Mon.Oct 02, 2023

article thumbnail

Don’t Let Zombie Zoom Links Drag You Down

Krebs on Security

Many organizations — including quite a few Fortune 500 firms — have exposed web links that allow anyone to initiate a Zoom video conference meeting as a valid employee. These company-specific Zoom links, which include a permanent user ID number and an embedded passcode, can work indefinitely and expose an organization’s employees, customers or partners to phishing and other social engineering attacks.

article thumbnail

NSA AI Security Center

Schneier on Security

The NSA is starting a new artificial intelligence security center: The AI security center’s establishment follows an NSA study that identified securing AI models from theft and sabotage as a major national security challenge, especially as generative AI technologies emerge with immense transformative potential for both good and evil. Nakasone said it would become “NSA’s focal point for leveraging foreign intelligence insights, contributing to the development of best practices g

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

GUEST ESSAY: Has shielding and blocking electromagnetic energy become the new normal?

The Last Watchdog

Surrounded by the invisible hum of electromagnetic energy, we’ve harnessed its power to fuel our technological marvels for decades. Related: MSFT CEO calls for regulating facial recognition tech Tesla’s visionary insights from 1900 hinted at the potential, and today, we bask in the glow of interconnected networks supporting our digital lives.

Mobile 203
article thumbnail

Common Errors When Connecting Multiple iPhones to One Apple ID

Tech Republic Security

Don't be surprised when connecting multiple iPhones to one Apple ID. Learn how to prevent common errors and issues with this guide.

Mobile 191
article thumbnail

How to Avoid Pitfalls In Automation: Keep Humans In the Loop

Speaker: Erroll Amacker

Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.

article thumbnail

Cybersecurity Awareness Month 2023 – What it is and why we should be aware

Thales Cloud Protection & Licensing

Cybersecurity Awareness Month 2023 – What it is and why we should be aware madhav Tue, 10/03/2023 - 05:33 The inception of Cybersecurity Awareness Month in 2004 came at a critical juncture in our technological history. As we are well and truly in the digital-first age, the need for robust cybersecurity measures is glaringly evident. Though significant, the early days' threats vastly differed from today's sophisticated cyberattacks.

article thumbnail

Cyberghost VPN Review (2023): Features, Pricing, and Security

Tech Republic Security

In this comprehensive review of Cyberghost VPN, we cover its features, pricing, security, and overall performance. Find out if this is the right VPN for you.

VPN 168

LifeWorks

More Trending

article thumbnail

GDPR Data Breach Notification Letter

Tech Republic Security

In the current business environment, it is almost inevitable that an organization will experience a security breach that exposes collected personal data to unauthorized access. Under the provisions of the General Data Protection Regulation, regardless of the severity of the security breach, organizations must inform their EU customers and stakeholders of the incident in a.

article thumbnail

Microsoft Defender no longer flags Tor Browser as malware

Bleeping Computer

For Windows users who frequently use the TorBrowser, there's been a pressing concern. Recent versions of the TorBrowser, specifically because of the tor.exe file it contained, were being flagged as potential threats by Windows Defender. [.

Malware 140
article thumbnail

Kicking off NIST's Cybersecurity Awareness Month Celebration & Our Cybersecurity Awareness Month 2023 Blog Series

NSTIC

October is always an exciting time for us as we celebrate Cybersecurity Awareness Month and some of NIST’s greatest accomplishments, resources, guidance, and latest news in the cybersecurity space. This year is a big one because 2023 marks the 20 th anniversary of this important initiative —and we will celebrate in various ways every day throughout the month.

article thumbnail

European Telecommunications Standards Institute (ETSI) suffered a data breach

Security Affairs

The European Telecommunications Standards Institute (ETSI) disclosed a data breach, threat actors had access to a database of its users. Threat actors stole a database containing the list of users of the portal of the European Telecommunications Standards Institute ( ETSI ). The European Telecommunications Standards Institute is an independent, not-for-profit organization based in Europe.

article thumbnail

Why Giant Content Libraries Do Nothing for Your Employees’ Cyber Resilience

Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.

article thumbnail

Arm Issues Patch for Mali GPU Kernel Driver Vulnerability Amidst Ongoing Exploitation

The Hacker News

Arm has released security patches to contain a security flaw in the Mali GPU Kernel Driver that has come under active exploitation in the wild.

134
134
article thumbnail

National Logistics Portal (NLP) data leak: seaports in India were left vulnerable to takeover by hackers

Security Affairs

The National Logistics Portal (NLP), a newly launched platform to manage all port operations in India, left public access to sensitive data, posing the risk of a potential takeover by threat actors. On September 24th, researchers discovered that the NLP platform was exposing sensitive credentials, secrets, and encryption keys via publicly available JS files.

article thumbnail

Threat Hunting with MITRE ATT&CK

IT Security Guru

Cybercriminal tactics continue to grow in number and advance in ability; in response, many organisations have seen the need to reach a security posture where their teams can proactively combat threats. Threat hunting plays a pivotal role in modern organisations’ cybersecurity strategies. It involves actively searching for signs of advanced threats and vulnerabilities beyond passive defence mechanisms.

article thumbnail

Silent Skimmer: A Year-Long Web Skimming Campaign Targeting Online Payment Businesses

The Hacker News

A financially motivated campaign has been targeting online payment businesses in the Asia Pacific, North America, and Latin America with web skimmers for more than a year. The BlackBerry Research and Intelligence Team is tracking the activity under the name Silent Skimmer, attributing it to an actor who is knowledgeable in the Chinese language.

