Schneier on Security
JULY 6, 2023
Here’s a fascinating tax hack from Belgium (listen to the details here , episode #484 of “No Such Thing as a Fish,” at 28:00). Basically, it’s about a music festival on the border between Belgium and Holland. The stage was in Holland, but the crowd was in Belgium. When the copyright collector came around, they argued that they didn’t have to pay any tax because the audience was in a different country.
Tech Republic Security
JULY 6, 2023
Learn how the Meduza Stealer malware works, what it targets and how to protect your company from this cybersecurity threat. The post New Malware Targets 97 Browser Variants, 76 Crypto Wallets & 19 Password Managers appeared first on TechRepublic.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Bleeping Computer
JULY 6, 2023
Security researchers discovered two malicious file management applications on Google Play with a collective installation count of over 1.5 million that collected excessive user data that goes well beyond what's needed to offer the promised functionality. [.
Graham Cluley
JULY 6, 2023
There's good news for any business that has fallen victim to the Akira ransomware. Security researchers have developed a free decryption tool for files that have been encrypted since the Akira ransomware first emerged in March 2023. Read more in my article on the Tripwire State of Security blog.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Bleeping Computer
JULY 6, 2023
Cisco warned customers today of a high-severity vulnerability impacting some data center switch models and allowing attackers to tamper with encrypted traffic. [.
The Hacker News
JULY 6, 2023
Details have emerged about a newly identified security flaw in the Linux kernel that could allow a user to gain elevated privileges on a target host. Dubbed StackRot (CVE-2023-3269, CVSS score: 7.8), the flaw impacts Linux versions 6.1 through 6.4. There is no evidence that the shortcoming has been exploited in the wild to date.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Security Boulevard
JULY 6, 2023
On June 23, 2023, SolarWinds revealed via an SEC Form 8-K filing that the U.S. Securities and Exchange Commission (SEC) notified the company that “certain current and former executive officers and employees of the company, including the company’s chief financial officer and chief information security officer,” had received Wells Notices. What is a Wells Notice, The post SEC Sends Wells Notice to SolarWinds Executives appeared first on Security Boulevard.
Bleeping Computer
JULY 6, 2023
CISA and the FBI warned today of new Truebot malware variants deployed on networks compromised using a critical remote code execution (RCE) vulnerability in the Netwrix Auditor software in attacks targeting organizations across the United States and Canada. [.
We Live Security
JULY 6, 2023
ESET research looks back at what Emotet has been up to since its comeback following the takedown in an international collaborative effort in early 2021.
Trend Micro
JULY 6, 2023
We analyze the technical details of a new ransomware family named Big Head. In this entry, we discuss the Big Head ransomware’s similarities and distinct markers that add more technical details to initial reports on the ransomware.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Bleeping Computer
JULY 6, 2023
JumpCloud, a US-based enterprise software firm is notifying several customers of an "ongoing incident." As a caution, the company has invalidated existing admin API keys to protect its customer organizations. Headquartered in Colorado, the cloud-based directory-as-a-service platform serves over 180,000 organizations across the world. [.
Security Boulevard
JULY 6, 2023
“The gold rush of managed services is quickly coming to an end. Over the next 10 years, we're going to see a consolidation and culling of managed service providers across the board.” That’s a direct quote from Tim Conkle, the CEO of The 20 MSP consortium, that demonstrates the need for MSPs to offer cybersecurity compliance services in order to stay competitive.
Bleeping Computer
JULY 6, 2023
Security researchers are warning that tens of thousands of photovoltaic (PV) monitoring and diagnostic systems are reachable over the public web, making them potential targets for hackers. [.
Security Boulevard
JULY 6, 2023
Our thanks to BSides Knoxville for publishing their presenter’s outstanding BSides Knoxville 2023 content on the organizations’ YouTube channel. Permalink The post BSides Knoxville 2023 – Casey Ellis – Release The Hounds, Part 2 appeared first on Security Boulevard.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Bleeping Computer
JULY 6, 2023
A new privilege escalation vulnerability impacting Linux was discovered, enabling unprivileged local users to compromise the kernel and elevate their rights to attain root-level access. [.
Security Boulevard
JULY 6, 2023
Sophisticated identity attacks are on the rise. Learn to prevent them with new anti-fraud protections. It's no secret that the bad guys are training their artificial intelligence (AI) engines to crack passwords, perform account takeovers (ATO), and automate their ransomware demands. In fact, they are using AI to not only predict your users' current passwords. but to go one step further and predict their next password well before those users have even had a chance to think of them!
Dark Reading
JULY 6, 2023
In another MOVEit attack, oil and gas giant Shell saw the release of the private information of its employees.
