The Last Watchdog

MAY 18, 2023

Your go-to mobile apps aren’t nearly has hackproof as you might like to believe. Related: Fallout of T-Mobile hack Hackers of modest skill routinely bypass legacy security measures, even two-factor authentication, with techniques such as overlay attacks. And hard data shows instances of such breaches on the rise. I had an evocative conversation about this at RSA Conference 2023 with Asaf Ashkenazi , CEO of Verimatrix , a cybersecurity company headquartered in southern France.

Mobile 202

Mobile Authentication Internet Internet 202

Tech Republic Security

MAY 18, 2023

Learn what the expanded cloud offerings mean for potentially smoothing out the line between DevOps and SecOps. The post What is IBM Hybrid Cloud Mesh? appeared first on TechRepublic.

Digital transformation 166

Digital transformation Network Security 166

Bleeping Computer

MAY 18, 2023

The popular KeePass password manager is vulnerable to extracting the master password from the application's memory, allowing attackers who compromise a device to retrieve the password even with the database is locked. [.

Passwords 145

Passwords Password Management 145

Dark Reading

MAY 18, 2023

Cybercrime group that often uses smishing for initial access bypassed traditional OS targeting and evasion techniques to directly gain access to the cloud.

Cybercrime 141

Cybercrime 141

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Bleeping Computer

MAY 18, 2023

Hackers are now actively probing for vulnerable Essential Addons for Elementor plugin versions on thousands of WordPress websites in massive Internet scans, attempting to exploit a critical account password reset flaw disclosed earlier in the month. [.

Passwords 142

Passwords Internet Internet Accountability 142

Tech Republic Security

MAY 18, 2023

Jack Wallen demonstrates how to scan container images for vulnerabilities and dependencies with the new Docker Scout feature. The post How to scan container images with Docker Scout appeared first on TechRepublic.

Cybersecurity 119

Cybersecurity 119

Security Boulevard

MAY 18, 2023

ChatGPT has become a powerful tool for security professionals seeking to enrich their work. However, its widespread use has raised concerns about the potential for bad actors to misuse the technology. Experts are worried that ChatGPT’s ability to source recent data about an organization could make social engineering and phishing attacks more effective than ever.

Phishing 128

Phishing Social Engineering Engineering Technology 128

Dark Reading

MAY 18, 2023

A newly discovered bug in the open source password manager, if exploited, lets attackers retrieve a target's master password — and proof-of-concept code is available.

Passwords 127

Passwords Password Management 127

Veracode Security

MAY 18, 2023

I look back on L0pht’s testimony before Congress in 1998 with a mix of pride and reflection. It’s been twenty-five years since our group of hackers (or vulnerability researchers, if you will) stepped up to raise awareness about the importance of internet security in front of some of the world’s most powerful lawmakers. This event marked the beginning of a long journey towards increased cybersecurity awareness and implementation of measures to protect our digital world.

Cybersecurity 122

Cybersecurity Security Awareness Internet Internet 122

CyberSecurity Insiders

MAY 18, 2023

To all those who are eagerly searching for ChatGPT login and Midjourney web pages, here’s an alert that needs your immediate attention. A threat actor named BatLoader has started a campaign of hosting fake ChatGPT and Midjourney webpages on Google ads. So, next time when you search for the said web portals, be sure of what you’re clicking on and do not input your login credentials blindly!

Malware 119

Malware Cybersecurity Artificial Intelligence 119

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

We Live Security

MAY 18, 2023

A roundup of some of the handiest tools that security professionals can use to search for and monitor devices that are accessible from the internet The post 5 useful search engines for internet‑connected devices and services appeared first on WeLiveSecurity

Internet 115

Internet Internet Engineering 115

Bleeping Computer

MAY 18, 2023

LayerZero Labs has launched a bug bounty on the Immunefi platform that offers a maximum reward of $15 million for critical smart contract and blockchain vulnerabilities, a figure that sets a new record in the crypto space. [.

113

113

The Hacker News

MAY 18, 2023

The rising geopolitical tensions between China and Taiwan in recent months have sparked a noticeable uptick in cyber attacks on the East Asian island country.

Cyber Attacks 118

Cyber Attacks Malware 118

Bleeping Computer

MAY 18, 2023

Apple has addressed three new zero-day vulnerabilities exploited in attacks to hack into iPhones, Macs, and iPads. [.

Hacking 140

Hacking 140

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

PCI perspectives

MAY 18, 2023

The clock is ticking on PCI DSS v3.2.1. On 31 March 2024, PCI DSS v3.2.1 will be retired, making the transition to PCI DSS v4.0 essential for organizations involved in payment data security. To help with this transition, PCI SSC has identified eight steps you should take on your journey to PCI DSS v4.0.

113

113

CSO Magazine

MAY 18, 2023

While most organizations have a cyber resilience program in place, more than half of them lack a comprehensive approach to assessing resilience, according to a study by Immersive Labs. The study aimed at understanding business preparedness amidst growing incidents found a strong intent to strengthen cybersecurity capabilities driven by external threats.

Cybersecurity 111

Cybersecurity 111

Dark Reading

MAY 18, 2023

Plug X and other information-stealing remote-access Trojans are among the malware targeting networking, manufacturing, and logistics companies in Taiwan.

