Schneier on Security

JULY 21, 2023

Imagine a future in which AIs automatically interpret—and enforce—laws. All day and every day, you constantly receive highly personalized instructions for how to comply with the law, sent directly by your government and law enforcement. You’re told how to cross the street, how fast to drive on the way to work, and what you’re allowed to say or do online—if you’re in any situation that might have legal implications, you’re told exactly what to do, in real time.

Surveillance 220

Surveillance Retail Technology Big data 220

Krebs on Security

JULY 21, 2023

Many things have changed since 2018, such as the names of the companies in the Fortune 100 list. But one aspect of that vaunted list that hasn’t shifted much since is that very few of these companies list any security professionals within their top executive ranks. The next time you receive a breach notification letter that invariably says a company you trusted places a top priority on customer security and privacy, consider this: Only four of the Fortune 100 companies currently list a sec

CSO 204

CSO CISO Insurance Risk 204

Tech Republic Security

JULY 21, 2023

The Europol report also reported on cybercriminals' use of cryptocurrencies and how their techniques are more sophisticated. However, there was good cybersecurity news, too.

Cryptocurrency 131

Cryptocurrency Cybersecurity Cybercrime Ransomware 131

Malwarebytes

JULY 21, 2023

The Cybersecurity and Infrastructure Security Agency (CISA) has added a critical unauthenticated remote code execution (RCE) vulnerability in Citrix NetScaler ADC and Citrix NetScaler Gateway to its Known Exploited Vulnerabilities Catalog , based on evidence of active exploitation. This means that Federal Civilian Executive Branch (FCEB) agencies need to remediate this vulnerability by August 9, 2023 to protect their networks against active threats.

Authentication 98

Authentication VPN Cybercrime Cybersecurity 98

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Tech Republic Security

JULY 21, 2023

This is a comprehensive list of the top enterprise password managers. Use this guide to compare and choose which one is best for your business.

Password Management 136

Password Management Passwords Software Cybersecurity 136

Security Boulevard

JULY 21, 2023

How to Tame Identity Sprawl: Strategies and solutions for managing digital identitiesIf your employees use different usernames and passwords for their computers, applications, other systems and accounts, your organization is experiencing identity sprawl. Identity sprawl is a problem that has increased significantly with the rise of identity-related attacks.

Passwords 98

Passwords Accountability 98

Security Boulevard

JULY 21, 2023

Two banks earlier this year were the targets of open source supply chain attacks, the first of their kind in the industry. The post Software Supply Chain Attackers Targeting Banks, Checkmarx Says appeared first on Security Boulevard.

Banking 98

Banking Software Cybersecurity 98

Bleeping Computer

JULY 21, 2023

The Microsoft private encryption key stolen by Storm-0558 Chinese hackers provided them with access far beyond the Exchange Online and Outlook.com accounts that Redmond said were compromised, according to Wiz security researchers. [.

Encryption 98

Encryption Accountability 98

Security Boulevard

JULY 21, 2023

For startups looking to win business and build trust with potential clients, a robust security program and effective response to security questionnaires are essential. Whether you’re new to security questionnaires or just need a refresher, we have you covered. With that, let’s get started. What are security questionnaires? Security questionnaires are sets of standardized questions […] The post Startups’ Guide to Security Questionnaires first appeared on TrustCloud.

Network Security 98

Network Security 98

eSecurity Planet

JULY 21, 2023

Living off the land (LOTL) attacks use legitimate programs that already exist on a computer, rather than installing malware from an external source onto a system. The stealthy nature of these attacks can make them effective — and difficult for security teams to detect and prevent. To prevent LOTL attacks, security teams must use sophisticated detection methods, as well as closing loops in popular computer programs with known vulnerabilities.

Passwords 98

Passwords Accountability Engineering Malware 98

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Security Boulevard

JULY 21, 2023

Miscreants have ramped up their use of QR codes to phish for credentials, according to INKY threat researchers. The post The Rise of QR Codes Spurs Rise in ‘Fresh Phish’ appeared first on Security Boulevard.

Phishing 98

Phishing Social Engineering Engineering Mobile 98

The Hacker News

JULY 21, 2023

The recent attack against Microsoft's email infrastructure by a Chinese nation-state actor referred to as Storm-0558 is said to have a broader scope than previously thought.

Accountability 98

Accountability 98

Security Boulevard

JULY 21, 2023

Our thanks to BSides Sofia for publishing their presenter’s tremendous BSides Sofia 2023 content on the organizations’ YouTube channel. Permalink The post BSides Sofia 2023 – Georgi Gerganov – Keytap Acoustic Keyboard Eavesdropping appeared first on Security Boulevard.

Architecture 98

Architecture CISO Education Risk 98

eSecurity Planet

JULY 21, 2023

Incident response frameworks and practices are detailed action plans to resolve security breaches inside a business or organization. They give the business a thorough and proactive approach to security by methodically recording every aspect of an incident, including how it happened and the measures that were taken, and describing the subsequent steps to prevent such incidents in the future.

DDOS 98

DDOS Architecture Technology Ransomware 98

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Security Boulevard

JULY 21, 2023

As cleantech becomes a bigger part of U.S. critical infrastructure, it faces a bigger risk from cyberattackers leveraging quantum attacks. The post Cleantech and Quantum Computing: Critical Infrastructure Cybersecurity appeared first on Security Boulevard.

Cybersecurity 98

Cybersecurity Risk Encryption Government 98

Bleeping Computer

JULY 21, 2023

The Microsoft consumer signing key stolen by Storm-0558 Chinese hackers provided them with access far beyond the Exchange Online and Outlook.com accounts that Redmond said were compromised, according to Wiz security researchers. [.

