The Last Watchdog

DECEMBER 13, 2023

Notable progress was made in 2023 in the quest to elevate Digital Trust. Related: Why IoT standards matter Digital Trust refers to the level of confidence both businesses and consumers hold in digital products and services – not just that they are suitably reliable, but also that they are as private and secure as they need to be. We’re not yet at a level of Digital Trust needed to bring the next generation of connected IT into full fruition – and the target keeps moving.

Encryption 311

Encryption Technology CISO IoT 311

Schneier on Security

DECEMBER 13, 2023

This is not about mass surveillance of mail , this is about sorts of targeted surveillance the US Postal Inspection Service uses to catch mail thieves : To track down an alleged mail thief, a US postal inspector used license plate reader technology, GPS data collected by a rental car company, and, most damning of all, hid a camera inside one of the targeted blue post boxes which captured the suspect’s full face as they allegedly helped themselves to swathes of peoples’ mail.

Surveillance 237

Surveillance Data collection Technology 237

Tech Republic Security

DECEMBER 13, 2023

Google also announced Duet AI for Developers and Duet AI in Security Operations, but neither uses Gemini yet. Starting Dec.

Technology 160

Technology 160

Security Boulevard

DECEMBER 13, 2023

When will it end? Russia takes down Kyivstar cellular system, Ukraine destroys Russian tax system. The post Russia Hacks Ukraine, Ukraine Hacks Russia — Day#658 appeared first on Security Boulevard.

Hacking 130

Hacking Digital transformation Social Engineering Data privacy 130

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

IT Security Guru

DECEMBER 13, 2023

Have you ever wondered who keeps our online world safe from all the bad guys? The heroes who do this have a special kind of training – they have a Master’s degree in something called Cyber Security. It’s like being a detective in the digital world, where you need to solve online mysteries and catch cybercriminals. This field is expanding as corporations everywhere seek digital detectives to protect their data.

Banking 131

Banking Cyber threats Internet Internet 131

Tech Republic Security

DECEMBER 13, 2023

Learn how to use Titan Security Keys with passkey support to enhance your online security. Follow these step-by-step instructions.

Mobile 136

Mobile Cybersecurity 136

Bleeping Computer

DECEMBER 13, 2023

Hackers are attempting to leverage a recently fixed critical vulnerability (CVE-2023-50164) in Apache Struts that leads to remote code execution, in attacks that rely on publicly available proof-of-concept exploit code. [.

121

121

Security Boulevard

DECEMBER 13, 2023

A month after issuing new rules to push back against SIM-swap and similar schemes, the Federal Communications Commission (FCC) is warning mobile phone service providers of their obligations to protect consumers against the growing threat. The FCC’s Enforcement Bureau will not only be aggressive in protecting consumers’ data and privacy but also “will hold accountable.

Mobile 120

Mobile Accountability Social Engineering Wireless 120

Security Affairs

DECEMBER 13, 2023

Microsoft Patch Tuesday security updates for December 2023 addressed 33 vulnerabilities in multiple products, including a zero-day. Microsoft Patch Tuesday security updates for December 2023 addressed 33 vulnerabilities in multiple products. The vulnerabilities addressed by the company impact Microsoft Windows and Windows Components; Office and Office Components; Azure, Microsoft Edge (Chromium-based); Windows Defender; Windows DNS and DHCP server; and Microsoft Dynamic.

DNS 117

DNS Engineering Hacking 117

Security Boulevard

DECEMBER 13, 2023

In this post, we’ll take a look at some of the trends and news from 2023, and see what insights they could hold for the years ahead. The post At a Glance: The Year in Cybersecurity 2023 appeared first on Security Boulevard.

Cybersecurity 120

Cybersecurity 120

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Security Affairs

DECEMBER 13, 2023

Researchers linked a sophisticated botnet, tracked as KV-Botnet, to the operation of the China-linked threat actor Volt Typhoon. The Black Lotus Labs team at Lumen Technologies linked a small office/home office (SOHO) router botnet, tracked as KV-Botnet to the operations of China-linked threat actor Volt Typhoon. The botnet is comprised of two complementary activity clusters, the experts believe it has been active since at least February 2022.

Small Business 118

Small Business Technology VPN Manufacturing 118

Malwarebytes

DECEMBER 13, 2023

December’s Patch Tuesday is a relatively quiet one on the Microsoft front. Redmond has patched 34 vulnerabilities with only four rated as critical. One vulnerability, a previously disclosed unpatched vulnerability in AMD central processing units (CPUs), was shifted by AMD to software developers. The AMD vulnerability sounds like something from back in the eighties: “A division by zero error on some AMD processors can potentially return speculative data resulting in loss of confidentiality.

Software 116

Software Malware Risk Cybersecurity 116

Bleeping Computer

DECEMBER 13, 2023

The LockBit ransomware operation is now recruiting affiliates and developers from the BlackCat/ALPHV and NoEscape after recent disruptions and exit scams. [.

Ransomware 117

Ransomware Scams 117

We Live Security

DECEMBER 13, 2023

TELCOs and ISPs, by exploring DNS protection in league with security vendors, can enable rapid deployment of more robust security measures where needed in an age of rapidly expanding online threats.

DNS 106

DNS 106

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Bleeping Computer

DECEMBER 13, 2023

Microsoft's Digital Crimes Unit seized multiple domains used by a Vietnam-based cybercrime group (Storm-1152) that registered over 750 million fraudulent accounts and raked in millions of dollars by selling them online to other cybercriminals. [.

