Schneier on Security

OCTOBER 21, 2022

Machine learning security is extraordinarily difficult because the attacks are so varied—and it seems that each new one is weirder than the next. Here’s the latest: a training-time attack that forces the model to exhibit a point of view: Spinning Language Models: Risks of Propaganda-As-A-Service and Countermeasures.” Abstract: We investigate a new threat to neural sequence-to-sequence (seq2seq) models: training-time attacks that cause models to “spin” their outputs

Media 223

Media Internet Internet Healthcare 223

Joseph Steinberg

OCTOBER 21, 2022

Today, October 21, marks the first ever organized Global Encryption Day, dedicated to spreading awareness of the importance of utilizing encryption to protect sensitive information, both when it is in transit (e.g., online chat messages going over the Internet between you and your significant other) and when it is at rest (e.g., pictures stored on your phone).

Encryption 130

Encryption Government Artificial Intelligence Surveillance 130

Tech Republic Security

OCTOBER 21, 2022

BlackByte is using Exbyte, a new custom exfiltration tool, to steal data. Learn how to protect your organization from this ransomware. The post BlackByte Ransomware Picks Up Where Conti and Sodinokibi Left Off appeared first on TechRepublic.

Ransomware 136

Ransomware 136

CyberSecurity Insiders

OCTOBER 21, 2022

Advocate Aurora Health(AAH), a medical services provider serving Wisconsin and Illinois populace, was hit by a data breach affecting over 3,000,000 patients. According to the information available to Cybersecurity Insiders, AAH websites are loaded by Meta Pixel, and hackers used a vulnerability in the software tool to access information. Technically, Meta Pixel is a Facebook researchers supplied JavaScript code based analytics tool that assists website owners to gain insights on user interaction

Data breaches 137

Data breaches Healthcare Hacking Data privacy 137

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Tech Republic Security

OCTOBER 21, 2022

Vulnerability intelligence tools can be very useful to prioritize the key threats security professionals need to take action on for their organization, but it’s important to remember that some are better than others. The post Top 3 tips to identify quality vulnerability intelligence appeared first on TechRepublic.

Cybersecurity 134

Cybersecurity 134

CSO Magazine

OCTOBER 21, 2022

IoT devices pose significant threats to enterprises because of lack of visibility into what devices are on enterprise networks and inadequate use of monitoring tools to watch for malicious behaviors.

IoT 116

IoT 116

Heimadal Security

OCTOBER 21, 2022

In comparison with Windows, Linux it’s different in areas such as features, flexibility, operationality, and ease of use. Naturally, due to this fact, we can assume that there must exist differences between the patching and patch management operations of the two OS. Today, we will take a deep dive into the process of Linux patch […]. The post Linux Patch Management: Challenges, Benefits and Best Practices appeared first on Heimdal Security Blog.

103

103

eSecurity Planet

OCTOBER 21, 2022

Patch management is a critical aspect of IT security. If patches are not deployed in a timely manner, vulnerabilities remain exploitable by the bad guys. Those organizations that deploy patches rapidly and comprehensively across all endpoints and systems suffer far fewer attacks than those that are sloppy about their patch management practices. “Effective patch management mitigates risk by eliminating domain-specific activities and applying standard processes across all enterprise systems,” said

Risk 103

Risk Backups Cybersecurity Software 103

Heimadal Security

OCTOBER 21, 2022

As the rate of cybersecurity incidents increases and cybercriminals are more creative in deploying highly sophisticated malware, you need new ways to keep your business safe. You have several intelligent and efficient ways to fight against threats and hackers, but you may be wondering what is the wisest solution, as the traditional antivirus is no […].

Antivirus 103

Antivirus Malware Cybersecurity 103

Dark Reading

OCTOBER 21, 2022

Similar to what happened around the 2020 election, FBI warns that the Emennet Pasargad group is poised to target officials and companies with embarrassing hack-and-leak campaigns.

Hacking 101

Hacking 101

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

The Hacker News

OCTOBER 21, 2022

Microsoft this week confirmed that it inadvertently exposed information related to thousands of customers following a security lapse that left an endpoint publicly accessible over the internet sans any authentication.

Authentication 101

Authentication Internet Internet 101

Security Boulevard

OCTOBER 21, 2022

TikTok parent ByteDance is planning to track the location of certain targeted individuals on U.S. soil, using a specialist Chinese team. The post TikTok ‘Will’ Spy on US Citizens — Say Sources appeared first on Security Boulevard.

Social Engineering 98

Social Engineering Spyware Security Awareness Engineering 98

Bleeping Computer

OCTOBER 21, 2022

A BlackByte ransomware affiliate is using a new custom data stealing tool called 'ExByte' to steal data from compromised Windows devices quickly. [.].

Ransomware 108

Ransomware 108

Security Boulevard

OCTOBER 21, 2022

Learn how you can leverage the data in a software bill of materials (SBOM) document to find vulnerabilities in API dependencies. The post Can SBOM help you attack APIs? appeared first on Dana Epp's Blog. The post Can SBOM help you attack APIs? appeared first on Security Boulevard.

Software 98

Software Hacking 98

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Heimadal Security

OCTOBER 21, 2022

It is not often that ransomware groups attack Russian corporate networks, however OldGremlin, also known as TinyScouts, is one of the few cybercrime gangs that primarily focuses on Russian companies. Until now, OldGremlin were known to mainly target enterprise networks running on Windows, but researchers discovered their file-encrypting malware operations have expanded towards Linux machines as well. […].

