π’ Developer security best practices for FinServ π’
π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
Developer security in a financial services institution.π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
IT Pro
Developer security best practices for FinServ
Developer security in a financial services institution
β€1
π’ Building a world-class security champions program π’
π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
The first point of contact for securityrelated questions.π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
ITPro
Building a world-class security champions program
The first point of contact for security-related questions
π’ From basics to best practices: Building a strong AppSec program π’
π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
Make it harder for attackers to exploit vulnerabilities.π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
ITPro
From basics to best practices: Building a strong AppSec program
Make it harder for attackers to exploit vulnerabilities
π’ Bridging the gap: How security teams can engage developers in security programs π’
π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
How security teams can engage developers in security programs.π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
ITPro
Bridging the gap: How security teams can engage developers in security programs
How security teams can engage developers in security programs
π1
π’ The blind spots: five critical mistakes cybersecurity channel leaders must avoid π’
π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
Threat actors continue to innovate their TTPs relentlessly, here's five key areas the security channel needs to be aware of to help there customers stay protected.π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
channelpro
The blind spots: Five critical mistakes cybersecurity channel leaders must avoid
Threat actors continue to innovate their TTPs relentlessly, here's five key areas the security channel needs to be aware of to help their customers stay protected
π΅οΈββοΈ Supply Chain Cybersecurity Beyond Traditional Vendor Risk Management π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Traditional practices are no longer sufficient in today's threat landscape. It's time for cybersecurity professionals to rethink their approach.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Dark Reading
Supply Chain Cybersecurity Beyond Vendor Risk Management
Traditional practices are no longer sufficient in today's threat landscape. It's time for cybersecurity professionals to rethink their approach.
π§ Whatβs behind the 51% drop in ransomware attacks? π§
π Read more.
π Via "Security Intelligence"
----------
ποΈ Seen on @cibsecurity
In a world where cyber threats feel omnipresent, a recent report has revealed some unexpected good news ransomware attacks on state and local governments have dropped by 51 in 2024. Still, this decline does not signal the end of the ransomware threat, nor should it lead to complacency. As the nature of ransomware evolves, so The post Whats behind the 51 drop in ransomware attacks? appeared first on Security Intelligence.π Read more.
π Via "Security Intelligence"
----------
ποΈ Seen on @cibsecurity
Security Intelligence
Whatβs behind the 51% drop in ransomware attacks?
Ransomware attacks on local and state governments have dropped by over 50% in 2024. What's behind this change, and what new threats are on the horizon?
ποΈ North Korean IT Workers in Western Firms Now Demanding Ransom for Stolen Data ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
North Korean information technology IT workers who obtain employment under false identities in Western companies are not only stealing intellectual property, but are also stepping up by demanding ransoms in order to not leak it, marking a new twist to their financially motivated attacks. "In some instances, fraudulent workers demanded ransom payments from their former employers after gaining.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π Internet Archive and Wayback Machine Resurrect After DDoS Wave π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Internet Archive founder confirmed the allegedly exposed data was safe.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Internet Archive and Wayback Machine Resurrect After DDoS Wave
Internet Archive founder confirmed the allegedly exposed data was βsafeβ
π macOS Vulnerability Could Expose User Data, Microsoft Warns π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Microsoft urges macOS users to apply a fix for the vulnerability, which it believes may be under active exploitation by the Adload malware family.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
macOS Vulnerability Could Expose User Data, Microsoft Warns
Microsoft urges macOS users to apply a fix for the vulnerability, which it believes may be under active exploitation by the Adload malware family
π΅οΈββοΈ Vulnerabilities, AI Compete for Software Developers' Attention π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
This year, the majority of developers have adopted AI assistants to help with coding and improve code output, but most are also creating more vulnerabilities that take longer to remediate.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
Vulnerabilities, AI Compete for Software Developers' Attention
Most developers have adopted AI assistants to help with coding and improve code output, but most create more vulnerabilities that take longer to remediate.
π΅οΈββοΈ MacOS Safari 'HM Surf' Exploit Exposes Camera, Mic, Browser Data π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Microsoft researchers toyed with app permissions to uncover CVE202444133, using it to access sensitive user data. Adware merchants may have as well.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
MacOS Safari Exploit Exposes Camera, Mic, Browser Data
Microsoft researchers toyed with app permissions to uncover CVE-2024-44133, using it to access sensitive user data. Adware merchants may have as well.
π΅οΈββοΈ Time to Get Strict With DMARC π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Adoption of the email authentication and policy specification remains low, and only about a tenth of DMARCenabled domains enforce policies. Everyone is waiting for major email providers to get strict.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
Time to Get Strict With DMARC
Adoption of the email authentication and policy specification remains low, and only about a tenth of DMARC-enabled domains enforce policies. Everyone is waiting for major email providers to get strict.
