Fri.Sep 15, 2023

article thumbnail

On Technologies for Automatic Facial Recognition

Schneier on Security

Interesting article on technologies that will automatically identify people: With technology like that on Mr. Leyvand’s head, Facebook could prevent users from ever forgetting a colleague’s name, give a reminder at a cocktail party that an acquaintance had kids to ask about or help find someone at a crowded conference. However, six years later, the company now known as Meta has not released a version of that product and Mr.

article thumbnail

Okta Flaw Involved in MGM Resorts Breach, Attackers Claim

Dark Reading

ALPHV/BlackCat ransomware operators have used their leak site to "set the record straight" about the MGM Resorts cyberattack. Meanwhile, more attacks abusing Okta could be likely.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

LLM Summary of My Book Beyond Fear

Schneier on Security

Claude (Anthropic’s LLM) was given this prompt: Please summarize the themes and arguments of Bruce Schneier’s book Beyond Fear. I’m particularly interested in a taxonomy of his ethical arguments—please expand on that. Then lay out the most salient criticisms of the book. Claude’s reply: Here’s a brief summary of the key themes and arguments made in security expert Bruce Schneier’s book Beyond Fear: Thinking Sensibly About Security in an Uncertain World :

article thumbnail

Retool blames breach on Google Authenticator MFA cloud sync feature

Bleeping Computer

Software company Retool says the accounts of 27 cloud customers were compromised following a targeted and multi-stage social engineering attack. [.

article thumbnail

Human-Centered Cyber Security Training: Driving Real Impact on Security Culture

Speaker: Speakers:

In today's digital age, having an untrained workforce can be a significant risk to your business. Cyber threats are evolving; without proper training, your employees could be the weakest link in your defense. This webinar empowers leaders like you with the tools and strategies needed to transform your employees into a robust frontline defense against cyber attacks.

article thumbnail

Cybersecurity Goals Conflict With Business Aims

Security Boulevard

A study from Forrester Consulting found most organizations face challenges aligning cybersecurity priorities with business outcomes. The post Cybersecurity Goals Conflict With Business Aims appeared first on Security Boulevard.

article thumbnail

TikTok slapped with $368 million fine over child privacy violations

Bleeping Computer

The Irish Data Protection Commission (DPC) has fined TikTok €345 million ($368 million) for violating the privacy of children between the ages of 13 and 17 while processing their data. [.

More Trending

article thumbnail

Capslock: What is your code really capable of?

Google Security

Jess McClintock and John Dethridge, Google Open Source Security Team, and Damien Miller, Enterprise Infrastructure Protection Team When you import a third party library, do you review every line of code? Most software packages depend on external libraries, trusting that those packages aren’t doing anything unexpected. If that trust is violated, the consequences can be huge—regardless of whether the package is malicious, or well-intended but using overly broad permissions, such as with Log4j in 2

Software 120
article thumbnail

Google Agrees to $93 Million Settlement in California's Location-Privacy Lawsuit

The Hacker News

Google has agreed to pay $93 million to settle a lawsuit filed by the U.S. state of California over allegations that the company's location-privacy practices misled consumers and violated consumer protection laws.

article thumbnail

Caesars Entertainment paid a ransom to avoid stolen data leaks

Security Affairs

Caesars Entertainment announced it has paid a ransom to avoid the leak of customer data stolen in a recent intrusion. Caesars Entertainment is the world’s most geographically diversified casino-entertainment company. It is the largest gaming company in the United States, with over 50 casinos and hotels in 13 U.S. states and five countries. The company also owns and operates a number of other businesses, including a golf course management company, a travel agency, and a marketing firm.

article thumbnail

Cyberthreat Intelligence: Are Telecom Networks Easy Targets?

Security Boulevard

Threat actors are trying to breach telecom service providers' networks and gain access to sensitive data. The post Cyberthreat Intelligence: Are Telecom Networks Easy Targets? appeared first on Security Boulevard.

DDOS 113
article thumbnail

The Importance of User Roles and Permissions in Cybersecurity Software

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

article thumbnail

Best Practices for Endpoint Security in Healthcare Institutions

Heimadal Security

While achieving compliance with industry standards is the minimum, it’s not enough to prevent insider threats, supply chain attacks, DDoS, or sophisticated cyberattacks such as double-extortion ransomware, phishing, business email compromise (BEC), info-stealing malware or attacks that leverage the domain name system (DNS). That is simply because being compliant does not necessarily imply being cyber […] The post Best Practices for Endpoint Security in Healthcare Institutions appeared firs

article thumbnail

Google pays $93M to settle Android tracking lawsuit in California

Bleeping Computer

California's Attorney General announced today that Google will pay $93 million to settle a privacy lawsuit alleging it violated the U.S. state's consumer protection laws. [.

article thumbnail

Dangerous permissions detected in top Android health apps

Security Affairs

Leading Android health apps expose users to avoidable threats like surveillance and identity theft, due to their risky permissions. Cybernews has the story. The Android challenge In the digital age, mobile applications have become an integral part of our lives, transforming the way we communicate, work, and entertain ourselves. With the vast array of apps available at our fingertips, it’s easy to overlook the potential risks they may pose.

article thumbnail

ORBCOMM ransomware attack causes trucking fleet management outage

Bleeping Computer

Trucking and fleet management solutions provider ORBCOMM has confirmed that a ransomware attack is causing recent service outages that prevent trucking companies from managing their fleets. [.

article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

Cybercriminals Combine Phishing and EV Certificates to Deliver Ransomware Payloads

The Hacker News

The threat actors behind RedLine and Vidar information stealers have been observed pivoting to ransomware through phishing campaigns that spread initial payloads signed with Extended Validation (EV) code signing certificates.

