Krebs on Security

JUNE 27, 2023

Joseph James “PlugwalkJoe” O’Connor , a 24-year-old from the United Kingdom who earned his 15 minutes of fame by participating in the July 2020 hack of Twitter , has been sentenced to five years in a U.S. prison. That may seem like harsh punishment for a brief and very public cyber joy ride. But O’Connor also pleaded guilty in a separate investigation involving a years-long spree of cyberstalking and cryptocurrency theft enabled by “ SIM swapping ,” a crime wh

Cryptocurrency 217

Cryptocurrency Accountability Mobile Hacking 217

Schneier on Security

JUNE 27, 2023

Don’t do it : Recently, the manager of the Harvard Med School morgue was accused of stealing and selling human body parts. Cedric Lodge and his wife Denise were among a half-dozen people arrested for some pretty grotesque crimes. This part is also at least a little bit funny though: Over a three-year period, Taylor appeared to pay Denise Lodge more than $37,000 for human remains.

212

212

The Last Watchdog

JUNE 27, 2023

Westford, Mass., June 27, 2023 – The industry is vying for ever-increasing gigabyte capacities. And yet there are countless applications that only require a fraction of this storage space. Typical applications include green IIoT technologies like charging stations, smart meters, and PV inverters, for which only a small amount of memory is required to run boot software or to communicate with cloud applications.

IoT 184

IoT Manufacturing Media Technology 184

Tech Republic Security

JUNE 27, 2023

The FIDO Alliance’s Andrew Shikiar explains how passkeys are quickly replacing passwords as the next-generation login, a low friction, high security protocol for any device. The post How FIDO2 Powers Up Passkeys Across Devices appeared first on TechRepublic.

Passwords 175

Passwords 175

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Bleeping Computer

JUNE 27, 2023

A new process injection technique named 'Mockingjay' could allow threat actors to bypass EDR (Endpoint Detection and Response) and other security products to stealthily execute malicious code on compromised systems. [.

142

142

Tech Republic Security

JUNE 27, 2023

DLP helps organizations protect their sensitive data. Learn about the best practices and tools available to prepare for and prevent data loss. The post What is Data Loss Prevention (DLP)? appeared first on TechRepublic.

Big data 166

Big data 166

Tech Republic Security

JUNE 27, 2023

Syxsense now offers more IT and endpoint management functions, including mobile device management, automation, remediation and zero trust. The post Syxsense Unveils Novel Unified Endpoint Management Strategy appeared first on TechRepublic.

Mobile 139

Mobile Cybersecurity 139

Bleeping Computer

JUNE 27, 2023

Siemens Energy has confirmed that data was stolen during the recent Clop ransomware data-theft attacks using a zero-day vulnerability in the MOVEit Transfer platform. [.

Data breaches 131

Data breaches Ransomware 131

The Last Watchdog

JUNE 27, 2023

Porto, Portugal, June 27 th 2023– Jscrambler , a leading solution for JavaScript protection and real-time webpage monitoring, today announces the launch and immediate availability of its free PCI DSS JavaScript Compliance Tool to ensure granular and flexible capacity to meet the stringent new requirements introduced by version 4.0 of the Payment Card Industry Data Security Standards (PCI DSS v4.0).

Retail 100

Retail Security Defenses Banking Media 100

InfoWorld on Security

JUNE 27, 2023

The studies are coming fast these days. Thales Global Cloud Security Study for 2022 found that during the past 12 months, 45% of businesses have experienced a cloud data breach or failed to perform audits. (It would have been nice for this number to be broken out.) If you’ve been watching this space, it was only 5% off from the previous year. What gives?

Data breaches 121

Data breaches 121

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Dark Reading

JUNE 27, 2023

Organizations are largely deluded about their own security postures, according to an analysis, with the average SIEM failing to detect a whopping 76% of attacker TTPs.

123

123

Bleeping Computer

JUNE 27, 2023

Censys researchers have discovered hundreds of Internet-exposed devices on the networks of U.S. federal agencies that have to be secured according to a recently issued CISA Binding Operational Directive. [.

Internet 118

Internet Internet 118

Dark Reading

JUNE 27, 2023

By investing in a strong future cybersecurity workforce, we can prevent future attacks on US critical infrastructure before they occur.

Education 131

Education Cybersecurity 131

eSecurity Planet

JUNE 27, 2023

Security information and event management (SIEM) systems only have detections for 24 percent of the 196 techniques in MITRE ATT&CK v13, according to a new report. “This implies that adversaries can execute around 150 different techniques that will be undetected by the SIEM,” says the CardinalOps report. “Or stated another way, SIEMs are only covering around 50 techniques out of all the techniques that can potentially be used by adversaries.” The Third Annual Report on

Financial Services 109

Financial Services Engineering Insurance Manufacturing 109

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Security Boulevard

JUNE 27, 2023

Cybersecurity and compliance are two of the most daunting aspects of modern enterprises. There are a number of reasons for this. First, both compliance and cybersecurity risk can be difficult to keep up with. On one hand, there is an endless stream of evolving cybersecurity threats hammering businesses from all sides; on the other, regulation. The post 6 Attributes to Look for in a GRC Platform appeared first on Security Boulevard.

