security Archives - Page 5 of 29 - Cyber Security Minute

Establishing Trust with Your Board—Advice for Security Leaders

Issued by: CIO Security

For many Chief Information Security Officers (CISOs), reporting to the board of directors has been handled as a reactionary, albeit very necessary task. After all, it’s the board of directors that sit atop the corporate governance model, so it is incumbent upon security professionals to keep them informed. But communicating about security incidents—like the Log4j…

Malware & Threats

Tales from the Dark Web, Part 2: Ransomware Stacked With Distribution Services Creates the Perfect Storm

Issued by: Dark Reading

Ransomware incidents have increased dramatically over the past few years. Complaints about ransomware attacks to the FBI’s Internet Crime Complaint Center surged 62% in the first half of 2021 compared to a similar time frame in 2020, according to the Cybersecurity and Infrastructure Security Agency. To blunt this growing threat, security professionals need to understand…

Network Security

Rethinking Cybersecurity Jobs as a Vocation Instead of a Profession

Issued by: Dark Reading

Are cybersecurity jobs a profession or a vocation? When we consider the current workforce shortage in cybersecurity, our existing assumptions about the nature of cybersecurity jobs may be exacerbating the shortfall. For this reason, we may need to consider new ways of thinking about jobs within the cybersecurity field and the appropriate institutional structures that…

Network Security

IoT’s Importance is Growing Rapidly, But Its Security Is Still Weak

Issued by: Security Week

The weakest link in most digital networks is the person sitting in front of the screen – the defining feature of the Internet of People (IoP). Because that’s where, through cunning and manipulative tactics, unsuspecting recipients can be tricked into opening toxic links. Little do they know, however, they’ve unwittingly opened the gates to digital…

Network Security

Top 5 Reasons to Get ‘SASE’ With Security

Issued by: Dark Reading

What’s the key to effective security? How can we continue to defend against the ever-rising tide of cyberattacks amid a constantly evolving perimeter and the unprecedented acceleration of hybrid work? And let’s not forget about the proliferation of devices connecting to the network, and the mass movement of applications into the cloud. If we’ve learned…

Vulnerabilities

Facebook Introduces New Tool for Finding SSRF Vulnerabilities

Issued by: Security Week

According to the definition provided by OWASP, a SSRF attack enables an attacker to abuse a server’s functionality to read or update internal resources. “The attacker can supply or modify a URL which the code running on the server will read or submit data to, and by carefully selecting the URLs, the attacker may be…

Vulnerabilities

Russia-Linked TA505 Back at Targeting Financial Institutions

Issued by: Security Week

The attacks target organizations across multiple sectors in Canada, the United States, Hong Kong, Europe, and more, and have seen low detection rates in Google’s VirusTotal scanning engine. Dubbed MirrorBlast, the campaign started in early September, following similar activity in April 2021, Morphisec’s security researchers reveal. The infection chain starts with a malicious document delivered…

Vulnerabilities

Swiss Post Offers up to €230,000 for Critical Vulnerabilities in e-Voting System

Issued by: Security Week

The country introduced e-voting in 2003 on a limited basis, as part of ongoing tests, and earlier this year it disclosed the future Swiss e-voting system, in phases, to be able to implement any necessary improvements. The e-voting system is expected to deliver not only transparency, but also reliability, voting secrecy, and verifiability, while meeting…

Vulnerabilities

Facebook Announces Encrypted WhatsApp Backups

Issued by: Security Week

While a user can easily turn on WhatsApp on any new device, given that accounts are phone number-based, conversation history isn’t available unless a backup was created on the previous device. Users can set time intervals for the creation of local backups and can also choose to store those in the cloud, for fast access….

Vulnerabilities

Potential RCE Flaw Patched in PyPI’s GitHub Repository

Issued by: Security Week

On Friday, security researcher RyotaK published information on three vulnerabilities in PyPI, one of which could potentially lead to the compromise of the entire PyPI ecosystem. Python Package Index (PyPI) is the official third-party software repository for the Python programming language, with some package managers using it as the default source for packages and dependencies….