Recently, we hosted Michael Tapia, Chief Technology Director at Clint ISD in Texas, and Kobe Brummet, Cybersecurity Technician at Hawkins School District in Tennessee, for a live webinar. Michael and Kobe volunteered to share with other K-12 tech pros how important cybersecurity and safety monitoring are for Google Workspace, Microsoft 365, and online browsing. They […]

The post Cloud Monitor Identifies and Remediates Problematic VPN Use in K-12 Districts appeared first on ManagedMethods.

The post Cloud Monitor Identifies and Remediates Problematic VPN Use in K-12 Districts appeared first on Security Boulevard.

Every month, the Pondurance team hosts a webinar to keep clients current on the state of cybersecurity. In April, the team discussed threat intelligence, vulnerabilities and trends, security operations center (SOC) engineering insights, threat hunting, and detection engineering. Threat Intelligence The Senior Manager of Digital Forensics and Incident Response (DFIR) discussed the recent surge of...

The post Novel Threat Tactics, Notable Vulnerabilities, and Current Trends for April 2024 appeared first on Pondurance.

The post Novel Threat Tactics, Notable Vulnerabilities, and Current Trends for April 2024 appeared first on Security Boulevard.

Source: www.proofpoint.com – Author: 1 CRN spoke with the CEOs and CTOs of a number of cybersecurity companies, including Proofpoint, Palo Alto Networks, Rubrik and CrowdStrike, during RSA Conference 2024. Here’s what they had to say. While the many implications of GenAI for security continued to be discussed and debated at last week’s RSA Conference, […]

La entrada Here’s What 20 Top Cybersecurity CEOs And CTOs Were Saying At RSA Conference 2024 – Source: www.proofpoint.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Source: www.cybertalk.org – Author: slandau EXECUTIVE SUMMARY: Cyber security experts have recently uncovered a sophisticated cyber attack campaign targeting U.S-based organizations that are involved in artificial intelligence (AI) projects. Targets have included organizations in academia, private industry and government service. Known as UNK_SweetSpecter, this campaign utilizes the SugarGh0st remote access trojan (RAT) to infiltrate networks. […]

La entrada SugarGh0st RAT variant, targeted AI attacks – Source: www.cybertalk.org se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

It took two brothers who went to MIT months to plan how they were going to steal, launder and hide millions of dollars in cryptocurrency -- and only 12 seconds to actually pull off the heist.

The post Brothers Indicted for Stealing $25 Million of Ethereum in 12 Seconds appeared first on Security Boulevard.

WTH? DPRK IT WFH: Justice Department says N. Korean hackers are getting remote IT jobs, posing as Americans.

The post North Korea IT Worker Scam Brings Malware and Funds Nukes appeared first on Security Boulevard.

Source: www.techrepublic.com – Author: Cedric Pernet A joint cybersecurity advisory from the Federal Bureau of Investigation, Cybersecurity and Infrastructure Security Agency, Department of Health and Human services and Multi-State Information Sharing and Analysis Center was recently released to provide more information about the Black Basta ransomware. Black Basta affiliates have targeted organizations in the U.S., […]

La entrada Black Basta Ransomware Struck More Than 500 Organizations Worldwide – Source: www.techrepublic.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Source: www.darkreading.com – Author: Andrew Morris 6 Min Read Source: Andriy Popov via Alamy Stock Photo COMMENTARY If you are a member of the security team in charge of defending a network, you are probably accustomed to working with a technology stack composed of hardware (computers, servers, appliances, and network gear), software (applications and services), […]

La entrada Addressing the Cybersecurity Vendor Ecosystem Disconnect – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Hackers can find templates for DocuSign and other companies for their phishing campaigns on dark web marketplaces for as little as $10.

The post Hackers Use Fake DocuSign Templates to Scam Organizations appeared first on Security Boulevard.

One in three office workers who use GenAI admit to sharing customer info, employee details and financial data with the platforms. Are you worried yet?

The post Risks of GenAI Rising as Employees Remain Divided About its Use in the Workplace appeared first on Security Boulevard.

