of
29-03-2023 12:30

Back and Bigger Than Ever! The Inside Man Season 5 Takes a Stab at Power Hungry Adversaries
As important as it is, cybersecurity awareness training might not seem like the most exciting thing in the world, but when it involves plots to rival your favourite network crime dramas, expertly crafted cinematography, and characters to root for? Natura
29-03-2023 10:26

Ransomware crooks are exploiting IBM file-exchange bug with a 9.8 severity
If you haven't patched your Aspera Faspex server, now would be an excellent time.
29-03-2023 00:24

How Does Data Literacy Enhance Data Security?
With the rise in cloud-based security concerns and other issues, organizations must improve data literacy across the enterprise.
29-03-2023 00:17

Microsoft Security Copilot Uses GPT-4 to Beef Up Security Incident Response
Microsoft's new AI assistant tool helps cybersecurity teams investigate security incidents and hunt for threats.
29-03-2023 00:00

MacStealer Malware Plucks Bushels of Data From Apple Users
A novel cyber threat against macOS users is being sold for $100 a pop on the Dark Web, and activity is ramping up.
28-03-2023 21:00

NullMixer Polymorphic Malware Variant Infects 8K Targets in Just a Month
The NullMixer loader has compromised thousands of endpoints in the US, France, and Italy, stealing data and selling it to Dark Web data dealers, all without setting off alarm bells.
28-03-2023 20:41

Millions of Pen Tests Show Companies' Security Postures Are Getting Worse
A lack of website protections, Sender Policy Framework (SPF) records, and DNSSEC configurations leave companies open to phishing and data exfiltration attacks.
28-03-2023 20:24

Bitwarden Announces Secrets Management With a Combination of Open Source, End-to-End Encryption, and Ease of Use
28-03-2023 19:16

North Korea's Kimsuky Evolves into Full-Fledged, Prolific APT43
In cyberattacks against the US, South Korea, and Japan, the group (aka APT43 or Thallium) is using advanced social engineering and cryptomining tactics that set it apart from other threat actors.
28-03-2023 17:05

North Korea's Kimsuky Evolves into Full-Fledged, Prolific APT
In cyberattacks against the US, South Korea, and Japan, the group (aka APT43 or Thallium) is using advanced social engineering and cryptomining tactics that set it apart from other threat actors.
28-03-2023 17:05

New Research Examines Traffers and the Business of Stolen Credentials
Today, Outpost24 released a new report revealing the underground operation of Traffers, cybercriminal organisations reshaping the business of stolen credentials. The Rising Threat of Traffers report, compiled by Outpost24’s Threat Intelligence team, Krak
28-03-2023 16:10

Hey, Siri: Hackers Can Control Smart Devices Using Inaudible Sounds
A technique, dubbed the "Near-Ultrasound Inaudible Trojan" (NUIT), allows an attacker to exploit smartphones and smart speakers over the Internet, using sounds undetectable by humans.
28-03-2023 15:54

How to Succeed As a New Chief Information Security Officer (CISO)
  As cyber threats increase in frequency and complexity, organizations recognize the importance of having a Chief Information Security Officer (CISO) to protect their sensitive data and infrastructure. To succeed as a new CISO, it’s essential
28-03-2023 15:02

The Importance of Data Security and Privacy for Individuals and Businesses in the Digital Age
The Covid-19 pandemic has changed the world significantly. Businesses have now realized that the world needs to be digitized. It is mainly why the trend of brick-and-mortar stores is nearly over and businesses are now switching to digital modes, creating
28-03-2023 14:59

Cymulate’s 2022 Cybersecurity Effectiveness Report reveals that organizations are leaving common attack paths exposed
Cymulate, the leader in cybersecurity risk validation and exposure management, today released the company’s “2022 Cybersecurity Effectiveness Report” which analyzed the results of over a million security posture validation assessments, including 1.7 mill
28-03-2023 14:20

Spend on Safety Measures & Call Out Insecure Practices for Safer IoT
IoT risk and security must get more attention from vendors and support from the marketplace.
28-03-2023 14:00

