Schneier on Security

JANUARY 8, 2024

Last month, I convened the Second Interdisciplinary Workshop on Reimagining Democracy ( IWORD 2023 ) at the Harvard Kennedy School Ash Center. As with IWORD 2022 , the goal was to bring together a diverse set of thinkers and practitioners to talk about how democracy might be reimagined for the twenty-first century. My thinking is very broad here. Modern democracy was invented in the mid-eighteenth century, using mid-eighteenth-century technology.

Technology 226

Technology 226

Krebs on Security

JANUARY 8, 2024

In 2020, the United States brought charges against four men accused of building a bulletproof hosting empire that once dominated the Russian cybercrime industry and supported multiple organized cybercrime groups. All four pleaded guilty to conspiracy and racketeering charges. But there is a fascinating and untold backstory behind the two Russian men involved, who co-ran the world’s top spam forum and worked closely with Russia’s most dangerous cybercriminals.

Cybercrime 206

Cybercrime Banking Computers and Electronics DDOS 206

Lohrman on Security

JANUARY 8, 2024

With the modern Internet, it’s easier than ever before to learn from, imitate and even plagiarize other people’s work. So how will new generative AI tools change our media landscape in 2024 and beyond?

Media 186

Media Internet Internet 186

Security Affairs

JANUARY 8, 2024

Saudi Ministry of Industry and Mineral Resources (MIM) had an environment file exposed, opening up sensitive details for anybody willing to take them. The Cybernews research team believes that the sensitive data was accessible for 15 months. An environment (env.) file serves as a set of instructions for computer programs, making it a critical component for any system.

Government 133

Government Identity Theft Social Engineering Encryption 133

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Bleeping Computer

JANUARY 8, 2024

The official Netgear and Hyundai MEA Twitter/X accounts (together with over 160,000 followers) are the latest hijacked to push scams designed to infect potential victims with cryptocurrency wallet drainer malware. [.

Accountability 129

Accountability Cryptocurrency Scams Hacking 129

Security Boulevard

JANUARY 8, 2024

As the SEC gets tough on businesses' cybersecurity posture, IT security leaders will need to beef up incident response plans. The post SEC Cyber Incident Reporting Rules Pressure IT Security Leaders appeared first on Security Boulevard.

Cybersecurity 128

Cybersecurity Data breaches CISO Risk 128

Graham Cluley

JANUARY 8, 2024

A report from the Netherlands claims that a Dutch man played a key role in the notorious Stuxnet worm attack against an Iranian nuclear facility, which then accidentally escaped into the wider world.

Malware 122

Malware 122

Bleeping Computer

JANUARY 8, 2024

Toronto Zoo, the largest zoo in Canada, says that a ransomware attack that hit its systems on early Friday had no impact on the animals, its website, or its day-to-day operations. [.

Ransomware 123

Ransomware 123

Security Affairs

JANUARY 8, 2024

Documents belonging to the Swiss Air Force were leaked on the dark web as a result of cyberattack on a US security provider. Documents belonging to the Swiss Air Force were leaked on the dark web after the US security company Ultra Intelligence & Communications suffered a data breach. Ultra Intelligence & Communications provides critical tactical capabilities, including cybersecurity and remote cryptographic management systems for clients including the DoD, FBI, DEA, NATO, AT&T, the

Hacking 121

Hacking Data breaches Ransomware Manufacturing 121

Bleeping Computer

JANUARY 8, 2024

The Lockbit ransomware operation has claimed responsibility for a November 2023 cyberattack on the Capital Health hospital network and threatens to leak stolen data and negotiation chats by tomorrow. [.

Ransomware 123

Ransomware Risk Healthcare 123

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Malwarebytes

JANUARY 8, 2024

Each year, an estimated 13.5 million people in the US are victim to stalking. This is a worrying fact stated in the introduction of a lawsuit against Apple brought by stalking victims who charge that AirTags empowered their abusers. AirTags are marketed as trackers that allow you to easily find lost belongings like keys and luggage. If you lose an object, you can find the AirTag in the Find My app on another Apple device.

Manufacturing 118

Manufacturing Technology Marketing 118

Bleeping Computer

JANUARY 8, 2024

​Leading U.S. mortgage lender loanDepot confirmed today that a cyber incident disclosed over the weekend was a ransomware attack that led to data encryption. [.

Ransomware 129

Ransomware Encryption 129

Pen Test Partners

JANUARY 8, 2024

Loose lips sink ships, loose tweets sink fleets. Intelligence, espionage, technological advancements and other learnings from our annual company conference at the historic and underappreciated Latimer House. “ Loose lips [might] sink ships ” was a phrase used in UK propaganda posters in WWII. It stressed the need to protect sensitive information and cultivated a culture of silence over military matters.

Computers and Electronics 113

Computers and Electronics Risk Technology Manufacturing 113

Bleeping Computer

JANUARY 8, 2024

The Turkish state-backed cyber espionage group tracked as Sea Turtle has been carrying out multiple spying campaigns in the Netherlands, focusing on telcos, media, internet service providers (ISPs), and Kurdish websites. [.

Media 120

Media Internet Internet 120

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Security Affairs

JANUARY 8, 2024

19 individuals worldwide were charged in a transnational cybercrime investigation of the now defunct xDedic marketplace. The U.S. DoJ charged 19 individuals worldwide for their role in the operations of the now-defunct xDedic Marketplace. In January 2019, law enforcement agencies in the US and Europe announced the seizure of the popular xDedic marketplace , an underground market offering for sale access to compromised systems and personally identifiable information.

