Schneier on Security

AUGUST 23, 2022

Twilio was hacked earlier this month, and the phone numbers of 1,900 Signal users were exposed : Here’s what our users need to know: All users can rest assured that their message history, contact lists, profile information, whom they’d blocked, and other personal data remain private and secure and were not affected. For about 1,900 users, an attacker could have attempted to re-register their number to another device or learned that their number was registered to Signal.

Hacking 195

Hacking Data breaches 195

Javvad Malik

AUGUST 23, 2022

In Japan, someone registered a trademark for CUGGL as a clothing brand in Japan. GUCCI tried to sue for copyright, but the Japan trademark office stated that CUGGL is not similar enough to GUCCI to warrant enforcement. Well, maybe not in the written word, but what do you think about the partially obscured logo? I am both disgusted and impressed by this. ( Credit to Halvar Flake for the find ).

182

182

CSO Magazine

AUGUST 23, 2022

The cost of a data breach is not easy to define, but as more organizations fall victim to attacks and exposures, the potential financial repercussions are becoming clearer. For modern businesses of all shapes and sizes, the monetary impact of suffering a data breach is substantial. IBM’s latest Cost of a Data Breach report discovered that, in 2022, the average cost of a data breach globally reached an all-time high of $4.35 million.

Data breaches 145

Data breaches 145

Trend Micro

AUGUST 23, 2022

We investigate mhyprot2.sys, a vulnerable anti-cheat driver for the popular role-playing game Genshin Impact. The driver is currently being abused by a ransomware actor to kill antivirus processes and services for mass-deploying ransomware.

Antivirus 140

Antivirus Ransomware 140

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

CyberSecurity Insiders

AUGUST 23, 2022

Ragnar Locker Ransomware gang has officially declared that they are responsible for the disruption of servers related to a Greece-based gas operator DESFA. And reports are in that Ragnar Locker Gang is demanding $12 million to free up data from encryption. DESFA released a press statement that it became a victim of a ransomware attack on Saturday last week and assured that its business continuity plan will surely bail them out of the present situation, without paying a penny.

Ransomware 124

Ransomware Phishing Architecture Cybercrime 124

Heimadal Security

AUGUST 23, 2022

Last weekend, DESFA, a natural gas transmission system operator in Greece, revealed that a cyberattack led to “a limited scope data breach and IT system outage.” What Happened? According to a public statement made by the natural gas distributor, the threat actors tried to breach its system, but the swift actions of its IT team […].

Ransomware 118

Ransomware Data breaches Cybersecurity 118

eSecurity Planet

AUGUST 23, 2022

Linux has an extensive range of open-source distributions that pentesters, ethical hackers and network defenders can use in their work, whether for pentesting , digital forensics or other cybersecurity uses. Also known as “distros,” these distributions are variations of Linux that include the Linux kernel and usually a specific package manager. For example, Kali Linux, one of the most popular pentesting OSs, is Debian-based, which means it’s based on the Debian Project.

Penetration Testing 118

Penetration Testing Architecture Cybersecurity Hacking 118

CyberSecurity Insiders

AUGUST 23, 2022

Microsoft has joined hands with Kaspersky to let its Sentinel platform get feeds from the security firm’s threat intelligence. Thus, the aim will be to gain actionable feeds related to cyber attacks leading to efficient incident responses. Kaspersky says that it is delighted to team up with a reputable company and hopes that its data such as threat names, time stamps, geolocation, data related to IP addresses related to infected devices and hashes will help its valuable customers attain timely i

Cyber threats 121

Cyber threats Software Cyber Attacks Cybersecurity 121

Security Affairs

AUGUST 23, 2022

Experts warn that over 80,000 Hikvision cameras are vulnerable to a critical command injection vulnerability. Security researchers from CYFIRMA have discovered over 80,000 Hikvision cameras affected by a critical command injection vulnerability tracked as CVE-2021-36260. The Chinese vendor addressed the issue in September 2021, but tens of thousands of devices are yet to be patched.

