Krebs on Security

APRIL 4, 2023

Several domain names tied to Genesis Market , a bustling cybercrime store that sold access to passwords and other data stolen from millions of computers infected with malicious software, were seized by the Federal Bureau of Investigation (FBI) today. Sources tell KrebsOnsecurity the domain seizures coincided with “dozens” of arrests in the United States and abroad targeting those who allegedly operated the service, as well as suppliers who continuously fed Genesis Market with freshly

Marketing 337

Marketing Cybercrime Passwords Banking 337

Schneier on Security

APRIL 6, 2023

New research: “ Achilles Heels for AGI/ASI via Decision Theoretic Adversaries “: As progress in AI continues to advance, it is important to know how advanced systems will make choices and in what ways they may fail. Machines can already outsmart humans in some domains, and understanding how to safely build ones which may have capabilities at or above the human level is of particular concern.

Artificial Intelligence 225

Artificial Intelligence 225

Troy Hunt

APRIL 1, 2023

Most of this week's video went on talking about the UniFi Dream Wall. What a unit! I mean it's big, but then it wraps a lot of stuff up in the one device too. If you watch this and have thoughts on how I can integrate it into the new garage such that it doesn't clash with the dark theme, I'd love to hear about it. I'll share more once I set it up in the coming weeks but for now, enjoy this week's video 🙂 References The UniFi Dream Wall is an impressive unit

Passwords 215

Passwords 215

Lohrman on Security

APRIL 2, 2023

NATO countries are facing a growing breadth and depth of nation-state cyber attacks as Russia, China, Iran and other countries increase military cyber cooperation.

Cyber Risk 218

Cyber Risk Risk Cyber Attacks 218

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Tech Republic Security

APRIL 3, 2023

Some 43% of employees have been targeted with work-related phishing attacks on their personal devices, says a survey from SlashNext. The post BYOD and personal apps: A recipe for data breaches appeared first on TechRepublic.

Data breaches 198

Data breaches Phishing Mobile Cybersecurity 198

Bleeping Computer

APRIL 7, 2023

Amazon has banned the sale of the Flipper Zero portable multi-tool for pen-testers as it no longer allows its sale on the platform after tagging it as a card-skimming device. [.

Technology 145

Technology 145

Security Boulevard

APRIL 3, 2023

Déjà Vu: Hack of WD systems leads to My Cloud service outage. Owners unable to access files. The post Western Digital Hacked: ‘My Cloud’ Data Dead (Even Local Storage!) appeared first on Security Boulevard.

Hacking 145

Hacking Social Engineering IoT Security Awareness 145

Tech Republic Security

APRIL 3, 2023

A new report for cybersecurity firm WithSecure suggests that most companies are investing in security solutions that are tactical and reactive, but not in line with strategic aims of an organization. The post Cybersecurity unaligned with business goals is reactive … and flawed: Study appeared first on TechRepublic.

Cybersecurity 164

Cybersecurity Software 164

Bleeping Computer

APRIL 1, 2023

Fake extortionists are piggybacking on data breaches and ransomware incidents, threatening U.S. companies with publishing or selling allegedly stolen data unless they get paid. [.

Ransomware 145

Ransomware Data breaches 145

eSecurity Planet

APRIL 7, 2023

Kali Linux turns 10 this year, and to celebrate, the Linux penetration testing distribution has added defensive security tools to its arsenal of open-source security tools. It remains to be seen if Kali Purple will do for defensive open source security tools what Kali Linux has done for open source pentesting, but the addition of more than 100 open source tools for SIEM , incident response , intrusion detection and more should raise the profile of those defensive tools.

Penetration Testing 141

Penetration Testing Social Engineering Energy and Utilities Hacking 141

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Security Boulevard

APRIL 4, 2023

$8.50 per child: UK regulator punishes TikTok at 5.5% of revenue. Says app illegally tracked children. The post TikTok Abused Kids’ Data — UK Fines it $16 Million appeared first on Security Boulevard.

Social Engineering 145

Social Engineering Security Awareness Engineering Risk 145

Tech Republic Security

APRIL 7, 2023

Joe Burton, CEO of digital identity company Telesign, talks to TechRepublic about how the “fuzzy” realm between statistical analysis and AI can fuel global, fast, accurate identity. The post Company that launched 2FA is pioneering AI for digital identity appeared first on TechRepublic.

Artificial Intelligence 149

Artificial Intelligence Authentication 149

Bleeping Computer

APRIL 4, 2023

HP announced in a security bulletin this week that it would take up to 90 days to patch a critical-severity vulnerability that impacts the firmware of certain business-grade printers. [.

Firmware 145

Firmware 145

Dark Reading

APRIL 5, 2023

Using only ChatGPT prompts, a Forcepoint researcher convinced the AI to create malware for finding and exfiltrating specific documents, despite its directive to refuse malicious requests.

Malware 140

Malware 140

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Security Boulevard

APRIL 7, 2023

I guess I’m banned from Twitter now: Tesla employees mocked and memeified private photos and videos. Firm’s message boards were full of the stuff. The post Tesla Staff Shared Saucy Snaps of Customers (Sources Say) appeared first on Security Boulevard.

