Schneier on Security
JANUARY 20, 2023
From an article about Zheng Xiaoqing, an American convicted of spying for China: According to a Department of Justice (DOJ) indictment, the US citizen hid confidential files stolen from his employers in the binary code of a digital photograph of a sunset, which Mr Zheng then mailed to himself.
Security Boulevard
JANUARY 20, 2023
The Un-carrier is In-secure, it seems. Un-believable. In-credibly in-competent. CEO Mike Sievert (pictured) might become un-CEO. The post T-Mobile’s SIXTH Breach in 5 years: 37M Users’ PII Leaks appeared first on Security Boulevard.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
eSecurity Planet
JANUARY 20, 2023
CyberArk researchers are warning that OpenAI’s popular new AI tool ChatGPT can be used to create polymorphic malware. “[ChatGPT]’s impressive features offer fast and intuitive code examples, which are incredibly beneficial for anyone in the software business,” CyberArk researchers Eran Shimony and Omer Tsarfati wrote this week in a blog post that was itself apparently written by AI. “However, we find that its ability to write sophisticated malware that holds no mali
Security Boulevard
JANUARY 20, 2023
I’m not sure what is less surprising, that a big company got hacked or that they are trying to play the victim. The headline is that T-Mobile acknowledged that data on roughly 37 million customers was stolen. The breach resulted from a “bad actor” abusing an API to gain access to the data. First, let’s. The post T-Mobile API Breach: Playing the Victim appeared first on Security Boulevard.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Tech Republic Security
JANUARY 20, 2023
This deal includes full licenses to Genie Timeline Pro 10 for three devices. The post Get lifetime access to this powerful backup tool for $59.99 appeared first on TechRepublic.
Security Boulevard
JANUARY 20, 2023
Whether the project is a renovation, expansion or a new building, construction projects are typically time-consuming and expensive ventures. Active and ongoing construction projects are worth monitoring for security, accountability and liability. There are multiple ways that CCTV remote monitoring can benefit construction companies and property owners. 1.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Security Boulevard
JANUARY 20, 2023
The average cost of data breaches rose to $4.35 million in 2022. To avoid a security breach, businesses need to rethink their approach to security, futureproofing their strategy against the modern threat climate. To improve your security strategy, you should consider the benefits of integrating access control and video security. There are three reasons access.
Bleeping Computer
JANUARY 20, 2023
Two vulnerabilities in the Galaxy App Store, Samsung's official repository for its devices, could enable attackers to install any app in the Galaxy Store without the user's knowledge or to direct victims to a malicious web location. [.
Security Boulevard
JANUARY 20, 2023
Information stealing malware is commonly observed in the landscape of cyber attacks today. Zscaler ThreatLabz team has discovered many new types of stealer malware families across different attack campaigns. Recently, the Zscaler ThreatLabz research team has spotted a new information stealer named Album. This blog will walk through the malware distribution campaigns and technical details of Album Stealer.
Bleeping Computer
JANUARY 20, 2023
Over 19,000 end-of-life Cisco VPN routers on the Internet are exposed to attacks targeting a remote command execution exploit chain. [.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Security Boulevard
JANUARY 20, 2023
The Federal Communications Commission (FCC) is stepping up the pressure on telecom companies to immediately report breaches to law enforcement and consumers. Until now, telecoms have enjoyed a seven-day waiting period between discovering an intrusion and reporting it to users. In the nearly 15 years since the commission set reporting requirements, breaches have “increased in.
Bleeping Computer
JANUARY 20, 2023
Suspected Chinese hackers exploited a recently disclosed FortiOS SSL-VPN vulnerability as a zero-day in December, targeting a European government and an African MSP with a new custom 'BOLDMOVE' Linux and Windows malware. [.
Security Boulevard
JANUARY 20, 2023
As you look to grow your business, you’ll likely strive to implement marketing efforts to reach new customers, raise visibility Read More The post Are You Combining Your Online and Offline Marketing Efforts? appeared first on Kaseya. The post Are You Combining Your Online and Offline Marketing Efforts? appeared first on Security Boulevard.
WIRED Threat Level
JANUARY 20, 2023
Research shows that relatively few people exist in perfectly sealed-off media bubbles—but they’re still having an outsize impact on US politics.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
The Hacker News
JANUARY 20, 2023
Threat actors associated with the Roaming Mantis attack campaign have been observed delivering an updated variant of their patent mobile malware known as Wroba to infiltrate Wi-Fi routers and undertake Domain Name System (DNS) hijacking. Kaspersky, which carried out an analysis of the malicious artifact, said the feature is designed to target specific Wi-Fi routers located in South Korea.
