Trending Articles

article thumbnail

Safe, Secure, Anonymous, and Other Misleading Claims

Troy Hunt

Imagine you wanted to buy some s**t on the internet. Not the metaphorical kind in terms of "I bought some random s**t online", but literal s**t. Turds. Faeces. The kind of thing you never would have thought possible to buy online until. Shitexpress came along. Here's a service that enables you to send an actual piece of smelly s**t to "An irritating colleague.

article thumbnail

Hacking Gas Pumps via Bluetooth

Schneier on Security

Turns out pumps at gas stations are controlled via Bluetooth, and that the connections are insecure. No details in the article, but it seems that it’s easy to take control of the pump and have it dispense gas without requiring payment. It’s a complicated crime to monetize, though. You need to sell access to the gas pump to others.

Hacking 247
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Don’t Let Zombie Zoom Links Drag You Down

Krebs on Security

Many organizations — including quite a few Fortune 500 firms — have exposed web links that allow anyone to initiate a Zoom video conference meeting as a valid employee. These company-specific Zoom links, which include a permanent user ID number and an embedded passcode, can work indefinitely and expose an organization’s employees, customers or partners to phishing and other social engineering attacks.

article thumbnail

ROUNDTABLE: CISA’s prominent role sharing threat intel could get choked off this weekend

The Last Watchdog

Once again, politicians are playing political football, threatening a fourth partial government shutdown in a decade. Related: Biden’s cybersecurity strategy As this political theater runs its course one of the many things at risk is national security, particularly on the cyber warfare front. Given the divergent path s of the U.S. Senate and the U.S.

article thumbnail

From Complexity to Clarity: Strategies for Effective Compliance and Security Measures

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

article thumbnail

Build for Detection Engineering, and Alerting Will Improve (Part 3)

Anton on Security

This blog series was written jointly with Amine Besson, Principal Cyber Engineer, Behemoth CyberDefence and one more anonymous collaborator. In this blog (#3 in the series), we will start to define and refine our detection engineering machinery to avoid the problems covered in Parts 1 and 2. Detection Engineering is Painful — and It Shouldn’t Be (Part 1) Detection Engineering and SOC Scalability Challenges (Part 2) Adopting detection engineering practices should have a roadmap and eventually bec

article thumbnail

Critical Vulnerability in libwebp Library

Schneier on Security

Both Apple and Google have recently reported critical vulnerabilities in their systems—iOS and Chrome, respectively—that are ultimately the result of the same vulnerability in the libwebp library: On Thursday, researchers from security firm Rezillion published evidence that they said made it “highly likely” both indeed stemmed from the same bug, specifically in libwebp, the code library that apps, operating systems, and other code libraries incorporate to process WebP ima

260
260

More Trending

article thumbnail

‘Snatch’ Ransom Group Exposes Visitor IP Addresses

Krebs on Security

The victim shaming site operated by the Snatch ransomware group is leaking data about its true online location and internal operations, as well as the Internet addresses of its visitors, KrebsOnSecurity has found. The leaked data suggest that Snatch is one of several ransomware groups using paid ads on Google.com to trick people into installing malware disguised as popular free software, such as Microsoft Teams , Adobe Reader , Mozilla Thunderbird , and Discord.

article thumbnail

Many Cyber Attacks Begin by Breaking Human Trust

Lohrman on Security

Sophisticated social engineering attacks have led to hundreds of data breaches this year. What can be done? And what new resources can help?

article thumbnail

GUEST ESSAY: Has shielding and blocking electromagnetic energy become the new normal?

The Last Watchdog

Surrounded by the invisible hum of electromagnetic energy, we’ve harnessed its power to fuel our technological marvels for decades. Related: MSFT CEO calls for regulating facial recognition tech Tesla’s visionary insights from 1900 hinted at the potential, and today, we bask in the glow of interconnected networks supporting our digital lives.

article thumbnail

NSA AI Security Center

Schneier on Security

The NSA is starting a new artificial intelligence security center: The AI security center’s establishment follows an NSA study that identified securing AI models from theft and sabotage as a major national security challenge, especially as generative AI technologies emerge with immense transformative potential for both good and evil. Nakasone said it would become “NSA’s focal point for leveraging foreign intelligence insights, contributing to the development of best practices g

article thumbnail

Successful Change Management with Enterprise Risk Management

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

article thumbnail

Browse Safer and Faster Around the World with JellyVPN — Now Just $34.99

Tech Republic Security

This high-speed, unlimited VPN offers quality connections all over the globe. Get huge savings now when you sign up for life at TechRepublic Academy.

