Tech Republic Security
DECEMBER 27, 2022
Researchers from PRODAFT reveal that the infamous FIN7 threat actor updated its ransomware activities and provide a unique view into the structure of the group. Learn how to protect against it. The post FIN7 threat actor updated its ransomware activity appeared first on TechRepublic.
We Live Security
DECEMBER 27, 2022
The past year has seen no shortage of disruptive cyberattacks – here’s a round-up of some of the worst hacks and breaches that have impacted a variety of targets around the world in 2022. The post 2022 in review: 10 of the year’s biggest cyberattacks appeared first on WeLiveSecurity.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
SecureList
DECEMBER 27, 2022
BlueNoroff group is a financially motivated threat actor eager to profit from its cyberattack capabilities. We have published technical details of how this notorious group steals cryptocurrency before. We continue to track the group’s activities and this October we observed the adoption of new malware strains in its arsenal. The group usually takes advantage of Word documents and uses shortcut files for the initial intrusion.
Security Boulevard
DECEMBER 27, 2022
If you haven't yet received phishing emails pretending to be from Amazon, you will soon. Luckily, there are a few steps that can help protect your account and data. The post Fake Amazon Emails sent by Hackers: How to prevent Phishing Scams appeared first on Cyphere | Securing Your Cyber Sphere. The post Best of 2022: Fake Amazon Emails sent by Hackers: How to prevent Phishing Scams appeared first on Security Boulevard.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
CyberSecurity Insiders
DECEMBER 27, 2022
Google, the much-used search engine across the world, has disclosed some security steps to its Gmail users to stay cyber safe in the year 2023. It is urging its mail users to stay away from spam by marking mails that seem to be suspicious as spam. This not only helps the online users to stay away from malicious downloads but also helps in training the AI smart servers of Gmail to keep its inboxes clean and trouble free.
Bleeping Computer
DECEMBER 27, 2022
BTC.com, one of the world's largest cryptocurrency mining pools, announced it was the victim of a cyberattack that resulted in the theft of approximately $3 million worth of crypto assets belonging to both customers and the company. [.].
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Bleeping Computer
DECEMBER 27, 2022
A team of researchers has developed an eavesdropping attack for Android devices that can, to various degrees, recognize the caller's gender and identity, and even discern private speech. [.].
Security Boulevard
DECEMBER 27, 2022
Readers of the RiskLens blog dug into a wide range of topics we published this year, from the basics of FAIR quantitative analysis to revving up a GRC to reporting on risk to the board with our new portfolio capability to…risk of an asteroid crashing into earth (see #7)? . The post Most Popular Blog Posts, 2022: Cyber Risk Data, CRQ Use Cases, Maximize GRC appeared first on Security Boulevard.
Bleeping Computer
DECEMBER 27, 2022
Multiple BitKeep crypto wallet users reported that their wallets were emptied during Christmas after hackers triggered transactions that didn't require verification. [.].
Dark Reading
DECEMBER 27, 2022
The unfettered collaboration of the GitHub model creates a security headache. Follow these seven principles to help relieve the pain.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Security Boulevard
DECEMBER 27, 2022
With the iOS 16.2 update, Apple introduced “Advanced Data Protection,” which finally introduced end-to-end encryption (E2EE) for most items backed up or stored in iCloud. Apple has long been criticized, with good reason, over its iCloud service not providing E2EE (where the user has the decryption keys); for years, when enabled, for a good chunk of data iPhone syncs to iCloud, Apple held the decryption keys for some stored data, which included: Message backups.
The Hacker News
DECEMBER 27, 2022
Microsoft's decision to block Visual Basic for Applications (VBA) macros by default for Office files downloaded from the internet has led many threat actors to improvise their attack chains in recent months. Now according to Cisco Talos, advanced persistent threat (APT) actors and commodity malware families alike are increasingly using Excel add-in (.XLL) files as an initial intrusion vector.
Security Boulevard
DECEMBER 27, 2022
It’s time for 2023 predictions about the security industry. What’s in store for cybersecurity and development teams in 2023? Making predictions for anything related to technology and business is always a bit tricky because so much can change so quickly. Nevertheless, we are forging ahead with our best guesses about what organizations and teams can. Here Comes 2023: Rezilion’s Security Predictions.
The Hacker News
DECEMBER 27, 2022
BlueNoroff, a subcluster of the notorious Lazarus Group, has been observed adopting new techniques into its playbook that enable it to bypass Windows Mark of the Web (MotW) protections. This includes the use of optical disk image (.ISO extension) and virtual hard disk (.VHD extension) file formats as part of a novel infection chain, Kaspersky disclosed in a report published today.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Security Boulevard
DECEMBER 27, 2022
12 Days of Cybersecurity: Day 2. This holiday season, in light of looming fears of a recession, many families may be tightening their purse strings and looking for creative alternatives to make their holiday dollars stretch further than in previous years. . The post End of Year Bells Are Ringing: How to Balance Cyber Costs with Resilience Goals appeared first on Security Boulevard.
