Tech Republic Security

JULY 14, 2023

Review your recent Gmail access, browser sign-in history and Google account activity to make sure no one other than you has used your account.

Accountability 217

Accountability 217

Bleeping Computer

JULY 14, 2023

The All-In-One Security (AIOS) WordPress security plugin, used by over a million WordPress sites, was found to be logging plaintext passwords from user login attempts to the site's database, putting account security at risk. [.

Passwords 98

Passwords Account Security Accountability Risk 98

Tech Republic Security

JULY 14, 2023

The White House has announced the first iteration of the National Cybersecurity Implementation Plan. Read on to learn more about the plan and alignment with the five essential pillars.

Cybersecurity 140

Cybersecurity Software Government 140

Bleeping Computer

JULY 14, 2023

In what is shaping up to be a widespread privacy controversy, Spotify has come under scrutiny following allegations by users that the music streaming service made their private playlists public without their consent. [.

Technology 98

Technology Software 98

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Tech Republic Security

JULY 14, 2023

The Scarleteel threat targets AWS Fargate environments for data theft and more malicious types of attacks such as cryptojacking and DDoS. Learn how to mitigate this threat.

DDOS 121

DDOS Big data Malware Cybersecurity 121

Bleeping Computer

JULY 14, 2023

Microsoft says it still doesn't know how Chinese hackers stole an inactive Microsoft account (MSA) consumer signing key used to breach the Exchange Online and Azure AD accounts of two dozen organizations, including government agencies. [.

Accountability 98

Accountability Government 98

Security Affairs

JULY 14, 2023

The source code for the BlackLotus UEFI bootkit has been published on GitHub and experts warn of the risks of proliferation of custom versions. Researchers from ESET discovered in March a new stealthy Unified Extensible Firmware Interface ( UEFI ) bootkit, named BlackLotus , that is able to bypass Secure Boot on Windows 11. Secure Boot is a security feature of the latest Unified Extensible Firmware Interface (UEFI) 2.3.1 designed to detect tampering with boot loaders, key operating system fi

Firmware 98

Firmware Malware CISO Hacking 98

Bleeping Computer

JULY 14, 2023

Colorado State University (CSU) has confirmed that the Clop ransomware operation stole sensitive personal information of current and former students and employees during the recent MOVEit Transfer data-theft attacks. [.

Data breaches 98

Data breaches Ransomware Education 98

Security Boulevard

JULY 14, 2023

This time every year, Las Vegas transforms into the epicenter of the security world with a lineup of major industry events – Black Hat, BSides and DEFCON. Rezilion is excited to be taking part in all three events in 2023. Here’s a look at what we have planned – and how you can join us. Join Rezilion in Las Vegas for Black Hat, BSides and DEFCON, 2023 The post Join Rezilion in Las Vegas for Black Hat, BSides and DEFCON, 2023 appeared first on Rezilion.

98

98

Bleeping Computer

JULY 14, 2023

Rockwell Automation says a new remote code execution (RCE) exploit linked to an unnamed Advanced Persistent Threat (APT) group could be used to target unpatched ControlLogix communications modules commonly used in manufacturing, electric, oil and gas, and liquified natural gas industries. [.

Manufacturing 98

Manufacturing 98

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Security Boulevard

JULY 14, 2023

Our thanks to BSides Sofia for publishing their presenter’s tremendous BSides Sofia 2023 content on the organizations’ YouTube channel. Permalink The post BSides Sofia 2023 – Deputy Minister Atanas Maznev e-Government, Rosen Kirilov, PhD, UNWE – Conference Opening appeared first on Security Boulevard.

Government 98

Government Architecture CISO Education 98

Malwarebytes

JULY 14, 2023

A group of seven US senators has sent a letter to the heads of the IRS, the Department of Justice, the Federal Trade Commission and the IRS watchdog, revealing that they have found evidence that reveals “a shocking breach of taxpayer privacy by tax prep companies and by Big Tech firms.” According to the letter, information about tens of millions of US taxpayers was sent by three tax preparation firms to social media giant Meta.

Advertising 98

Advertising Media Education Accountability 98

Bleeping Computer

JULY 14, 2023

20-year-old Conor Brian Fitzpatrick aka Pompompurin, the owner of the notorious BreachForums (aka Breached) hacking forum, has pleaded guilty to charges of hacking and possession of child pornography. [.

Hacking 98

Hacking 98

The Hacker News

JULY 14, 2023

Microsoft on Friday said a validation error in its source code allowed for Azure Active Directory (Azure AD) tokens to be forged by a malicious actor known as Storm-0558 using a Microsoft account (MSA) consumer signing key to breach two dozen organizations.

Authentication 98

Authentication Accountability 98

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Security Boulevard

JULY 14, 2023

How can organizations take a proactive approach to cybersecurity privilege creep? Cybersecurity isn’t just about defending against external threats; it’s equally about managing internal vulnerabilities. Cybersecurity ‘privilege creep’ is a term used to describe the gradual accumulation of access rights beyond what an individual needs to perform their job.

