Joseph Steinberg

MARCH 13, 2023

As pretty much every professional knows, the cyber-threat landscape is constantly and rapidly evolving as hackers discover new techniques to breach organizations. While the introduction of artificial intelligence (AI) is certainly delivering many benefits to mankind, including in the realm of cybersecurity, it has also created all sorts of new risks as evildoers seek to harness AI for their illicit and harmful purposes.

Artificial Intelligence 221

Artificial Intelligence Cybersecurity Cyber threats Cybercrime 221

The Last Watchdog

MARCH 13, 2023

This year has kicked off with a string of high-profile layoffs — particularly in high tech — prompting organizations across all sectors to both consider costs and plan for yet another uncertain 12 or more months. Related: Attack surface management takes center stage. So how will this affect chief information security officers (CISOs) and security programs?

CISO 195

CISO Insurance Cybersecurity Risk 195

Tech Republic Security

MARCH 13, 2023

A new malware dubbed HiatusRAT infects routers to spy on its targets, mostly in Europe and in the U.S. Learn which router models are primarily targeted and how to protect from this security threat. The post New Hiatus malware campaign targets routers appeared first on TechRepublic.

Malware 148

Malware Cybersecurity Network Security 148

CSO Magazine

MARCH 13, 2023

Phishing attempts are typically like fishing in a barrel — given enough time, a bad actor is 100% likely to reel in a victim. Once they recognize organizations as habitually vulnerable, they will continue to target them and the barrel-fishing cycle goes on and on. “Bad actors are highly motivated and funded with the sole attempt to be successful at attracting only one victim,” says Johanna Baum, CEO and founder of Strategic Security Solutions Consulting.

Phishing 131

Phishing 131

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Tech Republic Security

MARCH 13, 2023

By exploiting webcams and other IoT devices, hackers can spy on private and professional conversations, potentially giving them access to sensitive information, says BitSight. The post How internet-facing webcams could put your organization at risk appeared first on TechRepublic.

Internet 140

Internet Internet Risk IoT 140

Identity IQ

MARCH 13, 2023

What to Do If Your Phone Is Lost or Stolen IdentityIQ Losing your phone can feel like the end of the world. One minute it’s in your pocket, and the next you can’t find it anywhere! Whether it was dropped somewhere, taken by someone, or completely disappeared into thin air, you’re now in a whirlwind of worry and frustration. No doubt you are concerned about the cost of replacing an expensive smartphone.

Identity Theft 104

Identity Theft Passwords Accountability Banking 104

ZoneAlarm

MARCH 13, 2023

A fake ChatGPT extension named “Quick access to ChatGPT” has been found to hijack Facebook business accounts. The extension injects malicious code into the Facebook pages of targeted businesses, allowing attackers to gain unauthorized access to the accounts and take over their management functions. This has led to multiple businesses reporting similar incidents of unauthorized … The post Fake ChatGPT browser extension is hijacking Facebook Business accounts appeared first on Zo

Accountability 102

Accountability Data privacy Mobile Cybersecurity 102

PCI perspectives

MARCH 13, 2023

Hello and welcome to Coffee with the Council. I’m Alicia Malone, Senior Manager of Public Relations at the PCI Security Standards Council. This month, we begin the election phase of the Council’s new Board of Advisors for the 2023 to 2025 term.

101

101

Bleeping Computer

MARCH 13, 2023

​Offensive Security has released ​Kali Linux 2023.1, the first version of 2023 and the project's 10th anniversary, with a new distro called 'Kali Purple,' aimed at Blue and Purple teamers for defensive security. [.

98

98

The Hacker News

MARCH 13, 2023

A fake ChatGPT-branded Chrome browser extension has been found to come with capabilities to hijack Facebook accounts and create rogue admin accounts, highlighting one of the different methods cyber criminals are using to distribute malware.

Advertising 98

Advertising Accountability Media Malware 98

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Security Boulevard

MARCH 13, 2023

In today’s digital age, businesses of all sizes rely heavily on cloud technology to store, process and access their critical data and applications. While cloud computing offers numerous benefits, it also poses significant security challenges that can jeopardize the confidentiality, integrity and availability of sensitive information. Cyberattacks are becoming more frequent and sophisticated, and businesses.

Technology 98

Technology Cybersecurity Network Security 98

Bleeping Computer

MARCH 13, 2023

Microsoft will soon fast-track multi-factor authentication (MFA) adoption for its Microsoft 365 cloud productivity platform by adding MFA capabilities to the Outlook email client. [.

Authentication 97

Authentication 97

Security Boulevard

MARCH 13, 2023

We surveyed 1,450 consumers globally to understand how they feel about emerging identity topics —. The post 3 key insights from the Entrust Cybersecurity Institute’s “Future of Identity” Report appeared first on Entrust Blog. The post 3 key insights from the Entrust Cybersecurity Institute’s “Future of Identity” Report appeared first on Security Boulevard.

