Schneier on Security
JUNE 19, 2023
This is a clever new side-channel attack : The first attack uses an Internet-connected surveillance camera to take a high-speed video of the power LED on a smart card readerĀor of an attached peripheral deviceĀduring cryptographic operations. This technique allowed the researchers to pull a 256-bit ECDSA key off the same government-approved smart card used in Minerva.
Bleeping Computer
JUNE 19, 2023
A malware campaign is using fake OnlyFans content and adult lures to install a remote access trojan known as 'DcRAT,' allowing threat actors to steal data and credentials or deploy ransomware on the infected device. [.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
CyberSecurity Insiders
JUNE 19, 2023
The widespread adoption of SaaS applications has created an intricate ‘SaaS mesh’ in most organizations. While these applications have undoubtedly improved productivity, they have also introduced a new set of security risks. From insecure integrations and unmanaged user identities to rogue data sharing, businesses face numerous challenges that traditional security solutions such as CASBs struggle to address.
Bleeping Computer
JUNE 19, 2023
Three Android apps on Google Play were used by state-sponsored threat actors to collect intelligence from targeted devices, such as location data and contact lists. [.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldnāt hand those out too freely. You have stuff thatās worth protectingāand the more people that have access to your belongings, the higher the odds that something will go missing.
The Last Watchdog
JUNE 19, 2023
The number one cybersecurity threat vector is unauthorized access via unused, expired or otherwise compromised access credentials. Related: The rising role of PAM for small businesses In the interconnected work environment, where users need immediate access to many platforms on and off-premises to do their jobs, keeping track of user activity and proper on and off-boarding is becoming more and more difficult.
Bleeping Computer
JUNE 19, 2023
ASUS has released new firmware with cumulative security updates that address vulnerabilities in multiple router models, warning customers to immediately update their devices or restrict WAN access until they're secured. [.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Bleeping Computer
JUNE 19, 2023
Des Moines Public Schools, Iowa's largest school district, confirmed today that a ransomware attack was behind an incident that forced it to take all networked systems offline on January 9, 2023. [.
CyberSecurity Insiders
JUNE 19, 2023
Nowadays, those interested can sieve some of the sensitive to very sensitive information from the dark web and that includes banking and email credentials of individuals and businesses. And according to a report compiled and released by Crossword Cybersecurity, information related to over 2.2 million students and staff from UKās 100 top universities is now available on the dark web.
Security Boulevard
JUNE 19, 2023
And now, this: John-Oliver-pics protest wonāt change Reddit policy, but will ransom demand work? The post Reddit Ransomware Raid Redux: BlackCat/ALPHV Demands $4.5M appeared first on Security Boulevard.
CyberSecurity Insiders
JUNE 19, 2023
According to recent reports, it appears that the European Investment Bank (EIB) has fallen victim to a cyber attack orchestrated by the Russian hacking group known as Killnet. These hackers, who have been planning the digital assault since May, aim to cripple the Western financial system by the end of this month. Speculation suggests that this attack could be in retaliation to the assistance provided by several countries, including the UK and the USA, to Ukraine in its conflicts with the Kremlin
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Security Boulevard
JUNE 19, 2023
In todayās digital landscape, organisations face an ever-increasing threat of cyberattacks. Since 2019, the number of cyberattacks globally has increased [ā¦] The post How to Find Qualified Cyber Security Candidates appeared first on Security Boulevard.
Bleeping Computer
JUNE 19, 2023
Malwarebytes released a fix for a known issue breaking Google Chrome on its customers' systems after installing the Windows 11 22H2 KB5027231 cumulative update released last week. [.
Security Boulevard
JUNE 19, 2023
Strengthening Blockchain Security: Securefloās Cybersecurity Capabilities Strengthening Blockchain Security: Securefloās Cybersecurity Capabilities Introduction Introduction Blockchain technology has revolutionized various industries, providing decentralized and transparent systems. However, ensuring the security and integrity of blockchain networks is of utmost importance.
Security Affairs
JUNE 19, 2023
Researchers uncovered a set of malicious files with backdoor capabilities that they believe is part of a toolkit targeting Apple macOS systems. Bitdefender researchers discovered a set of malicious files with backdoor capabilities that are suspected to be part of a sophisticated toolkit designed to target Apple macOS systems. The investigation is still ongoing, the experts pointed out that the samples are still largely undetected.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Security Boulevard
JUNE 19, 2023
If your company uses software under a license agreement that gives audit rights to the software vendorāand your company probably doesāyou may well have an adventure in your future. Vendors do, in fact, conduct software audits on a regular basis and, unfortunately, itās quite common for them to find that a user is out of. The post Adventures in Audits, Part One: How Software License Terms Drive Audit Resolution appeared first on Security Boulevard.
The Hacker News
JUNE 19, 2023
Microsoft on Friday attributed a string of service outages aimed at Azure, Outlook, and OneDrive earlier this month to an uncategorized cluster it tracks under the name Storm-1359. "These attacks likely rely on access to multiple virtual private servers (VPS) in conjunction with rented cloud infrastructure, open proxies, and DDoS tools," the tech giant said in a post on Friday.
