Schneier on Security
APRIL 8, 2024
This is a newly discovered email vulnerability: The email your manager received and forwarded to you was something completely innocent, such as a potential customer asking a few questions. All that email was supposed to achieve was being forwarded to you. However, the moment the email appeared in your inbox, it changed. The innocent pretext disappeared and the real phishing email became visible.
The Last Watchdog
APRIL 8, 2024
CISOs can sometimes be their own worst enemy, especially when it comes to communicating with the board of directors. Related: The ‘cyber’ case for D&O insurance Vanessa Pegueros knows this all too well. She serves on the board of several technology companies and also happens to be steeped in cyber risk governance. I recently attended an IoActive-sponsored event in Seattle at which Pegueros gave a presentation titled: “Merging Cybersecurity, the Board & Executive Team” Peguero
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Tech Republic Security
APRIL 8, 2024
Read about a supply chain attack that involves XZ Utils, a data compressor widely used in Linux systems, and learn how to protect from this threat.
Thales Cloud Protection & Licensing
APRIL 8, 2024
From Marco Polo to Modern Mayhem: Why Identity Management Matters madhav Tue, 04/09/2024 - 05:20 Imagine yourself as Marco Polo, the Venetian merchant traversing dangerous trade routes. Every border crossing meant proving your identity – who you were, where you came from, your purpose. Misrepresenting yourself could mean imprisonment or worse. Today's identity struggles aren't about camel caravans and silk, but that same core battle remains: proving who you are and protecting that identity from
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Security Boulevard
APRIL 8, 2024
Cybercriminals pilfered an average of 50.9 login credentials per device, evidence of the pressing need for cybersecurity measures. The post 10 Million Devices Were Infected by Data-Stealing Malware in 2023 appeared first on Security Boulevard.
Tech Republic Security
APRIL 8, 2024
Find out why IT pros in Australia need to take the initiative to self-upskill, and learn how this could lead to salary increases and promotions.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Penetration Testing
APRIL 8, 2024
Damn Vulnerable RESTaurant An intentionally vulnerable API service designed for learning and training purposes dedicated to developers, ethical hackers, and security engineers. The idea of the project is to provide an environment that can... The post Damn Vulnerable RESTaurant: An intentionally vulnerable Web API game for learning and training appeared first on Penetration Testing.
Security Boulevard
APRIL 8, 2024
Enter the lobbyists: A draft federal privacy act has Washington DC buzzing. But it’s just a bill—and it’s a long, long journey before it becomes a law. The post Here Comes the US GDPR: APRA, the American Privacy Rights Act appeared first on Security Boulevard.
The Hacker News
APRIL 8, 2024
Google has announced support for what's called a V8 Sandbox in the Chrome web browser in an effort to address memory corruption issues. The sandbox, according to V8 Security technical lead Samuel Groß, aims to prevent "memory corruption in V8 from spreading within the host process.
Security Boulevard
APRIL 8, 2024
Google has added a Security Command Center Enterprise platform to unify the management of security operations (SecOps) to its Mandiant portfolio. The post Google Adds Security Command Center Enterprise to Mandiant Portfolio appeared first on Security Boulevard.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Bleeping Computer
APRIL 8, 2024
The Notepad++ project is seeking the public's help in taking down a copycat website that closely impersonates Notepad++ but is not affiliated with the project. There is some concern that it could pose security threats—for example, if it starts pushing malicious releases or spam someday either deliberately or as a result of a hijack. [.
Security Boulevard
APRIL 8, 2024
According to Barracuda Networks, 66,000 incidents needed to be escalated to security operations in 2023, and 15,000 required an immediate response. The post Barracuda Report Provides Insight into Cybersecurity Threat Severity Levels appeared first on Security Boulevard.
Bleeping Computer
APRIL 8, 2024
Almost 2,000 hacked WordPress sites now display fake NFT and discount pop-ups to trick visitors into connecting their wallets to crypto drainers that automatically steal funds. [.
Security Boulevard
APRIL 8, 2024
A beleaguered health care industry that already is a top target of cybercriminals is under attack again, with bad actors recently using social engineering techniques in calls to IT helpdesks to gain access into the systems of targeted organizations. Armed with sensitive personal information, the fraudsters call the helpdesk claiming to be an employee in.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
WIRED Threat Level
APRIL 8, 2024
AI tools are getting better at cloning people's voices, and scammers are using these new capabilities to commit fraud. Avoid getting swindled by following these expert tips.
The Hacker News
APRIL 8, 2024
A new phishing campaign has set its eyes on the Latin American region to deliver malicious payloads to Windows systems. "The phishing email contained a ZIP file attachment that when extracted reveals an HTML file that leads to a malicious file download posing as an invoice," Trustwave SpiderLabs researcher Karla Agregado said.
