Schneier on Security
AUGUST 3, 2023
If you ask Alexa, Amazon’s voice assistant AI system, whether Amazon is a monopoly, it responds by saying it doesn’t know. It doesn’t take much to make it lambaste the other tech giants , but it’s silent about its own corporate parent’s misdeeds. When Alexa responds in this way, it’s obvious that it is putting its developer’s interests ahead of yours.
Krebs on Security
AUGUST 3, 2023
Researchers say mobile malware purveyors have been abusing a bug in the Google Android platform that lets them sneak malicious code into mobile apps and evade security scanning tools. Google says it has updated its app malware detection mechanisms in response to the new research. At issue is a mobile malware obfuscation method identified by researchers at ThreatFabric , a security firm based in Amsterdam.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Tech Republic Security
AUGUST 3, 2023
Adobe, Arm, Intel, Microsoft and Truepic put their weight behind C2PA, an alternative to watermarking AI-generated content.
The Last Watchdog
AUGUST 3, 2023
San Francisco and Cork, Ireland, Aug. 3, 2023 — Vaultree, a cybersecurity leader pioneering Fully Functional Data-In-Use Encryption (FFDUE), today announces a strategic integration with Tableau, a renowned platform for data visualization and business intelligence. This marks a monumental leap forward in secure financial and healthcare data analytics, enabling encrypted data to be safely analyzed and visualized for the first time, all while maintaining absolute data privacy and security.
Speaker: Erroll Amacker
Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.
Tech Republic Security
AUGUST 3, 2023
Discover the new models used to assign security budgets that succeed where traditional and outdated processes fail.
SecureList
AUGUST 3, 2023
Introduction The malware landscape keeps evolving. New families are born, while others disappear. Some families are short-lived, while others remain active for quite a long time. In order to follow this evolution, we rely both on samples that we detect and our monitoring efforts, which cover botnets and underground forums. While doing so, we found new Emotet samples, a new loader dubbed “DarkGate”, and a new LokiBot infostealer campaign.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
|
Security Affairs
AUGUST 3, 2023
Russia-linked APT29 group targeted dozens of organizations and government agencies worldwide with Microsoft Teams phishing attacks. Microsoft Threat Intelligence reported that Russia-linked cyberespionage group APT29 (aka SVR group , Cozy Bear , Nobelium , Midnight Blizzard , and The Dukes ) carried out Microsoft Teams phishing attacks aimed at dozens of organizations and government agencies worldwide.
Tech Republic Security
AUGUST 3, 2023
In alliance with Cohesity and others, Cisco is fueling near-zero latency between ransomware detection and remediation with its Extended Detection and Response platform.
Security Affairs
AUGUST 3, 2023
The OWASP Top 10 for LLM (Large Language Model) Applications version 1.0 is out, it focuses on the potential security risks when using LLMs. OWASP released the OWASP Top 10 for LLM (Large Language Model) Applications project , which provides a list of the top 10 most critical vulnerabilities impacting LLM applications. The project aims to educate developers, designers, architects, managers, and organizations about the security issues when deploying Large Language Models (LLMs).
Tech Republic Security
AUGUST 3, 2023
Learn about Arc's features, pros and cons, and what makes the web browser unique. Arc is available only for Mac and iPhone users.
Advertisement
Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.
Security Affairs
AUGUST 3, 2023
Experts warn that decommissioned medical infusion pumps sold via the secondary market could expose Wi-Fi configuration settings. The sale of decommissioned medical infusion pumps through the secondary market may lead to the potential exposure of Wi-Fi configuration settings. The researchers discovered that most of the medical infusion pumps that were purchased from secondary market services such as eBay were found to still contain wireless authentication data from the original medical organizati
Security Boulevard
AUGUST 3, 2023
Fist of FAIL: Tenable CEO Amit Yoran has had enough—and he’s not gonna take it anymore. Satya Nadella (pictured) can’t be happy. The post Microsoft is a “Strategic Problem in the Security Space,” Says CEO appeared first on Security Boulevard.
Security Affairs
AUGUST 3, 2023
Researchers discovered a bypass for a recently fixed actively exploited vulnerability in Ivanti Endpoint Manager Mobile (EPMM). Rapid7 cybersecurity researchers have discovered a bypass for the recently patched actively exploited vulnerability in Ivanti Endpoint Manager Mobile (EPMM). The new vulnerability, tracked as CVE-2023-35082 (CVSS score: 10.0), can be exploited by unauthenticated attackers to access the API in older unsupported versions of MobileIron Core (11.2 and below).
Malwarebytes
AUGUST 3, 2023
As we have mentioned before, identity theft is a serious problem, especially when it affects children. Identity thieves love preying on minors, simply because it usually takes longer before the theft is noticed. A person’s identity represents a certain value. If it is stolen and abused, it can cause a lot of harm. Stolen identities (even childrens') can be abused to: Apply for credit cards Obtain loans Seek benefits Open bank accounts In many cases, the consequences are only financial and
Advertisement
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
Security Affairs
AUGUST 3, 2023
CISA, the FBI, and NSA, along with Five Eyes cybersecurity agencies published a list of the 12 most exploited vulnerabilities of 2022. CISA, the NSA, and the FBI, in collaboration with cybersecurity authorities from Australia, Canada, New Zealand, and the United Kingdom, have published a list of the 12 most exploited vulnerabilities of 2022. The knowledge of the 12 most exploited vulnerabilities of 2022 allows organizations to prioritize their patch management operations to minimize the attack s
Duo's Security Blog
AUGUST 3, 2023
In the ever-evolving cybersecurity world, organizations must adopt robust measures to safeguard sensitive data and critical systems. Access management solutions, including single sign-on (SSO), multi-factor authentication (MFA), and privileged access management (PAM), can offer a comprehensive defense against threats. However, finding the strongest solutions to securing access is an equally dynamic landscape.
