Security

Updates

Training the next generation of cybersecurity experts to close the crisis gap
The biggest threat to cybersecurity departments could be the lack of qualified employees, leaving companies vulnerable. The post appeared first on .
23-09-2022 21:42

Colonial Pipeline ransomware group using new tactics to become more dangerous
Dubbed Coreid, the group has adopted a new version of its data exfiltration tool and is offering more advanced capabilities to profitable affiliates, says Symantec. The post appeared first on .
23-09-2022 21:28

What to consider before disposing of personal data – Week in security with Tony Anscombe
A major financial services company has learned the hard way about the importance of proper disposal of customers' personal data The post appeared first on
23-09-2022 19:20

SentinelOne Announces $100 Million Venture Fund
Endpoint security firm SentinelOne (NYSE: S) this week announced a $100 million venture fund that the publicly-traded company will use to invest other security startups.
23-09-2022 15:40

Microsoft Issues Out-of-Band Patch for Flaw Allowing Lateral Movement, Ransomware Attacks
Microsoft this week released an out-of-band security update for its Endpoint Configuration Manager solution to patch a vulnerability that could be useful to malicious actors for moving around in a targeted organization’s network.
23-09-2022 15:03

LogicGate Risk Cloud: Product review
Now you can see your institution's fraud and security risks in a new way, with LogicGate Risk Cloud. Read our review here. The post appeared first on .
23-09-2022 14:35

New 'Wolfi' Linux Distro Focuses on Software Supply Chain Security
Chainguard this week announced Wolfi, a stripped-down Linux OS distribution designed to improve the security of the software supply chain.
23-09-2022 14:11

BIND Updates Patch High-Severity Vulnerabilities
The Internet Systems Consortium (ISC) this week announced the availability of patches for six vulnerabilities in the widely deployed BIND DNS software, all remotely exploitable.
23-09-2022 14:01

"Left and Right of Boom" - Having a Winning Strategy
As security practitioners are painfully aware, it is not a matter of if but when their organization will come under cyberattack. Given this year’s geopolitical events, the likelihood of falling victim to an attack has exponentially increased. And while t
23-09-2022 13:45

CISA Warns of Zoho ManageEngine RCE Vulnerability Exploitation
The US Cybersecurity and Infrastructure Security Agency (CISA) on Thursday warned of cyberattacks targeting a recently addressed vulnerability in Zoho ManageEngine.
23-09-2022 13:11

New Firmware Vulnerabilities Affecting Millions of Devices Allow Persistent Access
Firmware security company Binarly has discovered another round of potentially serious firmware vulnerabilities that could allow an attacker to gain persistent access to any of the millions of affected devices.
23-09-2022 12:50

NSA, CISA Explain How Threat Actors Plan and Execute Attacks on ICS/OT
US government agencies have shared a new cybersecurity resource that can help organizations defend critical control systems against threat actors.
23-09-2022 10:40

5 tips to help children navigate the internet safely
The online world provides children with previously unimagined opportunities to learn and socialize, but it also opens them up to a range of hazards. How can you steer kids toward safe internet habits? The post appeared first on
23-09-2022 09:30

Cyberattack Steals Passenger Data From Portuguese Airline
Portugal’s national airline TAP Air Portugal says hackers obtained the personal data of some of its customers and have published the information on the dark web.
23-09-2022 01:24

Maak van elke plek een slimme ruimte
Door het combineren van IT, IoT en fysieke omgevingen kunnen IT-teams geautomatiseerde slimme ruimten opzetten voor hun organisatie. Leer hoe u: Connectiviteit en sensoren kan inzetten om prioriteiten te bepalen voor de schoonmaak van locaties en het beh
23-09-2022 00:00

Smart Spaces Experience Guide – Transform Any Place into a Smart Space
Transform rooms, buildings, and spaces into assets that inform new insights, inspire collaboration, and drive efficiencies through automation and analytics. With our best-in-class, cloud-first technologies, Cisco Meraki removes complexity so you can focu
23-09-2022 00:00

