Schneier on Security

MARCH 30, 2023

Now this is interesting: Thousands of pages of secret documents reveal how Vulkan’s engineers have worked for Russian military and intelligence agencies to support hacking operations, train operatives before attacks on national infrastructure, spread disinformation and control sections of the internet. The company’s work is linked to the federal security service or FSB, the domestic spy agency; the operational and intelligence divisions of the armed forces, known as the GOU and GRU;

Engineering 268

Engineering Internet Internet Hacking 268

Tech Republic Security

MARCH 30, 2023

The new AI security tool, which can answer questions about vulnerabilities and reverse-engineer problems, is now in preview. The post Microsoft adds GPT-4 to its defensive suite in Security Copilot appeared first on TechRepublic.

Engineering 210

Engineering Artificial Intelligence Cybersecurity 210

Jane Frankland

MARCH 30, 2023

Do women cope better than men with stress or is gender irrelevant? This was a question I was asked by a leader the other day. It’s also something I’ve referred to often in my keynotes and media interviews. This blog answers the question. The term ‘fight or flight’ (also known as ‘the fight-flight-or-freeze-fawn response,’ ‘hyperarousal’ or ‘the acute stress response’ ) was first coined by Walter Cannon in 1932 and is generally regarded

Cybersecurity 130

Cybersecurity Data breaches Cyber threats Hacking 130

Tech Republic Security

MARCH 30, 2023

New studies by NCC Group and Barracuda Networks show threat actors are increasing ransomware exploits, with consumer goods and services receiving the brunt of attacks and a large percentage of victims being hit multiple times. The post Ransomware attacks skyrocket as threat actors double down on U.S., global attacks appeared first on TechRepublic.

Ransomware 204

Ransomware Software 204

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Bleeping Computer

MARCH 30, 2023

Microsoft has shared more information on what types of malicious embedded files OneNote will soon block to defend users against ongoing phishing attacks pushing malware. [.

Phishing 144

Phishing Malware 144

Tech Republic Security

MARCH 30, 2023

Find out the most commonly used weak passwords by industry and country, according to NordPass. Plus, get tips on creating strong passwords. The post Report: Terrible employee passwords at world’s largest companies appeared first on TechRepublic.

Passwords 187

Passwords 187

Tech Republic Security

MARCH 30, 2023

While cost is generally the main consideration, the war in Ukraine and global political tensions are prompting companies to shift their IT outsourcing strategies, according to a new report. The post Report: Some IT outsourcing is moving back onshore appeared first on TechRepublic.

Digital transformation 167

Digital transformation 167

CyberSecurity Insiders

MARCH 30, 2023

Are you one of those who play games by investing real money to earn double or triple the amount in return? If yes, then you should be wary of scammers who are indulging in various kinds of gaming frauds. Account switching, account takeover, fake identity and promo abuse, money laundering, phishing scams, and fake websites intended to steal sensitive information are some of the frauds targeting gamers these days.

Scams 133

Scams Accountability Phishing Internet 133

CSO Magazine

MARCH 30, 2023

3CX is working on a software update for its 3CX DesktopApp, after multiple security researchers alerted the company of an active supply chain attack in it. The update will be released in the next few hours; meanwhile the company urges customers to use its PWA (progressive web application) client instead. “As many of you have noticed the 3CX DesktopApp has a malware in it.

Malware 123

Malware Software 123

Bleeping Computer

MARCH 30, 2023

A new modular toolkit called 'AlienFox' allows threat actors to scan for misconfigured servers to steal authentication secrets and credentials for cloud-based email services. [.

Authentication 123

Authentication 123

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

CyberSecurity Insiders

MARCH 30, 2023

Seasoned CISOs/CSOs understand the importance of effectively communicating cyber risk and the need for investment in cybersecurity defense to the board of directors. To ensure cybersecurity becomes a strategic part of the corporate culture, it is crucial for CISOs to present the topic in a clear, concise, and compelling manner. In this article, I will share my advice on best practices that can help CISOs successfully raise awareness and secure the necessary support from their organization’

Cybersecurity 119

Cybersecurity Cyber Risk CISO Risk 119

The Hacker News

MARCH 30, 2023

A group of academics from Northeastern University and KU Leuven has disclosed a fundamental design flaw in the IEEE 802.11 Wi-Fi protocol standard, impacting a wide range of devices running Linux, FreeBSD, Android, and iOS.

115

115

CSO Magazine

MARCH 30, 2023

An APT group known in the security industry as Winter Vivern has been exploiting a vulnerability in the Zimbra Collaboration software to gain access to mailboxes from government agencies in several European countries. While no clear links have been established between Winter Vivern and a particular country's government, security researchers have noted that its activities closely align with the interests of Russia and Belarus.

Government 111

Government Telecommunications Cybersecurity Software 111

The Hacker News

MARCH 30, 2023

A Chinese state-sponsored threat activity group tracked as RedGolf has been attributed to the use of a custom Windows and Linux backdoor called KEYPLUG. "RedGolf is a particularly prolific Chinese state-sponsored threat actor group that has likely been active for many years against a wide range of industries globally," Recorded Future told The Hacker News.

114

114

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Bleeping Computer

MARCH 30, 2023

A Russian hacking group tracked as TA473, aka 'Winter Vivern,' has been actively exploiting vulnerabilities in unpatched Zimbra endpoints since February 2023 to steal the emails of NATO officials, governments, military personnel, and diplomats. [.

Government 110

Government Hacking 110

Security Boulevard

MARCH 30, 2023

Executive leadership teams are overlooking critical gaps in vulnerability management within organizations, despite a series of high-profile breaches, according to an Action1 survey of 804 IT professionals. The study revealed that, on average, 20% of endpoints remain continuously unpatched due to laptop shutdowns or update errors, and 30% of organizations take more than a month.