VFCFinder analyzes commit histories to pinpoint the most likely commits associated with vulnerability fixes.

The post VFCFinder Highlights Security Patches in Open Source Software appeared first on Security Boulevard.

Source: securityboulevard.com – Author: Jeffrey Burt The operators behind the Ebury server-side malware botnet have been doing business since at least 2009 and, according to the threat researchers who have been tracking it for the last decade, are stronger and more active than ever. The malware has compromised at least 400,000 Linux servers over the […]

La entrada 15-Year-Old Ebury Botnet Compromised 400,000 Linux Servers – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Palo Alto Networks is acquiring the QRadar SaaS offerings from IBM, and then will migrate users to its Cortex XSIAM SOC delivered as a cloud service.

The post Palo Alto Networks and IBM Align Cybersecurity Strategies appeared first on Security Boulevard.

The operators behind the Ebury server-side malware botnet have been doing business since at least 2009 and, according to the threat researchers who have been tracking it for the last decade, are stronger and more active than ever. The malware has compromised at least 400,000 Linux servers over the past 15 years, with about 100,000..

The post 15-Year-Old Ebury Botnet Compromised 400,000 Linux Servers appeared first on Security Boulevard.

Phish Ahoy! Hacker took advantage of Dell’s lack of anti-scraping defense.

The post Dell Hell Redux — More Personal Info Stolen by ‘Menelik’ appeared first on Security Boulevard.

Source: www.cybertalk.org – Author: slandau EXECUTIVE SUMMARY: Last week, over 40,000 business and cyber security leaders converged at the Moscone Center in San Francisco to attend the RSA Conference, one of the leading annual cyber security conferences and expositions worldwide, now in its 33rd year. Across four days, presenters, exhibitors and attendees discussed a wide […]

La entrada 5 key takeaways for CISOs, RSA Conference 2024 – Source: www.cybertalk.org se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Exit Planning is the strategic process of preparing for the eventual transfer or sale of a business. It takes into account the business owner’s personal and financial goals and involves decisions and actions that enable a smooth and organized exit from the business.  Exit planning presents a challenging time for business owners. As they prepare […]

The post Managing Cyber Risk in Exit Strategy Planning appeared first on BlackCloak | Protect Your Digital Life™.

The post Managing Cyber Risk in Exit Strategy Planning appeared first on Security Boulevard.

Source: www.darkreading.com – Author: Robert Lemos, Contributing Writer Source: VideoFlow via Shutterstock Lawmakers in Singapore updated the nation’s cybersecurity regulations on May 7, giving more power to the agency responsible for enforcing the rules, adopting definitions of computer systems that include cloud infrastructure, and requiring that critical information infrastructure (CII) operators report any cybersecurity incident […]

La entrada Singapore Cybersecurity Update Puts Cloud Providers on Notice – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

In the realm of cybersecurity, vigilance is paramount. Recently, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) flagged a critical vulnerability in GitLab, a popular platform for collaborative software development. This GitLab password exploit tracked as CVE-2023-7028, has been actively exploited in the wild, posing significant risks to organizations utilizing GitLab for their development workflows. […]

The post CISA Alert: GitLab Password Exploit – Act Now For Protection appeared first on TuxCare.

The post CISA Alert: GitLab Password Exploit – Act Now For Protection appeared first on Security Boulevard.

There are tremendous opportunities in cybersecurity and the industry needs many more qualified workers.  Training plays an important part.  That is why I am partnering with Infosec4TC, an online training provider that offers free courses in addition to affordable classes, to offer huge discounts on cybersecurity training (links below have embedded discount codes). 

I have negotiated with the great team at Infosec4TC to reduce the price on select courses by up to 65% off!  Many courses include working on real cybersecurity projects, realistic assignments, and prep-work for certifications.  They have an impressive TrustPilot score and a 14 Day Money Back Guarantee full refund policy!

Check out these featured classes:

Cyber Security Specialist Live Workshop – a total of 64 hours of instruction that cover the breadth of issues for operational specialists.  Check out the course curriculum for details.