Cybersecurity 97

Cybersecurity 97

Security Affairs

MARCH 13, 2023

A recently discovered Golang-based botnet, dubbed GoBruteforcer, is targeting web servers running FTP, MySQL, phpMyAdmin, and Postgres services Researchers from Palo Alto Networks Unit 42 recently discovered a Golang-based botnet, tracked as GoBruteforcer, which is targeting web servers running FTP, MySQL, phpMyAdmin, and Postgres services. In order to compromise a target system, the samples require special conditions on it, such as the use of specific arguments and targeted services already bei

Passwords 97

Passwords Malware Architecture Authentication 97

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Bleeping Computer

MARCH 13, 2023

Lending protocol Euler Finance was hit by a cryptocurrency flash loan attack on Sunday, with the threat actor stealing $197 million in multiple digital assets. [.

Cryptocurrency 103

Cryptocurrency 103

Security Boulevard

MARCH 13, 2023

There have been a slew of DDoS attacks recently that are serious, but to focus on the size of the latest attack is the wrong thing to do. What we need to focus on are the impacts of these attacks. Would the CFO consider the site being down for less than an hour to be. The post Let’s Stop Talking About the ‘Largest’ DDoS Attack appeared first on Security Boulevard.

DDOS 97

DDOS Security Awareness Risk Cybersecurity 97

Malwarebytes

MARCH 13, 2023

Becky Holmes knows how to throw a romance scammer off script—simply bring up cannibalism. In January, Holmes shared on Twitter that an account with the name "Thomas Smith" had started up a random chat with her that sounded an awful lot like the beginnins stages of a romance scam. But rather than instantly ignoring and blocking the advances—as Holmes recommends everyone do in these types of situations—she first had a little fun.

Scams 96

Scams Malware Accountability Cybersecurity 96

The Hacker News

MARCH 13, 2023

A widespread malicious cyber operation has hijacked thousands of websites aimed at East Asian audiences to redirect visitors to adult-themed content since early September 2022.

Cyber Attacks 93

Cyber Attacks Hacking 93

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Tech Republic Security

MARCH 13, 2023

PURPOSE This policy provides termination guidelines, including the process of disabling former employee access, reclaiming company equipment and finalizing payroll/benefits details. It complements our Employee termination checklist, which should be filled out by involved individuals/departments and can be printed or used in electronic format shared with appropriate personnel.

81

81

The Hacker News

MARCH 13, 2023

Government entities and large organizations have been targeted by an unknown threat actor by exploiting a security flaw in Fortinet FortiOS software to result in data loss and OS and file corruption.

Government 92

Government Software 92

Bleeping Computer

MARCH 13, 2023

Unknown attackers used zero-day exploits to abuse a new FortiOS bug patched this month in attacks targeting government and large organizations that have led to OS and file corruption and data loss. [.

Government 94

Government 94

The Hacker News

MARCH 13, 2023

Threat actors have been increasingly observed using AI-generated YouTube Videos to spread a variety of stealer malware such as Raccoon, RedLine, and Vidar.

Malware 98

Malware Software 98

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

Bleeping Computer

MARCH 13, 2023

NordVPN's Meshnet private tunnel feature for Windows, macOS, and Linux is now free for everyone, even users who do not have a subscription to NordVPN. [.

Technology 98

Technology Software 98

The Hacker News

MARCH 13, 2023

More than a dozen security flaws have been disclosed in E11, a smart intercom product made by Chinese company Akuvox. "The vulnerabilities could allow attackers to execute code remotely in order to activate and control the device's camera and microphone, steal video and images, or gain a network foothold," Claroty security researcher Vera Mens said in a technical write-up.

89

89

Malwarebytes

MARCH 13, 2023

According to information gathered by BleepingComputer , the Clop ransomware group has claimed responsibility for the ransomware attacks that are tied to a vulnerability in the Fortra GoAnywhere MFT secure file-sharing solution. As we reported on February 8, Fortra released an emergency patch (7.1.2) for an actively exploited zero-day vulnerability found in the GoAnywhere MFT administrator console.

Ransomware 88

Ransomware Backups Internet Internet 88

We Live Security

MARCH 13, 2023

Here’s how to know you have fallen victim to a scam – and what to do in order to undo or mitigate the damage.

Scams 113

Scams 113

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Bleeping Computer

MARCH 13, 2023

Today, the U.S. Cybersecurity & Infrastructure Security Agency (CISA) announced a new pilot program designed to help critical infrastructure entities protect their information systems from ransomware attacks. [.

Ransomware 86

Ransomware Cybersecurity 86

The Hacker News

MARCH 13, 2023

The National Institute of Standards and Technology (NIST) is one of the standard-bearers in global cybersecurity. The U.S.-based institute’s cybersecurity framework helps organizations of all sizes understand, manage, and reduce their cyber-risk levels and better protect their data. Its importance in the fight against cyberattacks can’t be overstated.

Cyber Risk 83

Cyber Risk Technology Risk Cybersecurity 83

Bleeping Computer

MARCH 13, 2023

Today, the U.S. Cybersecurity & Infrastructure Security Agency (CISA) announced a new pilot program designed to help critical infrastructure entities protect their information systems from ransomware attacks. [.

Ransomware 86

Ransomware Cybersecurity 86

Dark Reading

MARCH 13, 2023

Developers must balance creativity with security frameworks to keep applications safe. Correlating business logic with security logic will pay in safety dividends.

Penetration Testing 87

Penetration Testing 87

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.