Fri.Jan 20, 2023

article thumbnail

Real-World Steganography

Schneier on Security

From an article about Zheng Xiaoqing, an American convicted of spying for China: According to a Department of Justice (DOJ) indictment, the US citizen hid confidential files stolen from his employers in the binary code of a digital photograph of a sunset, which Mr Zheng then mailed to himself.

284
284
article thumbnail

T-Mobile’s SIXTH Breach in 5 years: 37M Users’ PII Leaks

Security Boulevard

The Un-carrier is In-secure, it seems. Un-believable. In-credibly in-competent. CEO Mike Sievert (pictured) might become un-CEO. The post T-Mobile’s SIXTH Breach in 5 years: 37M Users’ PII Leaks appeared first on Security Boulevard.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

ChatGPT’s Dark Side: An Endless Supply of Polymorphic Malware

eSecurity Planet

CyberArk researchers are warning that OpenAI’s popular new AI tool ChatGPT can be used to create polymorphic malware. “[ChatGPT]’s impressive features offer fast and intuitive code examples, which are incredibly beneficial for anyone in the software business,” CyberArk researchers Eran Shimony and Omer Tsarfati wrote this week in a blog post that was itself apparently written by AI. “However, we find that its ability to write sophisticated malware that holds no mali

Malware 136
article thumbnail

T-Mobile API Breach: Playing the Victim

Security Boulevard

I’m not sure what is less surprising, that a big company got hacked or that they are trying to play the victim. The headline is that T-Mobile acknowledged that data on roughly 37 million customers was stolen. The breach resulted from a “bad actor” abusing an API to gain access to the data. First, let’s. The post T-Mobile API Breach: Playing the Victim appeared first on Security Boulevard.

Mobile 134
article thumbnail

The Importance of User Roles and Permissions in Cybersecurity Software

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

article thumbnail

Get lifetime access to this powerful backup tool for $59.99

Tech Republic Security

This deal includes full licenses to Genie Timeline Pro 10 for three devices. The post Get lifetime access to this powerful backup tool for $59.99 appeared first on TechRepublic.

Backups 110
article thumbnail

CCTV Remote Surveillance Guide: Benefits of Remote Monitoring

Security Boulevard

Whether the project is a renovation, expansion or a new building, construction projects are typically time-consuming and expensive ventures. Active and ongoing construction projects are worth monitoring for security, accountability and liability. There are multiple ways that CCTV remote monitoring can benefit construction companies and property owners. 1.

More Trending

article thumbnail

3 Reasons to Integrate Access Control and Video Security

Security Boulevard

The average cost of data breaches rose to $4.35 million in 2022. To avoid a security breach, businesses need to rethink their approach to security, futureproofing their strategy against the modern threat climate. To improve your security strategy, you should consider the benefits of integrating access control and video security. There are three reasons access.

article thumbnail

Over 19,000 end-of-life Cisco routers exposed to RCE attacks

Bleeping Computer

Over 19,000 end-of-life Cisco VPN routers on the Internet are exposed to attacks targeting a remote command execution exploit chain. [.

VPN 138
article thumbnail

Album: Technical Analysis Of New Multifunctional Stealer

Security Boulevard

Information stealing malware is commonly observed in the landscape of cyber attacks today. Zscaler ThreatLabz team has discovered many new types of stealer malware families across different attack campaigns. Recently, the Zscaler ThreatLabz research team has spotted a new information stealer named Album. This blog will walk through the malware distribution campaigns and technical details of Album Stealer.

article thumbnail

The Small but Mighty Danger of Echo Chamber Extremism

WIRED Threat Level

Research shows that relatively few people exist in perfectly sealed-off media bubbles—but they’re still having an outsize impact on US politics.