VPN 147
article thumbnail

A Closer Look at the Snatch Data Ransom Group

Krebs on Security

Earlier this week, KrebsOnSecurity revealed that the darknet website for the Snatch ransomware group was leaking data about its users and the crime gang’s internal operations. Today, we’ll take a closer look at the history of Snatch, its alleged founder, and their claims that everyone has confused them with a different, older ransomware group by the same name.

article thumbnail

FBI: Crippling 'Dual Ransomware Attacks' on the Rise

Dark Reading

Once they compromise an victim with an initial ransomware attack, threat actors are ready to deploy a secondary attack with a different strain, which could leave even more damage.

article thumbnail

Black Hat Fireside Chat: In a hyper-connected world, effectively securing APIs is paramount

The Last Watchdog

APIs. The glue of hyper connectivity; yet also the wellspring of risk. Related: The true scale of API breaches I had an enlightening discussion at Black Hat USA 2023 with Traceable.ai Chief Security Officer Richard Bird about how these snippets of code have dramatically expanded the attack surface in ways that have largely been overlooked. Please give the accompanying podcast a listen.

CSO 200
article thumbnail

Cover Your SaaS: How to Overcome Security Challenges and Risks For Your Organization

Speaker: Ronald Eddings, Cybersecurity Expert and Podcaster

So, you’ve accomplished an organization-wide SaaS adoption. It started slow, and now just a few team members might be responsible for running Salesforce, Slack, and a few others applications that boost productivity, but it’s all finished. Or is it? Through all the benefits offered by SaaS applications, it’s still a necessity to onboard providers as quickly as possible.

article thumbnail

Microsoft Defender no longer flags Tor Browser as malware

Bleeping Computer

For Windows users who frequently use the TorBrowser, there's been a pressing concern. Recent versions of the TorBrowser, specifically because of the tor.exe file it contained, were being flagged as potential threats by Windows Defender. [.

Malware 139
article thumbnail

Quick Glossary: Cybersecurity Attacks

Tech Republic Security

It doesn’t matter whether your organization is a huge multinational business enterprise or a one-person operation. At some point, your computer networks and systems will be attacked by someone with criminal intent. Cybersecurity attacks, in all their various forms, are inevitable and relentless. This quick glossary from TechRepublic Premium explains the terminology behind the most.

article thumbnail

Malicious Ads in Bing Chat

Schneier on Security

Malicious ads are creeping into chatbots.

article thumbnail

Making Sense of Today's Payment Cybersecurity Landscape

Dark Reading

PCI DSS v4.0 is the future of the payment card industry's information security standard, but businesses must continue to look beyond this guidance and engage in proactive strategies of their own.

article thumbnail

How Preparation and Strategy Can Be Used to Fight and Defeat Any Ransomware Attack

Speaker: Karl Camilleri, Cloud Services Product Manager at phoenixNAP

Did you know that 2021 was a record-breaking year for ransomware? The days of a “once in a while” attack against businesses and organizations are over. Cyberthreats have become a serious issue. With 495.1 million attacks, the threat marked a 148% increase compared to 2020 and was the most expensive year on record! As a result, data protection needs to be a concern for most banks, businesses, and information technology specialists.

article thumbnail

BREAKING NEWS Q&A: What Cisco’s $28 billion buyout of Splunk foretells about cybersecurity

The Last Watchdog

There’s a tiny bit more to Cisco’s acquisition of Splunk than just a lumbering hardware giant striving to secure a firmer foothold in the software business. Related: Why ‘observability’ is rising to the fo re Cisco CEO Chuck Robbins has laid down a $28 billion bet that he’ll be able to overcome challenges Cisco is facing as its networking equipment business slows, beset by supply chain issues and reduced demand, post Covid 19.

article thumbnail

Update Chrome Now: Google Releases Patch for Actively Exploited Zero-Day Vulnerability

The Hacker News

Google on Wednesday rolled out fixes to address a new actively exploited zero-day in the Chrome browser. Tracked as CVE-2023-5217, the high-severity vulnerability has been described as a heap-based buffer overflow in the VP8 compression format in libvpx, a free software video codec library from Google and the Alliance for Open Media (AOMedia).

Software 140
article thumbnail

How To Implement Zero Trust: Best Practices and Guidelines

Tech Republic Security

Learn how to implement a Zero Trust security model with our comprehensive guide. Discover the best practices and steps to secure your organization.