Accountability 95

Accountability 95

Security Boulevard

JULY 21, 2023

This is a quick tutorial on how to get started with Repository Health Check (RHC) 2.0, available in Sonatype Nexus Repository Manager 3.3. The post How to use Repository Health Check 2.0 appeared first on Security Boulevard.

98

98

Security Affairs

JULY 21, 2023

Cybernews research team discovered that two Suzuki-authorized dealer websites were leaking customers’ sensitive information. Suzuki or otherwise, buying a new vehicle is an intense experience with complicated credit, insurance, documentation, and contracts. Think of all the data that you leave in a dealership, including the fact that you now own a brand-new car – which itself may be a potential target for criminals.

Manufacturing 94

Manufacturing Phishing Insurance Media 94

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Security Boulevard

JULY 21, 2023

Dell Technologies added orchestration capabilities to its data protection software that makes it simpler for IT teams to schedule backup. The post Dell Adds Orchestration Capabilities to Data Protection Platform appeared first on Security Boulevard.

Backups 98

Backups Technology Software Malware 98

The Hacker News

JULY 21, 2023

Apple has warned that it would rather stop offering iMessage and FaceTime services in the U.K. than bowing down to government pressure in response to new proposals that seek to expand digital surveillance powers available to state intelligence agencies.

Surveillance 92

Surveillance Government 92

Security Boulevard

JULY 21, 2023

This is a comprehensive guide on how to deploy DKIM on On-prem exchange servers by installing the free Exchange DKIM Signer. The post Setting Up DKIM on On-Prem Exchange Servers appeared first on Security Boulevard.

Cybersecurity 98

Cybersecurity 98

Bleeping Computer

JULY 21, 2023

VirusTotal apologized on Friday for leaking the information of over 5,600 customers after an employee mistakenly uploaded a CSV file containing their info to the platform last month. [.

90

90

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

Security Boulevard

JULY 21, 2023

The Lazarus Group is behind a social engineering campaign that uses repository invitations and malicious npm packages to target developers on GitHub. The post GitHub Developers Targeted by North Korea’s Lazarus Group appeared first on Security Boulevard.

Social Engineering 98

Social Engineering Engineering Malware Cybersecurity 98

Security Affairs

JULY 21, 2023

SentinelOne researchers attribute the recent supply chain attacks on JumpCloud to North Korea-linked threat actors. JumpCloud is a cloud-based directory service platform designed to manage user identities, devices, and applications in a seamless and secure manner. It allows IT administrators to centralize and simplify their identity and access management tasks across various systems and applications.

Cryptocurrency 88

Cryptocurrency Hacking Malware Software 88

Security Boulevard

JULY 21, 2023

Insight #1 WormGPT is a thing. The tool — being sold on hacker forums and considered “ChatGPT’s evil cousin” — shows that cybercriminals are taking advantage of Large Language Models (LLMs) to produce detection-resilient cyberattacks and phishes. It’s uber important that your controls and detections adapt to the changing landscape. The post Cybersecurity Insights with Contrast CISO David Lindner | 7/21 appeared first on Security Boulevard.

CISO 97

CISO Cybersecurity Phishing 97

Identity IQ

JULY 21, 2023

3 Ways Rent Payment Reporting Improves Your Credit IdentityIQ Have you ever wished you could get credit for your on-time rent payments? Now you can. IdentityIQ, a leading provider of identity theft protection and credit monitoring services, has a groundbreaking addition to its suite of features: rent payment reporting. This new service allows your on-time rent payments, and potentially up to 24 months of past payments, to appear as a credit tradeline and help improve your credit scores.

Identity Theft 86

Identity Theft Accountability Education 86

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Security Boulevard

JULY 21, 2023

As ransomware affiliates are paid less frequently, they have adapted their strategies to compensate for the shifting dynamics of cyber extortion. The post Ransom Monetization Rates Fall to Record Low Despite Jump In Average Ransom Payments appeared first on Security Boulevard.

Ransomware 96

Ransomware 96

Malwarebytes

JULY 21, 2023

Estée Lauder is currently at the heart of a compromise storm , revealing a major security issue via a Security Exchange Commission (SEC) filing on Tuesday. Although no detailed explanation of what has taken place is given, there is confirmation that an attack allowed access to some systems and involved potential data exfiltration. Meanwhile, two ransomware groups are taking credit for compromises unrelated to one another.

Ransomware 85

Ransomware Backups Encryption Malware 85

Security Boulevard

JULY 21, 2023

Navigating Uncharted Waters: A look at auditing reforms in 2023 and the use of audit analyticsFor auditors, 2023 is shaping up to be an unprecedented year. Since 2021, there has been a notable surge in the efforts of financial and accounting regulators to address audit quality. Moreover, they are actively […] The post Auditing reforms in 2023 and the use of audit analytics appeared first on SafePaaS.

Accountability 96

Accountability 96

Security Affairs

JULY 21, 2023

The US CISA warns of cyber attacks targeting Citrix NetScaler Application Delivery Controller (ADC) and Gateway devices. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warning of cyber attacks against Citrix NetScaler Application Delivery Controller (ADC) and Gateway devices exploiting recently discovered zero-day CVE-2023-3519. The Agency states that threat actors targeted a NetScaler ADC appliance deployed in the network of a critical infrastructure organization.

VPN 84

VPN Cyber Attacks DNS Software 84

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.