Social Engineering 141

Social Engineering IoT Security Awareness Engineering 141

Tech Republic Security

APRIL 7, 2023

Google's Threat Analysis Group reported on a subset of APT43 called Archipelago and detailed how the company is trying to protect users. The post Cyberespionage threat actor APT43 targets US, Europe, Japan and South Korea appeared first on TechRepublic.

Phishing 148

Phishing Cybersecurity 148

Bleeping Computer

APRIL 3, 2023

Hackers are adding malicious functionality to WinRAR self-extracting archives that contain harmless decoy files, allowing them to plant backdoors without triggering the security agent on the target system. [.

145

145

CyberSecurity Insiders

APRIL 5, 2023

Cybersecurity fatigue is genuine, and hackers are benefiting from it. The constant pressure to frequently update the software and stay precautionary of fraudulent emails is exhausting. Therefore, even minor mistakes can have critical consequences. Cybercrime risk is rising, security vulnerabilities are increasing, and the cybersecurity industry is rapidly developing.

Cybersecurity 134

Cybersecurity Data breaches Passwords Education 134

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Security Boulevard

APRIL 1, 2023

The post What is the impact of AI on cyber security awareness? appeared first on Click Armor. The post What is the impact of AI on cyber security awareness? appeared first on Security Boulevard.

Security Awareness 137

Security Awareness Artificial Intelligence Risk 137

Tech Republic Security

APRIL 5, 2023

Windscribe has functions you probably didn’t know you need and is offering new users best-on-web pricing for one-to-three-year subscriptions. The post Get two years of ultimate VPN protection on unlimited connections for only $60 appeared first on TechRepublic.

VPN 146

VPN 146

Bleeping Computer

APRIL 6, 2023

Telegram has become the working ground for the creators of phishing bots and kits looking to market their products to a larger audience or to recruit unpaid helpers. [.

Phishing 145

Phishing Marketing 145

SecureList

APRIL 3, 2023

On March 29, Crowdstrike published a report about a supply chain attack conducted via 3CXDesktopApp, a popular VoIP program. Since then, the security community has started analyzing the attack and sharing their findings. The following has been discovered so far: The infection is spread via 3CXDesktopApp MSI installers. An installer for macOS has also been trojanized.

Cryptocurrency 131

Cryptocurrency Encryption Software Malware 131

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Security Boulevard

APRIL 7, 2023

As a cybersecurity professional, vulnerabilities and exploits can be exhausting, never-ending and the bane of your existence. It is hard to prioritize what matters to you and your organization when you are staring at thousands of vulnerabilities, especially when you also consider those that might impact your supply chain and third-party vendors! Earlier this year, The post Don’t Get Burned (Out) by Cloud Vulnerabilities appeared first on Security Boulevard.

Cybersecurity 130

Cybersecurity Security Awareness 130

Tech Republic Security

APRIL 7, 2023

Learn how IPFS is used in phishing attacks and why it’s especially tricky to remove the impacted pages, as well as how to protect from this security threat. The post More phishing campaigns are using IPFS network protocol appeared first on TechRepublic.

Phishing 143

Phishing Cybercrime Cybersecurity 143

Bleeping Computer

APRIL 1, 2023

Dish Network has been slapped with multiple class action lawsuits after it suffered a ransomware incident that was behind the company's multi-day "network outage." The legal actions aim to recover losses faced by DISH investors who were adversely affected by what has been dubbed a "securities fraud." [.

Cyber Attacks 142

Cyber Attacks Ransomware 142

CyberSecurity Insiders

APRIL 7, 2023

In today’s world, almost everyone owns a smartphone. In fact, it has become a necessity rather than a materialistic want. To secure the device from fraudulent access, mobile operating system manufacturers are coming up with various security features, among which phone PIN is the most commonly used option. However, according to a research study carried out by the SANS Institute, the most commonly used PIN on mobile phones is 1234.

Cyber Risk 128

Cyber Risk Risk Mobile Manufacturing 128

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

SecureWorld News

APRIL 4, 2023

As if tax season is not stressful enough—and the filing deadline of Tuesday, April 18, is fast approaching—security researchers have discovered a malicious JavaScript file has existed for weeks on eFile.com, an IRS-authorized electronic filing software service provider. This security incident specifically concerns eFile.com and not identical sounding domains or IRS e-file infrastructure.

Computers and Electronics 129

Computers and Electronics Software Government Malware 129

Tech Republic Security

APRIL 7, 2023

These phishing campaigns are exploiting a Zimbra vulnerability and affecting internet-facing webmail services. Learn how to protect your organization from this security threat. The post Phishing from threat actor TA473 targets US and NATO officials appeared first on TechRepublic.

Phishing 138

Phishing Internet Internet Government 138

Bleeping Computer

APRIL 4, 2023

The domains for Genesis Market, one of the most popular marketplaces for stolen credentials of all types, were seized by law enforcement earlier this week as part of Operation Cookie Monster. [.

Marketing 141

Marketing 141

eSecurity Planet

APRIL 5, 2023

Effective vulnerability management is about knowing what you own and prioritizing what you need to fix. A new research report shows that millions of organizations are failing at those critical cybersecurity practices. Researchers at cybersecurity firm Rezilion found more than 15 million instances in which systems are vulnerable to the 896 flaws listed in the U.S.

Ransomware 128

Ransomware Cybersecurity Firmware Healthcare 128

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

Risk