Schneier on Security
MAY 24, 2023
It’s been a big month for US data privacy. Indiana, Iowa, and Tennessee all passed state privacy laws, bringing the total number of states with a privacy law up to eight. No private right of action in any of those, which means it’s up to the states to enforce the laws.
Tech Republic Security
MAY 24, 2023
Barracuda Networks found that spearphishing exploits last year worked to great effect and took days to detect. The post Spearphishing report: 50% of companies were impacted in 2022 appeared first on TechRepublic.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
The Last Watchdog
MAY 24, 2023
Hackers can hurt your business or organization in many ways. First and foremost, cyberattacks can lead to data breaches in which sensitive information is stolen. If a cyber-criminal uses you as a way to get at your customers, suppliers, or employees, these vital business relationships can turn sour. Related: Tapping hidden pools of security talent Sometimes hackers can encrypt your systems, holding them hostage and asking you to pay money to regain access to them.
Anton on Security
MAY 24, 2023
I am not an AI security expert (I hear there are very few of those around ). I am essentially a motivated amateur learner in AI security … and I would even trust Bard advice on Artificial Intelligence security (well, that’s a joke — still, you can see what it says anyhow) (Bard, 5/2023) However I was a pretty good analyst , and some say that this is kinda a minor superpower :-) So, in this post, I will share some things that puzzle me in this emerging domain, and I will use the 3 podcast episode
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Tech Republic Security
MAY 24, 2023
Cloudflare One has a new suite of AI zero-trust security tools. Read our article to learn more about Cloudflare's latest announcement and release. The post Cloudflare releases new AI security tools with Cloudflare One appeared first on TechRepublic.
Bleeping Computer
MAY 24, 2023
Ongoing attacks are targeting an Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability in a WordPress cookie consent plugin named Beautiful Cookie Consent Banner with more than 40,000 active installs. [.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Bleeping Computer
MAY 24, 2023
Microsoft says a Chinese cyberespionage group it tracks as Volt Typhoon has been targeting critical infrastructure organizations across the United States, including Guam, since at least mid-2021. [.
Tech Republic Security
MAY 24, 2023
Enterprise VPNs are critical for connecting remote workers to company resources via reliable and secure links to foster communication and productivity. Read about six viable choices for businesses. The post The top 6 enterprise VPN solutions to use in 2023 appeared first on TechRepublic.
Bleeping Computer
MAY 24, 2023
GitLab has released an emergency security update, version 16.0.1, to address a maximum severity (CVSS v3.1 score: 10.0) path traversal flaw tracked as CVE-2023-2825. [.
Security Boulevard
MAY 24, 2023
Or, at least, OLDER phones: SPI/TEE MITM FAIL The post ‘BrutePrint’ Unlocks Android Phones — Chinese Researchers appeared first on Security Boulevard.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Bleeping Computer
MAY 24, 2023
A new PowerShell-based malware dubbed PowerExchange was used in attacks linked to APT34 Iranian state hackers to backdoor on-premise Microsoft Exchange servers. [.
The Hacker News
MAY 24, 2023
The infamous Lazarus Group actor has been targeting vulnerable versions of Microsoft Internet Information Services (IIS) servers as an initial breach route to deploy malware on targeted systems. The findings come from the AhnLab Security Emergency response Center (ASEC), which detailed the advanced persistent threat's (APT) continued abuse of DLL side-loading techniques to deploy malware.
Bleeping Computer
MAY 24, 2023
Barracuda, a company known for its email and network security solutions, warned customers today that some of their Email Security Gateway (ESG) appliances were breached last week by targeting a now-patched zero-day vulnerability. [.
CyberSecurity Insiders
MAY 24, 2023
Recent reports have revealed a shocking truth about the inadvertent sharing of prenatal NIFTY blood test data by thousands of pregnant British women with a Chinese company called BGI Group. This company, allegedly affiliated with the People’s Liberation Army, has raised concerns among Members of Parliament in the United Kingdom, prompting calls for a swift investigation into the £350 blood screening tests, as it appears that the data is being secretly transmitted to Chinese soil.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Security Boulevard
MAY 24, 2023
Oracle E-Business Suite (EBS) is a popular ERP tool for business and financial operations that uses a combination of usernames and passwords to authenticate users. This form of authentication has known weaknesses that attackers can exploit since, by default, Oracle EBS does not provide any added security measures like multifactor authentication (MFA).