Accountability 109

Accountability Cybercrime 109

Security Boulevard

DECEMBER 13, 2023

Here are just some of the top CISOs in Germany going into 2024 and some of their insights and experiences we can learn from. The post Top CISOs to Follow in 2024: Germany Edition appeared first on Scytale. The post Top CISOs to Follow in 2024: Germany Edition appeared first on Security Boulevard.

CISO 104

CISO 104

Bleeping Computer

DECEMBER 13, 2023

A new cybercrime marketplace, OLVX, has emerged and is quickly gaining new customers looking to purchase tools to conduct online fraud and cyberattacks. [.

Cybercrime 115

Cybercrime Marketing 115

Security Boulevard

DECEMBER 13, 2023

Python 2 was officially maintained and supported until January 1, 2020. The system becomes highly vulnerable without Python 2 security updates. TuxCare’s ELS for Python provides security fixes for Python 2.7 versions. Python 2.7 was the last major version in the 2.x series of this software language, which was launched on July […] The post Python 2 EOL: Coping with Legacy System Challenges appeared first on TuxCare.

Software 104

Software 104

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Bleeping Computer

DECEMBER 13, 2023

The Chinese state-sponsored APT hacking group known as Volt Typhoon (Bronze Silhouette) has been linked to a sophisticated botnet named 'KV-botnet' since at least 2022 to attack SOHO routers in high-value targets. [.

VPN 105

VPN Hacking 105

WIRED Threat Level

DECEMBER 13, 2023

A hacker group calling itself Solntsepek—previously linked to Russia’s notorious Sandworm hackers—says it carried out a disruptive breach of Kyivstar, a major Ukrainian mobile and internet provider.

Mobile 102

Mobile Internet Internet Hacking 102

Graham Cluley

DECEMBER 13, 2023

The British Ministry of Defence (MoD) has been fined £350,000 for recklessly causing a data breach that exposed the personal details of citizens of Afghanistan who were seeking to flee the country after the Taliban took control in 2021. Read more in my article on the Hot for Security blog.

Data breaches 102

Data breaches Risk 102

Security Affairs

DECEMBER 13, 2023

A Joint Committee on the National Security Strategy (JCNSS) warns of the high risk of a catastrophic ransomware attack on the UK government. The British government is accused of failing to mitigate the risk of ransomware attacks. According to a parliamentary report published by the Joint Committee on the National Security Strategy (JCNSS) the UK government can face a ‘catastrophic ransomware attack at any moment.’ The report highlighted the superficial approach to cyber security of S

Ransomware 104

Ransomware Risk Government Cyber threats 104

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

Penetration Testing

DECEMBER 13, 2023

LDAPWordlistHarvester A tool to generate a wordlist from the information present in LDAP, in order to crack non-random passwords of domain accounts. Features The bigger the domain is, the better the wordlist will be.... The post LDAPWordlistHarvester: generate a wordlist from the information present in LDAP appeared first on Penetration Testing.

Penetration Testing 106

Penetration Testing Passwords Accountability 106

Bleeping Computer

DECEMBER 13, 2023

Microsoft's Digital Crimes Unit seized multiple domains used by a Vietnam-based cybercrime group (Storm-1152) that registered over 750 million fraudulent accounts and raked in millions of dollars by selling them online to other cybercriminals. [.

Cybercrime 95

Cybercrime Accountability 95

GlobalSign

DECEMBER 13, 2023

Explore why Qualified Trust Services and Qualified Electronic Signatures and Seals are a necessity, and their role in the Digital Identity Wallet.

106

106

SecureWorld News

DECEMBER 13, 2023

Lazarus, the notorious North Korean hacking group, has once again made headlines, this time by exploiting the Log4j vulnerability, despite it being disclosed two years ago. The Log4j vulnerability, officially known as CVE-2021-44228 , continues to pose significant risks to organizations worldwide, with Lazarus demonstrating the persistence of cyber threats and the challenges associated with mitigating known vulnerabilities.

Software 94

Software Malware Manufacturing Risk 94

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Security Affairs

DECEMBER 13, 2023

Sophos backports the patch for CVE-2022-3236 for end-of-life (EOL) firewall firmware versions due to ongoing attacks exploiting the issue. Sophos backports the fix for the critical code injection vulnerability CVE-2022-3236 for end-of-life (EOL) firewall firmware versions after discovering that threat actors are actively exploiting the flaw in attacks in the wild.

Firmware 98

Firmware Firewall Internet Internet 98

Bleeping Computer

DECEMBER 13, 2023

CISA and partner cybersecurity agencies and intelligence services warned that the APT29 hacking group linked to Russia's Foreign Intelligence Service (SVR) has been targeting unpatched TeamCity servers in widespread attacks since September 2023. [.

Hacking 92

Hacking Cybersecurity 92

SecureList

DECEMBER 13, 2023

Introduction The crimeware landscape is diverse. Cybercriminals try to capitalize on their victims in every possible way by distributing various types of malware designed for different platforms. In recent months, we have written private reports on a wide range of topics, such as new cross-platform ransomware, macOS stealers and malware distribution campaigns.

Ransomware 90

Ransomware Passwords Malware Encryption 90

Bleeping Computer

DECEMBER 13, 2023

French authorities arrested a Russian national in Paris for allegedly helping the Hive ransomware gang with laundering their victims' ransom payments. [.

Ransomware 100

Ransomware 100

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.