SOC Analyst (Blue Team) Live Workshop – a live, hands-on course designed for front-line tier-1 Security Operations Center analysts.  It teaches tools, analysis, event management, threat hunting, and incident response principles.

ISO/IEC 27001:2022 Lead Implementer Live Workshop – an interactive session that covers the standards, methods, and best practices for Information Security Management Systems (ISO 27001) for managers and supervisors.

Also available is the Gold Membership Access membership that grants access to over 175 training courses, labs, materials, practice exams, and exam simulators.  Check out the details.

Be sure to look at the free classes as well!

Drop me a note if you take one of these courses.  Let me know your thoughts and if I should continue to work with them to offer big discounts!

The post Unlock Your Cybersecurity Career: Exclusive Discounts on Top Training Courses! appeared first on Security Boulevard.

The Biden Administration is moving to cybersecurity standards for hospitals, but the AHA is pushing back, saying voluntary models are enough.

The post UnitedHealth, Ascension Attacks Feed Debate Over Health Care Security appeared first on Security Boulevard.

New account passwords, often used during onboarding, are vulnerable to sophisticated attacks from malicious actors.

Good idea to check: What’s your company using?

The post Easily Guessed Passwords for New Accounts Include “User”, “Temp”, “Welcome” appeared first on Security Boulevard.

Source: www.cybertalk.org – Author: slandau By Ana Paula Assis, Chairman, Europe, Middle East and Africa, IBM. EXECUTIVE SUMMARY: From the shop floor to the boardroom, artificial intelligence (AI) has emerged as a transformative force in the business landscape, granting organizations the power to revolutionize processes and ramp up productivity. The scale and scope of this […]

La entrada AI is changing the shape of leadership – how can business leaders prepare? – Source: www.cybertalk.org se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Source: securelist.com – Author: Kaspersky GERT, Kaspersky Security Services SOC, TI and IR posts SOC, TI and IR posts 14 May 2024 minute read Incident response analyst report 2023 As an information security company, our services include incident response and investigation, and malware analysis. Our customer base spans Russia, Europe, Asia, South and North America, […]

La entrada Incident response analyst report 2023 – Source: securelist.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

It sounds official — like it might be the subject of the next action-packed, government espionage, Jason Bourne-style thriller. Or maybe put it before the name of a racy city and have your next hit crime series. A history of mysterious aliases like “official use only,” “law enforcement sensitive,” and “sensitive but unclassified” only adds...

The post Understanding CUI: What It Is and Guidelines for Its Management appeared first on Hyperproof.

The post Understanding CUI: What It Is and Guidelines for Its Management appeared first on Security Boulevard.

It was probably inevitable. Threat researchers detected bad actors using stolen credentials to target LLMs, with the eventual goal of selling the access to other hackers.

The post Novel LLMjacking Attacks Target Cloud-Based AI Models appeared first on Security Boulevard.

Будет! Russian ransomware rascals riled a Roman Catholic healthcare organization.

The post FBI/CISA Warning: ‘Black Basta’ Ransomware Gang vs. Ascension Health appeared first on Security Boulevard.

Hyperautomation is a term coined by Gartner at the start of this decade to describe a strategic approach that integrates different tools and technologies to automate business and IT processes as much as possible. The term has many implications and applications in the field of cybersecurity, given that SOC teams are overworked and looking for […]

The post Hyperautomation vs. Automation in Cybersecurity: A Detailed Comparison appeared first on D3 Security.

The post Hyperautomation vs. Automation in Cybersecurity: A Detailed Comparison appeared first on Security Boulevard.

