Schneier on Security

NOVEMBER 8, 2022

This technique measures device response time to determine distance: The scientists tested the exploit by modifying an off-the-shelf drone to create a flying scanning device, the Wi-Peep. The robotic aircraft sends several messages to each device as it flies around, establishing the positions of devices in each room. A thief using the drone could find vulnerable areas in a home or office by checking for the absence of security cameras and other signs that a room is monitored or occupied.

Surveillance 249

Surveillance 249

Krebs on Security

NOVEMBER 8, 2022

Let’s face it: Having “2022 election” in the headline above is probably the only reason anyone might read this story today. Still, while most of us here in the United States are anxiously awaiting the results of how well we’ve patched our Democracy, it seems fitting that Microsoft Corp. today released gobs of security patches for its ubiquitous Windows operating systems.

Internet 195

Internet Internet Cyber threats Engineering 195

Graham Cluley

NOVEMBER 8, 2022

Mastodon is hot right now. After some years of only being used by geeks (yes, I've had an account for a while now) it's at the tipping point of becoming mainstream. If you're part of the exodus of users leaving Twitter for Mastodon, what are the security and privacy issues that you need to be aware of?

Accountability 145

Accountability 145

Security Boulevard

NOVEMBER 8, 2022

James Zhong admitted to stealing 50,000 bitcoins from the former dark web market, Silk Road. The post Hacker Stole $3B of Bitcoin — Because ‘Crypto’ is Garbage appeared first on Security Boulevard.

Marketing 125

Marketing Cryptocurrency Security Awareness Risk 125

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

InfoWorld on Security

NOVEMBER 8, 2022

Automation is not new, but its use in cloud computing is recent. The idea is to automate tasks that have been traditionally carried out by humans; for example, self-healing a saturated compute server by automatically restarting it on a cloud provider. Or restricting the overuse of some expensive cloud service by finops automation, or having security automation defend against a cloud-borne breach attempt that happens at 3:00 a.m.

125

125

Trend Micro

NOVEMBER 8, 2022

We looked into the campaigns deployed by a new subgroup of advanced persistent threat (APT) group APT41, Earth Longzhi. This entry breaks down the technical details of the campaigns in full as presented at HITCON PEACE 2022 in August.

Hacking 121

Hacking Cyber threats Phishing Malware 121

Bleeping Computer

NOVEMBER 8, 2022

A new Chrome browser botnet named 'Cloud9' has been discovered in the wild using malicious extensions to steal online accounts, log keystrokes, inject ads and malicious JS code, and enlist the victim's browser in DDoS attacks. [.].

DDOS 116

DDOS Accountability 116

CyberSecurity Insiders

NOVEMBER 8, 2022

US Security and Exchange Commission (SEC) has launched a serious probe on SolarWinds’s massive data breach of 2020. Thus, pretty soon, the software developer might face legal action that could land it up in paying a huge penalty. Although the cyber incident was discovered almost two years ago, its consequences took time to be unraveled or detected by the law enforcement and forensic experts.

Data breaches 114

Data breaches Government Cybersecurity Software 114

Cisco Security

NOVEMBER 8, 2022

The word is out! Cisco Secure Endpoint’s effectiveness is off the charts in protecting your enterprise environment. This is not just a baseless opinion; however, the facts are rooted in actual test results from the annual AV-Comparative EPR Test Report published in October 2022. Not only did Secure Endpoint knock it out of the park in enterprise protection; but Cisco Secure Endpoint obtained the lowest total cost of ownership (TCO) per agent at $587 over 5 years.

Antivirus 113

Antivirus Cyber threats Accountability Software 113

CyberSecurity Insiders

NOVEMBER 8, 2022

Romania-based Cybersecurity firm BitDefender has added a new security feature to safeguard its users from chat based cyber threats. The company has introduced a ‘Chat Protection’ feature to users using popular messaging apps like Messenger, WhatsApp, Discord and Telegram. BitDefender Mobile Security feature assists customers in protecting against malware spread and phishing scams.

Mobile 101

Mobile Antivirus VPN IoT 101

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Bleeping Computer

NOVEMBER 8, 2022

Microsoft has released security updates to address two high-severity Microsoft Exchange zero-day vulnerabilities collectively known as ProxyNotShell and exploited in the wild. [.].

98

98

Heimadal Security

NOVEMBER 8, 2022

A threat actor group going by the name of Justice Blade began publishing data stolen from Smart Link BPO Solutions, an outsourcing IT vendor working with organizations and government agencies in the Kingdom of Saudi Arabia and other countries in the GCC. The hackers claim to have stolen a significant volume of data, including contracts, personal information […].

Cybercrime 103

Cybercrime Government Cybersecurity 103

The Hacker News

NOVEMBER 8, 2022

Microsoft's latest round of monthly security updates has been released with fixes for 68 vulnerabilities spanning its software portfolio, including patches for six actively exploited zero-days. 12 of the issues are rated Critical, two are rated High, and 55 are rated Important in severity. This also includes the weaknesses that were closed out by OpenSSL the previous week.

Software 99

Software 99

Security Boulevard

NOVEMBER 8, 2022

Read about the top phishing breaches & phishing tactics used in 2022. Be proactive against phishing attacks in 2023 with AI & automation. The post The Biggest Phishing Breaches of 2022 and How to Avoid them for 2023 appeared first on Security Boulevard.

