The Last Watchdog

APRIL 21, 2023

Adopting personas and rubbing elbows with criminal hackers and fraudsters is a tried-and-true way to glean intel in the Dark Web. Related: In pursuit of a security culture It’s not at all unusual to find law enforcement agents and private sector threat intelligence analysts concocting aliases that permit them to lurk in unindexed forums, vetted message boards and encrypted code repositories.

Risk 235

Risk Engineering Encryption Internet 235

Schneier on Security

APRIL 21, 2023

My latest book, A Hacker’s Mind , has a lot of sports stories. Sports are filled with hacks, as players look for every possible advantage that doesn’t explicitly break the rules. Here’s an example from pickleball, which nicely explains the dilemma between hacking as a subversion and hacking as innovation: Some might consider these actions cheating, while the acting player would argue that there was no rule that said the action couldn’t be performed.

Hacking 201

Hacking 201

The Last Watchdog

APRIL 21, 2023

Managed Security Service Providers, MSSPs, have been around for some time now as a resource to help companies operate more securely. Related: CMMC mandates best security practices Demand for richer MSSP services was already growing at a rapid pace, as digital transformation gained traction – and then spiked in the aftermath of Covid 19. By one estimate, companies are on track to spend $77 billion on MSSP services by 2030, up from $22 billion in 2020.

Digital transformation 212

Digital transformation Marketing Internet Internet 212

Tech Republic Security

APRIL 21, 2023

Google Cloud and The Center for Internet Security, Inc., launched the Google Cloud Alliance this week with the goal of advancing digital security in the public sector. The Center for Internet Security, founded in 2000 to address growing cyber threats and establish a set of cybersecurity protocols and standards like CIS Critical Security Controls and.

Cybersecurity 189

Cybersecurity Cyber threats Internet Internet 189

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

CSO Magazine

APRIL 21, 2023

While indicators of compromise (IoCs) and attackers’ tactics, techniques, and processes (TTPs) remain central to threat intelligence, cyber threat intelligence (CTI) needs have grown over the past few years, driven by things like digital transformation, cloud computing, SaaS propagation, and remote worker support. In fact, these changes have led to a CTI subcategory focused on digital risk protection.

Cyber threats 124

Cyber threats Risk Digital transformation CISO 124

Tech Republic Security

APRIL 21, 2023

With Neosec acquisition, Akamai gains capabilities around API visibility, a security challenge for organizations, many of which have hundreds of integrated applications. The post API security becoming C-level cybersecurity concern appeared first on TechRepublic.

Cybersecurity 185

Cybersecurity Software 185

Tech Republic Security

APRIL 21, 2023

A report by GitLab finds that AI and ML in software development workflows show promise, but challenges like toolchain complexity and security concerns persist. The post DevSecOps: AI is reshaping developer roles, but it’s not all smooth sailing appeared first on TechRepublic.

Software 176

Software Artificial Intelligence 176

CyberSecurity Insiders

APRIL 21, 2023

ICICI Bank, an Indian bank with a business presence in over 15 countries, has become a victim of a data breach, leaking information of more than 3.8 million customers or 38 lakh customers. The banking giant says that the news of the data breach is false, as its preliminary inquiries have revealed that the available information on the web is fake and doesn’t belong to its customers.

Data breaches 120

Data breaches Banking Government Phishing 120

Bleeping Computer

APRIL 21, 2023

The American Bar Association (ABA) has suffered a data breach after hackers compromised its network and gained access to older credentials for 1,466,000 members. [.

Data breaches 124

Data breaches 124

CSO Magazine

APRIL 21, 2023

Cisco fixed serious vulnerabilities across several of its products this week, including in its Industrial Network Director, Modeling Labs, ASR 5000 Series Routers, and BroadWorks Network Server. The flaws can lead to administrative command injection, authentication bypass, remote privilege escalation and denial of service. The Cisco Industrial Network Director (IND), a network monitoring and management server for operational technology (OT) networks, received patches for two vulnerabilities rate

Authentication 114

Authentication Technology Software 114

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Bleeping Computer

APRIL 21, 2023

Google has addressed a Cloud Platform (GCP) security vulnerability impacting all users and allowing attackers to backdoor their accounts using malicious OAuth applications installed from the Google Marketplace or third-party providers. [.

Accountability 105

Accountability 105

CSO Magazine

APRIL 21, 2023

Iranian APT hacking group MuddyWater has been observed using SimpleHelp, a legitimate remote device control and management tool, to ensure persistence on victim devices. SimpleHelp itself, as used by the threat actors, has not been compromised — instead, the group has found a way to download the tool from the official website and use it in their attacks, according to a Group-IB blog post.

Hacking 109

Hacking 109

Security Boulevard

APRIL 21, 2023

Yes, AI chatbots can write code very fast, but you still need human oversight and security testing in your AppSec program. The post Friend or foe: AI chatbots in software development appeared first on Security Boulevard.