Identity IQ
JANUARY 20, 2023
Should You Pay Your Credit Card Statement Balance or Current Balance? IdentityIQ Have you ever looked at your bank statement and wondered, what’s the difference between your statement balance and your current balance? Don’t worry. You’re not alone! In this blog, we’re breaking down the differences between a statement balance and a current balance.
The Hacker News
JANUARY 20, 2023
The Irish Data Protection Commission (DPC) on Thursday imposed fresh fines of €5.5 million against Meta's WhatsApp for violating data protection laws when processing users' personal information.
Graham Cluley
JANUARY 20, 2023
Wireless network operator T-Mobile has suffered yet another data breach. And we shouldn't be at all surprised if fraudsters use the information that they have stolen to send convincing phishing messages and scams.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Dark Reading
JANUARY 20, 2023
Head off account takeover attacks by being proactive about IoT security. Start with designing and building better security protocols into IoT devices, always change weak default configurations, and regularly apply patches to ensure that IoT devices are secure.
Heimadal Security
JANUARY 20, 2023
Brute force attacks are a persistent security threat that has evolved over the years as technology advances. In this article, we’ll explore what a brute force attack is, its modus operandi and variants, and what prevention strategies you can use to protect your data. What Is a Brute Force Attack? A brute force attack is […] The post What Is a Brute Force Attack?
Dark Reading
JANUARY 20, 2023
Zendesk has alerted customers to a successful SMS phishing campaign that has exposed "service data," but details remain scarce.
Malwarebytes
JANUARY 20, 2023
Card fraud, a staple diet of scammers online, is currently featuring heavily on the US Department of Justice portal. The reason? A story which has rumbled on for a few years finally seems to be pulling into its final destination, as a man admits his role in a slice of fraud which impacted thousands of people across the US. A timeline of credit card fraud Back in 2019, three people alleged to be part of a “nationwide stolen credit card ring” were arrested in January of that same year.
Advertisement
The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.
The Hacker News
JANUARY 20, 2023
The Russian state-sponsored cyber espionage group known as Gamaredon has continued its digital onslaught against Ukraine, with recent attacks leveraging the popular messaging app Telegram to strike military and law enforcement sectors in the country.
Bleeping Computer
JANUARY 20, 2023
There has been quite a bit of ransomware news this week, with crypto exchanges being seized for alleged money laundering and researchers providing fascinating reports on the behavior of ransomware operators. [.
Heimadal Security
JANUARY 20, 2023
T-Mobile announced a new data breach after a threat actor used one of its Application Programming Interfaces to steal personal data from 37 million active postpaid and prepaid customer accounts (APIs). 37 Million Accounts Impacted On Thursday, the telecommunication giant T-Mobile revealed that it detected malicious activity on January 5, 2023. The attacker started stealing […] The post T-Mobile API Data Breach Affects 37 Million Customers appeared first on Heimdal Security Blog.
Security Affairs
JANUARY 20, 2023
An alleged Chinese threat actor was observed exploiting the recently patched CVE-2022-42475 vulnerability in FortiOS SSL-VPN. Researchers from Mandiant reported that suspected Chinese threat actors exploited the recently patched CVE-2022-42475 vulnerability in FortiOS SSL-VPN as a zero-day. According to the security firm, the vulnerability was exploited in attacks against a series of targets, including a European government entity and a managed service provider located in Africa.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Malwarebytes
JANUARY 20, 2023
A threat actor successfully used compromised employee credentials to gain access to 133 accounts on Mailchimp, the mainstream Intuit-owned email marketing platform, in a security incident that recently came to light. "On January 11, the Mailchimp Security team identified an unauthorized actor accessing one of our tools used by Mailchimp customer-facing teams for customer support and account administration," said Mailchimp in a blog post.
Heimadal Security
JANUARY 20, 2023
On January 18th, Yum! Brands closed almost 300 of its restaurants in the UK due to a ransomware attack launched by an unknown malicious group. The US-based company owns KFC, Pizza Hut, and Taco Bell fast-food restaurant chains, among others, and reported making $1.3 billion in yearly net profit. The impacted restaurants were only closed […] The post Ransomware Attack Shuts Down KFC and Pizza Hut Brand Owner`s Restaurants appeared first on Heimdal Security Blog.
We Live Security
JANUARY 20, 2023
Ransomware revenue plunges to $456 million in 2022 as more victims refuse to pay up. Here's what to make of the trend.
Heimadal Security
JANUARY 20, 2023
Pro-Russian hacktivist group Genesis Day claims to have breached Samsung’s internal servers over South Korea’s collaboration with NATO. The attackers posted an ad on a popular hacking forum, claiming they found their way into Samsung’s internal FTP service. Because South Korea has recently strengthened its cooperation with NATO and targeted other countries.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Expert insights. Personalized for you.
284 
Let's personalize your content