Tue.Jan 24, 2023

article thumbnail

Bulk Surveillance of Money Transfers

Schneier on Security

Just another obscure warrantless surveillance program. US law enforcement can access details of money transfers without a warrant through an obscure surveillance program the Arizona attorney general’s office created in 2014. A database stored at a nonprofit, the Transaction Record Analysis Center (TRAC), provides full names and amounts for larger transfers (above $500) sent between the US, Mexico and 22 other regions through services like Western Union, MoneyGram and Viamericas.

article thumbnail

Administrator of RSOCKS Proxy Botnet Pleads Guilty

Krebs on Security

Denis Emelyantsev , a 36-year-old Russian man accused of running a massive botnet called RSOCKS that stitched malware into millions of devices worldwide, pleaded guilty to two counts of computer crime violations in a California courtroom this week. The plea comes just months after Emelyantsev was extradited from Bulgaria, where he told investigators, “America is looking for me because I have enormous information and they need it.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

How hackers stole the personal data of 37 million T-Mobile customers

Tech Republic Security

The criminals took advantage of an API to grab personal details such as customer names, billing addresses, email addresses, phone numbers, dates of birth, and T-Mobile account numbers. The post How hackers stole the personal data of 37 million T-Mobile customers appeared first on TechRepublic.

Mobile 216
article thumbnail

What is PSaaS and is it Worthwhile?

Security Boulevard

Cloud computing has been adopted more rapidly in recent years, and we see more cloud applications in security. As businesses return to the office, they need to rethink physical security to futureproof their security strategy against the constantly evolving security landscape. Is physical security-as-a-service (PSaaS) the solution for a futureproof security strategy?

article thumbnail

Human-Centered Cyber Security Training: Driving Real Impact on Security Culture

Speaker: Speakers:

In today's digital age, having an untrained workforce can be a significant risk to your business. Cyber threats are evolving; without proper training, your employees could be the weakest link in your defense. This webinar empowers leaders like you with the tools and strategies needed to transform your employees into a robust frontline defense against cyber attacks.

article thumbnail

Recent rise in SEO poisoning attacks compromise brand reputations

Tech Republic Security

A new research report from SentinelOne exposes a SEO poisoning attack campaign that hijacks brand names in paid search ads. The post Recent rise in SEO poisoning attacks compromise brand reputations appeared first on TechRepublic.

Media 193
article thumbnail

GoTo says hackers stole customers' backups and encryption key

Bleeping Computer

GoTo (formerly LogMeIn) is warning customers that threat actors who breached its development environment in November 2022 stole encrypted backups containing customer information and an encryption key for a portion of that data. [.

Backups 141

More Trending

article thumbnail

Ransomware access brokers use Google ads to breach your network

Bleeping Computer

A threat actor tracked as DEV-0569 uses Google Ads in widespread, ongoing advertising campaigns to distribute malware, steal victims' passwords, and ultimately breach networks for ransomware attacks. [.

article thumbnail

Companies slow to “mask up” with zero trust cybersecurity protocols

Tech Republic Security

A new study by Gartner predicts that by 2026 just 10% of companies will have zero-trust protocols in place against cybersecurity exploits. The post Companies slow to “mask up” with zero trust cybersecurity protocols appeared first on TechRepublic.

article thumbnail

SHARED INTEL: Here’s why security analysts need to remain on high alert for fake bug reports

The Last Watchdog

In an ideal world, cybersecurity analysts would get legitimate daily reports on improving a company’s security. Unfortunately, the likelihood of being handed unsolicited, untrustworthy advice is high. Related: Tech giants foster third-party snooping This is what fake bug reports are all about. Scammers now routinely spray out fake bug reports designed to take advantage of the naiveite and/or lack of vigilance of security analysts in the field.

article thumbnail

Google advertisements turning into malware spreading platforms

CyberSecurity Insiders

The next time when you search for a software download on the Google search engine, be cautious, as the software might also bring in new trouble as malware or might strictly act as a source to malware spread that can steal data and encrypt all the information on the web. Security analysts from MalwareHunterTeam have discovered a threat actor tracked DEV-0569 spreading malware dubbed ‘Rhadamanthys’( Son of Zeus in Greek) by hosting it in Google Ads.

