Schneier on Security

AUGUST 16, 2023

The UK Electoral Commission discovered last year that it was hacked the year before. That’s fourteen months between the hack and the discovery. It doesn’t know who was behind the hack. We worked with external security experts and the National Cyber Security Centre to investigate and secure our systems. If the hack was by a major government, the odds are really low that it has resecured its systems—unless it burned the network to the ground and rebuilt it from scratch (which see

Hacking 212

Hacking Government 212

Tech Republic Security

AUGUST 16, 2023

Generative AI landed on Gartner's coveted Hype Cycle for Emerging Technologies for 2023. Read about AI's transformational impact on business and society.

Technology 130

Technology Artificial Intelligence Big data Cybersecurity 130

Malwarebytes

AUGUST 16, 2023

The FBI has issued a warning that cybercriminals are embedding malicious code in mobile beta-testing apps in attempts to defraud potential victims. The victims are typically contacted on dating sites and social media, and in some cases they are promised incentives such as large financial payouts. Beta-testing apps are new versions of software that are undergoing their final tests and aren't quite ready to be officially released.

Cryptocurrency 95

Cryptocurrency Malware Advertising Mobile 95

Tech Republic Security

AUGUST 16, 2023

Stories of virus and malware infections, data loss, system compromises and unauthorized access dominate headlines, and your WordPress website may be contributing to the problem. WordPress is the most popular CMS in the world. According to Colorlib, WordPress is used by over 800 million websites worldwide. But unfortunately, that popularity also makes it one of.

Malware 111

Malware Software 111

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Security Affairs

AUGUST 16, 2023

Ivanti Avalanche EMM product is impacted by two buffer overflows collectively tracked as CVE-2023-32560. Tenable researchers discovered two stack-based buffer overflows, collectively tracked as CVE-2023-32560 (CVSS v3: 9.8), impacting the Ivanti Avalanche enterprise mobility management (EMM) solution. A remote, unauthenticated attacker can trigger the vulnerabilities to execute arbitrary code on vulnerable systems.

Mobile 95

Mobile Hacking Information Security 95

Tech Republic Security

AUGUST 16, 2023

Cybersecurity attacks are inevitable for modern businesses. Therefore, it is vital that businesses deploy countermeasures to mitigate the damage these attacks cause. This quick glossary from TechRepublic Premium explains the terminology behind the most common cybersecurity countermeasures. From the glossary: CHECKSUM Refers to a numerical value that is calculated based on the contents of the.

Cybersecurity 111

Cybersecurity 111

Tech Republic Security

AUGUST 16, 2023

This exclusive bundle includes online dark web monitoring and identity theft support, so don't miss out on this discounted year-long subscription.

Identity Theft 114

Identity Theft Password Management Antivirus Cyber Attacks 114

Bleeping Computer

AUGUST 16, 2023

Google has announced the first open-source quantum resilient FIDO2 security key implementation, which uses a unique ECC/Dilithium hybrid signature schema co-created with ETH Zurich. [.

91

91

Security Affairs

AUGUST 16, 2023

A phishing campaign employing QR codes targeted a leading energy company in the US, cybersecurity firm Cofense reported. Starting from May 2023, researchers from Cofense discovered a large-scale phishing campaign using QR codes in attacks aimed at stealing the Microsoft credentials of users from multiple industries One of the organizations targeted by hackers is a notable energy company in the US. “Beginning in May 2023, Cofense has observed a large phishing campaign utilizing QR codes tar

Phishing 91

Phishing Energy and Utilities Insurance Manufacturing 91

Malwarebytes

AUGUST 16, 2023

Fox-IT has uncovered a large-scale exploitation campaign of Citrix NetScalers in a joint effort with the Dutch Institute of Vulnerability Disclosure (DIVD). Over 1900 instances were found to have a backdoor in the form of a web shell. These backdoored NetScalers can be taken over at will by an attacker, even when they have been patched and rebooted.

VPN 91

VPN Backups Accountability Authentication 91

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Bleeping Computer

AUGUST 16, 2023

Anonfiles, a popular service for sharing files anonymously, has shut down after saying it can no longer deal with the overwhelming abuse by its users. [.

98

98

Security Affairs

AUGUST 16, 2023

A threat actor has compromised roughly 2,000 Citrix NetScaler servers exploiting a remote code execution tracked as CVE-2023-3519. In July Citrix warned customers of a critical vulnerability, tracked as CVE-2023-3519 (CVSS score: 9.8), in NetScaler Application Delivery Controller (ADC) and Gateway that is being actively exploited in the wild The vulnerability CVE-2023-3519 (CVSS score: 9.8) is a code injection that could result in unauthenticated remote code execution.

System Administration 90

System Administration VPN Software Hacking 90

Google Security

AUGUST 16, 2023

Dongge Liu, Jonathan Metzman, Oliver Chang, Google Open Source Security Team Since 2016, OSS-Fuzz has been at the forefront of automated vulnerability discovery for open source projects. Vulnerability discovery is an important part of keeping software supply chains secure, so our team is constantly working to improve OSS-Fuzz. For the last few months, we’ve tested whether we could boost OSS-Fuzz’s performance using Google’s Large Language Models (LLM).

Engineering 88

Engineering Software 88

Bleeping Computer

AUGUST 16, 2023

A phishing campaign was observed predominantly targeting a notable energy company in the US, employing QR codes to slip malicious emails into inboxes and bypass security.

