Krebs on Security
DECEMBER 14, 2022
The U.S. Department of Justice (DOJ) today seized four-dozen domains that sold “booter” or “stresser” services — businesses that make it easy and cheap for even non-technical users to launch powerful Distributed Denial of Service (DDoS) attacks designed knock targets offline. The DOJ also charged six U.S. men with computer crimes related to their alleged ownership of the popular DDoS-for-hire services.
Schneier on Security
DECEMBER 14, 2022
Last week, I hosted a two-day workshop on reimagining democracy. The idea was to bring together people from a variety of disciplines who are all thinking about different aspects of democracy, less from a “what we need to do today” perspective and more from a blue-sky future perspective. My remit to the participants was this: The idea is to start from scratch, to pretend we’re forming a new country and don’t have any precedent to deal with.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
The Last Watchdog
DECEMBER 14, 2022
There is much that can be gleaned from helping companies identify and manage their critical vulnerabilities 24X7. Related: The case for proactive pentests. Based on insights from our team of elite security researchers here at Bugcrowd, these are three trends gaining steam as 2022 comes to a close – trends that I expect to command much attention in 2023.
Krebs on Security
DECEMBER 14, 2022
Microsoft has released its final monthly batch of security updates for 2022, fixing more than four dozen security holes in its various Windows operating systems and related software. The most pressing patches include a zero-day in a Windows feature that tries to flag malicious files from the Web, a critical bug in PowerShell , and a dangerous flaw in Windows 11 systems that was detailed publicly prior to this week’s Patch Tuesday.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Schneier on Security
DECEMBER 14, 2022
Interesting discussion of vulnerabilities and exploits against Boston’s CharlieCard.
Tech Republic Security
DECEMBER 14, 2022
A password manager can be a useful and effective tool for creating, controlling and applying complex and secure passwords, but if you don’t use it the right way, you can open yourself up to account compromise and even identity theft. The post Improper use of password managers leaves people vulnerable to identity theft appeared first on TechRepublic.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Tech Republic Security
DECEMBER 14, 2022
As the SolarWinds and Log4j hacks show, vulnerabilities in open source software used in application development can open doors for attackers with vast consequences. A new study looks at the open source community’s efforts to “credit-rate” the risk. The post Open source code for commercial software applications is ubiquitous, but so is the risk appeared first on TechRepublic.
SecureList
DECEMBER 14, 2022
At this point, it has become cliché to say that nothing in 2022 turned out the way we expected. We left the COVID-19 crisis behind hoping for a long-awaited return to normality and were immediately plunged into the chaos and uncertainty of a twentieth-century-style military conflict that posed serious risks of spreading over the continent. While the broader geopolitical analysis of the war in Ukraine and its consequences are best left to experts, a number of cyberevents have taken place during t
Tech Republic Security
DECEMBER 14, 2022
New research from Proofpoint exposes a large shift in the TA453 threat actor’s modus operandi, which started conducting more hostile attacks. The post Iranian state-aligned threat actor targets new victims in cyberespionage and kinetic campaigns appeared first on TechRepublic.
Bleeping Computer
DECEMBER 14, 2022
Multiple editions of Windows 10 21H1 have reached their end of service (EOS) on this month's Patch Tuesday, as Microsoft reminded customers yesterday. [.].
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Security Boulevard
DECEMBER 14, 2022
Introduction In the cyber security space, one of the accepted realities is that to stay relevant, you must be constantly learning. Whether this is learning a new field, tool, or even just staying abreast of the latest emerging threats, you must always be learning. However, sometimes finding quality content to learn from can be tricky, […]. The post The 80 Best Cyber Security YouTube Channels appeared first on Cyborg Security.
Bleeping Computer
DECEMBER 14, 2022
QBot malware phishing campaigns have adopted a new distribution method using SVG files to perform HTML smuggling that locally creates a malicious installer for Windows. [.].
Heimadal Security
DECEMBER 14, 2022
GoTrim, a new Go-based botnet malware, scans the internet for WordPress websites and attempts to brute force the administrator’s password and take control of the site. Compromise means potential security risks, including malware deployment and injection of scripts that steal credit card information, being capable of impacting millions, depending on the popularity of the breached sites.
Bleeping Computer
DECEMBER 14, 2022
A hacking group tracked as MirrorFace has been targeting Japanese politicians for weeks before the House of Councilors election in July 2022, using a previously undocumented credentials stealer named 'MirrorStealer.' [.].
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Security Affairs
DECEMBER 14, 2022
Researchers discovered a new Go-based botnet, dubbed GoTrim, attempting to brute force WordPress websites. Fortinet FortiGuard Labs researchers spotted a new Go-based botnet, dubbed GoTrim, that has been spotted scanning and brute-forcing WordPress and OpenCart websites. The botnet was named GoTrim because it was written in Go and uses “:::trim::: ” to split data sent and received from the C2 server.
Security Boulevard
DECEMBER 14, 2022
Over a decade ago, the National Nuclear Security Administration began using “remote-managed hosted virtualization” to isolate risky web interactions from laboratory desktops used in nuclear research labs. This early version of remote browser isolation streamed website images from browsers located on remote servers to non-persistent virtual desktops located on users’ actual desktop devices.
