Schneier on Security

SEPTEMBER 15, 2023

Interesting article on technologies that will automatically identify people: With technology like that on Mr. Leyvand’s head, Facebook could prevent users from ever forgetting a colleague’s name, give a reminder at a cocktail party that an acquaintance had kids to ask about or help find someone at a crowded conference. However, six years later, the company now known as Meta has not released a version of that product and Mr.

Technology 247

Technology 247

Dark Reading

SEPTEMBER 15, 2023

ALPHV/BlackCat ransomware operators have used their leak site to "set the record straight" about the MGM Resorts cyberattack. Meanwhile, more attacks abusing Okta could be likely.

Ransomware 140

Ransomware 140

Schneier on Security

SEPTEMBER 15, 2023

Claude (Anthropic’s LLM) was given this prompt: Please summarize the themes and arguments of Bruce Schneier’s book Beyond Fear. I’m particularly interested in a taxonomy of his ethical arguments—please expand on that. Then lay out the most salient criticisms of the book. Claude’s reply: Here’s a brief summary of the key themes and arguments made in security expert Bruce Schneier’s book Beyond Fear: Thinking Sensibly About Security in an Uncertain World :

Data collection 177

Data collection Risk Surveillance Manufacturing 177

Bleeping Computer

SEPTEMBER 15, 2023

Software company Retool says the accounts of 27 cloud customers were compromised following a targeted and multi-stage social engineering attack. [.

Social Engineering 143

Social Engineering Authentication Engineering Accountability 143

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Security Boulevard

SEPTEMBER 15, 2023

A study from Forrester Consulting found most organizations face challenges aligning cybersecurity priorities with business outcomes. The post Cybersecurity Goals Conflict With Business Aims appeared first on Security Boulevard.

Cybersecurity 122

Cybersecurity CISO Security Awareness Risk 122

Bleeping Computer

SEPTEMBER 15, 2023

The Irish Data Protection Commission (DPC) has fined TikTok €345 million ($368 million) for violating the privacy of children between the ages of 13 and 17 while processing their data. [.

Technology 127

Technology 127

Google Security

SEPTEMBER 15, 2023

Jess McClintock and John Dethridge, Google Open Source Security Team, and Damien Miller, Enterprise Infrastructure Protection Team When you import a third party library, do you review every line of code? Most software packages depend on external libraries, trusting that those packages aren’t doing anything unexpected. If that trust is violated, the consequences can be huge—regardless of whether the package is malicious, or well-intended but using overly broad permissions, such as with Log4j in 2

Software 116

Software 116

The Hacker News

SEPTEMBER 15, 2023

The Internet of Things (IoT) is transforming efficiency in various sectors like healthcare and logistics but has also introduced new security risks, particularly IoT-driven DDoS attacks. This article explores how these attacks work, why they’re uniquely problematic, and how to mitigate them. What Is IoT?

DDOS 115

DDOS IoT Healthcare Internet 115

Bleeping Computer

SEPTEMBER 15, 2023

California's Attorney General announced today that Google will pay $93 million to settle a privacy lawsuit alleging it violated the U.S. state's consumer protection laws. [.

Consumer Protection 114

Consumer Protection 114

Security Boulevard

SEPTEMBER 15, 2023

Threat actors are trying to breach telecom service providers' networks and gain access to sensitive data. The post Cyberthreat Intelligence: Are Telecom Networks Easy Targets? appeared first on Security Boulevard.

DDOS 113

DDOS Mobile Cybersecurity Network Security 113

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Security Affairs

SEPTEMBER 15, 2023

Leading Android health apps expose users to avoidable threats like surveillance and identity theft, due to their risky permissions. Cybernews has the story. The Android challenge In the digital age, mobile applications have become an integral part of our lives, transforming the way we communicate, work, and entertain ourselves. With the vast array of apps available at our fingertips, it’s easy to overlook the potential risks they may pose.

Accountability 109

Accountability Mobile Surveillance Information Security 109

Bleeping Computer

SEPTEMBER 15, 2023

Trucking and fleet management solutions provider ORBCOMM has confirmed that a ransomware attack is causing recent service outages that prevent trucking companies from managing their fleets. [.

Ransomware 112

Ransomware 112

Security Boulevard

SEPTEMBER 15, 2023

A data breach late last month of software development platform firm Retool led to the accelerated acquisition of one of its users and put a spotlight on an account synchronization feature that Google introduced earlier this year. Retool, the six-year-old company whose platform help organizations build business applications, on August 29 notified 27 customers of.

Data breaches 109

Data breaches Accountability Software Social Engineering 109

Bleeping Computer

SEPTEMBER 15, 2023

Bing Chat, the famous ChatGPT-powered chatbot that allows users to converse with various personalities and topics has connectivity issues worldwide. [.

Software 120

Software 120

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Security Boulevard

SEPTEMBER 15, 2023

Insight #1 Software Bills of Materials (SBOMs) are nothing more than a data point for determining risk. They shouldn’t be treated as gospel. The post Cybersecurity Insights with Contrast CISO David Lindner | 9/15 appeared first on Security Boulevard.

