Schneier on Security
JULY 18, 2023
You can disable a self-driving car by putting a traffic cone on its hood: The group got the idea for the conings by chance. The person claims a few of them walking together one night saw a cone on the hood of an AV, which appeared disabled. They weren’t sure at the time which came first; perhaps someone had placed the cone on the AV’s hood to signify it was disabled rather than the other way around.
Krebs on Security
JULY 18, 2023
[This is Part III in a series on research conducted for a recent Hulu documentary on the 2015 hack of marital infidelity website AshleyMadison.com.] In 2019, a Canadian company called Defiant Tech Inc. pleaded guilty to running LeakedSource[.]com , a service that sold access to billions of passwords and other data exposed in countless data breaches.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Tech Republic Security
JULY 18, 2023
Australia has an e-waste problem, and for all the conversations around climate change, energy use, plastics and other ESG matters, it's surprising that more isn't said about it.
The Last Watchdog
JULY 18, 2023
Gainesville, Fla., July 18, 2022 – Around 30,000 websites get hacked every day , with the majority of those cyberattacks due to human error. This has projected costs associated with cybercrimes to hit the tens of trillions by 2025, highlighting the vital need for web hosts to implement staunch security. A new study by HostingAdvice, the premier authority on web hosting, found that 32% of Americans say they’ve gotten hacked from visiting a sketchy website and of those, 53% got a computer virus
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Tech Republic Security
JULY 18, 2023
Newly discovered vulnerabilities in distributed control systems could allow attackers access to systems supporting industrial, energy, chemical and other operations.
We Live Security
JULY 18, 2023
There is a significant secondary marketplace where tickets can sell for several times their original value, opening the opportunity for scammers and fraud The post Protect yourself from ticketing scams ahead of the Premier League Summer Series USA Tour appeared first on WeLiveSecurity
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Security Boulevard
JULY 18, 2023
VIPRE's Email Threat Trends Report for Q1 2023 analyzed 1.8 billion emails to provide a comprehensive understanding of contemporary email threats. The post A Look at the Email Threat Landscape in Q1 2023 appeared first on Security Boulevard.
Tech Republic Security
JULY 18, 2023
Use this comprehensive list of strategies to help you safeguard your company's data from threats and data breaches.
Security Boulevard
JULY 18, 2023
SMS fraud comes in many forms, all driven by the ubiquity of SMS, the low risk to the attacker, and the instant payoff. Think smishing – a well-known variant where cybercriminals deceive consumers into revealing sensitive information or performing other dangerous activities via text message. Just last week, I received a text from our CEO […] The post How to Break the ROI of SMS Toll Fraud appeared first on Security Boulevard.
Bleeping Computer
JULY 18, 2023
Cybersecurity vendor Sophos is being impersonated by a new ransomware-as-a-service called SophosEncrypt, with the threat actors using the company name for their operation. [.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Security Boulevard
JULY 18, 2023
The U.S. government is giving federal agencies three weeks to mitigate a zero-day Microsoft Windows and Office security flaw exploited by the Russian-linked RomCom threat group. The post CISA to Gov’t Agencies: Mitigate a Flaw in Windows and Office appeared first on Security Boulevard.
eSecurity Planet
JULY 18, 2023
Microsoft has hardened security following a Chinese hack of U.S. government agency email accounts, but some details remain a mystery. Even as the threat has passed, Microsoft officials are still analyzing how a Chinese threat group was able to access U.S. government accounts using a stolen inactive Microsoft account (MSA) consumer signing key. Chinese hacker group Storm-0558 breached an undisclosed number of email accounts belonging to 25 organizations, including U.S. government agencies, over t
Security Boulevard
JULY 18, 2023
By Daniel Garcia, CCO of PiaGuest Author In today’s current technological climate, managed services providers (MSPs) are in demand Read More The post The Future of MSPs: Automated Ticket Resolution appeared first on Kaseya. The post The Future of MSPs: Automated Ticket Resolution appeared first on Security Boulevard.
Security Affairs
JULY 18, 2023
The cybercrime group FIN8 is using a revamped version of the Sardonic backdoor to deliver the BlackCat ransomware. The financially motivated group FIN8 (aka Syssphinx) was spotted using a revamped version of a backdoor tracked as Sardonic to deliver the BlackCat ransomware (aka Noberus ransomware). Sardonic is a sophisticated backdoor that supports a wide range of features that was designed to evade detection.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Security Boulevard
JULY 18, 2023
In the past 6 months, the executive team at Cyral has had the privilege to engage in meaningful conversations with over 100 security leaders at … The post Demystifying the Data Security Landscape appeared first on Cyral. The post Demystifying the Data Security Landscape appeared first on Security Boulevard.
Security Affairs
JULY 18, 2023
The online malware scanning service VirusTotal leaked data associated with some registered customers, German newspapers reported. German newspapers Der Spiegel and Der Standard reported that the online malware scanning service VirusTotal leaked data associated with some registered customers. At the end of June, a small file of 313 kilobytes containing a list of 5,600 names was exposed online.
