Krebs on Security
APRIL 27, 2023
A shocking number of organizations — including banks and healthcare providers — are leaking private and sensitive information from their public Salesforce Community websites, KrebsOnSecurity has learned. The data exposures all stem from a misconfiguration in Salesforce Community that allows an unauthenticated user to access records that should only be available after logging in.
Schneier on Security
APRIL 27, 2023
Stanford and Georgetown have a new report on the security risks of AI—particularly adversarial machine learning—based on a workshop they held on the topic. Jim Dempsey, one of the workshop organizers, wrote a blog post on the report: As a first step, our report recommends the inclusion of AI security concerns within the cybersecurity programs of developers and users.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Troy Hunt
APRIL 27, 2023
I stand by my expression in the image above. It's a perfectly accurate representation of how I looked after receiving the CityJerks breach, clicking on the link to the website then seeing what it actually was 😳 Fortunately, the published email address on their site did go through to someone at TruckerSucker (😳😳) so they're aware of the breach and that it's circulating broadly via a public hacking website.
Bleeping Computer
APRIL 27, 2023
Microsoft says Windows 10, version 22H2 will be the last feature update to be released for the Windows 10 operating system. [.
Speaker: Erroll Amacker
Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.
WIRED Threat Level
APRIL 27, 2023
No matter what happens with generative AI, its disruptive forces are already beginning to play a role in the fast-approaching US presidential race.
SecureList
APRIL 27, 2023
For more than five years, the Global Research and Analysis Team (GReAT) at Kaspersky has been publishing quarterly summaries of advanced persistent threat (APT) activity. These summaries are based on our threat intelligence research; and they provide a representative snapshot of what we have published and discussed in greater detail in our private APT reports.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
|
Bleeping Computer
APRIL 27, 2023
RTM Locker is the latest enterprise-targeting ransomware operation found to be deploying a Linux encryptor that targets virtual machines on VMware ESXi servers. [.
CyberSecurity Insiders
APRIL 27, 2023
Apple Inc’s released products are known for their progressive innovation, and the best example to prove it is the invention of a glass-driven touch screen that was first introduced to the world via the first iPhone in-series and is now a part of every electronic appliance in today’s world. As expected, the next version of iOS 17, which might be unveiled in about a couple of months or so, is also expected to have mind-blowing features, and leaks suggest that it will include a feature that c
eSecurity Planet
APRIL 27, 2023
After two years of development, OpenAI launched GPT-4 last month, and it’s a major leap beyond GPT-3 and even ChatGPT. But in addition to vastly improved reasoning and visual capabilities, GPT-4 also retains many of ChatGPT’s security and privacy issues , in some cases even enhancing them. Here’s a look at some of those issues — including some that came up at this week’s RSA Conference in San Francisco.
Bleeping Computer
APRIL 27, 2023
A set of 38 Minecraft copycat games on Google Play infected devices with the Android adware 'HiddenAds' to stealthily load ads in the background to generate revenue for its operators. [.
Advertisement
Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.
Dark Reading
APRIL 27, 2023
CISOs who have survived major cyber incidents recommend letting company ethos guide incident response.
Trend Micro
APRIL 27, 2023
In March and April 2023, we observed a type of ransomware targeting its victims via a minimalistic approach with tools that leave only a minimal footprint behind. Our findings revealed many of the preparations made by the perpetrators and how quickly they managed to carry out the ransomware attack.
Security Boulevard
APRIL 27, 2023
The data tells a compelling story for buyers worldwide: Across all industries surveyed, the most common attack methods in 2022 were stolen credentials, ransomware and phishing. And attackers are typically targeting payment data, personally identifiable information (PII), credentials, intellectual property and non-sensitive data. These trends have a significant impact on consumers, who need to be.
Heimadal Security
APRIL 27, 2023
Google advertisements have been exploited to distribute various types of malware over the past few months. To trick unsuspecting users into downloading malware onto their systems, threat actors often used the platform to promote fake websites on legit software and application updates. One such malware family observed during this recent spike is called LOBSHOT.
Advertisement
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
Dark Reading
APRIL 27, 2023
IT leaders need to ensure Kubernetes clusters don't become a gateway for cybercriminals.
Naked Security
APRIL 27, 2023
When Doug says, "Happy Remote Code Execution Day, Duck". it's irony.
CSO Magazine
APRIL 27, 2023
With the recent publication of Gartner’s updated Magic Quadrant for Security Service Edge , we have been asked by several CXOs about this fast-growing solution category and how it relates to zero trust. The short answer is that they are closely intertwined. Zero trust is a framework for securing organizations in the cloud and mobile world that asserts that no user or application should be trusted by default.
