Schneier on Security

SEPTEMBER 15, 2023

Interesting article on technologies that will automatically identify people: With technology like that on Mr. Leyvand’s head, Facebook could prevent users from ever forgetting a colleague’s name, give a reminder at a cocktail party that an acquaintance had kids to ask about or help find someone at a crowded conference. However, six years later, the company now known as Meta has not released a version of that product and Mr.

Technology 237

Technology 237

Dark Reading

SEPTEMBER 15, 2023

ALPHV/BlackCat ransomware operators have used their leak site to "set the record straight" about the MGM Resorts cyberattack. Meanwhile, more attacks abusing Okta could be likely.

Ransomware 145

Ransomware 145

Schneier on Security

SEPTEMBER 15, 2023

Claude (Anthropic’s LLM) was given this prompt: Please summarize the themes and arguments of Bruce Schneier’s book Beyond Fear. I’m particularly interested in a taxonomy of his ethical arguments—please expand on that. Then lay out the most salient criticisms of the book. Claude’s reply: Here’s a brief summary of the key themes and arguments made in security expert Bruce Schneier’s book Beyond Fear: Thinking Sensibly About Security in an Uncertain World :

Data collection 169

Data collection Cybercrime Surveillance Risk 169

Bleeping Computer

SEPTEMBER 15, 2023

Software company Retool says the accounts of 27 cloud customers were compromised following a targeted and multi-stage social engineering attack. [.

Authentication 141

Authentication Social Engineering Engineering Software 141

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

Dark Reading

SEPTEMBER 15, 2023

Escalating incursions into military base infrastructure, telecom networks, utilities, and more signal that Beijing is laying the groundwork for mass disruption.

130

130

Security Boulevard

SEPTEMBER 15, 2023

A study from Forrester Consulting found most organizations face challenges aligning cybersecurity priorities with business outcomes. The post Cybersecurity Goals Conflict With Business Aims appeared first on Security Boulevard.

Cybersecurity 122

Cybersecurity Security Awareness CISO Risk 122

Google Security

SEPTEMBER 15, 2023

Jess McClintock and John Dethridge, Google Open Source Security Team, and Damien Miller, Enterprise Infrastructure Protection Team When you import a third party library, do you review every line of code? Most software packages depend on external libraries, trusting that those packages aren’t doing anything unexpected. If that trust is violated, the consequences can be huge—regardless of whether the package is malicious, or well-intended but using overly broad permissions, such as with Log4j in 2

Software 119

Software 119

Dark Reading

SEPTEMBER 15, 2023

The maintainers of the widely used library recently patched multiple memory corruption vulnerabilities that attackers could have abused to, ahem, curse targets with malicious code and escalate privileges.

117

117

The Hacker News

SEPTEMBER 15, 2023

The Internet of Things (IoT) is transforming efficiency in various sectors like healthcare and logistics but has also introduced new security risks, particularly IoT-driven DDoS attacks. This article explores how these attacks work, why they’re uniquely problematic, and how to mitigate them. What Is IoT?

DDOS 119

DDOS IoT Internet Internet 119

Dark Reading

SEPTEMBER 15, 2023

This incident bears notable resemblance to an attack that occurred just last month affecting London's Metropolitan Police, raising concerns over UK cybersecurity safeguards for public safety.

Hacking 102

Hacking Cybersecurity 102

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

Risk

Bleeping Computer

SEPTEMBER 15, 2023

The Irish Data Protection Commission (DPC) has fined TikTok €345 million ($368 million) for violating the privacy of children between the ages of 13 and 17 while processing their data. [.

Technology 124

Technology 124

Security Boulevard

SEPTEMBER 15, 2023

Threat actors are trying to breach telecom service providers' networks and gain access to sensitive data. The post Cyberthreat Intelligence: Are Telecom Networks Easy Targets? appeared first on Security Boulevard.

DDOS 112

DDOS Network Security Cybersecurity Mobile 112

Dark Reading

SEPTEMBER 15, 2023

Ransomware becoming less of a factor as threat actors extort businesses with payment options that are less than regulatory fines.

