Schneier on Security

DECEMBER 5, 2023

Spying and surveillance are different but related things. If I hired a private detective to spy on you, that detective could hide a bug in your home or car, tap your phone, and listen to what you said. At the end, I would get a report of all the conversations you had and the contents of those conversations. If I hired that same private detective to put you under surveillance, I would get a different report: where you went, whom you talked to, what you purchased, what you did.

Surveillance 325

Surveillance Internet Internet Spyware 325

Troy Hunt

DECEMBER 7, 2023

10 years later. 🤯 Seriously, how did this thing turn into this?! It was the humblest of beginning with absolutely no expectations of anything, and now it's, well, massive! I'm a bit lost for words if I'm honest, I hope the chat with Charlotte adds some candour to this week's update, she's seen this thing grow since before its first birthday, through the hardest times and the best times and now lives and breathes HIBP day in day out with me.

Malware 235

Malware 235

Troy Hunt

DECEMBER 3, 2023

A decade ago to the day, I published a tweet launching what would surely become yet another pet project that scratched an itch, was kinda useful to a few people but other than that, would shortly fade away into the same obscurity as all the other ones I'd launched over the previous couple of decades: It's alive! "Have I been pwned?" by @troyhunt is now up and running.

Data breaches 359

Data breaches Passwords Internet Internet 359

Schneier on Security

DECEMBER 4, 2023

I trusted a lot today. I trusted my phone to wake me on time. I trusted Uber to arrange a taxi for me, and the driver to get me to the airport safely. I trusted thousands of other drivers on the road not to ram my car on the way. At the airport, I trusted ticket agents and maintenance engineers and everyone else who keeps airlines operating. And the pilot of the plane I flew.

Surveillance 340

Surveillance Government Artificial Intelligence Internet 340

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Lohrman on Security

DECEMBER 3, 2023

There are several cybersecurity trends that truly deserve top attention when we look back at 2023 — and they will get it. Meanwhile, cyber attacks against critical infrastructure quietly grow, despite a lack of major attention.

Cyber Attacks 263

Cyber Attacks Cybersecurity 263

Krebs on Security

DECEMBER 6, 2023

More than five years after domain name registrars started redacting personal data from all public domain registration records, the non-profit organization overseeing the domain industry has introduced a centralized online service designed to make it easier for researchers, law enforcement and others to request the information directly from registrars.

Phishing 224

Phishing Malware Scams Internet 224

Security Affairs

DECEMBER 8, 2023

Researchers devised a novel attack vector for process injection, dubbed Pool Party, that evades EDR solutions. Researchers from cybersecurity firm SafeBreach devised a set of process injection techniques, dubbed Pool Party, that allows bypassing EDR solutions. They presented the technique at Black Hat Europe 2023. The experts relied on the less-explored Windows thread pools to discover a novel attack vector for process injection.

Hacking 131

Hacking Malware Cybersecurity Information Security 131

Malwarebytes

DECEMBER 7, 2023

Android phones are vulnerable to attacks that could allow someone to takeover a device remotely without the device owner needing to do anything. Updates for these vulnerabilities and more are included in Google’s Android security bulletin for December. In total, there are patches for 94 vulnerabilities, including five rated as “Critical.” The most severe of these flaws is a vulnerability in the System component that could lead to remote code execution (RCE) without any additional execution

Cybersecurity 137

Cybersecurity Risk 137

Tech Republic Security

DECEMBER 4, 2023

The ASEAN region is seeing more cyber attacks as digitisation advances. Recorded Future CISO Jason Steer said software digital supply chains are one of the top risks being faced.

Cyber Attacks 156

Cyber Attacks Risk CISO Software 156

Troy Hunt

DECEMBER 2, 2023

I'm irrationally excited about the new Prusa 3D printer on order, and I think that's mostly to do with planning for the NDC Oslo talk I plan to do with Elle, my 11-year old daughter. I'm all for getting the kids exposure not just to tech, but also to being able to talk to others about tech and involving them in conference talks since a young age has been a big part of that.