Software 103

Software 103

CSO Magazine

APRIL 21, 2023

Security professionals attending this year’s RSA Conference expect to learn about new tools, platforms, and services from the 600-plus vendors exhibiting there. That’s a lot of ground to cover, so CSO has sifted through the upcoming announcements and gathered the products and services that caught our eye here. More announcements will be made throughout the event, and CSO will update this article as their embargoes break.

CSO 101

CSO Phishing Software 101

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Dark Reading

APRIL 21, 2023

Kim Jong Un's Swiss Army knife APT continues to spread its tendrils around the world, showing it's not intimidated by the researchers closing in.

112

112

Malwarebytes

APRIL 21, 2023

US-based Facebook users can now claim a piece of the enormous settlement payment by Meta, Facebook's parent company, over the Cambridge Analytica scandal. This news follows Meta agreeing to pay $725 million in December 2022 to settle the longstanding class action lawsuit filed by Lauren Price in 2018. Price accused the company of unlawful business practices concerning its use and distribution of users' personal data.

Accountability 98

Accountability Ransomware 98

Dark Reading

APRIL 21, 2023

While Intel is building more hardware protections directly into the chips, enterprises still need a strategy for applying security updates on these components.

105

105

The Hacker News

APRIL 21, 2023

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added three security flaws to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The three vulnerabilities are as follows - CVE-2023-28432 (CVSS score - 7.5) - MinIO Information Disclosure Vulnerability CVE-2023-27350 (CVSS score - 9.

Cybersecurity 97

Cybersecurity 97

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Malwarebytes

APRIL 21, 2023

A member of the Air National Guard is facing federal charges after applying for a job online as an assassin. According to a Justice Department press release , Josiah Ernesto Garcia from Hermitage, Tennessee, was arrested by an undercover federal agent at a park on April 12, 2023. The FBI affidavit says Garcia was looking for a good-paying job to support his family.

Ransomware 97

Ransomware Cybersecurity 97

Dark Reading

APRIL 21, 2023

Software written or acquired outside of IT's purview is software that IT can't evaluate for security or compliance.

Software 123

Software 123

Bleeping Computer

APRIL 21, 2023

Hackers use a novel method involving RBAC (Role-Based Access Control) to create persistent backdoor accounts on Kubernetes clusters and hijack their resources for Monero crypto-mining. [.

Accountability 97

Accountability 97

Graham Cluley

APRIL 21, 2023

Were you a US-based Facebook user between May 24 2007 and December 22 2022? If so, I've got some good news for you. Read more in my article on the Hot for Security blog.

Data breaches 98

Data breaches 98

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

Security Affairs

APRIL 21, 2023

Cisco released security updates to address critical security flaws in its Industrial Network Director and Modeling Labs solutions. Cisco released security updates to address critical security vulnerabilities in the Industrial Network Director and Modeling Labs solutions. An attacker can exploit these vulnerabilities to inject arbitrary operating system commands or access sensitive data.

Authentication 95

Authentication Education Media Hacking 95

Bleeping Computer

APRIL 21, 2023

A lot of news broke this week related to ransomware, with the discovery of LockBit testing macOS encryptors to an outage on NCR, causing massive headaches for restaurants. [.

Ransomware 91

Ransomware 91

Security Affairs

APRIL 21, 2023

The American Bar Association (ABA) disclosed a data breach, threat actors gained access to older credentials for 1,466,000 members. The American Bar Association (ABA) is a voluntary bar association of lawyers and law students; it is not specific to any jurisdiction in the United States. The ABA has 166,000 members as of 2022. The attackers may have gained access to the members’ credentials for a legacy member system that was decommissioned in 2018.

Data breaches 94

Data breaches Passwords Education Accountability 94

Dark Reading

APRIL 21, 2023

An uptick in EvilExtractor activity aims to compromise endpoints to steal browser from targets across Europe and the US, researchers say.

104

104

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

CSO Magazine

APRIL 21, 2023

With the world ever more digital and interconnected, the need for robust cybersecurity measures has never been more critical. But security analysts are overwhelmed with alerts and incidents, struggling to prioritize events amidst the rising sophistication and frequency of attacks. That’s why organizations need an Extended Detection and Response (XDR) solution that delivers on its promises.

Cybersecurity 89

Cybersecurity 89

Heimadal Security

APRIL 21, 2023

Shields Health Care Group (SHCG), a medical service provider in the United States, announced a data breach that compromised the personal information of more than 2.3 million people. Shields reported the breach to the Maine Attorney General on April 19, 2023, after discovering that a cyberattack had exposed sensitive customer information stored on the company’s […] The post US Medical Service Data Breach Impacts 2.3M People appeared first on Heimdal Security Blog.

Data breaches 89

Data breaches Cybersecurity 89

Dark Reading

APRIL 21, 2023

Attackers have their methods timed to the second, and they know they have to get in, do their damage, and get out quickly. CISOs today must detect and block in even less time.

CISO 88

CISO 88

Naked Security

APRIL 21, 2023

You know jolly well/What we're going to say/And that's "Do not delay/Simply do it today.

125

125

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.