Security Boulevard
AUGUST 3, 2023
ReversingLabs has identified several malicious Python packages on the Python Package Index (PyPI) open source repository. In all, ReversingLabs researchers uncovered 24 malicious packages imitating three, popular open source Python tools: vConnector , a wrapper module for pyVmomi VMware vSphere bindings ; as well as eth-tester , a collection of tools for testing ethereum based applications; and databases , a tool that gives asyncro support for a range of databases.
The Hacker News
AUGUST 3, 2023
Threat actors are leveraging a technique called versioning to evade Google Play Store's malware detections and target Android users. "Campaigns using versioning commonly target users' credentials, data, and finances," Google Cybersecurity Action Team (GCAT) said in its August 2023 Threat Horizons Report shared with The Hacker News.
Speaker: Sierre Lindgren
Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.
Security Boulevard
AUGUST 3, 2023
Summary The BloodHound code-convergence project brings some significant and long-desired feature enhancements to BloodHound Enterprise (BHE): Cypher search, including pre-built queries for AD and Azure Built-in support for offline data collection (i.e., control systems or acquisition use cases) Expanded capabilities for pathfinding BloodHound Enterprise customers will get access to these features on Monday, August 7, 2023, and will receive release notes upon delivery.
SecureWorld News
AUGUST 3, 2023
The Cyber Helpline is a U.K.-registered charity and a movement by the cybersecurity industry that supports individuals and sole traders who have been impacted by cybercrime and online harm through a 24/7 self-help service and a confidential helpline that links service users with cybersecurity professionals who can help them understand, report, recover, and learn from the incident.
Bleeping Computer
AUGUST 3, 2023
The list of LOLBAS files - legitimate binaries and scripts present in Windows that can be abused for malicious purposes, will include the main executables for Microsoft's Outlook email client and Access database management system. [.
WIRED Threat Level
AUGUST 3, 2023
Flaws in the Points.com platform, which is used to manage dozens of major travel rewards programs, exposed user data—and could have let an attacker snag some extra perks.
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
Security Boulevard
AUGUST 3, 2023
Identity Theft Botnet Infostealer Exposures Vs. Breach Exposures: A Comparative Analysis In the realm of identity theft, a deep understanding of the types of threats and their unique implications is critical. Among these threats, two types of exposures frequently rise to prominence because of their capacity to cause substantial harm – Botnet Infostealer exposures and … Continue reading Identity Theft Botnet Infostealer Exposures Vs.
Trend Micro
AUGUST 3, 2023
The latest study said that enterprise SOCs are expanding their responsibilities to the OT domain, but major visibility and skills-related challenges are causing roadblocks.
TrustArc
AUGUST 3, 2023
Since the United States has been deemed adequate for data transfers, which EU-US data transfer mechanism is right for your business? The EU-US Data Privacy Framework? SCCs? BCRs? Consent? How do you know? The post Selecting the Best EU-US Data Transfer Mechanism for Your Business appeared first on TrustArc Privacy Blog.
Security Boulevard
AUGUST 3, 2023
via the comic artistry and dry wit of Randall Munroe , resident at XKCD ! Permalink The post Randall Munroe’s XKCD ‘How to Coil a Cable’ appeared first on Security Boulevard.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Heimadal Security
AUGUST 3, 2023
We are seeing a landslide in the cybersecurity market, with more and more Managed Security Service Providers (MSSPs) working as intermediaries between cybersecurity vendors and businesses in need of beefing up their security. The global managed security services market was valued at approximately 23.2 billion U.S. dollars in 2021, according to Statista.
Malwarebytes
AUGUST 3, 2023
Ransomware attacks have shown no signs of slowing down in 2023. A new report from the Malwarebytes Threat Intelligence team shows 1,900 total ransomware attacks within just four countries—the US, Germany, France, and the UK—in one year. The findings, compiled together in the 2023 State of Ransomware Report, show alarming trends in the global ransomware surge from July 2022 to June 2023.
SecureBlitz
AUGUST 3, 2023
Here, I will talk about how Zero Trust Architecture enhances network security. In today's digital landscape, where cyber threats are becoming increasingly sophisticated, traditional security measures are no longer sufficient to safeguard sensitive information. Enter Zero Trust Architecture, a revolutionary approach that is reshaping the way we think about network security.
eSecurity Planet
AUGUST 3, 2023
New AI-powered cybercrime tools suggest that the capability of AI hacking tools may be evolving rapidly. The creator of FraudGPT, and potentially also WormGPT , is actively developing the next generation of cybercrime chatbots with much more advanced capabilities. Daniel Kelley, a reformed black hat hacker and researcher at cybersecurity firm SlashNext, posed as a potential buyer and contacted the individual – “CanadianKingpin12” – who’s been promoting FraudGPT.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Expert insights. Personalized for you.
246 
Let's personalize your content