Tech Republic Security
APRIL 17, 2023
New cloud-focused credential harvester available on encrypted messaging service Telegram is part of a trend of Python scrapers making it easier to bait multiple phishing hooks. The post Credential harvesting malware appears on deep web appeared first on TechRepublic.
Krebs on Security
APRIL 20, 2023
We learned some remarkable new details this week about the recent supply-chain attack on VoIP software provider 3CX. The lengthy, complex intrusion has all the makings of a cyberpunk spy novel: North Korean hackers using legions of fake executive accounts on LinkedIn to lure people into opening malware disguised as a job offer; malware targeting Mac and Linux users working at defense and cryptocurrency firms; and software supply-chain attacks nested within earlier supply chain attacks.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Schneier on Security
APRIL 17, 2023
Motherboard is reporting on AI-generated voices being used for “swatting”: In fact, Motherboard has found, this synthesized call and another against Hempstead High School were just one small part of a months-long, nationwide campaign of dozens, and potentially hundreds, of threats made by one swatter in particular who has weaponized computer generated voices.
The Last Watchdog
APRIL 21, 2023
Adopting personas and rubbing elbows with criminal hackers and fraudsters is a tried-and-true way to glean intel in the Dark Web. Related: In pursuit of a security culture It’s not at all unusual to find law enforcement agents and private sector threat intelligence analysts concocting aliases that permit them to lurk in unindexed forums, vetted message boards and encrypted code repositories.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Tech Republic Security
APRIL 19, 2023
Ransomware attacks skyrocketed last month according to the new monthly cybersecurity report by NCC Group. New threat group Cl0p is behind the increase as it exploited vulnerabilities in GoAnywhere file transfer manager. The post Ransomware attacks increased 91% in March, as threat actors find new vulnerabilities appeared first on TechRepublic.
Krebs on Security
APRIL 18, 2023
For the past seven years, a malware-based proxy service known as “ Faceless ” has sold anonymity to countless cybercriminals. For less than a dollar per day, Faceless customers can route their malicious traffic through tens of thousands of compromised systems advertised on the service. In this post we’ll examine clues left behind over the past decade by the proprietor of Faceless, including some that may help put a face to the name.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Bleeping Computer
APRIL 18, 2023
The US, UK, and Cisco are warning of Russian state-sponsored APT28 hackers deploying a custom malware named 'Jaguar Tooth' on Cisco IOS routers, allowing unauthenticated access to the device. [.
Tech Republic Security
APRIL 21, 2023
Google Cloud and The Center for Internet Security, Inc., launched the Google Cloud Alliance this week with the goal of advancing digital security in the public sector. The Center for Internet Security, founded in 2000 to address growing cyber threats and establish a set of cybersecurity protocols and standards like CIS Critical Security Controls and.
Security Boulevard
APRIL 17, 2023
It’s Help|About Time: Chrome’s “V8” JavaScript engine has high-severity vuln. Scrotes already exploiting it. The post Drop Everything: Update Chrome NOW — 0-Day Exploit in Wild appeared first on Security Boulevard.
Dark Reading
APRIL 20, 2023
A bug in how Google Cloud Platform handles OAuth tokens opened the door to Trojan apps that could access anything in users' personal or business Google Drives, Photos, Gmail, and more.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Bleeping Computer
APRIL 17, 2023
The Chinese state-sponsored hacking group APT41 was found abusing the GC2 (Google Command and Control) red teaming tool in data theft attacks against a Taiwanese media and an Italian job search company. [.
Tech Republic Security
APRIL 21, 2023
With Neosec acquisition, Akamai gains capabilities around API visibility, a security challenge for organizations, many of which have hundreds of integrated applications. The post API security becoming C-level cybersecurity concern appeared first on TechRepublic.
We Live Security
APRIL 18, 2023
When decommissioning their old hardware, many companies 'throw the baby out with the bathwater' The post Discarded, not destroyed: Old routers reveal corporate secrets appeared first on WeLiveSecurity
WIRED Threat Level
APRIL 19, 2023
The breach of the right-wing provocateur was simply a way of “stirring up some drama,” the attacker tells WIRED. But the damage could have been much worse.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Bleeping Computer
APRIL 19, 2023
The Play ransomware group has developed two custom tools in.NET, namely Grixba and VSS Copying Tool, which it uses to improve the effectiveness of its cyberattacks. [.
