Troy Hunt

NOVEMBER 6, 2023

I like to think of investigating data breaches as a sort of scientific search for truth. You start out with a theory (a set of data coming from an alleged source), but you don't have a vested interested in whether the claim is true or not, rather you follow the evidence and see where it leads. Verification that supports the alleged source is usually quite straightforward , but disproving a claim can be a rather time consuming exercise, especially when a dataset contains fragments of truth m

Data breaches 344

Data breaches Accountability Passwords 344

Bleeping Computer

NOVEMBER 27, 2023

Google Drive users are reporting that recent files stored in the cloud have suddenly disappeared, with the cloud service reverting to a storage snapshot as it was around April-May 2023. [.

145

145

Schneier on Security

NOVEMBER 15, 2023

This is interesting : For the first time, researchers have demonstrated that a large portion of cryptographic keys used to protect data in computer-to-server SSH traffic are vulnerable to complete compromise when naturally occurring computational errors occur while the connection is being established. […] The vulnerability occurs when there are errors during the signature generation that takes place when a client and server are establishing a connection.

337

337

Tech Republic Security

NOVEMBER 22, 2023

Phishing, infostealer malware, ransomware, supply chain attacks, data breaches and crypto-related attacks are among the top evolving threats in the financial sector, says Sekoia.

Cyber threats 197

Cyber threats Data breaches Phishing Ransomware 197

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Malwarebytes

NOVEMBER 30, 2023

Meta is required to get users’ consent in Europe in order to show them targeted ads. For this reason, Meta has to provide European users with a way to opt out of behavioral advertising or face fines totalling $100,000 a day. Behavioral advertising are ads tailored to someone’s browsing habits and other online behavior. A profile of the user is built up over time, as they work their way around the web.

Small Business 145

Small Business Advertising Accountability Mobile 145

We Live Security

NOVEMBER 23, 2023

ESET research shares insights about groups operating Telekopye, Telegram bots that scam people in online marketplaces, their internal onboarding process, different tricks of trade that Neanderthals use, and more.

Scams 145

Scams Cybercrime 145

WIRED Threat Level

NOVEMBER 20, 2023

A WIRED analysis of leaked police documents verifies that a secretive government program is allowing federal, state, and local law enforcement to access phone records of Americans who are not suspected of a crime.

Surveillance 145

Surveillance Government 145

SecureList

NOVEMBER 9, 2023

Almost every quarter, someone publishes major research focusing on campaigns or incidents that involve Asian APT groups. These campaigns and incidents target various organizations from a multitude of industries. Likewise, the geographic location of victims is not limited to just one region. This type of research normally contains detailed information about the tools used by APT actors, the vulnerabilities that they exploit and sometimes even a specific attribution.

Cybersecurity 145

Cybersecurity Cyber threats Risk Hacking 145

Tech Republic Security

NOVEMBER 29, 2023

The Guidelines for Secure AI System Development have been drawn up to help developers ensure security is baked into the heart of new artificial intelligence models.

Artificial Intelligence 198

Artificial Intelligence Cybersecurity 198

Malwarebytes

NOVEMBER 10, 2023

After performing local experiments for a few months, YouTube recently expanded its effort to block ad blockers. The move was immediately unpopular with some users, and raised some questions in Europe about whether it was breaking privacy laws. In addition, there are some still some fundamental issues that have some people concerned. In this blog post, we look at a couple of examples that erode our trust in online ads.

Scams 145

Scams Advertising Malware 145

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Bleeping Computer

NOVEMBER 15, 2023

The ALPHV/BlackCat ransomware operation has taken extortion to a new level by filing a U.S. Securities and Exchange Commission complaint against one of their alleged victims for not complying with the four-day rule to disclose a cyberattack. [.

Ransomware 142

Ransomware 142

Security Affairs

NOVEMBER 20, 2023

The DarkCasino APT group leveraged a recently disclosed WinRAR zero-day vulnerability tracked as CVE-2023-38831. Researchers at cybersecurity firm NSFOCUS analyzed DarkCasino attack pattern exploiting the WinRAR zero-day vulnerability tracked as CVE-2023-38831. The economically motivated APT group used specially crafted archives in phishing attacks against forum users through online trading forum posts. “DarkCasino is an APT threat actor with strong technical and learning ability, who is g

Phishing 139

Phishing Financial Services Cryptocurrency Technology 139

The Hacker News

NOVEMBER 8, 2023

Cybersecurity researchers have developed what's the first fully undetectable cloud-based cryptocurrency miner leveraging the Microsoft Azure Automation service without racking up any charges. Cybersecurity company SafeBreach said it discovered three different methods to run the miner, including one that can be executed on a victim's environment without attracting any attention.

Cryptocurrency 140

Cryptocurrency Cybersecurity 140

NetSpi Technical

NOVEMBER 16, 2023

As we were preparing our slides and tools for our DEF CON Cloud Village Talk ( What the Function: A Deep Dive into Azure Function App Security ), Thomas Elling and I stumbled onto an extension of some existing research that we disclosed on the NetSPI blog in March of 2023. We had started working on a function that could be added to a Linux container-based Function App to decrypt the container startup context that is passed to the container on startup.

Encryption 136

Encryption Accountability Penetration Testing Authentication 136

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Tech Republic Security

NOVEMBER 20, 2023

New botnets, more AI in spearphishing and increases in hack-for-hire business are some of Kaspersky's security predictions. Get extensive APT mitigation tips, too.

