The phishing threat landscape evolves
Phishing is on the rise. Egress' latest Phishing Threat Trends Report shows a 28 percent surge in attacks in the second quarter of 2024 alone. But what’s behind the increase? There are a few factors in play. Like any other form of threat, phishing is becoming more sophisticated with hackers now having access to a variety of new AI-powered tools to generate email messages, payloads, and even deepfakes.
Further, these technologies and the cyberattacks they can create are now easier to access than ever. Especially as more hackers tap into the professional services on offer from a mature and diverse Crime as a Service (CaaS) ecosystem of providers selling everything from the mechanisms to create attacks to pre-packaged phishing toolkits that promise to evade native defenses and secure email gateways (SEGs).
Technical implementation guide: Securing Salesforce under DORA requirements
As financial institutions prepare for the EU's Digital Operational Resilience Act (DORA) enforcement in January 2025, IT teams face a complex challenge: ensuring their Salesforce implementations meet new technical requirements while maintaining operational efficiency.
The regulation's focus on ICT risk management demands a comprehensive technical approach beyond basic security measures. For organizations utilizing Salesforce as a critical business platform, this represents a fundamental shift in how system architecture and security must be approached.
Encrypted Client Hello didn't solve censorship, but still may have a role to play
In November 2024, Russia began blocking Cloudflare’s implementation of Encrypted Client Hello (ECH), a privacy-focused extension of the TLS protocol.“This technology is a means of circumventing restrictions on access to information banned in Russia. Its use violates Russian law and is restricted by the Technical Measure to Combat Threats (TSPU),” the statement by the Russian Internet regulator read.
Russia, known for its tight control over internet access, views ECH as a tool for bypassing geo-restrictions, though that was never its intended purpose. This move follows a broader pattern of censorship and surveillance. Over the past few years, Russia has been cracking down on VPNs, making it harder for users to circumvent government-imposed restrictions.
Microsoft brings hotpatch updates to Windows 11
Having already tested the waters with Windows Server for the last couple of years, Microsoft is bringing hotpatch updates to Windows 11 24H2.
The key advantage to hotpatching is that it allows for security updates to be installed without the need for a restart. This is something which is important for businesses, so it is perhaps not surprising that Microsoft is previewing hotpatch updates in Windows 11 Enterprise.
The coming of 6G poses new IoT security vulnerabilities
A growing challenge for 6G wireless development involves the potential for unexpected cybersecurity vulnerabilities. This is especially true given the growing set of Internet of Things (IoT) use cases with complexities such as connected cars, smart cities, and even satellite-based (non-terrestrial networks (NTN) IoT. The expanding security threat surface is particularly concerning due to its novelty and the lack of thorough testing by researchers.
IoT vulnerabilities themselves are nothing new. We have seen the hacking of home doorbell cameras since the advent of 4G. However, that problem has less to do with wireless standards than with homeowners making poor decisions about how to manage device passwords.
X starts the rollout of update that renders blocking near-pointless
Back in September, Elon Musk announced upcoming changes to the blocking feature of X. Once fully implemented, the change means that when an X user blocks someone, that blocked user will still be able to see all of the content posted by the blocker, although no interaction will be possible.
The precise reasons for changing the functionality of blocking in this way is not really clear, but it is something that has sparked concern. In addition to risks to privacy, there are also worries about what the changes could mean for victims of cyber-stalking.
iStorage diskAshur3: A solid choice for secure portable storage [Review]
While cloud storage offers convenience and accessibility, it may not always provide the level of security some users require, especially if you have private data that you can’t afford to have fall into the wrong hands. If security is paramount, you should definitely consider a PIN authenticated hardware encrypted portable USB drive like iStorage’s excellent diskAshur3.
Available with HDD and SDD storage in a choice of capacities, diskAshur3 is designed with portability in mind, Measuring just 130mm x 80mm x 20mm, its sleek and sturdy build makes it easy to carry, whether you're traveling for business or managing data on the go. The device is compatible with a wide range of operating systems, including Windows, macOS, Linux, Android, iPadOS and more. It comes with both USB Type-A and Type-C cables, so you can connect it to most devices. Additionally, a protective carry case is included to keep the drive safe during transport and you get a free one year license of Nero BackItUp and iStorage DriveSecurity.
Tor Browser 14.0 amps up privacy, but drops support for older Windows and macOS systems -- are you still protected?
