Lohrman on Security

OCTOBER 1, 2023

Sophisticated social engineering attacks have led to hundreds of data breaches this year. What can be done? And what new resources can help?

Cyber Attacks 299

Cyber Attacks Data breaches Social Engineering Engineering 299

Bleeping Computer

OCTOBER 1, 2023

A flaw related to the PKCS #1 v1.5 padding in SSL servers discovered in 1998 and believed to have been resolved still impacts several widely-used projects today. [.

140

140

Security Affairs

OCTOBER 1, 2023

Experts warn that the recent attack on building automation giant Johnson Controls may have exposed data of the Department of Homeland Security (DHS). Johnson Controls International plc is a multinational conglomerate with a diversified portfolio of products and services primarily focused on building technologies and solutions. The company provides HVAC (heating, ventilation, and air conditioning), solutions for building automation, fire and security systems, and components for energy management.

Ransomware 127

Ransomware Cybersecurity Hacking Malware 127

Bleeping Computer

OCTOBER 1, 2023

Amazon mistakenly sent out purchase confirmation emails for Hotels.com, Google Play, and Mastercard gift cards to customers, making many worried their accounts were compromised. [.

Accountability 123

Accountability Technology 123

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

The Hacker News

OCTOBER 1, 2023

Cybersecurity experts have discovered yet another malware-as-a-service (MaaS) threat called BunnyLoader that's being advertised for sale on the cybercrime underground.

Cybercrime 125

Cybercrime Malware Cybersecurity Advertising 125

Malwarebytes

OCTOBER 1, 2023

In what sounds like a new step towards Skynet, footage from a food delivery robot has been used as part of a criminal investigation. As 404 Media reports , the food delivery robots that are deployed for Uber Eats in Los Angeles are operated by Serve Robotics , which ultimately wants to deploy up to 2,000 robots. These robots are autonomous, although remotely supervised.

Surveillance 119

Surveillance Computers and Electronics Cybersecurity Media 119

Malwarebytes

OCTOBER 1, 2023

The Federal Bureau of Investigation (FBI) has released a notification that highlights two trends emerging across the ransomware environment. The trends the FBI says it's noticed since July 2023 are: Multiple ransomware attacks on the same victim in close date proximity. New data destruction tactics in ransomware attacks. With multiple, or dual ransomware attacks, the FBI says cybercriminals deployed two different ransomware variants against victim companies, using the following variants: AvosLoc

Ransomware 105

Ransomware Malware Backups Encryption 105

Security Affairs

OCTOBER 1, 2023

The ALPHV/BlackCat ransomware gang added McLaren Health Care to the list of victims on its Tor leak site. McLaren Health Care is a not-for-profit healthcare system based in Michigan, United States. It is one of the largest integrated health systems in the state and serves a significant portion of the population through its network of hospitals, clinics, and healthcare facilities.

Ransomware 109

Ransomware Hacking Healthcare Manufacturing 109

Malwarebytes

OCTOBER 1, 2023

Attack. Remediate. Repeat? Speak to any organization infiltrated by ransomware—the most dangerous malware in the world—and they’ll be blunt: They’d do anything to avoid getting hit twice. But ransomware attacks have been ramping up in 2023 and reinfections are occurring all over the globe, forcing lean IT teams to prepare. Why are businesses getting hit with ransomware more than once?

Ransomware 97

Ransomware Malware Passwords Backups 97

Security Affairs

OCTOBER 1, 2023

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. ALPHV/BlackCat ransomware gang hacked the hotel chain Motel One FBI warns of dual ransomware attacks Progress Software fixed two critical severity flaws in WS_FTP Server Child abuse site taken down, organized child exploitation crime suspected – e

Firmware 101

Firmware Hacking Ransomware Malware 101

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

The Hacker News

OCTOBER 1, 2023

An emerging Android banking trojan called Zanubis is now masquerading as a Peruvian government app to trick unsuspecting users into installing the malware.

Government 103

Government Banking Malware 103

Bleeping Computer

OCTOBER 1, 2023

The LostTrust ransomware operation is believed to be a rebrand of MetaEncryptor, utilizing almost identical data leak sites and encryptors. [.

Ransomware 98

Ransomware 98

WIRED Threat Level

OCTOBER 1, 2023

Checking out this AI chatbot's new features? Make sure to keep these privacy tips in mind during your interactions.

87

87

Penetration Testing

OCTOBER 1, 2023

BounceBack BounceBack is a powerful, highly customizable, and configurable reverse proxy with WAF functionality for hiding your C2/phishing/etc infrastructure from blue teams, sandboxes, scanners, etc. It uses real-time traffic analysis through various filters and... The post BounceBack v1.4 releases: Stealth redirector for your red team operation security appeared first on Penetration Testing.

Penetration Testing 48

Penetration Testing Phishing 48

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

WIRED Threat Level

OCTOBER 1, 2023

Every smartphone has an expiration date. Here’s when yours will probably come.

85

85

Malwarebytes

OCTOBER 1, 2023

Last week on Malwarebytes Labs: Dependabot impersonators cause trouble on GitHub Update Chrome now! Google patches another actively exploited vulnerability Google’s Bard conversations turn up in search results Malicious ad served inside Bing's AI chatbot Pegasus spyware and how it exploited a WebP vulnerability Xenomorph hunts cryptocurrency logins on Android Malwarebytes MDR wins G2 awards for "Best ROI," "Easiest to Use," and more Malwarebytes Admin update: New Detection screens to manag

Spyware 94

Spyware Ransomware Cryptocurrency Digital transformation 94