Schneier on Security

AUGUST 18, 2023

Interesting research: “ An Empirical Study & Evaluation of Modern CAPTCHAs “: Abstract: For nearly two decades, CAPTCHAS have been widely used as a means of protection against bots. Throughout the years, as their use grew, techniques to defeat or bypass CAPTCHAS have continued to improve. Meanwhile, CAPTCHAS have also evolved in terms of sophistication and diversity, becoming increasingly difficult to solve for both bots (machines) and humans.

Accountability 241

Accountability 241

Tech Republic Security

AUGUST 18, 2023

This is a comprehensive ExpressVPN Review, covering features, pricing, and more. Use this guide to find out if it is the best VPN for you.

VPN 148

VPN Cybersecurity 148

Jane Frankland

AUGUST 18, 2023

Every now and again I’m asked about conferences and whether they’re worth attending. My answer is always, yes so long as you plan carefully. Over the years I’ve attended hundreds of cybersecurity conferences all over the world, and participated as an attendee, speaker, chair, and advisor. All these roles have enabled me to gain an understanding of conferences through different lenses.

Cybersecurity 130

Cybersecurity Risk Media Government 130

Tech Republic Security

AUGUST 18, 2023

About 2,000 Citrix NetScalers were compromised in automated massive attack campaigns. Find out more about the threat actors and how to protect from them.

Cybersecurity 147

Cybersecurity Network Security 147

Speaker: Erroll Amacker

Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.

Risk

The Hacker News

AUGUST 18, 2023

Microsoft on Thursday disclosed that it found a new version of the BlackCat ransomware (aka ALPHV and Noberus) that embeds tools like Impacket and RemCom to facilitate lateral movement and remote code execution.

Ransomware 98

Ransomware 98

Bleeping Computer

AUGUST 18, 2023

A high-severity vulnerability has been fixed in WinRAR, the popular file archiver utility for Windows used by millions, that can execute commands on a computer simply by opening an archive. [.

Software 98

Software 98

Security Affairs

AUGUST 18, 2023

A flaw impacting the file archiver utility for Windows WinRAR can allow the execution of commands on a computer by opening an archive. WinRAR is a popular file compression and archival utility for Windows operating systems. The utility is affected by a now-fixed high-severity vulnerability, tracked as CVE-2023-40477 (CVSS score 7.8), that can allow remote execution of arbitrary code on a computer by opening a crafted RAR archive.

Hacking 98

Hacking Information Security 98

Bleeping Computer

AUGUST 18, 2023

Hotmail users worldwide have problems sending emails, with messages flagged as spam or not delivered after Microsoft misconfigured the domain's DNS SPF record. [.

DNS 98

DNS 98

Security Affairs

AUGUST 18, 2023

Experts warn of an ongoing campaign attributed to China-linked Bronze Starlight that is targeting the Southeast Asian gambling sector. SentinelOne observed China-linked APT group Bronze Starlight (aka APT10 , Emperor Dragonfly or Storm-0401) targeting the gambling sector within Southeast Asia. The malware and infrastructure employed in the campaign are linked to the ones observed in Operation ChattyGoblin attributed by the security firm ESET to China-linked threat actors.

VPN 98

VPN Malware Encryption Passwords 98

Digital Shadows

AUGUST 18, 2023

Cyber-actors hide using "clean" resources. ReliaQuest shows tracking IoCs & detection helps security pros counteract disguised attacks. Enhancing OSINT is key.

98

98

Advertisement

Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.

Cyber threats

Security Affairs

AUGUST 18, 2023

#OpFukushima: The famous collective Anonymous has launched cyberattacks against Japan nuclear websites over Fukushima water plan. The hacker collective Anonymous has launched cyberattacks against nuclear power-linked groups in Japan as part of an operation called #OpFukushima. The campaign was launched to protest against the Government’s plan to release the treated radioactive water from the Fukushima nuclear plant into the sea.

Government 98

Government Media DDOS Hacking 98

Malwarebytes

AUGUST 18, 2023

An ongoing campaign targeting LinkedIn accounts has led to victims losing control of their accounts, or being locked out following repeated login attempts. Whether the attackers are using brute force methods or credential stuffing isn't known, but because some victims are being being locked out following a great number of failed attempts, you might suspect brute force methods.

Accountability 98

Accountability Passwords Authentication Phishing 98

Security Affairs

AUGUST 18, 2023

A massive social engineering campaign is targeting users of the Zimbra Collaboration email server to steal their login credentials. ESET researchers uncovered a mass-spreading phishing campaign targeting users of the Zimbra Collaboration email server since April 2023. Zimbra Collaboration is an open-core collaborative software platform. The campaign is still ongoing and is targeting a wide range of small and medium businesses and governmental entities.

Phishing 98

Phishing Social Engineering Accountability Engineering 98

Heimadal Security

AUGUST 18, 2023

As the cybercrime landscape evolves, you may wonder if the old Antivirus solution that you have installed on your organization’s endpoints still does the job. Traditional antivirus software initially offered sufficient defense against the majority of viruses before they evolved into other types of malware. A better type of endpoint security is required because traditional […] The post What Is Next-Generation Antivirus (NGAV) and How Does It Work?

Antivirus 98

Antivirus Cybercrime Malware Software 98

Advertisement

The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.

Cybersecurity

Security Affairs

AUGUST 18, 2023

An international law enforcement operation across 25 African countries has led to the arrest of 14 cybercriminals. A coordinated law enforcement operation conducted by INTERPOL and AFRIPOL across 25 African countries has led to the arrest of 14 suspected cybercriminals and the identification of 20,674 suspicious cyber networks. The operation demonstrates the surge in cybercriminal activities in the region.