Cybersecurity 104

Cybersecurity Network Security 104

Bleeping Computer

MARCH 30, 2023

Multiple malware botnets actively target Cacti and Realtek vulnerabilities in campaigns detected between January and March 2023, spreading ShellBot and Moobot malware. [.

Malware 108

Malware 108

We Live Security

MARCH 30, 2023

ESET experts share their insights on the cyber-elements of the first year of the war in Ukraine and how a growing number of destructive malware variants tried to rip through critical Ukrainian systems The post ESET Research Podcast: A year of fighting rockets, soldiers, and wipers in Ukraine appeared first on WeLiveSecurity

Malware 105

Malware 105

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

SecureList

MARCH 30, 2023

Managed Security Service Providers (MSSPs) have become an increasingly popular choice for organizations nowadays following the trend to outsource security services. Meanwhile, with the growing number of MSSPs in the market, it can be difficult for organizations to determine which provider will fit in the best way. This paper aims to provide guidance for organizations looking to select an MSSP and help to identify the benefits and drawbacks of using an MSSP.

Technology 103

Technology Marketing Risk Threat Detection 103

SecureWorld News

MARCH 30, 2023

We've all seen a movie or TV show where, in the future, our technologies have become so advanced that machines and Artificial Intelligence begin to take over the world. In many cases, albeit fictional, the machines prosper over humanity thanks to the ever-expanding capabilities of AI. A movie like Ex Machina or a show like Westworld play out this scenario very realistically, which is a bit frightening considering the trends we have seen recently in AI.

Artificial Intelligence 104

Artificial Intelligence Technology Risk Advertising 104

Dark Reading

MARCH 30, 2023

The vulnerability would have allowed an unauthenticated attacker to execute code on a container hosted on one of the platform's nodes.

120

120

CyberSecurity Insiders

MARCH 30, 2023

Zero trust security has become a buzzword in the cybersecurity world, emphasizing the need for a more robust and reliable security model. While most guides and articles focus on the technical aspects, there is a crucial element often overlooked: the human aspect and the organizational culture change required for a successful zero trust implementation.

Security Awareness 102

Security Awareness Cyber threats Education Cybersecurity 102

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

The Hacker News

MARCH 30, 2023

A new "comprehensive toolset" called AlienFox is being distributed on Telegram as a way for threat actors to harvest credentials from API keys and secrets from popular cloud service providers.

Malware 99

Malware 99

CyberSecurity Insiders

MARCH 30, 2023

Apple has almost made it official that it has acquired WaveOne company that uses Artificial Intelligence technology to compress videos. Well, the tech company did not release a press statement on the issue yet. But one of the former employees of WaveOne has given the world a hint by posting on his profile that the iPhone giant is now the parent company of the Mountain View startup.

Artificial Intelligence 101

Artificial Intelligence Mobile Cybersecurity Technology 101

Mitnick Security

MARCH 30, 2023

Chatbots have been known to provide many helpful benefits for companies and their customer support departments for several years. Chatbots are programs created to create realistic and helpful conversations with others, which is why they’ve been used by customer support departments to streamline and automate certain customer-facing tasks.

Cybersecurity 98

Cybersecurity Education 98

CSO Magazine

MARCH 30, 2023

Soon after Latitude Financial revealed it suffered a cyber attack, DXC Technology quietly published a note on its website stating its global network and customer support networks were not compromised. When Latitude Financial, which is listed in the Australian Securities Exchange (ASX), first published about the attack it said the activity was believed to have “originated from a major vendor used” by the company.

Technology 96

Technology Insurance Cyber Attacks 96

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Tech Republic Security

MARCH 30, 2023

PURPOSE This Media disposal policy from TechRepublic Premium provides specific instructions for ensuring organization data is properly protected when disposing of old storage media. From the policy: POLICY DETAILS When disposing of damaged, unusable, obsolete, off-lease, decommissioned, old, or end-of-service-life equipment and media, the organization requires that the guidelines outlined herein be followed: Hard drives, The post Media disposal policy appeared first on TechRepublic.

Media 82

Media 82

The Hacker News

MARCH 30, 2023

Details have emerged about a now-patched vulnerability in Azure Service Fabric Explorer (SFX) that could lead to unauthenticated remote code execution. Tracked as CVE-2023-23383 (CVSS score: 8.2), the issue has been dubbed "Super FabriXss" by Orca Security, a nod to the FabriXss flaw (CVE-2022-35829, CVSS score: 6.2) that was fixed by Microsoft in October 2022.

96

96

Security Affairs

MARCH 30, 2023

AlienFox is a novel comprehensive toolset for harvesting credentials for multiple cloud service providers, SentinelLabs reported. AlienFox is a new modular toolkit that allows threat actors to harvest credentials for multiple cloud service providers. AlienFox is available for sale and is primarily distributed on Telegram in the form of source code archives.

Retail 95

Retail Cybercrime Cryptocurrency Malware 95

CyberSecurity Insiders

MARCH 30, 2023

News is breaking about a software supply chain attack on the 3CX voice and video conferencing software. 3CX, the company behind 3CXDesktopApp, states to have more than 600,000 customers and 12 million users in 190 countries. Notable names include American Express, BMW, Honda, Ikea, Pepsi, and Toyota. Experts believe the supply chain attack, which was maliciously sideloaded, targets downstream customers by installing popular phone and video conferencing software that has been digitally authentica

Software 93

Software Risk Malware CISO 93

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.