"UK Parliament follows government by banning TikTok over cybersecurity concerns."

Views expressed in this cybersecurity, cybercrime update are those of the reporters and correspondents.  Accessed on 24 March 2023, 1354 UTC.  Content provided by "CSO Online."

Source:  https://feedly.com/i/subscription/feed%2Fhttp%3A%2F%2Fwww.csoonline.com%2Findex.rss ("CSO Online").

Please click link or scroll down to read your selections.  Thanks for joining us today.

Russ Roberts (https://www.hawaiicybersecurityjournal.net and https://paper.li/RussellRoberts).

CSO Online

17K followers29 articles per week#security#ciso#tech

29

MOST POPULAR

UK parliament follows government by banning TikTok over cybersecurity concerns

TikTok US Chinese China

•

2h

The commissions of the House of Commons and House of Lords have followed the UK government by banning social media app TikTok over cybersecurity concerns. A parliament spokesman said that TikTok “will be blocked from all parliamentary devices and the wider parliamentary network,” a move that TikTok has described as “misguided” and “based on fundamental misconceptions” about the company. The lates

Android-based banking Trojan Nexus now available as malware-as-a-service

3 TTPs

•

26min

•

Nexus Android Trojan

Italian cybersecurity firm Cleafy has found “Nexus”, a new Android Trojan capable of hijacking online accounts and siphoning funds from them, to be targeting customers from 450 banks and cryptocurrency services worldwide. First observed in June 2022 as a variant of SOVA, another Android banking Trojan, Nexus has since improved targeting capabilities and is available via a malware-as-a-service (Ma

Sharing sensitive business data with ChatGPT could be risky

542d

The furor surrounding ChatGPT remains at a fever pitch as the ins and outs of the AI chatbot’s potential continue to make headlines. One issue that has caught the attention of many in the security field is whether the technology’s ingestion of sensitive business data puts organizations at risk. There is some fear that if one inputs sensitive information — quarterly reports, materials for an inter

YESTERDAY

Russian hacktivists deploy new AresLoader malware via decoy installers

6 TTPs

•

by lucian_constantin@idg.com / 17h

Security researchers have started seeing attack campaigns that use a relatively new malware-as-a-service (MaaS) tool called AresLoader. The malicious program appears to be developed and used by several members of a pro-Russia hacktivist group and is typically distributed inside decoy installers for legitimate software. Security researchers from threat intelligence firm Intel 471 first spotted Are

BrandPost: The latest intel on wipers

by Brand Post / 21h

The mass distribution of wiper malware continues to showcase the destructive evolution of cyberattacks. Does the evidence corroborate the theory that the ongoing conflict in Europe is to blame for the rise in wipers? Indeed. Furthermore, given that Russia is the main source of wiper activity, one can anticipate an increase in the use of wipers against countries and organizations that provide aid,

Security at the core of Intel’s new vPro platform

Intel Core vPro Platform

•

21h

Intel has introduced its 13 th Generation Core processor line, which the company claims is the first to build threat detection into hardware. In combination with endpoint detection and response (EDR) platforms from Intel partners, the new vPro processors promise a 70% reduction in attack surface compared to four-year-old PCs. Windows 11 systems can also take advantage of vPro’s memory encryption

BrandPost: Fortinet 2023 Skills Gap Report: How organizations can fill the talent shortage

by Brand Post / 22h

The ongoing cybersecurity talent shortage presents challenges for organizations everywhere. As critical roles remain vacant far too long, already overburdened IT and security teams are grappling with a long list of responsibilities to safeguard their corporate networks, and that’s just the tip of the iceberg. Meanwhile, cybercriminals show no signs of slowing, launching new, more sophisticated at

Critical flaw in AI testing framework MLflow can lead to server and data compromise

by lucian_constantin@idg.com / 1d

MLflow, an open-source framework that's used by many organizations to manage their machine-learning tests and record results, received a patch for a critical vulnerability that could allow attackers to extract sensitive information from servers such as SSH keys and AWS credentials. The attacks can be executed remotely without authentication because MLflow doesn't implement authentication by defau

