Joseph Steinberg

DECEMBER 2, 2022

I am happy (and proud) to announce that SecureMySocial, a cybersecurity company that I co-founded, has been issued its fifth United States patent for social media security. The patent was issued by the United States Patent Office on September 6th, 2022, with a priority date going back over a decade, to June of 2012. Patent number US 11,438,334 entitled Systems and Methods for Securing Social Media for Users and Businesses and Rewarding for Enhancing Security , discloses a robust invention that a

Media 246

Media Technology Artificial Intelligence Cybersecurity 246

Schneier on Security

DECEMBER 2, 2022

We know that complexity is the worst enemy of security, because it makes attack easier and defense harder. This becomes catastrophic as the effects of that attack become greater. In A Hacker’s Mind (coming in February 2023), I write: Our societal systems, in general, may have grown fairer and more just over the centuries, but progress isn’t linear or equitable.

Risk 241

Risk Technology Hacking 241

Security Affairs

DECEMBER 2, 2022

Qualys researchers demonstrated how to chain a new Linux flaw with two other two issues to gain full root privileges on an impacted system. Researchers at the Qualys’ Threat Research Unit demonstrated how to chain a new Linux vulnerability, tracked as CVE-2022-3328 , with two other flaws to gain full root privileges on an affected system. The vulnerability resides in the snap-confine function on Linux operating systems, a SUID-root program installed by default on Ubuntu.

Hacking 145

Hacking Information Security 145

Schneier on Security

DECEMBER 2, 2022

The company was hacked , and customer information accessed. No passwords were compromised.

Passwords 263

Passwords Hacking 263

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

InfoWorld on Security

DECEMBER 2, 2022

There seems to be a clear trend in the world of cloud computing to return to IT fundamentals—the core problems that IT was set up to solve, such as data management, security, operations, governance, and development. All these things have been practiced for many decades and should be practiced now. The issue is not that IT is ignoring the fundamentals as they build and deploy major business systems in the cloud.

Artificial Intelligence 132

Artificial Intelligence Technology Government 132

Security Boulevard

DECEMBER 2, 2022

Eufy home security cameras and doorbells are insecure: They send your photos to the cloud without permission and serve up video across the internet without encryption. The post More Lies: Anker’s Eufy Pants on Fire — ‘No Cloud’ Cams Send to Cloud appeared first on Security Boulevard.

Internet 120

Internet Internet Encryption Social Engineering 120

Security Boulevard

DECEMBER 2, 2022

The Cybersecurity and Infrastructure Security Agency (CISA) issued an advisory calling for increased consumer vigilance as malicious actors attempt to take advantage of unsuspecting holiday shoppers through malicious links, fake websites and other forms of cybercrime. The CISA outlined a handful of preventative actions for consumers, including checking personal devices, shopping from trusted sources, using.

Scams 117

Scams Cybercrime Cybersecurity Social Engineering 117

Naked Security

DECEMBER 2, 2022

We grabbed the update, based on no information at all, just in case we came across a reason to advise you not to. So far, so good.

139

139

Security Boulevard

DECEMBER 2, 2022

Software composition analysis is an essential part of application security. Here are the important factors to consider when selecting an SCA scanner to be sure it is well-suited to your needs. The post 9 Things to Consider When Choosing an SCA Tool appeared first on Security Boulevard.

Software 116

Software 116

Bleeping Computer

DECEMBER 2, 2022

The Spanish National Police have arrested 55 members of the 'Black Panthers' cybercrime group, including one of the organization's leaders based in Barcelona. [.].

Cybercrime 122

Cybercrime 122

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

CyberSecurity Insiders

DECEMBER 2, 2022

New malware is on the prowl and is seen spreading malicious software in disguise of applications meant for teaching, reading, and other education-related activities. In particular, the apps targeted users from Vietnam and infected about 300,000 devices in over 71 countries just to steal Facebook(FB) credentials. ZIMPERIUM is the firm that conducted the study and discovered the infection in the wild in 2018.

Accountability 115

Accountability Malware Education Software 115

Bleeping Computer

DECEMBER 2, 2022

A new residential proxy market is becoming popular among hackers, cybercriminals, phishers, scalpers, and scammers, selling access to a million claimed proxy IP addresses worldwide. [.].

Marketing 116

Marketing 116

Security Boulevard

DECEMBER 2, 2022

Australia’s cybersecurity, government, and critical infrastructure communities are joining forces in a collaborative effort to uplift the nation’s human-cyber resilience. Last week DTEX Systems joined the Australian Cyber Collaboration Centre, MITRE Corporation, Providence Consulting Group, and other industry and government delegates in Melbourne for a discussion on Australia’s Security of Critical Infrastructure (SOCI) Act reforms. … Continued.

Government 113

Government Cybersecurity 113

Bleeping Computer

DECEMBER 2, 2022

This week's big news was the Colombia health system being severely disrupted by a ransomware attack on Keralty, one of the country's largest healthcare providers. [.].