Media 124
article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

FCC To Revamp Breach Reporting, Shorten Waiting Period

Security Boulevard

The Federal Communications Commission (FCC) is stepping up the pressure on telecom companies to immediately report breaches to law enforcement and consumers. Until now, telecoms have enjoyed a seven-day waiting period between discovering an intrusion and reporting it to users. In the nearly 15 years since the commission set reporting requirements, breaches have “increased in.

article thumbnail

Exploits released for two Samsung Galaxy App Store vulnerabilities

Bleeping Computer

Two vulnerabilities in the Galaxy App Store, Samsung's official repository for its devices, could enable attackers to install any app in the Galaxy Store without the user's knowledge or to direct victims to a malicious web location. [.

Mobile 113
article thumbnail

Are You Combining Your Online and Offline Marketing Efforts?

Security Boulevard

As you look to grow your business, you’ll likely strive to implement marketing efforts to reach new customers, raise visibility Read More The post Are You Combining Your Online and Offline Marketing Efforts? appeared first on Kaseya. The post Are You Combining Your Online and Offline Marketing Efforts? appeared first on Security Boulevard.

Marketing 117
article thumbnail

Should You Pay Your Credit Card Statement Balance or Current Balance?

Identity IQ

Should You Pay Your Credit Card Statement Balance or Current Balance? IdentityIQ Have you ever looked at your bank statement and wondered, what’s the difference between your statement balance and your current balance? Don’t worry. You’re not alone! In this blog, we’re breaking down the differences between a statement balance and a current balance.

Banking 104
article thumbnail

Cybersecurity Predictions for 2024

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

article thumbnail

The Evolution of Account Takeover Attacks: Initial Access Brokers for IoT

Dark Reading

Head off account takeover attacks by being proactive about IoT security. Start with designing and building better security protocols into IoT devices, always change weak default configurations, and regularly apply patches to ensure that IoT devices are secure.

IoT 103
article thumbnail

WhatsApp Hit with €5.5 Million Fine for Violating Data Protection Laws

The Hacker News

The Irish Data Protection Commission (DPC) on Thursday imposed fresh fines of €5.5 million against Meta's WhatsApp for violating data protection laws when processing users' personal information.

102
102
article thumbnail

T-Mobile has been hacked… again. 37 million customers’ data stolen

Graham Cluley

Wireless network operator T-Mobile has suffered yet another data breach. And we shouldn't be at all surprised if fraudsters use the information that they have stolen to send convincing phishing messages and scams.

Mobile 77
article thumbnail

Roaming Mantis Spreading Mobile Malware That Hijacks Wi-Fi Routers' DNS Settings

The Hacker News

Threat actors associated with the Roaming Mantis attack campaign have been observed delivering an updated variant of their patent mobile malware known as Wroba to infiltrate Wi-Fi routers and undertake Domain Name System (DNS) hijacking. Kaspersky, which carried out an analysis of the malicious artifact, said the feature is designed to target specific Wi-Fi routers located in South Korea.

DNS 102
article thumbnail

Beware of Pixels & Trackers on U.S. Healthcare Websites

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

article thumbnail

New Boldmove Linux malware used to backdoor Fortinet devices

Bleeping Computer

Suspected Chinese hackers exploited a recently disclosed FortiOS SSL-VPN vulnerability as a zero-day in December, targeting a European government and an African MSP with a new custom 'BOLDMOVE' Linux and Windows malware. [.

Malware 106
article thumbnail

Compromised Zendesk Employee Credentials Lead to Breach

Dark Reading

Zendesk has alerted customers to a successful SMS phishing campaign that has exposed "service data," but details remain scarce.

Phishing 120
article thumbnail

What Is a Brute Force Attack?