Generative AI set to affect 300 million jobs across major economies
Technology could boost global GDP by 7% but also risks creating "significant disruption."
28-03-2023 13:30

How CISOs Can Reduce the Danger of Using Data Brokers
Without proof that it was collected legally, purchased data can threaten an enterprise's security compliance and even expose the company to litigation.
28-03-2023 02:31

CISA Releases Hunt Tool for Microsoft's Cloud Services
CISA released the hunt and response tool to help defenders extract cloud artifacts without performing additional analytics.
28-03-2023 00:00

Clop Keeps Racking Up Ransomware Victims With GoAnywhere Flaw
After several weeks and more than 130 ransomware victims, GoAnywhere parent company Forta issues a statement.
27-03-2023 21:48

Immaculate AI images of Pope Francis trick the masses
Faux “puffy pontiff” AI image fools many in viral social media post.
27-03-2023 21:41

Biden’s executive order limits government’s use of commercial spyware
Move comes as "clickless exploits" target journalists and others accused of no crimes.
27-03-2023 21:31

Twitter's Source Code Leak on GitHub a Potential Cyber Nightmare
Indicators point to Twitter's source code being publicly available for around three months, offering a developer security object lesson for businesses.
27-03-2023 20:38

Hobbyist builds ChatGPT client for MS-DOS
IBM PC client allows futuristic AI conversations on vintage hardware.
27-03-2023 19:23

7 Women Leading the Charge in Cybersecurity Research & Analysis
From rising stars to veterans heading up research teams, check out our profiles of women making a big impact in cyber defense as the threat landscape expands.
27-03-2023 18:05

Drive to Pervasive Encryption Boosts Key Management
Key vaults, aka key-management-as-a-service (KMaaS), promise to allow companies to encrypt sensitive data across cloud and third parties with granular control.
27-03-2023 17:26

Twitter source code was leaked on GitHub shortly after Musk’s layoff spree
Twitter suspects code leaker is ex-employee, which doesn't narrow it down much.
27-03-2023 16:01

Cybersecurity vs. Everyone: From Conflict to Collaboration
Don't assume stakeholders outside security understand your goals and priorities, but consider how you'll communicate with them to gain their support.
27-03-2023 14:00

Android app from China executed 0-day exploit on millions of devices
Fast-growing e-commerce app Pinduoduo had an EvilParcel stow-away.
27-03-2023 12:31

CyberSecure Announces Strategic Alliance
The joint partnership represents expanded market opportunities.
24-03-2023 21:40

Tesla Model 3 Hacked in Less Than 2 Minutes at Pwn2Own Contest
In two days, ethical researchers from 10 countries have unearthed more than 22 zero-day bugs in a wide range of technologies at the annual hacking contest.
24-03-2023 20:48

GitHub's Private RSA SSH Key Mistakenly Exposed in Public Repository
GitHub hastens to replace its RSA SSH host key after an exposure mishap threatens users with man-in-the-middle attacks and organization impersonation.
24-03-2023 20:05

Zoom Zoom: 'Dark Power' Ransomware Extorts 10 Targets in Less Than a Month
A new threat actor is racking up victims and showing unusual agility. Part of its success could spring from the use of the Nim programming language.
24-03-2023 19:39

ChatGPT gets “eyes and ears” with plugins that can interface AI with the world
Plugins allow ChatGPT to book a flight, order food, send email, execute code (and more).
24-03-2023 19:29

Malicious ChatGPT Extensions Add to Google Chrome Woes
The second malicious ChatGPT extension for Chrome has been discovered, giving malicious actors access to users' Facebook accounts through stolen cookies.
24-03-2023 18:54

Huge collection of vintage Apple computers goes to auction next week
Ars picks out some of its favorites from the 500-computer collection.
24-03-2023 17:55

Red Teaming at Scale to Uncover Your Big Unknowns
A contrarian mindset with applied imagination allows security professionals to assess problems in their organizations, prevent failure, and mitigate vulnerabilities.
24-03-2023 16:43