Risk 109

Risk Cybersecurity Government 109

CyberSecurity Insiders

JUNE 27, 2023

With the increasing prevalence of smartphones in our daily lives, they have become an integral part of our communication, productivity, and personal data storage. However, as the digital landscape evolves, so do the threats that target our devices. One such threat is smartphone ransomware, a malicious software that can wreak havoc on our digital lives.

Ransomware 107

Ransomware Antivirus Backups Encryption 107

We Live Security

JUNE 27, 2023

The beginning of the summer break is the perfect time for parents to remind their children about the importance of safe online habits The post School’s out for summer, but it’s not time to let your cyber guard down appeared first on WeLiveSecurity

106

106

IT Security Guru

JUNE 27, 2023

Six years have passed since the infamous NotPetya cyber attack sent shockwaves through the cybersecurity landscape. Initially disguised as ransomware, NotPetya quickly revealed its true destructive nature, spreading damage to businesses and governments around the world, resulting in billions of dollars in losses. Six years later, the impact of the NotPetya attack is still being felt, and the lessons learned from this incident continue to shape the way we approach cybersecurity.

Cyber Attacks 100

Cyber Attacks Malware Ransomware Risk 100

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

WIRED Threat Level

JUNE 27, 2023

Fifty years ago, a fire ripped through the National Personnel Records Center. It set off a massive project to save crucial pieces of American history—including, I hoped, my grandfather’s.

99

99

The Hacker News

JUNE 27, 2023

A new process injection technique dubbed Mockingjay could be exploited by threat actors to bypass security solutions to execute malicious code on compromised systems. "The injection is executed without space allocation, setting permissions or even starting a thread," Security Joes researchers Thiago Peixoto, Felipe Duarte, and Ido Naor said in a report shared with The Hacker News.

Malware 98

Malware 98

Security Boulevard

JUNE 27, 2023

The process of attaining Essential 8 (E8) compliance and what it could mean for your business. The post Essential 8 Maturity Model: Achieving Cyber Security Excellence appeared first on Scytale. The post Essential 8 Maturity Model: Achieving Cyber Security Excellence appeared first on Security Boulevard.

Cybersecurity 98

Cybersecurity 98

Dark Reading

JUNE 27, 2023

In a move to embarrass the city, hacking group known as SiegedSec accessed thousands of files with administrator logins, but it's making no ransom demands.

Hacking 106

Hacking 106

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

Security Affairs

JUNE 27, 2023

Mockingjay is a new process injection technique that can be exploited to bypass security solutions to execute malware on compromised systems. A new process injection technique dubbed Mockingjay can be exploited by attackers to bypass security controls and gain unauthorized access to compromised systems. The term process injection is used to refer to a method used to inject malicious code into the memory space of a process.

Software 97

Software Malware Hacking Cybercrime 97

Bleeping Computer

JUNE 27, 2023

Microsoft has released the optional KB5027293 Preview cumulative update for Windows 10 22H2 with three new features and 11 additional fixes or changes. [.

105

105

Malwarebytes

JUNE 27, 2023

Online content is largely powered and paid for by advertising. Almost every site you visit, every forum you browse, and even the online stores you buy things from is an advert extravaganza, and they don’t just stop at showing cool offers for shirts at 50% off. The scaffolding the adverts sit on goes out of its way to track you, tie you to clicks, associations, and more.

Adware 95

Adware Advertising Marketing Scams 95

Security Affairs

JUNE 27, 2023

Clop ransomware group added five new victims of MOVEit attacks to its dark web leak site, including Schneider Electric and Siemens Energy. The Clop ransomware group added five new victims of MOVEit attacks to its dark web leak site, including the industrial giants Schneider Electric and Siemens Energy. Both Schneider Electric and Siemens Energy provide Industrial Control Systems (ICS) that are used in critical national infrastructure worldwide.

Ransomware 94

Ransomware Government Cybercrime Hacking 94

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Bleeping Computer

JUNE 27, 2023

Microsoft has released the June 2023 optional cumulative update for Windows 11, version 22H2, which enables the recently announced new Moment 3 fixes, improvements, and new features. [.

94

94

Security Affairs

JUNE 27, 2023

An unnamed Japanese cryptocurrency exchange was the victim of a cyber attack aimed at deploying an Apple macOS backdoor named JokerSpy. Elastic Security Labs researchers provided details about a recently discovered intrusion at an unnamed cryptocurrency exchange, aimed at deploying an Apple macOS backdoor named JokerSpy. The researchers tracked the intrusion as REF9134, the threat actors used the sh.py backdoor to deploy the macOS Swiftbelt enumeration tool.

Cryptocurrency 93

Cryptocurrency Spyware Malware Architecture 93

CyberSecurity Insiders

JUNE 27, 2023

Google’s AI push in its search engine algorithms has made Bernstein the wealth management company downgrade the technology giant’s parent company Alphabet. Resulting in the value cut of shares by 1.5 percent that will closely mimic in the market performance over outperform results. The reason for the market research company to downgrade the value of the internet juggernaut at the Wall Street stock exchange is the risks involved with the over-indulgence in Artificial Intelligence that might also

Artificial Intelligence 92

Artificial Intelligence Marketing Internet Internet 92

Dark Reading

JUNE 27, 2023

The attack exposed personal information from pilot applicants, prompting both airlines to ditch their third-party provider and move services internally.

Hacking 98

Hacking 98

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.