Phishing 89

Phishing 89

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Malwarebytes

AUGUST 16, 2023

Threat actors constantly take notice of the work and takedown efforts initiated by security researchers. In this constant game of cat and mouse chasing, tactics and techniques keep evolving from simple to more complex, and more covert. This is a trend we have observed time and time again, no matter the playing field, from exploit kits to credit card skimmers.

Malware 86

Malware Advertising VPN Engineering 86

Bleeping Computer

AUGUST 16, 2023

A new campaign involving the delivery of proxy server apps to Windows systems has been uncovered, where users are reportedly involuntarily acting as residential exit nodes controlled by a private company. [.

Malware 85

Malware 85

The Hacker News

AUGUST 16, 2023

Google on Tuesday announced the first quantum resilient FIDO2 security key implementation as part of its OpenSK security keys initiative.

98

98

Security Affairs

AUGUST 16, 2023

US CISA added critical vulnerability CVE-2023-24489 in Citrix ShareFile to its Known Exploited Vulnerabilities catalog. US Cybersecurity and Infrastructure Security Agency (CISA) added critical flaw CVE-2023-24489 (CVSS score 9.8) affecting Citrix ShareFile to its Known Exploited Vulnerabilities Catalog. Citrix ShareFile is a secure file sharing and storage platform designed for businesses and professionals to collaborate on documents, exchange files, and manage content in a secure and efficient

Encryption 82

Encryption Internet Internet Hacking 82

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

The Hacker News

AUGUST 16, 2023

At a little overt halfway through 2023, credential theft is still a major thorn in the side of IT teams. The heart of the problem is the value of data to cybercriminals and the evolution of the techniques they use to get hold of it.

Data breaches 83

Data breaches 83

SecureWorld News

AUGUST 16, 2023

About the author: Charlotte Hooper is the Helpline Manager at The Cyber Helpline, a U.K. charity and movement by the cybersecurity industry that supports more than 2,000 individuals and sole traders impacted by cybercrime and online harm every month. Technology is increasingly part of our day-to-day life; we use it for communication, work, getting information, and even running our households with smart devices.

Surveillance 77

Surveillance Technology Accountability Spyware 77

The Hacker News

AUGUST 16, 2023

More and more organizations are choosing Google Workspace as their default employee toolset of choice. But despite the productivity advantages, this organizational action also incurs a new security debt. Security teams now have to find a way to adjust their security architecture to this new cloud workload. Some teams may rely on their existing network security solutions.

Architecture 77

Architecture Network Security 77

Dark Reading

AUGUST 16, 2023

Microsoft is aware of the issue, but so far its attempts to address it don't appear to have worked, the vendor says.

91

91

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

The Hacker News

AUGUST 16, 2023

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical security flaw in Citrix ShareFile storage zones controller to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active in-the-wild exploitation. Tracked as CVE-2023-24489 (CVSS score: 9.

Cybersecurity 75

Cybersecurity 75

Dark Reading

AUGUST 16, 2023

Iranian threat actors are combining offensive network ops with messaging and amplification to manipulate targets' perceptions and behavior. Here are three examples.

76

76

The Hacker News

AUGUST 16, 2023

Multiple critical security flaws have been reported in Ivanti Avalanche, an enterprise mobile device management solution that’s used by 30,000 organizations. The vulnerabilities, collectively tracked as CVE-2023-32560 (CVSS score: 9.8), are stack-based buffer overflows in Ivanti Avalanche WLAvanacheServer.exe v6.4.0.0.

Mobile 71

Mobile Cybersecurity 71

Dark Reading

AUGUST 16, 2023

Even after updating Citrix networking appliances to address the critical vulnerability, enterprise defenders have to check each one to ensure they have not already been compromised.

70

70

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Bleeping Computer

AUGUST 16, 2023

CISA is warning that a critical Citrix ShareFile secure file transfer vulnerability tracked as CVE-2023-24489 is being targeted by unknown actors and has added the flaw to its catalog of known security flaws exploited in the wild. [.

70

70

Thales Cloud Protection & Licensing

AUGUST 16, 2023

Enterprise Secrets Management Explained: Best Practices, Challenges, and Tool Selection madhav Thu, 08/17/2023 - 06:28 Whether hosted in the cloud or on-premises, modern applications and integrations have accelerated the need for digital secrets. These secrets control data access when transferred between applications—sending information from a webpage, making a secure request to an API, accessing a cloud database, or countless other cases that modern enterprises encounter while pursuing digital

Data breaches 62

Data breaches Encryption Identity Theft Passwords 62

SecureWorld News

AUGUST 16, 2023

Having your personal information involved in some type of cybersecurity incident or data breach is never fun. It's always a painful process, and it's something that seemingly happens everyday. But how would you feel if those same hackers that exposed your information suddenly had theirs exposed? You'd probably feel some sense of justice, right? Recent research conducted by Hudson Rock has shed light on the extensive compromise of computers and the exposure of hackers within cybercrime forums.

Cybercrime 66

Cybercrime Passwords Data collection Data breaches 66

Dark Reading

AUGUST 16, 2023

This time, it's the law firm that got breached, then sued for what victims claim was inadequate protection and compensation for theft of personal data.

Data breaches 73

Data breaches Insurance 73

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.