Ransomware 89

Ransomware Cybercrime Encryption Malware 89

Security Boulevard

OCTOBER 21, 2022

We’re introducing Teams in your GitGuardian Internal Monitoring workspace to help you bring Dev, Sec, and Ops together and fix hardcoded credentials faster than you ever thought possible! The post It Takes A Team To Solve Hardcoded Secrets appeared first on Security Boulevard.

98

98

CSO Magazine

OCTOBER 21, 2022

Did our focus on IaaS security come at the expense of SaaS security? Know what to guard against, especially excessive user permissions and misconfigured UIs, APIs, and integrations.

89

89

Security Boulevard

OCTOBER 21, 2022

The White House Office of Science and Technology Policy (OSTP) has issued a proposed AI “bill of rights” to codify how artificial intelligence and automated systems should engage with the citizens of the United States. The proposal isn’t a pithy recommendation; rather, it is a well-thought-out presentation designed to engage with the AI technology sector.

Artificial Intelligence 98

Artificial Intelligence Technology Data privacy Risk 98

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

The Hacker News

OCTOBER 21, 2022

The notorious Emotet botnet has been linked to a new wave of malspam campaigns that take advantage of password-protected archive files to drop CoinMiner and Quasar RAT on compromised systems.

Passwords 89

Passwords Malware 89

Security Boulevard

OCTOBER 21, 2022

Conventional thinking is that a VPN is a VPN—a utility technology and a commodity that every company has, and there’s not much to consider. VPNs started to become commonplace back when most applications and data were locally hosted and data centers were internal. Applications, including email, generally did not have their own encryption for data. The post Rethinking VPNs in a Cloud-Everything World appeared first on Security Boulevard.

VPN 96

VPN Encryption Technology Security Awareness 96

Heimadal Security

OCTOBER 21, 2022

A new version of the Ursnif malware (a.k.a. Gozi) has surfaced. Initially emerging as a generic backdoor, this new version has been stripped of its typical banking trojan functionality. This change might indicate that the operators of this new version might change their focus and use the malware to distribute ransomware. New Ursnif Campaign Spotted […].

Banking 88

Banking Accountability Malware Ransomware 88

Security Affairs

OCTOBER 21, 2022

CISA added a Linux kernel vulnerability, tracked as CVE-2021-3493, to its Known Exploited Vulnerabilities Catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) this week added a Linux kernel vulnerability, tracked as CVE-2021-3493 , to its Known Exploited Vulnerabilities Catalog. According to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities , FCEB agencies have to address the identified vulnerabilities by the due date

IoT 87

IoT Hacking Malware Risk 87

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

The Hacker News

OCTOBER 21, 2022

WordPress security company Wordfence on Thursday said it started detecting exploitation attempts targeting the newly disclosed flaw in Apache Commons Text on October 18, 2022. The vulnerability, tracked as CVE-2022-42889 aka Text4Shell, has been assigned a severity ranking of 9.8 out of a possible 10.0 on the CVSS scale and affects versions 1.5 through 1.9 of the library.

86

86

Bleeping Computer

OCTOBER 21, 2022

France's data protection authority (CNIL) has fined Clearview AI with €20 million for illegal collection and processing of biometric data belonging to French citizens. [.].

Data collection 87

Data collection 87

Security Affairs

OCTOBER 21, 2022

A new variant of the popular Ursnif malware is used as a backdoor to deliver next-stage payloads and steal sensitive data. Mandiant researchers warn of a significant shift from Ursnif ‘s original purpose, the malware initially used in banking frauds is now used to deliver next-stage payloads and steal sensitive data. The new variant, first observed in June 2022 and dubbed LDR4, is not a banking trojan, but a generic backdoor. . “This is a significant shift from the malware’s original

Banking 84

Banking Malware Hacking Ransomware 84

Bleeping Computer

OCTOBER 21, 2022

CISA, the FBI, and the Department of Health and Human Services (HHS) warned that a cybercrime group known as Daixin Team is actively targeting the U.S. Healthcare and Public Health (HPH) Sector sector in ransomware attacks. [.].

Ransomware 86

Ransomware Healthcare Cybercrime 86

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Heimadal Security

OCTOBER 21, 2022

Certainly, everyone encountered those irritating pop-up ads which appear onscreen almost out of nowhere, when browsing a website or using an app. But adverts being annoying is just the surface level, some adware are highly manipulative and can act as a disguise for malicious programs. However, there are ways to recognize adware infections and mitigate […].

Adware 84

Adware Cybersecurity 84

The Hacker News

OCTOBER 21, 2022

A now-patched vulnerability in VMware Workspace ONE Access has been observed being exploited to deliver both cryptocurrency miners and ransomware on affected machines.

Ransomware 86

Ransomware Cryptocurrency 86

InfoWorld on Security

OCTOBER 21, 2022

We’ve made a point of shoring up security for infrastructure-as-a-service clouds since they are so complex and have so many moving parts. Unfortunately, the many software-as-a-service systems in use for more than 20 years now have fallen down the cloud security priority list. Organizations are making a lot of assumptions about SaaS security. At their essence, SaaS systems are applications that run remotely, with data stored on back-end systems that the SaaS provider encrypts on the customer’s be

Encryption 83

Encryption Accountability Software 83

Heimadal Security

OCTOBER 21, 2022

Advocate Aurora Health (AAH), a 26-hospital healthcare group in Wisconsin and Illinois, is informing its patients of a data breach that disclosed 3,000,000 individuals’ personal information. The incident occurred as a result of the incorrect usage of Meta Pixel on AAH’s websites, where patients log in and provide sensitive personal and medical information.

Healthcare 81

Healthcare Data breaches Cybersecurity 81

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.