Security Affairs
DECEMBER 27, 2022
Facebook (Meta) has agreed to pay $725 million to settle the class-action lawsuit filed in 2018 over the Cambridge Analytica data leak. Facebook (Meta) has agreed to pay $725 million to settle a class-action lawsuit filed in 2018 over the Cambridge Analytica data leak. According to Reuters , the lawyers for the plaintiffs defined the proposed settlement as the largest to ever be achieved in a U.S. data privacy class action.
Heimadal Security
DECEMBER 27, 2022
In 2018, Meta Platforms, the parent company of Facebook, Instagram, and WhatsApp, settled a long-running class-action lawsuit for $725 million. As a result of revelations that the social media giant allowed third-party apps such as Cambridge Analytica to access users’ personal information without their consent, a legal dispute arose. A federal judge in the San […].
Security Affairs
DECEMBER 27, 2022
The BTC.com cryptocurrency platform was the victim of a cyberattack that resulted in the theft of $3 million worth of crypto assets. BTC.com is a website that provides services for managing and transferring Bitcoin, it offers a digital wallet for storing Bitcoin, a trading interface for exchanging Bitcoin with other cryptocurrencies and fiat currencies, and a mining platform for participating in the extraction of new Bitcoin coins.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Dark Reading
DECEMBER 27, 2022
Inaccurate information from data brokers can damage careers and reputations. It's time for US privacy laws to change how law enforcement and legal agencies obtain and act on data.
Security Affairs
DECEMBER 27, 2022
The pay-per-install (PPI) malware downloader service PrivateLoader is being used to distribute the RisePro info-stealing malware. The pay-per-install (PPI) malware downloader service PrivateLoader is being used to distribute the information-stealing malware dubbed RisePro, Flashpoint warns. Threat actors can pay the Pay-per-install PrivateLoader service to download malicious payloads onto infected systems.
Dark Reading
DECEMBER 27, 2022
Digital transformation initiatives are challenging because IT still has to make sure performance doesn't suffer by making applications available from anywhere.
Security Affairs
DECEMBER 27, 2022
Facebook (Meta) has agreed to pay $725 million to settle the class-action lawsuit filed in 2018 over the Cambridge Analytica data leak. Facebook (Meta) has agreed to pay $725 million to settle a class-action lawsuit filed in 2018 over the Cambridge Analytica data leak. According to Reuters , the lawyers for the plaintiffs defined the proposed settlement as the largest to ever be achieved in a U.S. data privacy class action. “This historic settlement will provide meaningful relief to the cl
Advertisement
The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.
SecureWorld News
DECEMBER 27, 2022
Cyber is the risk to watch, according to a Financial Times article in which insurer Zurich's top executive is quoted. “What will become uninsurable is going to be cyber,” said Mario Greco, CEO at Zurich, one of Europe's biggest insurance companies, in the Dec. 26 article. “What if someone takes control of vital parts of our infrastructure, the consequences of that?”.
Security Boulevard
DECEMBER 27, 2022
Our thanks to USENIX for publishing their Presenter’s USENIX Security ’22 Conference tremendous content on the organization’s’ YouTube channel. Permalink. The post USENIX Security ’22 – Gökçen Yılmaz Dayanıklı, Sourav Sinha, Devaprakash Muniraj, Ryan M. Gerdes, Mazen Farhood, Mani Mina ‘Physical-Layer Attacks Against Pulse Width Modulation-Controlled Actuators’ appeared first on Security Boulevard.
Dark Reading
DECEMBER 27, 2022
Security teams are considering how to get the most out of user entity behavioral analytics by taking advantage of its strengths and augmenting its limitations.
Naked Security
DECEMBER 27, 2022
It's serious, it's critical, and you could call it severe. but in HHGttG terminology, it's probably "mostly harmless".
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
WIRED Threat Level
DECEMBER 27, 2022
Throughout 2022, geopolitics has given rise to a new wave of politically motivated attacks with an undercurrent of state-sponsored meddling.
Dark Reading
DECEMBER 27, 2022
A variety of initiatives — such as memory-safe languages and software bills of materials — promise more secure applications, but sustained improvements will require that vendors do much better, researchers agree.
Mitnick Security
DECEMBER 27, 2022
To connect with friends, family, and coworkers, it’s likely that we have all overshared our personal information on social platforms more than once. Unfortunately, the ease of access to an individual or company’s information has made social media an easy target for threat actors.
Security Boulevard
DECEMBER 27, 2022
Let's get our hands dirty with policy as code and write our first OPA policies for a Kubernetes environment. The post Open Policy Agent with Kubernetes – Tutorial (Pt. 1) appeared first on Security Boulevard.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Expert insights. Personalized for you.
167 
Let's personalize your content