Schneier on Security

JUNE 6, 2024

The US is using a World War II law that bans aircraft photography of military installations to charge someone with doing the same thing with a drone.

321

321

Troy Hunt

JUNE 6, 2024

I just watched back a little segment from this week's video and somehow landed at exactly the point where I said "I am starting to lose my patience with repeating the same thing over and over again" (about 46 mins if you want to skip to it), which is precisely how I wanted to start this post. In running HIBP for the last 10 and a bit years, there have been so many breaches where people have asked for the data within them beyond just the email address to be made available.

Risk 291

Risk 291

Tech Republic Security

JUNE 6, 2024

Both the promise and the risk of "human-level" AI has always been part of OpenAI’s makeup. What should business leaders take away from this letter?

Risk 211

Risk Artificial Intelligence Big data 211

Malwarebytes

JUNE 6, 2024

Microsoft’s Recall feature has been criticized heavily by pretty much everyone since it was announced last month. Now, researchers have demonstrated the risks by creating a tool that can find, extract, and display everything Recall has stored on a device. For those unaware, Recall is a feature within what Microsoft is calling its “Copilot+ PCs,” a reference to the AI assistant and companion which the company released in late 2023.

Identity Theft 145

Identity Theft Risk Spyware Passwords 145

Speaker: Erroll Amacker

Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.

Risk

Tech Republic Security

JUNE 6, 2024

1Password’s top-tier security and sleek user interface make it a solid password manager to try this year. Read our hands-on 1Password review to learn more.

Password Management 190

Password Management Passwords 190

WIRED Threat Level

JUNE 6, 2024

A new discovery that the AI-enabled feature's historical data can be accessed even by hackers without administrator privileges only contributes to the growing sense that the feature is a “dumpster fire.

Hacking 144

Hacking 144

WIRED Threat Level

JUNE 6, 2024

The number of alleged hacks targeting the customers of cloud storage firm Snowflake appears to be snowballing into one of the biggest data breaches of all time.

Data breaches 140

Data breaches Hacking 140

The Hacker News

JUNE 6, 2024

The distributed denial-of-service (DDoS) botnet known as Muhstik has been observed leveraging a now-patched security flaw impacting Apache RocketMQ to co-opt susceptible servers and expand its scale.

DDOS 134

DDOS IoT Cryptocurrency 134

Malwarebytes

JUNE 6, 2024

Following their divorce, a husband carried out a campaign of stalking and abuse against his ex-wife—referred to only as “S.K.”—by allegedly hiding seven separate Apple AirTags on or near her car, according to documents filed by US prosecutors for the Eastern District of Pennsylvania. The documents, unearthed by 404 Media in collaboration with Court Watch , reveal how everyday consumer tools, like Bluetooth trackers, are sometimes leveraged for abuse against spouses and romantic partners.

Government 132

Government Media Accountability Risk 132

The Hacker News

JUNE 6, 2024

Tom works for a reputable financial institution. He has a long, complex password that would be near-impossible to guess. He’s memorized it by heart, so he started using it for his social media accounts and on his personal devices too. Unbeknownst to Tom, one of these sites has had its password database compromised by hackers and put it up for sale on the dark web.

Passwords 132

Passwords Accountability Media 132

Advertisement

Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.

Cyber threats

Security Affairs

JUNE 6, 2024

A new Linux variant of the TargetCompany ransomware family targets VMware ESXi environments using a custom shell script. A new variant of the TargetCompany ransomware group uses a custom shell script as a means of payload delivery and execution, this is the first time the technique was observed in the wild. The script was also used for data exfiltration, the stolen data are sent to two different servers so the ransomware actors have a backup of the information.

Ransomware 132

Ransomware Encryption Backups Malware 132

Malwarebytes

JUNE 6, 2024

A cybercriminal using the handle Sp1d3r is offering to sell 3 TB of data taken from Advance Auto Parts, Inc. Advance Auto Parts is a US automotive aftermarket parts provider that serves both professional installers and do it yourself customers. Allegedly the customer data includes: Names Email addresses Phone numbers Physical address Orders Loyalty and gas card numbers Sales history The data set allegedly also includes information about 358,000 employees and candidates—which is a lot more than a

Data breaches 129

Data breaches Passwords Phishing Authentication 129

The Hacker News

JUNE 6, 2024

Google has announced plans to store Maps Timeline data locally on users' devices instead of their Google account effective December 1, 2024. The changes were originally announced by the tech giant in December 2023, alongside changes to the auto-delete control when enabling Location History by setting it to three months by default, down from the previous limit of 18 months.

Accountability 127

Accountability 127

Security Affairs

JUNE 6, 2024

Researchers believe the RansomHub ransomware-as-a-service is a rebranded version of the Knight ransomware operation. Cybersecurity experts who analyzed the recently emerged ransomware operation RansomHub speculate that is is a rebranded version of Knight ransomware. Knight, also known as Cyclops 2.0, appeared in the threat landscape in May 2023. The malware targets multiple platforms, including Windows, Linux, macOS, ESXi, and Android.

Ransomware 127

Ransomware Malware Healthcare Encryption 127

Advertisement

The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.

Cybersecurity

The Hacker News

JUNE 6, 2024

Learn about critical threats that can impact your organization and the bad actors behind them from Cybersixgill’s threat experts. Each story shines a light on underground activities, the threat actors involved, and why you should care, along with what you can do to mitigate risk.

Cyber Attacks 126

Cyber Attacks Risk 126

Security Boulevard

JUNE 6, 2024

There is still a significant gap between cybersecurity needs and available talent, according to Cyberseek, but organizations can expand the pool of candidates by training people for the jobs rather than just seek all the right credentials. The post Narrowing the Stubborn Cybersecurity Worker Gap appeared first on Security Boulevard.