Source: securityboulevard.com – Author: Leah Hopper Introduction Authorised Economic Operator (AEO) is a status that a lot of UK companies want to obtain for the sake of their continued growth. AEO status is very desirable as it demonstrates that you, as a trader, are compliant to custom’s rules and regulations. It also proves that your […]

La entrada Authorised Economic Operator: Cyber Security Requirements – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Source: securityboulevard.com – Author: Rohan Timalsina The joint alert from CISA and FBI highlights the continued exploitation of path traversal vulnerabilities in critical infrastructure attacks, impacting sectors like healthcare. The recent CVE-2024-1708 vulnerability in ConnectWise ScreenConnect is a prime example. This flaw was exploited alongside another vulnerability to deploy ransomware and compromise systems. What are […]

La entrada CISA and FBI Issue Alert on Path Traversal Vulnerabilities – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

The joint alert from CISA and FBI highlights the continued exploitation of path traversal vulnerabilities in critical infrastructure attacks, impacting sectors like healthcare. The recent CVE-2024-1708 vulnerability in ConnectWise ScreenConnect is a prime example. This flaw was exploited alongside another vulnerability to deploy ransomware and compromise systems.   What are Path Traversal Vulnerabilities?   Path […]

The post CISA and FBI Issue Alert on Path Traversal Vulnerabilities appeared first on TuxCare.

The post CISA and FBI Issue Alert on Path Traversal Vulnerabilities appeared first on Security Boulevard.

Recently, HPE Aruba Networking, formerly known as Aruba Networks, has encountered significant security challenges. Vulnerabilities in their ArubaOS, the proprietary network operating system, have been identified, posing serious risks, including remote code execution (RCE). In this article, we delve into the details of these HPE Aruba vulnerabilities, their implications, and the recommended actions to mitigate […]

The post HPE Aruba Vulnerabilities: Prevent Systems From RCE Attacks appeared first on TuxCare.

The post HPE Aruba Vulnerabilities: Prevent Systems From RCE Attacks appeared first on Security Boulevard.

In this first-ever in-person recording of Shared Security, Tom and Kevin, along with special guest Matt Johansen from Reddit, discuss their experience at the RSA conference in San Francisco, including their walk-through of ‘enhanced security’ and the humorous misunderstanding that ensued. The conversation moves to the ubiquity of AI and machine learning buzzwords at the […]

The post Live at RSA: AI Hype, Enhanced Security, and the Future of Cybersecurity Tools appeared first on Shared Security Podcast.

The post Live at RSA: AI Hype, Enhanced Security, and the Future of Cybersecurity Tools appeared first on Security Boulevard.

Source: securityboulevard.com – Author: Alexa Sander Recently, we hosted Michael Tapia, Chief Technology Director at Clint ISD in Texas, and Kobe Brummet, Cybersecurity Technician at Hawkins School District in Tennessee, for a live webinar. Michael and Kobe volunteered to share with other K-12 tech pros how important cybersecurity and safety monitoring are for Google Workspace, […]

La entrada Cloud Monitor Scans For Risky Video Files in Google Drive/OneDrive – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Source: securityboulevard.com – Author: Richi Jennings Dark web sale of leaked data exposes Dell users to phishing phraud. Dell customer data from the past six or more years has been stolen. It looks like scrotes unknown broke into the company support portal and sold scads of personal information to the highest bidder. Again? In today’s […]

La entrada Dell Hell: 49 Million Customers’ Information Leaked – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Source: securityboulevard.com – Author: Nathan Eddy An advanced persistent threat (APT) group backed by Iran has been stoking divisions within Israeli society for the past three years. It has been using generative AI deepfake tools and social media accounts to craft disinformation campaigns. According to research from Recorded Future’s Insikt Group, the group, known as […]

La entrada Emerald Divide Uses GenAI to Exploit Social, Political Divisions in Israel Using Disinformation – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Source: securityboulevard.com – Author: Jeffrey Burt Dell is sending emails to as many as 49 million people about a data breach that exposed their names, physical addresses, and product order information. According to the brief message, bad actors breached a Dell portal that contains a database “with limited types of customer information related to purchases […]

La entrada Dell Data Breach Could Affect 49 Million Customers – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Source: www.techrepublic.com – Author: Fiona Jackson TechRepublic consolidated expert advice on how businesses can defend themselves against the most common cyberthreats, including zero-days, ransomware and deepfakes. Today, all businesses are at risk of cyberattack, and that risk is constantly growing. Digital transformations are resulting in more sensitive and valuable data being moved onto online systems […]

