Troy Hunt
JULY 13, 2023
Each year since 2011, Microsoft has sent me a lovely email around this time: I've been fortunate enough to find a passion in life that has allowed me to do what I love and make a great living out of it all whilst contributing to the community in a meaningful and impactful way. In last year's MVP announcement blog post , I talked about one of my favourite contributions of all that year being the Pwned Passwords ingestion pipeline for the FBI.
Schneier on Security
JULY 13, 2023
The French police are getting new surveillance powers : French police should be able to spy on suspects by remotely activating the camera, microphone and GPS of their phones and other devices, lawmakers agreed late on Wednesday, July 5. […] Covering laptops, cars and other connected objects as well as phones, the measure would allow the geolocation of suspects in crimes punishable by at least five years’ jail.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Troy Hunt
JULY 13, 2023
Today was a bit back-to-back having just wrapped up the British Airways Magecart attack webinar with Scott. That was actually a great session with loads of engagement and it's been recorded to so look out for that one soon if you missed it. Anyway, I filled this week's update with a bunch of random things from the week. I especially enjoyed discussing the HIBP domain search progress and as I say in the video, talking through it with other people really helps crystalise things so I thin
The Last Watchdog
JULY 13, 2023
Pittsburgh, PA – July 13, 2023 – Security Journey, a best-in-class application security education company, has today announced an acceleration of its secure coding training platform enhancements. Since combining HackEDU and Security Journey training offerings into one Platform, the company has added or refreshed almost 200 lessons and 25 languages, frameworks, and technologies; giving customers even more new training content to improve secure coding knowledge gain of up to 85%.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Tech Republic Security
JULY 13, 2023
Among the strategic propositions in Gartner's 2023-2024 cybersecurity outlook are that organizations need to institute cultural changes to lower pressure on security teams.
The Last Watchdog
JULY 13, 2023
London, July 13, 2023 — Beazley, the leading specialist insurer, today published its latest Risk & Resilience report: Spotlight on: Cyber & Technology Risks 2023. The data shows how perceptions around cyber and technology risks, from ransomware and other cyber-attacks to the threats posed by AI, are changing the global business risk landscape.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Security Boulevard
JULY 13, 2023
Storm-0558 Brewing: Multiple Microsoft failures cause data leaks at State and Commerce depts., plus 23 other orgs. The post China Breaches Microsoft Cloud — Spied on US Govt. Email appeared first on Security Boulevard.
Tech Republic Security
JULY 13, 2023
Google's Behshad Behzadi weighs in on how to use generative AI chatbots without compromising company information.
Bleeping Computer
JULY 13, 2023
Microsoft announced today that the upcoming Windows 11, version 23H2, will be available in the fourth quarter of 2023 as an enablement package since it shares Windows 11 22H2's code base and servicing branch. [.
Security Boulevard
JULY 13, 2023
Current and former contractors and employees at Pepsi Bottling Ventures LLC (PBV) were victims of a security incident that exposed their personal information. The post Third Party Lets Pepsi Data Out of the Bottle, PII Nicked appeared first on Security Boulevard.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
eSecurity Planet
JULY 13, 2023
ChatGPT and other generative AI tools have been used by cybercriminals to create convincing spoofing emails, resulting in a dramatic rise in business email compromise (BEC) attacks. Now security researchers have discovered a black hat generative AI tool called WormGPT that has none of the ethical restrictions of tools like ChatGPT, making it even easier for hackers to craft cyber attacks based on AI tools.
Security Boulevard
JULY 13, 2023
In a move that further strengthens its commitment to empowering organizations with innovative risk and analytics management solutions, Incisive Software is excited to announce its partnership with Alteryx, a leading provider of data analytics platforms. Organizations can elevate their data analytics capabilities by combining the power of Incisive Analytics Essentials with Alteryx workflows, ensuring effective […] The post Enhancing Data Governance and Analytics with Alteryx: Incisive Software Jo
eSecurity Planet
JULY 13, 2023
After Microsoft warned earlier this week that some drivers certified by the Windows Hardware Developer Program (MWHDP) are being leveraged maliciously, a Cisco Talos security researcher said the number of malicious drivers could number in the thousands. Talos researcher Chris Neal discussed how the security problem evolved in a blog post. “Starting in Windows Vista 64-bit, to combat the threat of malicious drivers, Microsoft began to require kernel-mode drivers to be digitally signed with
Security Boulevard
JULY 13, 2023
SMS Traffic Monitoring: Stay Secure, Stay Ahead SMS has become a vital communication tool for businesses in today’s digital landscape, facilitating seamless text message exchanges that are crucial for interactions between companies and customers. But as with other technological advancements, bad actors seek to exploit its capabilities for their own benefit.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Malwarebytes
JULY 13, 2023
This article is based on research by Marcelo Rivero, Malwarebytes' ransomware specialist, who monitors information published by ransomware gangs on their Dark Web sites. In this report, "known attacks" are those where the victim did not pay a ransom. This provides the best overall picture of ransomware activity, but the true number of attacks is far higher.