Phishing 98

Phishing 98

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Security Affairs

NOVEMBER 8, 2022

Citrix released security updates to address a critical authentication bypass vulnerability in Citrix ADC and Citrix Gateway. Citrix is urging customers to install security updates to address a critical authentication bypass issue, tracked as CVE-2022-27510, in Citrix ADC and Citrix Gateway. The company addressed the following three vulnerabilities: CVE-2022-27510 – The flaw is an authentication bypass using an alternate path or channel, an attacker can trigger it to gain unauthorized acces

Authentication 98

Authentication VPN Phishing Hacking 98

Security Boulevard

NOVEMBER 8, 2022

While multifactor authentication has historically been hailed as one of the most significant forms of defense against attacks that leverage compromised credentials, the reality is far from it. MFA attacks are in fact gaining popularity—in the first 90 days of 2022, researchers noted a staggering 113 million attacks against MFA, which is much higher than.

Authentication 98

Authentication Social Engineering Engineering Mobile 98

Dark Reading

NOVEMBER 8, 2022

Long-awaited security fixes for ProxyNotShell and Mark of the Web bypasses are part of a glut of actively exploited zero-day vulnerabilities and other critical flaws that admins need to prioritize in the coming hours.

95

95

Security Boulevard

NOVEMBER 8, 2022

When I was a newly minted engineer fresh out of grad school and joined Cisco, I would often be awe-struck by our then-CEO John Chambers (now an investor in Balbix). He would describe going after large and growing markets where Cisco had the ambition to become #1 or #2 in the market. A decade, and …. Read More. The post Winning the Cybersecurity Posture Market – with Breadth and Depth appeared first on Security Boulevard.

Marketing 98

Marketing Cybersecurity Engineering Network Security 98

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Bleeping Computer

NOVEMBER 8, 2022

Microsoft has reminded customers today that all editions of Windows 10 21H1 (also known as the May 2021 Update) are reaching the end of service (EOS) next month. [.].

98

98

Security Boulevard

NOVEMBER 8, 2022

What is Multi-factor Authentication and how can it help control which endpoints can access your networks and resources? Answer this and more. The post What is Multi-factor Authentication (MFA) and How Can it Protect Your Company Assets? appeared first on Security Boulevard.

Authentication 98

Authentication 98

Security Affairs

NOVEMBER 8, 2022

Researchers observed a SmokeLoader campaign that is distributing a new clipper malware dubbed Laplas Clipper that targets cryptocurrency users. Cyble researchers uncovered a SmokeLoader campaign that is distributing community malware, such as SystemBC and Raccoon Stealer 2.0 , along with a new clipper malware tracked as Laplas. The experts detected more than 180 different samples of the clipper malware in the last two weeks, a circumstance that confirms that the threat has been widely deployed

Malware 95

Malware Cryptocurrency Hacking Cybercrime 95

Security Boulevard

NOVEMBER 8, 2022

Just a few months after its discovery by Red Canary researchers in May 2022, Raspberry Robin has quickly evolved from a worm that, while widely distributed, didn’t show any post-infection actions to a sprawling and active platform for distributing malware. “Microsoft has discovered recent activity indicating that the Raspberry Robin worm is part of a.

Malware 98

Malware Social Engineering Engineering Phishing 98

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

Bleeping Computer

NOVEMBER 8, 2022

VMware has released security updates to address three critical severity vulnerabilities in the Workspace ONE Assist solution that enable remote attackers to bypass authentication and elevate privileges to admin. [.].

Authentication 94

Authentication 94

Security Boulevard

NOVEMBER 8, 2022

Learn more about GitGuardian’s no-code workflows and how they can help you enjoy some respite from the manual and grunt work no security engineer ever enjoys. The post Automate your way out of code security incidents with GitGuardian’s playbooks appeared first on Security Boulevard.

Engineering 98

Engineering 98

Bleeping Computer

NOVEMBER 8, 2022

Microsoft has released the Windows 11 KB5019980 and KB5019961 cumulative updates for versions 22H2 and 21H2 to fix security vulnerabilities and resolve thirty-one bugs and performance issues. [.].

92

92

Security Boulevard

NOVEMBER 8, 2022

Polaris fAST services is fast, powerful, and easy-to-use cloud-based application security testing, optimized for DevSecOps. The post Scalable SAST and SCA in a single solution with Polaris fAST services appeared first on Application Security Blog. The post Scalable SAST and SCA in a single solution with Polaris fAST services appeared first on Security Boulevard.

Software 98

Software Risk 98

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Security Affairs

NOVEMBER 8, 2022

Australian health insurer Medibank confirmed that personal data belonging to around 9.7 million current and former customers were exposed as a result of a ransomware attack. Medibank announced that personal data belonging to around 9.7M of current and former customers were exposed as a result of a recent ransomware attack. Medibank is one of the largest Australian private health insurance providers with approximately 3.9 million customers. “Based on our investigation to date into this cybe

Ransomware 92

Ransomware Insurance Data breaches Cybercrime 92

Security Boulevard

NOVEMBER 8, 2022

CISA’S cybersecurity performance goals are an important first step to helping resource strapped critical infrastructure organizations improve cyber posture. Read More. The post Basic but Powerful – CISA’S Cybersecurity Performance Goals appeared first on Axio. The post Basic but Powerful – CISA’S Cybersecurity Performance Goals appeared first on Security Boulevard.

Cybersecurity 97

Cybersecurity Cyber Risk Risk 97

Bleeping Computer

NOVEMBER 8, 2022

Microsoft has released the Windows 10 KB5019959 and KB5019966 cumulative updates for versions 22H2, version 21H2, version 21H1, and 1809 to fix security vulnerabilities and resolve nineteen bugs and performance issues. [.].

Software 91

Software 91

Security Boulevard

NOVEMBER 8, 2022

Fake Advertisements that impersonate real organizations, created by fraudsters to scam consumers & steal revenue. The post Fake Ads appeared first on Security Boulevard.

Scams 96

Scams Advertising 96

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.