New vulnerabilities found in industrial control systems of major vendors

2 TTPs

•

1d

The US Cybersecurity and Infrastructure Security Agency (CISA) has issued advisories on 49 vulnerabilities in eight industrial control systems (ICS) this week, which are used across multiple critical infrastructure sectors. The vulnerabilities identified by CISA were tracked in products from ICS providers including Siemens, Hitachi, Rockwell, Delta Electronics, VISAM, and Keysight. To read this a

MAR 22

How training and recognition can reduce cybersecurity stress and burnout

1d

Cybersecurity is a demanding profession that comes with significant stress and burnout — it presents a complex problem for many businesses, with constantly evolving threats, ambiguous issues, and no clear-cut solutions. Security professionals bear a great deal of responsibility and are subject to long hours of work and high pressure in an unpredictable and constantly shifting landscape. Many secu

BrandPost: Why the phishing blame game misses the point

by Brand Post / 1d

Phishing is a big problem that’s getting even bigger as cybercriminals find new ways to hook employees. With threats coming from every direction—emails on company computers, text, and voice messages on mobile devices and in personal communications channels, malicious typosquatting sites, phony marketing QR codes, and more—it’s only a matter of time before someone trips up and opens or clicks on s

BrandPost: Deconstructing Identity Security

by Brand Post / 1d

Most companies now recognize the serious and insidious nature of cybersecurity threats. But many fail to grasp that the digital transformation, remote work, automation, and cloud migration activities of the last few years have turbocharged the number of identities seeking access to data and critical business systems. This surge in identities has exponentially increased the likelihood of cyberatta

BrandPost: Identity Security: bridging the perception vs. reality gap

Identity Security IF

•

by Brand Post / 1d

In recent years, cybersecurity has become a board-level issue resulting in several executives taking greater responsibility in cybersecurity-related decisions. As a result, the CISO is no longer a technical subject matter expert but an executive risk manager who shares a responsibility matrix with the board of directors, CEOs, and other executives to make informed risk decisions. At the highest l

Splunk adds new security and observability features

Splunk Unified Security

•

1d

New security and observability features will be added to Splunk Mission Control and its Observability Cloud to identify threats and incidents more efficiently, the company said.

BrandPost: How to secure secrets in multi-cloud environments

Backslash Security

•

by Brand Post / 1d

It wasn’t too long ago that using a single cloud for some business operations was cutting-edge technology. Now the cloud is essential for accelerating growth, improving efficiency, and remaining competitive. Most organizations have multiple cloud environments deployed, in addition to private cloud and on-premises environments. In fact, in a soon-to-release CyberArk survey, 85% of respondents said

BrandPost: Why intelligent privilege controls are essential for identity security

by Brand Post / 1d

Organizations are experiencing explosive growth in identities—both machine and human. In fact, machine identities now outnumber human identities 45:1. And in 2023, the total number of identities is expected to at least double. With new norms such as hybrid work, public cloud adoption and rapid innovation, the reality is that organizations are facing a constant onslaught of identity-related attack

55 zero-day flaws exploited last year show the importance of security risk management

2 TTPs

•

by lucian_constantin@idg.com / 1d

Deploying security patches as quickly as possible remains one of the best ways to prevent most security breaches, as attackers usually rely on exploits for publicly known vulnerabilities that have a patch available -- the so-called n-day exploits. But mitigating the risk from vulnerabilities unknown to the affected software developers and don't have a patch available -- the zero-day flaws -- requ

Landmark UK-Israeli agreement to boost mutual cybersecurity development, tackle shared threats

1d

The UK and Israeli governments have signed a landmark agreement to define bilateral relations between the two countries and boost mutual cybersecurity advancement until 2030. The 2030 Roadmap for Israel-UK Bilateral Relations is the culmination of efforts that began with the signing of a Memorandum of Understanding in November 2021 to work more closely over the next decade on security, technology

Average enterprise storage/backup device has 14 vulnerabilities, three high or critical risks

14 Three Epidemic Insecure

•

2d

The average enterprise storage and backup device has 14 vulnerabilities, three of which are high or critical risk that could present a significant compromise if exploited. That’s according to Continuity’s State of Storage and