The Last Watchdog

JULY 24, 2023

Accessing vital information to complete day-to-day tasks at our jobs still requires using a password-based system at most companies. Related: Satya Nadella calls for facial recognition regulations Historically, this relationship has been effective from both the user experience and host perspectives; passwords unlocked a world of possibilities, acted as an effective security measure, and were simple to remember.

Authentication 245

Authentication Passwords Phishing Social Engineering 245

Schneier on Security

JULY 24, 2023

Supposedly Google is starting a pilot program of disabling Internet connectivity from employee computers: The company will disable internet access on the select desktops, with the exception of internal web-based tools and Google-owned websites like Google Drive and Gmail. Some workers who need the internet to do their job will get exceptions, the company stated in materials.

Internet 203

Internet Internet 203

Tech Republic Security

JULY 24, 2023

In this How to Make Tech Work tutorial, Jack Wallen shows how to add another layer of security to your Linux machines with just two files.

Network Security 145

Network Security 145

WIRED Threat Level

JULY 24, 2023

A secret encryption cipher baked into radio systems used by critical infrastructure workers, police, and others around the world is finally seeing sunlight. Researchers say it isn’t pretty.

Encryption 98

Encryption Hacking 98

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Tech Republic Security

JULY 24, 2023

Derek Hanson, Yubico’s VP of standards and alliances and an industry expert on passkeys, discusses why device-bound-to-shareable passkeys are critical.

135

135

Bleeping Computer

JULY 24, 2023

Microsoft Sharepoint and OneDrive for Business were briefly interrupted today after a German TLS certificate was mistakenly added to the main.com domains for the Microsoft 365 services. [.

98

98

The Hacker News

JULY 24, 2023

Details have emerged about a now-patched flaw in OpenSSH that could be potentially exploited to run arbitrary commands remotely on compromised hosts under specific conditions. "This vulnerability allows a remote attacker to potentially execute arbitrary commands on vulnerable OpenSSH's forwarded ssh-agent," Saeed Abbasi, manager of vulnerability research at Qualys, said in an analysis last week.

98

98

Tech Republic Security

JULY 24, 2023

While the United Nations hashes out regulations, the UK’s ‘context-based’ approach is intended to spur innovation but may cause uncertainty in the industry.

Government 111

Government Artificial Intelligence Big data 111

Security Boulevard

JULY 24, 2023

As artificial intelligence (AI) captivates the hearts and minds of business and technology executives eager to generate rapid gains from generative AI, security leaders are scrambling. Seemingly overnight, they're being called to assess a whole new set of risks from a technology that is in its infancy. The post AI and the software supply chain: Application security just got a whole lot more complicated appeared first on Security Boulevard.

Artificial Intelligence 98

Artificial Intelligence Software Technology Risk 98

Tech Republic Security

JULY 24, 2023

In this How to Make Tech Work tutorial, Jack Wallen shows how to add another layer of security to your Linux machines with just two files.

119

119

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Bleeping Computer

JULY 24, 2023

Google's security researcher Tavis Ormandy discovered a new vulnerability impacting AMD Zen2 CPUs that could allow a malicious actor to steal sensitive data, such as passwords and encryption keys, at a rate of 30KB/sec from each CPU core. [.

Encryption 98

Encryption Passwords 98

Security Boulevard

JULY 24, 2023

Google is rolling out a red team charged with testing the security of AI systems by running simulated but realistic attacks to uncover vulnerabilities or other weaknesses that could be exploited by cybercriminals. The post Google Launches Red Team to Secure AI Systems Against Attacks appeared first on Security Boulevard.

Security Awareness 98

Security Awareness Malware Cybersecurity 98

Malwarebytes

JULY 24, 2023

Apple has released security updates for several products to address several serious vulnerabilities including some actively exploited zero-days. Updates are available for these products: Safari 16.6 macOS Big Sur and macOS Monterey iOS 16.6 and iPadOS 16.6 iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later iOS 15.7.8 and iPadOS 15.7.8 iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st gene

Spyware 97

Spyware Engineering Risk Cybersecurity 97

Security Boulevard

JULY 24, 2023

Security flaws in connected devices and the IoT are plaguing the digital landscape, impacting a broad range of industries. The post IoT Connected Devices Pose Significant Risk to Organizations appeared first on Security Boulevard.

IoT 98

IoT Risk Internet Internet 98

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Malwarebytes

JULY 24, 2023

If you want to tighten up your parents' home cybersecurity as much as possible, you've come to the right place. After all, you’re no doubt the family IT person, and first point of contact if trouble arises. Consider a Chromebook. If someone is looking for a new computer system for regular, non-demanding purposes, such as browsing, social media, and email, you can help with recommendations.

Banking 97

Banking Software Wireless Encryption 97

Security Boulevard

JULY 24, 2023

Machine learning-based fraud decision engines are sometimes viewed as mysterious black boxes that only provide minimal insight into why a decision was made on a login or a transaction. It’s a valid concern; not all fraud solution providers provide intuitive decision explainability. Some solutions fail to provide any transparency at all on the transactions they […] The post Lost transparency, blackbox ML, and other hidden risks of outsourced fraud solutions appeared first on Sift Blog.