131
131
article thumbnail

Zero Trust Mandate: The Realities, Requirements and Roadmap

The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.

article thumbnail

WS_FTP flaw CVE-2023-40044 actively exploited in the wild

Security Affairs

Experts warn of threat actors actively exploiting CVE-2023-40044 flaw in recently disclosed flaw in Progress Software’s WS_FTP products. Progress Software recently warned customers to address a critical severity vulnerability, tracked as CVE-2023-40044 (CVSS score 10), in its WS_FTP Server software which is used by thousands of IT teams worldwide.

article thumbnail

APIs: Unveiling the Silent Killer of Cyber Security Risk Across Industries

The Hacker News

Introduction In today's interconnected digital ecosystem, Application Programming Interfaces (APIs) play a pivotal role in enabling seamless communication and data exchange between various software applications and systems. APIs act as bridges, facilitating the sharing of information and functionalities.

Risk 130
article thumbnail

FBI warns of surge in 'phantom hacker' scams impacting elderly

Bleeping Computer

The FBI issued a public service announcement warning of a significant increase in 'phantom hacker' scams targeting senior citizens across the United States. [.

Scams 129
article thumbnail

OpenRefine's Zip Slip Vulnerability Could Let Attackers Execute Malicious Code

The Hacker News

A high-severity security flaw has been disclosed in the open-source OpenRefine data cleanup and transformation tool that could result in arbitrary code execution on affected systems. Tracked as CVE-2023-37476 (CVSS score: 7.8), the vulnerability is a Zip Slip vulnerability that could have adverse impacts when importing a specially crafted project in versions 3.7.3 and below.

130
130
article thumbnail

Next-Level Fraud Prevention: Strategies for Today’s Threat Landscape

Speaker: Sierre Lindgren

Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.

article thumbnail

Predictive Policing Software Terrible at Predicting Crimes

WIRED Threat Level

A software company sold a New Jersey police department an algorithm that was right less than 1 percent of the time.

Software 129
article thumbnail

LUCR-3: Scattered Spider Getting SaaS-y in the Cloud

The Hacker News

LUCR-3 overlaps with groups such as Scattered Spider, Oktapus, UNC3944, and STORM-0875 and is a financially motivated attacker that leverages the Identity Provider (IDP) as initial access into an environment with the goal of stealing Intellectual Property (IP) for extortion.

Retail 126
article thumbnail

FBI: Crippling 'Dual Ransomware Attacks' on the Rise

Dark Reading

Once they compromise an victim with an initial ransomware attack, threat actors are ready to deploy a secondary attack with a different strain, which could leave even more damage.

article thumbnail

Exploit available for critical WS_FTP bug exploited in attacks

Bleeping Computer

Over the weekend, security researchers released a proof-of-concept (PoC) exploit for a maximum severity remote code execution vulnerability in Progress Software's WS_FTP Server file sharing platform. [.

Software 120
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

North Korea Poses as Meta to Deploy Complex Backdoor at Aerospace Org

Dark Reading

The Lazarus Group's "LightlessCan" malware executes multiple native Windows commands within the RAT itself, making detection significantly harder, security vendor says.

Malware 119
article thumbnail

New BunnyLoader threat emerges as a feature-rich malware-as-a-service

Bleeping Computer

Security researchers discovered a new malware-as-a-service (MaaS) named 'BunnyLoader' advertised on multiple hacker forums as a fileless loader that can steal and replace the contents of the system clipboard. [.

Malware 118
article thumbnail

SecureWorld Champions 'Securing Our World' for Cybersecurity Awareness Month

SecureWorld News

As we embark on the 20th anniversary of Cybersecurity Awareness Month this October, SecureWorld proudly steps forward to champion the 2023 theme, "Secure Our World." This year marks a significant milestone in the ongoing initiative to bolster cybersecurity awareness, and SecureWorld is at the forefront, connecting the #SecureOurWorld theme directly with our mission and contributions to the cybersecurity community.

article thumbnail

A CISO Explains 4 Steps that Make it Easy to Stay Safe Online

Veracode Security

To secure our world, Cybersecurity Awareness Month encourages four steps that make it easy to stay safe online. As a CISO, my team and I advocate for these practices constantly within our organization. If you are a security practitioner looking to bolster cybersecurity awareness, here’s a brief look at how we explain these steps to help make staying safe online easier.

CISO 115
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Making Sense of Today's Payment Cybersecurity Landscape

Dark Reading

PCI DSS v4.0 is the future of the payment card industry's information security standard, but businesses must continue to look beyond this guidance and engage in proactive strategies of their own.

article thumbnail

What Is File Security? Best Practices & Tools for Security

Digital Guardian

File security is integral to effective cybersecurity. In today's blog we dig into the difference between file security and data security, best practices, and tools to implement for file security.

article thumbnail

KillNet Claims DDoS Attack Against Royal Family Website

Dark Reading

The royal takedown was a brief but effective PR stunt for Russia's most notorious hacktivist group.

DDOS 112
article thumbnail

Logic Flaws Let Attackers Bypass Cloudflare’s Firewall and DDoS Protection

Heimadal Security

The effectiveness of Cloudflare’s Firewall and DDoS prevention has been proven to be compromised by an attack technique that takes the use of logical vulnerabilities in cross-tenant security policies. This finding has sparked worries about possible vulnerabilities that could damage the security company’s clients. How Does the Cloudflare Attack Work?

Firewall 111
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!