Krebs on Security
SEPTEMBER 9, 2022
Communities like Craigslist , OfferUp , Facebook Marketplace and others are great for finding low- or no-cost stuff that one can pick up directly from a nearby seller, and for getting rid of useful things that don’t deserve to end up in a landfill. But when dealing with strangers from the Internet, there is always a risk that the person you’ve agreed to meet has other intentions.
Schneier on Security
SEPTEMBER 9, 2022
Stewart Baker discusses why the industry-norm responsible disclosure for software vulnerabilities fails for cryptocurrency software. Why can’t the cryptocurrency industry solve the problem the way the software and hardware industries do, by patching and updating security as flaws are found? Two reasons: First, many customers don’t have an ongoing relationship with the hardware and software providers that protect their funds—nor do they have an incentive to update security on a regular bas
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Tech Republic Security
SEPTEMBER 9, 2022
The lack of transparency could be cause for concern, but the data stolen is not high value. The post Impact of Samsung’s most recent data breach unknown appeared first on TechRepublic.
Bleeping Computer
SEPTEMBER 9, 2022
A new attack technique called 'GIFShell' allows threat actors to abuse Microsoft Teams for novel phishing attacks and covertly executing commands to steal data using. GIFs. [.].
Speaker: Erroll Amacker
Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.
Tech Republic Security
SEPTEMBER 9, 2022
Jack Wallen ponders the rising tide of Linux malware and offers advice on how to help mitigate the issue. The post The rise of Linux malware: 9 tips for securing the OSS appeared first on TechRepublic.
Security Affairs
SEPTEMBER 9, 2022
Threat actors claimed to have stolen classified NATO documents from the Armed Forces General Staff agency of Portugal (EMGFA). After discovering that Classified NATO documents belonging to the Armed Forces General Staff agency of Portugal (EMGFA) were offered for sale on the darkweb, the Portuguese agency discovered it has suffered a cyberattack. The Armed Forces General Staff (Portuguese: Estado-Maior-General das Forças Armadas), or EMGFA, is the supreme military body of Portugal.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
|
The Hacker News
SEPTEMBER 9, 2022
A zero-day flaw in a WordPress plugin called BackupBuddy is being actively exploited, WordPress security company Wordfence has disclosed. "This vulnerability makes it possible for unauthenticated users to download arbitrary files from the affected site which can include sensitive information," it said.
Security Affairs
SEPTEMBER 9, 2022
Threat actors are exploiting a zero-day vulnerability in a WordPress plugin called BackupBuddy, Wordfence researchers warned. On September 6, 2022, the Wordfence Threat Intelligence team was informed of a vulnerability being actively exploited in the BackupBuddy WordPress plugin. This plugin allows users to back up an entire WordPress installation, including theme files, pages, posts, widgets, users, and media files.
Graham Cluley
SEPTEMBER 9, 2022
A ransomware gang that has been increasingly disproportionately targeting the education sector is the subject of a joint warning issued by the FBI, CISA, and MS-ISAC. Read more in my article on the Tripwire State of Security blog.
Security Affairs
SEPTEMBER 9, 2022
Iran-linked APT group DEV-0270 (aka Nemesis Kitten) is abusing the BitLocker Windows feature to encrypt victims’ devices. Microsoft Security Threat Intelligence researchers reported that Iran-linked APT group DEV-0270 ( Nemesis Kitten ) has been abusing the BitLocker Windows feature to encrypt victims’ devices. The researchers tracked multiple ransomware attacks conducted by the DEV-0270 group, which is a unit of the Iranian actor PHOSPHORUS.
Advertisement
Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.
Security Boulevard
SEPTEMBER 9, 2022
Patreon, the notorious membership monetization platform, laid off its entire security team yesterday. Just like that. The post Patreon Fires its Security Team — and the Internet Freaks Out appeared first on Security Boulevard.
Security Affairs
SEPTEMBER 9, 2022
US authorities recovered more than $30 million worth of cryptocurrency stolen by the North Korea-linked Lazarus APT from Axie Infinity. A joint operation conducted by enforcement and leading organizations in the cryptocurrency industry allowed to recover more than $30 million worth of cryptocurrency stolen by North Korean-linked APT group Lazarus from online video game Axie Infinity.
CSO Magazine
SEPTEMBER 9, 2022
Retailers are fast becoming the favorite targets for ransomware criminals, with two out of three companies in the sector being attacked last year, according to a new report from cybersecurity firm Sophos. Attackers were able to successfully encrypt files in more than half of the attacks. Of 422 retail IT professionals surveyed internationally, 77% said their organizations were hit by ransomware attacks in 2021.
Security Affairs
SEPTEMBER 9, 2022
CISA added 12 more security flaws to its Known Exploited Vulnerabilities Catalog including four D-Link vulnerabilities. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added 12 new vulnerabilities to its Known Exploited Vulnerabilities Catalog , including four vulnerabilities in D-Link routers, two Chrome zero-day issues, and a recently disclosed flaw in the QNAP Photo Station.
Advertisement
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
Security Boulevard
SEPTEMBER 9, 2022
The rapid move to a distributed workforce during the pandemic turbocharged cloud adoption and, as a result, exponentially expanded the attack surface. Today’s digital economy mostly consists of online applications in public or private clouds. They are all connected via APIs, increasing the number of access points attackers can use to gain unauthorized access to systems.
