Schneier on Security

AUGUST 2, 2023

The US Securities and Exchange Commission adopted final rules around the disclosure of cybersecurity incidents. There are two basic rules: Public companies must “disclose any cybersecurity incident they determine to be material” within four days, with potential delays if there is a national security risk. Public companies must “describe their processes, if any, for assessing, identifying, and managing material risks from cybersecurity threats” in their annual filings.

Cybersecurity 209

Cybersecurity Risk Government Accountability 209

Malwarebytes

AUGUST 2, 2023

Minecraft players interested in modding are potentially at risk of compromise. A Remote Code Execution (RCE) vulnerability in certain Minecraft mods allows for malicious commands on both servers and clients. The vulnerability, named BleedingPipe , allows attackers to take over a targeted server. Minecraft modding is immensely popular, with a potentially huge number of servers in the wild doing their own thing.

Risk 98

Risk Malware Cybersecurity 98

Security Affairs

AUGUST 2, 2023

The fast food giant Burger King put their systems and data at risk by exposing sensitive credentials to the public for a second time. Original post @ [link] Burger King is a renowned US-based international fast food giant with a global presence of over 19 thousand restaurants and revenue of $1.8 billion. Recently, the Cybernews research team uncovered that Burger King in France exposed sensitive credentials to the public due to a misconfiguration on their website.

Passwords 97

Passwords Accountability Mobile Hacking 97

Quick Heal Antivirus

AUGUST 2, 2023

The wealth of data available on the internet and the infinite potential that it has to offer requires. The post Ethical Web Scraping and Crawling: Navigating the Digital World Responsibly appeared first on Quick Heal Blog.

Internet 97

Internet Internet Data privacy Hacking 97

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

The Security Ledger

AUGUST 2, 2023

In this Spotlight podcast interview, David Monnier of Team Cymru talks about the evolution of the threat intelligence into actionable and target specific “threat reconnaissance.” The post Spotlight Podcast: Are you ready for Threat Reconnaissance? first appeared on The Security Ledger with Paul F. Roberts. The post Spotlight Podcast: Are you. Read the whole entry. » Click the icon below to listen.

Cyber threats 97

Cyber threats Marketing Ransomware Risk 97

The Hacker News

AUGUST 2, 2023

Cybersecurity researchers have discovered a new post-exploitation technique in Amazon Web Services (AWS) that allows the AWS Systems Manager Agent (SSM Agent) to be run as a remote access trojan on Windows and Linux environments "The SSM agent, a legitimate tool used by admins to manage their instances, can be re-purposed by an attacker who has achieved high privilege access on an endpoint with

Cybersecurity 97

Cybersecurity 97

Dark Reading

AUGUST 2, 2023

The prolific APT, also known as OilRig and MuddyWater, was caught targeting an IT company's government clients in the region, with the aim of carrying out cyber espionage.

Government 91

Government 91

Security Affairs

AUGUST 2, 2023

Experts spotted a spear-phishing Facebook campaign exploiting a zero-day vulnerability in Salesforce email services. Researchers from Guardio Labs uncovered a sophisticated phishing campaign exploiting a zero-day vulnerability in Salesforce email services and SMTP servers. The phishing campaigns are able to evade conventional detection methods by chaining the Salesforce vulnerability and legacy quirks in Facebook’s web games platform.

Phishing 89

Phishing Accountability Authentication Hacking 89

Dark Reading

AUGUST 2, 2023

Want heated seats for free? Self-driving in Europe despite a regulatory ban? Researchers have discovered the road to free car-modding on the popular Tesla EVs.

94

94

Bleeping Computer

AUGUST 2, 2023

Hundreds of Citrix Netscaler ADC and Gateway servers have already been breached and backdoored in a series of attacks targeting a critical remote code execution (RCE) vulnerability tracked as CVE-2023-3519. [.

88

88

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

The Hacker News

AUGUST 2, 2023

Cybersecurity researchers have discovered a bypass for a recently fixed actively exploited vulnerability in some versions of Ivanti Endpoint Manager Mobile (EPMM), prompting Ivanti to urge users to update to the latest version of the software. Tracked as CVE-2023-35082 (CVSS score: 10.

Mobile 89

Mobile Software Cybersecurity 89

Bleeping Computer

AUGUST 2, 2023

Microsoft says a hacking group tracked as APT29 and linked to Russia's Foreign Intelligence Service (SVR) targeted dozens of organizations worldwide, including government agencies, in Microsoft Teams phishing attacks. [.

Phishing 87

Phishing Government Hacking 87

The Hacker News

AUGUST 2, 2023

A sophisticated Facebook phishing campaign has been observed exploiting a zero-day flaw in Salesforce's email services, allowing threat actors to craft targeted phishing messages using the company's domain and infrastructure.

Phishing 89

Phishing 89

Heimadal Security

AUGUST 2, 2023

The American clothing company Hot Topic announced they identified suspicious login activity on a series of Reword accounts. Hot Topic warns that a data breach might have compromised users` sensitive information. The retail chain has 675 stores across the U.S. and an online shop with roughly 10 million visitors monthly. The investigation revealed that unauthorized […] The post Hot Topic Announces Potential Data Breach Due to Stolen Account Credentials appeared first on Heimdal Security Blog

Data breaches 80

Data breaches Accountability Retail Cybersecurity 80

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

The Hacker News

AUGUST 2, 2023

Microsoft on Wednesday disclosed that it identified a set of highly targeted social engineering attacks mounted by a Russian nation-state threat actor using credential theft phishing lures sent as Microsoft Teams chats. The tech giant attributed the attacks to a group it tracks as Midnight Blizzard (previously Nobelium). It's also called APT29, BlueBravo, Cozy Bear, Iron Hemlock, and The Dukes.

