July, 2023

article thumbnail

The Importance of Penetration Testing in Cloud Security

Tech Republic Security

Read about penetration testing in cloud security and its importance, details about how it's done and the most common threats to cloud security. The post The Importance of Penetration Testing in Cloud Security appeared first on TechRepublic.

article thumbnail

Is Quantum Computing Right for Your Business?

Tech Republic Security

Learn about the benefits and use cases of quantum computing. Also, get details about quantum cryptography from an expert. The post Is Quantum Computing Right for Your Business? appeared first on TechRepublic.

Software 183
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Self-Driving Cars Are Surveillance Cameras on Wheels

Schneier on Security

Police are already using self-driving car footage as video evidence: While security cameras are commonplace in American cities, self-driving cars represent a new level of access for law enforcement ­ and a new method for encroachment on privacy, advocates say. Crisscrossing the city on their routes, self-driving cars capture a wider swath of footage.

article thumbnail

Microsoft denies data breach, theft of 30 million customer accounts

Bleeping Computer

Microsoft has denied the claims of the so-called hacktivists "Anonymous Sudan" that they breached the company's servers and stole credentials for 30 million customer accounts. [.

article thumbnail

The Importance of User Roles and Permissions in Cybersecurity Software

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

article thumbnail

Microsoft Teams Exploit Tool Auto-Delivers Malware

Dark Reading

The "TeamsPhisher" cyberattack tool gives pentesters — and adversaries — a way to deliver malicious files directly to a Teams user from an external account, or tenant.

Malware 145
article thumbnail

Free Akira ransomware decryptor released for victims who wish to recover their data without paying extortionists

Graham Cluley

There's good news for any business that has fallen victim to the Akira ransomware. Security researchers have developed a free decryption tool for files that have been encrypted since the Akira ransomware first emerged in March 2023. Read more in my article on the Tripwire State of Security blog.

More Trending

article thumbnail

New Malware Targets 97 Browser Variants, 76 Crypto Wallets & 19 Password Managers

Tech Republic Security

Learn how the Meduza Stealer malware works, what it targets and how to protect your company from this cybersecurity threat. The post New Malware Targets 97 Browser Variants, 76 Crypto Wallets & 19 Password Managers appeared first on TechRepublic.

article thumbnail

ESET Threat Report H1 2023

We Live Security

A view of the H1 2023 threat landscape as seen by ESET telemetry and from the perspective of ESET threat detection and research experts The post ESET Threat Report H1 2023 appeared first on WeLiveSecurity

article thumbnail

Snappy: A tool to detect rogue WiFi access points on open networks

Bleeping Computer

Cybersecurity researchers have released a new tool called 'Snappy' that can help detect fake or rogue WiFi access points that attempts to steal data from unsuspecting people. [.

article thumbnail

Researchers Uncover New Linux Kernel 'StackRot' Privilege Escalation Vulnerability

The Hacker News

Details have emerged about a newly identified security flaw in the Linux kernel that could allow a user to gain elevated privileges on a target host. Dubbed StackRot (CVE-2023-3269, CVSS score: 7.8), the flaw impacts Linux versions 6.1 through 6.4. There is no evidence that the shortcoming has been exploited in the wild to date.

121
121
article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

Google Searches for 'USPS Package Tracking' Lead to Banking Theft

Dark Reading

Attackers are leveraging well-executed brand impersonation in a Google ads malvertising effort that collects both credit card and bank details from victims.

Banking 127
article thumbnail

What Is the Difference Between IT Security and Cybersecurity?

CompTIA on Cybersecurity

Words matter. Especially when we’re using them to communicate with others. That said, how are you using IT security and cybersecurity?

article thumbnail

How to Check If Someone Else Accessed Your Google Account

Tech Republic Security

Review your recent Gmail access, browser sign-in history and Google account activity to make sure no one other than you has used your account.

article thumbnail

Deepfaking it: What to know about deepfake?driven sextortion schemes

We Live Security

Criminals increasingly create deepfake nudes from people’s benign public photos in order to extort money from them, the FBI warns The post Deepfaking it: What to know about deepfake‑driven sextortion schemes appeared first on WeLiveSecurity

article thumbnail

Beware of Pixels & Trackers on U.S. Healthcare Websites

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

article thumbnail

Apps with 1.5M installs on Google Play send your data to China

Bleeping Computer

Security researchers discovered two malicious file management applications on Google Play with a collective installation count of over 1.5 million that collected excessive user data that goes well beyond what's needed to offer the promised functionality. [.

Mobile 144
article thumbnail

SEC Sends Wells Notice to SolarWinds Executives

Security Boulevard

On June 23, 2023, SolarWinds revealed via an SEC Form 8-K filing that the U.S. Securities and Exchange Commission (SEC) notified the company that “certain current and former executive officers and employees of the company, including the company’s chief financial officer and chief information security officer,” had received Wells Notices. What is a Wells Notice, The post SEC Sends Wells Notice to SolarWinds Executives appeared first on Security Boulevard.

article thumbnail

Banking Firms Under Attack by Sophisticated 'Toitoin' Campaign

Dark Reading

An attack involves a multi-stage infection chain with custom malware hosted on Amazon EC2 that ultimately steals critical system and browser data; so far, targets have been located in Latin America.

