Krebs on Security
APRIL 27, 2023
A shocking number of organizations — including banks and healthcare providers — are leaking private and sensitive information from their public Salesforce Community websites, KrebsOnSecurity has learned. The data exposures all stem from a misconfiguration in Salesforce Community that allows an unauthenticated user to access records that should only be available after logging in.
Schneier on Security
APRIL 27, 2023
Stanford and Georgetown have a new report on the security risks of AI—particularly adversarial machine learning—based on a workshop they held on the topic. Jim Dempsey, one of the workshop organizers, wrote a blog post on the report: As a first step, our report recommends the inclusion of AI security concerns within the cybersecurity programs of developers and users.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Troy Hunt
APRIL 27, 2023
I stand by my expression in the image above. It's a perfectly accurate representation of how I looked after receiving the CityJerks breach, clicking on the link to the website then seeing what it actually was 😳 Fortunately, the published email address on their site did go through to someone at TruckerSucker (😳😳) so they're aware of the breach and that it's circulating broadly via a public hacking website.
CSO Magazine
APRIL 27, 2023
Cyber experts from the SANS Institute have revealed the five most dangerous new attack techniques being used by attackers including cyber criminals and nation-state actors. They were presented in a session at the RSA Conference in San Francisco, where a panel of SANS analysts explored emerging Tactics, Techniques, and Procedures (TTPs) and advised organizations on how to prepare for them.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
WIRED Threat Level
APRIL 27, 2023
No matter what happens with generative AI, its disruptive forces are already beginning to play a role in the fast-approaching US presidential race.
Bleeping Computer
APRIL 27, 2023
A set of 38 Minecraft copycat games on Google Play infected devices with the Android adware 'HiddenAds' to stealthily load ads in the background to generate revenue for its operators. [.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Bleeping Computer
APRIL 27, 2023
RTM Locker is the latest enterprise-targeting ransomware operation found to be deploying a Linux encryptor that targets virtual machines on VMware ESXi servers. [.
eSecurity Planet
APRIL 27, 2023
After two years of development, OpenAI launched GPT-4 last month, and it’s a major leap beyond GPT-3 and even ChatGPT. But in addition to vastly improved reasoning and visual capabilities, GPT-4 also retains many of ChatGPT’s security and privacy issues , in some cases even enhancing them. Here’s a look at some of those issues — including some that came up at this week’s RSA Conference in San Francisco.
Bleeping Computer
APRIL 27, 2023
Microsoft says Windows 10, version 22H2 will be the last feature update to be released for the Windows 10 operating system. [.
Security Boulevard
APRIL 27, 2023
The data tells a compelling story for buyers worldwide: Across all industries surveyed, the most common attack methods in 2022 were stolen credentials, ransomware and phishing. And attackers are typically targeting payment data, personally identifiable information (PII), credentials, intellectual property and non-sensitive data. These trends have a significant impact on consumers, who need to be.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Bleeping Computer
APRIL 27, 2023
Google says it banned 173,000 developer accounts in 2022 to block malware operations and fraud rings from infecting Android users' devices with malicious apps. [.
CSO Magazine
APRIL 27, 2023
With the recent publication of Gartner’s updated Magic Quadrant for Security Service Edge , we have been asked by several CXOs about this fast-growing solution category and how it relates to zero trust. The short answer is that they are closely intertwined. Zero trust is a framework for securing organizations in the cloud and mobile world that asserts that no user or application should be trusted by default.
CyberSecurity Insiders
APRIL 27, 2023
Intel gave permission to Google to hack its servers operating on its new security hardware product dubbed “Trust Domain Extensions” (TDX). According to sources reporting to our cybersecurity insiders, permission to infiltrate its servers was given almost 10 months ago as part of an audit of its infrastructural defense-line. Google Project’s Zero Bug Hunting team states that its researchers found about two significant vulnerabilities, and five of the newly found flaws were being
CSO Magazine
APRIL 27, 2023
The history of international cyber conflict is remarkably long and storied. The timeline of major cyber threat events stretches back nearly four decades, but it is really only the last decade that has seen the widespread proliferation of national cyber forces. As of 2007, only 10 countries had operational cyber commands, three of which were members of the NATO alliance.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Bleeping Computer
APRIL 27, 2023
A new macOS information-stealing malware named 'Atomic' (aka 'AMOS') is being sold to cybercriminals via private Telegram channels for a subscription of $1,000 per month. [.
CSO Magazine
APRIL 27, 2023
Chinese state-sponsored threat actor Alloy Taurus has introduced a new variant of PingPull malware , designed to target Linux systems, Palo Alto Networks said in its research. Along with the new variant, another backdoor called Sword2033 was also identified by the researchers. Alloy Taurus, a Chinese APT , has been active since 2012. The group conducts cyberespionage campaigns across Asia, Europe, and Africa.