Technology 222

Technology 222

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Schneier on Security

DECEMBER 7, 2023

When you get a push notification on your Apple or Google phone, those notifications go through Apple and Google servers. Which means that those companies can spy on them—either for their own reasons or in response to government demands. Sen. Wyden is trying to get to the bottom of this : In a statement, Apple said that Wyden’s letter gave them the opening they needed to share more details with the public about how governments monitored push notifications. “In this case, the fed

Surveillance 252

Surveillance Government Accountability Spyware 252

Kali Linux

DECEMBER 4, 2023

With 2023 coming to an end and before the holiday season starts, we thought today would be a good time to release Kali 2023.4. Whilst this release may not have the most end-user features in it again, there are a number of new platform offerings and there still has been a lot of changes going on behind-the-scenes for us, which has a positive knock-on effect resulting in a benefit for everyone.

Passwords 145

Passwords Firmware Architecture Software 145

Bleeping Computer

DECEMBER 6, 2023

Academic researchers developed a new side-channel attack called SLAM that exploits hardware features designed to improve security in upcoming CPUs from Intel, AMD, and Arm to obtain the root password hash from the kernel memory. [.

Passwords 133

Passwords 133

Tech Republic Security

DECEMBER 7, 2023

Starting Dec. 18, publicly traded companies will need to report material cyber threats to the SEC. Deloitte offers business leaders tips on how to prepare for these new SEC rules.

Cyber threats 128

Cyber threats Cybersecurity 128

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

The Hacker News

DECEMBER 8, 2023

A collection of security flaws in the firmware implementation of 5G mobile network modems from major chipset vendors such as MediaTek and Qualcomm impact USB and IoT modems as well as hundreds of smartphone models running Android and iOS.

Firmware 117

Firmware IoT Mobile 117

Schneier on Security

DECEMBER 5, 2023

Spying and surveillance are different but related things. If I hired a private detective to spy on you, that detective could hide a bug in your home or car, tap your phone, and listen to what you said. At the end, I would get a report of all the conversations you had and the contents of those conversations. If I hired that same private detective to put you under surveillance, I would get a different report: where you went, whom you talked to, what you purchased, what you did.

Surveillance 254

Surveillance Spyware Data privacy Government 254

Security Boulevard

DECEMBER 7, 2023

Understanding the scope and impact of BEC is critical for any business that wants to protect itself from this insidious threat. The post Concerned About Business Email Compromise? 4 Technologies That Can Help appeared first on Security Boulevard.

Technology 120

Technology Social Engineering Phishing Engineering 120

Bleeping Computer

DECEMBER 5, 2023

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning about hackers actively exploiting a critical vulnerability in Adobe ColdFusion identified as CVE-2023-26360 to gain initial access to government servers. [.

Cybersecurity 143

Cybersecurity Government 143

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

Risk

Tech Republic Security

DECEMBER 6, 2023

Based on the security researchers' analysis of the 2023 cyberthreat landscape, we highlight new or heightened risks.

Malware 165

Malware Ransomware Risk Network Security 165

Graham Cluley

DECEMBER 4, 2023

Ransomware hits firm that providing cloud services to credit unions in order ensure that their business activities could "operate without interruption, even when nothing else seems to be going well." Read more in my article on the Tripwire State of Security blog.

Ransomware 129

Ransomware Data breaches Malware 129

Schneier on Security

DECEMBER 6, 2023

Interesting analysis : This paper discusses the protocol used for electing the Doge of Venice between 1268 and the end of the Republic in 1797. We will show that it has some useful properties that in addition to being interesting in themselves, also suggest that its fundamental design principle is worth investigating for application to leader election protocols in computer science.

Cybersecurity 238

Cybersecurity 238

Security Boulevard

DECEMBER 5, 2023

Not nice: Hacker claimed 20 million, 23andMe said it was only 14,000—but now admits to 6.9 million. The post 23andMe Finally Admits: 6.9 MILLION Users’ PII Breached appeared first on Security Boulevard.