Hacking 111

Hacking Firmware Internet Internet 111

Security Boulevard

AUGUST 23, 2022

By Source Defense It’s a scenario we’ve all experienced: You’re filling out an online form to obtain some sort of product, service, or information, and suddenly you have second thoughts. It doesn’t matter why, but you’ve decided you no longer want to go through with the transaction. So you close your browser before you hit. The post A Potential GDPR Nightmare Hiding in the 3rd Party Digital Supply Chain appeared first on Source Defense.

Risk 109

Risk Government 109

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

We Live Security

AUGUST 23, 2022

You may not be able to disappear completely from the internet, but you can minimize your digital footprint with a few simple steps. The post Is your personal data all over the internet? 7 steps to cleaning up your online presence appeared first on WeLiveSecurity.

Internet 104

Internet Internet 104

Security Boulevard

AUGUST 23, 2022

The Department of Defense (DoD) has updated guidance that it will cement clauses 7019 and 7020 of its November 2020 Interim DFARS Rule into a Final Rule in December 2022. The DFARS Interim Rule—currently in effect—aims to strengthen NIST SP 800-171 compliance and requires that all defense contractors that handle CUI (Controlled Unclassified Information) and […].

102

102

Heimadal Security

AUGUST 23, 2022

Email has traditionally served as the main means through which employees communicate with one another, stay informed about the company’s latest updates, and interact with consumers. But when it comes to corporate email on mobile devices, IT professionals usually deal with some serious threats. The ability to view corporate emails on personal/company devices is convenient […].

Mobile 101

Mobile Cybersecurity 101

Dark Reading

AUGUST 23, 2022

Lawmakers and cybersecurity insiders are reacting to a bombshell report from former Twitter security head Mudge Zatko, alleging reckless security lapses that could be exploited by foreign adversaries.

Cybersecurity 99

Cybersecurity 99

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Bleeping Computer

AUGUST 23, 2022

Israeli researcher Mordechai Guri has discovered a new method to exfiltrate data from air-gapped systems using the LED indicators on network cards. Dubbed 'ETHERLED', the method turns the blinking lights into Morse code signals that can be decoded by an attacker. [.].

98

98

Security Boulevard

AUGUST 23, 2022

The Cloud Security Alliance (CSA) has released the first in a series of research summaries culled from a survey about the adoption of so-called zero-trust cybersecurity principles. The results of that survey indicated that achieving and sustaining SOC 2 compliance can help ease, speed and spread adoption of zero-trust across almost any SMB or emerging.

Cybersecurity 98

Cybersecurity Security Awareness Risk Government 98

Bleeping Computer

AUGUST 23, 2022

Windows servers and workstations at dozens of organizations started to crash earlier today because of an issue caused by certain versions of VMware's Carbon Black endpoint security solution. [.].

98

98

Security Boulevard

AUGUST 23, 2022

The promise of AI code assistance like Copilot was an exciting promise when released. But they might not be the answer to all your problems. A research study has now found that while Copilot frequently introduces vulnerabilities, it may in fact be influenced by the input. Poor code, poor outcome. The post Crappy code, crappy Copilot. GitHub Copilot is writing vulnerable code and it could be your fault appeared first on Security Boulevard.

98

98

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

The Hacker News

AUGUST 23, 2022

The Iranian government-backed actor known as Charming Kitten has added a new tool to its malware arsenal that allows it to retrieve user data from Gmail, Yahoo!, and Microsoft Outlook accounts.

Accountability 98

Accountability Government Malware Software 98

Security Boulevard

AUGUST 23, 2022

Oracle “illegally” collects and links data about you, selling it to the highest bidder—all without your consent. The post Oracle’s HUGE Ad Data Graph is ‘Illegal Panopticon’ — 5 BILLION People Big appeared first on Security Boulevard.

Social Engineering 98

Social Engineering Advertising Surveillance Security Awareness 98

Bleeping Computer

AUGUST 23, 2022

The Center Hospitalier Sud Francilien (CHSF), a 1000-bed hospital located 28km from the center of Paris, suffered a cyberattack on Sunday, which has resulted in the medical center referring patients to other establishments and postponing appointments for surgeries. [.].