Risk 98

Risk Engineering 98

The Hacker News

JULY 24, 2023

Apple has rolled out security updates to iOS, iPadOS, macOS, tvOS, watchOS, and Safari to address several security vulnerabilities, including one actively exploited zero-day bug in the wild. Tracked as CVE-2023-38606, the shortcoming resides in the kernel and permits a malicious app to modify sensitive kernel state potentially. The company said it was addressed with improved state management.

97

97

Security Boulevard

JULY 24, 2023

The average cost to an organization hit with a data breach reached a record high this year, though those companies are split on who they believe should foot the bill, according to a report released today by IBM. The post IBM: Cost of a Data Breach Hits Another High appeared first on Security Boulevard.

Data breaches 98

Data breaches Ransomware 98

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Security Affairs

JULY 24, 2023

A new flaw in OpenSSH could be potentially exploited to run arbitrary commands remotely on compromised hosts under specific conditions. Researchers from the Qualys Threat Research Unit (TRU) have discovered a remote code execution vulnerability in OpenSSH ’s forwarded ssh-agent. OpenSSH (Open Secure Shell) is a set of open-source tools and utilities that provide secure encrypted communication over a network.

Authentication 91

Authentication Encryption Internet Internet 91

Security Boulevard

JULY 24, 2023

Ransomware impacts more than seven in ten companies worldwide, and understanding how ransomware spreads is critical to finding solutions to stop it Ransomware is malicious software threat actors use to infiltrate a network. Cybercriminals design ransomware to block access to a computer system or encrypt data they find in an architecture they have infiltrated and.

Ransomware 98

Ransomware Architecture Encryption Software 98

Security Affairs

JULY 24, 2023

Checkmark researchers have uncovered the first known targeted OSS supply chain attacks against the banking sector. In the first half of 2023, Checkmarx researchers detected multiple open-source software supply chain attacks aimed at the banking sector. These attacks targeted specific components in web assets used by banks, according to the experts the attackers used advanced techniques. “On the 5 th and 7 th of April, a threat actor leveraged the NPM platform to upload a couple of packag

Banking 90

Banking Hacking Malware Software 90

Security Boulevard

JULY 24, 2023

Zenbleed (CVE-2023-20593) was announced today. This is a vulnerability affecting AMD processors based on the Zen2 microarchitecture (certain EPYC CPUs used in datacenter servers and Ryzen/Threadripper CPUs used in desktop/laptop computers). The bug is a speculative execution bug, but somewhat different from the speculative execution side channel bugs we’ve seen in the past (eg, Meltdown.

98

98

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

Bleeping Computer

JULY 24, 2023

The Norwegian National Security Authority (NSM) has confirmed that attackers used a zero-day vulnerability in Ivanti's Endpoint Manager Mobile (EPMM) solution to breach a software platform used by 12 ministries in the country. [.

Mobile 93

Mobile Hacking Software Government 93

Security Boulevard

JULY 24, 2023

? Good news for all tech enthusiasts! The highly anticipated 2023 State of the API Report, conducted by Postman – one of the leading dev tools for building APIs, is now available. This comprehensive report, produced annually, is backed by an extensive survey and offers a deep dive into the challenges and advancements in the [.] The post API Security in 2023: Major Insights from Postman’s State of the API Report appeared first on Wallarm.

98

98

Bleeping Computer

JULY 24, 2023

Microsoft shared a workaround for Outlook Desktop blocking attempts to open IP address or fully qualified domain name (FQDN) hyperlinks after installing this month's security updates. [.

92

92

Security Boulevard

JULY 24, 2023

Earlier this month, Rambler Gallo pled not guilty to charges that he attempted to sabotage the water treatment facility in Discovery Bay, California. The facility provides treatment for the water and wastewater systems for the town’s 15,000 residents. An unsealed federal court indictment showed Gallo logged into the Supervisory Control and Data Acquisition (SCADA) network.

IoT 97

IoT Cybersecurity 97

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

The Hacker News

JULY 24, 2023

Zero-day vulnerabilities in Windows Installers for the Atera remote monitoring and management software could act as a springboard to launch privilege escalation attacks. The flaws, discovered by Mandiant on February 28, 2023, have been assigned the identifiers CVE-2023-26077 and CVE-2023-26078, with the issues remediated in versions 1.8.3.7 and 1.8.4.

Software 92

Software 92

Security Boulevard

JULY 24, 2023

Storm-0558 Breaks: Satya and Pooh, sitting in a tree, K.I.S.S.I.N.G. The post ‘China’ Azure Breach: MUCH Worse Than Microsoft Said appeared first on Security Boulevard.

Social Engineering 98

Social Engineering Authentication Security Awareness Engineering 98

Dark Reading

JULY 24, 2023

A widespread disinformation campaign aimed at Americans wasn't that effective, but it was certainly creative, even slipping in influence articles to legitimate news outlets like AZCentral.com.

89

89

Security Boulevard

JULY 24, 2023

In GitGuardian's first digital conference, CodeSecDays , security leaders from multiple leading companies like Synk , Chainguard , Doppler , RedMonk , and more came together to share the latest in code and application security. As the CEO and founder of GitGuardian, Eric Fourrier said, “No organizations in this world can grow The post CodeSecDays brings security leaders together to build a world without software security issues appeared first on Security Boulevard.

Software 94

Software 94

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.