Synopsys discover new vulnerability in Pluck Content Management System
Software security company Synopsys have discovered a new remote code execution vulnerability (RCE) in the Pluck CMS system. Pluck is a content management system (CMS) implemented in PHP designed for setting up and managing your own website. Devised with
24-03-2023 14:56

Application Security Requires More Investment in Developer Education
If you haven't done so already, it's time to take the first step toward solving this application security dilemma.
24-03-2023 14:00

Dole confirms employee data was breached following February ransomware attack
This week, Dole Food Company revealed that hackers behind a February ransomware attack have accessed the data of an undisclosed number of employees. “In February of 2023, we were the victim of a sophisticated ransomware attack involving unauthorize
24-03-2023 12:55

Open Source Vulnerabilities Still Pose a Big Challenge for Security Teams
Open source software continues to pose a challenge for companies. With the proper security practices, you can reduce your open source risk and manage it.
23-03-2023 22:00

'Nexus' Android Malware Targets Customers of 450 Financial Institutions Worldwide
Nexus, offered in a malware-as-a-service model, is the latest in a vast and growing array of trojans targeting mobile banking and cryptocurrency applications.
23-03-2023 21:30

Bundestag Bungle: Political Microtargeting of Facebook Users Draws Ire
With shades of the Cambridge Analytica scandal, German political parties skirted consumer data privacy regulations during the country's last parliamentary election, a privacy watchdog warns.
23-03-2023 18:12

Epidemic of Insecure Storage, Backup Devices Is a Windfall for Cybercriminals
Enterprise storage devices have 14 security weaknesses on average, putting them at risk of compromise by cyberattackers and especially ransomware attacks.
23-03-2023 17:00

The Board of Directors Will See You Now
Help the board understand where the business is vulnerable, where controls end, and where exposure begins.
23-03-2023 17:00

MITRE Rolls Out Supply Chain Security Prototype
Cloud-based System of Trust application now available for test-driving quantitative risk assessment of suppliers of hardware, software, services.
23-03-2023 16:15

Human Detection and Response: A New Approach to Building a Strong Security Culture
Jelle Wieringa analyzes the differences between HDR and security awareness training and how HDR addresses the security layer of human risk management.
23-03-2023 16:00

Okta Post-Exploitation Method Exposes User Passwords
Accidentally typing a password in the username field of the platform saves them to audit logs, to which threat actors can gain access and use to compromise enterprise services.
23-03-2023 15:18

Just 1% of Nonprofit Domains Have Basic DMARC Email Security Protections
DMARC blocks spam and phishing emails sent from spoofed domains, and it's vastly underutilized, a new report says.
23-03-2023 14:18

Are You Talking to a Carbon, Silicon, or Artificial Identity?
In the triumvirate of identity types, protecting the identity, privacy, and data of carbon-based forms — humans — is key. Safeguards must be in place as AI becomes more interactive.
23-03-2023 14:00

MyCena Improves Customer Data Access Protection in Call Centers and BPOs
MyCena Security Solutions today announced the addition of a new feature to its MyCena Desk Center (MDC) platform, designed to stop credentials theft, fraud and social engineering in call centers, Business Process Outsourcing (BPOs) and customer service c
23-03-2023 11:29

Fortune 500 Company Names Found in Compromised Password Data
New research released by Specops Software outlines the most common Fortune 500 company names that show up in compromised password data. The Specops research team analysed an 800 million password subset of the larger Breached Password Protection database
23-03-2023 09:35

IoT Startup OP[4] Launches With Firmware Security Platform
Op[4]'s firmware security platform detects, prioritizes, and remediates exploitable vulnerabilities in Internet of Things and embedded systems.
23-03-2023 01:00

If your Netgear Orbi router isn’t patched, you’ll want to change that pronto
The threat is serious enough to warrant a manual check ASAP.
22-03-2023 22:35

Lightspin Launches Remediation Hub to Identify and Fix Cloud Security Threats
22-03-2023 22:13

