Schneier on Security
SEPTEMBER 21, 2023
Jake Appelbaum’s PhD thesis contains several new revelations from the classified NSA documents provided to journalists by Edward Snowden. Nothing major, but a few more tidbits. Kind of amazing that that all happened ten years ago. At this point, those documents are more historical than anything else. And it’s unclear who has those archives anymore.
Anton on Security
SEPTEMBER 21, 2023
This blog series was written jointly with Amine Besson, Principal Cyber Engineer, Behemoth CyberDefence and one more anonymous collaborator. This post is our second installment in the “Threats into Detections — The DNA of Detection Engineering” series, where we explore the challenges of detection engineering in more detail — and where threat intelligence plays (and where some hope appears … but you need to wait for Part 3 for this!
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Tech Republic Security
SEPTEMBER 21, 2023
Australian retailers are rolling out mass surveillance solutions to combat shoplifting, but a poor regulatory environment could mean high risks associated with data security and privacy.
Bleeping Computer
SEPTEMBER 21, 2023
Apple released emergency security updates to patch three new zero-day vulnerabilities exploited in attacks targeting iPhone and Mac users, for a total of 16 zero-days patched this year. [.
Speaker: Erroll Amacker
Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.
Tech Republic Security
SEPTEMBER 21, 2023
The attestation service is designed to allow data in confidential computing environments to interact with AI safely, as well as provide policy enforcements and audits.
The Hacker News
SEPTEMBER 21, 2023
Apple has released yet another round of security patches to address three actively exploited zero-day flaws impacting iOS, iPadOS, macOS, watchOS, and Safari, taking the total tally of zero-day bugs discovered in its software this year to 16.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
|
We Live Security
SEPTEMBER 21, 2023
ESET researchers document OilRig’s Outer Space and Juicy Mix campaigns, targeting Israeli organizations in 2021 and 2022
The Hacker News
SEPTEMBER 21, 2023
A previously undocumented threat actor dubbed Sandman has been attributed to a set of cyber attacks targeting telecommunic koation providers in the Middle East, Western Europe, and the South Asian subcontinent. Notably, the intrusions leverage a just-in-time (JIT) compiler for the Lua programming language known as LuaJIT as a vehicle to deploy a novel implant called LuaDream.
SecureList
SEPTEMBER 21, 2023
IoT devices (routers, cameras, NAS boxes, and smart home components) multiply every year. Statista portal predicts their number will exceed 29 billion by 2030. As connected device numbers increase, so does the need for protection against various threats. The first-ever large-scale malware attacks on IoT devices were recorded back in 2008, and their number has only been growing ever since.
The Hacker News
SEPTEMBER 21, 2023
The maintainers of Free Download Manager (FDM) have acknowledged a security incident dating back to 2020 that led to its website being used to distribute malicious Linux software. "It appears that a specific web page on our site was compromised by a Ukrainian hacker group, exploiting it to distribute malicious software," it said in an alert last week.
Advertisement
Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.
Trend Micro
SEPTEMBER 21, 2023
We examine the campaigns of the cyberespionage group known as Turla over the years, with a special focus on the key MITRE techniques and the corresponding IDs associated with the threat actor group.
The Hacker News
SEPTEMBER 21, 2023
China's Ministry of State Security (MSS) has accused the U.S. of breaking into Huawei's servers, stealing critical data, and implanting backdoors since 2009, amid mounting geopolitical tensions between the two countries. In a message posted on WeChat, the government authority said U.S.
Security Affairs
SEPTEMBER 21, 2023
Exail Technologies, a high-tech manufacturer whose clients include the US Coast Guard, exposed sensitive company data that could’ve enabled attackers to access its databases. Exail, a French high-tech industrial group, left exposed a publicly accessible environment (.env) file with database credentials, the Cybernews research team has discovered. The company, formed in 2022 after ECA Group and iXblue merged, specializes in robotics, maritime, navigation, aerospace, and photonics technologies, ma
The Hacker News
SEPTEMBER 21, 2023
The peer-to-peer (P2) worm known as P2PInfect has witnessed a surge in activity since late August 2023, witnessing a 600x jump between September 12 and 19, 2023.
Advertisement
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
Security Affairs
SEPTEMBER 21, 2023
The recently discovered Free Download Manager (FDM) supply chain attack, which distributed Linux malware, started back in 2020. The maintainers of Free Download Manager (FDM) confirmed that the recently discovered supply chain attack dates back to 2020. Recently, researchers from Kaspersky reported the discovery of a free download manager site that has been compromised to serve Linux malware.
