Schneier on Security

AUGUST 23, 2022

Twilio was hacked earlier this month, and the phone numbers of 1,900 Signal users were exposed : Here’s what our users need to know: All users can rest assured that their message history, contact lists, profile information, whom they’d blocked, and other personal data remain private and secure and were not affected. For about 1,900 users, an attacker could have attempted to re-register their number to another device or learned that their number was registered to Signal.

Hacking 243

Hacking Data breaches 243

Javvad Malik

AUGUST 23, 2022

In Japan, someone registered a trademark for CUGGL as a clothing brand in Japan. GUCCI tried to sue for copyright, but the Japan trademark office stated that CUGGL is not similar enough to GUCCI to warrant enforcement. Well, maybe not in the written word, but what do you think about the partially obscured logo? I am both disgusted and impressed by this. ( Credit to Halvar Flake for the find ).

182

182

CSO Magazine

AUGUST 23, 2022

The cost of a data breach is not easy to define, but as more organizations fall victim to attacks and exposures, the potential financial repercussions are becoming clearer. For modern businesses of all shapes and sizes, the monetary impact of suffering a data breach is substantial. IBM’s latest Cost of a Data Breach report discovered that, in 2022, the average cost of a data breach globally reached an all-time high of $4.35 million.

Data breaches 145

Data breaches 145

Trend Micro

AUGUST 23, 2022

We investigate mhyprot2.sys, a vulnerable anti-cheat driver for the popular role-playing game Genshin Impact. The driver is currently being abused by a ransomware actor to kill antivirus processes and services for mass-deploying ransomware.

Antivirus 144

Antivirus Ransomware 144

Speaker: Erroll Amacker

Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.

Risk

Heimadal Security

AUGUST 23, 2022

Last weekend, DESFA, a natural gas transmission system operator in Greece, revealed that a cyberattack led to “a limited scope data breach and IT system outage.” What Happened? According to a public statement made by the natural gas distributor, the threat actors tried to breach its system, but the swift actions of its IT team […].

Ransomware 134

Ransomware Data breaches Cybersecurity 134

Security Affairs

AUGUST 23, 2022

Experts warn that over 80,000 Hikvision cameras are vulnerable to a critical command injection vulnerability. Security researchers from CYFIRMA have discovered over 80,000 Hikvision cameras affected by a critical command injection vulnerability tracked as CVE-2021-36260. The Chinese vendor addressed the issue in September 2021, but tens of thousands of devices are yet to be patched.

Hacking 126

Hacking Firmware Internet Internet 126

Heimadal Security

AUGUST 23, 2022

Email has traditionally served as the main means through which employees communicate with one another, stay informed about the company’s latest updates, and interact with consumers. But when it comes to corporate email on mobile devices, IT professionals usually deal with some serious threats. The ability to view corporate emails on personal/company devices is convenient […].

Mobile 119

Mobile Cybersecurity 119

CyberSecurity Insiders

AUGUST 23, 2022

According to a report published on CNN and reaffirmed by The Washington Post, Twitter has been misleading regulators by claiming false cybersecurity practices and foxing them with low fake accounts count. Peiter Zatko, a former Security Chief of the social media giant claimed that all his independent investigations done till February this year proved that the online services giant was duping US Securities and Exchange Commission and the Federal Trade Commission with claims that aren’t real in pr

Cybersecurity 122

Cybersecurity Accountability Media 122

Hacker Combat

AUGUST 23, 2022

Following what it referred to as a “ridiculous vulnerability disclosure process,” a security company has revealed the specifics of a problem with a CrowdStrike product. Following the disclosure, CrowdStrike clarified a few things. An flaw with CrowdStrike’s Falcon endpoint detection and response tool was uncovered by researchers at the Swiss security firm Modzero.