CISA Warns on Unpatched ICS Vulnerabilities Lurking in Critical Infrastructure
The advisory comes the same week as a warning from the EU's ENISA about potential for ransomware attacks on OT systems in the transportation sector.
22-03-2023 21:55

Vectra Unifies AI-Driven Behavior-Based Detection and Signature-Based Detection
22-03-2023 21:31

XM Cyber Announces Acquisition of Confluera, Adding Run-Time Protection on Cloud Workloads
22-03-2023 21:06

10 Vulnerability Types to Focus On This Year
A new Tech Insight report examines how the enterprise attack surface is expanding and how organizations must deal with vulnerabilities in emerging technologies.
22-03-2023 21:00

Kaspersky Survey Finds One in Three Users Have Experienced CryptoTheft
22-03-2023 20:57

$36M BEC Fraud Attempt Narrowly Thwarted by AI
With more than $36M nearly swindled away, an almost-successful BEC attempt in the commercial real estate space shows how sophisticated and convincing fraud attacks are becoming.
22-03-2023 19:49

Chinese Warships Suspected of Signal-Jamming Passenger Jets
Attackers claiming to be part of the Chinese navy are making calls to commercial Qantas pilots midair, while GPS, comms systems, and altimeter instruments are all experiencing denial of service.
22-03-2023 19:20

Journalist plugs in unknown USB drive mailed to him—it exploded in his face
Explosives replace malware as the scariest thing a USB stick may hide.
22-03-2023 18:35

Ethical AI art generation? Adobe Firefly may be the answer.
Adobe trained new AI generator on Adobe Stock, licensed content, public domain.
22-03-2023 17:27

Attackers Are Probing for Zero-Day Vulns in Edge Infrastructure Products
Nearly 20% of the zero-day flaws that attackers exploited in 2022 were in network, security, and IT management products, Mandiant says.
22-03-2023 17:00

Pipeline Cybersecurity Rules Show the Need for Public-Private Partnerships
The government should not issue infrastructure regulations without the involvement of the industries it's regulating.
22-03-2023 17:00

BreachForums Shuts Down in Wake of Leader's Arrest
Administrator shutters the forum on fears that it had been breached by federal authorities but assured members it's not the end for the popular underground hacking site.
22-03-2023 16:10

“Acropalypse” Android screenshot bug turns into a 0-day Windows vulnerability
Unpatched bug can be exploited with modified versions of the Android scripts.
22-03-2023 15:29

How to Keep Incident Response Plans Current
Review and update plans to minimize recovery time. Practice and a well-thumbed playbook that considers different scenarios will ensure faster recovery of critical data.
22-03-2023 14:00

Ferrari Data Breach: The Industry has its say
Apparently, the team at Ferrari may not have been up to speed with the latest ways to ensure your security is top priority. It was announced on Monday via a statement uploaded to their website that Ferrari was “recently contacted by a threat actor with a
22-03-2023 11:02

Cyberpion Rebrands As IONIX
IONIX illuminates exploitable risks across the real attack surface and its digital supply chain providing security teams with critical focus to accelerate risk reduction.
21-03-2023 21:31

.NET Devs Targeted With Malicious NuGet Packages
In a possible first for the NuGet repository, more than a dozen components in the .NET code repository run a malicious script upon installation, with no warning or alert.
21-03-2023 21:26

Renowned Researcher Kelly Lum Passes Away
The application security expert, who went by "@aloria," is being remembered for her brilliance and generosity, as tributes start to pour in honoring her life.
21-03-2023 21:00

Research Highlights Cyber Security's Underestimated Role As a Business and Revenue Enabler
Global study reveals boards still undervalue cyber's role.
21-03-2023 20:50

BlackBerry Announces New Patent Sale Transaction With Patent Monetization Company for Up to $900M
21-03-2023 20:40

Normalyze Granted Patent for Data Security Posture Management (DSPM)
21-03-2023 20:29

