24
Jul
SVB’s collapse is a scammer’s dream: Don’t get caught out
How cybercriminals can exploit Silicon Valley Bank’s downfall for their own ends – and at your expense
Read More
24
Jul
Pig butchering scams: The anatomy of a fast-growing threat
How fraudsters groom their marks and move in for the kill using tricks from the playbooks of romance and investment scammers
Read More
24
Jul
Linux malware strengthens links between Lazarus and the 3CX supply-chain attack
Similarities with newly discovered Linux malware used in Operation DreamJob corroborate the theory that the infamous North Korea-aligned group is behind the 3CX supply-chain attack
Read More
24
Jul
Hacking police radios: 30-year-old crypto flaws in the spotlight
by Paul Ducklin If you’d been quietly chasing down cryptographic bugs in a proprietary police radio system since 2021, but you’d had to wait until the second half of 2023 to go public with your research, how would you deal with the reveal? You’d probably do what researchers at boutique Dutch cybersecurity consultancy Midnight Blue did: line up a world tour of conference appearances in the US, Germany and Denmark (Black Hat, Usenix, DEF CON,…
Read More
24
Jul
OneTrust Raises $150 Million at $4.5 Billion Valuation
Data privacy and governance provider OneTrust today announced that it has raised $150 million in new funding, bringing the total raised by the company to over $1 billion. Founded in 2016, the Atlanta-based firm offers a trust intelligence platform to help organizations visualize the data entering their environment, manage it, meet compliance requirements, and ensure transparency. According to OneTrust, its privacy and security compliance tools are suited for small to large organizations, delivering a holistic…
Read More
24
Jul
Ivanti Releases Security Updates for Endpoint Manager Mobile (EPMM) CVE-2023-35078
A vulnerability discovered in Ivanti Endpoint Manager Mobile (EPMM, previously branded MobileIron Core) allows unauthenticated access to specific API paths. An attacker with access to these API paths can access personally identifiable information (PII) such as names, phone numbers, and other mobile device details for users on a vulnerable system. An attacker can also make other configuration changes, including creating an EPMM administrative account that can make further changes to a vulnerable system. Ivanti reports…
Read More
23
Jul
Creating strong, yet user-friendly passwords: Tips for your business password policy
Don’t torture people with exceedingly complex password composition rules but do blacklist commonly used passwords, plus other ways to help people help themselves – and your entire organization
Read More
23
Jul
How the war in Ukraine has been a catalyst in private-public collaborations
As the war shows no signs of ending and cyber-activity by states and criminal groups remains high, conversations around the cyber-resilience of critical infrastructure have never been more vital
Read More
23
Jul
Top 5 search engines for internet-connected devices and services
A roundup of some of the handiest tools that security professionals can use to search for and monitor devices that are accessible from the internet
Read More
22
Jul
Digital security for the self-employed: Staying safe without an IT team to help
Nobody wants to spend their time dealing with the fallout of a security incident instead of building up their business
Read More