π΅οΈββοΈ ESET-Branded Wiper Attack Targets Israel; Firm Denies Compromise π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
The security firm is denying an assessment that its systems were compromised in Israel by proPalestinian cyberattackers, but acknowledged an attack on one of its partners.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
ESET-Branded Attack Targets Israel; Firm Denies Compromise
The security firm is denying an assessment that its systems were compromised in Israel by pro-Palestinian cyberattackers, but acknowledged an attack on one of its partners.
π΅οΈββοΈ CISOs: Throwing Cash at Tools Isn't Helping Detect Breaches π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
A survey shows threequarters of CISOs are drowning in threat detections put out by a sprawling stack of tools, yet still lack the basic visibility necessary to identify breaches.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
CISOs: Throwing Cash at Tools Isn't Helping Detect Breaches
A survey shows three-quarters of CISOs are drowning in threat detections put out by a sprawling stack of tools, yet still lack the basic visibility necessary to identify breaches.
π¦Ώ Can You Fax a Check? Yes. Follow These Steps to Do it Safely π¦Ώ
π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
Discover how to legally, securely, and quickly fax a check whether you're using a traditional fax machine or an online faxing service.π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
TechRepublic
Can You Fax a Check? Yes. Follow These Steps to Do it Safely
Discover how to legally, securely, and quickly fax a check whether you're using a traditional fax machine or an online faxing service.
π€1
ποΈ Crypt Ghouls Targets Russian Firms with LockBit 3.0 and Babuk Ransomware Attacks ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
A nascent threat actor known as Crypt Ghouls has been linked to a set of cyber attacks targeting Russian businesses and government agencies with ransomware with the twin goals of disrupting business operations and financial gain. "The group under review has a toolkit that includes utilities such as Mimikatz, XenAllPasswordPro, PingCastle, Localtonet, resocks, AnyDesk, PsExec, and others,".π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ Acronym Overdose β Navigating the Complex Data Security Landscape ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
In the modern enterprise, data security is often discussed using a complex lexicon of acronymsDLP, DDR, DSPM, and many others. While these acronyms represent critical frameworks, architectures, and tools for protecting sensitive information, they can also overwhelm those trying to piece together an effective security strategy. This article aims to demystify some of the most important acronyms.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π1
π½ Microsoft Loses Critical Security Logs, Raising Concerns Over Cloud Security π½
π Read more.
π Via "BE3SEC"
----------
ποΈ Seen on @cibsecurity
Microsoft has admitted to a significant lapse in its cloud security logging, leaving customers vulnerable to undetected intrusions for over two weeks. A bug in the companys internal monitoring system resulted in the loss of critical security logs between September 2nd and 19th. This incident affects several key Microsoft cloud.π Read more.
π Via "BE3SEC"
----------
ποΈ Seen on @cibsecurity
Be4Sec
Microsoft Loses Critical Security Logs, Raising Concerns Over Cloud Security
Microsoft has admitted to a significant lapse in its cloud security logging, leaving customers vulnerable to undetected intrusions for over two weeks. A bug in the companyβs internal monitoriβ¦
π±2
π Threat actors exploiting zero-days faster than ever β Week in security with Tony Anscombe π
π Read more.
π Via "ESET - WeLiveSecurity"
----------
ποΈ Seen on @cibsecurity
The average time it takes attackers to weaponize a vulnerability, either before or after a patch is released, shrank from 63 days in 20182019 to just five days last year.π Read more.
π Via "ESET - WeLiveSecurity"
----------
ποΈ Seen on @cibsecurity
Welivesecurity
Threat actors exploit zero-days faster than ever β Week in security with Tony Anscombe
The average time it takes bad actors to weaponize a vulnerability before or after a patch is released shrank from 63 days in 2018-2019 to a mere five days last year
π½ Access to any Cisco Device? π½
π Read more.
π Via "BE3SEC"
----------
ποΈ Seen on @cibsecurity
A threat actor called IntelBroker posted an advertisement on a dark web forum for the sale of information stolen from Cisco. The actor claimed that the data from this breach contains sensitive information such as GitHub projects, source code, credentials, certificates, access to cloud storage buckets, and more. On October.π Read more.
π Via "BE3SEC"
----------
ποΈ Seen on @cibsecurity
Be4Sec
Access to any Cisco Device?
A threat actor called βIntelBrokerβ posted an advertisement on a dark web forum for the sale of information stolen from Cisco. The actor claimed that the data from this breach contains β¦
π1