Zero-Day Bug Allows Crypto Hackers to Drain $1.6M From Bitcoin ATMs
After its second cyberattack in under a year, General Bytes urges customers to up the security on their personal accounts to prevent losses from hackers.
21-03-2023 20:17

BigID's Data Security Posture Management Solution Integrates With SOAR Platforms
21-03-2023 20:17

Hackers drain bitcoin ATMs of $1.5 million by exploiting 0-day bug
Don't store digital coins in hot wallets! It's great advice but can't always be followed.
21-03-2023 20:03

Cybersecurity Skills Shortage, Recession Fears Drive 'Upskilling' Training Trend
For companies, training an existing worker is cheaper than hiring, while for employees, training brings job security and more interesting work.
21-03-2023 19:06

Amazon layoffs will shut down camera review site after 25 years [Updated]
Updates stop on April 10, site will be available for "a limited period" after.
21-03-2023 18:47

Amazon layoffs will shut down camera review site after 25 years
Updates stop on April 10, site will be available for "a limited period" after.
21-03-2023 18:47

Name That Toon: It's E-Live!
Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card.
21-03-2023 17:00

What Is Observability, And Why Is It Crucial To Your Business?
The software of your business – and its protection – is crucial if you want to succeed in the business landscape. Around the world, as many as 30,000 businesses are hacked every day, with 64% of companies also experiencing a form of cyber attack. When it
21-03-2023 16:55

Bing’s AI chatbot can now generate unhinged images along with unhinged text
"Advanced" version of OpenAI's DALL-E will roll out to Bing preview users.
21-03-2023 15:06

Custom 'Naplistener' Malware a Nightmare for Network-Based Detection
Threat actors are using legitimate network assets and open source code to fly under the radar in data-stealing attacks using a set of custom malware bent on evasion.
21-03-2023 14:30

Controlling Third-Party Data Risk Should Be a Top Cybersecurity Priority
Third-party breaches have a wide effect that legacy security practices can no longer detect.
21-03-2023 14:00

How Emerging Trends in Virtual Reality Impact Cybersecurity
As information technology continues to evolve, more and more people are penetrating cyberspace. Most organizations, companies, individuals, and even governments are now doing their activities in the digital world. This allows them to enjoy great benefits
21-03-2023 10:34

IAM Startup Aembit Secures How Workloads Connect to Services
Aembit launches from stealth with a cloud-based identity access management platform for enterprise workloads.
21-03-2023 01:00

ChatGPT Gut Check: Cybersecurity Threats Overhyped or Not?
UK cybersecurity authorities and researchers tamp down fears that ChatGPT will overwhelm current defenses, while the CEO of OpenAI worries about its use in cyberattacks.
20-03-2023 23:00

Mirai Hackers Use Golang to Create a Bigger, Badder DDoS Botnet
With HinataBot, malware authors have created a beast many times more efficient than even the scariest botnets of old, packing more than 3Tbit/s DDoS speeds.
20-03-2023 20:23

AI Has Your Business Data
No-code has lowered the barrier for non-developers to create applications. AI will completely eliminate it.
20-03-2023 20:14

Unpatched Samsung Chipset Vulnerabilities Open Android Users to RCE Attacks
Users of affected devices that want to mitigate risk from the security issues in the Exynos chipsets can turn off Wi-Fi and Voice-over-LTE settings, researchers from Google's Project Zero say.
20-03-2023 20:00

Amazon is laying off another 9,000 workers
It announced 18,000 job cuts in January and says more are likely this year.
20-03-2023 19:14

Cops Nab BreachForums Boss in New York
The alleged mastermind of hacker forum Breach Forums, "pompompurin," has been arrested in New York City, according to court documents.
20-03-2023 17:58

Cyberattackers Hoop NBA Fan Data via Third-Party Vendor
The basketball playoffs are around the corner and convincing social-engineering attacks on fans using NBA-themed lures could be too.
20-03-2023 16:19

SecurityBridge Introduces The SAP Management Dashboard
20-03-2023 15:22

source : arstechnica, darkreading, itsecurityguru