Mon.Jan 23, 2023

article thumbnail

No-Fly List Exposed

Schneier on Security

I can’t remember the last time I thought about the US no-fly list: the list of people so dangerous they should never be allowed to fly on an airplane, yet so innocent that we can’t arrest them. Back when I thought about it a lot, I realized that the TSA’s practice of giving it to every airline meant that it was not well protected, and it certainly ended up in the hands of every major government that wanted it.

article thumbnail

Kaspersky releases 2023 predictions

Tech Republic Security

A new report from Kaspersky details what their digital forensics and incident response teams predict as the main 2023 threats to corporations and government agencies. Learn more about it. The post Kaspersky releases 2023 predictions appeared first on TechRepublic.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Vice Society Ransomware Group Targets Manufacturing Companies

Trend Micro

In this blog entry, we’d like to highlight our findings on Vice Society, which includes an end-to-end infection diagram that we were able to create using Trend Micro internal telemetry.

article thumbnail

Data Privacy Week 2023: Virtual events and webinars to attend

Tech Republic Security

The National Cybersecurity Alliance's second annual Data Privacy Week is January 22-28, 2023. Learn how you can participate in virtual events. The post Data Privacy Week 2023: Virtual events and webinars to attend appeared first on TechRepublic.

article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

Orgs Must Prepare for SEC Cybersecurity Requirements Aimed at Boards

Security Boulevard

Enterprises might want to spend the next few months checking and bolstering their boards’ cybersecurity chops—because by the end of 2023, the Security and Exchange Commission (SEC) is expected to finalize its proposal requiring them to attest to their boards’ cybersecurity acumen—as well as disclose their cybersecurity oversight efforts and information on attacks.

article thumbnail

Report: Cyberespionage threat actor exploits CVE-2022-42475 FortiOS vulnerability

Tech Republic Security

A possible Chinese cyberespionage actor has exploited a FortiOS vulnerability to successfully compromise companies. The post Report: Cyberespionage threat actor exploits CVE-2022-42475 FortiOS vulnerability appeared first on TechRepublic.

Malware 143

More Trending

article thumbnail

The metaverse brings a new breed of threats to challenge privacy and security gatekeepers

CSO Magazine

The metaverse is coming; businesses and government agencies are already building virtual worlds to support city services, meetings and conferences, community building, and commerce. They’re also rendering spatial apps around travel, car sales, manufacturing, and architecture in what Citi predicts will be a $13-trillion market with 5 billion users by 2030.

article thumbnail

Arnold Clark data breach leads to identity theft

CyberSecurity Insiders

A few days ago, the servers of car dealer ‘Arnold Clark’ were breached by hackers and the information of 1000sof motorists was stolen that can lead to identity thefts and online frauds. The threat actors are adamant in their demand for charging cryptocurrency in millions and are not ready to entertain any negotiation of hackers. As the company failed to pay them the demanded ransom, the cyber crooks have leaked addresses, passports, and national insurance numbers and are threatening to leak more

article thumbnail

Apple iOS 16.3 arrives with support for hardware security keys

Bleeping Computer

Apple released iOS 16.3 today with long-awaited support for hardware security keys to provide extra protection against phishing attacks and unauthorized access to your devices. [.

Phishing 118
article thumbnail

Hybrid play: Leveling the playing field in online video gaming and beyond

We Live Security

Does VALORANT’s approach to cheating signal a turning point in how we deal with the continued hacks afflicting our hybrid world of work and play?

Hacking 120
article thumbnail

Beware of Pixels & Trackers on U.S. Healthcare Websites

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

article thumbnail

Russia’s largest ISP says 2022 broke all DDoS attack records

Bleeping Computer

Russia's largest internet service provider Rostelecom says 2022 was a record year for Distributed denial of service attacks (DDoS) targeting organizations in the country. [.

DDOS 114
article thumbnail

TSA No-Fly List Snafu Highlights Risk of Keeping Sensitive Data in Dev Environments

Dark Reading

A Swiss hacker poking around in an unprotected Jenkins development server belonging to CommuteAir accessed the names and birthdates of some 1.5 million people on a TSA no-fly list from 2019.

