Krebs on Security

DECEMBER 19, 2022

Photo: BrandonKleinPhoto / Shutterstock.com. Two U.S. men have been charged with hacking into the Ring home security cameras of a dozen random people and then “swatting” them — falsely reporting a violent incident at the target’s address to trick local police into responding with force. Prosecutors say the duo used the compromised Ring devices to stream live video footage on social media of police raiding their targets’ homes, and to taunt authorities when they arri

Hacking 276

Hacking Passwords Media Identity Theft 276

Schneier on Security

DECEMBER 19, 2022

The Ukrainian army has released an instructional video explaining how Russian soldiers should surrender to a drone: “Seeing the drone in the field of view, make eye contact with it,” the video instructs. Soldiers should then raise their arms and signal they’re ready to follow. After that the drone will move up and down a few meters, before heading off at walking pace in the direction of the nearest representatives of Ukraine’s army, it says.

273

273

Tech Republic Security

DECEMBER 19, 2022

Corporate security is near the top of the list of CIO concerns for 2023 — but a security skills shortfall is also a problem. What can companies do to bring up the slack? The post The security skills shortage is here, here’s how to prepare appeared first on TechRepublic.

137

137

The Last Watchdog

DECEMBER 19, 2022

Cybercrime is a big business. And like any other large industry, specialization has emerged. Related: IABs fuel ransomware surge. As data becomes more valuable, criminals can profit more from stealing, selling or holding it for ransom, leading to a massive black market of information. Initial access brokers (IABs) play an increasingly central role in this cyber underworld.

Cybercrime 124

Cybercrime Digital transformation Ransomware Cybersecurity 124

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Security Boulevard

DECEMBER 19, 2022

Microsoft’s GitHub source control service will help stop devs accidentally embedding secrets in public code repositories. It’s a big problem. The post GitHub Secret Scanning is now Free (as in Beer) appeared first on Security Boulevard.

Digital transformation 144

Digital transformation Security Awareness Risk Mobile 144

SecureList

DECEMBER 19, 2022

Summary. At the end of September, GTSC reported an attack on critical infrastructure that took place in August. During the investigation, experts found that two 0-day vulnerabilities in Microsoft Exchange Server were used in the attack. The first one, later identified as CVE-2022-41040, is a server-side request forgery (SSRF) vulnerability that allows an authenticated attacker to remotely trigger the next vulnerability – CVE-2022-41082.

Malware 141

Malware Passwords Authentication Internet 141

Security Affairs

DECEMBER 19, 2022

IT giant Cisco is warning of threat actors exploiting many old vulnerabilities in attacks in the wild. Cisco has updated multiple security advisories to warn of the active exploitation of several old vulnerabilities impacting its products. The bugs, some of which are rated as ‘critical’ severity, impact Cisco IOS, NX-OS, and HyperFlex software. Below are the critical vulnerabilities being exploited in attacks in the wild: CVE-2017-12240 (CVSS score of 9.8) – The vulnerability affects the D

Wireless 137

Wireless VPN Software Hacking 137

CyberSecurity Insiders

DECEMBER 19, 2022

Ukraine’s war miseries emerging from Russia seem to be never-ending as a compromised email account related to the country’s Ministry of Defense was caught sending phishing emails to users of the Delta Situational awareness program. Ukraine’s Computer Emergency Response Team of Ukraine created DELTA in March this year, to issue an alert to military personnel about the movements of enemy forces.

Malware 131

Malware Authentication Accountability Phishing 131

We Live Security

DECEMBER 19, 2022

Give yourself peace of mind and help create a safe online space for your child using Android or iOS parental controls. The post How to set up parental controls on your child’s new smartphone appeared first on WeLiveSecurity.

130

130

CyberSecurity Insiders

DECEMBER 19, 2022

By Ted Wolcott, PhD, Chief Strategy Officer, Quokka. Mobile devices may not have changed fundamentally in recent years, but the way they are used within businesses has. The massive shift toward work-from-anywhere policies means that employees are no longer just bringing their own devices to the workplace. They’re increasingly relying on personal devices to conduct work remotely – and creating new privacy and security challenges for mobile device managers in the process.