Software 153
article thumbnail

Malicious ad served inside Bing's AI chatbot

Malwarebytes

In February 2023, Microsoft disclosed its new AI-assisted search engine, Bing Chat, powered by OpenAI's GPT-4. Even though Google has been dominating the search industry for years, this event was significant enough to generate not only interest but also plant the seed for a possible change in the balance in the future. Considering that tech giants make most of their revenue from advertising, it wasn't surprising to see Microsoft introduce ads into Bing Chat shortly after its release.

Malware 139
article thumbnail

How to Avoid the Pain and Cost of PCI Compliance While Optimizing Payments

Speaker: P. Andrew Sjogren, Sr. Product Marketing Manager at Very Good Security, Matt Doka, Co-Founder and CTO of Fivestars, and Steve Andrews, President & CEO of the Western Bankers Association 

PCI compliance can feel challenging and sometimes the result feels like you are optimizing more for security and compliance than you are for business outcomes. The key is to take the right strategy to PCI compliance that gets you both. In this webinar, we have a great set of panelists who will take you through how Zero Data strategies can be used as part of a well-rounded compliance and security approach, and get you to market much sooner by also allowing for payment optimization.

article thumbnail

North Korea Poses as Meta to Deploy Complex Backdoor at Aerospace Org

Dark Reading

The Lazarus Group's "LightlessCan" malware executes multiple native Windows commands within the RAT itself, making detection significantly harder, security vendor says.

Malware 123
article thumbnail

Cloudflare DDoS protections ironically bypassed using Cloudflare

Bleeping Computer

Cloudflare's Firewall and DDoS prevention can be bypassed through a specific attack process that leverages logic flaws in cross-tenant security controls. [.

DDOS 141
article thumbnail

DarkBeam leaks billions of email and password combinations

Security Affairs

DarkBeam left an Elasticsearch and Kibana interface unprotected, exposing records from previously reported and non-reported data breaches. The leaked logins present cybercriminals with almost limitless attack capabilities. DarkBeam, a digital risk protection firm, left an Elasticsearch and Kibana interface unprotected, exposing records with user emails and passwords from previously reported and non-reported data breaches.

Passwords 140
article thumbnail

Video Encoding Library Leaves Chrome, Firefox and More Open to Zero-Day Attack

Tech Republic Security

Google and Mozilla have patched the zero-day vulnerability, which originates in the libvpx library.

Software 179
article thumbnail

ERM Program Fundamentals for Success in the Banking Industry

Speaker: William Hord, Senior VP of Risk & Professional Services

Enterprise Risk Management (ERM) is critical for industry growth in today’s fast-paced and ever-changing risk landscape. When building your ERM program foundation, you need to answer questions like: Do we have robust board and management support? Do we understand and articulate our bank’s risk appetite and how that impacts our business units? How are we measuring and rating our risk impact, likelihood, and controls to mitigate our risk?

article thumbnail

Google’s Bard conversations turn up in search results

Malwarebytes

Google is coming under scrutiny after people discovered transcripts of conversations with its AI chatbot Bard are being indexed in Google search results. Bard is Google’s answer to ChatGPT, and allows users to have conversations with an AI. Services like these have attracted a lot of attention, because with a bit of tweaking and getting used to they can be really helpful in speeding up tasks.

article thumbnail

Fast-Growing Dropbox Campaign Steals Microsoft SharePoint Credentials

Dark Reading

Thousands of messages are being sent weekly in a campaign that uses links hosted on legitimate websites to evade natural language processing and URL-scanning email protections.

106
106
article thumbnail

Exploit released for Microsoft SharePoint Server auth bypass flaw

Bleeping Computer

Proof-of-concept exploit code has surfaced on GitHub for a critical authentication bypass vulnerability in Microsoft SharePoint Server, allowing privilege escalation. [.

article thumbnail

Exclusive: Lighting the Exfiltration Infrastructure of a LockBit Affiliate (and more)

Security Affairs

Researchers have identified the exfiltration infrastructure of a LockBit affiliate while investigating a LockBit extortion incident that occurred in Q3 2023. Executive Summary We investigated a recent LockBit extortion incident that occurred in Q3 2023, which involved an unusual FTP server located in Moscow. The hostname of this server was identified as matching many hostnames found in various posts on the LockBit leak site.

article thumbnail

Back to the Office: Privacy and Security Solutions to Compliance Issues for 2021 and Beyond

Speaker: Mike Cramer, Director of HIPAA & Data Security at The Word & Brown Companies

The COVID-19 pandemic forced many people into working remotely, opening the floodgates for a host of digital compliance issues. Now that companies are slowly allowing employees to return to work at the office, it's time to re-evaluate your company’s posture towards privacy and security. This is especially vital if your workers were (and still are!) using company equipment from home, or are still working remotely.