Krebs on Security

OCTOBER 9, 2023

The fake USPS phishing page. Recent weeks have seen a sizable uptick in the number of phishing scams targeting U.S. Postal Service (USPS) customers. Here’s a look at an extensive SMS phishing operation that tries to steal personal and financial data by spoofing the USPS, as well as postal services in at least a dozen other countries. KrebsOnSecurity recently heard from a reader who received an SMS purporting to have been sent by the USPS, saying there was a problem with a package destined

Phishing 270

Phishing Scams Passwords Web Fraud 270

The Last Watchdog

OCTOBER 9, 2023

Clean Code’ is a simple concept rooted in common sense. This software writing principle cropped up some 50 years ago and might seem quaint in today’s era of speedy software development. Related: Setting IoT security standards At Black Hat 2023 , I had the chance to visit with Olivier Gaudin , founder and co-CEO, and Johannes Dahse , head of R&D, at SonarSource , a Geneva, Switzerland-based supplier of systems to achieve Clean Code.

Software 231

Software IoT Internet Internet 231

Tech Republic Security

OCTOBER 9, 2023

You can now upgrade up to five computers to Microsoft Windows 11 Home for one low price and get a new sleek interface, advanced tools and enhanced security.

149

149

Google Security

OCTOBER 9, 2023

Posted by Andrew Walbran, Android Rust Team Last year we wrote about how moving native code in Android from C++ to Rust has resulted in fewer security vulnerabilities. Most of the components we mentioned then were system services in userspace (running under Linux), but these are not the only components typically written in memory-unsafe languages. Many security-critical components of an Android system run in a “bare-metal” environment, outside of the Linux kernel, and these are historically writ

Firmware 138

Firmware Architecture Engineering 138

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Tech Republic Security

OCTOBER 9, 2023

When it comes to privacy and security, PIA VPN is among the best. Discover its features, performance, pricing and more with this in-depth review.

VPN 146

VPN Internet Internet 146

Malwarebytes

OCTOBER 9, 2023

Information belonging to as many as seven million 23andMe customers has been put up for sale on criminal forums following a credential stuffing attack against the genomics company. On Friday October 6, 2023, 23andMe confirmed via a somewhat opaque blog post that threat actors had "obtained information from certain accounts, including information about users’ DNA Relatives profiles.

Passwords 136

Passwords Accountability Scams Social Engineering 136

Security Boulevard

OCTOBER 9, 2023

DNA: Do Not Agree. 23andMe says it’s not a breach—just credential stuffing. I’m not so sure. The post Huge DNA PII Leak: 23andMe Must Share the Blame appeared first on Security Boulevard.

Data privacy 128

Data privacy Passwords Security Awareness Risk 128

Security Affairs

OCTOBER 9, 2023

A threat actor has leaked the source code for the first version of the HelloKitty ransomware on a Russian-speaking cybercrime forum. Cybersecurity researchers 3xp0rt reported that a threat actor that goes online with the moniker ‘kapuchin0’ (and also uses the alias Gookee) has leaked the source code of the HelloKitty ransomware on the XSS forum. kapuchin0 claims that the leaked code is the first breach of the HelloKitty ransomware.

Cybercrime 125

Cybercrime Ransomware DDOS Encryption 125

We Live Security

OCTOBER 9, 2023

Your preparedness to deal with cyberattacks is key for lessening the impact of a successful incident – this also holds true for home and small business environments.

Small Business 129

Small Business 129

The Last Watchdog

OCTOBER 9, 2023

Atlanta, GA, Oct. 9, 2023 — Jonathan Shihao Ji, a computer science professor at Georgia State University, has received a $10 million grant from the Department of Defense (DoD) to address critical problems in artificial intelligence (AI) and robotics with a focus on human-robot interaction, 3D virtual environment reconstruction, edge computing and trustworthy AI In recent years, AI has become more and more prevalent in our world, powering search engines, voice assistants and self-driving c

Artificial Intelligence 100

Artificial Intelligence Technology Media Engineering 100

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Security Boulevard

OCTOBER 9, 2023

Americans lost a whopping $2.7 billion in scams that reached them via social media, and the actual figure could be much higher, according to the Federal Trade Commission (FTC). Of those who reported losing money to fraud over the past two years, 25% said the problem started on social media, the agency wrote in a. The post FTC: Americans lost $2.7 Billion Since 2021 to Social Media Scams appeared first on Security Boulevard.

Media 122

Media Scams Data privacy Mobile 122

The Hacker News

OCTOBER 9, 2023

The maintainers of the Curl library have released an advisory warning of two security vulnerabilities that are expected to be addressed as part of an forthcoming update set for release on October 11, 2023. This includes a high-severity and a low-severity flaw tracked under the identifiers CVE-2023-38545 and CVE-2023-38546, respectively.

122

122

Security Affairs

OCTOBER 9, 2023

Flagstar Bank announced a data breach suffered by a third-party service provider exposed the personal information of over 800,000 US customers. Flagstar Bank is warning 837,390 US customers that their personal information was exposed after threat actors breached the third-party service provider Fiserv. Flagstar Bank is an American commercial bank headquartered in Troy, Michigan , it is a wholly owned subsidiary of New York Community Bank.

Data breaches 121

Data breaches Banking Hacking Mobile 121

Dark Reading

OCTOBER 9, 2023

Thousands of devices, including D-Link and Zyxel gear, remain vulnerable to takeover despite the availability of patches for the several bugs being exploited by IZ1H9 campaign.