Mobile 129

Mobile Risk Government Software 129

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Bleeping Computer

DECEMBER 19, 2022

Microsoft is investigating a known issue leading to Blue Screen of Death (BSOD) crashes with 0xc000021a errors after installing the Windows 10 KB5021233 cumulative update released during this month's Patch Tuesday. [.].

124

124

Security Affairs

DECEMBER 19, 2022

Researchers spotted a new variant of the Agenda ransomware which is written in the cross-platform programming language Rust. Trend Micro researchers have spotted a new variant of the Agenda ransomware (aka Qilin) that is written in Rust Language. The move follows the decision of other ransomware gangs, like Hive , Blackcat , RansomExx , and Luna , of rewriting their ransomware into Rust.

Ransomware 123

Ransomware Encryption Healthcare Education 123

Dark Reading

DECEMBER 19, 2022

Revived levels of holiday spending have caught the eye of threat actors who exploit consumer behaviors and prey on the surge of online payments and digital activities during the holidays.

Retail 113

Retail Phishing 113

Security Affairs

DECEMBER 19, 2022

US government is warning of business email compromise (BEC) attacks aimed at hijacking shipments of food products and ingredients. The Federal Bureau of Investigation (FBI), the Food and Drug Administration Office of Criminal Investigations (FDA OCI), and the US Department of Agriculture (USDA) have published a joint security advisory to warn of business email compromise (BEC) attacks leading to the hijack of shipments of food products and ingredients.

Accountability 117

Accountability Scams Banking Phishing 117

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Bleeping Computer

DECEMBER 19, 2022

Apple has fixed a vulnerability that could be leveraged to deploy malware on vulnerable macOS devices via untrusted applications capable of bypassing Gatekeeper application execution restrictions. [.].

Malware 112

Malware 112

CSO Magazine

DECEMBER 19, 2022

Effective cybersecurity relies only in part on technology. Even as tools and systems become more powerful, avoiding security mishaps is still largely dependent on people doing the right thing. From following best practices for updating and patching systems and software to knowing and understanding the everyday risks posed by phishing emails, malicious websites, or other attack vectors, everyone — not just the dedicated IT/security professionals — has some level of responsibility for cybersecurit

Accountability 111

Accountability Cybersecurity Phishing Technology 111

Identity IQ

DECEMBER 19, 2022

Can Your Identity Be Stolen From Your Passport? IdentityIQ. Most of us are familiar with the concept of identity theft – someone stealing your personal information and using it to commit fraud or other crimes. You can try to take all the proper precautions, but, unfortunately, your identity still might be at risk. For example, this can happen if your passport falls into the wrong hands.

Identity Theft 111

Identity Theft Banking Accountability Risk 111

Security Boulevard

DECEMBER 19, 2022

Identity theft takes many shapes and forms, and account takeover is one of them. In this case, ATO happens when a cybercriminal gains unauthorized access to a user’s financial, airline miles, retail, streaming, or mobile device account. Attackers can then make wholesale changes to compromised accounts or use them as part of another attack. […]. The post What is Account Takeover (ATO)?

Accountability 112

Accountability Identity Theft Retail Mobile 112

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

CyberSecurity Insiders

DECEMBER 19, 2022

In this digital world, nothing seems to be secure enough to hold info tight. So, the only way to prevent digital theft is the use of Passkeys that are now being entertained by companies like Microsoft, Google and Apple for better security. A passkey is nothing but a passcode that enables authenticated access to a website service. It doesn’t have a text-based password in action, but is basically a password-less authentication that can be triggered by using the resources on a device like biometric

Authentication 109

Authentication Passwords Mobile Cybersecurity 109

Security Affairs

DECEMBER 19, 2022

Researchers spotted a malicious package in the Python Package Index (PyPI) repository that impersonates a software development kit (SDK) for SentinelOne. Cybersecurity researchers at ReversingLabs have discovered a new malicious package, named ‘SentinelOne,’ on the Python Package Index (PyPI) repository that impersonates a legitimate software development kit (SDK) for SentinelOne.