La entrada How Can Businesses Defend Themselves Against Common Cyberthreats? – Source: www.techrepublic.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Source: www.darkreading.com – Author: Kelly Jackson Higgins, Editor-in-Chief, Dark Reading Source: Alfonso Fabiio Iozzino via Alamy Stock Photo RSA CONFERENCE 2024 – San Francisco – Everyone’s talking about deepfakes, but the majority of AI-generated synthetic media circulating today will seem quaint in comparison to the sophistication and volume of what’s about to come. Kevin Mandia, […]

La entrada Cybersecurity in a Race to Unmask a New Wave of AI-Borne Deepfakes – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Recently, we hosted Michael Tapia, Chief Technology Director at Clint ISD in Texas, and Kobe Brummet, Cybersecurity Technician at Hawkins School District in Tennessee, for a live webinar. Michael and Kobe volunteered to share with other K-12 tech pros how important cybersecurity and safety monitoring are for Google Workspace, Microsoft 365, and online browsing. They […]

The post Cloud Monitor Scans For Risky Video Files in Google Drive/OneDrive appeared first on ManagedMethods.

The post Cloud Monitor Scans For Risky Video Files in Google Drive/OneDrive appeared first on Security Boulevard.

Bad actors are always ready to exploit political strife to their own ends. Right now, they’re doing so with the conflict in the Middle East. A holistic defense against influence networks requires collaboration between government, technology companies and security research organizations.

The post Emerald Divide Uses GenAI to Exploit Social, Political Divisions in Israel Using Disinformation appeared first on Security Boulevard.

The tech giant says the information stolen doesn't represent a significant risk to users, but cybersecurity experts disagree.

The post Dell Data Breach Could Affect 49 Million Customers appeared first on Security Boulevard.

DUDE! You’re Getting Phished.

Dell customer data from the past six (or more?) years was stolen. It looks like someone sold scads of personal information to the highest bidder.

The post Dell Hell: 49 Million Customers’ Information Leaked appeared first on Security Boulevard.

Recently, a wave of malware attacks has surfaced, exploiting vulnerabilities in the update mechanism of the eScan antivirus software. This eScan antivirus backdoor exploit distributes backdoors and cryptocurrency miners, such as XMRig, posing a significant threat to large corporate networks. In this blog, we’ll look into the details of this eScan antivirus backdoor exploit and […]

The post Backdoors and Miners Amid eScan Antivirus Backdoor Exploit appeared first on TuxCare.

The post Backdoors and Miners Amid eScan Antivirus Backdoor Exploit appeared first on Security Boulevard.

Source: securityboulevard.com – Author: Nathan Eddy Houston, we may have a problem. NASA’s cybersecurity framework for spacecraft development is inconsistent and must be improved, according to a 34-page review by the U.S. Government Accountability Office (GAO). The GAO report highlighted the need for mandatory cybersecurity updates throughout the space agency’s $83 billion space development project […]

La entrada NASA Must Improve Spacecraft Cybersecurity, GAO Report Finds – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Source: securityboulevard.com – Author: Jeffrey Burt A group of bad actors — likely from China — is running a global cybercrime-as-a-service operation. It oversees a massive network of fake shopping websites that has conned more than 850,000 people in the United States and Europe into purchasing items, over the past three years, and the organization […]

La entrada Massive Online Shopping Scam Racks Up 850,000 Victims – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Lenovo Joins CISA’s Secure by Design Pledge

Global Cybersecurity Initiative

A GAO review of NASA projects found that, while some cybersecurity challenges have been addressed, many security policies and standards remain optional.

The post NASA Must Improve Spacecraft Cybersecurity, GAO Report Finds appeared first on Security Boulevard.

Chinese crooks are running a global network of more than 75,000 fake online shops to steal credit card data and process fraudulent payments.

The post Massive Online Shopping Scam Racks Up 850,000 Victims appeared first on Security Boulevard.