The Last Watchdog

JULY 24, 2023

Accessing vital information to complete day-to-day tasks at our jobs still requires using a password-based system at most companies. Related: Satya Nadella calls for facial recognition regulations Historically, this relationship has been effective from both the user experience and host perspectives; passwords unlocked a world of possibilities, acted as an effective security measure, and were simple to remember.

Authentication 245

Authentication Passwords Phishing Social Engineering 245

Schneier on Security

JULY 26, 2023

Seems that there is a deliberate backdoor in the twenty-year-old TErrestrial Trunked RAdio (TETRA) standard used by police forces around the world. The European Telecommunications Standards Institute (ETSI), an organization that standardizes technologies across the industry, first created TETRA in 1995. Since then, TETRA has been used in products, including radios, sold by Motorola, Airbus, and more.

Telecommunications 230

Telecommunications Encryption Technology Software 230

Tech Republic Security

JULY 25, 2023

Want a custom security dashboard to bring together data from multiple places? Microsoft Power BI can do that and help you spot what's changing.

Big data 190

Big data Software 190

Bleeping Computer

JULY 22, 2023

Microsoft is making it easier to see how much energy your apps use in Windows 11 over a given period by introducing a detailed power consumption page in the latest 23H2 update. [.

Software 98

Software 98

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

The Last Watchdog

JULY 27, 2023

Paris, France, July 27, 2023 – CrowdSec , the pioneering open source and collaborative cybersecurity company, today released its Q2 2023 Majority Report , a comprehensive community-driven data report fueled by the collective efforts of its thousands of users. Key takeaways from the report include the rise of IPv6 as well as the role of VPN in cybercriminal activities.

VPN 246

VPN Cybersecurity Data collection Threat Detection 246

Schneier on Security

JULY 27, 2023

World of Warcraft players wrote about a fictional game element, “Glorbo,” on a subreddit for the game, trying to entice an AI bot to write an article about it. It worked : And it…worked. Zleague auto-published a post titled “World of Warcraft Players Excited For Glorbo’s Introduction.” […] That is…all essentially nonsense.

Social Engineering 207

Social Engineering Artificial Intelligence Engineering 207

Bleeping Computer

JULY 28, 2023

Microsoft Edge web browser has been displaying security warnings after Twitter changed its name to 'X'. It's got to do with a security feature dubbed 'Progressive Web App Icon change', designed to keep users safe during app icon or name changes. [.

98

98

Security Boulevard

JULY 28, 2023

C’mon Cupertino: “Unknown Tracker Detected,” your phone screams. What now? The post Android Foils AirTag Stalkers and Thieves — While Apple Does Nothing appeared first on Security Boulevard.

Social Engineering 98

Social Engineering IoT Security Awareness Engineering 98

Schneier on Security

JULY 24, 2023

Supposedly Google is starting a pilot program of disabling Internet connectivity from employee computers: The company will disable internet access on the select desktops, with the exception of internal web-based tools and Google-owned websites like Google Drive and Gmail. Some workers who need the internet to do their job will get exceptions, the company stated in materials.

Internet 207

Internet Internet 207

Tech Republic Security

JULY 28, 2023

The free NordVPN Meshnet helps you create your own VPN tunnel to securely and directly connect different devices. Learn more about Meshnet and how to set it up in this guide.

VPN 136

VPN Cybersecurity Network Security 136

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Bleeping Computer

JULY 28, 2023

CISA says new malware known as Submarine was used to backdoor Barracuda ESG (Email Security Gateway) appliances on federal agencies' networks by exploiting a now-patched zero-day bug. [.

Malware 98

Malware Hacking 98

The Hacker News

JULY 28, 2023

A legitimate Windows search feature is being exploited by unknown malicious actors to download arbitrary payloads from remote servers and compromise targeted systems with remote access trojans such as AsyncRAT and Remcos RAT.

98

98

Schneier on Security

JULY 28, 2023

Interesting research: “ (Ab)using Images and Sounds for Indirect Instruction Injection in Multi-Modal LLMs “: Abstract: We demonstrate how images and sounds can be used for indirect prompt and instruction injection in multi-modal LLMs. An attacker generates an adversarial perturbation corresponding to the prompt and blends it into an image or audio recording.

Artificial Intelligence 205

Artificial Intelligence 205

Tech Republic Security

JULY 25, 2023

If you're new to cyber security or trying to improve your knowledge, Cyber Security Specialist Workshop Live Sessions provides 32 weeks of essential training for under $500.

Cybersecurity 133

Cybersecurity 133

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Bleeping Computer

JULY 27, 2023

U.S. government services contractor Maximus has disclosed a data breach warning that hackers stole the personal data of 8 to 11 million people during the recent MOVEit Transfer data-theft attacks. [.