Ransomware 126

Ransomware 126

Security Boulevard

SEPTEMBER 15, 2023

A data breach late last month of software development platform firm Retool led to the accelerated acquisition of one of its users and put a spotlight on an account synchronization feature that Google introduced earlier this year. Retool, the six-year-old company whose platform help organizations build business applications, on August 29 notified 27 customers of.

Data breaches 109

Data breaches Software Accountability Social Engineering 109

Speaker: William Hord, Senior VP of Risk & Professional Services

Enterprise Risk Management (ERM) is critical for industry growth in today’s fast-paced and ever-changing risk landscape. When building your ERM program foundation, you need to answer questions like: Do we have robust board and management support? Do we understand and articulate our bank’s risk appetite and how that impacts our business units? How are we measuring and rating our risk impact, likelihood, and controls to mitigate our risk?

Banking

The Hacker News

SEPTEMBER 15, 2023

Google has agreed to pay $93 million to settle a lawsuit filed by the U.S. state of California over allegations that the company's location-privacy practices misled consumers and violated consumer protection laws.

Consumer Protection 113

Consumer Protection 113

Security Boulevard

SEPTEMBER 15, 2023

Insight #1 Software Bills of Materials (SBOMs) are nothing more than a data point for determining risk. They shouldn’t be treated as gospel. The post Cybersecurity Insights with Contrast CISO David Lindner | 9/15 appeared first on Security Boulevard.

CISO 109

CISO Cybersecurity Risk Software 109

Security Affairs

SEPTEMBER 15, 2023

Caesars Entertainment announced it has paid a ransom to avoid the leak of customer data stolen in a recent intrusion. Caesars Entertainment is the world’s most geographically diversified casino-entertainment company. It is the largest gaming company in the United States, with over 50 casinos and hotels in 13 U.S. states and five countries. The company also owns and operates a number of other businesses, including a golf course management company, a travel agency, and a marketing firm.

Ransomware 110

Ransomware Cyber Attacks Cybersecurity Hacking 110

Malwarebytes

SEPTEMBER 15, 2023

The European Union Agency for Law Enforcement Cooperation (Europol), has published a report that examines developments in cyberattacks, discussing new methodologies and threats observed by Europol’s operational analysts. The report also discusses the criminal organizations behind cyberattacks and the influence of geopolitical events. The report follows the Internet Organized Crime Assessment (IOCTA), Europol’s assessment of the cybercrime landscape and how it has changed over the las

Cybercrime 103

Cybercrime Ransomware Malware DDOS 103

Speaker: Ronald Eddings, Cybersecurity Expert and Podcaster

So, you’ve accomplished an organization-wide SaaS adoption. It started slow, and now just a few team members might be responsible for running Salesforce, Slack, and a few others applications that boost productivity, but it’s all finished. Or is it? Through all the benefits offered by SaaS applications, it’s still a necessity to onboard providers as quickly as possible.

Risk

The Hacker News

SEPTEMBER 15, 2023

The threat actors behind RedLine and Vidar information stealers have been observed pivoting to ransomware through phishing campaigns that spread initial payloads signed with Extended Validation (EV) code signing certificates.

Phishing 106

Phishing Ransomware 106

Heimadal Security

SEPTEMBER 15, 2023

While achieving compliance with industry standards is the minimum, it’s not enough to prevent insider threats, supply chain attacks, DDoS, or sophisticated cyberattacks such as double-extortion ransomware, phishing, business email compromise (BEC), info-stealing malware or attacks that leverage the domain name system (DNS). That is simply because being compliant does not necessarily imply being cyber […] The post Best Practices for Endpoint Security in Healthcare Institutions appeared firs

Healthcare 101

Healthcare DDOS DNS Phishing 101

Bleeping Computer

SEPTEMBER 15, 2023

Bing Chat, the famous ChatGPT-powered chatbot that allows users to converse with various personalities and topics has connectivity issues worldwide. [.

Software 116

Software 116

Dark Reading

SEPTEMBER 15, 2023

Trust is the crucial bridge between security and people, but excessive or misguided trust can pose serious security risks.