CyberSecurity Insiders
APRIL 27, 2023
Intel gave permission to Google to hack its servers operating on its new security hardware product dubbed “Trust Domain Extensions” (TDX). According to sources reporting to our cybersecurity insiders, permission to infiltrate its servers was given almost 10 months ago as part of an audit of its infrastructural defense-line. Google Project’s Zero Bug Hunting team states that its researchers found about two significant vulnerabilities, and five of the newly found flaws were being
Speaker: Sierre Lindgren
Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.
CSO Magazine
APRIL 27, 2023
The history of international cyber conflict is remarkably long and storied. The timeline of major cyber threat events stretches back nearly four decades, but it is really only the last decade that has seen the widespread proliferation of national cyber forces. As of 2007, only 10 countries had operational cyber commands, three of which were members of the NATO alliance.
Graham Cluley
APRIL 27, 2023
Iranian state-sponsored hacking group Charming Kitten has been named as the group responsible for a new wave of attacks targeting critical infrastructure in the United States and elsewhere. Read more in my article on the Tripwire State of Security blog.
Security Boulevard
APRIL 27, 2023
Spanning 32 pages and featuring statistics galore, there’s a lot to unpack in the FBI’s 2022 Internet Crime Report. The Bureau’s Internet Crime Complaint Center (IC3) compiled the 2022 report based on 800,944 complaints of cyberattacks and incidents received from members of the public. To save you from information overwhelm, this article presents the most pertinent findings from the report.
CSO Magazine
APRIL 27, 2023
Chinese state-sponsored threat actor Alloy Taurus has introduced a new variant of PingPull malware , designed to target Linux systems, Palo Alto Networks said in its research. Along with the new variant, another backdoor called Sword2033 was also identified by the researchers. Alloy Taurus, a Chinese APT , has been active since 2012. The group conducts cyberespionage campaigns across Asia, Europe, and Africa.
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
Heimadal Security
APRIL 27, 2023
Imagine sitting at your computer, ready to work or browse the internet, only to find that your connection is suddenly sluggish or completely non-existent. You may have fallen victim to a ping flood attack – one of the most common types of cyberattacks in today’s digital landscape. In this blog post, we’ll dive into everything […] The post What Is a Ping Flood and How to Prevent It?
Bleeping Computer
APRIL 27, 2023
Google says it banned 173,000 developer accounts in 2022 to block malware operations and fraud rings from infecting Android users' devices with malicious apps. [.
Heimadal Security
APRIL 27, 2023
A TP-Link Archer A21 (AX1800) consumer-grade WiFi router vulnerability has been used by Mirai botnet to launch DDoS attacks against IoT devices. The flaw in the TP-Link Archer AX21 firmware was discovered back in December 2022, and the company released a patch in March. However, recent attacks show a new variant of the Mirai botnet exploiting the flaw (CVE-2023-1389) to gain […] The post TP-Link High-Severity Flaw Added to Mirai Botnet Arsenal appeared first on Heimdal Security Blog.
The Hacker News
APRIL 27, 2023
Remote Access Trojans (RATs) have taken the third leading position in ANY. RUN's Q1 2023 report on the most prevalent malware types, making it highly probable that your organization may face this threat. Though LimeRAT might not be the most well-known RAT family, its versatility is what sets it apart.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
WIRED Threat Level
APRIL 27, 2023
The security issues raised by ChatGPT and similar tech are just beginning to emerge, but Rob Joyce says it’s time to prepare for what comes next.
The Hacker News
APRIL 27, 2023
Google on Wednesday said it obtained a temporary court order in the U.S. to disrupt the distribution of a Windows-based information-stealing malware called CryptBot and "decelerate" its growth. The tech giant's Mike Trinh and Pierre-Marc Bureau said the efforts are part of steps it takes to "not only hold criminal operators of malware accountable, but also those who profit from its distribution.
CyberSecurity Insiders
APRIL 27, 2023
Using undetectable spying devices on partners can be illegal, and it can lead to serious legal consequences. In many countries, it is considered a criminal offense, and individuals can face legal charges for such actions. The use of undetectable spying devices, such as hidden cameras or audio recorders, to monitor a partner without their knowledge or consent is a clear violation of their privacy rights.
The Hacker News
APRIL 27, 2023
The threat actors behind RTM Locker have developed a ransomware strain that's capable of targeting Linux machines, marking the group's first foray into the open source operating system. "Its locker ransomware infects Linux, NAS, and ESXi hosts and appears to be inspired by Babuk ransomware's leaked source code," Uptycs said in a new report published Wednesday.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Expert insights. Personalized for you.
342 
Let's personalize your content