Risk 106
article thumbnail

What your SOC will be facing in 2023

SecureList

As the role of cybersecurity in large businesses increases remarkably year over year, the importance of Security Operations Centers (SOCs) is becoming paramount. This year’s Kaspersky Security Bulletin ends with tailored predictions for SOCs – from external and internal points of view. The first part of this report is devoted to the most current threats any SOC is likely to face in 2023.

article thumbnail

FanDuel Sportsbook Bettors Exposed in Mailchimp Breach

Dark Reading

Amid all the NFL playoff action, FanDuel has sent an email warning to gamblers that their data was exposed in its third-party breach, putting them at risk for phishing attacks.

Phishing 100
article thumbnail

Software Composition Analysis: The New Armor for Your Cybersecurity

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

article thumbnail

Russia-Linked Attackers Target US Nuclear Research Facilities

Security Boulevard

It made the headlines in early January; Russia is targeting U.S. nuclear scientists and research facilities. While certainly not a news flash—given that Russia’s (and the USSR’s) history of targeting U.S. nuclear technologies dates back more than 75 years. But the tools used in the latest foray remind us of the need to pay more. The post Russia-Linked Attackers Target US Nuclear Research Facilities appeared first on Security Boulevard.

article thumbnail

Apple patches are out – old iPhones get an old zero-day fix at last!

Naked Security

Don't delay, especially if you're still running an iOS 12 device. please do it today!

140
140
article thumbnail

Cryptocurrencies: How have they influenced cybercrime?

Security Boulevard

Cryptocurrencies have now been around for over a decade. Since their inception, they’ve been gaining traction as a legitimate form of currency. However, along with the rise in popularity of cryptocurrencies, there has also been a rise in the use of cryptocurrencies for cybercrime. Why is that? The post Cryptocurrencies: How have they influenced cybercrime?

article thumbnail

Apple backported patches for CVE-2022-42856 zero-day on older iPhones, iPads

Security Affairs

Apple has backported the security updates for the zero-day vulnerability CVE-2022-42856 to older iPhones and iPads. On December 2022, Apple released security updates to address a new zero-day vulnerability, tracked as CVE-2022-42856 , that is actively exploited in attacks against iPhones. The IT giant released security bulletins for iOS/iPadOS 15.7.2 , Safari 16.2 , tvOS 16.2 , and macOS Ventura 13.1.

article thumbnail

From Complexity to Clarity: Strategies for Effective Compliance and Security Measures

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

article thumbnail

Why do Hackers Steal? 5 Motives Behind Data Breaches | Eureka Security

Security Boulevard

From financial gain to hacktivism, we examine the top five motives for data breaches and outline ways companies can protect data against them. | Eureka Security The post Why do Hackers Steal? 5 Motives Behind Data Breaches | Eureka Security appeared first on Security Boulevard.

article thumbnail

US Supreme Court leak investigation highlights weak and ineffective risk management strategy

CSO Magazine

The Supreme Court of the United States (SCOTUS) has announced that its investigation to find the insider who leaked a draft opinion of the Dobbs v. Jackson Women’s Health Org. decision to media outlet Politico has come up empty. In a nutshell, the court’s insider risk management program, designed to protect the information the justices handle on a daily basis, failed—and failed miserably.

Risk 97
article thumbnail

What Is a Network Operations Center (NOC)? Definition, Role, Benefits and Best Practices

Security Boulevard

If you run an MSP or a small business, you know how difficult it can be to manage your IT Read More The post What Is a Network Operations Center (NOC)? Definition, Role, Benefits and Best Practices appeared first on Kaseya. The post What Is a Network Operations Center (NOC)? Definition, Role, Benefits and Best Practices appeared first on Security Boulevard.

article thumbnail

Australia fronts International Counter Ransomware Taskforce

CSO Magazine

The International Counter Ransomware Taskforce (ICRTF), envisioned by the International Counter Ransomware Initiative (CRI), kicked off its operations on Monday with Australia as its inaugural chair and coordinator. The CRI was first brought together in October 2021 with a virtual meeting of 30 countries, facilitated by the US White House National Security Council.