The Tor Project has announced the release of Tor Browser 14.0 for Windows (both 32-bit and 64-bit), Mac, Linux, and Android. The browser offers increased privacy to users by redirecting their internet traffic through the open Tor network.
Tor Browser 14.0 updates the browser’s underlying code to the latest Firefox ESR release -- 128 -- while also introducing new improvements that allow its fingerprinting protections to work with several new features introduced in Firefox’s latest ESR release.
Adding contacts to WhatsApp just got a whole lot easier
Managing WhatsApp contacts has proved to be a frustrating friction point for many users, and Meta has just announced that it is taking steps to simplify things.
As well as making it possible to add contacts via the web interface and Windows app, soon it will be possible to use linked devices -- not just your primary mobile -- to manage them. There are also new privacy controls including the option to create WhatsApp-only contacts to keep your main address book separate. And there is more on the horizon, with contact usernames being a particular highlight.
Cyber resilience vs. cybersecurity: Which is more critical?
Today, it’s not ‘if’ but ‘when’ any organization will be compromised. So, while it’s essential to strengthen cybersecurity across the entire organization, it’s also imperative to plan for a significant cyber-attack and the worst-case scenario. No business can be 100 percent secure but they can be resilient. Resilience is about continuing to thrive amidst adversity. This is why cyber resilience can be more important than cybersecurity. Every organization can take positive actions to improve their cyber resilience today, ensuring they can continue to win even if they are affected by an incident. They can start by having the right mindset and instilling a culture of cyber security and cyber resilience.
Strong cyber resilience will enable an organization to continue to operate key business processes, even when they are under attack. This means keeping people safe, guaranteeing data security, and protecting their reputation with their customers, partners, suppliers, industry and government regulators and other key stakeholders. Having a strong cyber resilience will save stress, time and money -- it will give you a return on your investment -- and you’ll be better prepared for uncertainty in the future.
Third-party risk and resilience in DORA
In February 2016, it was reported that threat actors exploited vulnerabilities in the SWIFT banking network to steal more than $80 million from the central bank of Bangladesh. SWIFT, the global financial system’s main electronic payment system, which processes billions of dollars of transactions every day, was unprepared for the threat of a major cyber attack. The incident served as a pivotal wake-up call for the entire financial services industry, highlighting the previously underestimated systemic risks posed by unsecured systems. It reinforced the need for stronger security controls, safeguards and a more proactive approach to cybersecurity across the sector.
Today, organizations understand that it’s a matter of when -- not if -- their organization or supply chain is targeted with a cyber attack. Threats continue to increase in sophistication and frequency, particularly when it comes to ransomware.
The increasing priority of security in data management
Data security has become a top concern for businesses across all industries. As organizations accumulate and leverage vast amounts of data to drive decision-making, the need to safeguard that information from both internal and external threats is more important than ever.
For companies managing sensitive customer information, intellectual property, or proprietary business insights, data security is no longer a negotiable priority -- it’s a critical component in strengthening your overall security strategy.
The Internet Archive suffers massive data breach affecting tens of millions of users
The Wayback Machine has suffered a colossal security incident after the Internet Archive fell victim to a huge data breach.
Data breach notification service Have I Been Pwned (HIBP) says that a 6.4GB SQL file containing registered users’ authentication information has been shared. In all, 31 million email addresses have been found to be part of the database, and tests have shown the the data is genuine.
Still running Windows 11 22H2? No more security fixes from Microsoft for you!
Following the launch of Windows 11 24H2, this week marks the release of the final updates for various other versions of Windows. This means that anyone who has yet to upgrade from Windows 11 22H2 will not receive any more security updates.
There are numerous editions of Windows 11 affected by the end-of-service, specifically Windows 11 Home, Pro, Pro Education, Pro for Workstations and SE. The same is true for Windows 11 21H2 Enterprise, Education and IoT Enterprise, none of which will receive further updates. So, what does this mean for users?
Google removes Kaspersky apps from its store
Google has unceremoniously evicted Kaspersky’s apps from the Play Store. While the Russian security firm insists that the removal is temporary, it comes after the company’s software was banded from being sold in the US.
The move not only means that it is no longer possible to download Kaspersky apps from Google store, but also that existing users are unable to obtain updates. Google did announce the removals ahead of time.
© 1998-2024 BetaNews, Inc. All Rights Reserved. Privacy Policy - Cookie Policy.