Schneier on Security
FEBRUARY 6, 2023
The field of machine learning (ML) security—and corresponding adversarial ML—is rapidly advancing as researchers develop sophisticated techniques to perturb, disrupt, or steal the ML model or data. It’s a heady time; because we know so little about the security of these systems, there are many opportunities for new researchers to publish in this field.
The Last Watchdog
FEBRUARY 6, 2023
The decision by the House of Representatives to ban TikTok from federal devices is noteworthy, especially as the Chinese spy balloon crisis unfolds. Related: The Golden Age of cyber espionage On December 23, 2022, Congress, in a bipartisan spending bill, banned TikTok from all government devices. The White House, the Pentagon, the Department of Homeland Security, and the State Department have already banned the social media app, as have more than a dozen other states.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Security Boulevard
FEBRUARY 6, 2023
Police in the Netherlands broke open alleged drugs gangs by hacking an encrypted messenger service, Exclu. Lives were saved and alleged perps arrested. The post Dutch Cops Bust ‘Exclu’ Messaging Service, Arrest 42 appeared first on Security Boulevard.
CSO Magazine
FEBRUARY 6, 2023
If there’s an intrusion or a ransomware attack on your company, will your security team come out swinging, ready for a real fight? CISOs may feel their staff is always primed with the technical expertise and training they need, but there’s still a chance they might freeze up when the pressure is on, says Bec McKeown, director of human science at cybersecurity training platform Immersive Labs.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Tech Republic Security
FEBRUARY 6, 2023
New research from Check Point Research exposes a crypter that stayed undetected for six years and is responsible for several major malware infections around the globe. The post TrickGate crypter discovered after 6 years of infections appeared first on TechRepublic.
Cisco Security
FEBRUARY 6, 2023
“Where do we start?” This is the question every CISO asks about every new program. In fact, I ask and answer that question many times a month. There’s a reason for this, of course. A strong start to any project builds momentum, reassures stakeholders, and sets the stage for what’s to come. Security resilience initiatives are no different.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Security Boulevard
FEBRUARY 6, 2023
Cybersecurity protects a wide range of electronic assets, but data is the most important. When you boil it down, most cybersecurity practices and technologies center around sensitive information, whether directly or indirectly. Given that relationship, the most effective digital security aligns perfectly with concepts like data governance. As close as they may be, data governance.
CyberSecurity Insiders
FEBRUARY 6, 2023
All those parents who are worried about the whereabouts of their kids, here’s a solution to wipe-out your concerns. The iPhone maker has introduced a new app feature on its Apple Watch that allows children to send their location to their parents when emergency. It also allows the parents to keep a watch on the places their kids are visiting- all thorough the ‘Find My Kids’ feature on the apple watch.
Graham Cluley
FEBRUARY 6, 2023
Vesuvius, the London Stock Exchange-listed molten metal flow engineering company, says it has shut down some of its IT systems after being hit by a cyber attack.
CyberSecurity Insiders
FEBRUARY 6, 2023
A few of the Russian supports in Ukraine were held responsible for treason when they were caught red-handed by the cyber security forces of Ukraine during a zoom call. According to the press release, the supporters haling from Donetsk were on a video call when the law enforcement disrupted their call and force-appeared on their screens to slap them with the accounts of treason.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Trend Micro
FEBRUARY 6, 2023
In this investigation, we analyzed several prominent "passive income" applications and found out that there may be security risks upon participating in these programs.
Graham Cluley
FEBRUARY 6, 2023
Graham Cluley Security News is sponsored this week by the folks at Incogni. Thanks to the great team there for their support! Cybercrimes happen much more often than you might think and affect a growing amount of people.
Bleeping Computer
FEBRUARY 6, 2023
VMware warned customers today to install the latest security updates and disable the OpenSLP service targeted in a large-scale campaign of ransomware attacks against Internet-exposed and vulnerable ESXi servers. [.
Security Boulevard
FEBRUARY 6, 2023
ChatGPT is the latest in a long line of game-changing technology, and it has people across a wide variety of industries furiously debating its potential impact, use cases and its pros and cons. Cybercrime is one of those industries that has taken an interest in ChatGPT and how to make it work for the benefit. The post ChatGPT-Written Malware Will Change the Threat Landscape appeared first on Security Boulevard.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Heimadal Security
FEBRUARY 6, 2023
Threat actors breached Tallahassee Memorial HealthCare`s (TMH) security system last Thursday. As a result, the whole IT system had to be taken offline and thoroughly checked, while non-emergency procedures were suspended. All patients requiring emergency services were taken to other hospitals, with only Level 1 traumas from TMH`s immediate service area being accepted.
Security Boulevard
FEBRUARY 6, 2023
ImageMagick is a popular open-source image manipulation library used by many websites and software applications to process and display images. A couple of vulnerabilities have recently been discovered in ImageMagick by MetabaseQ. Two vulnerabilities CVE-2022-44267 and CVE-2022-44268 allow attackers to arbitrarily read files and cause DoS on the affected system.
