Sun.Jan 15, 2023

article thumbnail

Most Popular Cybersecurity Blog Posts from 2022

Lohrman on Security

What were the top government technology and security blogs in 2022? The metrics don’t lie, and they tell us what cybersecurity and technology infrastructure topics were most popular.

article thumbnail

Vulnerability puts data of 2.5 billion Chrome users at risk

CyberSecurity Insiders

Data of about 2.5 billion users have been put to risk because of a vulnerability in Google Chrome and chromium browsers. A security firm named Imperva Red has issued a warning that the flaw that has been technically dubbed as ‘CVE-2022-365’ allows hackers to steal information such as cloud based credentials and sensitive files from e-wallets. Imperva Red issued a blog update on this note and essayed that hackers could induce a ‘Symlink-Symbolic Link’ into the directory that allows the OS to trea

Risk 140
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Abusing a GitHub Codespaces Feature For Malware Delivery

Trend Micro

Proof of Concept (POC): We investigate one of the GitHub Codespaces’ real-time code development and collaboration features that attackers can abuse for cloud-based trusted malware delivery. Once exploited, malicious actors can abuse legitimate GitHub accounts to create a malware file server.

Malware 112
article thumbnail

The Ultimate Security Checklist to Launch a Mobile App in Nigeria - iOS & Android

Appknox

Nigerian authorities have made great strides in data security, and businesses worldwide are taking notice. If you're planning to launch a mobile app in Nigeria, it's crucial that you understand the importance of app security and take steps to ensure that your app meets Nigerian data privacy requirements.

Mobile 98
article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

1.7 TB of data stolen from digital intelligence firm Cellebrite leaked online

Security Affairs

1.7 TB of data stolen from Cellebrite, a digital intelligence company that provides tools for law enforcement, were leaked online. The Israeli mobile forensics firm Cellebrite is one of the leading companies in the world in the field of digital forensics, it works with law enforcement and intelligence agencies worldwide. One of the most popular services provided by the company is the UFED ( Universal Foresenic Extraction Device ) which is used by law enforcement and intelligence agencies to unlo

Mobile 98
article thumbnail

USENIX Security ’22 – Mojtaba Zaheri, Yossi Oren, Reza Curtmola – ‘Targeted Deanonymization via the Cache Side Channel: Attacks and Defenses’

Security Boulevard

Our thanks to USENIX for publishing their Presenter’s outstanding USENIX Security ’22 Conference content on the organization’s’ YouTube channel. Permalink. The post USENIX Security ’22 – Mojtaba Zaheri, Yossi Oren, Reza Curtmola – ‘Targeted Deanonymization via the Cache Side Channel: Attacks and Defenses’ appeared first on Security Boulevard.

More Trending

article thumbnail

Google to support the use of Rust in Chromium

Malwarebytes

In a blog by the Chrome security team we learned that the Chromium project is going to support the use of third-party Rust libraries from C++ in Chromium. This is good news because Rust is a so-called memory-safe programming language. So using it in a widespread program like Chrome and the other members of the Chromium family means that almost everyone can benefit from this step forward.

article thumbnail

Hackers exploit Cacti critical bug to install malware, open reverse shells

Bleeping Computer

More than 1,600 instances of the Cacti device monitoring tool reachable over the internet are vulnerable to a critical security issue that hackers have already started to exploit. [.].

Malware 97
article thumbnail

Timely patching is good, but sometimes it's not enough

Malwarebytes

Ransomware gangs have shown that they can play a long game, so it shouldn’t come as a surprise to learn of one prepared to wait months to make use of a compromised system. S-RM’s Incident Response team shared details of a campaign attributed to the Lorenz ransomware group that exploited a specific vulnerability to plant a backdoor that wasn't used until months later.

article thumbnail

TikTok slapped with $5.4 million fine over cookie opt-out feature

Bleeping Computer

France's data protection authority (CNIL) has fined TikTok UK and TikTok Ireland €5,000,000 for making it difficult for users of the platform to refuse cookies and for not sufficiently informing them about their purpose. [.].

103
103
article thumbnail

Beware of Pixels & Trackers on U.S. Healthcare Websites

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

article thumbnail

Hacker stole credit cards from the website of Canada’s largest alcohol retailer LCBO

Security Affairs

The Canadian Liquor Control Board of Ontario (LCBO), the largest beverage alcohol retailer in the country, disclosed Magecart attack. Canadian Liquor Control Board of Ontario (LCBO), the largest beverage alcohol retailer in the country, disclosed a Magecart attack on January 10, 2023. Please note: our website & mobile app are currently unavailable.