Transformez n’importe quel endroit en un espace intelligent
Grâce à ses technologies basées sur le cloud, Cisco Meraki vous apporte de la simplicité. Nous réunissons IT, IoT et environnements physiques pour permettre aux équipes informatiques de déployer des espaces intelligents automatisés. Découvrez comment : u
23-09-2022 00:00

Account takeover attacks on the rise, impacting almost 25% of people in the US
Losses triggered by account takeovers have averaged $12,000 per incident, according to data cited by SEON. The post appeared first on .
22-09-2022 20:35

How Organizational Structure, Personalities and Politics Can Get in the Way of Security
Cyberattacks and data breaches continue to rise year-over-year and another so-called silver bullet technology isn’t going to stop that trend. The reality is the bad guys are looking at the entire playing field, but we are not because organizational struc
22-09-2022 16:30

Cloud security market forecast to surpass $123 billion by 2032
The MRA market report reveals that the global cloud security market will experience a significant boom in the coming years, creating room for healthy competition among key players. The post appeared first on .
22-09-2022 15:48

Learn the cybersecurity skills you need for employment
All the cybersecurity and risk management frameworks can be found in one training course. The post appeared first on .
22-09-2022 15:30

How to create a Bitwarden Vault entry that can be used for AutoFill
Jack Wallen shows you how to make it such that a Bitwarden vault entry can be used for AutoFill via the web browser extension for a simplified workflow. The post appeared first on .
22-09-2022 15:08

Twitter Logs Out Some Users Due to Security Issue Related to Password Resets
Twitter said on Wednesday that some users have been logged out of their active sessions in response to a bug that posed a security risk. The issue was related to password resets — when users reset their password, their active sessions on Android and iOS
22-09-2022 14:53

Malwarebytes Raises $100 Million From Vector Capital
Cybersecurity solutions provider Malwarebytes on Wednesday announced that it has received a $100 million minority investment from Vector Capital, which brings the total raised by the company to $180 million.
22-09-2022 14:08

Data Breach at Australian Telecoms Firm Optus Could Impact Up to 10 Million Customers
Australian telecoms company Optus has disclosed a data breach impacting the personal information of both former and current customers.
22-09-2022 13:45

CISA, FBI Detail Iranian Cyberattacks Targeting Albanian Government
Iranian hackers breached Albanian government one year before disruptive attacks
22-09-2022 11:55

Oracle Cloud Infrastructure Vulnerability Exposed Sensitive Data
Cloud security company Wiz has published information on an Oracle Cloud Infrastructure (OCI) vulnerability allowing attackers to modify users’ storage volumes without authorization.
22-09-2022 11:20

15-Year-Old Python Vulnerability Present in 350,000 Projects Resurrected
Researchers at threat detection and response company Trellix have resurrected a 15-year-old Python vulnerability, showing that it’s more serious than initially believed and that it could affect hundreds of thousands of applications.
22-09-2022 09:32

Hey WeLiveSecurity, how does biometric authentication work?
Your eyes may be the window to your soul, but they can also be your airplane boarding pass or the key unlocking your phone. What’s the good and the bad of using biometric traits for authentication? The post appeared first on
22-09-2022 09:30

NATO's Team in Albania to Help on Iran-Alleged Cyberattack
NATO sent a senior-level delegation to Albania on Wednesday to help the tiny Western Balkan country cope with the consequences of that the government blamed on Iran.
22-09-2022 02:20

European Spyware Investigators Criticize Israel and Poland
European Parliament members investigating the use of surveillance spyware by European Union governments sharply criticized Israel on Wednesday for a lack of transparency in allowing the sale of powerful Israeli spyware to European governments that have u
22-09-2022 00:25

How "Long-Sightedness" Can Improve Security and Fraud Programs
Looking long is an important skill for cybersecurity and fraud teams to develop
21-09-2022 17:22