Phishing 89

Phishing Social Engineering Engineering 89

Dark Reading

AUGUST 2, 2023

Amid the national discussion about AI safety and non-human-originated content in the US, an app researcher spotted an effort by the social media app to flag AI posts for its 2+ billion users.

Media 80

Media 80

The Hacker News

AUGUST 2, 2023

Services offered by an obscure Iranian company known as Cloudzy are being leveraged by multiple threat actors, including cybercrime groups and nation-state crews. "Although Cloudzy is incorporated in the United States, it almost certainly operates out of Tehran, Iran – in possible violation of U.S.

Cybercrime 84

Cybercrime 84

Dark Reading

AUGUST 2, 2023

Innovations in continuous controls monitoring may be the only way underwriters can offer cyber-insurance policies that make sense in the market.

Cyber Insurance 89

Cyber Insurance Insurance Marketing 89

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Heimadal Security

AUGUST 2, 2023

A significant portion of cyberattacks target endpoints, either individually or as gateways to the larger company network. Experts Insights mention that 68% of companies researched by a Ponemon study experienced one or more successful endpoint assaults that compromised their IT infrastructure and/or data. Unfortunately, this is not a singular threat, but a layered issue: hackers exploit software […] The post What Is Endpoint Security?

Software 76

Software 76

Malwarebytes

AUGUST 2, 2023

Ivanti has issued a patch to address a second critical zero-day vulnerability that is under active attack. The vulnerability is said to be used in combination with the first vulnerability we discussed some days ago. The Cybersecurity and Infrastructure Security Agency (CISA) has added the new vulnerability to its Known Exploited Vulnerabilities Catalog , based on evidence of active exploitation since at least April of 2023.

Authentication 76

Authentication Mobile Cybersecurity Government 76

ZoneAlarm

AUGUST 2, 2023

For the past month, players of the classic game, Call of Duty: Modern Warfare 2, have found themselves ensnared in a tangled web of cyber threats. A self-spreading malware, or worm, has been coursing through the veins of the game’s servers, exploiting an unpatched bug that was reported to the publisher, Activision, five years ago. … The post Self-Spreading Malware Infects Call of Duty Modern: Warfare 2 Exploiting Known Bug appeared first on ZoneAlarm Security Blog.

Malware 76

Malware Cyber threats Data privacy 76

Bleeping Computer

AUGUST 2, 2023

A site impersonating Flipper Devices promises a free Flipper Zero after completing an offer but only leads to shady browser extensions and scam sites. [.

Scams 81

Scams 81

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

The Hacker News

AUGUST 2, 2023

In recent years the rise of illicit activities conducted within online messaging platforms has become a growing concern for countless industries. One of the most notable platforms that has been host to many malicious actors and nefarious activities has been Telegram.

76

76

SecureBlitz

AUGUST 2, 2023

The intersection of cybersecurity and artificial intelligence (AI) is an increasingly important frontier in the world of technology. As cyber threats become more sophisticated, AI offers novel solutions for identifying and countering such threats. This makes the topic especially relevant for students, the upcoming generation of technologists, entrepreneurs, and academics.

Artificial Intelligence 75

Artificial Intelligence Cybersecurity Cyber threats Technology 75

The Hacker News

AUGUST 2, 2023

A Russia-nexus adversary has been linked to 94 new domains starting March 2023, suggesting that the group is actively modifying its infrastructure in response to public disclosures about its activities.

Hacking 75

Hacking Cybersecurity 75

Naked Security

AUGUST 2, 2023

It's a real vulnerability, but the data leakage rate can be as low as. let's just say that an IMAX-quality copy of the new "Oppenheimer" movie could take you 4 billion years to exfiltrate.

73

73

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

SecureWorld News

AUGUST 2, 2023

When I first became interested in ICS/OT cybersecurity, it was 2010 and news about Stuxnet had been made public. Stuxnet was a piece of malware designed to infiltrate a uranium enrichment facility in Iran and physically destroy the enrichment centrifuges used to ultimately make nuclear warheads. Stuxnet was not only a technical marvel, but it was also the first known piece of malware to target Industrial Control Systems (ICS)/Operational Technology (OT).

Cybersecurity 73

Cybersecurity Manufacturing Data breaches Malware 73

Bleeping Computer

AUGUST 2, 2023

IT software company Ivanti disclosed today a new critical security vulnerability in its MobileIron Core mobile device management software. [.

Mobile 81

Mobile Software 81

The Hacker News

AUGUST 2, 2023

About 34% of security vulnerabilities impacting industrial control systems (ICSs) that were reported in the first half of 2023 have no patch or remediation, registering a significant increase from 13% the previous year. According to data compiled by SynSaber, a total of 670 ICS product flaws were reported via the U.S.

Cybersecurity 72

Cybersecurity 72

SecureWorld News

AUGUST 2, 2023

News of a proposed United States Cyber Force moved closer to reality last week when the U.S. Senate passed the $886 billion National Defense Authorization Act. An amendment in the bill directs the Defense Department to tap the National Academy of Public Administration to conduct an assessment of establishing a seventh, cyber-specific military service.

Government 70

Government Cyber threats Education Cyber Attacks 70

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.