Krebs on Security

OCTOBER 18, 2023

One of the oldest malware tricks in the book — hacked websites claiming visitors need to update their Web browser before they can view any content — has roared back to life in the past few months. New research shows the attackers behind one such scheme have developed an ingenious way of keeping their malware from being taken down by security experts or law enforcement: By hosting the malicious files on a decentralized, anonymous cryptocurrency blockchain.

Scams 276

Scams Malware Cryptocurrency Hacking 276

Tech Republic Security

OCTOBER 18, 2023

The Australian federal government aims to deliver changes to privacy laws in 2024. Organisations are being warned to prepare ahead of time by creating a comprehensive map of organisational data.

Government 140

Government Big data Data breaches Data privacy 140

Malwarebytes

OCTOBER 18, 2023

Threat actors are known for impersonating popular brands in order to trick users. In a recent malvertising campaign, we observed a malicious Google ad for KeePass, the open-source password manager which was extremely deceiving. We previously reported on how brand impersonations are a common occurrence these days due to a feature known as tracking templates, but this attack used an additional layer of deception.

Password Management 138

Password Management Malware Passwords Advertising 138

Tech Republic Security

OCTOBER 18, 2023

Rapid7’s Jaya Baloo says a deficit in Australian organisational IT asset and vulnerability understanding is helping threat actors, and this is being exacerbated by fast growth in multicloud environments.

CISO 118

CISO Artificial Intelligence Cybersecurity 118

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Duo's Security Blog

OCTOBER 18, 2023

“Phishing is the practice of sending fraudulent communications that appear to come from a legitimate and reputable source, usually through email and text messages.” - Just one successful attack is needed Phishing can be delivered by a variety of different vehicles such as email, text, phone call (voice phishing or a “vhish”) or even social media post, instant message or QR code.

Phishing 131

Phishing Security Awareness Software Media 131

Bleeping Computer

OCTOBER 18, 2023

A group of cyber activists under the Ukrainian Cyber Alliance banner has hacked the servers of the Trigona ransomware gang and wiped them clean after copying all the information available. [.

Hacking 129

Hacking Ransomware 129

Bleeping Computer

OCTOBER 18, 2023

Marquis Hooper, a former U.S. Navy IT manager, has received a sentence of five years and five months in prison for illegally obtaining US citizens' personally identifiable information (PII) and selling it on the dark web. [.

Government 129

Government 129

Security Affairs

OCTOBER 18, 2023

A vulnerability in Synology DiskStation Manager ( DSM ) could be exploited to decipher an administrator’s password. Researchers from Claroty’s Team82 discovered a vulnerability, tracked as CVE-2023-2729 (CVSS score 5.9), in Synology DiskStation Manager (DSM). Team82 discovered the use of a weak random number generator in Synology’s DiskStation Manager (DSM) Linux-based operating system running on the NAS products.

Accountability 123

Accountability Passwords Hacking Internet 123

Bleeping Computer

OCTOBER 18, 2023

Microsoft has disabled a bad anti-spam rule flooding Microsoft 365 admins' inboxes with blind carbon copies (BCC) of outbound emails mistakenly flagged as spam. [.

129

129

Security Affairs

OCTOBER 18, 2023

Taiwanese manufacturer D-Link confirmed a data breach after a threat actor offered for sale on BreachForums stolen data. The global networking equipment and technology company D-Link confirmed a data breach after a threat actor earlier this month offered for sale on the BreachForums platform the stolen data. The company became aware of the a claim of data breach on October 2, 2023 and immediately launched an investigation into the alleged incident with the help of the security firm Trend Micro.

Data breaches 119

Data breaches Phishing Manufacturing Hacking 119

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Dark Reading

OCTOBER 18, 2023

The latest threat to Citrix NetScaler, CVE-2023-4966, was exploited as a zero-day bug for months before a patch was issued. Researchers expect exploitation efforts to surge.

122

122

Bleeping Computer

OCTOBER 18, 2023

A hacker has leaked an additional 4.1 million stolen 23andMe genetic data profiles for people in Great Britain and Germany on a hacking forum. [.

Hacking 133

Hacking 133

The Hacker News

OCTOBER 18, 2023

The North Korea-linked Lazarus Group (aka Hidden Cobra or TEMP.Hermit) has been observed using trojanized versions of Virtual Network Computing (VNC) apps as lures to target the defense industry and nuclear engineers as part of a long-running campaign known as Operation Dream Job.

Media 123

Media Engineering 123

Security Affairs

OCTOBER 18, 2023

Hundreds of thousands of clients who opted-in for a screen warranty were exposed when DNA Micro leaked data from its systems. The Cybernews research team found that DNA Micro, a California-based IT company, exposed the sensitive data of more than 820,000 customers due to a misconfiguration in its systems. The victims most affected by the data leak were those using the services of DNA Micro’s subsidiary company InstaProtek, which provides a screen warranty service.

