Schneier on Security

JUNE 29, 2023

We have learned this lesson again : As part of the FTC v. Microsoft hearing , Sony supplied a document from PlayStation chief Jim Ryan that includes redacted details on the margins Sony shares with publishers, its Call of Duty revenues, and even the cost of developing some of its games. It looks like someone redacted the documents with a black Sharpie ­ but when you scan them in, it’s easy to see some of the redactions.

258

258

Krebs on Security

JUNE 29, 2023

Nikita Kislitsin , formerly the head of network security for one of Russia’s top cybersecurity firms, was arrested last week in Kazakhstan in response to 10-year-old hacking charges from the U.S. Department of Justice. Experts say Kislitsin’s prosecution could soon put the Kazakhstan government in a sticky diplomatic position, as the Kremlin is already signaling that it intends to block his extradition to the United States.

Cybersecurity 242

Cybersecurity Cybercrime Hacking Technology 242

Tech Republic Security

JUNE 29, 2023

If you're not sure how to view your SSH certificates, this article walks you through the steps on Linux, macOS and Windows. The post How to View Your SSH Keys in Linux, macOS and Windows appeared first on TechRepublic.

190

190

Bleeping Computer

JUNE 29, 2023

YouTube is currently running what it describes as a "small experiment globally," warning users to toggle off their ad blockers and avoid being limited to only three video views. [.

Technology 145

Technology 145

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Tech Republic Security

JUNE 29, 2023

Ransomware attacks from the 8Base group claimed the second largest number of victims over the past 30 days, says VMware. The post 8Base Ransomware Attacks Show Spike in Activity appeared first on TechRepublic.

Ransomware 150

Ransomware Cybersecurity 150

Google Security

JUNE 29, 2023

Nicolas Lidzborski, Principal Engineer and Jaishankar Sundararaman, Sr. Director of Engineering, Google Workspace In February, we expanded Google Workspace client-side encryption (CSE) capabilities to include Gmail and Calendar in addition to Drive, Docs, Slides, Sheets , and Meet. CSE in Gmail was designed to provide commercial and public sector organizations an additional layer of confidentiality and data integrity protection beyond the existing encryption offered by default in Workspace.

Encryption 126

Encryption Authentication Engineering Phishing 126

The Last Watchdog

JUNE 29, 2023

San Francisco, Calif., June 29, 2023 — NetWitness , a globally trusted provider of threat detection, investigation, and response technology and incident response services, today announced it is now integrated with AWS AppFabric , a new service from Amazon Web Services (AWS) that quickly connects software as a service (SaaS) applications for better productivity and security.

Threat Detection 100

Threat Detection Technology Software 100

Tech Republic Security

JUNE 29, 2023

A new report from Kaspersky reveals the top cyber threats for SMBs in 2023. Read more about it and how to protect organizations from it. The post Kaspersky’s New Report Reveals the Top Cyber Threats for SMBs in 2023 appeared first on TechRepublic.

Cyber threats 138

Cyber threats Scams Phishing Cybercrime 138

Bleeping Computer

JUNE 29, 2023

MITRE shared today this year's list of the top 25 most dangerous weaknesses plaguing software during the previous two years.

Software 144

Software 144

We Live Security

JUNE 29, 2023

While employee monitoring software may boost productivity, it may also be a potential privacy minefield and it can affect your relationship with your employees The post Employee monitoring: is ‘bossware’ right for your company?

Software 109

Software 109

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Bleeping Computer

JUNE 29, 2023

Security analysts have discovered a previously undocumented remote access trojan (RAT) named 'EarlyRAT,' used by Andariel, a sub-group of the Lazarus North Korean state-sponsored hacking group. [.

Hacking 120

Hacking Malware 120

Dark Reading

JUNE 29, 2023

Virtual kidnapping is just one of many new artificial intelligence attack types that threat actors have begun deploying, as voice cloning emerges as a potent new imposter tool.

Artificial Intelligence 100

Artificial Intelligence 100

Bleeping Computer

JUNE 29, 2023

The pro-Russia crowdsourced DDoS (distributed denial of service) project, 'DDoSia,' has seen a massive 2,400% growth in less than a year, with over ten thousand people helping conduct attacks on Western organizations. [.

DDOS 116

DDOS 116

The Hacker News

JUNE 29, 2023

MITRE has released its annual list of the Top 25 "most dangerous software weaknesses" for the year 2023. "These weaknesses lead to serious vulnerabilities in software," the U.S. Cybersecurity and Infrastructure Security Agency (CISA) said. "An attacker can often exploit these vulnerabilities to take control of an affected system, steal data, or prevent applications from working.

Software 101

Software Risk Cybersecurity 101

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Bleeping Computer

JUNE 29, 2023

Proton AG has announced the global availability of Proton Pass, an open-source and free-to-use password manager available as a browser extension or mobile app on Android and iOS.manager. [.

Password Management 100

Password Management Passwords Mobile 100

Dark Reading

JUNE 29, 2023

Patches are available for three bugs, but with technical details and PoCs now available, threat actors can craft targeted attacks.

118

118

The Hacker News

JUNE 29, 2023

The Iranian state-sponsored group dubbed MuddyWater has been attributed to a previously unseen command-and-control (C2) framework called PhonyC2 that's been put to use by the actor since 2021.