The Hacker News
SEPTEMBER 21, 2023
Security teams are familiar with threats emanating from third-party applications that employees add to improve their productivity. These apps are inherently designed to deliver functionality to users by connecting to a “hub” app, such as Salesforce, Google Workspace, or Microsoft 365.
Heimadal Security
SEPTEMBER 21, 2023
According to the World Economic Forum, “widespread cybercrime and cyber insecurity” is rated as one of the greatest worldwide dangers for the following two and ten years. This means that your organization needs to constantly improve its cybersecurity posture. A known way of doing this is through a Computer Security Incident Response Team (CSIRT). This […] The post Computer Security Incident Response Team (CSIRT): How to Build One appeared first on Heimdal Security Blog.
The Hacker News
SEPTEMBER 21, 2023
A financially motivated threat actor has been outed as an initial access broker (IAB) that sells access to compromised organizations for other adversaries to conduct follow-on attacks such as ransomware. SecureWorks Counter Threat Unit (CTU) has dubbed the e-crime group Gold Melody, which is also known by the names Prophet Spider (CrowdStrike) and UNC961 (Mandiant).
Speaker: Sierre Lindgren
Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.
Graham Cluley
SEPTEMBER 21, 2023
The FBI and US Cybersecurity and Infrastructure Security Agency (CISA) have issued a joint advisory warning organisations about a ransomware-as-a-service operation called "Snatch." Learn more about the threat in my article for the Tripwire State of Security blog.
The Last Watchdog
SEPTEMBER 21, 2023
Chicago, Ill., Sept. 21, 2023 — MxD, the Digital Manufacturing and Cybersecurity Institute, today hosted a roundtable discussion with the White House Office of the National Cyber Director. Also in attendance were Access Living, The College of Lake County, CyberSkills2Work, and Task Force Movement. Organizations gathered to discuss courses and programs to address the critical cybersecurity workforce needs in the United States.
Dark Reading
SEPTEMBER 21, 2023
Cisco's surprise agreement could reshape secure information and event management (SIEM) and extended detection and response (XDR) markets.
Bleeping Computer
SEPTEMBER 21, 2023
Microsoft will start rolling out its Copilot digital assistant to all customers next week, on September 26th, together with a host of new AI-powered capabilities as part of a new Windows 11 22H2 update. [.
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
Dark Reading
SEPTEMBER 21, 2023
The nature of cloud environments means security and technical teams need a different mindset to understand and manage their new attack surface.
Bleeping Computer
SEPTEMBER 21, 2023
A previously unknown threat actor dubbed 'Sandman' targets telecommunication service providers in the Middle East, Western Europe, and South Asia, using a modular info-stealing malware named 'LuaDream.' [.
Dark Reading
SEPTEMBER 21, 2023
The mobile company states that the issue was due to a glitch that occurred in an update.
Google Security
SEPTEMBER 21, 2023
Posted by Martin Geisler, Android team Android 14 is the third major Android release with Rust support. We are already seeing a number of benefits: Productivity: Developers quickly feel productive writing Rust. They report important indicators of development velocity, such as confidence in the code quality and ease of code review. Security: There has been a reduction in memory safety vulnerabilities as we shift more development to memory safe languages.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Dark Reading
SEPTEMBER 21, 2023
Attackers use convincing fake website interfaces and sophisticated geo-fencing to target users exclusively in Mexico and Brazil with a new variant of the malware.
Identity IQ
SEPTEMBER 21, 2023
Smart TV Scams: How to Avoid the Growing Threat IdentityIQ Smart TVs – such as Roku and Amazon Fire TV sticks with streaming services such as Netflix and YouTube TV – it seems like everyone has them these days. With the ability to watch just about any show your heart desires with the click of a button, the convenience is unbeatable. But like we’ve seen with other groundbreaking technology that, on the surface, appears to make our lives better, there can be a dark side.
Dark Reading
SEPTEMBER 21, 2023
The lost revenue due to downtime for gaming and hotel bookings is difficult to ballpark.
GlobalSign
SEPTEMBER 21, 2023
GlobalSign’s bug bounty program is now public, with Atlas added to the scope. Learn more about the program in this blog.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Expert insights. Personalized for you.
339 
Let's personalize your content