Heimadal Security
SEPTEMBER 9, 2022
The North Face, an outdoor clothing brand, was the victim of a large-scale credential stuffing attack. The malicious actors managed to steal the data of 194,905 accounts on the thenorthface.com website. The attack began on July 26, 2022, but was detected only on August 11, 2022, with the administrators of the website being able to […]. The post Outdoor Clothing Brand, The North Face, Hit With Credential Stuffing Attack appeared first on Heimdal Security Blog.
Webroot
SEPTEMBER 9, 2022
Regional restrictions on NFL game broadcasts and rising membership fees on streaming sites like Netflix, Hulu, and Disney Plus are just some reasons why frustrated consumers turn to illegal streaming sites. Marketed as an alternative to legitimate streaming services, illegal streaming sites have become a portal to connect criminals directly to you (their target).
CSO Magazine
SEPTEMBER 9, 2022
A vulnerability found in an interaction between a Wi-Fi -enabled battery system and an infusion pump for the delivery of medication could provide bad actors with a method for stealing access to Wi-Fi networks used by healthcare organizations, according to Boston-based security firm Rapid7. The most serious issue involves Baxter International’s SIGMA Spectrum infusion pump and its associated Wi-Fi battery system, Rapid7 reported this week.
Speaker: Sierre Lindgren
Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.
The Hacker News
SEPTEMBER 9, 2022
Security threats are always a concern when it comes to APIs. API security can be compared to driving a car. You must be cautious and review everything closely before releasing it into the world. By failing to do so, you're putting yourself and others at risk. API attacks are more dangerous than other breaches.
Security Boulevard
SEPTEMBER 9, 2022
Understanding Vulnerability assessment, penetration testing, and attack simulations requires a better understanding of who will be using the results and […]. The post Scanning, Testing and Simulating – Where does PTaaS Fit? appeared first on Security Boulevard.
The Hacker News
SEPTEMBER 9, 2022
More than $30 million worth of cryptocurrency plundered by the North Korea-linked Lazarus Group from online video game Axie Infinity has been recovered, marking the first time digital assets stolen by the threat actor have been seized.
Security Boulevard
SEPTEMBER 9, 2022
A recent article in Forbes Magazine by HYPR’s CEO Bojan Simic discussed the cybersecurity skills gap and how practitioners and executives can address the technical workforce shortages. While that article highlighted why and how companies should look beyond current job experience, this post looks holistically at how to attract talented people. It highlights what we do at HYPR to attract and retain our talented team members from a more personal approach.
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
Bleeping Computer
SEPTEMBER 9, 2022
The Armed Forces General Staff agency of Portugal (EMGFA) has suffered a cyberattack that allegedly allowed the theft of classified NATO documents, which are now sold on the dark web. [.].
Security Boulevard
SEPTEMBER 9, 2022
It has never been more critical than it is today to get things right in terms of cloud safety and security when building new software. Yet many organizations are still suffering from massive breaches, vulnerabilities and supply chain attacks. According to a report released by Check Point Research, in 2021 the number of cyberattacks against. The post The Rise of Software Developers in Cloud Security appeared first on Security Boulevard.
Heimadal Security
SEPTEMBER 9, 2022
Even though companies now understand the necessity of cybersecurity in the face of ransomware attacks, and started to take it more seriously, CISO Benchmark Survey named this malware number one in their list of initiatives for 2022. With increasingly high-profile ransomware incidents and ransomware gangs’ extensive operations, the issue of this type of cyberattack is […].
CSO Magazine
SEPTEMBER 9, 2022
Security researchers have discovered a new remote access Trojan (RAT) being used in attack campaigns this year by Lazarus, a threat actor tied to the North Korean government. The new RAT has been used alongside other malware implants attributed to Lazarus and it's mainly used in the first stages of an attack. Dubbed MagicRAT, the new Lazarus malware program was developed using Qt, a framework commonly used to develop graphical user interfaces for cross-platform applications.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
CyberSecurity Insiders
SEPTEMBER 9, 2022
Meta, that owns Facebook, was slapped with a penalty of €450m for mis-handling data related to children. The financial implication was announced on Instagram that is used by adults to share videos and images. Ireland’s Data Protection Commission (DPC) found several discrepancies in the way Instagram was handling information related to children and so slapped a penalty for allowing children to run business accounts.
Bleeping Computer
SEPTEMBER 9, 2022
Security researchers at Norton Labs have found that roughly eight out of ten websites featuring a search bar will leak their visitor's search terms to online advertisers like Google. [.].
Security Boulevard
SEPTEMBER 9, 2022
A recently-released Surfshark report looked into global inquiries into the activities of specific accounts made by governments to service providers. The report found the United States “requests the most user data from big tech companies.” While the company characterizes government requests as “surveillance,” I prefer the term “inquiry.” The Surfshark review included 177 countries from.
Google Security
SEPTEMBER 9, 2022
Posted by Jonathan Metzman, Dongge Liu and Oliver Chang, Google Open Source Security Team Recently, OSS-Fuzz —our community fuzzing service that regularly checks 700 critical open source projects for bugs—detected a serious vulnerability (CVE-2022-3008): a bug in the TinyGLTF project that could have allowed attackers to execute malicious code in projects using TinyGLTF as a dependency.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Expert insights. Personalized for you.
331 
Let's personalize your content