Security Affairs
DECEMBER 14, 2022
The number of internet-facing cameras in the world is growing exponentially. Some of the most popular brands don’t enforce a strong password policy, meaning anyone can peer into their owners’ lives. Original post at [link]. When you spy on your neighborhood or your cafe customers, do you wonder if someone is watching Big Brother – you, in this case?
Security Boulevard
DECEMBER 14, 2022
Connected devices bring organizations more information and convenience, but they also increase an organization’s attack surface—and medical devices are no different. According to a survey released by reviews platform provider Capterra, as health care organizations connect more medical devices to their network, they are also attacked more often. Capterra’s 2022 Medical IoT Survey was conducted.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Bleeping Computer
DECEMBER 14, 2022
Unknown threat actors have uploaded a total of 144,294 phishing-related packages on the open-source package repositories NuGet, PyPI, and NPM. [.].
CSO Magazine
DECEMBER 14, 2022
A new ransomware group dubbed Royal that formed earlier this year has significantly ramped up its operations over the past few months and developed its own custom ransomware program that allows attackers to perform flexible and fast file encryption. "The Royal ransomware group emerged in early 2022 and has gained momentum since the middle of the year," researchers from security firm Cybereason said in a new report.
Bleeping Computer
DECEMBER 14, 2022
The National Security Agency (NSA), the Cybersecurity and Infrastructure Security Agency (CISA), and the Office of the Director of National Intelligence (ODNI), have published a joint report that highlights the most likely risks and potential threats in 5G network slicing implementations. [.].
CSO Magazine
DECEMBER 14, 2022
In a world before smartphones, social media, and hybrid workplaces, an acceptable use policy was a lot easier to write—and to enforce. These days, it’s a lot more complicated. Work can take place almost anywhere, on any number of devices. An employee can accept a job and then never physically set foot in the office, working from home (or the Caribbean) on their personal laptop.
Advertisement
The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.
eSecurity Planet
DECEMBER 14, 2022
Microsoft’s December 2022 Patch Tuesday includes fixes for over four dozen vulnerabilities, six of them critical – including a zero-day flaw in the SmartScreen security tool, CVE-2022-44698 , that’s being actively exploited. Regarding that flaw, Microsoft observed, “An attacker can craft a malicious file that would evade Mark of the Web (MOTW) defenses, resulting in a limited loss of integrity and availability of security features such as Protected View in Microsoft Office, whi
Dark Reading
DECEMBER 14, 2022
An emerging cybercriminal group linked with Conti has expanded its partial encryption strategy and demonstrates other evasive maneuvers, as it takes aim at healthcare and other sectors.
Security Affairs
DECEMBER 14, 2022
Apple rolled out security updates to iOS, iPadOS, macOS, tvOS, and Safari to fix a new actively exploited zero-day (CVE-2022-42856). Apple released security updates to address a new zero-day vulnerability, tracked as CVE-2022-42856, that is actively exploited in attacks against iPhones. The flaw is the tenth actively exploited zero-day vulnerability since the start of the year.
Security Boulevard
DECEMBER 14, 2022
Alphabet’s DeepMind brings us AlphaCode — another AI code-generating parlor trick. And, just like its large language model cousins, it can spit out buggy code. The post Ahoy! More insecure code washes ashore with AlphaCode appeared first on Security Boulevard.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
CyberSecurity Insiders
DECEMBER 14, 2022
Finland government has come forward to help Small and Medium Enterprises(SMEs) in bolstering their IT defense-line against cyber attacks. On December 12th if this year, the Ministry of Transport and Communications (MTC) launched a voucher-based scheme dubbed ‘Information Security Voucher’(ISV). The Finnish government launched the ISV initiative in collaboration with the National Cyber Security Centre(NCSC) and under this scheme will fund SMEs to upgrade their IT infrastructure in such a way that
Dark Reading
DECEMBER 14, 2022
The feds' mobile service provider guidance details cybersecurity threat vectors associated with 5G network slicing.
CSO Magazine
DECEMBER 14, 2022
Microsoft suspended several accounts on its hardware developer program that signed malicious drivers used by a ransomware group called Cuba to disable endpoint security tools. The driver certificates have been revoked and the drivers will be added to a blocklist that Windows users can optionally deploy. "In most ransomware incidents, attackers kill the target’s security software in an essential precursor step before deploying the ransomware itself," researchers from security firm Sophos said in
Security Affairs
DECEMBER 14, 2022
Microsoft released December 2022 Patch Tuesday security updates that fix 52 vulnerabilities across its products. Microsoft December 2022 Patch Tuesday security updates addressed 52 vulnerabilities in Microsoft Windows and Windows Components; Azure; Office and Office Components; SysInternals; Microsoft Edge (Chromium-based); SharePoint Server; and the.NET framework. 12 of these vulnerabilities were submitted through the ZDI program.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Expert insights. Personalized for you.
285 
Let's personalize your content