Cybercrime 112

Cybercrime Identity Theft Government Hacking 112

Bleeping Computer

JANUARY 8, 2024

In the wake of the MGM Resorts service desk hack, it's clear that organizations need to rethink their approach to securing their help desks. Learn more from Specops Software on how to prevent such incidents. [.

Software 117

Software Hacking 117

Digital Guardian

JANUARY 8, 2024

Having a strong data governance policy can help your organization ensure data accuracy, consistency, and security across your organization but what are the first steps to writing one?

Government 110

Government 110

Bleeping Computer

JANUARY 8, 2024

The year 2023 marks a significant milestone for Windows 11 with the introduction of several new features and improvements. This includes drag and drop for the taskbar, AI, and more. [.

Software 113

Software 113

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Trend Micro

JANUARY 8, 2024

Pikabot is a loader with similarities to Qakbot that was used in spam campaigns during most of 2023. Our blog entry provides a technical analysis of this malware.

Malware 115

Malware Phishing 115

eSecurity Planet

JANUARY 8, 2024

The new year brought few new vulnerabilities, and only Ivanti Endpoint Manager (EPM) and Kyber, the quantum resistant encryption algorithm, publicized new vulnerabilities or fixes. Unfortunately, most news derived from the active attacks on multiple older vulnerabilities, which threaten to expose organizations slow to patch. Speed remains critical to security, but more importantly, patching teams need to make progress with patch and vulnerability management.

Encryption 109

Encryption Security Defenses Cybersecurity Internet 109

Veracode Security

JANUARY 8, 2024

JavaScript is the most commonly-used programing language, according to the most recent StackOverflow developer survey. While JavaScript offers great flexibility and ease of use, it also introduces security risks that can be exploited by attackers. In this blog, we will explore vulnerabilities in JavaScript, best practices to secure your code, and tools to prevent attacks.

Risk 105

Risk 105

Penetration Testing

JANUARY 8, 2024

A new threat has emerged, casting a shadow over the reliability of the Linux kernel. A recently disclosed security flaw, identified as CVE-2024-0193, poses a significant risk to systems relying on this widely used... The post Linux Kernel Flaw CVE-2024-0193 Opens Root Access appeared first on Penetration Testing.

Penetration Testing 111

Penetration Testing Risk 111

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

Graham Cluley

JANUARY 8, 2024

On Sunday evening electronic departure boards at Beirut's airport were hijacked by hackers who used them to display anti-Iranian and anti-Hezbollah messages.

100

100

Penetration Testing

JANUARY 8, 2024

D3m0n1z3dShell Demonized Shell is an Advanced Tool for persistence in Linux. Demonized Features Auto Generate SSH keypair for all users APT Persistence Crontab Persistence Systemd User level Systemd Root Level Bashrc Persistence Privileged user... The post D3m0n1z3dShell: Advanced Tool for persistence in Linux appeared first on Penetration Testing.

Penetration Testing 111

Penetration Testing 111

Thales Cloud Protection & Licensing

JANUARY 8, 2024

Thales + Imperva: Delivering the Next Generation of Data Security madhav Tue, 01/09/2024 - 05:13 We are pleased to share that Thales has completed its acquisition of Imperva. Imperva is now merging with our Thales Cloud Protection & Licensing Business Line. As we bring our teams together, we are committed to our strategic partners. With the addition of Imperva, Thales’ expanded cybersecurity portfolio now offers a highly complementary combination of solutions to help you protect what matters mos

Digital transformation 83

Digital transformation DDOS Firewall Marketing 83

The Hacker News

JANUARY 8, 2024

Threat actors operating under the name Anonymous Arabic have released a remote access trojan (RAT) called Silver RAT that’s equipped to bypass security software and stealthily launch hidden applications.

Media 92

Media Software Cybersecurity 92

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Graham Cluley

JANUARY 8, 2024

British police say that they are investigating reports that a girl under the age of 16 was sexually assaulted… in an online virtual reality game.

94

94

SecureWorld News

JANUARY 8, 2024

U.S. mortgage lender loanDepot has fallen victim to a cyberattack, prompting the company to take swift action by temporarily shutting down its IT systems and online payment portals. With approximately 6,000 employees and a loan servicing portfolio exceeding $140 billion, loanDepot is a major nonbank retail mortgage lender in the United States. LoanDepot has confirmed that the cyber incident involved unauthorized third-party access to certain systems, resulting in the encryption of data.

Architecture 84

Architecture Data breaches Retail Cybersecurity 84

SecureBlitz

JANUARY 8, 2024

Want to learn more about e-Commerce fraud? Here, I will talk about navigating the challenges in online retail. In the bustling world of e-commerce, where convenience and accessibility are king, there lurks a shadow that threatens to undermine the integrity of online marketplaces: e-commerce fraud. This form of digital deceit poses a unique set of […] The post E-Commerce Fraud: Navigating the Challenges in Online Retail appeared first on SecureBlitz Cybersecurity.

Retail 84

Retail Cybersecurity 84

Penetration Testing

JANUARY 8, 2024

AD-AssessmentKit These tools are ideal for network administrators and cybersecurity professionals seeking to assess and enhance the security posture of AD environments and network infrastructures. AD-SecurityAudit.sh It focuses on initial reconnaissance and vulnerability identification... The post AD-AssessmentKit: comprehensive security audits and network mapping of AD environments appeared first on Penetration Testing.

Penetration Testing 88

Penetration Testing Cybersecurity 88

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.