Tech Republic Security
APRIL 21, 2023
A report by GitLab finds that AI and ML in software development workflows show promise, but challenges like toolchain complexity and security concerns persist. The post DevSecOps: AI is reshaping developer roles, but it’s not all smooth sailing appeared first on TechRepublic.
CSO Magazine
APRIL 17, 2023
It’s no secret that cybersecurity jobs are burning people out. It’s a high-pressure environment that ever seems to be ratcheting up the daily demand on security professionals. There are many reasons for this, but underlying them all is the way we think about security. By consciously recognizing these mindsets we can change them and better position everyone for success.
Security Boulevard
APRIL 18, 2023
Enterprises already understand how important a role physical security plays in protecting their staff, work environments and privileged information from outsiders. Fences, walls, security guards and RFID-controlled doors all help organizations protect themselves, but these measures are far from sufficient when it comes to protecting critical infrastructure environments from cybersecurity incidents.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Bleeping Computer
APRIL 17, 2023
A new Android trojan called 'Chameleon' has been targeting users in Australia and Poland since the start of the year, mimicking the CoinSpot cryptocurrency exchange, an Australian government agency, and the IKO bank. [.
Tech Republic Security
APRIL 20, 2023
As dwell times drop, and notifications of attack by third parties increase, organizations are getting better at defense while attackers evolve and malware proliferates. The post Malware is proliferating, but defenses are stronger: Mandiant appeared first on TechRepublic.
CSO Magazine
APRIL 17, 2023
Google has released Chrome version 112.0.5615.121 to address a vulnerability that can allow malicious code execution on Windows, Mac, and Linux systems.
Graham Cluley
APRIL 20, 2023
I'm still encountering people who, even after all these years, believe that their Apple Mac computers are somehow magically invulnerable to ever being infected by malware. Maybe details of this new Mac malware will change their mind.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Bleeping Computer
APRIL 19, 2023
Google has released a security update for the Chrome web browser to fix the second zero-day vulnerability found to be exploited in attacks this year. [.
Dark Reading
APRIL 18, 2023
Researchers warn about a dangerous wave of unwiped, secondhand core-routers found containing corporate network configurations, credentials, and application and customer data.
DoublePulsar
APRIL 20, 2023
Russian hackers exfiltrated data from from Capita over a week before outage Capita have finally admitted a data breach , but still do not think they need to disclose key details of the incident to customers, regulators, impacted parties and investors. So in this piece we shall dig into the details using open source intelligence, and prove Capita was penetrated by Black Basta ransomware group using Qakbot phishing to deliver hands on keyboard access for weeks — and question if the playbooks organ
Security Boulevard
APRIL 19, 2023
Uber is in the headlines once again for losing sensitive data. However, this round of data exposure isn’t due to a breach of Uber’s facilities. Rather, New Jersey-based law firm Genova Burns was storing data about Uber’s drivers, including social security numbers, taxpayer identification and other personally identifiable information (PII) when attackers exfiltrated the data.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Bleeping Computer
APRIL 17, 2023
Ex-Conti ransomware members have teamed up with the FIN7 threat actors to distribute a new malware family named 'Domino' in attacks on corporate networks. [.
Dark Reading
APRIL 19, 2023
Unsophisticated attackers can pinpoint where a person lives by lifting metadata from Strava and other apps, even if they're using a feature specifically aimed at protecting their location information.
CSO Magazine
APRIL 18, 2023
An analysis of customer data collected by content delivery network and internet services giant Akamai found that attacks targeting web applications rose by 137% over the course of last year, as the healthcare and manufacturing sectors in particular were targeted with an array of API and application-based intrusions. Local file intrusions — in which attackers spoof a web application in order to either execute code remotely on a web server or gain access to files that they shouldn’t — were the mos
CyberSecurity Insiders
APRIL 16, 2023
Email is a vital communication tool for organizations across industries but also serves as a primary attack vector for cybercriminals. To combat the evolving threats landscape, organizations must proactively address email security challenges. This e-guide offers an in-depth understanding of the email security landscape, actionable guidance on implementing and maintaining robust email security solutions, and an overview of top email security vendors.
Speaker: William Hord, Vice President of ERM Services
A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.
Expert insights. Personalized for you.
167 
Let's personalize your content