Schneier on Security
AUGUST 3, 2023
If you ask Alexa, Amazon’s voice assistant AI system, whether Amazon is a monopoly, it responds by saying it doesn’t know. It doesn’t take much to make it lambaste the other tech giants , but it’s silent about its own corporate parent’s misdeeds. When Alexa responds in this way, it’s obvious that it is putting its developer’s interests ahead of yours.
Krebs on Security
AUGUST 3, 2023
Researchers say mobile malware purveyors have been abusing a bug in the Google Android platform that lets them sneak malicious code into mobile apps and evade security scanning tools. Google says it has updated its app malware detection mechanisms in response to the new research. At issue is a mobile malware obfuscation method identified by researchers at ThreatFabric , a security firm based in Amsterdam.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Tech Republic Security
AUGUST 3, 2023
Agents of the FBI and Homeland Security at the Northeast Cybersecurity Summit revealed how cyberintelligence collaboration works. Learn more with our article.
The Last Watchdog
AUGUST 3, 2023
San Francisco and Cork, Ireland, Aug. 3, 2023 — Vaultree, a cybersecurity leader pioneering Fully Functional Data-In-Use Encryption (FFDUE), today announces a strategic integration with Tableau, a renowned platform for data visualization and business intelligence. This marks a monumental leap forward in secure financial and healthcare data analytics, enabling encrypted data to be safely analyzed and visualized for the first time, all while maintaining absolute data privacy and security.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Tech Republic Security
AUGUST 3, 2023
In alliance with Cohesity and others, Cisco is fueling near-zero latency between ransomware detection and remediation with its Extended Detection and Response platform.
Security Boulevard
AUGUST 3, 2023
Fist of FAIL: Tenable CEO Amit Yoran has had enough—and he’s not gonna take it anymore. Satya Nadella (pictured) can’t be happy. The post Microsoft is a “Strategic Problem in the Security Space,” Says CEO appeared first on Security Boulevard.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Bleeping Computer
AUGUST 3, 2023
The list of LOLBAS files - legitimate binaries and scripts present in Windows that can be abused for malicious purposes, will include the main executables for Microsoft's Outlook email client and Access database management system. [.
Tech Republic Security
AUGUST 3, 2023
Discover the new models used to assign security budgets that succeed where traditional and outdated processes fail.
Security Boulevard
AUGUST 3, 2023
ReversingLabs has identified several malicious Python packages on the Python Package Index (PyPI) open source repository. In all, ReversingLabs researchers uncovered 24 malicious packages imitating three, popular open source Python tools: vConnector , a wrapper module for pyVmomi VMware vSphere bindings ; as well as eth-tester , a collection of tools for testing ethereum based applications; and databases , a tool that gives asyncro support for a range of databases.
Tech Republic Security
AUGUST 3, 2023
Learn about Arc's features, pros and cons, and what makes the web browser unique. Arc is available only for Mac and iPhone users.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Security Boulevard
AUGUST 3, 2023
Summary The BloodHound code-convergence project brings some significant and long-desired feature enhancements to BloodHound Enterprise (BHE): Cypher search, including pre-built queries for AD and Azure Built-in support for offline data collection (i.e., control systems or acquisition use cases) Expanded capabilities for pathfinding BloodHound Enterprise customers will get access to these features on Monday, August 7, 2023, and will receive release notes upon delivery.
TrustArc
AUGUST 3, 2023
Since the United States has been deemed adequate for data transfers, which EU-US data transfer mechanism is right for your business? The EU-US Data Privacy Framework? SCCs? BCRs? Consent? How do you know? The post Selecting the Best EU-US Data Transfer Mechanism for Your Business appeared first on TrustArc Privacy Blog.
Security Boulevard
AUGUST 3, 2023
Identity Theft Botnet Infostealer Exposures Vs. Breach Exposures: A Comparative Analysis In the realm of identity theft, a deep understanding of the types of threats and their unique implications is critical. Among these threats, two types of exposures frequently rise to prominence because of their capacity to cause substantial harm – Botnet Infostealer exposures and … Continue reading Identity Theft Botnet Infostealer Exposures Vs.
Malwarebytes
AUGUST 3, 2023
As we have mentioned before, identity theft is a serious problem, especially when it affects children. Identity thieves love preying on minors, simply because it usually takes longer before the theft is noticed. A person’s identity represents a certain value. If it is stolen and abused, it can cause a lot of harm. Stolen identities (even childrens') can be abused to: Apply for credit cards Obtain loans Seek benefits Open bank accounts In many cases, the consequences are only financial and
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Security Boulevard
AUGUST 3, 2023
via the comic artistry and dry wit of Randall Munroe , resident at XKCD ! Permalink The post Randall Munroe’s XKCD ‘How to Coil a Cable’ appeared first on Security Boulevard.
