Schneier on Security

AUGUST 11, 2023

Really interesting “systematization of knowledge” paper : “SoK: The Ghost Trilemma” Abstract: Trolls, bots, and sybils distort online discourse and compromise the security of networked platforms. User identity is central to the vectors of attack and manipulation employed in these contexts. However it has long seemed that, try as it might, the security community has been unable to stem the rising tide of such problems.

205

205

Troy Hunt

AUGUST 11, 2023

So about those domain searches. 😊 The new subscription model launched this week and as many of you know from your own past experiences, pushing major new code live is always a bit of a nail-biting exercise. It went out silently on Sunday morning, nothing major broke so I published the blog post Monday afternoon then emailed all the existing API key subscribers Tuesday morning and now here we are!

Education 169

Education Accountability 169

Tech Republic Security

AUGUST 11, 2023

Learn technical details about this newly disclosed security vulnerability, as well as mitigation recommendations from the Google researcher who discovered it.

Big data 134

Big data Cybersecurity 134

Malwarebytes

AUGUST 11, 2023

Changes in the terms of service (TOS) of the Zoom video-conferencing software have caused some turmoil. Since the pandemic, Zoom (Video Conferencing) has become a household name. Zoom came up as the big winner in the video conferencing struggle that enabled us to work from home. Now that things are more or less returning to a new normal, this has also had an impact on their success.

Artificial Intelligence 98

Artificial Intelligence Software Marketing Ransomware 98

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Tech Republic Security

AUGUST 11, 2023

Looking for an alternative to Google Authenticator? Here's our comprehensive list covering the top competitors and alternatives to help you find your best fit.

Authentication 128

Authentication Software Mobile 128

The Hacker News

AUGUST 11, 2023

Google has announced plans to add support for quantum-resistant encryption algorithms in its Chrome browser, starting with version 116. "Chrome will begin supporting X25519Kyber768 for establishing symmetric secrets in TLS, starting in Chrome 116, and available behind a flag in Chrome 115," Devon O'Brien said in a post published Thursday. Kyber was chosen by the U.S.

Encryption 98

Encryption 98

Malwarebytes

AUGUST 11, 2023

Google will have to appear in court after a judge denied their request for summary judgment in a lawsuit filed by users alleging the company illegally invaded the privacy of millions of people. Lawsuits against big tech over privacy issues are not much of a surprise these days, unfortunate as that may be. What makes this case stand out is that Google allegedly misled Chrome users by implying that they could browse privately by using the Incognito mode.

Internet 98

Internet Internet Accountability Ransomware 98

Tech Republic Security

AUGUST 11, 2023

Dependency confusion is becoming a serious cybersecurity threat. Learn which organizations are at risk and how to protect systems against these attacks.

Risk 128

Risk Cybersecurity 128

The Hacker News

AUGUST 11, 2023

A high-severity security flaw has been disclosed in the Python URL parsing function that could be exploited to bypass domain or protocol filtering methods implemented with a blocklist, ultimately resulting in arbitrary file reads and command execution.

97

97

Tech Republic Security

AUGUST 11, 2023

In this Executive Brief by Preetham Gurram, Vice President of Product, Addigy, learn how to proactively manage Apple devices.

Risk 123

Risk Mobile Cybersecurity 123

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Malwarebytes

AUGUST 11, 2023

YouTube is rolling out unclickable links. Video portals like YouTube have had to deal with spam comments and bogus links for many years. With new additions to a platform come new places for scammers to go about their business. YouTube is now cracking down on links posted to the comments section of Shorts. Shorts has been around for a few years now , but you may not have noticed the video format up until this point.

Scams 96

Scams Media Phishing Accountability 96

Security Boulevard

AUGUST 11, 2023

The global digital ecosystem finds itself facing a new breed of cyber threat actors: loosely organized groups with a penchant for extortion, chaos, and the desire to gain notoriety. The US Department of Homeland Security's Cyber Safety Review Board (CSRB) recently released a comprehensive report detailing a series of cyberattacks carried out by a threat group known as Lapsus$.

Cyber threats 95

Cyber threats Government Authentication 95

The Hacker News

AUGUST 11, 2023

The Chinese threat actor known as APT31 (aka Bronze Vinewood, Judgement Panda, or Violet Typhoon) has been linked to a set of advanced backdoors that are capable of exfiltrating harvested sensitive information to Dropbox.

Malware 94

Malware 94

Security Affairs

AUGUST 11, 2023

API (or Application Programming Interface) is a ubiquitous term in the tech community today, and it’s one with a long history. As a concept, APIs (or Application Programming Interfaces) have been around since the 1950s. What started out as a potential method to facilitate communication between two computers then evolved to describe the interaction between a singular application and the rest of the computer system in the 60s and 70s.