Ransomware 118

Ransomware Healthcare 118

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

CSO Magazine

DECEMBER 2, 2022

Using multi-factor authentication (MFA) is one of the key components of an organizations Identity and Access Management (IAM) program to maintain a strong cybersecurity posture. Having multiple layers to verify users is important, but MFA fatigue is also real and can be exploited by hackers. Enabling MFA for all accounts is a best practice for all organizations, but the specifics of how it is implemented are significant because attackers are developing workarounds.

Authentication 111

Authentication Accountability Cybersecurity 111

The Hacker News

DECEMBER 2, 2022

The new Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA) requires CISA to create rules regarding cyber incident reporting by critical infrastructure organizations. The RFI and hearings precede a Notice of Proposed Rulemaking (NPRM) that CISA must publish sooner than 24 months from the enactment of CIRCIA, which the President signed into law in March.

110

110

Graham Cluley

DECEMBER 2, 2022

Researchers investigating a newly-discovered botnet have admitted that they "accidentally" broke. Read more in my article on the Tripwire State of Security blog.

DDOS 112

DDOS 112

The Hacker News

DECEMBER 2, 2022

Platform certificates used by Android smartphone vendors like Samsung, LG, and MediaTek have been found to be abused to sign malicious apps. The findings were first discovered and reported by Google reverse engineer ?ukasz Siewierski on Thursday.

Malware 107

Malware Engineering 107

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

SecureList

DECEMBER 2, 2022

It would hardly be an exaggeration to say that the phrase “indicators of compromise” (or IOCs) can be found in every report published on the Securelist. Usually after the phrase there are MD5 hashes [1] , IP addresses and other technical data that should help information security specialists to counter a specific threat. But how exactly can indicators of compromise help them in their everyday work?

Cyber threats 105

Cyber threats DNS Technology Engineering 105

The Hacker News

DECEMBER 2, 2022

IBM has fixed a high-severity security vulnerability affecting its Cloud Databases (ICD) for PostgreSQL product that could be potentially exploited to tamper with internal repositories and run unauthorized code. The privilege escalation flaw (CVSS score: 8.

103

103

Dark Reading

DECEMBER 2, 2022

A do-it-yourself machine-learning system helped a French bank detect three types of exfiltration attacks missed by current rules-based systems, attendees will learn at Black Hat Europe.

Banking 102

Banking 102

Malwarebytes

DECEMBER 2, 2022

Synopsis has published an advisory warning of multiple vulnerabilities across three different Android remote mouse and keyboard apps with a combined install count of about two million. The apps are at risk from remote code execution (RCE), and there’s no sign of a fix coming anytime, ever. Bleeping Computer notes that the issues were first discovered and reported to the developers in August.

Authentication 98

Authentication Passwords Malware Risk 98

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

Bleeping Computer

DECEMBER 2, 2022

American cloud computing services provider Rackspace says an ongoing outage affecting its hosted Microsoft Exchange environments and likely thousands of customers was caused by a security incident. [.].

Technology 98

Technology 98

SecureBlitz

DECEMBER 2, 2022

This post will show you 6 ways to protect your business from phishing attacks… Phishing attacks, if successful, can be quite harmful to your business. Statistics indicate that over 70% of phishing emails are opened, and 90% of security breaches in organizations are due to phishing attacks. As a result, small and medium-sized businesses averagely […].

Phishing 98

Phishing Cybersecurity Hacking 98

Security Boulevard

DECEMBER 2, 2022

Built-in authentication security mechanisms are like the DNA of a technology platform. They are integral to the success of a platform and have been present since their inception. Every business prioritizes digital transformation, which means every industry has been putting extra effort into fostering positive customer experience. And this is visible in the speed at.

Authentication 97

Authentication Digital transformation Technology Cybersecurity 97

The Hacker News

DECEMBER 2, 2022

Search giant Google on Friday released an out-of-band security update to fix a new actively exploited zero-day flaw in its Chrome web browser. The high-severity flaw, tracked as CVE-2022-4262, concerns a type confusion bug in the V8 JavaScript engine. Clement Lecigne of Google's Threat Analysis Group (TAG) has been credited with reporting the issue on November 29, 2022.

Engineering 96

Engineering 96

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Bleeping Computer

DECEMBER 2, 2022

One of the easier ways to steal a user's credentials is through a convincing fake login page or application. To help combat the constant risk of password theft, Microsoft added enhanced phishing protection in Windows 11 Version 22H2. [.].

Passwords 91

Passwords Phishing Risk 91

Security Boulevard

DECEMBER 2, 2022

via the webcomic talent of the inimitable Daniel Stori at Turnoff.U S ! Permalink. The post Daniel Stori’s Turnoff.US – ‘inside The Linux Kernel’ appeared first on Security Boulevard.

89

89

The Hacker News

DECEMBER 2, 2022

Old technology solutions – every organization has a few of them tucked away somewhere. It could be an old and unsupported storage system or a tape library holding the still-functional backups from over 10 years ago. This is a common scenario with software too. For example, consider an accounting software suite that was extremely expensive when it was purchased.

Backups 90

Backups Software Accountability Technology 90

Bleeping Computer

DECEMBER 2, 2022

The Department of Homeland Security (DHS) Cyber Safety Review Board will review attacks linked to an extortion group known as Lapsus$, which breached multiple high-profile companies in recent attacks. [.].

Hacking 89

Hacking 89

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.