Banking 113
article thumbnail

Ghostscript bug could allow rogue documents to run system commands

Naked Security

Even if you’ve never heard of the venerable Ghostscript project, you may have it installed without knowing.

133
133
article thumbnail

Software Composition Analysis: The New Armor for Your Cybersecurity

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

article thumbnail

Thales: For Data Breaches, Cloud Assets are Biggest Cybersecurity Headache

Tech Republic Security

Thales cloud security study shows that 79% of organizations have more than one cloud provider and 75% of companies said they store at least 40% of their sensitive data in the cloud. The post Thales: For Data Breaches, Cloud Assets are Biggest Cybersecurity Headache appeared first on TechRepublic.

article thumbnail

What’s up with Emotet?

We Live Security

ESET research looks back at what Emotet has been up to since its comeback following the takedown in an international collaborative effort in early 2021.

114
114
article thumbnail

Critical TootRoot bug lets attackers hijack Mastodon servers

Bleeping Computer

Mastodon, the free and open-source decentralized social networking platform, has patched four vulnerabilities, including a critical one that allows hackers to create arbitrary files on instance-hosting servers using specially crafted media files. [.

Media 142
article thumbnail

How We Found Another GitHub Action Environment Injection Vulnerability in a Google Project

Security Boulevard

This blog shows another case of GitHub Actions environment injection vulnerability in a Google repository. The previous case where we found vulnerabilities in Firebase repositories can be found here with a detailed explanation of the underline mechanism that allows this type of vulnerabilities. By exploiting this vulnerability an attack could put Google’s Orbit users and maintainers at risk by injecting malicious code, conducting phishing attacks and more, depending on the project specific confi

Phishing 111
article thumbnail

From Complexity to Clarity: Strategies for Effective Compliance and Security Measures

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

article thumbnail

Microsoft Discloses 5 Zero-Days in Voluminous July Security Update

Dark Reading

Fixes for more than 100 vulnerabilities affect numerous products, including Windows, Office,Net, and Azure Active Directory, among others.

128
128
article thumbnail

Two Spyware Apps on Google Play with 1.5 Million Users Sending Data to China

The Hacker News

Two file management apps on the Google Play Store have been discovered to be spyware, putting the privacy and security of up to 1.5 million Android users at risk. These apps engage in deceptive behaviour and secretly send sensitive user data to malicious servers in China. Pradeo, a leading mobile security company, has uncovered this alarming infiltration.

Spyware 107
article thumbnail

How to Create a Custom Security & Threat Dashboard in Power BI

Tech Republic Security

Want a custom security dashboard to bring together data from multiple places? Microsoft Power BI can do that and help you spot what's changing.

Big data 197
article thumbnail

Breaking it Down: What You Need to Know About Data Breaches

IT Security Guru

One of the most pressing cybersecurity concerns for organisations today is preventing the exfiltration of sensitive data. Even companies whose main focus is not digital or technological in nature have to manage, store, send, and receive considerable amounts of data in the course of regular business operations. While cybersecurity is not always a top priority for all enterprises, it must be seriously considered and treated with the gravitas it deserves.

article thumbnail

Successful Change Management with Enterprise Risk Management

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

article thumbnail

New tool exploits Microsoft Teams bug to send malware to users

Bleeping Computer

A member of U.S. Navy's red team has published a tool called TeamsPhisher that leverages an unresolved security issue in Microsoft Teams to bypass restrictions for incoming files from users outside of a targeted organization, the so-called external tenants. [.

Malware 142
article thumbnail

StackRot: Linux Bug so bad Linus Dives Into Code to Fix It

Security Boulevard

Maple Tree Side Effects: Torvalds feels the pressure, fixes lazy locks. The post StackRot: Linux Bug so bad Linus Dives Into Code to Fix It appeared first on Security Boulevard.

IoT 109
article thumbnail

Shell Becomes Latest Cl0p MOVEit Victim

Dark Reading

In another MOVEit attack, oil and gas giant Shell saw the release of the private information of its employees.

134
134
article thumbnail

Iranian Hackers' Sophisticated Malware Targets Windows and macOS Users

The Hacker News

The Iranian nation-state actor known as TA453 has been linked to a new set of spear-phishing attacks that infect both Windows and macOS operating systems with malware. "TA453 eventually used a variety of cloud hosting providers to deliver a novel infection chain that deploys the newly identified PowerShell backdoor GorjolEcho," Proofpoint said in a new report.

Malware 106
article thumbnail

Cybersecurity Predictions for 2024

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.