article thumbnail

The Importance of User Roles and Permissions in Cybersecurity Software

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

article thumbnail

Cybercriminals Use VSCode Extensions as New Attack Vector

eSecurity Planet

Microsoft’s Visual Studio Code integrated development environment (IDE) is used by as much as 75% of developers, so any security issue has widespread implications. And Aqua Nautilus researchers have discovered a big one. The researchers reported earlier this month that the VSCode editor could be vulnerable to attacks targeting its extensions. The free open source and cross-platform IDE is very easy to use, and there are literally thousands of free extensions developers can install in one c

article thumbnail

China spies on the UK populace with microchips

CyberSecurity Insiders

Britain populace should start being cautious with smart appliances as security analysts suggest that china might have started a spying campaign on them via domestic appliances. Yes, what you’ve read is right! There is a fair amount of chance that Beijing might have weaponized millions of gadgets operating in the household of Britons through microchips.

article thumbnail

5 valuable skills your children can learn by playing video games

We Live Security

Gaming can help your children build and sharpen a range of life skills that will stand them in good stead in the future The post 5 valuable skills your children can learn by playing video games appeared first on WeLiveSecurity

133
133
article thumbnail

Attacking The Supply Chain: Developer

Trend Micro

In this proof of concept, we look into one of several attack vectors that can be abused to attack the supply chain: targeting the developer. With a focus on the local integrated developer environment (IDE), this proof considers the execution of malicious build scripts via injecting commands when the project or build is incorrectly “trusted”.

article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

The Security Challenges of API Sprawl

Security Boulevard

When you have a lot of something—of anything—it’s hard to keep track. It could be books, cats, tools in the garage, apps on the phone. And when you can’t keep track, you create some level of risk, likely as a result of poor inventory and control. Well, this is what we’re seeing with APIs today. The post The Security Challenges of API Sprawl appeared first on Security Boulevard.

Risk 119
article thumbnail

CYGNVS exits stealth, trumpeting its cyberattack recovery platform

CSO Magazine

Cyber recovery startup CYGNVS announced its emergence from stealth today, having raised $55 million in series A funding and created a highly functional “cyber crisis” platform which promises to help organizations recover from major breaches. The company’s product is in its name – CYGNVS says it’s an acronym for Cyber GuidaNce Virtual Space. It’s effectively an all-in-one disaster recovery system for cyberattacks.

Mobile 115
article thumbnail

VMware fixes critical security bugs in vRealize log analysis tool

Bleeping Computer

VMware released security patches on Tuesday to address vRealize Log Insight vulnerabilities that could enable attackers to gain remote execution on unpatched appliances. [.

114
114
article thumbnail

P-to-P fraud most concerning cyber threat in 2023: CSI

CSO Magazine

US financial institutions see peer-to-peer fraud and other digital fraud as the biggest cybersecurity concern in 2023. It was cited by 29% of respondents in a survey by Computer Systems Inc. (CSI), followed by data breaches (23%), ransomware (20%) and a breach at a third party (15%). Industry respondents also expressed concerns over identity theft at 4%, unavailable or unaffordable cyber insurance at 4%, geopolitical risks at 3%, DDoS attacks at 2% and website defacement at 0.9%, according to C

article thumbnail

Cybersecurity Predictions for 2024

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

article thumbnail

Hackers use Golang source code interpreter to evade detection

Bleeping Computer

A Chinese-speaking hacking group tracked as 'DragonSpark' was observed employing Golang source code interpretation to evade detection while launching espionage attacks against organizations in East Asia. [.

Hacking 110
article thumbnail

GoTo admits: Customer cloud backups stolen together with decryption key

Naked Security

We were going to write, "Once more unto the breach, dear friends, once more". but it seems to go without saying these days.