Heimadal Security

Brute force attacks are a persistent security threat that has evolved over the years as technology advances. In this article, we’ll explore what a brute force attack is, its modus operandi and variants, and what prevention strategies you can use to protect your data. What Is a Brute Force Attack? A brute force attack is […] The post What Is a Brute Force Attack?

article thumbnail

Ransomware payments down 40% in 2022 – Week in security with Tony Anscombe

We Live Security

Ransomware revenue plunges to $456 million in 2022 as more victims refuse to pay up. Here's what to make of the trend.

article thumbnail

5 Key Findings From the 2023 FBI Internet Crime Report

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

article thumbnail

Credit card fraud group member could get up to 30 years in jail

Malwarebytes

Card fraud, a staple diet of scammers online, is currently featuring heavily on the US Department of Justice portal. The reason? A story which has rumbled on for a few years finally seems to be pulling into its final destination, as a man admits his role in a slice of fraud which impacted thousands of people across the US. A timeline of credit card fraud Back in 2019, three people alleged to be part of a “nationwide stolen credit card ring” were arrested in January of that same year.

article thumbnail

Chinese hackers used recently patched FortiOS SSL-VPN flaw as a zero-day in October

Security Affairs

An alleged Chinese threat actor was observed exploiting the recently patched CVE-2022-42475 vulnerability in FortiOS SSL-VPN. Researchers from Mandiant reported that suspected Chinese threat actors exploited the recently patched CVE-2022-42475 vulnerability in FortiOS SSL-VPN as a zero-day. According to the security firm, the vulnerability was exploited in attacks against a series of targets, including a European government entity and a managed service provider located in Africa.

VPN 97
article thumbnail

Gamaredon Group Launches Cyberattacks Against Ukraine Using Telegram

The Hacker News

The Russian state-sponsored cyber espionage group known as Gamaredon has continued its digital onslaught against Ukraine, with recent attacks leveraging the popular messaging app Telegram to strike military and law enforcement sectors in the country.

article thumbnail

Mailchimp breach feels like deja vu

Malwarebytes

A threat actor successfully used compromised employee credentials to gain access to 133 accounts on Mailchimp, the mainstream Intuit-owned email marketing platform, in a security incident that recently came to light. "On January 11, the Mailchimp Security team identified an unauthorized actor accessing one of our tools used by Mailchimp customer-facing teams for customer support and account administration," said Mailchimp in a blog post.

article thumbnail

Software Composition Analysis: The New Armor for Your Cybersecurity

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

article thumbnail

T-Mobile API Data Breach Affects 37 Million Customers

Heimadal Security

T-Mobile announced a new data breach after a threat actor used one of its Application Programming Interfaces to steal personal data from 37 million active postpaid and prepaid customer accounts (APIs). 37 Million Accounts Impacted On Thursday, the telecommunication giant T-Mobile revealed that it detected malicious activity on January 5, 2023. The attacker started stealing […] The post T-Mobile API Data Breach Affects 37 Million Customers appeared first on Heimdal Security Blog.

article thumbnail

T-Mobile admits to 37,000,000 customer records stolen by “bad actor”

Naked Security

Once more, it's time for Shakespeare's words: Once more unto the breach.

Mobile 137
article thumbnail

PayPal notifies 34942 users of data breach over credential stuffing attack

Security Affairs

PayPal is sending out data breach notifications to thousands of users because their accounts were compromised through credential stuffing attacks. PayPal announced that 34942 customers’ accounts have been compromised between December 6 and December 8. The company added that the unauthorized accessed were the result of credential stuffing attacks and that its systems were not breached.

article thumbnail

Ransomware Attack Shuts Down KFC and Pizza Hut Brand Owner`s Restaurants

Heimadal Security

On January 18th, Yum! Brands closed almost 300 of its restaurants in the UK due to a ransomware attack launched by an unknown malicious group. The US-based company owns KFC, Pizza Hut, and Taco Bell fast-food restaurant chains, among others, and reported making $1.3 billion in yearly net profit. The impacted restaurants were only closed […] The post Ransomware Attack Shuts Down KFC and Pizza Hut Brand Owner`s Restaurants appeared first on Heimdal Security Blog.

article thumbnail

From Complexity to Clarity: Strategies for Effective Compliance and Security Measures

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.