article thumbnail

Successful Change Management with Enterprise Risk Management

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

article thumbnail

What Are Open Source Kubernetes Policy Engines? Why You Need One & How to Pick

Security Boulevard

The idea behind Kubernetes policies is that you will be more successful if you put guardrails in place for your development teams to ensure that they are adhering to Kubernetes best practices. Creating policies can help you make sure that your developers are not doing anything in Kubernetes that is very insecure, inefficient, or unreliable. Once you have decided on your policies, you may want to look at open source Kubernetes policy engines to make sure that your developers are deploying every

article thumbnail

Two flaws in Samsung Galaxy Store can allow to install Apps and execute JS code

Security Affairs

Researchers found two flaws in Samsung Galaxy Store that could be exploited to install applications or achieve code execution on the devices. Researchers from cybersecurity firm NCC Group published technical details on two vulnerabilities, tracked as CVE-2023-21433 and CVE-2023-21434, in Samsung Galaxy Store that could be exploited to install applications or execute malicious JavaScript code.

Hacking 95
article thumbnail

App Spoofing Ad Fraud Affects 11 Million Devices

Heimadal Security

An “expansive” adware operation that spoofs over 1,700 apps from 120 publishers and affects around 11 million devices has been stopped by researchers. Dubbed VASTFLUX, the malvertising attack injected malicious JavaScript code into digital ad creatives and allowed threat actors to stack invisible ad videos behind one another to register ad revenue.

Adware 95
article thumbnail

CISA warns of critical ManageEngine RCE bug exploited in attacks

Bleeping Computer

The Cybersecurity and Infrastructure Security Agency (CISA) has added a remote code execution (RCE) affecting most Zoho ManageEngine products to its catalog of bugs known to be exploited in the wild. [.

article thumbnail

ERM Program Fundamentals for Success in the Banking Industry

Speaker: William Hord, Senior VP of Risk & Professional Services

Enterprise Risk Management (ERM) is critical for industry growth in today’s fast-paced and ever-changing risk landscape. When building your ERM program foundation, you need to answer questions like: Do we have robust board and management support? Do we understand and articulate our bank’s risk appetite and how that impacts our business units? How are we measuring and rating our risk impact, likelihood, and controls to mitigate our risk?

article thumbnail

Companies impacted by Mailchimp data breach warn their customers

Security Affairs

The recent Mailchimp data breach has impacted multiple organizations, some of them are already notifying their customers. The popular email marketing and newsletter platform Mailchimp recently disclosed a news data breach , the incident exposed the data of 133 customers. Threat actors targeted the company’s employees and contractors to gain access to an internal support and account admin tool.

article thumbnail

Hunting Insider Threats on the Dark Web

Dark Reading

Use threat intelligence to reduce chance of success for malicious insider and Dark Web threats.

126
126
article thumbnail

Facebook Introduces New Features for End-to-End Encrypted Messenger App

The Hacker News

Meta Platforms on Monday announced that it has started to expand global testing of end-to-end encryption (E2EE) in Messenger chats by default. "Over the next few months, more people will continue to see some of their chats gradually being upgraded with an extra layer of protection provided by end-to-end encryption," Meta's Melissa Miranda said.

article thumbnail

Pair of Galaxy App Store Bugs Offer Cyberattackers Mobile Device Access

Dark Reading

Devices running Android 12 and below are at risk of attackers downloading apps that direct users to a malicious domain.

Mobile 107
article thumbnail

Cover Your SaaS: How to Overcome Security Challenges and Risks For Your Organization

Speaker: Ronald Eddings, Cybersecurity Expert and Podcaster

So, you’ve accomplished an organization-wide SaaS adoption. It started slow, and now just a few team members might be responsible for running Salesforce, Slack, and a few others applications that boost productivity, but it’s all finished. Or is it? Through all the benefits offered by SaaS applications, it’s still a necessity to onboard providers as quickly as possible.