Hacking 194

Hacking Artificial Intelligence Mobile Malware 194

Malwarebytes

NOVEMBER 14, 2023

As we head into shopping season, customers aren’t the only ones getting excited. More online shopping means more opportunities for cybercriminals to grab their share using scams and data theft. One particular threat we’re following closely and expect to increase over the next several weeks is credit card skimming. Online stores are not always as secure as you might think they are, and yet you need to hand over your valuable credit card information in order to buy anything.

Antivirus 144

Antivirus Scams Marketing Hacking 144

Bleeping Computer

NOVEMBER 24, 2023

Open source file sharing software ownCloud is warning of three critical-severity security vulnerabilities, including one that can expose administrator passwords and mail server credentials. [.

Passwords 141

Passwords Software 141

Hack the Box

NOVEMBER 2, 2023

Our Head of Security, Ben Rollin, calls on more than a decade of experience in cybersecurity to break down the practical steps to a career in ethical hacking.

Hacking 145

Hacking Cybersecurity 145

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

The Hacker News

NOVEMBER 14, 2023

Intel has released fixes to close out a high-severity flaw codenamed Reptar that impacts its desktop, mobile, and server CPUs. Tracked as CVE-2023-23583 (CVSS score: 8.8), the issue has the potential to "allow escalation of privilege and/or information disclosure and/or denial of service via local access.

Mobile 138

Mobile 138

WIRED Threat Level

NOVEMBER 13, 2023

Netflix, Spotify, Twitter, PayPal, Slack. All down for millions of people. How a group of teen friends plunged into an underworld of cybercrime and broke the internet—then went to work for the FBI.

Cybercrime 136

Cybercrime Internet Internet Hacking 136

Tech Republic Security

NOVEMBER 12, 2023

Research from Infoxchange indicates that poor cyber security practices in Australia’s not-for-profit sector are putting its donors’ and communities’ data at risk.

Risk 185

Risk Cybersecurity 185

Malwarebytes

NOVEMBER 9, 2023

A federal judge has refused to bring back a class action lawsuit that alleged four car manufacturers had violated Washington state’s privacy laws by using vehicles’ on-board infotainment systems to record customers’ text messages and mobile phone call logs. The judge ruled that the practice doesn’t meet the threshold for an illegal privacy violation under state law.

Manufacturing 144

Manufacturing Identity Theft Mobile Advertising 144

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

Bleeping Computer

NOVEMBER 30, 2023

Apple released emergency security updates to fix two zero-day vulnerabilities exploited in attacks and impacting iPhone, iPad, and Mac devices, reaching 20 zero-days patched since the start of the year. [.

140

140

Security Affairs

NOVEMBER 6, 2023

Google warns of multiple threat actors that are leveraging its Calendar service as a command-and-control (C2) infrastructure. Google warns of multiple threat actors sharing a public proof-of-concept (PoC) exploit, named Google Calendar RAT, that relies on Calendar service to host command-and-control (C2) infrastructure. Google Calendar RAT is a PoC of Command&Control (C2) over Google Calendar Events, it was developed red teaming activities. “To use GRC, only a Gmail account is require

Accountability 136

Accountability Hacking Information Security Malware 136

The Hacker News

NOVEMBER 2, 2023

As many as 34 unique vulnerable Windows Driver Model (WDM) and Windows Driver Frameworks (WDF) drivers could be exploited by non-privileged threat actors to gain full control of the devices and execute arbitrary code on the underlying systems.

Firmware 138

Firmware 138

Security Boulevard

NOVEMBER 17, 2023

Manifest V3: Destiny. Huge advertising monopoly flexes muscles: “Manifest V2” extensions to be nuked, but “V3” cripples ad blockers. The post Google to Force-Block Ad Blockers — Time to Get Firefox? appeared first on Security Boulevard.

Advertising 133

Advertising Social Engineering Data privacy Engineering 133

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

Risk

Tech Republic Security

NOVEMBER 22, 2023

It’s time to stop relying on the insecure authentication protocol built into Windows. Microsoft is making it easier to switch to secure modern options.

Authentication 188

Authentication Network Security 188

Malwarebytes

NOVEMBER 2, 2023

At Malwarebytes we’ve been telling people for years not to reuse passwords, and that a password manager is a secure way of remembering all the passwords you need for your online accounts. But we also know that a password manager can be overwhelming, especially when you’re just getting started. Once you’ve stored your tens or even hundreds of passwords, a password manager is relatively convenient to use and keep updated.

Passwords 138

Passwords Password Management Data breaches Authentication 138

Bleeping Computer

NOVEMBER 22, 2023

Security researchers bypassed Windows Hello fingerprint authentication on Dell Inspiron, Lenovo ThinkPad, and Microsoft Surface Pro X laptops in attacks exploiting security flaws found in the embedded fingerprint sensors. [.

Authentication 140

Authentication 140

Security Affairs

NOVEMBER 30, 2023

A critical vulnerability in Zoom Room allowed threat actors to take over meetings and steal sensitive data. Researchers at AppOms discovered a vulnerability in Zoom Room as part of the HackerOne live hacking event H1-4420. Zoom Rooms is a feature of the Zoom video conferencing platform designed to enhance collaboration in physical meeting spaces, such as conference rooms or huddle rooms.

Accountability 133

Accountability Hacking Information Security 133

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity