Schneier on Security

AUGUST 15, 2023

This is why we need regulation: Zoom updated its Terms of Service in March, spelling out that the company reserves the right to train AI on user data with no mention of a way to opt out. On Monday, the company said in a blog post that there’s no need to worry about that. Zoom execs swear the company won’t actually train its AI on your video calls without permission, even though the Terms of Service still say it can.

Technology 241

Technology Artificial Intelligence Surveillance 241

Tech Republic Security

AUGUST 15, 2023

Data from the human vs. machine challenge could provide a framework for government and enterprise policies around generative AI.

Hacking 145

Hacking Government Artificial Intelligence Cybersecurity 145

Security Boulevard

AUGUST 15, 2023

New capabilities fix security issues with MFA push notifications Zero Trust security models call for the use of multi-factor authentication (MFA) to ensure that only authorized users may access protected IT resources. Many organizations are adopting MFA to add a layer of security for remote workers. Customer-facing organizations are also implementing MFA to mitigate identity-based attacks, such as phishing, and to help quash the rise in account takeover fraud.

Authentication 98

Authentication Social Engineering Passwords Accountability 98

Tech Republic Security

AUGUST 15, 2023

With Microsoft Defender for Cloud, cloud security posture management features are now available for Google Cloud Platform, as well as AWS and Azure.

Artificial Intelligence 126

Artificial Intelligence Big data Government Malware 126

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Security Boulevard

AUGUST 15, 2023

Enterprises are developing strategies now to protect identities from being stolen and abused even as a true passwordless future is slowly coming into view, according to Joseph Carson, chief security scientist and advisory CISO at privileged access manager (PAM) vendor Delinea. “Stealing identities is a top target by attackers as it allows them to stay.

Passwords 98

Passwords CISO Authentication Cybersecurity 98

Tech Republic Security

AUGUST 15, 2023

With Microsoft Defender for Cloud, cloud security posture management features are now available for Google Cloud Platform, as well as AWS and Azure.

Artificial Intelligence 126

Artificial Intelligence Big data Government Malware 126

Tech Republic Security

AUGUST 15, 2023

In many ways, data has become the primary currency of modern organizations. It doesn’t matter whether you are a large business enterprise, SMB, government or nonprofit, the collection, management, protection and analysis of data is a determining factor in your overall success. This policy from TechRepublic Premium establishes an enterprise-wide framework for categorizing and classifying.

Government 109

Government 109

Security Affairs

AUGUST 15, 2023

Researchers found several flaws in the ScrutisWeb ATM fleet monitoring software that can expose ATMs to hack. Researchers from the Synack Red Team found multi flaws ( CVE-2023-33871, CVE-2023-38257, CVE-2023-35763 and CVE-2023-35189 ) in the ScrutisWeb ATM fleet monitoring software that can be exploited to remotely hack ATMs. ScrutisWeb software is developed by Lagona, it allows to remotely manage ATMs fleets.

Software 97

Software Hacking VPN Firewall 97

Fox IT

AUGUST 15, 2023

Fox-IT (part of NCC Group) has uncovered a large-scale exploitation campaign of Citrix NetScalers in a joint effort with the Dutch Institute of Vulnerability Disclosure (DIVD). An adversary appears to have exploited CVE-2023-3519 in an automated fashion, placing webshells on vulnerable NetScalers to gain persistent access. The adversary can execute arbitrary commands with this webshell, even when a NetScaler is patched and/or rebooted.

Internet 94

Internet Internet System Administration 94

Security Affairs

AUGUST 15, 2023

Monti Ransomware operators returned, after a two-month pause, with a new Linux variant of their encryptor. The Monti ransomware operators returned, after a two-month break, with a new Linux version of the encryptor. The variant was employed in attacks aimed at organizations in government and legal sectors. The Monti group has been active since June 2022, shortly after the Conti ransomware gang shut down its operations.

Ransomware 96

Ransomware Encryption Malware Hacking 96

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Google Security

AUGUST 15, 2023

Elie Bursztein, cybersecurity and AI research director, Fabian Kaczmarczyck, software engineer As part of our effort to deploy quantum resistant cryptography, we are happy to announce the release of the first quantum resilient FIDO2 security key implementation as part of OpenSK, our open source security key firmware. This open-source hardware optimized implementation uses a novel ECC/Dilithium hybrid signature schema that benefits from the security of ECC against standard attacks and Dilithium’s

Firmware 94

Firmware Engineering Internet Internet 94

Security Affairs

AUGUST 15, 2023

QwixxRAT is a new Windows remote access trojan (RAT) that is offered for sale through Telegram and Discord platforms. The Uptycs Threat Research team discovered the QwixxRAT (aka Telegram RAT) in early August 2023 while it was advertised through Telegram and Discord platforms. The RAT is able to collect sensitive data and exfiltrate them by sending the info to the attacker’s Telegram bot.

Malware 96

Malware Antivirus Cryptocurrency Advertising 96

Bleeping Computer

AUGUST 15, 2023

LinkedIn is being targeted in a wave of account hacks resulting in many accounts being locked out for security reasons or ultimately hijacked by attackers. [.

Accountability 98

Accountability Hacking 98

The Hacker News

AUGUST 15, 2023

The threat actors behind the Monti ransomware have resurfaced after a two-month break with a new Linux version of the encryptor in its attacks targeting government and legal sectors. Monti emerged in June 2022, weeks after the Conti ransomware group shut down its operations, deliberately imitating the tactics and tools associated with the latter, including its leaked source code.