Bleeping Computer
AUGUST 3, 2023
Google will soon make it easier to remove your personally identifiable information and explicit images from search results right from Google Search or the Google app. [.
Security Boulevard
AUGUST 3, 2023
Thanks are in order to BSides Leeds for publishing their presenter’s outstanding BSides Leeds 2023 security content on the organizations’ YouTube channel. Permalink The post BSides Leeds 2023 – Dan Cannon – Red Red Whine appeared first on Security Boulevard.
Bleeping Computer
AUGUST 3, 2023
Microsoft's new Azure Active Directory Cross-Tenant Synchronization (CTS) feature, introduced in June 2023, has created a new potential attack surface that might allow threat actors to more easily spread laterally to other Azure tenants. [.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Security Boulevard
AUGUST 3, 2023
As an entrepreneur, you likely know just how valuable data is in the current business landscape. Having access to vast amounts of user data can help you make better-informed operational decisions that directly impact your success. However, this data is … Safeguarding User Data: How Innovative Technologies Are Bolstering Client Security Read More » The post Safeguarding User Data: How Innovative Technologies Are Bolstering Client Security appeared first on TechSpective.
Security Affairs
AUGUST 3, 2023
The OWASP Top 10 for LLM (Large Language Model) Applications version 1.0 is out, it focuses on the potential security risks when using LLMs. OWASP released the OWASP Top 10 for LLM (Large Language Model) Applications project , which provides a list of the top 10 most critical vulnerabilities impacting LLM applications. The project aims to educate developers, designers, architects, managers, and organizations about the security issues when deploying Large Language Models (LLMs).
Security Boulevard
AUGUST 3, 2023
The post Fidelis Security is now Part of Partner One. appeared first on Fidelis Cybersecurity. The post Fidelis Security is now Part of Partner One. appeared first on Security Boulevard.
The Hacker News
AUGUST 3, 2023
Threat actors are leveraging a technique called versioning to evade Google Play Store's malware detections and target Android users. "Campaigns using versioning commonly target users' credentials, data, and finances," Google Cybersecurity Action Team (GCAT) said in its August 2023 Threat Horizons Report shared with The Hacker News.
Advertisement
The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.
eSecurity Planet
AUGUST 3, 2023
New AI-powered cybercrime tools suggest that the capability of AI hacking tools may be evolving rapidly. The creator of FraudGPT, and potentially also WormGPT , is actively developing the next generation of cybercrime chatbots with much more advanced capabilities. Daniel Kelley, a reformed black hat hacker and researcher at cybersecurity firm SlashNext, posed as a potential buyer and contacted the individual – “CanadianKingpin12” – who’s been promoting FraudGPT.
Bleeping Computer
AUGUST 3, 2023
The malicious Rilide Stealer Chrome browser extension has returned in new campaigns targeting crypto users and enterprise employees to steal credentials and crypto wallets. [.
Dark Reading
AUGUST 3, 2023
The well-known collective is taking on targeted advertising with the Veilid framework and says it wants to make the Internet accessible to everyone who fears being monetized.
Bleeping Computer
AUGUST 3, 2023
In collaboration with CISA, the NSA, and the FBI, Five Eyes cybersecurity authorities have issued today a list of the 12 most exploited vulnerabilities throughout 2022. [.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Security Affairs
AUGUST 3, 2023
Researchers discovered a bypass for a recently fixed actively exploited vulnerability in Ivanti Endpoint Manager Mobile (EPMM). Rapid7 cybersecurity researchers have discovered a bypass for the recently patched actively exploited vulnerability in Ivanti Endpoint Manager Mobile (EPMM). The new vulnerability, tracked as CVE-2023-35082 (CVSS score: 10.0), can be exploited by unauthenticated attackers to access the API in older unsupported versions of MobileIron Core (11.2 and below).
Dark Reading
AUGUST 3, 2023
The attack surface of a live event like this summer’s World Cup in Australia and New Zealand rivals that of a large multinational enterprise, or even a small city.
SecureList
AUGUST 3, 2023
Introduction The malware landscape keeps evolving. New families are born, while others disappear. Some families are short-lived, while others remain active for quite a long time. In order to follow this evolution, we rely both on samples that we detect and our monitoring efforts, which cover botnets and underground forums. While doing so, we found new Emotet samples, a new loader dubbed “DarkGate”, and a new LokiBot infostealer campaign.
Bleeping Computer
AUGUST 3, 2023
Serco Inc, the Americas division of multinational outsourcing company Serco Group, has disclosed a data breach after attackers stole the personal information of over 10,000 individuals from a third-party vendor's MoveIT managed file transfer (MFT) server. [.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Expert insights. Personalized for you.
235 
Let's personalize your content