Cybersecurity 100

Cybersecurity 100

Malwarebytes

JUNE 29, 2023

Scammers are using a novel technique with Amazon listings to trick fans of Evil Dead into downloads they may not want, and expensive rolling payments they have no interest in. Evil Dead Rise, the breakout horror film of 2023, started with big cinema numbers and has moved on to a victory lap in streaming land for good measure. In fact, it’s doing so well that the original film from 1981 has crept into the charts too: 2 Evil Dead flix top 10 in the world on HBO.

Scams 98

Scams Media Antivirus Accountability 98

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Security Boulevard

JUNE 29, 2023

Enterprises lack detections for more than three-quarters of all MITRE ATT&CK techniques, while 12% of SIEM rules are broken and will never fire due to data quality issues including misconfigured data sources and missing fields. These were among the results of a CardinalOps report which analyzed real-world data from production SIEMs including from Splunk, Microsoft.

CISO 98

CISO IoT Cybersecurity Network Security 98

Trend Micro

JUNE 29, 2023

We found that malicious actors used malvertising to distribute malware via cloned webpages of legitimate organizations. The distribution involved a webpage of the well-known application WinSCP, an open-source Windows application for file transfer. We were able to identify that this activity led to a BlackCat (aka ALPHV) infection, and actors also used SpyBoy, a terminator that tampers with protection provided by agents.

Malware 97

Malware 97

Bleeping Computer

JUNE 29, 2023

Cybersecurity firm Trellix has addressed an incompatibility issue causing Endpoint Security Agent's Exploit Guard module to block some Microsoft Office and third-party apps from opening after installing June 2023 cumulative updates. [.

Cybersecurity 95

Cybersecurity Software 95

Security Affairs

JUNE 29, 2023

Data protection firm Arcserve addressed an authentication bypass vulnerability in its Unified Data Protection (UDP) backup software. Data protection vendor Arcserve addressed a high-severity bypass authentication flaw, tracked as CVE-2023-26258, in its Unified Data Protection (UDP) backup software. Threat actors can exploit the vulnerability to bypass authentication and gain admin privileges.

Authentication 92

Authentication Backups Ransomware Software 92

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

The Hacker News

JUNE 29, 2023

A critical security flaw has been disclosed in miniOrange's Social Login and Register plugin for WordPress that could enable a malicious actor to log in as any user-provided information about email address is already known. Tracked as CVE-2023-2982 (CVSS score: 9.8), the authentication bypass flaw impacts all versions of the plugin, including and prior to 7.6.4.

Accountability 94

Accountability Authentication 94

Security Affairs

JUNE 29, 2023

The former head of network security at Group-IB has been arrested in Kazakhstan based on a request from U.S. law enforcement. Nikita Kislitsin who worked as the head of network security at Group-IB, as well as its Russian-based spinoff company (known as F.A.C.C.T.), has been arrested in Kazahstan based on a request from the U.S. law enforcement. Prior to that, the CEO of Group-IB, Ilya Sachkov, was arrested by law enforcement back in September 2021 and currently remains in prison.

Network Security 89

Network Security Media Hacking Government 89

Dark Reading

JUNE 29, 2023

New online safety bill could force encrypted messaging apps like iMessage and WhatsApp to scan for child abuse material, but platforms warn about privacy implications.

Encryption 95

Encryption 95

Security Affairs

JUNE 29, 2023

A critical authentication bypass flaw in miniOrange’s WordPress Social Login and Register plugin, can allow gaining access to any account on a site. Wordfence researchers discovered an authentication bypass vulnerability in miniOrange’s WordPress Social Login and Register plugin , that can allow an unauthenticated attacker to gain access to any account on a site by knowing the associated email address.

Firewall 87

Firewall Authentication Encryption Accountability 87

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Malwarebytes

JUNE 29, 2023

The internet is great for bringing people together, helping you feel part of a community, and staying in touch with your nearest and dearest. But it can also be a nasty place - from malware to scammers, to people just being plain awful to others. It's probably not surprising to read that recent research by the Anti-Defamation League (ADL ) showed LGBTQAI+ people were the marginalized group most harassed online, with 51% of transgender people and 47% of LGBQ+ people—compared with 33% of all

Passwords 89

Passwords Accountability Media Password Management 89

Bleeping Computer

JUNE 29, 2023

Microsoft has addressed a bug causing Windows Search and the Start Menu to become unresponsive and some Windows applications to no longer open. [.

98

98

Malwarebytes

JUNE 29, 2023

Stalkerware-type app LetMeSpy says it has been hacked, with the attacker taking user data with it. From the message posted to the login screen on the LetMeSpy website: On June 21, 2023, a security incident occurred involving obtaining unauthorized access to the data of website users. As a result of the attack, the criminals gained access to e-mail addresses, telephone numbers and the content of messages collected on accounts.

Spyware 89

Spyware Hacking Antivirus Passwords 89

Security Boulevard

JUNE 29, 2023

Found in Environments Protected By: Microsoft By Tej Tulachan, Phishing Defense Center (PDC) During the busy self-assessment season in the UK, threat actors take advantage of the heightened online activity to deceive unsuspecting individuals into revealing their sensitive information on fraudulent HM Revenue & Customs (HMRC) self-assessment websites.

Phishing 87

Phishing Internet Internet Security Awareness 87

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.