Cybercrime 98

Cybercrime Scams Internet Internet 98

The Hacker News

AUGUST 18, 2023

While IT security managers in companies and public administrations rely on the concept of Zero Trust, APTS (Advanced Persistent Threats) are putting its practical effectiveness to the test. Analysts, on the other hand, understand that Zero Trust can only be achieved with comprehensive insight into one's own network.

Hacking 98

Hacking 98

Security Boulevard

AUGUST 18, 2023

IBM extends its alliance with Cloudflare to combat malicious bot attacks growing in volume and sophistication. The post IBM Extends Cloudflare Alliance to Combat Bots Using Machine Learning appeared first on Security Boulevard.

Cybersecurity 98

Cybersecurity 98

Malwarebytes

AUGUST 18, 2023

The Cybersecurity and Infrastructure Security Agency (CISA) has added a vulnerability to its catalog of know exploited vulnerabilities , based on evidence of active exploitation. This means that Federal Civilian Executive Branch (FCEB) agencies need to remediate this vulnerability by September 6, 2023 to protect their networks against this active threat.

Software 98

Software Backups Ransomware Internet 98

Speaker: Sierre Lindgren

Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.

Scams

Digital Guardian

AUGUST 18, 2023

Hacks, social engineering, and phishing dominated this week’s headlines, but cloud security is at the forefront of government officials’ minds. Catch up on all the latest in this week’s Friday Five!

Social Engineering 98

Social Engineering Engineering Phishing Government 98

Heimadal Security

AUGUST 18, 2023

Researchers at Microsoft discovered a new version of the BlackCat ransomware. Dubbed ‘Sphynx’, this version embeds the Impacket networking framework and the Remcom hacking tool, both enabling spreading laterally across a breached network. Back in April, the cybersecurity researcher VX-Underground tweeted about a new BlackCat/ALPHV encryptor version called Sphynx after seeing a message BlackCat sent […] The post BlackCat Sphynx: The Ransomware Operation Evolves Once Again appeared first on

Ransomware 98

Ransomware Hacking Cybersecurity 98

IT Security Guru

AUGUST 18, 2023

A few years ago, DLP was a hot security buzzword and a relevant single offering. Now, it’s been swallowed up as part of other, beefier solutions that offer a buffet instead of an entrée. However, to understand where to find DLP today and what exactly it’s doing, it helps to get a sense of the whole picture. Let’s review the rise, decline and – reincarnation?

Big data 96

Big data Data privacy Technology Risk 96

The Hacker News

AUGUST 18, 2023

A coordinated law enforcement operation across 25 African countries has led to the arrest of 14 suspected cybercriminals, INTERPOL announced Friday. The exercise, conducted in partnership with AFRIPOL, enabled investigators to identify 20,674 cyber networks that were linked to financial losses of more than $40 million.

95

95

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

Malwarebytes

AUGUST 18, 2023

Microsoft has re-released the August 2023 Security Updates (SUs) for Exchange Server. The original release of the SUs, from August 8 2023, had a localization issue with Exchange Server running on a non-English Operating Systems (OSes) that caused Setup to stop unexpectedly, leaving Exchange services in a disabled state. Exchange Online users are already protected from the vulnerabilities addressed by these Security Updates and do not need to take any action other than updating any Exchange serve

Accountability 95

Accountability Risk Cybersecurity 95

Heimadal Security

AUGUST 18, 2023

Zimbra Collaboration email servers worldwide are being targeted by threat actors. Recently, cybersecurity researchers have uncovered an ongoing phishing campaign, that has been underway since at least April 2023. Threat actors are sending phishing emails to organizations worldwide, with no specific focus on certain organizations or sectors, in an attempt to steal credentials.

Phishing 95

Phishing Cybersecurity 95

The Hacker News

AUGUST 18, 2023

A new "mass-spreading" social engineering campaign is targeting users of the Zimbra Collaboration email server with an aim to collect their login credentials for use in follow-on operations.

Social Engineering 92

Social Engineering Engineering 92

InfoWorld on Security

AUGUST 18, 2023

The 2023 Cloud Security Report , sponsored by Fortinet, surveyed 752 cybersecurity professionals from around the globe and across all industries. Most respondents (90%) say having a single cloud security platform to configure and manage security consistently across their cloud deployments would be helpful. Do you think? This isn’t very surprising. Security silos are a massive problem in cloud computing.

Cybersecurity 89

Cybersecurity 89

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Heimadal Security

AUGUST 18, 2023

In today’s rapidly evolving digital landscape, cybersecurity has become a paramount concern for businesses and individuals alike. The increasing frequency and sophistication of cyberattacks have left organizations struggling to keep up with the relentless threats. Enter the webinar titled “Short Staffed in Cybersecurity? It’s Time for MXDR,” which aims to shed light on the challenges […] The post Short Staffed in Cybersecurity?

Cybersecurity 89

Cybersecurity Ransomware 89

Dark Reading

AUGUST 18, 2023

Interpol- and Afripol-led crackdown disrupts cybercrime ecosystem responsible for some $40 million in losses to victims.

Cybercrime 87

Cybercrime 87

Bleeping Computer

AUGUST 18, 2023

An international law enforcement operation led by Interpol has led to the arrest of 14 suspected cybercriminals in an operation codenamed 'Africa Cyber Surge II,' launched in April 2023. [.

79

79

Dark Reading

AUGUST 18, 2023

A good chunk of the entire user base of a particular email service is being targeted for sensitive credentials.

Phishing 79

Phishing 79

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!