Security Boulevard
JULY 18, 2023
We often think of advanced persistent threats or APTs as threats primarily targeting governments for cyber espionage, but they could have just as much impact on the private sector. Oftentimes, both the techniques and the tooling used overlap between APTs and financially-motivated cybercriminals, The post Why Should You Care About Chinese APTs and Nation State Attacks?
Bleeping Computer
JULY 18, 2023
CISA ordered federal agencies to mitigate remote code execution zero-days affecting Windows and Office products that were exploited by the Russian-based RomCom cybercriminal group in NATO phishing attacks. [.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Security Boulevard
JULY 18, 2023
There are probably few among us who, never have they ever , downloaded questionable content. Whether it was a hit song in the Napster era or a Blockbuster movie you found on a “special” site online, you can probably think of at least one occasion when you got access to something from a, shall we say, less than reputable source. The post Mario movie malware might maliciously mess with your machine appeared first on Security Boulevard.
Security Affairs
JULY 18, 2023
Le Mans Endurance Management, operating the FIA World Endurance Championship’s website, exposed the data of hundreds of drivers by leaking their IDs and drivers’ licenses, the Cybernews research team has discovered. On June 16th, our researchers came across two misconfigured, meaning publicly exposed, Google Cloud Storage buckets. Both combined, they contained over 1.1 million files.
Security Boulevard
JULY 18, 2023
Artificial intelligence (AI) is transforming the world of computing and data analysis. AI applications such as machine learning, natural language processing, computer vision, and speech recognition are enabling new capabilities and efficiencies for businesses and consumers. However, AI also comes with a high price tag: it requires a lot of computing power, memory, storage, The post The AI Boom Will Drive up Data Center Costs and the Need for Control appeared first on Hyperview.
WIRED Threat Level
JULY 18, 2023
A bill to prevent cops and spies from buying Americans’ data instead of getting a warrant has a fighting chance in the US Congress as lawmakers team up against surveillance overreach.
Advertisement
The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.
Security Boulevard
JULY 18, 2023
The Biden administration unveiled a cybersecurity certification and labeling program that will make it easier for enterprises and consumers to see which smart devices are more secure and less vulnerable to attacks. The post Biden Admin Eyes IoT Cybersecurity With Device Labeling Program appeared first on Security Boulevard.
The Hacker News
JULY 18, 2023
Data associated with a subset of registered customers of VirusTotal, including their names and email addresses, were exposed after an employee inadvertently uploaded the information to the malware scanning platform. The security incident, which comprises a database of 5,600 names in a 313KB file, was first disclosed by Der Spiegel and Der Standard yesterday.
Security Boulevard
JULY 18, 2023
Check out this curated list of FREE resources you can use to master Burp Suite for web app and API security testing. The post The Ultimate Guide to Learning Burp Suite for FREE appeared first on Dana Epp's Blog. The post The Ultimate Guide to Learning Burp Suite for FREE appeared first on Security Boulevard.
Bleeping Computer
JULY 18, 2023
Microsoft is investigating an ongoing Exchange Online outage preventing customers from sending emails and triggering 503 errors on affected systems. [.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Security Boulevard
JULY 18, 2023
According to Microsoft’s recent threat brief, email still remains the #1 attack vector, but the good news is 98% of attacks can be prevented by implementing basic security measures. To stay ahead of today’s most malicious threats, security teams need to vigilantly protect every main attack surface, including email, identity, endpoint, Internet of Things (IoT), cloud […] The post Microsoft: 6 Key Security Vulnerabilities Putting Your Organization at Risk appeared first on Cofense.
Security Affairs
JULY 18, 2023
Threat actors are actively exploiting a critical flaw, tracked as CVE-2023-28121, in the WooCommerce Payments WordPress plugin. Threat actors are actively exploiting a recently disclosed critical vulnerability, tracked as CVE-2023-28121 (CVSS score: 9.8), in the WooCommerce Payments WordPress plugin. The flaw is an authentication bypass issue that can be exploited by an unauthenticated attacker to impersonate arbitrary users, including an administrator, potentially leading to the site takeover.
Security Boulevard
JULY 18, 2023
Palo Alto Networks’ Unit 42 Network Threat Trends Research Report has been released! Let’s dive into some key findings and see how Votiro Cloud can address and mitigate some of the highlighted threats. Finding #1: 66% of malware is delivered through PDF The old adage about “tried-and-true” still holds firm regarding threat actors’ methods. Commonly-used productivity.
The Hacker News
JULY 18, 2023
The financially motivated threat actor known as FIN8 has been observed using a "revamped" version of a backdoor called Sardonic to deliver the BlackCat ransomware. According to the Symantec Threat Hunter Team, part of Broadcom, the development is an attempt on the part of the e-crime group to diversify its focus and maximize profits from infected entities.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Expert insights. Personalized for you.
208 
Let's personalize your content