Schneier on Security
NOVEMBER 28, 2022
Laptop technicians routinely violate the privacy of the people whose computers they repair: Researchers at University of Guelph in Ontario, Canada, recovered logs from laptops after receiving overnight repairs from 12 commercial shops. The logs showed that technicians from six of the locations had accessed personal data and that two of those shops also copied data onto a personal device.
Lohrman on Security
NOVEMBER 28, 2022
A Sandia National Laboratories study determined that electric vehicle charging stations are vulnerable to cyber attacks. What might happen next — and how hard will this be to fix?
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Krebs on Security
NOVEMBER 28, 2022
A recent scoop by Reuters revealed that mobile apps for the U.S. Army and the Centers for Disease Control and Prevention (CDC) were integrating software that sends visitor data to a Russian company called Pushwoosh , which claims to be based in the United States. But that story omitted an important historical detail about Pushwoosh: In 2013, one of its developers admitted to authoring the Pincer Trojan , malware designed to surreptitiously intercept and forward text messages from Android mob
Jane Frankland
NOVEMBER 28, 2022
Sir Isaac Newton first presented his three laws of motion in 1686. His third law, is widely known and states that, “for every action there is an equal and opposing reaction.” We see this in business. As technology advances at speed, it enables just as many opportunities as it introduces threats. Gains come but so do threats and losses. No company can escape either.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Tech Republic Security
NOVEMBER 28, 2022
There's news from Amazon Web Services' Las Vegas show as a flurry of partnerships and edge computing initiatives have been revealed. The post AWS re:Invent 2022: Partners on parade appeared first on TechRepublic.
CyberSecurity Insiders
NOVEMBER 28, 2022
Windows 11 is all set to get a VPN Status Indicator in its system tray, allowing users to connect or download files anonymously and without the revelation of their home or IP address. Therefore, all those using VPN services to browse websites, stream movies and download files can look at their network and proceed only when it shows a sign. According to a report that turned viral on Twitter, Windows 11 users will get an indicator as a shield icon to let us know whether their network is connected
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Security Affairs
NOVEMBER 28, 2022
Amazon Web Services (AWS) fixed a cross-tenant vulnerability that could have allowed attackers to gain unauthorized access to resources. Amazon Web Services (AWS) has addressed a cross-tenant confused deputy problem in its platform that could have allowed threat actors to gain unauthorized access to resources. The problem was reported to the company by researchers from Datadog on September 1, 2022, and the bug was solved on September 6.
WIRED Threat Level
NOVEMBER 28, 2022
Google provided investigators with location data for more than 5,000 devices as part of the federal investigation into the attack on the US Capitol.
Security Boulevard
NOVEMBER 28, 2022
Two key members of the Five Eyes intelligence alliance have made further moves to stop Chinese equipment imports. The post U.S. and UK Ban More Chinese Kit as Xi’s Grip Weakens appeared first on Security Boulevard.
CSO Magazine
NOVEMBER 28, 2022
A database of 487 million WhatsApp users’ mobile numbers has been put up for sale on the Breached.vc hacking community forum. The data set contains information on WhatsApp users from more than 84 countries, the post shows. The story was first reported by Cybernews. The seller of the leaked data is also offering it through the controversial messaging app Telegram , where the person or the group goes by handle “Palm Yunn.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
SecureList
NOVEMBER 28, 2022
The consumer threat landscape constantly changes. Although the main types of threats (phishing, scams, malware, etc.) remain the same, lures that fraudsters use vary greatly depending on the time of year, current major events, news, etc. This year, we have seen spikes in cybercriminal activity aimed at users amid the shopping and back-to-school season, big pop culture events, such as Grammy and Oscar, movie premieres , new smartphone announcements , game releases , etc.
Security Affairs
NOVEMBER 28, 2022
ESET announced the discovery of a vulnerability impacting Acer laptops that can allow an attacker to deactivate UEFI Secure Boot. ESET researchers announced in a series of tweets the discovery of a vulnerability impacting Acer laptops, the issue can allow an attacker to deactivate UEFI Secure Boot. The experts explained that the flaw, tracked as CVE-2022-4020 , is similar to the Lenovo vulnerabilities the company disclosed earlier this month.
Bleeping Computer
NOVEMBER 28, 2022
The United States government, through the Federal Communications Commission (FCC), has banned the sale of equipment from Chinese telecommunications and video surveillance vendor Huawei, ZTE, Hytera, Hikvision, and Dahua due "unacceptable risks to national security". [.].
CSO Magazine
NOVEMBER 28, 2022
Just days after announcing the close of its consumer-oriented Wickr Me encrypted messaging service, Amazon Web Services (AWS), at its annual re:Invent conference on Monday, said that it was making the enterprise version of the app generally available. Dubbed simply AWS Wickr, the service was first announced in July and has been in preview till now. The enterprise version of the messaging service, designed to allow enterprise users to securely collaborate via text, voice and video, along with fil
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
CyberSecurity Insiders
NOVEMBER 28, 2022
Every year, we hear something or the other about WhatsApp data breach and following this course is this news that is currently trending on various social media platforms and community forums at the end of this year, i.e. November 2022. According to a post on a dark web forum, a hacker is claiming to sell information related to about 487 million WhatsApp users that includes their mobile numbers, respectively.