Ransomware 90

Ransomware Government 90

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Bleeping Computer

AUGUST 15, 2023

The developers of Raccoon Stealer information-stealing malware have ended their 6-month hiatus from hacker forums to promote a new 2.3.0 version of the malware to cyber criminals. [.

Malware 91

Malware 91

SecureWorld News

AUGUST 15, 2023

The great state of Oregon is gearing up to launch its own Cybersecurity Center of Excellence (COE), coming this October. The creation of this center comes on the heels of a bill signed by the state's governor, marking a pivotal moment for the cybersecurity landscape within Oregon. The COE's establishment is the result of a strategic partnership among three major universities in the state: Portland State University (PSU), Oregon State University (OSU), and the University of Oregon.

Cybersecurity 85

Cybersecurity Education Cyber threats Government 85

Bleeping Computer

AUGUST 15, 2023

Mandiant has released a scanner to check if a Citrix NetScaler Application Delivery Controller (ADC) or NetScaler Gateway Appliance was compromised in widespread attacks exploiting the CVE-2023-3519 vulnerability. [.

Hacking 88

Hacking Software 88

The Hacker News

AUGUST 15, 2023

The npm package registry has emerged as the target of yet another highly targeted attack campaign that aims to entice developers into downloading malevolent modules. Software supply chain security firm Phylum told The Hacker News the activity exhibits similar behaviors to that of a previous attack wave uncovered in June, which has since been linked to North Korean threat actors.

Software 82

Software 82

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Bleeping Computer

AUGUST 15, 2023

A threat actor has compromised close to 2,000 thousand Citrix NetScaler servers in a massive campaign exploiting the critical-severity remote code execution tracked as CVE-2023-3519. [.

Hacking 87

Hacking 87

The Hacker News

AUGUST 15, 2023

Nearly 2,000 Citrix NetScaler instances have been compromised with a backdoor by weaponizing a recently disclosed critical security vulnerability as part of a large-scale attack. "An adversary appears to have exploited CVE-2023-3519 in an automated fashion, placing web shells on vulnerable NetScalers to gain persistent access," NCC Group said in an advisory released Tuesday.

Hacking 82

Hacking 82

Bleeping Computer

AUGUST 15, 2023

Two stack-based buffer overflows collectively tracked as CVE-2023-32560 impact Ivanti Avalanche, an enterprise mobility management (EMM) solution designed to manage, monitor, and secure a wide range of mobile devices. [.

Mobile 85

Mobile 85

The Hacker News

AUGUST 15, 2023

Threat actors' use of Cloudflare R2 to host phishing pages has witnessed a 61-fold increase over the past six months. "The majority of the phishing campaigns target Microsoft login credentials, although there are some pages targeting Adobe, Dropbox, and other cloud apps," Netskope security researcher Jan Michael said.

Phishing 81

Phishing 81

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

Bleeping Computer

AUGUST 15, 2023

As we get back to school, K-12 and colleges are increasingly at risk from ransomware and data theft attacks. Learn more from Specops Software on the steps IT teams at education institutes can take to protect their care orgs from disruption and stolen data. [.

Ransomware 75

Ransomware Education Software Risk 75

The Hacker News

AUGUST 15, 2023

Account holders of over numerous financial institutions in Thailand, Indonesia, Vietnam, the Philippines, and Peru are being targeted by an Android banking malware called Gigabud RAT. "One of Gigabud RAT's unique features is that it doesn't execute any malicious actions until the user is authorized into the malicious application by a fraudster, [.

Banking 80

Banking Malware Accountability 80

WIRED Threat Level

AUGUST 15, 2023

The social media giant filed a lawsuit against a nonprofit that researches hate speech online. It’s the latest effort to cut off the data needed to expose online platforms’ failings.

Accountability 77

Accountability Media 77

The Hacker News

AUGUST 15, 2023

A "staggering" 120,000 computers infected by stealer malware have credentials associated with cybercrime forums, many of them belonging to malicious actors. The findings come from Hudson Rock, which analyzed data collected from computers compromised between 2018 to 2023.

Cybercrime 78

Cybercrime Data collection Malware Software 78

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Dark Reading

AUGUST 15, 2023

Monitoring platform is trusted by Cisco, Savannah River Nuclear Solutions, and others in CISA's critical infrastructure Sectors, say Synopsys researchers.

83

83

The Hacker News

AUGUST 15, 2023

The just-released BlackBerry Global Threat Intelligence Report reveals a 40% increase in cyberattacks against government and public service organizations versus the previous quarter. This includes public transit, utilities, schools, and other government services we rely on daily.

Malware 75

Malware Government 75

Dark Reading

AUGUST 15, 2023

A thriving economy needs several factors to continue an upward trajectory — but is Africa in a position to enable these factors to take place?

Cybersecurity 85

Cybersecurity 85

Malwarebytes

AUGUST 15, 2023

PCMag, one of the most trusted publications by IT professionals, named Malwarebytes the #1 most-recommended security software vendor on its list of Best Tech Brands for 2023.  The ranking is based on a Net Promoter Score (NPS), a composite rating based on customer reviews from PCMag's Reader’s Choice and Business Choice surveys, meaning the score reflects real user feedback.

Cybersecurity 76

Cybersecurity Malware Threat Detection Technology 76

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.