Morgan Stanley to Pay $35M Fine for Exposing Information of Millions of Customers
The Securities and Exchange Commission (SEC) announced on Tuesday that Morgan Stanley has agreed to pay a $35 million fine for exposing the personal information of millions of customers.
21-09-2022 16:49

Hundreds of eCommerce Domains Infected With Google Tag Manager-Based Skimmers
Security researchers with Recorded Future have identified a total of 569 ecommerce domains infected with skimmers, 314 of which have been infected with web skimmers leveraging Google Tag Manager (GTM) containers.
21-09-2022 13:56

Hackers Steal $160 Million From Crypto Market Maker Wintermute
Cryptocurrency market maker Wintermute on Tuesday announced that hackers have stolen $160 million from its decentralized finance (DeFi) operation. Founded in 2017, the London-based algorithmic trading firm trades billions of dollars across both centraliz
21-09-2022 12:48

Russian Cyberspies Targeting Ukraine Pose as Telecoms Providers
A Russian cyberespionage group tracked as UAC-0113 is using dynamic DNS domains masquerading as telecommunications providers in ongoing attacks targeting entities in Ukraine, Recorded Future reports.
21-09-2022 11:19

iBoot Power Distribution Unit Flaws Allow Hackers to Remotely Shut Down Devices
Critical vulnerabilities discovered by researchers in Dataprobe’s iBoot power distribution unit (PDU) can allow malicious actors to remotely hack the product and shut down connected devices, potentially causing disruption within the targeted organization
21-09-2022 10:35

VMware Warns of 'ChromeLoader' Delivering Ransomware, Destructive Malware
VMware’s Carbon Black team warns that the ChromeLoader malware is now delivering malware such as ZipBomb and the Enigma ransomware to business services and government organizations.
21-09-2022 10:14

Uber exposes Lapsus$ extortion group for security breach
In last week’s security breach against Uber, the attackers downloaded internal messages from Slack as well as information from a tool used to manage invoices. The post appeared first on .
20-09-2022 20:17

Vulnerability Management Fatigue Fueled by Non-Exploitable Bugs
20-09-2022 15:18

CrowdStrike to Buy Reposify, Invests in Salt Security
Endpoint detection and response pioneer CrowdStrike is elbowing its way into new security markets with a planned acquisition of attack surface management startup Reposify and a strategic investment in API security vendor Salt Security.
20-09-2022 15:05

US Government Contractors Targeted in Evolving Phishing Campaign
Threat actors are impersonating various US government departments in phishing attacks targeting the Microsoft 365 credentials of government contractors.
20-09-2022 14:45

The VC View: The AppSec Evolution
Eliminating friction and making AppSec scalable starts with designing solutions built for developers
20-09-2022 14:36

Over 50,000 Revolut Customers Affected by Data Breach
Financial technology company Revolut has started informing some customers that it has been targeted in a cyberattack that resulted in their information getting compromised.
20-09-2022 14:28

Quantifying ROI in Cybersecurity Spend
In cybersecurity, there are too many variables on both the attack and defense sides to easily calculate ROI for specific spends
20-09-2022 13:48

New York Emergency Services Provider Says Patient Data Stolen in Ransomware Attack
The personal information of roughly 320,000 individuals was compromised following a ransomware attack at New York-based ambulance services provider Empress EMS (Emergency Medical Services).
20-09-2022 12:43

American Airlines Says Personal Data Exposed After Email Phishing Attack
American Airlines is informing some customers that their personal information may have been compromised after threat actors gained access to employee email accounts.
20-09-2022 12:34

Operant Networks Emerges From Stealth With SASE Solution for Energy OT
Operant Networks has emerged from stealth mode with $3.8 million in seed funding and a secure access service edge (SASE) solution focused on operational technology (OT) in the energy sector.
20-09-2022 11:40