B2B 93

B2B Internet Internet Marketing 93

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Heimadal Security

AUGUST 11, 2023

Risk-Based Authentication (also known as RBA, context-based authentication, or adaptive authentication) is a security mechanism that looks at the profile (IP address, device, behavior, time of access, history, and so on) of the agent asking for access to the system in order to assess the potential risk associated with that transaction. How Does It Work?

Authentication 84

Authentication Risk 84

Security Affairs

AUGUST 11, 2023

Threat actors employed a new variant of the SystemBC malware, named DroxiDat, in attacks aimed at African critical infrastructure. Researchers from Kaspersky’s Global Research and Analysis Team (GReAT) reported that an unknown threat actor used a new variant of the SystemBC proxy malware, named DroxiDat, in an attack against a power generation company in southern Africa.

Malware 91

Malware Data collection Healthcare Cybercrime 91

WIRED Threat Level

AUGUST 11, 2023

GitHub has spent two years researching and slowly rolling out its multifactor authentication system. Soon it will be mandatory for all 100 million users—with no opt-out.

Authentication 86

Authentication Hacking 86

Bleeping Computer

AUGUST 11, 2023

Millions of PLC (programmable logic controllers) used in industrial environments worldwide are at risk to 15 vulnerabilities in the CODESYS V3 software development kit, allowing remote code execution (RCE) and denial of service (DoS) attacks. [.

Software 84

Software Risk 84

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Dark Reading

AUGUST 11, 2023

Disguised as harmless PDF documents, LNK files trigger a PowerShell script, initiating a Rust-based injector called Freeze[.]rs and a host of malware infections.

Malware 88

Malware 88

Bleeping Computer

AUGUST 11, 2023

The Department of Homeland Security's Cyber Safety Review Board (CSRB) has announced plans to conduct an in-depth review of cloud security practices following recent Chinese hacks of Microsoft Exchange accounts used by US government agencies. [.

Hacking 82

Hacking Government Accountability 82

Security Affairs

AUGUST 11, 2023

Researchers warn that the Gafgyt botnet is actively exploiting a vulnerability impacting the end-of-life Zyxel P660HN-T1A router. A variant of the Gafgyt botnet is actively attempting to exploit a vulnerability, tracked as CVE-2017-18368 (CVSS v3: 9.8), impacting the end-of-life Zyxel P660HN-T1A router. The flaw is a command injection vulnerability that resides in the Remote System Log forwarding function, which is accessible by an unauthenticated user.

Firmware 81

Firmware Hacking Cybercrime Information Security 81

Malwarebytes

AUGUST 11, 2023

The 16 hospitals struck down by ransomware last week are still dealing with the fallout from the attack. The healthcare facilities located in Connecticut, Pennsylvania, Rhode island, and California had the ransomware attack confirmed by the FBI. Issues started to emerge last Thursday with patients diverted to other locations and some operations put on hold.

Ransomware 80

Ransomware Healthcare Backups Phishing 80

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

Dark Reading

AUGUST 11, 2023

The four finalists in the startup competition tackled problems in firmware security, cloud infrastructure, open source software, and vulnerability remediation.

Firmware 84

Firmware Software 84

The Hacker News

AUGUST 11, 2023

A hitherto undocumented threat actor operating for nearly a decade and codenamed MoustachedBouncer has been attributed to cyber espionage attacks aimed at foreign embassies in Belarus.

76

76

Bleeping Computer

AUGUST 11, 2023

Asian smartphone giant Xiaomi is now blocking Telegram from being installed on devices using its MIUI system and firmware interface. [.

Firmware 86

Firmware Technology 86

Dark Reading

AUGUST 11, 2023

Strategically investing in solutions that meet you where you are makes all the difference in staying secure from cyber threats.

Cyber threats 88

Cyber threats 88

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Bleeping Computer

AUGUST 11, 2023

Amazon AWS has withdrawn its association with open source project Moq after the project drew sharp criticism for its quiet addition of data collection features, as first reported by BleepingComputer. [.

Data collection 73

Data collection 73

Digital Guardian

AUGUST 11, 2023

With an uptick of cyberattacks against government agencies comes a wave of new cyber frameworks, guidance, and regulations. Catch up on all the latest in this week’s Friday Five!

Government 75

Government 75

The Hacker News

AUGUST 11, 2023

An unknown threat actor has been linked to a cyber attack on a power generation company in southern Africa with a new variant of the SystemBC malware called DroxiDat as a precursor to a suspected ransomware attack.

Malware 68

Malware Cyber Attacks Ransomware 68

Bleeping Computer

AUGUST 11, 2023

Police have taken down the Lolek bulletproof hosting provider, arresting five individuals and seizing servers for allegedly facilitating Netwalker ransomware attacks and other malicious activities. [.

Ransomware 68

Ransomware 68

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.