Schneier on Security

MAY 12, 2023

Ted Chiang has an excellent essay in the New Yorker : “Will A.I. Become the New McKinsey?” The question we should be asking is: as A.I. becomes more powerful and flexible, is there any way to keep it from being another version of McKinsey? The question is worth considering across different meanings of the term “A.I.” If you think of A.I. as a broad set of technologies being marketed to companies to help them cut their costs, the question becomes: how do we keep those technologies fro

Risk 250

Risk Software Technology Marketing 250

Tech Republic Security

MAY 12, 2023

Someone who gains physical access to an iPhone or Android phone could use the Phone Link app to spy on the user’s text messages, phone calls and notifications, says Certo. The post How cyberstalkers could access your iPhone using the Windows Phone Link app appeared first on TechRepublic.

Mobile 191

Mobile Software Cybersecurity 191

CyberSecurity Insiders

MAY 12, 2023

Automation transforms the audit experience. What was once a burden to bear becomes a competitive advantage that lets your company maximize every opportunity. Streamlining the audit process is not the only benefit compliance automation. From higher productivity to stronger security posture, automation improves your compliance program. Learn more about the benefits of compliance automation and then schedule a demo to see how you can streamline your audit processes.

Risk 139

Risk Software Cybersecurity 139

Bleeping Computer

MAY 12, 2023

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned today of a critical remote code execution (RCE) flaw in the Ruckus Wireless Admin panel actively exploited by a recently discovered DDoS botnet. [.

Wireless 136

Wireless DDOS Cybersecurity 136

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

We Live Security

MAY 12, 2023

Strike a balance between making the internet a safer place for your children and giving them the freedom to explore, learn and socialize The post Why you need parental control software – and 5 features to look for appeared first on WeLiveSecurity

Software 124

Software Internet Internet 124

CyberSecurity Insiders

MAY 12, 2023

Coming May 14th, 2023, most of the world will be celebrating Mother’s Day for this year. So, obviously many of the daughters and sons will be shopping to gift for their loved ones and this is where scammers will be preying on innocent victims by exploiting their sentiments on the special occasion. False online retailers, false ads related to holidays, fake coupons and gift cards, Facebook Marketplace scams, AI based voice scams, Impersonation threats, investments and delivery scams phishing are

Scams 122

Scams Retail Advertising Phishing 122

Security Boulevard

MAY 12, 2023

Insight #1 "Privacy is becoming a problem for many organizations. In a 2023 report by IAPP, 80% of consumers sometimes or always stop doing business with a company after a breach." Insight #2 "We need to start treating all data as regulated data and if you collect data for one purpose you cannot just use it for another purpose. This is especially important in thinking about your AI strategies.

CISO 111

CISO Cybersecurity 111

Bleeping Computer

MAY 12, 2023

Toyota Motor Corporation disclosed a data breach on its cloud environment that exposed the car-location information of 2,150,000 customers for ten years, between November 6, 2013, and April 17, 2023. [.

Data breaches 115

Data breaches 115

eSecurity Planet

MAY 12, 2023

A vulnerability management policy sets the ground rules for the process, minimum standards, and reporting requirements for vulnerability management. An effective vulnerability management policy can help with the cyclical process of discovering and managing vulnerabilities found within IT hardware, software, and systems. A documented policy enables IT teams to create a trackable and repeatable process that meets the expectations of executives and conforms to compliance requirements.

Penetration Testing 109

Penetration Testing Risk Cybersecurity Government 109

The Hacker News

MAY 12, 2023

As many as five security flaws have been disclosed in Netgear RAX30 routers that could be chained to bypass authentication and achieve remote code execution.

Surveillance 115

Surveillance Malware Internet Internet 115

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

eSecurity Planet

MAY 12, 2023

eSecurity Planet may receive a commission from vendor links. Our recommendations are independent of any commissions, and we only recommend solutions we have personally used or researched and meet our standards for inclusion. How to use this template: Comments intended to guide understanding and use of this template will be enclosed in brackets “[…]” and the ‘company’ will be listed as [eSecurity Planet] throughout the document.

Penetration Testing 109

Penetration Testing Risk Firmware Software 109

The Hacker News

MAY 12, 2023

A previously undocumented and mostly undetected variant of a Linux backdoor called BPFDoor has been spotted in the wild, cybersecurity firm Deep Instinct said in a technical report published this week. "BPFDoor retains its reputation as an extremely stealthy and difficult-to-detect malware with this latest iteration," security researchers Shaul Vilkomir-Preisman and Eliran Nissan said.

Malware 107

Malware Cybersecurity 107

CyberSecurity Insiders

MAY 12, 2023

Being a mother and working in cybersecurity necessitates unique skillsets. As mothers, we understand time management, communication, and positive reinforcement. We emphasize the value of clear instructions and providing positive reinforcement. Mothers possess the capacity to remain calm and composed in any circumstance, while also possessing the skillset needed to coach, teach, or evaluate a situation.

Risk 104

Risk Cybersecurity Technology Threat Detection 104

Bleeping Computer

MAY 12, 2023

This week we have multiple reports of new ransomware families targeting the enterprise, named Cactus and Akira, both increasingly active as they target the enterprise. [.

Ransomware 104

Ransomware 104

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Graham Cluley

MAY 12, 2023

Cybercriminals have developed a new malware threat which can steal highly sensitive data from the Mac computers it infects.

Malware 122

Malware Passwords 122

The Hacker News

MAY 12, 2023

Cybersecurity researchers have discovered an ongoing phishing campaign that makes use of a unique attack chain to deliver the XWorm malware on targeted systems. Securonix, which is tracking the activity cluster under the name MEME#4CHAN, said some of the attacks have primarily targeted manufacturing firms and healthcare clinics located in Germany.