EU Court Rules Against German Data Collection Law
A German law requiring telecoms companies to retain customer data is a breach of EU legislation, a European court ruled Tuesday, prompting the justice minister to vow an overhaul of the rules. 
20-09-2022 10:29

Learn Palo Alto Networks cybersecurity with this $20 training
Start deploying cutting-edge firewalls with this training certification course. The post appeared first on .
20-09-2022 09:00

How to protect your organization’s single sign-on credentials from compromise
Half of the top 20 most valuable public U.S. companies had at least one single sign-on credential up for sale on the Dark Web in 2022, says BitSight. The post appeared first on .
19-09-2022 22:08

Uber Confirms Hacker Accessed Internal Tools, Bug Bounty Dashboard
Ride-hailing giant Uber is moving quickly to downplay the impact from a devastating security breach that included the theft of employee credentials, access to the HackerOne bug bounty dashboard and data from an internal invoicing tool.
19-09-2022 19:02

Rockstar Games Confirms Breach Leading to GTA 6 Leak
Video game publisher Rockstar Games has confirmed suffering a network breach that resulted in videos from the upcoming Grand Theft Auto (GTA) 6 game getting leaked.
19-09-2022 14:03

Eyeglass Reflections Can Leak Information During Video Calls
A group of academic researchers have devised a method of reconstructing text exposed via participants’ eyeglasses and other reflective objects during video conferences.
19-09-2022 13:24

Free Decryptor Available for LockerGoga Ransomware Victims
Victims of the LockerGoga ransomware can now recover their files for free using a new decryption tool available via the NoMoreRansom project.
19-09-2022 12:31

Get a lifetime of VPN protection for just $60
Grab a special deal on the secure Ivacy virtual private network and NAT firewall today. The post appeared first on .
19-09-2022 12:00

LastPass Found No Code Injection Attempts Following August Data Breach
Password management software provider LastPass says its investigation into the August 2022 data breach has not revealed any attempts to inject malicious code into LastPass software.
19-09-2022 10:47

GTA 6 Videos and Source Code Stolen in Rockstar Games Hack
The Rockstar Games hacker also claims to be behind the recent Uber breach
19-09-2022 10:24

Can your iPhone be hacked? What to know about iOS security
Here are some of the most common ways that an iPhone can be compromised with malware, how to tell it’s happened to you, and how to remove a hacker from your device The post appeared first on
19-09-2022 09:30

Get a lifetime of VPN protection for just $60
Grab a special deal on the secure Ivacy virtual private network and NAT firewall today. The post appeared first on .
19-09-2022 09:00

Serious Breach at Uber Spotlights Hacker Social Deception
The ride-hailing service Uber said Friday that all its services were operational following what security professionals are calling , claiming there was no evidence the hacker got access to sensitive user data.
17-09-2022 16:14

Become an ethical hacker online
Get nine bundled courses on white hat hacking for just $34. The post appeared first on .
17-09-2022 09:00

Uber investigating security breach of several internal systems
Communications and engineering systems were taken offline after hacker sends images of repositories to cybersecurity researchers and The New York Times. The post appeared first on .
16-09-2022 18:41

SOC Infrastructure Firm Cyrebro Raises $40 Million
Security Operations Center (SOC) infrastructure start-up Cyrebro this week announced that it has banked $40 million in Series C funding, bringing the total raised by the company to $61 million.
16-09-2022 15:11

Water Tank Management System Used Worldwide Has Unpatched Security Hole
A water tank management system used by organizations worldwide is affected by a critical vulnerability that can be exploited remotely and the vendor does not appear to want to patch it.
16-09-2022 15:11

Rising to the challenges of secure coding – Week in security with Tony Anscombe
The news seems awash this week with reports of both Microsoft and Apple scrambling to patch security flaws in their products The post appeared first on
16-09-2022 14:45

Game Acceleration Module Vulnerability Exposes Netgear Routers to Attacks
Multiple Netgear router models are vulnerable to arbitrary code execution via FunJSQ, a third-party module for online game acceleration, European security and compliance assessment company Onekey warns.
16-09-2022 14:08