Ransomware 94

Ransomware 94

Security Boulevard

AUGUST 23, 2022

Pro-Ukrainian hackers are a little down in the DUMPS these days—the DUMPS cybercriminal forum, that is, which encourages cyberattacks against Russia and Belarus. “Information services, leaks or other services on our forum are allowed in relation to only two states, these are the Russian Federation and Belarus,” a mission statement on the forum stated.

Social Engineering 98

Social Engineering Engineering Malware Cybersecurity 98

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

Security Affairs

AUGUST 23, 2022

Microsoft shared technical details of a critical ChromeOS flaw that could be exploited to trigger a DoS condition or for remote code execution. Microsoft shared details of a critical ChromeOS vulnerability tracked as CVE-2022-2587 (CVSS score of 9.8). The flaw is an out-of-bounds write issue in OS Audio Server that could be exploited to trigger a DoS condition or, under specific circumstances, to achieve remote code execution. “Microsoft discovered a memory corruption vulnerability in a Ch

Media 92

Media Hacking Information Security 92

Security Boulevard

AUGUST 23, 2022

With cyberattacks on the rise with Microsoft’s warning of a highly destructive form of malware in Ukraine and White Rabbit being linked to FIN8, Tim Van Ash, Sr. VP of Product and Technology at AutoRABIT, and Charlene discuss how to best prepare for malware and future cyberattacks on the horizon. The video is below followed. The post Techstrong TV: How to Prepare for Highly Destructive Malware appeared first on Security Boulevard.

Malware 98

Malware Technology Cybersecurity 98

Security Affairs

AUGUST 23, 2022

Experts found backdoors in budget Android device models designed to target WhatsApp and WhatsApp Business messaging apps. Researchers from Doctor Web discovered backdoors in the system partition of budget Android device models that are counterfeit versions of famous brand-name models. The malware targets WhatsApp and WhatsApp Business messaging apps and can allow attackers to conduct multiple malicious activities. “Among them is the interception of chats and the theft of the confidential i

Mobile 92

Mobile Firmware Malware Wireless 92

Security Boulevard

AUGUST 23, 2022

When Mark Campbell, the chief innovation officer at EVOTEK, asked me to discuss an article he was writing on the quest for mainstream adoption of privacy-preserving analytics, I was thrilled. Privacy-preserving analytics has been a relevant topic for Baffle since 2019 when we were named a Gartner “Cool Vendor.” Three years ago, our mandate was…. The post Privacy-preserving Analytics: The Future of Data Security is Now appeared first on Baffle.

98

98

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

The Hacker News

AUGUST 23, 2022

The operators of the XCSSET macOS malware have upped the stakes by making iterative improvements that add support for macOS Monterey by upgrading its source code components to Python 3. "The malware authors have changed from hiding the primary executable in a fake Xcode.app in the initial versions in 2020 to a fake Mail.app in 2021 and now to a fake Notes.

Malware 93

Malware 93

Security Boulevard

AUGUST 23, 2022

API authentication is about proving that whoever is trying to access an API is who they say they are. This is sometimes confused with authorization which is about proving that whoever is trying to access data via the API has the right to access that data. The post Is API authentication secure? appeared first on Security Boulevard.

Authentication 97

Authentication Mobile 97

Bleeping Computer

AUGUST 23, 2022

Threat actors are increasingly abusing legitimate software-as-a-service (SaaS) platforms like website builders and personal branding spaces to create malicious phishing websites that steal login credentials. [.].

Phishing 90

Phishing Software 90

Security Boulevard

AUGUST 23, 2022

Amazon Web Services (AWS) has made it simpler to capture snapshots of multiple volumes residing on the Amazon Elastic Block Storage (EBS) service. Nancy Wang, general manager for AWS data protection and governance, said the goal is to make it easier for cybersecurity and IT teams to protect data residing on the EBS cloud service. The post AWS Streamlines Data Protection by Simplifying Snapshot Creation appeared first on Security Boulevard.

Government 97

Government Cybersecurity 97

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.