Krebs on Security
SEPTEMBER 18, 2023
The victim shaming website operated by the cybercriminals behind 8Base — currently one of the more active ransomware groups — was until earlier today leaking quite a bit of information that the crime group probably did not intend to be made public. The leaked data suggests that at least some of website’s code was written by a 36-year-old programmer residing in the capital city of Moldova.
Tech Republic Security
SEPTEMBER 18, 2023
The Microsoft leak, which stemmed from AI researchers sharing open-source training data on GitHub, has been mitigated.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
The Last Watchdog
SEPTEMBER 18, 2023
LONDON, Sept. 18, 2023 – The first comparative research into the evolution of the vulnerability management market authored by Omdia has found risk-based vulnerability management (RVBM) is set to encompass the entire vulnerability management market by 2027. Omdia’s comprehensive market analysis is the first report that provides a strategic overview of RBVM and its broader evolution within cybersecurity that Omdia refers to as proactive security. “The emergence of RBVM has been driven by
Tech Republic Security
SEPTEMBER 18, 2023
Macs, like Windows computers, benefit from routine maintenance. Regular tune-ups help protect Macs, both desktop and laptop models, from potential data loss, needlessly slow performance and other issues. Just what steps should a macOS tune-up checklist include? Check out the steps below, from TechRepublic Premium, to ensure you get proper, consistent results during each macOS.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
We Live Security
SEPTEMBER 18, 2023
Once you’ve made it past the initial screening process and secured that all-important interview, it’s time to seal the deal. These 10 tips will put you on the right track.
Tech Republic Security
SEPTEMBER 18, 2023
The agency’s roadmap outlines a plan for prioritizing where open source software makes infrastructure potentially vulnerable.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Tech Republic Security
SEPTEMBER 18, 2023
Businesses should plan for the development of AI regulation in the US, but knowing what it will look like is still a challenge.
Security Affairs
SEPTEMBER 18, 2023
The head of Germany’s foreign intelligence service warns of state-sponsored attacks aimed at liquefied natural gas (LNG) terminals in the country. Bruno Kahl, the President of the Bundesnachrichtendienst intelligence service since 2016, warned of state-sponsored attacks aimed at liquefied natural gas (LNG) terminals in the country. After the Russian invasion of Ukraine, the German government has chartered three new LNG terminals to reach independence from on gas pipelined from Moscow.
Tech Republic Security
SEPTEMBER 18, 2023
Users of the SecOps platform can preview Duet AI's natural language questions and summarization capabilities.
Dark Reading
SEPTEMBER 18, 2023
CISOs can refine their soft skills to help get their cybersecurity best-practices message across. Steps include increasing staff incident-response training and staying current with the threat landscape.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Malwarebytes
SEPTEMBER 18, 2023
A recently released report from New York University claims that the Metaverse, an all-in-one virtual online space, poses a potentially major risk to user privacy. This is because headsets and other similar devices can collect an incredible amount of personal, physical and biometric information. The user isn’t always aware of the collection, or how it could be used in ways they don’t expect.
Dark Reading
SEPTEMBER 18, 2023
"Silent Skimmer" is a technically complex campaign that has successfully targeted online businesses in the Asia Pacific region for over a year.
The Hacker News
SEPTEMBER 18, 2023
A new analysis of the Android banking trojan known as Hook has revealed that it's based on its predecessor called ERMAC. "The ERMAC source code was used as a base for Hook," NCC Group security researchers Joshua Kamp and Alberto Segura said in a technical analysis published last week.
Malwarebytes
SEPTEMBER 18, 2023
In a public announcement , Free Download Manager has acknowledged that a specific web page on its site was compromised by a Ukrainian cybercrime group, exploiting it to distribute malware. Free Download Manager is—unsurprisingly—a download manager for Windows, macOS, Android, and Linux that allows users to manage their downloads and lets them grab large files, torrents, music, and videos.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
The Hacker News
SEPTEMBER 18, 2023
Software development company Retool has disclosed that the accounts of 27 of its cloud customers were compromised following a targeted and SMS-based social engineering attack. The San Francisco-based firm blamed a Google Account cloud synchronization feature recently introduced in April 2023 for making the breach worse, calling it a "dark pattern.
eSecurity Planet
SEPTEMBER 18, 2023
Microsoft’s Patch Tuesday dominates the headlines because of near-universal Windows adoption. However, many other companies time their updates for the same week, such as Adobe, SAP, and VMware. Active exploits also lead to new versions of all major browsers as well as older versions of Apple products. Organizations of all sizes need to review the active exploits and announced patches and ensure that vulnerabilities in all of their high value and high risk systems are mitigated.