US Agencies Publish Security Guidance on Implementing Open RAN Architecture
The Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA) have published guidance on implementing an Open Radio Access Network (RAN) architecture.
16-09-2022 13:20

Industry Reactions to Govt Requiring Security Guarantees From Software Vendors
The White House has announced new guidance with the aim of ensuring that federal agencies only use secure software.
16-09-2022 13:00

Starbucks Singapore Says Customer Database Breached
Starbucks Singapore said Friday its customer database was breached online, with local media reporting that 200,000 people's information was stolen.
16-09-2022 12:44

Akamai Sees Europe's Biggest DDoS Attack to Date
Akamai recently mitigated a distributed denial-of-service (DDoS) attack that set a new record for attacks targeting European organizations in terms of packets per second.
16-09-2022 11:07

Uber Investigating Data Breach After Hacker Claims Extensive Compromise
16-09-2022 09:22

Become an ethical hacker online
Get nine bundled courses on white hat hacking for just $34. The post appeared first on .
16-09-2022 09:00

Cloud Data Security
In this whitepaper we describe the various CSP security offerings and provide a framework for data protection with a set of strategic selection criteria. In relation to the “Big Three” CSPs—Amazon Web Services (AWS), Google Cloud Platform (GCP), and Micr
16-09-2022 00:00

Deliver Secure Digital Workspaces with Citrix Virtual Apps and Desktops on Microsoft Azure
Where, when, and how people work has dramatically changed. Remote work trends are here to stay while fewer employees than ever before are working full-time in traditional offices. This distributed world has forced additional IT demands on your business.
16-09-2022 00:00

Report: Digital trust is critical, but many enterprises are not prioritizing it
One breach of digital trust can cause devastating reputational, regulatory and financial repercussions, according to ISACA’s State of Digital Trust 2022 survey findings. The post appeared first on .
15-09-2022 22:13

Adobe Creates Role of Chief Cybersecurity Legal Officer
Adobe has appointed Maarten Van Horenbeeck to the role of chief security officer (CSO) and Nubiaa Shabaka to the roles of chief privacy officer and chief cybersecurity legal officer.
15-09-2022 18:14

Rust Gets a Dedicated Security Team
The non-profit Rust Foundation has scored funding to build a dedicated security team to proactively identify and address security defects in the popular Rust programming language.
15-09-2022 16:48

How does data governance affect data security and privacy?
While it's important to implement processes and procedures that safeguard data security and privacy, you can also focus on more strategic data governance goals. The post appeared first on .
15-09-2022 16:16

US, UK, Canada and Australia Link Iranian Government Agency to Ransomware Attacks
Government agencies in the US, UK, Canada, and Australia say that threat groups associated with Iran’s Islamic Revolutionary Guard Corps (IRGC) have been engaging in data encryption and extortion operations.
15-09-2022 15:45

Data Security Firm Fortanix Raises $90M Series C
Silicon Valley late-stage startup Fortanix has banked $90 million in new capital to boost its place in the confidential computing and data protection marketplace.
15-09-2022 15:13

2022 CISO Forum: All Sessions on Demand
15-09-2022 14:24

EU Wants to Toughen Cybersecurity Rules for Smart Devices
The European Union’s executive arm proposed new legislation Thursday that would force manufacturers to ensure that devices connected to the internet meet cybersecurity standards, making the 27-nation bloc less vulnerable to attacks.
15-09-2022 13:59

OneLayer Raises $6.5 Million From Koch's VC Arm
LTE and 5G network security firm OneLayer has announced a $6.5 million equity investment from Koch Disruptive Technologies (KDT), the VC arm of Koch Industries. At the same time, Koch Industries will be implementing OneLayer solutions at the site of one
15-09-2022 13:42