Phishing 119

Phishing Manufacturing Malware 119

CyberSecurity Insiders

MAY 18, 2023

A threat actor with a history of targeting Microsoft servers has recently gained control over virtual machines (VMs) and installed third-party remote management software within clients’ cloud environments. The Mandiant Intelligence team has identified this actor, known as UNC3844, evading security software detections on Azure cloud platforms. Their primary objective is to exploit cloud storage spaces, steal valuable data for financial gain, and potentially threaten victims through data ext

Cyber Attacks 110

Cyber Attacks Education Software Phishing 110

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Security Boulevard

MAY 18, 2023

Introduction Making sure our internet systems and data are secure has become crucial in today’s digital world, as technology is ingrained in every part of our lives. Organizations of all sizes are frequently vulnerable to a variety of cyber dangers. A thorough strategy that incorporates Vulnerability Assessment and Penetration Testing (VAPT) is essential for reducing […] The post “VAPT: The Shield Your Organization Needs Against Cyber Threats” appeared first on Kratikal Blogs.

Cyber threats 107

Cyber threats Penetration Testing Internet Internet 107

CyberSecurity Insiders

MAY 18, 2023

In today’s digital age, profit-making organizations across industries are increasingly reliant on technology and the internet to conduct their operations. While this technological advancement brings numerous benefits, it also exposes businesses to various cybersecurity risks. Protecting sensitive data, customer information, financial records, and intellectual property has become a critical priority.

Cybersecurity 108

Cybersecurity Technology Risk DDOS 108

Bleeping Computer

MAY 18, 2023

The Department of Justice revealed today that an 18-year-old man named Joseph Garrison from Wisconsin had been charged with hacking into the accounts of around 60,000 users of the DraftKings sports betting website in November 2022. [.

Accountability 106

Accountability Hacking 106

Security Boulevard

MAY 18, 2023

More IT and online services-related email subjects are being used as a phishing lure, as phishing emails continue to be one of the most common methods to perpetuate malicious attacks on organizations worldwide. These were among the key findings of KnowBe4’s latest phishing report, which also found tax-related email subjects became more popular as the.

Phishing 103

Phishing Social Engineering Engineering Ransomware 103

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

eSecurity Planet

MAY 18, 2023

Cisco is warning that nine significant vulnerabilities in its Small Business Series Switches could enable unauthenticated remote attackers to cause a denial-of-service condition or execute arbitrary code with root privileges on affected devices. The vulnerabilities are caused by improper validation of requests sent to the switches’ web interfaces, the company said.

Small Business 104

Small Business Firmware Ransomware Software 104

The Hacker News

MAY 18, 2023

Apple on Thursday rolled out security updates to iOS, iPadOS, macOS, tvOS, watchOS, and the Safari web browser to address three new zero-day flaws that it said are being actively exploited in the wild. The three security shortcomings are listed below - CVE-2023-32409 - A WebKit flaw that could be exploited by a malicious actor to break out of the Web Content sandbox.

101

101

CSO Magazine

MAY 18, 2023

Cisco patched several vulnerabilities this week that affect multiple models of its small business switches and could allow attackers to take full control of the devices remotely. The flaws are all located in the web-based management interface of the devices and can be exploited without authentication. While the company didn't disclose which specific components of the web interface the flaws are located in, it noted in its advisory that the vulnerabilities are not dependent on one another and can

Small Business 100

Small Business Authentication 100

The Hacker News

MAY 18, 2023

Malicious Google Search ads for generative AI services like OpenAI ChatGPT and Midjourney are being used to direct users to sketchy websites as part of a BATLOADER campaign designed to deliver RedLine Stealer malware. "Both AI services are extremely popular but lack first-party standalone apps (i.e.

Malware 97

Malware 97

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Security Affairs

MAY 18, 2023

A researcher published a PoC tool to retrieve the master password from KeePass by exploiting the CVE-2023-32784 vulnerability. Security researcher Vdohney released a PoC tool called KeePass 2.X Master Password Dumper that allows retrieving the master password for KeePass. The tool exploits the unpatched KeePass vulnerability, tracked CVE-2023-32784 , to retrieve the master password from the memory of KeePass 2.x versions. “In KeePass 2.x before 2.54, it is possible to recover the cleartex

Passwords 98

Passwords Encryption Hacking Internet 98

Security Boulevard

MAY 18, 2023

Aviatrix today made generally available a Distributed Cloud Firewall (DCF) that programmatically pushes and enforces cybersecurity policies for cloud computing environments via a central console. Rod Stuhlmuller, vice president of solutions marketing for Aviatrix, said DCF is unique in that cybersecurity teams can now inspect traffic and enforce policies wherever application traffic naturally flows.

Firewall 98

Firewall Marketing Cybersecurity Network Security 98

Malwarebytes

MAY 18, 2023

If you heard a strange and unfamiliar creaking noise on May 3, it may been the simultaneous rolling of a million eyeballs. The synchronised ocular rotation was the less than warm welcome that parts of the IT and security industries—this author included—gave to Google's decision to put.zip domains on sale. Google Registry actually announced eight new top-level domains (TLDs) that day: dad,phd,prof,esq,foo,zip,mov, and.nexus, but it was dot zip and dot mov that had security eyeballs lo

Phishing 98

Phishing Internet Internet Ransomware 98

Naked Security

MAY 18, 2023

Laugh (sufficiently), learn (efficiently), and then let us know what you think in our comments (anonymously, if you wish).

115

115

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.