Tue.May 17, 2022

Taking a Risk-Based Approach to Cybersecurity

Data Breach Today

Many experts advise organizations to pivot from a maturity-based approach to a risk-based approach to cybersecurity. Tia Hopkins, field CTO and chief cyber risk strategist at eSentire, discusses where the maturity-based approach falls short and how a risk-based approach can help organizations

Risk 200

When Your Smart ID Card Reader Comes With Malware

Krebs on Security

Millions of U.S. government employees and contractors have been issued a secure smart ID card that enables physical access to buildings and controlled spaces, and provides access to government computer networks and systems at the cardholder’s appropriate security level.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Google Unveils Service to Secure Open-Source Dependencies

Data Breach Today

Assured Open Source Software Ensures Software Is Fuzz-Tested for Vulnerabilities Google will offer customers access to the same technology it uses to lock down developer workflows to ensure open-source dependencies are addressed.

NEW TECH SNAPHOT: Can ‘CAASM’ help slow, perhaps reverse, attack surface expansion?

The Last Watchdog

Defending companies as they transition to cloud-first infrastructures has become a very big problem – but it’s certainly not an unsolvable one. Coming Wed., May 18: How security teams can help drive business growth — by embracing complexity. . The good news is that a long-overdue transition to a new attack surface and security paradigm is well underway, one built on a fresh set of cloud-native security frameworks and buttressed by software-defined security technologies.

Cloud 150

Cyber Security, Change Management and Enterprise Risk Management: Scaling Operations for Growth

Speaker: William Hord, Vice President of Risk Management and Compliance

Join us as we discuss the various tangents of data and the change management process that will help you make better risk-based business decisions to save time and money for your organization.

Feds Say 'Multi-Tasking Doctor' Built Thanos Ransomware

Data Breach Today

Cardiologist in Venezuela Charged With Developing Malware and Recruiting Affiliates U.S.

More Trending

CISA Removes Windows Flaw From Exploited Catalog List

Data Breach Today

Patching Domain Controller Bug Risks Authentication Failure, Agency Says The U.S.

FBI: E-Tailers, Beware Web Injections for Scraping Credit-Card Data, Backdoors

Dark Reading

Law enforcement is warning about a wave of Web injection attacks on US online retailers that are successfully stealing credit-card information from online checkout pages

Retail 103

Conti Says It Has 'Insiders' in Costa Rican Government

Data Breach Today

Threat Group Seeking to Gain Access to Other Government Systems Ransomware actor Conti, which has been targeting Costa Rican government entities since April 2022, has claimed on its leak site Conti News that it has "insiders" in the country's government, and they are working toward the compromise of "other systems."

Widespread Attack on WordPress Sites Targets Tatsu Builder Plug-in

Dark Reading

A widespread attack is underway to exploit known RCE flaw in Tatsu Builder WordPress plug-in, according to a new report

100
100

How Preparation and Strategy Can Be Used to Fight and Defeat Any Ransomware Attack

Speaker: Karl Camilleri, Cloud Services Product Manager at phoenixNAP

Through a detailed analysis of major attacks and their consequences, Karl Camilleri, Cloud Services Product Manager at phoenixNAP, will discuss the state of ransomware and future predictions, as well as provide best practices for attack prevention and recovery.

An Initiative to Enhance Patient ID, Record Matching

Data Breach Today

A new initiative aims to create a standards-based nationwide patient credential and matching ecosystem to ultimately improve matching patients with their electronic health information, says Scott Stuewe, CEO of DirectTrust, the nonprofit, vendor-neutral organization that is leading the effort

Google Cloud Aims to Share Its Vetted Open Source Ecosystem

Dark Reading

The online giant analyzes, patches, and maintains its own versions of open source software, and now the company plans to give others access to its libraries and components as a subscription

Trusting Our Global Supply Chain

Data Breach Today

In this episode of "Cybersecurity Unplugged," Tim Danks of Global Risk Perspectives discusses issues around trusting our global supply chain, including the role of Huawei, the steps needed to secure critical infrastructure, and the process for determining a comfortable level of risk management

Critical VMware Bug Exploits Continue, as Botnet Operators Jump In

Dark Reading

A critical VMware bug tracked as CVE-2022-22954 continues to draw cybercriminal moths to its remote code-execution flame, with recent attacks focused on botnets and Log4Shell

IT 93

The 5 Stages of Account-Based Marketing — and How to Win Them All

Successfully complete the five stages of ABM: define, identify, engage, convert, and connect. We’ll show you how to create a unified system with your sales team to help them land more qualified opportunities and connect with prospects like never before.