Security Boulevard
JULY 13, 2023
Safe Security acquired RiskLens, a pioneer in the development of the Factor Analysis of Information Risk (FAIR) quantification standard for assessing cybersecurity risk. The post Safe Security Buys RiskLens to Advance Cybersecurity Risk Management appeared first on Security Boulevard.
Bleeping Computer
JULY 13, 2023
Since at least May 2021, stealthy Linux malware called AVrecon was used to infect over 70,000 Linux-based small office/home office (SOHO) routers to a botnet designed to steal bandwidth and provide a hidden residential proxy service. [.
Security Boulevard
JULY 13, 2023
Articles related to cyber risk quantification, cyber risk management, and cyber resilience. The post Prioritizing Actionable Insights: The Power of Effective Continuous Control Monitoring Combined with CRQ | Kovrr blog appeared first on Security Boulevard.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Security Affairs
JULY 13, 2023
Apple re-released its Rapid Security Response updates for iOS and macOS after fixing browsing issues on certain websites caused by the first RSR. Apple has re-released its Rapid Security Response updates to address the CVE-2023-37450 flaw in iOS and macOS after fixing browsing issues on certain websites caused by the first RSR issued by the company.
Security Boulevard
JULY 13, 2023
Microsoft revealed its Azure Active Directory (Azure AD) enterprise identity service will be rebranded Entra ID, a change that will occur by the end of the year. The post Microsoft Entra Expands, Azure Active Directory is Now Entra ID appeared first on Security Boulevard.
Bleeping Computer
JULY 13, 2023
The Cisco SD-WAN vManage management software is impacted by a flaw that allows an unauthenticated, remote attacker to gain read or limited write permissions to the configuration of the affected instance. [.
Security Boulevard
JULY 13, 2023
If your clients work with the federal government, it’s quite likely they should be compliant with the National Institute of Standards and Technology (NIST) 800-53 standards, which serve as guidelines to help organizations implement mature information security systems with the ultimate goal of protecting sensitive government information. The post Compliance Champions: How MSPs Help SMBs Comply with NIST 800-53 appeared first on Security Boulevard.
Advertisement
The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.
Bleeping Computer
JULY 13, 2023
The source code for the BlackLotus UEFI bootkit has leaked online, allowing greater insight into a malware that has caused great concern among the enterprise, governments, and the cybersecurity community. [.
Security Boulevard
JULY 13, 2023
Copyright infringement is a fairly common technique for cyber criminals looking to profit off unsuspecting businesses and consumers. Individuals and businesses indulge in it for various reasons, ranging from pure ignorance to wilful infringement based on malicious intent. There are several famous copyright infringement examples. Perhaps the most famous is that of Napster, a peer-to-peer… Continue reading Copyright Infringement Examples: Lessons to Help You Protect Your Business The post Copyrig
Dark Reading
JULY 13, 2023
A black-hat alternative to GPT models specifically designed for malicious activities like BEC, malware, and phishing attacks is here, and will push organizations to level up with generative AI themselves.
Security Boulevard
JULY 13, 2023
Accessibility is a must-have for any B2C website or digital application. It’s the only way to be inclusive of all of your consumers, provide a great user experience for everyone, and – in many cases – meet legal regulations and requirements. That’s why we are beyond thrilled to announce that Arkose Labs has been certified […] The post Making All Your Users Feel Welcome: Arkose Labs Challenges Are Now Certified WCAG Compliant appeared first on Security Boulevard.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Security Affairs
JULY 13, 2023
Zimbra has released updates to address a zero-day vulnerability actively exploited in attacks aimed at Zimbra Collaboration Suite (ZCS) email servers. Zimbra urges customers to manually install updates to fix a zero-day vulnerability that is actively exploited in attacks against Zimbra Collaboration Suite (ZCS) email servers. Zimbra Collaboration Suite is a comprehensive open-source messaging and collaboration platform that provides email, calendaring, file sharing, and other collaboration tools
Security Boulevard
JULY 13, 2023
K-12 information technology (IT) departments have their hands full — especially when it comes to cybersecurity. Cyber risk management is no easy task, whether you’re investigating a potential threat or protecting students from an ongoing security incident. It’s even more overwhelming if you’re not using a well-designed incident response plan to focus your efforts.
Bleeping Computer
JULY 13, 2023
Google is fighting back against the constant invasion of malware on Google Play by requiring all new developer accounts registering as an organization to provide a valid D-U-N-S number before submitting apps. [.
Security Boulevard
JULY 13, 2023
Have you ever found yourself in a situation where you felt like someone was trying to manipulate you into doing something you didn’t want to do? Perhaps it was a friend, family member, or even a stranger. The truth is, […] The post Psychological Manipulation in Social Engineering: Unveiling the Tactics appeared first on WeSecureApp :: Simplifying Enterprise Security.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Expert insights. Personalized for you.
244 
Let's personalize your content