Security Boulevard
JULY 6, 2023
What does the zero-trust security model look like when it’s applied to online fraud and abuse? In this post, I’ll delve into how concepts from zero-trust can be used to fight fraud and abuse with higher accuracy and less user frustration. The post Using Zero Trust to reduce fraud and abuse appeared first on Security Boulevard.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
The Hacker News
JULY 6, 2023
The Iranian nation-state actor known as TA453 has been linked to a new set of spear-phishing attacks that infect both Windows and macOS operating systems with malware. "TA453 eventually used a variety of cloud hosting providers to deliver a novel infection chain that deploys the newly identified PowerShell backdoor GorjolEcho," Proofpoint said in a new report.
Security Boulevard
JULY 6, 2023
via the comic artistry and dry wit of Randall Munroe , resident at XKCD ! Permalink The post Randall Munroe’s XKCD ‘Room Temperature’ appeared first on Security Boulevard.
Bleeping Computer
JULY 6, 2023
Google has released the monthly security updates for Android operating system, which comes with fixes for 46 vulnerabilities. Three of the issues are likely actively exploited in the wild. [.
Security Boulevard
JULY 6, 2023
The Channel Company’s XChange Security 2023, has over 135 MSP and MSSP attendees that are driving over $780 million in revenue The post The Seceon team is excited to speak and exhibit at XChange Security 2023 in Dallas Texas, July 10-12. appeared first on Seceon. The post The Seceon team is excited to speak and exhibit at XChange Security 2023 in Dallas Texas, July 10-12. appeared first on Security Boulevard.
Advertisement
The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.
Bleeping Computer
JULY 6, 2023
Microsoft is again pushing a Defender Antivirus update (first issued in April and pulled in May) that fixes a known issue triggering Windows Security warnings that Local Security Authority (LSA) Protection is off. [.
Security Boulevard
JULY 6, 2023
A new approach to bot detection and mitigation completely eliminates the need for silly, time-consuming CAPTCHAs. The post A Frictionless – And Secure – CAPTCHA Alternative appeared first on Security Boulevard.
Heimadal Security
JULY 6, 2023
In the ever-evolving landscape of cyber threats, ransomware has emerged as a pervasive menace, causing widespread damage to individuals and organizations. While most ransomware attacks have historically targeted Windows systems, the rise of Linux ransomware has thrown a new curveball into the mix. Renowned for its robust security features, Linux is no longer immune to […] The post Linux Ransomware Exposed: Not Just a Windows Problem Anymore appeared first on Heimdal Security Blog.
Security Boulevard
JULY 6, 2023
While artificial intelligence (AI) has been around for decades, the introduction of ChatGPT in November. The post Generative AI is Making Phishing Attacks More Sophisticated… But You Can Remove the Bait with Passwordless Authentication appeared first on Axiad. The post Generative AI is Making Phishing Attacks More Sophisticated… But You Can Remove the Bait with Passwordless Authentication appeared first on Security Boulevard.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Security Affairs
JULY 6, 2023
Cisco warns of a high-severity vulnerability in Nexus 9000 series switches that can allow attackers to read or modify encrypted traffic. Cisco disclosed a high-severity vulnerability, tracked as CVE-2023-20185 (CVSS Score 7.4), in the Cisco ACI Multi-Site CloudSec encryption feature of Cisco Nexus 9000 Series Fabric Switches in ACI mode. An unauthenticated, remote attacker can exploit the flaw to read or modify encrypted traffic. “This vulnerability is due to an issue with the implementati
Security Boulevard
JULY 6, 2023
It’s been about six months since we released our top eight predictions for 2023, which covered everything from. Read More The post Has 2023 been the year of risk? Updates on our 8 predictions appeared first on Hyperproof. The post Has 2023 been the year of risk? Updates on our 8 predictions appeared first on Security Boulevard.
Security Affairs
JULY 6, 2023
StackRot is s new security vulnerability in the Linux kernel that could be exploited to gain elevated privileges on a target system. A security vulnerability, dubbed StackRot was found impacting Linux versions 6.1 through 6.4. The issue, tracked as CVE-2023-3269 , (CVSS score: 7.8), is a privilege escalation issue that resides in the memory management subsystem.
Security Boulevard
JULY 6, 2023
Understanding Spoofing Attacks In today’s interconnected landscape, where technology has become an integral part of our lives, it is crucial to be aware of the various threats that can compromise our online security. One such threat that has gained notoriety in recent years is spoofing attacks. Understanding spoofing attacks is essential for individuals, organizations, and […] The post Spoofing Attack Prevention appeared first on Security Boulevard.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Expert insights. Personalized for you.
225 
Let's personalize your content