Data breaches 98

Data breaches Government 98

The Hacker News

JULY 27, 2023

Cybersecurity researchers have disclosed two high-severity security flaws in the Ubuntu kernel that could pave the way for local privilege escalation attacks. Cloud security firm Wiz, in a report shared with The Hacker News, said the easy-to-exploit shortcomings have the potential to impact 40% of Ubuntu users.

Cybersecurity 98

Cybersecurity 98

Security Boulevard

JULY 27, 2023

Welcome to the latest edition of The Week in Security , which brings you the newest headlines from both the world and our team across the full stack of security: application security, cybersecurity, and beyond. This week: a North Korean APT group targets developers via GitHub. Also: This Barbie is a cybercriminal. The post The Week in Security: North Korean APT targets developers, this Barbie is a cybercriminal appeared first on Security Boulevard.

Cybersecurity 98

Cybersecurity Software 98

Tech Republic Security

JULY 24, 2023

Derek Hanson, Yubico’s VP of standards and alliances and an industry expert on passkeys, discusses why device-bound-to-shareable passkeys are critical.

139

139

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

eSecurity Planet

JULY 27, 2023

Cybersecurity startups had been pretty resilient despite the downturn in venture capital funding, but that run has ended in recent months. Venture investments in cybersecurity startups in the second quarter plunged 63% to $1.6 billion , according to data from Crunchbase. Funding was down 40% sequentially from the first quarter, and was the lowest since the fourth quarter of 2019.

Cybersecurity 98

Cybersecurity Marketing Artificial Intelligence Technology 98

Bleeping Computer

JULY 26, 2023

Two Linux vulnerabilities introduced recently into the Ubuntu kernel create the potential for unprivileged local users to gain elevated privileges on a massive number of devices. [.

98

98

Security Boulevard

JULY 27, 2023

Fraud is a pervasive threat to any organization’s viability and sustainability, with fraudsters continually seeking innovative ways to deceive and steal from businesses. To protect themselves and their customers, it’s critical for businesses today to have a comprehensive fraud risk management plan that identifies, assesses, and mitigates risks associated with nefarious cyber activities.

Risk 98

Risk 98

Tech Republic Security

JULY 24, 2023

In this How to Make Tech Work tutorial, Jack Wallen shows how to add another layer of security to your Linux machines with just two files.

Network Security 147

Network Security 147

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

The Hacker News

JULY 26, 2023

A new malware family called Realst has become the latest to target Apple macOS systems, with a third of the samples already designed to infect macOS 14 Sonoma, the upcoming major release of the operating system.

Cryptocurrency 98

Cryptocurrency Passwords Malware 98

Bleeping Computer

JULY 26, 2023

Microsoft has released the July 2023 optional cumulative update for Windows 11, version 22H2, with fixes for 27 issues, including ones affecting VPN performance and display or audio devices. [.

VPN 98

VPN 98

Malwarebytes

JULY 25, 2023

Stalkerware-type app Spyhide is coded so badly that it’s possible to gain access to the back-end databases and retrieve data about everyone that has the app on their device. And it's not a small number. Hacktivist maia arson crimew told TechCrunch she'd found 60,000 compromised Android devices, dating back to 2016. Spyhide, like many other stalkerware-type apps “silently and continually uploads the phone’s contacts, messages, photos, call logs and recordings, and granular locat

Surveillance 98

Surveillance Mobile Marketing Government 98

Tech Republic Security

JULY 28, 2023

Security experts from HackerOne and beyond weigh in on malicious prompt engineering and other attacks that could strike through LLMs.

Artificial Intelligence 147

Artificial Intelligence Cyber threats Hacking Engineering 147

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

Security Boulevard

JULY 26, 2023

We will kill WEI: A thinly veiled attempt to track you and make more ad money. The post ALERT: Google Wants to DRM your OS for ‘Web Environment Integrity’ appeared first on Security Boulevard.

Security Awareness 98

Security Awareness IoT Risk Mobile 98

Bleeping Computer

JULY 26, 2023

The U.S. Securities and Exchange Commission has adopted new rules requiring publicly traded companies to disclose cyberattacks within four business days after determining they're material incidents. [.

98

98

Security Affairs

JULY 26, 2023

Wiz researchers discovered two Linux vulnerabilities in the Ubuntu kernel that can allow an unprivileged local user to gain elevated privileges. Wiz Research discovered two privilege escalation vulnerabilities, tracked as CVE-2023-2640 and CVE-2023-32629, in the OverlayFS module in the Linux distro Ubuntu. According to the researchers, the flaws impact 40% of the users of the popular Linux distribution.

Hacking 98

Hacking Information Security 98

Tech Republic Security

JULY 27, 2023

What is the best CSPM tool for your business? Use our guide to review our picks for the best cloud security posture management (CSPM) tools for 2023.

Software 135

Software Cybersecurity 135

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

Risk