Security Awareness 130

Security Awareness Data privacy Digital transformation Network Security 130

Speaker: Ronald Eddings, Cybersecurity Expert and Podcaster

So, you’ve accomplished an organization-wide SaaS adoption. It started slow, and now just a few team members might be responsible for running Salesforce, Slack, and a few others applications that boost productivity, but it’s all finished. Or is it? Through all the benefits offered by SaaS applications, it’s still a necessity to onboard providers as quickly as possible.

Risk

Bleeping Computer

DECEMBER 4, 2023

WordPress administrators are being emailed fake WordPress security advisories for a fictitious vulnerability tracked as CVE-2023-45124 to infect sites with a malicious plugin. [.

141

141

Tech Republic Security

DECEMBER 7, 2023

AMI, Insyde and Lenovo have released patches for LogoFAIL, an image library poisoning attack. Learn more about LogoFAIL.

Technology 153

Technology 153

Security Affairs

DECEMBER 7, 2023

Russia-linked group APT28 exploited Microsoft Outlook zero-day to target European NATO members, including a NATO Rapid Deployable Corps. Palo Alto Networks’ Unit 42 reported that the Russia-linked APT28 (aka “Forest Blizzard”, “Fancybear” or “Strontium”) group exploited the CVE-2023-23397 vulnerability in attacks aimed at European NATO members.

Telecommunications 108

Telecommunications Government Phishing Hacking 108

Schneier on Security

DECEMBER 8, 2023

New attack breaks forward secrecy in Bluetooth. Three. news articles. The vulnerability has been around for at least a decade.

Authentication 239

Authentication 239

Speaker: Karl Camilleri, Cloud Services Product Manager at phoenixNAP

Did you know that 2021 was a record-breaking year for ransomware? The days of a “once in a while” attack against businesses and organizations are over. Cyberthreats have become a serious issue. With 495.1 million attacks, the threat marked a 148% increase compared to 2020 and was the most expensive year on record! As a result, data protection needs to be a concern for most banks, businesses, and information technology specialists.

Ransomware

Security Boulevard

DECEMBER 5, 2023

With the proliferation of data in all aspects of life, from personal information to business operations, its protection becomes more critical than ever. The post What the Future Holds for Data Security appeared first on Security Boulevard.

Data privacy 130

Data privacy Risk Cybersecurity Government 130

Bleeping Computer

DECEMBER 6, 2023

Japanese car maker Nissan is investigating a cyberattack that targeted its systems in Australia and New Zealand, which may have let hackers access personal information. [.

Data breaches 135

Data breaches 135

Tech Republic Security

DECEMBER 7, 2023

The purpose of the Incident Reporting and Response Procedures Policy from TechRepublic Premium is to establish a clear and efficient process for employees to report security breaches, device loss, or data exposure incidents involving personal devices used for work purposes. From the policy: CONFIDENTIAL REPORTING Employees are strongly encouraged to promptly report incidents, and they.

116

116

WIRED Threat Level

DECEMBER 4, 2023

A WIRED investigation into internet censorship in US schools found widespread use of filters to censor health, identity, and other crucial information. Students say it makes the web entirely unusable.

Internet 125

Internet Internet 125

Speaker: P. Andrew Sjogren, Sr. Product Marketing Manager at Very Good Security, Matt Doka, Co-Founder and CTO of Fivestars, and Steve Andrews, President & CEO of the Western Bankers Association 

PCI compliance can feel challenging and sometimes the result feels like you are optimizing more for security and compliance than you are for business outcomes. The key is to take the right strategy to PCI compliance that gets you both. In this webinar, we have a great set of panelists who will take you through how Zero Data strategies can be used as part of a well-rounded compliance and security approach, and get you to market much sooner by also allowing for payment optimization.

Marketing