Malware 99

Malware Healthcare Manufacturing Phishing 99

Security Boulevard

MAY 12, 2023

The era of remote work was the catalyst for many workplace changes. As businesses navigate this landscape, IT systems are subject to a sudden increase in cybersecurity attacks. This further encouraged IT leaders to dive deeper into their security strategy and evaluate vulnerable endpoints. As per a study conducted by Ponemon Institute in 2022, as. The post Upgrading Your Endpoint Management Security Strategy appeared first on Security Boulevard.

Cybersecurity 98

Cybersecurity 98

Security Affairs

MAY 12, 2023

The leak of the source code of the Babuk ransomware allowed 9 ransomware gangs to create their own ransomware targeting VMware ESXi systems. SentinelLabs researchers have identified 10 ransomware families using VMware ESXi lockers based on the source code of the Babuk ransomware that was leaked in 2021. The experts pointed out that these ransomware families were detected through H2 2022 and H1 2023, a circumstance that suggests that an increasing number of threat actors is using the source code

Ransomware 97

Ransomware Encryption Hacking Cybersecurity 97

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Security Boulevard

MAY 12, 2023

Enterprise companies are increasing spending on software-as-a-service (SaaS) tools to enhance employee productivity and drive digital transformation projects. In doing so, IT teams are facing new challenges to ensure the right level of access to the right people at the right time. This results in headaches for CIOs and CISOs who want to ensure organizations.

Government 97

Government Digital transformation CISO Software 97

Malwarebytes

MAY 12, 2023

YouTube is dipping a toe into the muddy waters of ad-blocker blocking, with ad-blocker using Redditors complaining about a popup that warns "Ad blockers are not allowed on YouTube," when they visit the site. (Image source: Reddit user Sazk100 ) The popup message explains that "Ads allow YouTube to stay free for billions of users worldwide," and invites users who want to be ad-free to take out a YouTube Premium subscription.

Scams 97

Scams Malware Risk 97

Security Affairs

MAY 12, 2023

Email-based threats have become increasingly sophisticated, how is changing the Email Security Landscape? For over a decade, email has been a common source of cybersecurity threats. During that time, email-based threats have become increasingly sophisticated. What started as notes from Nigerian princes that needed large sums of money to help them get home has evolved into bad actors that use refined social engineering tactics to convince the receiver to unknowingly share important information.

Phishing 91

Phishing Social Engineering Small Business B2B 91

We Live Security

MAY 12, 2023

What have some of the world's most infamous advanced threat actors been up to and what might be the implications of their activities for your business?

101

101

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

Security Affairs

MAY 12, 2023

Swiss electrification and automation technology giant ABB suffered a Black Basta ransomware attack that impacted its business operations. Swiss multinational company ABB, a leading electrification and automation technology provider, it the last victim of the notorious Black Basta ransomware group. The company has more than 105,000 employees and has $29.4 billion in revenue for 2022.

Ransomware 89

Ransomware VPN Hacking Technology 89

The Hacker News

MAY 12, 2023

In today's interconnected world, where organisations regularly exchange sensitive information with customers, partners and employees, secure collaboration has become increasingly vital. However, collaboration can pose a security risk if not managed properly. To ensure that collaboration remains secure, organisations need to take steps to protect their data.

Risk 88

Risk 88

Security Affairs

MAY 12, 2023

U.S. CISA and FBI warned of attacks conducted by the Bl00dy Ransomware Gang against the education sector in the country. The FBI and CISA issued a joint advisory warning that the Bl00dy Ransomware group is actively targeting the education sector by exploiting the PaperCut remote-code execution vulnerability CVE-2023-27350. The Bl00dy ransomware has been active since May 2022, it has been the first group that started using the leaked LockBit ransomware builder in attacks in the wild.

Education 84

Education Ransomware Encryption Malware 84

The Hacker News

MAY 12, 2023

U.S. cybersecurity and intelligence agencies have warned of attacks carried out by a threat actor known as the Bl00dy Ransomware Gang that attempt to exploit vulnerable PaperCut servers against the education facilities sector in the country.

Education 88

Education Ransomware Cybersecurity 88

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Heimadal Security

MAY 12, 2023

With the “detect early” and “respond fast” capabilities in your mind, you may wonder what to choose from the XDR vs SIEM vs SOAR options. A good Detection and Response (D&R) solution is essential for your company’s cybersecurity posture. As you can achieve the goal of detecting security threats, responding to them, and preventing proactively […] The post XDR vs SIEM vs SOAR: A Comparison appeared first on Heimdal Security Blog.

Cybersecurity 87

Cybersecurity 87

Bleeping Computer

MAY 12, 2023

The FBI and CISA issued a joint advisory to warn that the Bl00dy Ransomware gang is now also actively exploiting a PaperCut remote-code execution vulnerability to gain initial access to networks. [.

Education 87

Education Ransomware 87

Dark Reading

MAY 12, 2023

Dubbed "ChattyGoblin," the China-backed actors use chatbots to scam Southeast Asian gambling companies.

Scams 108

Scams 108

Heimadal Security

MAY 12, 2023

ABB, a leading provider of electrification and automation technology, has been hit by a Black Basta ransomware attack, which has reportedly affected business operations. As part of its services, ABB develops industrial control systems (ICS) and SCADA systems for manufacturers and energy suppliers. The company has approximately 105,000 employees and is expected to generate $29.4 […] The post Black Basta Ransomware Attacks Global Technology Company ABB appeared first on Heimdal Security Blog

Technology 80

Technology Ransomware Manufacturing Cybersecurity 80

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.