Risk 119

Risk Cybersecurity 119

Speaker: Dr. Karen Hardy, CEO and Chief Risk Officer of Strategic Leadership Advisors LLC

Communication is a core component of a resilient organization's risk management framework. However, risk communication involves more than just reporting information and populating dashboards, and we may be limiting our skillset. Storytelling is the ability to express ideas and convey messages to others, including stakeholders. When done effectively, it can help interpret complex risk environments for leaders and inform their decision-making.

Risk

Bleeping Computer

SEPTEMBER 15, 2023

California's Attorney General announced today that Google will pay $93 million to settle a privacy lawsuit alleging it violated the U.S. state's consumer protection laws. [.

Consumer Protection 112

Consumer Protection 112

The Hacker News

SEPTEMBER 15, 2023

The volume of cybersecurity vulnerabilities is rising, with close to 30% more vulnerabilities found in 2022 vs. 2018. Costs are also rising, with a data breach in 2023 costing $4.45M on average vs. $3.62M in 2017. In Q2 2023, a total of 1386 victims were claimed by ransomware attacks compared with just 831 in Q1 2023.

Data breaches 104

Data breaches Ransomware Cybersecurity 104

Bleeping Computer

SEPTEMBER 15, 2023

Trucking and fleet management solutions provider ORBCOMM has confirmed that a ransomware attack is causing recent service outages that prevent trucking companies from managing their fleets. [.

Ransomware 110

Ransomware 110

Security Affairs

SEPTEMBER 15, 2023

Leading Android health apps expose users to avoidable threats like surveillance and identity theft, due to their risky permissions. Cybernews has the story. The Android challenge In the digital age, mobile applications have become an integral part of our lives, transforming the way we communicate, work, and entertain ourselves. With the vast array of apps available at our fingertips, it’s easy to overlook the potential risks they may pose.

Accountability 104

Accountability Information Security Surveillance Phishing 104

Speaker: Karl Camilleri, Cloud Services Product Manager at phoenixNAP

Did you know that 2021 was a record-breaking year for ransomware? The days of a “once in a while” attack against businesses and organizations are over. Cyberthreats have become a serious issue. With 495.1 million attacks, the threat marked a 148% increase compared to 2020 and was the most expensive year on record! As a result, data protection needs to be a concern for most banks, businesses, and information technology specialists.

Ransomware

The Hacker News

SEPTEMBER 15, 2023

An ongoing campaign is targeting Facebook Business accounts with bogus messages to harvest victims' credentials using a variant of the Python-based NodeStealer and potentially take over their accounts for follow-on malicious activities.

Accountability 103

Accountability Malware Manufacturing Technology 103

Bleeping Computer

SEPTEMBER 15, 2023

Google has announced the Auto Update Expiration (AUE) date will be extended from 5 years to 10 for all Chromebooks, guaranteeing a decade of monthly security updates. [.

105

105

Dark Reading

SEPTEMBER 15, 2023

The shared responsibility model was good enough to cover the first years of the cloud revolution, but the model is showing its limitations. Shared fate is a more mature model for the future of cloud security.

Risk 81

Risk 81

Security Affairs

SEPTEMBER 15, 2023

The Russian national Dariy Pankov, aka dpxaker, has pleaded guilty to conspiracy to commit wire and computer fraud. The Russian national Dariy Pankov (28), aka dpxaker, is the author of the NLBrute malware. The man has been extradited to the United States from Georgia. In February 2023, Pankov was charged with conspiracy, access device fraud, and computer fraud.

Malware 94

Malware Hacking Passwords Software 94

Speaker: Ryan McInerny, CAMS, FRM, MSBA - Principal, Product Strategy

Cryptocurrency and non-fungible tokens (NFTs) - what are they and why should you care? With 20% of Americans owning cryptocurrencies, speaking "fluent crypto" in the financial sector ensures you are prepared to discuss growth and risk management strategies when the topic arises. Join this exclusive webinar with Ryan McInerny to learn: Cryptocurrency asset market trends How to manage risk and compliance to serve customers safely Best practices for identifying crypto transactions and companies Rev

Cryptocurrency