Italian Police Repel Online Attempt to Disrupt Eurovision

Data Breach Today

How Mobile Networks Have Become a Front in the Battle for Ukraine

Dark Reading

Since 2014's annexation of Crimea, Ukrainian mobile operators have taken multiple, proactive steps to defend networks in the country and ensure their resilience

91

CyberheistNews Vol 12 #20 [Heads Up] Now You Need to Watch Out for Spoofed Vanity URLs.

KnowBe4

Cybercrime KnowBe4

85

Training to Beat a Bad Cybersecurity Culture

Dark Reading

Creating a company culture for security may need to start by tearing down an anti-security culture

The Ultimate Guide to Executive Recruiting

Sourcing the right executive candidates and filling key managerial roles in an organization can be difficult, even in the best of times. Download this eBook to level up your discovery process, talent sourcing, and strategies for reaching your best-fit candidates.

Over 200 Apps on Play Store were distributing Facestealer info-stealer

Security Affairs

Experts spotted over 200 Android apps on the Play Store distributing spyware called Facestealer used to steal sensitive data. Trend Micro researchers spotted over 200 Android apps on the Play Store distributing spyware called Facestealer used to steal sensitive data from infected devices.

Local Government's Guide to Minimizing the Risk of a Cyberattack

Dark Reading

Most local leaders lack cybersecurity resources so they don't know where their weaknesses are and which areas threat actors are most likely to target, with little focus or understanding of risk

What is a Cyber Security Audit and Why is it Important?

IT Governance

Cyber security audits are a vital component of an organisation’s defences against data breaches and privacy violations.

Venezuelan cardiologist accused of operating and selling Thanos ransomware

Security Affairs

The U.S. Justice Department accused a 55-year-old Venezuelan cardiologist of operating and selling the Thanos ransomware. The U.S. Justice Department accused Moises Luis Zagala Gonzalez, a 55-year-old cardiologist from Venezuela, of operating and selling the Thanos ransomware.

12 Plays to Kickstart Your Recruitment Process

To stay ahead in this race, every recruiter needs a good playbook. In this eBook, we lay out 12 recruiting plays that can automate key steps in your recruitment process, helping you reduce both the cost and the time it takes to hire the best candidates.

New Venture Capital Fund Focuses on Emerging Cybersecurity Tech

Dark Reading

The founders behind more than 90 cybersecurity firms have set up a $300 million investment fund

Security in Milliseconds: Visa Invests in Payment Security as E-Commerce Surges

eSecurity Planet

The COVID-19 pandemic has driven a massive increase in e-commerce spending, doubling to an expected $1 trillion this year, according to Adobe. But that spending surge has brought with it a corresponding rise in payment security challenges.

Attacks on Managed Service Providers Expected to Increase

Schneier on Security

CISA, NSA, FBI, and similar organizations in the other Five Eyes countries are warning that attacks on MSPs — as a vector to their customers — are likely to increase. No details about what this prediction is based on. Makes sense, though.

Software Supply Chain: A Risky Time for Dependencies

eSecurity Planet

The software supply chain is a critical element in the lifecycle of applications and websites.

Understanding Cadence Workflow for Developers and Architects

Explore the basics of Cadence and understand the benefits it can provide to your organization. This whitepaper will dive into a brief history of Cadence, how workflows can be put into practice, and how you can apply Cadence to your data infrastructure.

CISA adds CVE-2022-30525 flaw in Zyxel Firewalls to its Known Exploited Vulnerabilities Catalog

Security Affairs

US Critical Infrastructure Security Agency (CISA) adds critical CVE-2022-30525 RCE flaw in Zyxel Firewalls to its Known Exploited Vulnerabilities Catalog. The U.S.

IT 73

Texans can no longer use certain Instagram filters due to facial recognition lawsuit via KSAT.com

IG Guru

Check out the article here. The post Texans can no longer use certain Instagram filters due to facial recognition lawsuit via KSAT.com appeared first on IG GURU. Business Compliance IG News Information Governance information privacy Privacy Risk News

Risk 71

(ISC)² Unveils 100K in the UK Scheme to Expand the UK Cybersecurity Workforce with 100,000 Free Entry-Level Certification Exams and Education Opportunities

Dark Reading

Multi-million-pound commitment will empower everyone from recent graduates to career changers to IT professionals in the UK to begin a successful career in cybersecurity