FBI Warns of Cyberattacks Targeting Healthcare Payment Processors
The FBI has observed an increase in attacks targeting healthcare payment processors in an effort to divert significant amounts of money to accounts controlled by the attacker.
15-09-2022 13:23

Dope.security Emerges From Stealth With New Approach to Secure Web Gateways
Dope.security this week emerged from stealth mode with a $4 million investment from Boldstart Ventures and a new approach to secure web gateways. Placed between the user and the internet, secure web gateways (SWG) deliver network protection by inspecting
15-09-2022 13:10

Chrome 105 Update Patches High-Severity Vulnerabilities
Google on Wednesday announced the release of a Chrome 105 update that resolves 11 vulnerabilities, including seven high-severity bugs reported by external researchers.
15-09-2022 12:49

US Government Wants Security Guarantees From Software Vendors
15-09-2022 12:02

When It Comes to Security, Don’t Overlook Your Linux Systems
As I , Linux systems are a popular delivery mechanism for malware. While they’re not the most popular – that distinction goes to HTML and Javascript – don’t think you can ignore them. Linux-based attacks are very much still happening.
15-09-2022 10:38

SAP Patches High-Severity Flaws in Business One, BusinessObjects, GRC
German software maker SAP this week announced the release of eight new and five updated security notes as part of its September 2022 Security Patch Day.
15-09-2022 09:33

Third‑party cookies: How they work and how to stop them from tracking you across the web
Cross-site tracking cookies have a bleak future but can still cause privacy woes to unwary users The post appeared first on
15-09-2022 09:30

SparklingGoblin deploys new Linux backdoor – Week in security, special edition
ESET Research first spotted this variant of the SideWalk backdoor in the network of a Hong Kong university in February 2021 The post appeared first on
15-09-2022 07:30

South Korea Fines Google, Meta Over Privacy Violations
South Korea’s privacy watchdog has fined Google and Meta a combined 100 billion won ($72 million) for tracking consumers’ online behavior without their consent and using their data for targeted advertisements.
15-09-2022 00:53

North Korean cyberespionage actor Lazarus targets energy providers with new malware
Lazarus, a North Korean cyberespionage group, keeps hitting energy providers in the U.S., Canada and Japan with a new malware arsenal. The post appeared first on .
14-09-2022 17:22

US Indicts Iranians Who Hacked Power Company, Women's Shelter
The US Department of Justice announced an indictment Wednesday against three Iranian hackers who used ransomware to extort a battered women's shelter and a power company.
14-09-2022 17:02

Dig Security Banks $34 Million for Cloud Data Security
Just four months after emerging from stealth with $11 million in seed funding, Dig Security has banked an additional $34 million in venture capital funding as investors continue to flock to cloud data security startups.
14-09-2022 15:05

Bishop Fox Releases Open Source Cloud Hacking Tool 'CloudFox'
Cybersecurity firm Bishop Fox has announced the release of CloudFox, an open source tool designed to help find exploitable attack paths in cloud infrastructure. The command line tool has been created for penetration testers and other offensive security p
14-09-2022 14:35

WordPress Sites Hacked via Zero-Day Vulnerability in WPGateway Plugin
Many WordPress sites are at risk of full compromise as attackers are actively exploiting a zero-day vulnerability in the WPGateway plugin, Defiant’s WordFence team warns. A premium plugin for the WPGateway cloud service, the WPGateway plugin provides use
14-09-2022 13:49

novoShield Emerges From Stealth With Mobile Phishing Protection App
Mobile phishing protection startup novoShield has emerged from stealth mode with an enterprise-grade iPhone protection application. The new solution, novoShield says, was designed to protect both end-users and businesses from the increasing number of phi
14-09-2022 12:28

Google Improves Chrome Protections Against Use-After-Free Bug Exploitation
Google this week has shared more information on recently introduced technology meant to reduce the exploitability of use-after-free vulnerabilities in the Chrome browser.
14-09-2022 12:00

source : hackernews, securityweek, techrepublicsecurity, welivesecurity


Ads