Schneier on Security
FEBRUARY 13, 2023
“Pig butchering” is the colorful name given to online cons that trick the victim into giving money to the scammer, thinking it is an investment opportunity. It’s a rapidly growing area of fraud, and getting more sophisticated.
Tech Republic Security
FEBRUARY 13, 2023
The company showcased dozens of new security tools and services to detect and prevent malware, phishing, ransomware and other attacks, but AI took center stage. The post Check Point’s annual cybersecurity event spotlights power of AI appeared first on TechRepublic.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Security Boulevard
FEBRUARY 13, 2023
It’s evident that many cybersecurity and IT professionals have mixed feelings about AI in general and ChatGPT in particular. According to a recent study from BlackBerry, while eight in ten decision makers said they plan to invest in AI-driven cybersecurity by 2025, three-quarters of those respondents saw AI as a serious threat to security. The. The post When Will the First ChatGPT-Based Cyberattacks Launch?
CSO Magazine
FEBRUARY 13, 2023
Responses to recent cyber breaches suggest organizations can struggle to get the message right in the midst of an incident. While managing the communications around an incident is outside the direct purview of the CISO, having an existing communications plan in place is an essential element of cyber preparedness. “Communications are a critical component of a good cyber strategy, and it should be prepared and practiced in organizations before an incident occurs,” says Eden Winokur, head of cyber
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
CyberSecurity Insiders
FEBRUARY 13, 2023
Pepsi Bottling Ventures PBV, a business unit of PepsiCo Beverages, suffered a malware attack leading to disruption of services in 18 of its bottling facilities spread across Maryland, Delaware, Virginia, South and North Carolina. Unconfirmed sources state that the attack was caused by malware leading to data siphoning and encryption- hinting to us the attack was of ransomware variant.
CSO Magazine
FEBRUARY 13, 2023
Threat groups who target operational technology (OT) networks have so far focused their efforts on defeating segmentation layers to reach field controllers such as programmable logic controllers (PLCs) and alter the programs (ladder logic) running on them. However, researchers warn that these controllers should themselves be treated as perimeter devices and flaws in their firmware could enable deep lateral movement through the point-to-point and other non-routable connections they maintain to ot
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
CSO Magazine
FEBRUARY 13, 2023
Israel’s Technion University on Sunday suffered a ransomware attack, which has forced the university to proactively block all communication networks. A new group calling itself DarkBit has claimed responsibility for the attack. “The Technion is under cyberattack. The scope and nature of the attack are under investigation,” Technion University, Israel’s top public university in Haifa wrote in a Tweet.
Identity IQ
FEBRUARY 13, 2023
What You Should Know About ‘Pig Butchering Scams’ IdentityIQ Scammers are back at it again with a new scheme – called “pig butchering scams” – that targets people looking for love online. This highly sophisticated scam lures people into long-term relationships before selling them on fake online investment opportunities. The scam is quickly spreading.
We Live Security
FEBRUARY 13, 2023
Small and medium-sized businesses have good reason to be concerned about the loss of data and financial impacts The post Confident cybersecurity means fewer headaches for SMBs appeared first on WeLiveSecurity
SecureBlitz
FEBRUARY 13, 2023
In this post, we’ll compare Surfshark vs ExpressVPN. This in-depth comparison will help you decide which is better between the two popular VPN services. Surfshark and ExpressVPN are among the recommended VPN services you’ll find if you’re looking for a VPN to use. However, you can’t subscribe to both, unless you want to apply VPN […] The post Surfshark Vs ExpressVPN – Which Is Better?
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Bleeping Computer
FEBRUARY 13, 2023
Eurostar is emailing its users this week, forcing them to reset their account passwords in a bid to "upgrade" security. But when users visit the password reset link, they are met with "technical problems," making it impossible for them to reset password or access their account. [.
The Hacker News
FEBRUARY 13, 2023
Apple on Monday rolled out security updates for iOS, iPadOS, macOS, and Safari to address a zero-day flaw that it said has been actively exploited in the wild. Tracked as CVE-2023-23529, the issue relates to a type confusion bug in the WebKit browser engine that could be activated when processing maliciously crafted web content, culminating in arbitrary code execution.
Security Boulevard
FEBRUARY 13, 2023
Security teams shoulder the enormous responsibility of protecting their organization from attacks that could compromise data, ruin brand trust and result in costly damages. In my more than ten years as a security analyst, engineer and now founder of a company that solves the challenges of security operations at scale, I’ve seen the successes and. The post The State of Threat Detection and Response appeared first on Security Boulevard.
The Hacker News
FEBRUARY 13, 2023
An unknown threat actor created malicious game modes for the Dota 2 multiplayer online battle arena (MOBA) video game that could have been exploited to establish backdoor access to players' systems. The modes exploited a high-severity flaw in the V8 JavaScript engine tracked as CVE-2021-38003 (CVSS score: 8.8), which was exploited as a zero-day and addressed by Google in October 2021.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Bleeping Computer
FEBRUARY 13, 2023
Pepsi Bottling Ventures LLC suffered a data breach caused by a network intrusion that resulted in the installation of information-stealing malware and the extraction of data from its IT systems. [.