Phishing 109
article thumbnail

Attackers Target Crypto Companies in Retool Data Breach

Security Boulevard

A data breach late last month of software development platform firm Retool led to the accelerated acquisition of one of its users and put a spotlight on an account synchronization feature that Google introduced earlier this year. Retool, the six-year-old company whose platform help organizations build business applications, on August 29 notified 27 customers of.

article thumbnail

NodeStealer Malware Now Targets Facebook Business Accounts on Multiple Browsers

The Hacker News

An ongoing campaign is targeting Facebook Business accounts with bogus messages to harvest victims' credentials using a variant of the Python-based NodeStealer and potentially take over their accounts for follow-on malicious activities.

article thumbnail

Cybersecurity Insights with Contrast CISO David Lindner | 9/15

Security Boulevard

Insight #1 Software Bills of Materials (SBOMs) are nothing more than a data point for determining risk. They shouldn’t be treated as gospel. The post Cybersecurity Insights with Contrast CISO David Lindner | 9/15 appeared first on Security Boulevard.

CISO 109
article thumbnail

Cybersecurity Predictions for 2024

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

article thumbnail

The Interdependence between Automated Threat Intelligence Collection and Humans

The Hacker News

The volume of cybersecurity vulnerabilities is rising, with close to 30% more vulnerabilities found in 2022 vs. 2018. Costs are also rising, with a data breach in 2023 costing $4.45M on average vs. $3.62M in 2017. In Q2 2023, a total of 1386 victims were claimed by ransomware attacks compared with just 831 in Q1 2023.

article thumbnail

Bing Chat AI is down, affecting Windows Copilot and more

Bleeping Computer

Bing Chat, the famous ChatGPT-powered chatbot that allows users to converse with various personalities and topics has connectivity issues worldwide. [.

Software 118
article thumbnail

DoD: China's ICS Cyber Onslaught Aimed at Gaining Kinetic Warfare Advantage

Dark Reading

Escalating incursions into military base infrastructure, telecom networks, utilities, and more signal that Beijing is laying the groundwork for mass disruption.

110
110
article thumbnail

Google extends security update support for Chromebooks to 10 years

Bleeping Computer

Google has announced the Auto Update Expiration (AUE) date will be extended from 5 years to 10 for all Chromebooks, guaranteeing a decade of monthly security updates. [.

107
107
article thumbnail

Beware of Pixels & Trackers on U.S. Healthcare Websites

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

article thumbnail

5 Examples of DNS IoCs That Are Red Flags for Cyberattacks

Heimadal Security

In the increasingly digitalized world that we live in, doing business without being connected 24/7 is almost unthinkable. Any medium to large organization needs to have an online way of displaying its products or services. It also needs a fast communication system with employees and customers. Finally, they need a better and more cost-effective way […] The post 5 Examples of DNS IoCs That Are Red Flags for Cyberattacks appeared first on Heimdal Security Blog.

DNS 100
article thumbnail

Europol lifts the lid on cybercrime tactics

Malwarebytes

The European Union Agency for Law Enforcement Cooperation (Europol), has published a report that examines developments in cyberattacks, discussing new methodologies and threats observed by Europol’s operational analysts. The report also discusses the criminal organizations behind cyberattacks and the influence of geopolitical events. The report follows the Internet Organized Crime Assessment (IOCTA), Europol’s assessment of the cybercrime landscape and how it has changed over the las

article thumbnail

Two New York Hospitals Breached by the LockBit Ransomware Group

Heimadal Security

The notorious LockBit ransomware group claims to have breached two major hospitals from upstate New York, the Carthage Area Hospital and Claxton-Hepburn Medical Center. The two hospitals serve hundreds of thousands of patients. Details on the Attack: The Hospitals Are Struggling The two hospitals have been suffering greatly as a result of the cyberattack that […] The post Two New York Hospitals Breached by the LockBit Ransomware Group appeared first on Heimdal Security Blog.

article thumbnail

Dariy Pankov, the NLBrute malware author, pleads guilty

Security Affairs

The Russian national Dariy Pankov, aka dpxaker, has pleaded guilty to conspiracy to commit wire and computer fraud. The Russian national Dariy Pankov (28), aka dpxaker, is the author of the NLBrute malware. The man has been extradited to the United States from Georgia. In February 2023, Pankov was charged with conspiracy, access device fraud, and computer fraud.

Malware 99
article thumbnail

5 Key Findings From the 2023 FBI Internet Crime Report

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

article thumbnail

The Week in Ransomware - September 15th 2023 - Russian Roulette

Bleeping Computer

This week's big news is the extortion attacks on the Caesars and MGM Las Vegas casino chains, with one having already paid the ransom and the other still facing operational disruptions. [.

article thumbnail

Microsoft Flushes Out 'Ncurses' Gremlins

Dark Reading

The maintainers of the widely used library recently patched multiple memory corruption vulnerabilities that attackers could have abused to, ahem, curse targets with malicious code and escalate privileges.

95
article thumbnail

The CISO’s Three-Point Checklist for Maximizing Cybersecurity ROI

Security Boulevard

In this blog, we present the CISO’s Checklist for Maximizing Cybersecurity ROI, providing essential criteria to navigate this complex terrain effectively. Explore how aligning security strategies with business objectives, adopting continuous threat exposure management, and harnessing the power of automation can fortify cybersecurity in an ever-evolving threat landscape.

article thumbnail

Microsoft: 'Peach Sandstorm' Cyberattacks Target Defense, Pharmaceutical Orgs

Dark Reading

For months, the Iran-backed APT has carried out waves of password spray attacks attempting to authenticate to thousands of environments across multiple targets worldwide.

article thumbnail

Software Composition Analysis: The New Armor for Your Cybersecurity

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?