Risk 113

Risk 113

CyberSecurity Insiders

AUGUST 23, 2022

Microsoft has joined hands with Kaspersky to let its Sentinel platform get feeds from the security firm’s threat intelligence. Thus, the aim will be to gain actionable feeds related to cyber attacks leading to efficient incident responses. Kaspersky says that it is delighted to team up with a reputable company and hopes that its data such as threat names, time stamps, geolocation, data related to IP addresses related to infected devices and hashes will help its valuable customers attain timely i

Cyber threats 121

Cyber threats Software Cyber Attacks Cybersecurity 121

Advertisement

Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.

Cyber threats

Security Boulevard

AUGUST 23, 2022

By Source Defense It’s a scenario we’ve all experienced: You’re filling out an online form to obtain some sort of product, service, or information, and suddenly you have second thoughts. It doesn’t matter why, but you’ve decided you no longer want to go through with the transaction. So you close your browser before you hit. The post A Potential GDPR Nightmare Hiding in the 3rd Party Digital Supply Chain appeared first on Source Defense.

Risk 111

Risk Government 111

We Live Security

AUGUST 23, 2022

You may not be able to disappear completely from the internet, but you can minimize your digital footprint with a few simple steps. The post Is your personal data all over the internet? 7 steps to cleaning up your online presence appeared first on WeLiveSecurity.

Internet 106

Internet Internet 106

Heimadal Security

AUGUST 23, 2022

A new version of SOVA, an Android banking trojan, has been launched. This fifth version contains improved functions and code enhancements that translate into a ransomware module used to encrypt files on Android devices. SOVA, like any information stealing trojan, is built to snatch credentials and cookies, evade multi-factor authentication, and harm Android’s Accessibility Service […].

Banking 104

Banking Encryption Authentication Ransomware 104

Security Boulevard

AUGUST 23, 2022

The Department of Defense (DoD) has updated guidance that it will cement clauses 7019 and 7020 of its November 2020 Interim DFARS Rule into a Final Rule in December 2022. The DFARS Interim Rule—currently in effect—aims to strengthen NIST SP 800-171 compliance and requires that all defense contractors that handle CUI (Controlled Unclassified Information) and […].

103

103

Advertisement

The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.

Cybersecurity

Threatpost

AUGUST 23, 2022

CISA is warning that Palo Alto Networks’ PAN-OS is under active attack and needs to be patched ASAP.

Firewall 101

Firewall 101

Dark Reading

AUGUST 23, 2022

Lawmakers and cybersecurity insiders are reacting to a bombshell report from former Twitter security head Mudge Zatko, alleging reckless security lapses that could be exploited by foreign adversaries.

Cybersecurity 99

Cybersecurity 99

WIRED Threat Level

AUGUST 23, 2022

Peiter “Mudge” Zatko’s claims about the company’s lax security are all bad. But one clearly captures the extent of systemic issues.

98

98

Dark Reading

AUGUST 23, 2022

Engineering manager Scott Tenaglia describes how Meta extended the security red team model to aggressively protect data privacy.

Data privacy 99

Data privacy Engineering 99

Speaker: Sierre Lindgren

Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.

Scams

Security Affairs

AUGUST 23, 2022

Microsoft shared technical details of a critical ChromeOS flaw that could be exploited to trigger a DoS condition or for remote code execution. Microsoft shared details of a critical ChromeOS vulnerability tracked as CVE-2022-2587 (CVSS score of 9.8). The flaw is an out-of-bounds write issue in OS Audio Server that could be exploited to trigger a DoS condition or, under specific circumstances, to achieve remote code execution. “Microsoft discovered a memory corruption vulnerability in a Ch

Media 98

Media Hacking Information Security 98

Dark Reading

AUGUST 23, 2022

M&A activity in the identity and access management (IAM) space has continued at a steady clip so far this year.

Marketing 98

Marketing 98

The Hacker News

AUGUST 23, 2022

The Iranian government-backed actor known as Charming Kitten has added a new tool to its malware arsenal that allows it to retrieve user data from Gmail, Yahoo!, and Microsoft Outlook accounts.