CSO Magazine
FEBRUARY 6, 2023
A global ransomware attack has hit thousands of servers running the VMware ESxi hypervisor, with many more servers expected to be affected, according to national cybersecurity agencies and security experts around the world. The Computer Emergency Response Team of France (CERT-FR) was the first to notice and send an alert about the attack. “On February 3, CERT-FR became aware of attack campaigns targeting VMware ESXi hypervisors with the aim of deploying ransomware on them,” CERT-FR wrote.
Security Boulevard
FEBRUARY 6, 2023
Multi-tenant databases are commonly used by SaaS vendors for the sake of cost-efficiency. Having a separate database instance for each of their customers, while ensuring each customer’s data is isolated, is prohibitively expensive. So, having a database instance with multiple customers’ information in it is the way to go from a cost perspective. But, what… The post Multi-Tenant Data Security for Databases with Record-Level Encryption appeared first on Baffle.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
InfoWorld on Security
FEBRUARY 6, 2023
Recently, I had the opportunity to ask over a dozen leading technologists for their hopes, predictions, and guidance for the year 2023. This article distills the far-ranging conversation and wealth of insight that came back to me. The year ahead looks to be lean in financial investment, but long on innovation. Doing more with less Not surprisingly, economic conditions figure large for many in tech.
Malwarebytes
FEBRUARY 6, 2023
Tallahassee Memorial Healthcare (TMH), a major hospital system in northern Florida, has reportedly been experiencing an "IT security issue" since Thursday evening, which impacted some of its IT systems. When TMH learned of the issue, it took its entire IT systems offline as a precaution and contacted law enforcement. In a news post on its website, the hospital says it's making progress managing the security incident while it continues to operate under IT system downtime protocols, which includes
IT Security Guru
FEBRUARY 6, 2023
The app industry is incredibly competitive. There are millions of apps available today, with many more being released all of the time. As a developer, making a fantastic app is one thing; ensuring it gets lots of downloads is another. There are a number of ways in which developers can boost their app’s download numbers. Some choose to buy app installs ; others focus on implementing an effective marketing strategy.
Security Affairs
FEBRUARY 6, 2023
Royal Ransomware operators added support for encrypting Linux devices and target VMware ESXi virtual machines. The Royal Ransomware gang is the latest extortion group in order of time to add support for encrypting Linux devices and target VMware ESXi virtual machines. Other ransomware operators already support Linux encrypting, including AvosLocker , Black Basta , BlackMatter , HelloKitty , Hive , LockBit , Luna , Nevada , RansomEXX , and REvil.
Advertisement
The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.
Security Boulevard
FEBRUARY 6, 2023
Articles related to cyber risk quantification, cyber risk management, and cyber resilience. The post What Cybersecurity Metrics Should I Report to My Board? appeared first on Security Boulevard.
The Hacker News
FEBRUARY 6, 2023
The maintainers of OpenSSH have released OpenSSH 9.2 to address a number of security bugs, including a memory safety vulnerability in the OpenSSH server (sshd). Tracked as CVE-2023-25136, the shortcoming has been classified as a pre-authentication double free vulnerability that was introduced in version 9.1.
Security Boulevard
FEBRUARY 6, 2023
Executive Summary Check out our full webinar recording, AI and Machine Learning: The Future of Cybersecurity in 2023, and/or keep reading for the highlights. AI and Cybersecurity Applications There’s a misconception that using AI means that the machine is analyzing larger quantities of data. Rather, the machine may be able to spot patterns that would’ve […] The post Threat Spotlight: AI and Machine Learning appeared first on Flare | Cyber Threat Intel | Digital Risk Protection.
Dark Reading
FEBRUARY 6, 2023
The fresh "ESXiArgs" malware is exploiting a 2-year-old RCE security vulnerability (tracked as CVE-2021-21974), resulting in thousands of unpatched servers falling prey to the campaign.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
SecureWorld News
FEBRUARY 6, 2023
When we think of the dangers of cyberattacks, physical harm is not often the first thing that comes to mind. But when a cyberattack involves a hospital or healthcare provider, things can change pretty quickly. Tallahassee Memorial Healthcare (TMH), a private, not-for-profit healthcare system based in North Florida and South Georgia, recently detected a cyberattack on its IT systems, which prompted the organization to take systems offline in a bid to limit the impact of the attack.
Heimadal Security
FEBRUARY 6, 2023
Endpoints are one of the hackers` favorite gates to attacking organizations` networks. Check out our top 10 endpoint security best practices that will keep you safe and help prevent cyberattacks. Setting foot into only one of the connected devices can open the way for threat actors to deploy malware, launch phishing attacks, and steal data. […] The post Top 10 Endpoint Security Best Practices That Help Prevent Cyberattacks appeared first on Heimdal Security Blog.
Bleeping Computer
FEBRUARY 6, 2023
A new hacking campaign exploits Sunlogin flaws to deploy the Sliver post-exploitation toolkit and launch Windows Bring Your Own Vulnerable Driver (BYOVD) attacks to disable security software. [.
Dark Reading
FEBRUARY 6, 2023
Cryptocurrency drainers are the latest hot ticket being used in a string of lucrative cyberattacks aimed at virtual currency investors.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Expert insights. Personalized for you.
211 
Let's personalize your content