Backups 134
article thumbnail

How passkeys are changing authentication

CSO Magazine

Passwords are a central aspect of security infrastructure and practice, but they are also a principal weakness involved in 81% of all hacking breaches. Inherent useability problems make passwords difficult for users to manage safely. These security and useability shortcomings have driven the search for alternative approaches known generally as passwordless authentication.

article thumbnail

75k WordPress sites impacted by critical online course plugin flaws

Bleeping Computer

The WordPress online course plugin 'LearnPress' was vulnerable to multiple critical-severity flaws, including pre-auth SQL injection and local file inclusion. [.

108
108
article thumbnail

Beware of Pixels & Trackers on U.S. Healthcare Websites

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

article thumbnail

ServiceNow to detect open source security vulnerabilities with Snyk integration

CSO Magazine

ServiceNow Vulnerability Response users will now have access to Snyk Open Source. This will represent the Israeli-US vendor’s advanced software composition analysis (SCA) backed by Snyk’s security intelligence—a combination of public sources, data from the developer community, proprietary expert research, machine learning, and human-in-the-loop AI. ServiceNow Vulnerability Response is part of ServiceNow Security Operations and connects the workflow and automation capabilities of the ServiceNow p

article thumbnail

Fauda: When Hollywood and Cybersecurity Meet

Security Boulevard

The newest season of Fauda, now streaming on Netflix, is a real Hollywood meets Cybersecurity moment. Find out how realistic - or not - it is. The post Fauda: When Hollywood and Cybersecurity Meet appeared first on Ermetic. The post Fauda: When Hollywood and Cybersecurity Meet appeared first on Security Boulevard.

article thumbnail

Video game playing FISH live streams credit card 'theft'

Malwarebytes

A fish is in hot water (metaphorically speaking) after having performed some incredible antics on a video game live stream. The fish, known for playing popular video game titles to completion on live streams, decided to take that whole gamer lifestyle thing a little too far and went on a rip-roaring crime rampage which came to a grand total of about 4 dollars.

article thumbnail

Emotet Malware Makes a Comeback with New Evasion Techniques

The Hacker News

The Emotet malware operation has continued to refine its tactics in an effort to fly under the radar, while also acting as a conduit for other dangerous malware such as Bumblebee and IcedID.

Malware 97
article thumbnail

5 Key Findings From the 2023 FBI Internet Crime Report

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

article thumbnail

Own an older iPhone? Check you're on the latest version to avoid this bug

Malwarebytes

In December, 2022, we warned our readers about an actively exploited vulnerability in Apple’s WebKit. Back then we wondered why Apple specifically stated that the issue may have been actively exploited against versions of iOS released before iOS 15.1. At the time, our resident Apple expert Thomas Reed said that Apple has been known to release fixes for older systems when it is aware of active attacks taking place.

article thumbnail

Apple Issues Updates for Older Devices to Fix Actively Exploited Vulnerability

The Hacker News

Apple has backported fixes for a recently disclosed critical security flaw affecting older devices, citing evidence of active exploitation. The issue, tracked as CVE-2022-42856, is a type confusion vulnerability in the WebKit browser engine that could result in arbitrary code execution when processing maliciously crafted web content.

article thumbnail

Get lifetime access to this feature-rich VPN for just $60

Tech Republic Security

The Seed4.me VPN is now on sale for a limited time. The post Get lifetime access to this feature-rich VPN for just $60 appeared first on TechRepublic.

VPN 93
article thumbnail

Why And How To Implement A Company-Wide Cybersecurity Plan

SecureBlitz

Implementing a company-wide cybersecurity plan is essential for the success of any organization. With the rapid growth of technology, cybersecurity threats of any magnitude can come from anywhere and anytime. To avert this and protect your business, have a company-wide cybersecurity plan and ensure that it’s comprehensive and well-thought-out to protect your valuable data and […] The post Why And How To Implement A Company-Wide Cybersecurity Plan appeared first on SecureBlitz Cyberse

article thumbnail

Software Composition Analysis: The New Armor for Your Cybersecurity

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?