Cybersecurity 126

Cybersecurity Security Awareness Network Security 126

The Hacker News

JUNE 6, 2024

Threat actors are increasingly abusing legitimate and commercially available packer software such as BoxedApp to evade detection and distribute malware such as remote access trojans and information stealers. "The majority of the attributed malicious samples targeted financial institutions and government industries," Check Point security researcher Jiri Vinopal said in an analysis.

Software 123

Software Malware Government 123

WIRED Threat Level

JUNE 6, 2024

ZeroMark wants to build a system that will let soldiers easily shoot a drone out of the sky with the weapons they’re already carrying—and venture capital firm a16z is betting the startup can pull it off.

121

121

Speaker: Sierre Lindgren

Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.

Scams

Security Boulevard

JUNE 6, 2024

Hyderabad, the fourth most populous city in India, is well-known for a variety of things, including its innovations, top colleges, and IT firms. Almost 3,500 cybersecurity businesses are based in the city, and many of them are brand-new startups. In order to shield companies from cyberattacks, the companies offer services including cloud protection, incident response, […] The post Best Cyber Security Companies in Hyderabad appeared first on Kratikal Blogs.

Cybersecurity 116

Cybersecurity 116

The Last Watchdog

JUNE 6, 2024

Identity and Access Management (IAM) is at a crossroads. Related: Can IAM be a growth engine? A new Forrester Trends Report dissects ten IAM trends now in play, notably how AI is influencing IAM technologies to meet evolving identity threats. IAM is a concept that arose in the 1970s when usernames and passwords first got set up to control access mainframe computers.

CISO 113

CISO Technology Threat Detection Engineering 113

SecureWorld News

JUNE 6, 2024

A major ransomware attack linked to the notorious Qilin cybercrime gang has disrupted pathology services for several large NHS hospital trusts in London this week. The attack, which began on Monday, June 3rd, has locked Synnovis—a provider of lab and pathology services—out of its systems, causing widespread disruptions for patients across the city. "On Monday 3 June, Synnovis was the victim of a ransomware cyberattack.

Ransomware 112

Ransomware Healthcare Cybercrime Encryption 112

Penetration Testing

JUNE 6, 2024

Cybersecurity firm DEVCORE has discovered a critical remote code execution vulnerability in the PHP programming language, a cornerstone of the web ecosystem. The vulnerability, tracked as CVE-2024-4577, could potentially allow unauthenticated attackers to take... The post CVE-2024-4577: Critical PHP Vulnerability Exposes Millions of Servers to RCE appeared first on Cybersecurity News.

Cybersecurity 111

Cybersecurity 111

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

Cisco Security

JUNE 6, 2024

Discover how the Cisco XDR and Meraki MX integration provides advanced threat detection and network insights. Join us at Cisco Live 2024 for a demo. Discover how the Cisco XDR and Meraki MX integration provides advanced threat detection and network insights. Join us at Cisco Live 2024 for a demo.

Threat Detection 109

Threat Detection 109

Security Boulevard

JUNE 6, 2024

A recent revelation in the cybersecurity realm uncovers a concerning development dubbed GHOSTENGINE, a cryptojacking campaign employing a sophisticated method to bypass security measures. In this blog, we’ll look at the GHOSTENGINE exploit in detail, shedding light on its modus operandi and implications for digital security. Understanding The GHOSTENGINE Exploit Cybersecurity researchers have unearthed […] The post GHOSTENGINE Exploit: Vulnerable Drivers Facing Attack appeared first on TuxCare

Cybersecurity 109

Cybersecurity Antivirus Cyber threats 109

Graham Cluley

JUNE 6, 2024

Did your company fall victim to the LockBit ransomware? Have cybercriminals left gigabytes of your data encrypted, with no easy route for recovery that doesn't involve paying a ransom? Well, don't fear. Read more in my article on the Tripwire State of Security blog.

Encryption 108

Encryption Ransomware Malware 108

Security Boulevard

JUNE 6, 2024

The vulnerability allows attackers to manipulate the AI service to steal data. CyRC recommends immediately removing the application to prevent exploitation. The post Prompt Injection Vulnerability in EmailGPT Discovered appeared first on Security Boulevard.

105

105

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

The Hacker News

JUNE 6, 2024

The threat actor known as Commando Cat has been linked to an ongoing cryptojacking attack campaign that leverages poorly secured Docker instances to deploy cryptocurrency miners for financial gain. "The attackers used the cmd.

Cryptocurrency 104

Cryptocurrency 104

Security Boulevard

JUNE 6, 2024

Identity and Access Management (IAM) is at a crossroads. Related: Can IAM be a growth engine? A new Forrester Trends Report dissects ten IAM trends now in play, notably how AI is influencing IAM technologies to meet evolving identity threats.… (more…) The post SHARED INTEL Q&A: Forrester report shows Identity and Access Management (IAM) in flux first appeared on The Last Watchdog.

Engineering 105

Engineering Technology 105

Bleeping Computer

JUNE 6, 2024

Attackers are targeting GitHub repositories, wiping their contents, and asking the victims to reach out on Telegram for more information. [.

99

99

Security Boulevard

JUNE 6, 2024

Authors/Presenters:Qi Xia, Qian Chen, Shouhuai Xu Many thanks to USENIX for publishing their outstanding USENIX Security ’23 Presenter’s content, and the organizations strong commitment to Open Access. Originating from the conference’s events situated at the Anaheim Marriott ; and via the organizations YouTube channel. Permalink The post USENIX Security ’23 – Near-Ultrasound Inaudible Trojan (Nuit): Exploiting Your Speaker to Attack Your Microphone appeared first on Security Boulevard.

Network Security 101

Network Security 101

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!