116

116

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Security Affairs

OCTOBER 9, 2023

IBM observed a credential harvesting campaign that is targeting Citrix NetScaler gateways affected by the CVE-2023-3519 vulnerability. IBM’s X-Force researchers reported that threat actors are conducting a large-scale credential harvesting campaign exploiting the recent CVE-2023-3519 vulnerability (CVSS score: 9.8) in Citrix NetScaler Gateways.

VPN 117

VPN Authentication Cyber Attacks Passwords 117

The Hacker News

OCTOBER 9, 2023

"Of course, here's an example of simple code in the Python programming language that can be associated with the keywords "MyHotKeyHandler," "Keylogger," and "macOS," this is a message from ChatGPT followed by a piece of malicious code and a brief remark not to use it for illegal purposes.

Malware 115

Malware 115

WIRED Threat Level

OCTOBER 9, 2023

The same chaotic day FTX declared bankruptcy, someone began stealing hundreds of millions of dollars from its coffers. A WIRED investigation reveals the company’s “very crazy night” trying to stop them.

Cryptocurrency 113

Cryptocurrency Hacking 113

The Hacker News

OCTOBER 9, 2023

An ad fraud botnet dubbed PEACHPIT leveraged an army of hundreds of thousands of Android and iOS devices to generate illicit profits for the threat actors behind the scheme.

Retail 114

Retail Hacking Mobile 114

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Dark Reading

OCTOBER 9, 2023

It's past time to reimagine how to best nurture talent and expand recruiting and training to alleviate the shortage of trained cybersecurity staff. We need a diverse talent pool trained for tomorrow's challenges.

Cybersecurity 108

Cybersecurity 108

Malwarebytes

OCTOBER 9, 2023

This week on the Lock and Code podcast. What are you most worried about online? And what are you doing to stay safe? Depending on who you are, those could be very different answers, but for teenagers and members of Generation Z, the internet isn't so scary because of traditional threats like malware and viruses. Instead, the internet is scary because of what it can expose.

Malware 106

Malware Internet Internet Media 106

Dark Reading

OCTOBER 9, 2023

Following the publication of the critical Linux security vulnerability, security specialists released PoC exploits to test the implications of CVE-2023-4911.

114

114

eSecurity Planet

OCTOBER 9, 2023

A surge of critical vulnerabilities and zero-day exploits has made for a very busy week in IT security, affecting a range of tech giants like Atlassian, Cisco, Apple, Arm, Qualcomm and Microsoft. Among the issues in the last week, Android and Arm faced actively exploited vulnerabilities in GPU drivers. Microsoft released urgent patches for Edge, Teams, and Skype.

Architecture 104

Architecture Ransomware Software Accountability 104

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

The Hacker News

OCTOBER 9, 2023

A recently disclosed critical flaw in Citrix NetScaler ADC and Gateway devices is being exploited by threat actors to conduct a credential harvesting campaign.

Authentication 110

Authentication 110

Dark Reading

OCTOBER 9, 2023

Security sensors are common in the home for both prevention and response in the event something goes wrong. But in the cloud, have you taken the same approach?

98

98

The Hacker News

OCTOBER 9, 2023

Multiple high-severity security vulnerabilities have been disclosed in ConnectedIO's ER2000 edge routers and the cloud-based management platform that could be exploited by malicious actors to execute malicious code and access sensitive data.

IoT 101

IoT 101

Heimadal Security

OCTOBER 9, 2023

On a market continuously faced with workforce shortage, with a gap of 3.4 million workers globally (ISC2), businesses need to adapt their cybersecurity strategy and consider external services that can provide an incident response team, such as Managed Extended Detection & Response (MXDR). What are MXDR services? MXDR services are comprehensive cybersecurity services that offer […] The post 7 Best MXDR Services appeared first on Heimdal Security Blog.

Marketing 90

Marketing Cybersecurity 90

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

CompTIA on Cybersecurity

OCTOBER 9, 2023

Skills gaps keep many organizations from taking advantage of new technologies – and improving their security posture. Learn now upskilling can address both issues.

Cybersecurity 91

Cybersecurity Technology 91

Dark Reading

OCTOBER 9, 2023

The Intellexa alliance has been using a range of tools for intercepting and subverting mobile and Wi-Fi technologies to deploy its surveillance tools, according to an investigation by Amnesty International and others.

Mobile 91

Mobile Spyware Surveillance Technology 91

InfoWorld on Security

OCTOBER 9, 2023

Foundations have a hit-or-miss success rate in software, generally, and open source, specifically. I’m on the record with 908 words of eyeroll for the Open Enterprise Linux Association and OpenTofu , given the conspicuous absence of cloud vendor support. Yet I’ve also recommended projects like Kubernetes precisely because of their foundation-led community support.

Encryption 82

Encryption Internet Internet Software 82

ZoneAlarm

OCTOBER 9, 2023

October is a month often associated with the spookiness of Halloween, but for the tech-savvy, it also marks Cybersecurity Awareness Month. Founded in 2004 by the National Cyber Security Alliance, this month is designated to shed light on the growing importance of cybersecurity. In our increasingly interconnected world, the threat of cyberattacks looms larger than … The post 7 Ways to Make the Most of Cybersecurity Awareness Month appeared first on ZoneAlarm Security Blog.

Cybersecurity 80

Cybersecurity Antivirus Firewall Data privacy 80

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.