Mobile 116

Mobile Phishing Manufacturing Risk 116

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Dark Reading

OCTOBER 18, 2023

The router specialist says the attacker's claims to have heisted millions and millions of records are significantly overblown. But an incident did happen, stemming from a successful phish.

Phishing 117

Phishing 117

Bleeping Computer

OCTOBER 18, 2023

Google has announced new, real-time scanning features for Google Play Protect that make it harder for malicious apps employing polymorphism to evade detection. [.

Malware 118

Malware Mobile 118

Dark Reading

OCTOBER 18, 2023

The sensitive nature of medical records, combined with providers' focus on patient care, make small doctor's offices ideal targets for cyber extortion.

123

123

The Hacker News

OCTOBER 18, 2023

A number of state-back threat actors from Russia and China have been observed exploiting a recent security flaw in the WinRAR archiver tool for Windows as part of their operations. The vulnerability in question is CVE-2023-38831 (CVSS score: 7.8), which allows attackers to execute arbitrary code when a user attempts to view a benign file within a ZIP archive.

115

115

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Dark Reading

OCTOBER 18, 2023

Analysis of more than 1.8 million admin portals reveals IT leaders, with the highest privileges, are just as lazy about passwords as everyone else.

Passwords 124

Passwords 124

Veracode Security

OCTOBER 18, 2023

As a CISO, securing web applications and ensuring their resilience against evolving cyber threats is a non-negotiable priority. Verizon’s Data Breach Investigations Report 2023 cites web applications as the top attack vector by a long shot (in both breaches and incidents). Here’s a simplified checklist for securing web applications that will help you improve your organization’s security posture and the integrity of your technology.

CISO 111

CISO Data breaches Cyber threats Software 111

Graham Cluley

OCTOBER 18, 2023

Plastic surgeries have been warned that they are being targeted by cybercriminals plotting to steal sensitive data - ncluding patients' medical records and photographs - that will be later used for extortion. Read more in my article on the Tripwire State of Security blog.

Data breaches 109

Data breaches Ransomware 109

Security Boulevard

OCTOBER 18, 2023

Learn more about identity (IAM) security and discover eight strategies to harden your SaaS identities to mitigate the threat of SaaS cyber breaches. The post 8 Key Strategies For Hardening Your Identity and Access Management Security appeared first on AppOmni. The post 8 Key Strategies For Hardening Your Identity and Access Management Security appeared first on Security Boulevard.

109

109

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

Appknox

OCTOBER 18, 2023

Dive into Appknox's SBOM blog guide. Essential for CISOs & CTOs to elevate supply chain security with unmatched transparency & proactive risk mitigation.

CISO 111

CISO Risk Software 111

NSTIC

OCTOBER 18, 2023

It’s week three in our Cybersecurity Awareness Month blog series! This week, we interviewed NIST’s Michael Ogata (Computer Scientist) and Paul Watrobski (IT Security Specialist) about the importance of updating software. This week’s Cybersecurity Awareness Month theme is ‘updating software.’ How does your work/specialty area at NIST tie into this behavior?

Software 105

Software Cybersecurity 105

Bleeping Computer

OCTOBER 18, 2023

Hackers are scanning for internet-exposed Jupyter Notebooks to breach servers and deploy a cocktail of malware consisting of a Linux rootkit, crypto miners, and password-stealing scripts. [.

Passwords 103

Passwords Internet Internet Malware 103

Dark Reading

OCTOBER 18, 2023

If not correctly locked down, Jupyter Notebook offers a novel initial access vector that hackers can use to compromise enterprise cloud environments, as seen in a recent hacking incident.

Hacking 104

Hacking 104

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Bleeping Computer

OCTOBER 18, 2023

A critical vulnerability tracked as CVE-2023-4966 in Citrix NetScaler ADC/Gateway devices has been actively exploited as a zero-day since late August, security researchers announced. [.

102

102

We Live Security

OCTOBER 18, 2023

Here's how robust backup best practices can help drive resilience and improve cyber-hygiene in your company

Backups 134

Backups 134

Dark Reading

OCTOBER 18, 2023

Should CISOs include only known information in the SEC filings for a material security incident, or is there room to include details that may change during the investigation?

CISO 104

CISO Cybersecurity 104

Security Affairs

OCTOBER 18, 2023

Experts reported that the vulnerability CVE-2023-4966 in Citrix NetScaler ADC/Gateway devices has been exploited in attacks since late August. On October 10, Citrix published a security bulletin related to a critical vulnerability, tracked as CVE-2023-4966, in Citrix NetScaler ADC/Gateway devices. “ Exploits of CVE-2023-4966 on unmitigated appliances have been observed. ” reported Citrix. “Cloud Software Group strongly urges customers of NetScaler ADC and NetScaler Gateway to i

Authentication 99

Authentication VPN Hacking Government 99

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.