Schneier on Security

JUNE 12, 2023

New research suggests that AIs can produce perfectly secure steganographic images: Abstract: Steganography is the practice of encoding secret information into innocuous content in such a manner that an adversarial third party would not realize that there is hidden meaning. While this problem has classically been studied in security literature, recent advances in generative models have led to a shared interest among security and machine learning researchers in developing scalable steganography te

Artificial Intelligence 289

Artificial Intelligence Encryption 289

The Last Watchdog

JUNE 12, 2023

Information privacy and information security are two different things. Related: Tapping hidden pools of security talent Information privacy is the ability to control who (or what) can view or access information that is collected about you or your customers. Privacy controls allow you to say who or what can access a database of customer data or employee data.

Information Security 202

Information Security Data breaches CISO Encryption 202

Tech Republic Security

JUNE 12, 2023

Google’s ChromeOS is not just for Chromebooks. Thomas Riedl, the Google unit’s head of enterprise, sees big growth opportunities for the OS where security and versatility matter most. The post Google’s ChromeOS aims for enterprise with security and compatibility appeared first on TechRepublic.

131

131

The Hacker News

JUNE 12, 2023

A fully undetectable (FUD) malware obfuscation engine named BatCloak is being used to deploy various malware strains since September 2022, while persistently evading antivirus detection. The samples grant "threat actors the ability to load numerous malware families and exploits with ease through highly obfuscated batch files," Trend Micro researchers said.

Engineering 142

Engineering Malware Antivirus 142

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

WIRED Threat Level

JUNE 12, 2023

A newly declassified report from the Office of the Director of National Intelligence reveals that the federal government is buying troves of data about Americans.

Government 145

Government 145

Bleeping Computer

JUNE 12, 2023

Fortinet says a critical FortiOS SSL VPN vulnerability that was patched last week "may have been exploited" in attacks impacting government, manufacturing, and critical infrastructure organizations. [.

VPN 136

VPN Manufacturing Government 136

Bleeping Computer

JUNE 12, 2023

Microsoft revealed in an update to the Azure status page that the preliminary root cause behind an outage that impacted the Azure Portal worldwide on Friday was what it described as a traffic "spike." [.

132

132

CSO Magazine

JUNE 12, 2023

BlackBerry CISO Arvind Raman looks beyond job titles when he has open positions to fill and instead focuses on the key skills required to do the work. That mindset allows Raman to readily identify and recruit qualified professionals from outside the security field, instead of simply seeking candidates working their way up the typical chain of security roles.

CISO 120

CISO Marketing Cybersecurity Risk 120

Bleeping Computer

JUNE 12, 2023

The Swiss government has disclosed that a recent ransomware attack on an IT supplier might have impacted its data, while today, it warns that it is now targeted in DDoS attacks. [.

DDOS 120

DDOS Government Ransomware 120

Security Boulevard

JUNE 12, 2023

An analysis of cyberattacks published by the Unit 42 research arm of Palo Alto Networks found a significant increase in attempts to mimic generative artificial intelligence (AI) sites on the web using typosquatting techniques. Cybercriminals are attempting to take advantage of the popularity of platforms like ChatGPT to distribute malware to end users that are.

Artificial Intelligence 113

Artificial Intelligence Malware IoT Cybersecurity 113

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Graham Cluley

JUNE 12, 2023

More than ten years after the hack of the now-defunct Mt. Gox cryptocurrency exchange, the US Department of Justice says it has identified and charged two men it alleges stole customers' funds and the exchange's private keys. Read more in my article on the Tripwire State of Security blog.

Cryptocurrency 113

Cryptocurrency Hacking 113

Security Boulevard

JUNE 12, 2023

SaaS is driving the journey to digital transformation, with cloud application services dominating end-user spending. And by the end of 2023, Gartner predicts that spending for SaaS will top $195 billion. But while SaaS applications create efficiencies and boost productivity — especially for remote teams — the rapid growth of SaaS also brings with it.

Risk 112

Risk Digital transformation Software Government 112

Duo's Security Blog

JUNE 12, 2023

Before we can discuss passkeys, we need to lay some groundwork and discuss authentication, Passwordless and WebAuthn. What is authentication? Authentication is the process of verifying your online identity. This ensures the right people get access to the right online resources. It also prevents bad actors from doing bad things to your company, including: Stealing (exfiltrating) important data, like user social security numbers Installing malware and holding intellectual property (like software c

Authentication 113

Authentication Passwords Password Management Phishing 113

Bleeping Computer

JUNE 12, 2023

Zacks Investment Research (Zacks) has reportedly suffered an older, previously undisclosed data breach impacting 8.8 million customers, with the database now shared on a hacking forum. [.

Data breaches 107

Data breaches Hacking 107

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Tech Republic Security

JUNE 12, 2023

The reassignment of existing equipment takes place when employees leave the organization or receive new computers, mobile devices, printers and other assets. It is essential to follow strict guidelines for equipment reassignment so that company investments, data and privacy are protected. The following checklist from TechRepublic Premium will help ensure that all the appropriate steps.

Mobile 94

Mobile 94

CyberSecurity Insiders

JUNE 12, 2023

I. Introduction AI’s transformative power is reshaping business operations across numerous industries. Through Robotic Process Automation (RPA), AI is liberating human resources from the shackles of repetitive, rule-based tasks and directing their focus towards strategic, complex operations. Furthermore, AI and machine learning algorithms can decipher the huge sets of data at an unprecedented speed and accuracy, giving businesses insights that were once out of reach.