Malware 106

Malware Data collection Software Hacking 106

Security Boulevard

DECEMBER 19, 2022

Given the global shortage of ‘new’ oil, an upcoming energy drought and the geopolitical effects that could occur if there’s a decade-long recession in China, the near future of conflict will not be about oil but about microchips. The Microchip As the world shifts to new and more sustainable sources of energy, oil becomes less. The post The Near Future of Conflict Will Not be About Oil but Microchips appeared first on Security Boulevard.

Digital transformation 105

Digital transformation Technology Security Awareness Risk 105

Trend Micro

DECEMBER 19, 2022

More than two years ago, a researcher, A2nkF demonstrated the exploit chain from root privilege escalation to SIP-Bypass up to arbitrary kernel extension loading. In this blog entry, we will discuss how we discovered 3 more vulnerabilities from the old exploit chain.

104

104

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

The Hacker News

DECEMBER 19, 2022

Microsoft has disclosed details of a now-patched security flaw in Apple macOS that could be exploited by an attacker to get around security protections imposed to prevent the execution of malicious applications. The shortcoming, dubbed Achilles (CVE-2022-42821, CVSS score: 5.5), was addressed by the iPhone maker in macOS Ventura 13, Monterey 12.6.2, and Big Sur 11.7.

101

101

CSO Magazine

DECEMBER 19, 2022

A report released today by Big Four accounting firm KPMG found that large majorities of the American public are highly concerned about the security of their personal data, and that US companies aren’t helping matters by ramping up their collection of that data. Fully 92% of respondents to KPMG’s survey said that they were concerned to some extent about how personal data that they provide to companies is handled, and nearly nine in 10 said that businesses should be more forthright in detailing ho

Accountability 100

Accountability 100

The Hacker News

DECEMBER 19, 2022

Threat actors continue to adapt to the latest technologies, practices, and even data privacy laws—and it's up to organizations to stay one step ahead by implementing strong cybersecurity measures and programs. Here's a look at how cybercrime will evolve in 2023 and what you can do to secure and protect your organization in the year ahead.

Cybercrime 100

Cybercrime Data privacy Technology Cybersecurity 100

Security Boulevard

DECEMBER 19, 2022

Lacework has added additional cloud security posture management (CSPM) capabilities to its platform to make it possible to create fine-grained custom policies using the Lacework query language (LQL) to ensure configurations align with organizations’ specific requirements. In addition, the company has added support for the Center of Internet Security (CIS) benchmarks along with hundreds of.

Internet 98

Internet Internet Malware Cybersecurity 98

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Security Affairs

DECEMBER 19, 2022

The Glupteba botnet is back, researchers reported a surge in infection worldwide after Google disrupted its operation in 2021. In December 2021, Google announced it has taken down the infrastructure operated by the Glupteba botnet, it also sued Russian nationals Dmitry Starovikov and Alexander Filippov for creating and operating the botnet. The blockchain-enabled botnet has been active since at least 2011, researchers estimated that the Glupteba botnet was composed of more than 1 million Windows

DNS 98

DNS Antivirus Cryptocurrency Software 98

Security Boulevard

DECEMBER 19, 2022

A malicious Python file found on the PyPI repository adds backdoor and data exfiltration features to what appears to be a legitimate SDK client from SentinelOne. The post SentinelSneak: Malicious PyPI module poses as security software development kit appeared first on Security Boulevard.

Software 97

Software 97

CSO Magazine

DECEMBER 19, 2022

Today, CISOs face three primary challenges that prevent them from optimally protecting their organizations. First, is the tie to their current technology, which often suffers from complexity and siloed operations that prevent automation. These issues slow down the security operations center (SOC) team, which in turn slows the response to attacks. The second challenge is process-related.

CISO 96

CISO Technology 96

CyberSecurity Insiders

DECEMBER 19, 2022

According to Panther’ recently published second annual “ State of SIEM ” report, Cost, functionality, and innovation are the top reasons for seeking a new solution. Whether happy or unhappy with their current solution, the most often cited reasons they would decide to switch are what they pay and what their platform won’t do for them. The report surveyed 285 full-time cybersecurity professionals, each working as part of a team that currently uses a security information and event management

Engineering 95

Engineering Cybersecurity Software 95

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.