Cybersecurity 97

Cybersecurity 97

TrustArc

JULY 14, 2023

TrustArc’s privacy experts review the implications of new personal information privacy rules in the Washington My Health My Data Act, and how its private right of action could trigger waves of litigation. The post Washington My Health My Data Act: Implications appeared first on TrustArc Privacy Blog.

96

96

Security Boulevard

JULY 14, 2023

Conducting regular penetration tests (pentests) is a proactive option that identifies, evaluates and mitigates risks. The post Why Pentesting-as-a-Service is Vital for Business Security appeared first on Security Boulevard.

Penetration Testing 97

Penetration Testing Risk Cybersecurity Network Security 97

Bleeping Computer

JULY 14, 2023

The administrators of the Genesis Market for stolen credentials announced on a hacker forum that they sold the store and a new owner would get the reins "next month." [.

Marketing 98

Marketing 98

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Security Boulevard

JULY 14, 2023

Identity-based attacks are a growing concern for organizations of all sizes and industries. Here’s how to protect yourself. The post 3 Ways To Build A Stronger Approach to Identity Protection appeared first on Security Boulevard.

Authentication 96

Authentication Cybersecurity 96

The Hacker News

JULY 14, 2023

A malicious actor has been linked to a cloud credential stealing campaign in June 2023 that's focused on Azure and Google Cloud Platform (GCP) services, marking the adversary's expansion in targeting beyond Amazon Web Services (AWS).

97

97

Security Boulevard

JULY 14, 2023

via the inimitable Daniel Stori , crafting superb comics at turnoff.us ! Permalink The post Daniel Stori’s ‘chown – chmod’ appeared first on Security Boulevard.

97

97

The Hacker News

JULY 14, 2023

Zimbra has warned of a critical zero-day security flaw in its email software that has come under active exploitation in the wild. "A security vulnerability in Zimbra Collaboration Suite Version 8.8.15 that could potentially impact the confidentiality and integrity of your data has surfaced," the company said in an advisory.

Software 97

Software 97

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

Bleeping Computer

JULY 14, 2023

Shutterfly, an online retail and photography manufacturing platform, is among the latest victims hit by Clop ransomware. Over the last few months, Clop ransomware gang has been exploiting a vulnerability in the MOVEit File Transfer utility to breach hundreds of companies to steal their data and attempt extortion against them. [.

Ransomware 95

Ransomware Retail Manufacturing 95

Security Boulevard

JULY 14, 2023

The post Preparing for Cyber Security Awareness Month appeared first on Click Armor. The post Preparing for Cyber Security Awareness Month appeared first on Security Boulevard.

Security Awareness 94

Security Awareness CISO 94

The Hacker News

JULY 14, 2023

A new malware strain has been found covertly targeting small office/home office (SOHO) routers for more than two years, infiltrating over 70,000 devices and creating a botnet with 40,000 nodes spanning 20 countries. Lumen Black Lotus Labs has dubbed the malware AVrecon, making it the third such strain to focus on SOHO routers after ZuoRAT and HiatusRAT over the past year.

Malware 96

Malware 96

Security Boulevard

JULY 14, 2023

After a ransomware attack shuttered operations at container terminals at the Port of Nagoya in Japan, the Lockbit 3.0 ransomware gang claimed responsibility and demanded the port pay up. The attack on the port, which is responsible for 10% of the country’s cargo trade and is used by companies like Toyota Motor Corporation, was attacked. The post Lockbit 3.0 Claims Credit for Ransomware Attack on Japanese Port appeared first on Security Boulevard.

Ransomware 94

Ransomware Risk Government Malware 94

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Heimadal Security

JULY 14, 2023

What Is the BlueKeep Vulnerability? BlueKeep is a software vulnerability that affects older versions of Microsoft Windows. Also known as CVE-2019-0708, the vulnerability first emerged in 2019 and is a “wormable” remote code execution vulnerability, being noted first by the UK National Cyber Security Centre and, on 14 May 2019, reported by Microsoft.

Software 92

Software Risk 92

Security Boulevard

JULY 14, 2023

Our thanks to BSides Sofia for publishing their presenter’s tremendous BSides Sofia 2023 content on the organizations’ YouTube channel. Permalink The post BSides Sofia 2023 Intro appeared first on Security Boulevard.

Architecture 93

Architecture CISO Education Risk 93

Security Affairs

JULY 14, 2023

A new malware dubbed AVrecon targets small office/home office (SOHO) routers, it infected over 70,000 devices from 20 countries. Lumen Black Lotus Labs uncovered a long-running hacking campaign targeting SOHO routers with a strain of malware dubbed AVrecon. The malware was spotted the first time in May 2021, but has been operating under the radar for more than two years. “Lumen Black Lotus Labs identified another multi-year campaign involving compromised routers across the globe.

Malware 90

Malware Advertising Cybercrime Passwords 90

Security Boulevard

JULY 14, 2023

The post Multi-layered Defense: Enhancing Security with Fidelis Active Directory Intercept™ appeared first on Fidelis Cybersecurity. The post Multi-layered Defense: Enhancing Security with Fidelis Active Directory Intercept™ appeared first on Security Boulevard.

Cybersecurity 91

Cybersecurity Threat Detection 91

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.