Schneier on Security
SEPTEMBER 18, 2023
Remember last November, when hackers broke into the network for LastPass—a password database—and stole password vaults with both encrypted and plaintext data for over 25 million users? Well, they’re now using that data break into crypto wallets and drain them: $35 million and counting, all going into a single wallet. That’s a really profitable hack.
Krebs on Security
SEPTEMBER 18, 2023
The victim shaming website operated by the cybercriminals behind 8Base — currently one of the more active ransomware groups — was until earlier today leaking quite a bit of information that the crime group probably did not intend to be made public. The leaked data suggests that at least some of website’s code was written by a 36-year-old programmer residing in the capital city of Moldova.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Tech Republic Security
SEPTEMBER 18, 2023
The Microsoft leak, which stemmed from AI researchers sharing open-source training data on GitHub, has been mitigated.
Security Affairs
SEPTEMBER 18, 2023
The head of Germany’s foreign intelligence service warns of state-sponsored attacks aimed at liquefied natural gas (LNG) terminals in the country. Bruno Kahl, the President of the Bundesnachrichtendienst intelligence service since 2016, warned of state-sponsored attacks aimed at liquefied natural gas (LNG) terminals in the country. After the Russian invasion of Ukraine, the German government has chartered three new LNG terminals to reach independence from on gas pipelined from Moscow.
Speaker: Erroll Amacker
Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.
Tech Republic Security
SEPTEMBER 18, 2023
Businesses should plan for the development of AI regulation in the US, but knowing what it will look like is still a challenge.
Security Affairs
SEPTEMBER 18, 2023
Microsoft AI researchers accidentally exposed 38TB of sensitive data via a public GitHub repository since July 2020. Cybersecurity firm Wiz discovered that the Microsoft AI research division accidentally leaked 38TB of sensitive while publishing a bucket of open-source training data on GitHub. The exposed data exposed a disk backup of two employees’ workstations containing secrets, private keys, passwords, and over 30,000 internal Microsoft Teams messages. “The researchers shared their fi
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
|
Security Affairs
SEPTEMBER 18, 2023
Software development company Retool was the victim of a smishing attack that resulted in the compromise of 27 accounts of its cloud customers. Software development company Retool revealed that 27 accounts of its cloud customers were compromised as a result of an SMS-based social engineering attack. The company states that one of its employees was compromised on August 27, 2023, via a spear phishing attack.
Tech Republic Security
SEPTEMBER 18, 2023
Users of the SecOps platform can preview Duet AI's natural language questions and summarization capabilities.
We Live Security
SEPTEMBER 18, 2023
Once you’ve made it past the initial screening process and secured that all-important interview, it’s time to seal the deal. These 10 tips will put you on the right track.
Tech Republic Security
SEPTEMBER 18, 2023
Macs, like Windows computers, benefit from routine maintenance. Regular tune-ups help protect Macs, both desktop and laptop models, from potential data loss, needlessly slow performance and other issues. Just what steps should a macOS tune-up checklist include? Check out the steps below, from TechRepublic Premium, to ensure you get proper, consistent results during each macOS.
Advertisement
Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.
Dark Reading
SEPTEMBER 18, 2023
"Silent Skimmer" is a technically complex campaign that has successfully targeted online businesses in the Asia Pacific region for over a year.
The Hacker News
SEPTEMBER 18, 2023
Software development company Retool has disclosed that the accounts of 27 of its cloud customers were compromised following a targeted and SMS-based social engineering attack. The San Francisco-based firm blamed a Google Account cloud synchronization feature recently introduced in April 2023 for making the breach worse, calling it a "dark pattern.
The Last Watchdog
SEPTEMBER 18, 2023
LONDON, Sept. 18, 2023 – The first comparative research into the evolution of the vulnerability management market authored by Omdia has found risk-based vulnerability management (RVBM) is set to encompass the entire vulnerability management market by 2027. Omdia’s comprehensive market analysis is the first report that provides a strategic overview of RBVM and its broader evolution within cybersecurity that Omdia refers to as proactive security. “The emergence of RBVM has been driven by
The Hacker News
SEPTEMBER 18, 2023
A new analysis of the Android banking trojan known as Hook has revealed that it's based on its predecessor called ERMAC. "The ERMAC source code was used as a base for Hook," NCC Group security researchers Joshua Kamp and Alberto Segura said in a technical analysis published last week.
Advertisement
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
Malwarebytes
SEPTEMBER 18, 2023
A recently released report from New York University claims that the Metaverse, an all-in-one virtual online space, poses a potentially major risk to user privacy. This is because headsets and other similar devices can collect an incredible amount of personal, physical and biometric information. The user isn’t always aware of the collection, or how it could be used in ways they don’t expect.