The Hacker News
FEBRUARY 13, 2023
Web infrastructure company Cloudflare on Monday disclosed that it thwarted a record-breaking distributed denial-of-service (DDoS) attack that peaked at over 71 million requests per second (RPS). "The majority of attacks peaked in the ballpark of 50-70 million requests per second (RPS) with the largest exceeding 71 million," the company said, calling it a "hyper-volumetric" DDoS attack.
Malwarebytes
FEBRUARY 13, 2023
When researchers from the University of Pennsylvania's Annenberg School for Communication conducted a survey to see if "informed consent" practices are working online with regard to user data gathering, the results revealed weaknesses in a framework that, for decades, has served as the basis for online privacy regulation in the US. This framework, which is commonly known as "notice of consent," usually allows organizations to freely collect, use, keep, share, and sell customer data provided they
Bleeping Computer
FEBRUARY 13, 2023
The controversial Z-Library online eBook repository has once again returned to the web, this time with secret user URLs that attempt to hinder disruption by law enforcement. [.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Tech Republic Security
FEBRUARY 13, 2023
This policy is designed to help your IT staff guide employees toward understanding and adhering to best security practices that are relevant to their job responsibilities. From the policy: SUMMARY A security policy is only as valuable as the knowledge and efforts of those who adhere to it, whether IT staff or regular users. Understanding. The post Security awareness and training policy appeared first on TechRepublic.
Security Boulevard
FEBRUARY 13, 2023
An analysis of three years of vulnerabilities found in industrial control systems (ICS) published by SynSaber, a provider of an ICS monitoring platform, found that while there may be no patches available, many affected systems are no longer being supported by vendors. In addition, the report found a little more than a fifth (21%) of. The post SynSaber Report Brings More Context to ICS Security appeared first on Security Boulevard.
Malwarebytes
FEBRUARY 13, 2023
eCommerce security company Sansec has revealed it's found a number of online stores accidentally leaking highly sensitive data. After studying 2,037 online stores, the company found that 12.3 percent exposed compressed files (in ZIP, SQL, and TAR archive formats), which BleepingComputer noted appear to be private backups containing master database passwords, confidential admin URLs of stores, full customer data (PII, or personally identifiable information), and internal API keys on public-facing
Security Affairs
FEBRUARY 13, 2023
Apple has released emergency security updates to fix a new actively exploited zero-day vulnerability that impacts iPhones, iPads, and Macs. Apple has released emergency security updates to address a new actively exploited zero-day vulnerability, tracked as CVE-2023-23529, that impacts iOS, iPadOS, and macOS. The flaw is a type confusion issue in WebKit that was addressed by the IT giant with improved checks.
Advertisement
The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.
Malwarebytes
FEBRUARY 13, 2023
The introduction of ChatGPT launched an arms race between tech giants. The rush to be the first to incorporate a similar large language model (LLM) into their own offerings (read: search engines) may have left a lot of opportunities to bypass the active restrictions such as bias, privacy concerns, and the difficulties with abstract concepts or lack of context.
Security Affairs
FEBRUARY 13, 2023
Pro-Russia hacker group Killnet launched a Distributed Denial of Service (DDoS) attack on NATO servers, including the NATO Special Operations Headquarters (NSHQ) website. Pro-Russia hacker group Killnet launched a Distributed Denial of Service (DDoS) attack on NATO sites, including the NATO Special Operations Headquarters (NSHQ) website. The attack was confirmed by NATO, while the hacker group announced the attack on its Telegram Channel with the following message.
Malwarebytes
FEBRUARY 13, 2023
Android developers have been given a taste of what’s to come in the next big step up in mobile land, thanks to Android 14 waiting on the horizon. The developer preview is a great way for those most familiar with the mobile operating system to see which changes they’ll enjoy and what ones they’ll have to endure. As it happens, there’s quite a few security changes coming down the pipeline and developers will now be busy testing their apps.
Bleeping Computer
FEBRUARY 13, 2023
Microsoft says Windows 10, version 20H2 for enterprise and education users will reach the end of service (EOS) in three months, on May 9, 2023. [.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
The Hacker News
FEBRUARY 13, 2023
There have been a number of reports of attacks on industrial control systems (ICS) in the past few years. Looking a bit closer, most of the attacks seem to have spilt over from traditional IT. That's to be expected, as production systems are commonly connected to ordinary corporate networks at this point.
Malwarebytes
FEBRUARY 13, 2023
In November of last year, the AI research and development lab OpenAI revealed its latest, most advanced language project: A tool called ChatGPT. ChatGPT is so much more than "just" a chatbot. As users have shown with repeated testing and prodding, ChatGPT seems to "understand" things. It can give you recipes that account for whatever dietary restrictions you have.
Bleeping Computer
FEBRUARY 13, 2023
Apple has released emergency security updates to address a new zero-day vulnerability used in attacks to hack iPhones, iPads, and Macs. [.
Security Affairs
FEBRUARY 13, 2023
Alleged Russian threat actors have been targeting cryptocurrency users in Eastern Europe with Enigma info-stealing malware. A malware campaign conducted by alleged Russian threat actors has been targeting users in Eastern European in the crypto industry. The attackers are sending out emails with fake job opportunities as bait in an attempt to trick victims into installing Enigma information-stealing malware.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Expert insights. Personalized for you.
182 
Let's personalize your content