Google Security
MAY 24, 2023
Brandon Lum and Mihai Maruseac, Google Open Source Security Team Today, we are announcing the launch of the v0.1 version of Graph for Understanding Artifact Composition (GUAC). Introduced at Kubecon 2022 in October, GUAC targets a critical need in the software industry to understand the software supply chain. In collaboration with Kusari , Purdue University , Citi , and community members , we have incorporated feedback from our early testers to improve GUAC and make it more useful for security p
CSO Magazine
MAY 24, 2023
A commercial malware tool called Legion that hackers deploy on compromised web servers has recently been updated to extract credentials for additional cloud services to authenticate over SSH. The main goal of this Python-based script is to harvest credentials stored in configuration files for email providers, cloud service providers, server management systems, databases, and payment systems.
Security Boulevard
MAY 24, 2023
Shopify has made it incredibly easy for businesses to build an online store with a sleek and streamlined dashboard that allows the sale of products via social media, digital marketplaces, blogs, emails, and other public forums. But since this degree of reach requires the collection of user data, Shopify stores are subject to data regulations […] The post Shopify Stores Privacy Policy: What you need to know?
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
We Live Security
MAY 24, 2023
Nobody wants to spend their time dealing with the fallout of a security incident instead of building up their business The post Digital security for the self‑employed: Staying safe without an IT team to help appeared first on WeLiveSecurity
Security Boulevard
MAY 24, 2023
Learn how the Synopsys Polaris Software Integrity Platform® is easy to scale for AppSec teams of any size. The post AppSec Decoded: Easy to scale with Polaris appeared first on Security Boulevard.
CSO Magazine
MAY 24, 2023
Advanced persistent threat (APT) attacks were once mainly a concern for large corporations in industries that presented cyberespionage interest. That's no longer the case and over the past year in particular, the number of such state-sponsored attacks against small- and medium-sized businesses (SMBs) has increased significantly. Cybersecurity firm Proofpoint analyzed its telemetry data more than 200,000 SMB customers over the past year and saw a rise in phishing campaigns originating from APT gr
The Hacker News
MAY 24, 2023
An updated version of the commodity malware called Legion comes with expanded features to compromise SSH servers and Amazon Web Services (AWS) credentials associated with DynamoDB and CloudWatch.
Advertisement
The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.
Security Boulevard
MAY 24, 2023
The Department of Justice’s recent revelation that it dismantled the Turla cybercriminal network was met with surprise—not that the authorities had taken it down and neutralized the Snake malware, but that Snake was still in use in the first place. “I’m surprised that the FSB was still using Snake until the takedown. The Snake backdoor. The post Turla’s Snake May be Down, But its Legacy Lives On appeared first on Security Boulevard.
Dark Reading
MAY 24, 2023
The company's ESG appliances were breached, but their other services remain unaffected by the compromise.
The Hacker News
MAY 24, 2023
Google on Wednesday announced the 0.1 Beta version of GUAC (short for Graph for Understanding Artifact Composition) for organizations to secure their software supply chains. To that end, the search giant is making available the open source framework as an API for developers to integrate their own tools and policy engines.
Security Affairs
MAY 24, 2023
Barracuda warned customers that some of its Email Security Gateway (ESG) appliances were breached exploiting a zero-day vulnerability. Network security solutions provider Barracuda warned customers that some of its Email Security Gateway (ESG) appliances were recently breached by threat actors exploiting a now-patched zero-day vulnerability. The vulnerability, tracked as CVE-2023-2868, resides in the module for email attachment screening, the issue was discovered on May 19 and the company fixed
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
The Hacker News
MAY 24, 2023
Google has removed a screen recording app named "iRecorder - Screen Recorder" from the Play Store after it was found to sneak in information stealing capabilities nearly a year after the app was published as an innocuous app. The app (APK package name "com.tsoft.app.iscreenrecorder"), which accrued over 50,000 installations, was first uploaded on September 19, 2021.
CSO Magazine
MAY 24, 2023
SuperMailer, a legitimate email newsletter program, has been found abused by threat actors to conduct a high-volume credential harvesting campaign, according to network security firm Cofense. “The SuperMailer-generated emails have been reaching inboxes at an increasingly remarkable volume,” Brah Haas, cyber threat intelligence analyst at Cofense, said in a blog post.
Malwarebytes
MAY 24, 2023
On Friday May 19, 2023, the German arms producer Rheinmetall acknowledged a cyber-incident at one of it’s subsidiaries in the private sector. The BlackBasta ransomware group has already claimed responsibility for the attack through its leak-site. Entry for Rheinmetall on BlackBasta leak site Rheinmetall’s main activities are in the automobile industry and weapons manufacturing, and it descibes itself as one of the world’s largest manufacturers of military vehicles and ammunitio
Bleeping Computer
MAY 24, 2023
Microsoft has released the optional KB5026435 Preview cumulative update for Windows 10 22H2 with two new features and 18 additional fixes or changes. [.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Expert insights. Personalized for you.
205 
Let's personalize your content