SecureWorld News
SEPTEMBER 18, 2023
The U.S. Internal Revenue Service (IRS) is entrusted with the vital responsibility of safeguarding sensitive taxpayer information. Recent incidents of potential unauthorized access to or disclosure of this data have raised concerns and prompted a thorough review by the Government Accountability Office (GAO). In its latest report, the GAO has identified significant weaknesses in how the IRS protects taxpayer information.
Dark Reading
SEPTEMBER 18, 2023
The LockBit group is using native IT management software to live off the land, planting and then spreading itself before deploying its ransomware.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Malwarebytes
SEPTEMBER 18, 2023
A researcher specializing in Software Supply Chain security named Dan Lorenc recently raised an interesting topic on LinkedIn. 138 new vulnerabilities in open-source projects were all entered the same day to the CVE database. To understand what the problem is there are a few things you’ll need to know. CVSS – The Common Vulnerability Scoring System (CVSS) is a system widely used in vulnerability management programs.
Heimadal Security
SEPTEMBER 18, 2023
There are financial advantages to investing in cybersecurity, especially in Endpoint Detection and Response (EDR) solutions. Breaching one financial institution can bring threat actors access to a variety of companies’ assets. That is because banks store money and data for clients in the business sector. This means that a breach of a financial organization can […] The post EDR for Banking: 6 Ways EDR Can Help Financial Organizations appeared first on Heimdal Security Blog.
The Hacker News
SEPTEMBER 18, 2023
A novel cloud-native cryptojacking operation has set its eyes on uncommon Amazon Web Services (AWS) offerings such as AWS Amplify, AWS Fargate, and Amazon SageMaker to illicitly mine cryptocurrency. The malicious cyber activity has been codenamed AMBERSQUID by cloud and container security firm Sysdig.
Dark Reading
SEPTEMBER 18, 2023
Just like with using open source, organizations need to be diligent about testing AI components and understanding where and how it is used in their software.
Advertisement
The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.
The Hacker News
SEPTEMBER 18, 2023
The suspected Pakistan-linked threat actor known as Transparent Tribe is using malicious Android apps mimicking YouTube to distribute the CapraRAT mobile remote access trojan (RAT), demonstrating the continued evolution of the activity.
Dark Reading
SEPTEMBER 18, 2023
Shared Access Signature (SAS) link exposed a storage bucket with 38TB of private data, including passwords, Teams messages, and the backups of two Microsoft AI research employees' workstations.
Heimadal Security
SEPTEMBER 18, 2023
Cybercriminals heavily target TikTok users with cryptocurrency giveaway scams. The vast majority of the posts impersonate Elon Musk and relate to Tesla or SpaceX. These types of posts have been on other social media platforms – Instagram and Twitter – for years. But now the scammers have moved to the video-sharing platform. Cryptocurrency Scams on […] The post Cryptocurrency Scams to Heavily Target TikTok Users appeared first on Heimdal Security Blog.
The Hacker News
SEPTEMBER 18, 2023
When you roll out a security product, you assume it will fulfill its purpose. Unfortunately, however, this often turns out not to be the case.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Dark Reading
SEPTEMBER 18, 2023
A pledge to solve the skills and talent shortage by the US government has seen one Nigerian company join the effort and aid Africa.
Thales Cloud Protection & Licensing
SEPTEMBER 18, 2023
The Clock is Ticking for PCI DSS 4.0 Compliance madhav Tue, 09/19/2023 - 05:17 It is essential for any business that stores, processes, and transmits payment card information to comply with the Payment Card Industry Data Security Standard (PCI DSS). Consumers’ payment data is a compelling target for criminals who continue to circumvent IT security defenses.
Dark Reading
SEPTEMBER 18, 2023
The global infosec community needs to help African nations defend against growing threats.
CompTIA on Cybersecurity
SEPTEMBER 18, 2023
Cybercrime is on the rise and wreaking havoc on organizations, and therefore essential that all IT pros possess cybersecurity skills.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Expert insights. Personalized for you.
235 
Let's personalize your content