Dark Reading
SEPTEMBER 18, 2023
CISOs can refine their soft skills to help get their cybersecurity best-practices message across. Steps include increasing staff incident-response training and staying current with the threat landscape.
The Hacker News
SEPTEMBER 18, 2023
A novel cloud-native cryptojacking operation has set its eyes on uncommon Amazon Web Services (AWS) offerings such as AWS Amplify, AWS Fargate, and Amazon SageMaker to illicitly mine cryptocurrency. The malicious cyber activity has been codenamed AMBERSQUID by cloud and container security firm Sysdig.
Heimadal Security
SEPTEMBER 18, 2023
There are financial advantages to investing in cybersecurity, especially in Endpoint Detection and Response (EDR) solutions. Breaching one financial institution can bring threat actors access to a variety of companies’ assets. That is because banks store money and data for clients in the business sector. This means that a breach of a financial organization can […] The post EDR for Banking: 6 Ways EDR Can Help Financial Organizations appeared first on Heimdal Security Blog.
Speaker: Sierre Lindgren
Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.
Malwarebytes
SEPTEMBER 18, 2023
Warnings about including credentials, keys, and tokens when sharing code on publicly accessible repositories shouldn’t be necessary. It should speak for itself that you don’t just hand over the keys to your data. But what if a misconfiguration ends in a supposed internal storage account becoming suddenly accessible to everyone? That's how Microsoft managed to leak access to 38 terabytes of data.
The Hacker News
SEPTEMBER 18, 2023
When you roll out a security product, you assume it will fulfill its purpose. Unfortunately, however, this often turns out not to be the case.
Malwarebytes
SEPTEMBER 18, 2023
In a public announcement , Free Download Manager has acknowledged that a specific web page on its site was compromised by a Ukrainian cybercrime group, exploiting it to distribute malware. Free Download Manager is—unsurprisingly—a download manager for Windows, macOS, Android, and Linux that allows users to manage their downloads and lets them grab large files, torrents, music, and videos.
Dark Reading
SEPTEMBER 18, 2023
The global infosec community needs to help African nations defend against growing threats.
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
Malwarebytes
SEPTEMBER 18, 2023
The peer-to-peer review source G2 has released their Fall 2023 reports, ranking Malwarebytes as a leader across a number of endpoint protection categories. In the most recent results, Malwarebytes is the only vendor to earn the “Easiest to Use” and “Easiest Admin” recognition for its Endpoint Detection and Response (EDR) and Managed Detection and Response (MDR ).
The Hacker News
SEPTEMBER 18, 2023
The suspected Pakistan-linked threat actor known as Transparent Tribe is using malicious Android apps mimicking YouTube to distribute the CapraRAT mobile remote access trojan (RAT), demonstrating the continued evolution of the activity.
Malwarebytes
SEPTEMBER 18, 2023
A researcher specializing in Software Supply Chain security named Dan Lorenc recently raised an interesting topic on LinkedIn. 138 new vulnerabilities in open-source projects were all entered the same day to the CVE database. To understand what the problem is there are a few things you’ll need to know. CVSS – The Common Vulnerability Scoring System (CVSS) is a system widely used in vulnerability management programs.
SecureWorld News
SEPTEMBER 18, 2023
The U.S. Internal Revenue Service (IRS) is entrusted with the vital responsibility of safeguarding sensitive taxpayer information. Recent incidents of potential unauthorized access to or disclosure of this data have raised concerns and prompted a thorough review by the Government Accountability Office (GAO). In its latest report, the GAO has identified significant weaknesses in how the IRS protects taxpayer information.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Dark Reading
SEPTEMBER 18, 2023
The LockBit group is using native IT management software to live off the land, planting and then spreading itself before deploying its ransomware.
eSecurity Planet
SEPTEMBER 18, 2023
Microsoft’s Patch Tuesday dominates the headlines because of near-universal Windows adoption. However, many other companies time their updates for the same week, such as Adobe, SAP, and VMware. Active exploits also lead to new versions of all major browsers as well as older versions of Apple products. Organizations of all sizes need to review the active exploits and announced patches and ensure that vulnerabilities in all of their high value and high risk systems are mitigated.
Heimadal Security
SEPTEMBER 18, 2023
Cybercriminals heavily target TikTok users with cryptocurrency giveaway scams. The vast majority of the posts impersonate Elon Musk and relate to Tesla or SpaceX. These types of posts have been on other social media platforms – Instagram and Twitter – for years. But now the scammers have moved to the video-sharing platform. Cryptocurrency Scams on […] The post Cryptocurrency Scams to Heavily Target TikTok Users appeared first on Heimdal Security Blog.
Dark Reading
SEPTEMBER 18, 2023
Just like with using open source, organizations need to be diligent about testing AI components and understanding where and how it is used in their software.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Expert insights. Personalized for you.
340 
Let's personalize your content