Retail 91
article thumbnail

Multiple schools hit by Vice Society ransomware attack

Malwarebytes

The real world impact of cybercrime rears its head once more, with word that 14 schools in the UK have been caught out by ransomware. The schools, attacked by the group known as Vice Society, have had multiple documents leaked online in the wake of the attack. One of the primary schools highlighted, Pates Grammar School, was affected on or around the September 28, 2022.

article thumbnail

Security Affairs newsletter Round 402 by Pierluigi Paganini

Security Affairs

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. If you want to also receive for free the newsletter with the international press subscribe here. Most internet-exposed Cacti servers exposed to hacking French CNIL fined Tiktok $5.4 Million for violating cookie laws NortonLifeLock: threat actors breached Norton Password Manager accounts Pro-Russia group NoName057(16) targets Ukraine and NATO co

article thumbnail

A week in security (January 9—15)

Malwarebytes

Last week on Malwarebytes Labs: Slack private code on GitHub stolen. Crypto-inspired Magecart skimmer surfaces via digital crime haven. Security vulnerabilities in major car brands revealed. Microsoft ends extended support for Windows 7 and Windows Server 2008 today. Pokemon NFT card game malware chooses you. Polite WiFi loophole could allow attackers to drain device batteries.

article thumbnail

Software Composition Analysis: The New Armor for Your Cybersecurity

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

article thumbnail

Europol arrested cryptocurrency scammers that stole millions from victims

Security Affairs

An international police operation led by Europol led to the arrest of cryptocurrency scammers targeting users all over the world. An international law enforcement operation conducted by authorities from Bulgaria, Cyprus, Germany and Serbia, supported by Europol and Eurojust, has dismantled a cybercrime ring involved in online investment fraud. The European police have supported this investigation since June 2022 following an initial request from German authorities. “The suspects used adver

article thumbnail

How to customize the Windows 11 desktop experience

Bleeping Computer

Numerous apps are available to get your Windows 11 experience customized how you like while removing unwanted bloatware from the operating system. In this article, we outline three applications that can help you customize Windows 11 to how you like it. [.].

article thumbnail

What is FedRAMP POAM? FedRAMP Compliance and Certification Explained

Security Boulevard

The Federal Risk and Authorization Management Program was established in 2011 to provide a cost-effective, risk-based approach for the adoption and use of commercial cloud services by the federal government and contractors supporting agencies. FedRAMP promotes the adoption of secure cloud services by providing a standardized approach to security and risk assessment for cloud technologies […].

Risk 57
article thumbnail

Law enforcement app SweepWizard leaks data on crime suspects

Malwarebytes

SweepWizard, an obscure app apparently created by ODIN Intelligence and used by more than 60 law enforcement departments, has a flaw: According to an ethical hacker, a misconfiguration in the app's API (application programming interface) caused it to unintentionally leak to the open internet a trove of very sensitive data on police sweeping operations, including details about the officers involved in them and the suspects, several of whom were juveniles at the time of sweep.

Media 83
article thumbnail

From Complexity to Clarity: Strategies for Effective Compliance and Security Measures

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

article thumbnail

Accelerate FedRAMP Compliance with Amazon Web Services (AWS)

Security Boulevard

FedRAMP (Federal Risk and Authorization Management Program) is a government-wide program that streamlines the assessment, authorization and continuous-monitoring (ConMon) requirements for cloud-based IT services. It is how the federal government ensures that its cloud IT services do not put sensitive data or systems at unnecessary risk. Bottom line, Cloud Service Providers (CSPs) wanting to serve […].

article thumbnail

UK’s automated self-check-outs using Age Verification API

Security Boulevard

Self-checkout kiosks are automated devices that enable consumers to scan and pay for their products without the help of a cashier. By this point, we’ve all encountered them. They are frequently seen at supermarkets, department shops, and other retail locations where it is possible to skip tedious manual check-out. How is UK using AI Age […]. The post UK’s automated self-check-outs using Age Verification API appeared first on Security Boulevard.

Retail 52
article thumbnail

What is the FedRAMP Marketplace? Certified and Compliant Cloud Services

Security Boulevard

The FedRAMP Marketplace provides a searchable and sortable database of Cloud Service Providers (CSP) that have FedRAMP compliant services as well as a list of federal agencies using FedRAMP Authorized CSOs, and FedRAMP recognized auditors (3PAOs) that can perform a FedRAMP assessment. The FedRAMP Marketplace is maintained by the FedRAMP Program Management Office (PMO).

52
article thumbnail

Meta’s EU Ad Practices Ruled Illegal, Twitter API Data Breach, Vulnerabilities in Major Car Brands

Security Boulevard

Facebook has been ordered to pay a fine of $414m by EU regulators who ruled that the company had broken EU law by forcing users to accept personalized ads. The ruling could have a major impact on Facebook’s advertising business in the EU, which is one of the company’s largest markets, if it is required […]. The post Meta’s EU Ad Practices Ruled Illegal, Twitter API Data Breach, Vulnerabilities in Major Car Brands appeared first on The Shared Security Show.

article thumbnail

Successful Change Management with Enterprise Risk Management

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

article thumbnail

What is FedRAMP Certification?

Security Boulevard

FedRAMP (Federal Risk and Authorization Management Program) is a government-wide program that streamlines the assessment, authorization and continuous-monitoring (ConMon) requirements for cloud-based IT services. It is how the federal government ensures that its cloud IT services do not put sensitive data or systems at unnecessary risk. Bottom line, Cloud Service Providers (CSPs) wanting to serve […].

article thumbnail

What is StateRAMP? Certification and Compliance Explained

Security Boulevard

StateRAMP is an organization that has developed a cloud cybersecurity and compliance program that provides a state-level equivalent to the Federal Risk and Authorization Management Program (FedRAMP). It is a state-level certification program that allows cloud service providers to be assessed and authorized to operate in a state’s cloud environment. It is designed to be […].

Risk 52