CISO 109

CISO Cybersecurity Software Risk 109

Malwarebytes

SEPTEMBER 15, 2023

The European Union Agency for Law Enforcement Cooperation (Europol), has published a report that examines developments in cyberattacks, discussing new methodologies and threats observed by Europol’s operational analysts. The report also discusses the criminal organizations behind cyberattacks and the influence of geopolitical events. The report follows the Internet Organized Crime Assessment (IOCTA), Europol’s assessment of the cybercrime landscape and how it has changed over the las

Cybercrime 108

Cybercrime Ransomware DDOS Backups 108

The Hacker News

SEPTEMBER 15, 2023

Google has agreed to pay $93 million to settle a lawsuit filed by the U.S. state of California over allegations that the company's location-privacy practices misled consumers and violated consumer protection laws.

Consumer Protection 108

Consumer Protection 108

Dark Reading

SEPTEMBER 15, 2023

Escalating incursions into military base infrastructure, telecom networks, utilities, and more signal that Beijing is laying the groundwork for mass disruption.

110

110

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Bleeping Computer

SEPTEMBER 15, 2023

Google has announced the Auto Update Expiration (AUE) date will be extended from 5 years to 10 for all Chromebooks, guaranteeing a decade of monthly security updates. [.

107

107

Heimadal Security

SEPTEMBER 15, 2023

While achieving compliance with industry standards is the minimum, it’s not enough to prevent insider threats, supply chain attacks, DDoS, or sophisticated cyberattacks such as double-extortion ransomware, phishing, business email compromise (BEC), info-stealing malware or attacks that leverage the domain name system (DNS). That is simply because being compliant does not necessarily imply being cyber […] The post Best Practices for Endpoint Security in Healthcare Institutions appeared firs

Healthcare 104

Healthcare DNS DDOS Phishing 104

Security Affairs

SEPTEMBER 15, 2023

The Russian national Dariy Pankov, aka dpxaker, has pleaded guilty to conspiracy to commit wire and computer fraud. The Russian national Dariy Pankov (28), aka dpxaker, is the author of the NLBrute malware. The man has been extradited to the United States from Georgia. In February 2023, Pankov was charged with conspiracy, access device fraud, and computer fraud.

Malware 98

Malware Marketing Passwords Hacking 98

The Hacker News

SEPTEMBER 15, 2023

The threat actors behind RedLine and Vidar information stealers have been observed pivoting to ransomware through phishing campaigns that spread initial payloads signed with Extended Validation (EV) code signing certificates.

Phishing 102

Phishing Ransomware 102

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

Bleeping Computer

SEPTEMBER 15, 2023

This week's big news is the extortion attacks on the Caesars and MGM Las Vegas casino chains, with one having already paid the ransom and the other still facing operational disruptions. [.

Ransomware 98

Ransomware 98

The Hacker News

SEPTEMBER 15, 2023

An ongoing campaign is targeting Facebook Business accounts with bogus messages to harvest victims' credentials using a variant of the Python-based NodeStealer and potentially take over their accounts for follow-on malicious activities.

Accountability 101

Accountability Manufacturing Malware Technology 101

Dark Reading

SEPTEMBER 15, 2023

The maintainers of the widely used library recently patched multiple memory corruption vulnerabilities that attackers could have abused to, ahem, curse targets with malicious code and escalate privileges.

95

95

The Hacker News

SEPTEMBER 15, 2023

The volume of cybersecurity vulnerabilities is rising, with close to 30% more vulnerabilities found in 2022 vs. 2018. Costs are also rising, with a data breach in 2023 costing $4.45M on average vs. $3.62M in 2017. In Q2 2023, a total of 1386 victims were claimed by ransomware attacks compared with just 831 in Q1 2023.

Data breaches 101

Data breaches Ransomware Cybersecurity 101

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Dark Reading

SEPTEMBER 15, 2023

For months, the Iran-backed APT has carried out waves of password spray attacks attempting to authenticate to thousands of environments across multiple targets worldwide.

Authentication 91

Authentication Passwords 91

Heimadal Security

SEPTEMBER 15, 2023

The notorious LockBit ransomware group claims to have breached two major hospitals from upstate New York, the Carthage Area Hospital and Claxton-Hepburn Medical Center. The two hospitals serve hundreds of thousands of patients. Details on the Attack: The Hospitals Are Struggling The two hospitals have been suffering greatly as a result of the cyberattack that […] The post Two New York Hospitals Breached by the LockBit Ransomware Group appeared first on Heimdal Security Blog.

Ransomware 88

Ransomware Cybersecurity 88

Dark Reading

SEPTEMBER 15, 2023

Ransomware becoming less of a factor as threat actors extort businesses with payment options that are less than regulatory fines.

Ransomware 104

Ransomware 104

Heimadal Security

SEPTEMBER 15, 2023

In the increasingly digitalized world that we live in, doing business without being connected 24/7 is almost unthinkable. Any medium to large organization needs to have an online way of displaying its products or services. It also needs a fast communication system with employees and customers. Finally, they need a better and more cost-effective way […] The post 5 Examples of DNS IoCs That Are Red Flags for Cyberattacks appeared first on Heimdal Security Blog.

DNS 88

DNS Cybersecurity 88

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.