Tech Republic Security
APRIL 8, 2024
Dead and loving it? Discover the definition, the benefits, drawbacks, recommended vendors and more.
The Hacker News
APRIL 8, 2024
Threat actors are actively scanning and exploiting a pair of security flaws that are said to affect as many as 92,000 internet-exposed D-Link network-attached storage (NAS) devices. Tracked as CVE-2024-3272 (CVSS score: 9.8) and CVE-2024-3273 (CVSS score: 7.3), the vulnerabilities impact legacy D-Link products that have reached end-of-life (EoL) status.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Security Affairs
APRIL 8, 2024
Greylock McKinnon Associates, a service provider for the Department of Justice, suffered a data breach that exposed data of 341650 people. Greylock McKinnon Associates (GMA) provides expert economic analysis and litigation support to a diverse group of domestic and international clients in the legal profession, the business community, and government agencies, including the Department of Justice (DoJ).
Security Boulevard
APRIL 8, 2024
Threat actors are not a monolith in their approach to cybercrime. The popular perception is that threat actors steal information for the sake of it, while knowing and accepting that they are doing something wrong. However, some threat actors also justify their actions by promoting an image that their activity ethically advances the cause of […] The post AlphaLock, Threat Actor Branding, and the World of Cybercrime Marketing appeared first on Flare | Cyber Threat Intel | Digital Risk Pr
Duo's Security Blog
APRIL 8, 2024
It is a well-known and established point that a password alone is not enough to secure an account. That’s where multi-factor authentication (MFA) comes in. Typically, a user confirms their identity using an application on their phone and accepts a push notification. But what if an attacker can just send that authentication request to their own personal phone?
Security Affairs
APRIL 8, 2024
Zero-day broker firm Crowdfense announced a 30 million USD offer as part of its Exploit Acquisition Program. Crowdfense is a world-leading research hub and acquisition platform focused on high-quality zero-day exploits and advanced vulnerability research. In 2019 the company made the headlines for its 10M USD bug bounty program along with its unique “ Vulnerability Research Hub ” (VRH) online platform.
Advertisement
The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.
The Hacker News
APRIL 8, 2024
Threat hunters have discovered a new malware called Latrodectus that has been distributed as part of email phishing campaigns since at least late November 2023.
Tech Republic Security
APRIL 8, 2024
Cyber threat hunting combines strategies, advanced technologies and skilled analysts to methodically examine networks, endpoints and data repositories. Its objective is to uncover stealthy malicious activities, reduce dwell time for undetected threats and bolster an organization’s capability to withstand multi-vector attacks. This TechRepublic Premium article, written by Franklin Okeke, aims to look at threat hunting.
Bleeping Computer
APRIL 8, 2024
Google is rolling out an upgraded Find My Device network to Android devices in the United States and Canada, almost one year after it was first unveiled during the Google I/O 2023 conference in May. [.
Security Boulevard
APRIL 8, 2024
CVE-2024-3094 is a critical Remote Code Execution (RCE) vulnerability found in the popular open-source XZ Utils library. This vulnerability affects XZ Utils versions 5.6.0 and 5.6.1 and could enable unauthorized attackers to gain remote access to affected systems. About XZ Utils XZ Utils is very popular on Linux. It supports lossless data compression on almost […] The post CVE-2024-3094: RCE Vulnerability Discovered in XZ Utils appeared first on Kratikal Blogs.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Bleeping Computer
APRIL 8, 2024
Laptop and tablet accessories maker Targus disclosed that it suffered a cyberattack disrupting operations after a threat actor gained access to the company's file servers. [.
Penetration Testing
APRIL 8, 2024
Security researchers at Red Canary have uncovered a worrying campaign targeting a recently patched vulnerability (CVE-2023-48788) in Fortinet’s FortiClient Enterprise Management System (EMS). This flaw, if unpatched, allows attackers to remotely execute code on... The post Critical Fortinet Vulnerability Exploited: Hackers Deploy Remote Control Tools and Backdoors appeared first on Penetration Testing.
The Hacker News
APRIL 8, 2024
The ransomware industry surged in 2023 as it saw an alarming 55.5% increase in victims worldwide, reaching a staggering 5,070. But 2024 is starting off showing a very different picture. While the numbers skyrocketed in Q4 2023 with 1309 cases, in Q1 2024, the ransomware industry was down to 1,048 cases. This is a 22% decrease in ransomware attacks compared to Q4 2023.
Penetration Testing
APRIL 8, 2024
According to a comprehensive report by Palo Alto Networks, the cybersecurity realm is witnessing a significant uptick in malware-initiated scanning attacks. This method, diverging from traditional direct scanning approaches, involves the use of infected... The post Vulnerability Scanning Goes Undercover: Malware-Driven Attacks on the Rise appeared first on Penetration Testing.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Expert insights. Personalized for you.
296 
Let's personalize your content