Accountability 98

Accountability Government Malware Software 98

Bleeping Computer

AUGUST 23, 2022

Israeli researcher Mordechai Guri has discovered a new method to exfiltrate data from air-gapped systems using the LED indicators on network cards. Dubbed 'ETHERLED', the method turns the blinking lights into Morse code signals that can be decoded by an attacker. [.].

98

98

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

Security Boulevard

AUGUST 23, 2022

The Cloud Security Alliance (CSA) has released the first in a series of research summaries culled from a survey about the adoption of so-called zero-trust cybersecurity principles. The results of that survey indicated that achieving and sustaining SOC 2 compliance can help ease, speed and spread adoption of zero-trust across almost any SMB or emerging.

Cybersecurity 98

Cybersecurity Security Awareness Risk Government 98

Security Affairs

AUGUST 23, 2022

Experts found backdoors in budget Android device models designed to target WhatsApp and WhatsApp Business messaging apps. Researchers from Doctor Web discovered backdoors in the system partition of budget Android device models that are counterfeit versions of famous brand-name models. The malware targets WhatsApp and WhatsApp Business messaging apps and can allow attackers to conduct multiple malicious activities. “Among them is the interception of chats and the theft of the confidential i

Mobile 98

Mobile Firmware Malware Wireless 98

Security Boulevard

AUGUST 23, 2022

The promise of AI code assistance like Copilot was an exciting promise when released. But they might not be the answer to all your problems. A research study has now found that while Copilot frequently introduces vulnerabilities, it may in fact be influenced by the input. Poor code, poor outcome. The post Crappy code, crappy Copilot. GitHub Copilot is writing vulnerable code and it could be your fault appeared first on Security Boulevard.

98

98

Security Affairs

AUGUST 23, 2022

US Cybersecurity and Infrastructure Security Agency (CISA) added a flaw, tracked as CVE-2022-0028 , affecting Palo Alto Networks PAN-OS to its Known Exploited Vulnerabilities Catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a high-severity flaw impacting Palo Alto Networks PAN-OS to its Known Exploited Vulnerabilities Catalog , based on evidence of active exploitation.

Firewall 98

Firewall DDOS Cybersecurity Hacking 98

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Cisco Security

AUGUST 23, 2022

With a rising number of cyberattacks targeting organizations, protecting sensitive customer information has never been more critical. The stakes are high due to the financial losses, reputational damage, legal & compliance fines, and more that often stem from mishandled data. At Cisco Secure, we recognize this and are continuously looking for ways to improve our information security practices.

Malware 98

Malware Information Security Accountability 98

Security Boulevard

AUGUST 23, 2022

Oracle “illegally” collects and links data about you, selling it to the highest bidder—all without your consent. The post Oracle’s HUGE Ad Data Graph is ‘Illegal Panopticon’ — 5 BILLION People Big appeared first on Security Boulevard.

Social Engineering 98

Social Engineering Advertising Surveillance Security Awareness 98

The Hacker News

AUGUST 23, 2022

The operators of the XCSSET macOS malware have upped the stakes by making iterative improvements that add support for macOS Monterey by upgrading its source code components to Python 3. "The malware authors have changed from hiding the primary executable in a fake Xcode.app in the initial versions in 2020 to a fake Mail.app in 2021 and now to a fake Notes.

Malware 98

Malware 98

Security Affairs

AUGUST 23, 2022

DevOps platform GitLab fixed a critical remote code execution flaw in its GitLab Community Edition (CE) and Enterprise Edition (EE) releases. DevOps platform GitLab has released security updates to fix a critical remote code execution vulnerability, tracked as CVE-2022-2884 (CVSS 9.9), affecting its GitLab Community Edition (CE) and Enterprise Edition (EE) releases.

Authentication 98

Authentication Hacking Information Security 98

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!