Risk 106

Risk Architecture Data privacy Encryption 106

CSO Magazine

JUNE 12, 2023

In my last CSO article , I detailed cybersecurity professionals’ opinions on the characteristics of a mature cyber-threat intelligence (CTI) program. According to ESG research , the top attributes of a mature CTI program include dissemination of reports to a broad audience, analysis of massive amounts of threat data, and CTI integration with lots of security technologies.

CSO 105

CSO Cyber threats Technology Cybersecurity 105

CyberSecurity Insiders

JUNE 12, 2023

Ofcom, the UK based communications watchdog has issued a public statement that it could have become a victim of a Russian speaking Clop ransomware attack that exploited SQL Injec-tion Vulerability via MOVEit File transfer software. The Office of Communications (Ofcom) has confirmed that a limited amount of data related to employees working in companies might have been accessed by hackers.

Ransomware 104

Ransomware Backups Software Accountability 104

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Dark Reading

JUNE 12, 2023

The attack highlights growing interest among threat actors to target data from software-as-a-service providers.

Ransomware 131

Ransomware Software 131

CyberSecurity Insiders

JUNE 12, 2023

For the past few hours, there are N number of reports in Indian and International media that da-ta related to vaccinated Indian populace was accessed by hackers and was leaked on a social media platform Telegram, which is owned by a Russian entity. It is unclear who is behind the attack. However, the BJP led government has announced that the breach news broadcasted on certain private news channels was not true and the data of all the vaccinated populace was totally secure from the access of thre

Data breaches 104

Data breaches Government Media Authentication 104

The Hacker News

JUNE 12, 2023

Security researchers have warned about an "easily exploitable" flaw in the Microsoft Visual Studio installer that could be abused by a malicious actor to impersonate a legitimate publisher and distribute malicious extensions. "A threat actor could impersonate a popular publisher and issue a malicious extension to compromise a targeted system," Varonis researcher Dolev Taler said.

101

101

Security Boulevard

JUNE 12, 2023

ESG FAIL: Patching alone won’t cut it. The post What a Mess: Barracuda Swaps Countless Appliances — Malware Can’t be Removed appeared first on Security Boulevard.

Malware 104

Malware Risk Government Cybersecurity 104

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

Naked Security

JUNE 12, 2023

Though the mills of the Law grind slowly/Yet they grind exceeding small/Though with patience they stand waiting/With exactness grind they all…

Cybercrime 105

Cybercrime Cryptocurrency 105

Security Boulevard

JUNE 12, 2023

There are more than 150,000 MSPs globally, and the vast majority of them have traditionally been walled off from cybersecurity compliance due to its cost, complexity, and specialized knowledge. The post Announcing Apptega Edge: The End-to-End Cybersecurity Compliance Platform Purpose-Built for MSPs appeared first on Security Boulevard.

Cybersecurity 97

Cybersecurity Cyber Insurance Insurance Risk 97

Dark Reading

JUNE 12, 2023

The group appears to be targeting victims based on their proximity and involvement to and within pro-Ukraine organizations.

Healthcare 116

Healthcare 116

Security Boulevard

JUNE 12, 2023

Continuing a review of the new National Cybersecurity Strategy, today I look at the second pillar, Disrupt and Dismantle Threat Actors. It’s heavy on collaboration, information sharing, and integrated response, and lays out five objectives that, on the surface, make sense: Integrate Federal Disruption Activities Enhance Public-Private Operational Collaboration to Disrupt Adversaries Increase the Speed and Scale of Intelligence Sharing and Victim Notification Prevent Abuse of U.S.

Cybersecurity 98

Cybersecurity Cybercrime Ransomware 98

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Heimadal Security

JUNE 12, 2023

The University of Manchester network was reportedly hit by a cyberattack and the security team suspects data was stolen. Researchers discovered the data breach on Tuesday, June 6th. Threat actors managed to gain unauthorized access to some of the university`s systems and allegedly exfiltrate data. The University informed all relevant authorities about the data breach […] The post Threat Actors Target the University of Manchester in Cyberattack appeared first on Heimdal Security Blog.

Data breaches 93

Data breaches Cybersecurity 93

Security Affairs

JUNE 12, 2023

Security firm Horizon3 released proof-of-concept (PoC) exploit code for the remote code execution (RCE) flaw CVE-2023-34362 in the MOVEit Transfer MFT. MOVEit Transfer is a managed file transfer that is used by enterprises to securely transfer files using SFTP, SCP, and HTTP-based uploads. The vulnerability is a SQL injection vulnerability, it can be exploited by an unauthenticated attacker to gain unauthorized access to MOVEit Transfer’s database.

Engineering 95

Engineering Ransomware Authentication Hacking 95

The Hacker News

JUNE 12, 2023

A previously undetected cryptocurrency scam has leveraged a constellation of over 1,000 fraudulent websites to ensnare users into a bogus rewards scheme since at least January 2021.

Cryptocurrency 88

Cryptocurrency Scams 88

Dark Reading

JUNE 12, 2023

Time and money are valuable and finite, but some actions are well worth spending those resources on.

121

121

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.