Security Boulevard
APRIL 27, 2023
Spanning 32 pages and featuring statistics galore, there’s a lot to unpack in the FBI’s 2022 Internet Crime Report. The Bureau’s Internet Crime Complaint Center (IC3) compiled the 2022 report based on 800,944 complaints of cyberattacks and incidents received from members of the public. To save you from information overwhelm, this article presents the most pertinent findings from the report.
CyberSecurity Insiders
APRIL 27, 2023
Using undetectable spying devices on partners can be illegal, and it can lead to serious legal consequences. In many countries, it is considered a criminal offense, and individuals can face legal charges for such actions. The use of undetectable spying devices, such as hidden cameras or audio recorders, to monitor a partner without their knowledge or consent is a clear violation of their privacy rights.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Bleeping Computer
APRIL 27, 2023
Microsoft has addressed a known issue affecting Outlook for Microsoft 365 customers that prevented them from accessing group mailboxes and calendars using the Outlook desktop client. [.
Graham Cluley
APRIL 27, 2023
Iranian state-sponsored hacking group Charming Kitten has been named as the group responsible for a new wave of attacks targeting critical infrastructure in the United States and elsewhere. Read more in my article on the Tripwire State of Security blog.
Security Boulevard
APRIL 27, 2023
CISA’s draft self-attestation form, published today, is a step in the right direction in demystifying EO 14028 compliance. The post We’re one step closer to knowing how to comply with EO 14028 appeared first on Security Boulevard.
Trend Micro
APRIL 27, 2023
In March and April 2023, we observed a type of ransomware targeting its victims via a minimalistic approach with tools that leave only a minimal footprint behind. Our findings revealed many of the preparations made by the perpetrators and how quickly they managed to carry out the ransomware attack.
Advertisement
The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.
Security Boulevard
APRIL 27, 2023
On April 19, 2023, the Supreme Court heard oral arguments in the case of Counterman v. Colorado, a case readdressing the question of the mental state the government has to demonstrate to convict a person for making online threats. Specifically, the high court addressed “whether, to establish that a statement is a ‘true threat’ unprotected.
The Hacker News
APRIL 27, 2023
The threat actors behind RTM Locker have developed a ransomware strain that's capable of targeting Linux machines, marking the group's first foray into the open source operating system. "Its locker ransomware infects Linux, NAS, and ESXi hosts and appears to be inspired by Babuk ransomware's leaked source code," Uptycs said in a new report published Wednesday.
Heimadal Security
APRIL 27, 2023
Google advertisements have been exploited to distribute various types of malware over the past few months. To trick unsuspecting users into downloading malware onto their systems, threat actors often used the platform to promote fake websites on legit software and application updates. One such malware family observed during this recent spike is called LOBSHOT.
Security Affairs
APRIL 27, 2023
RTM ransomware-as-a-service (RaaS) started offering locker ransomware that targets Linux, NAS, and ESXi systems. The Uptycs threat research team discovered the first ransomware binary attributed to the RTM ransomware-as-a-service (RaaS) provider. The new variant of the encryptor targets Linux, NAS, and ESXi hosts, it appears to be based on the source code of Babuk ransomware that was leaked online in 2021.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
The Hacker News
APRIL 27, 2023
Remote Access Trojans (RATs) have taken the third leading position in ANY. RUN's Q1 2023 report on the most prevalent malware types, making it highly probable that your organization may face this threat. Though LimeRAT might not be the most well-known RAT family, its versatility is what sets it apart.
Security Affairs
APRIL 27, 2023
Microsoft revealed that recent attacks against PaperCut servers aimed at distributing Cl0p and LockBit ransomware. Microsoft linked the recent attacks against PaperCut servers to a financially motivated threat actor tracked as Lace Tempest (formerly DEV-0950 ). The group is known to be an affiliate of the Clop ransomware RaaS affiliate, it has been linked to GoAnywhere attacks and Raspberry Robin infection.
Google Security
APRIL 27, 2023
Posted by Anu Yamunan and Khawaja Shams (Android Security and Privacy Team), and Mohet Saxena (Compute Trust and Safety) Keeping Google Play safe for users and developers remains a top priority for Google. Google Play Protect continues to scan billions of installed apps each day across billions of Android devices to keep users safe from threats like malware and unwanted software.
WIRED Threat Level
APRIL 27, 2023
The security issues raised by ChatGPT and similar tech are just beginning to emerge, but Rob Joyce says it’s time to prepare for what comes next.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Expert insights. Personalized for you.
285 
Let's personalize your content