Security Boulevard
JUNE 19, 2023
The number one cybersecurity threat vector is unauthorized access via unused, expired or otherwise compromised access credentials. Related: The rising role of PAM for small businesses In the interconnected work environment, where users need immediate access to many platforms on ā¦ (moreā¦) The post GUEST ESSAY: The need to assess context, intent when granting privileged access in todayās world appeared first on Security Boulevard.
The Hacker News
JUNE 19, 2023
Cybersecurity researchers have uncovered a set of malicious artifacts that they say is part of a sophisticated toolkit targeting Apple macOS systems. "As of now, these samples are still largely undetected and very little information is available about any of them," Bitdefender researchers Andrei Lapusneanu and Bogdan Botezatu said in a preliminary report published on Friday.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Malwarebytes
JUNE 19, 2023
The ramifications of a Reddit breach which occurred back in February are now being felt, with the attackers threatening to leak the stolen data. The February attack, billed as a “sophisticated phishing campaign” by Reddit, involved an attempt to swipe credentials and two-factor authentication tokens. One employee was tricked into handing over details, and then reported what had happened to Reddit.
The Hacker News
JUNE 19, 2023
A new information-stealing malware called Mystic Stealer has been found to steal data from about 40 different web browsers and over 70 web browser extensions. First advertised on April 25, 2023, for $150 per month, the malware also targets cryptocurrency wallets, Steam, and Telegram, and employs extensive mechanisms to resist analysis.
Malwarebytes
JUNE 19, 2023
ASUS has released firmware updates for several router models fixing two critical and several other security issues. The new firmware with accumulated security updates is available for the models GT6, GT-AXE16000, GT-AX11000 PRO, GT-AXE11000, GT-AX6000, GT-AX11000, GS-AX5400, GS-AX3000, XT9, XT8, XT8 V2, RT-AX86U PRO, RT-AX86U, RT-AX86S, RT-AX82U, RT-AX58U, RT-AX3000, TUF-AX6000, and TUF-AX5400.
Security Affairs
JUNE 19, 2023
The European Commission urges member states to limit āwithout delayā equipment from Chinese suppliers from their 5G networks, specifically Huawei and ZTE. The European Commission told member states to impose restrictions on high-risk suppliers for 5G networks without delay, with a specific focus on the dependency on high-risk suppliers, specifically Chinese firms Huawei and ZTE.
Advertisement
The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.
Malwarebytes
JUNE 19, 2023
A particularly nasty slice of phishing, scamming, and social engineering is responsible for DoorDash drivers losing a group total of around $950k. DoorDash drivers are contractors who pick up food deliveries from stores and restaurants and deliver the products to the customer. A 21 year old man named David Smith, from Connecticut, allegedly figured out a way to extract large quantities of cash from drivers with a scam stretching back to 2020.
Naked Security
JUNE 19, 2023
One, sadly, has died, and two are heading to prison, but for Kim Dotcom, the saga goes on…
Malwarebytes
JUNE 19, 2023
Do you have an impending new arrival in your family of the small and very noisy variety? If so, you’re probably going to invest in a baby monitor for peace of mind both at night and during the day. But do you know what kind of monitor you’re going to buy? Will it be audio only, or have images? Will it be Wi-Fi, or the non Wi-Fi kind? Did you know there’s a non Wi-Fi kind?
Security Affairs
JUNE 19, 2023
Researchers found evidence that Diicot threat actors are expanding their capabilities with new payloads and the Cayosin Botnet. Cado researchers recently detected an interesting attack pattern linked to an emerging cybercrime group tracked as Diicot (formerly, āMexalsā) and described in analyses published by Akamai and Bitdefender. The experts discovered several payloads, some of which were not publicly known, that are being used as part of a new ongoing campaign.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, āDo you know whatās in your software?
The Hacker News
JUNE 19, 2023
While the use of Infrastructure as Code (IaC) has gained significant popularity as organizations embrace cloud computing and DevOps practices, the speed and flexibility that IaC provides can also introduce the potential for misconfigurations and security vulnerabilities.
Security Affairs
JUNE 19, 2023
ASUS addressed critical vulnerabilities in multiple router models, urging customers to immediately install firmware updates. ASUS is warning customers to update some router models to the latest firmware to address critical vulnerabilities. The impacted models are GT6, GT-AXE16000, GT-AX11000 PRO, GT-AX6000, GT-AX11000, GS-AX5400, GS-AX3000, XT9, XT8, XT8 V2, RT-AX86U PRO, RT-AX86U, RT-AX86S, RT-AX82U, RT-AX58U, RT-AX3000, TUF-AX6000, and TUF-AX5400.
The Hacker News
JUNE 19, 2023
Governmental entities in the Middle East and Africa have been at the receiving end of sustained cyber-espionage attacks that leverage never-before-seen and rare credential theft and Exchange email exfiltration techniques.
SecureWorld News
JUNE 19, 2023
In a significant data breach impacting millions of individuals, the Oregon Department of Transportation (ODOT) has confirmed that its data was compromised as part of a global attack on the popular file transfer software, MOVEit Transfer. The breach, which exploited a Zero-Day vulnerability, has raised concerns about the patching practices and security measures employed by organizations worldwide.
Speaker: Erika R. Bales, Esq.
When we talk about ācompliance and security," most companies want to ensure that steps are being taken to protect what they value most ā people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and itās more important than ever that safeguards are in place. Letās step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Expert insights. Personalized for you.
236 
Let's personalize your content