CSO Magazine
NOVEMBER 28, 2022
A report published Monday by cloud services and CDN (content delivery network) platform Akamai said that the financial services industry is an increasingly popular target for a wide range of cyberattacks, with application and API attacks against the vertical more than tripling in the past year. APIs are a core part of how financial services firms are changing their operations in the modern era, Akamai said, given the growing desire for more and more app-based services among the consumer base.
Heimadal Security
NOVEMBER 28, 2022
5,485,635 Twitter user records that contain personal data were released on November 24th, for free, on a hacker forum. Cybersecurity researchers say that the data was stolen due to an API vulnerability that Twitter announced to have fixed in January this year. The same data is thought to have been previously for sale in August, […]. The post Threat Actors #Giveaway: 5.4 Million Twitter User Data Exposed appeared first on Heimdal Security Blog.
We Live Security
NOVEMBER 28, 2022
ESET researchers spot a new ransomware campaign that goes after Ukrainian organizations and has Sandworm's fingerprints all over it. The post RansomBoggs: New ransomware targeting Ukraine appeared first on WeLiveSecurity.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Security Affairs
NOVEMBER 28, 2022
Several Ukrainian organizations were hit by Russia-based RansomBoggs Ransomware in the last week, ESET reports. Researchers from ESET observed multiple attacks involving a new family of ransomware, tracked as RansomBoggs ransomware, against Ukrainian organizations. The security firm first detected the attacks on November 21 and immediately alerted the CERT US.
CSO Magazine
NOVEMBER 28, 2022
The Council of the European Union (EU) has adopted a new cybersecurity directive designed to improve resilience and incident response capacities across the EU, replacing NIS , the current directive on the security of network and information systems. The new directive, NIS2, will set the baseline for cybersecurity risk management measures and reporting obligations across sectors and aims to harmonize cybersecurity requirements and implementation of measures in different member states.
Bleeping Computer
NOVEMBER 28, 2022
Hackers are capitalizing on a trending TikTok challenge named 'Invisible Challenge' to install malware on thousands of devices and steal their passwords, Discord accounts, and, potentially, cryptocurrency wallets. [.].
Tech Republic Security
NOVEMBER 28, 2022
Password-driven security may not be the perfect solution, but the alternatives haven’t gained much traction. This policy defines best practices that will make password protection as strong and manageable as possible. From the policy: Employee passwords are the first line of defense in securing the organization from inappropriate or malicious access to data and services.
Advertisement
The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.
Security Boulevard
NOVEMBER 28, 2022
Moving the Cybersecurity Goal Posts. Photo Credit — Interexy.com — Top Cybersecurity Trends To Monitor In 2022–2023. Are you Staying Ahead or Falling Behind the Cybersecurity Curve? Adaptive control, no trust, zero-trust, auto-remediation artificial intelligence, and content filter with multi-factor authentication aligning with your CASB deployment add in open-source technology, unpatched critical infrastructure, is your organization’s cybersecurity risks and compliance mandates protected?
Bleeping Computer
NOVEMBER 28, 2022
?A fake Android SMS application, with 100,000 downloads on the Google Play store, has been discovered to secretly act as an SMS relay for an account creation service for sites like Microsoft, Google, Instagram, Telegram, and Facebook [.].
Security Boulevard
NOVEMBER 28, 2022
Laptop technicians routinely violate the privacy of the people whose computers they repair: Researchers at University of Guelph in Ontario, Canada, recovered logs from laptops after receiving overnight repairs from 12 commercial shops. The logs showed that technicians from six of the locations had accessed personal data and that two of those shops also copied data onto a personal device.
Bleeping Computer
NOVEMBER 28, 2022
Meta has been fined €265 million ($275.5 million) by the Irish data protection commission (DPC) for a massive 2021 Facebook data leak exposing the information of hundreds of million users worldwide. [.].
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
CyberSecurity Insiders
NOVEMBER 28, 2022
This post relates to all FIFA World Cup Football lovers who are eager to gain a Hayya card to enter the stadium venues. For the past few days, some telegram channels are actively selling fake Hayya Cards for $50 to $150. And information is out that innocent game lovers are being trapped in this scam that might eventually land them in deep trouble and, in some situations, in jail.
Heimadal Security
NOVEMBER 28, 2022
Top European football club, FC Barcelona, recently has its official website used by scammers in a sophisticated third-party fraud campaign. According to Adex, an ad fraud monitoring platform, the threat actors used the website of the Catalonian club to increase traffic to a likely fraudulent iGaming website. FC Barcelona’s website is visited monthly by 5.4 […].
Dark Reading
NOVEMBER 28, 2022
Don’t fuss now — just another spoonful of multifactor authentication to keep the organization strong and the data safer.
Bleeping Computer
NOVEMBER 28, 2022
Acer has fixed a high-severity vulnerability affecting multiple laptop models that could enable local attackers to deactivate UEFI Secure Boot on targeted systems. [.].
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Expert insights. Personalized for you.
315 
Let's personalize your content