Schneier on Security

DECEMBER 26, 2022

Last August, LastPass reported a security breach, saying that no customer information—or passwords—were compromised. Turns out the full story is worse : While no customer data was accessed during the August 2022 incident, some source code and technical information were stolen from our development environment and used to target another employee, obtaining credentials and keys which were used to access and decrypt some storage volumes within the cloud-based storage service. […].

Passwords 260

Passwords Encryption Backups Password Management 260

CyberSecurity Insiders

DECEMBER 26, 2022

A few days ago, Comcast hit the news headlines for increasing its service price so much that many of its customers weren’t ready for the surprise at all. Now, reports are in that the database of the Pennsylvania based digital services provider was hit by a cyber attack leading to a data breach, thus leaking details to hackers. The attack reportedly took place on December 9th,2022(likely) when most of the IT staff were on a long Christmas leave or were about to take it to enjoy the festive season

Data breaches 133

Data breaches Accountability Internet Internet 133

CSO Magazine

DECEMBER 26, 2022

On January 1, 2023, 20, the California Privacy Rights Act (CPRA) will go into effect. Approved by ballot measure as Proposition 24 in November 2020, it created a new consumer data privacy agency and put California another step ahead of other states in terms of privacy productions for consumers—and data security requirements for enterprises. California already had a privacy law in place, the California Consumer Privacy Act (CCPA), adopted in 2018.

Data privacy 133

Data privacy 133

CyberSecurity Insiders

DECEMBER 26, 2022

Insurance companies like Lloyd offer cyber insurance policies that cover a business from facing a business loss during a cyber-attack. However, in coming days, cyber attacks will become uninsurable, as per Mario Greco, the Chief of Zurich Insurance. Mario, who leads the Europe’s biggest insurance firms, predicted that digital attacks will lose their sheen with time, as business facing such threats cannot be monetarily covered because of multiple reasons.

Insurance 129

Insurance Cyber Attacks Cyber Insurance Ransomware 129

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Bleeping Computer

DECEMBER 26, 2022

A threat actor claims to be selling public and private data of 400 million Twitter users scraped in 2021 using a now-fixed API vulnerability. They're asking $200,000 for an exclusive sale. [.].

126

126

CyberSecurity Insiders

DECEMBER 26, 2022

We all know that a technology can never be at fault, as it is the mind that does most of the damage. And the same applies to the usage of Artificial Intelligence (AI) technology that is now proving as a double-edged sword. In this world of AI driven cyberwarfare, NATO is finding it extremely difficult to tame the threat. However, in the coming year, the peace-loving agency will defend networks from attacks in an automated way.

Cyber threats 127

Cyber threats Artificial Intelligence Technology Cybersecurity 127

Security Affairs

DECEMBER 26, 2022

Cybersecurity researchers exposed new evasion techniques adopted by an advanced malware downloader called GuLoader. CrowdStrike researchers d a detailed multiple evasion techniques implemented by an advanced malware downloader called GuLoader (aka CloudEyE ). GuLoader uses a polymorphic shellcode loader to avoid traditional security solutions, the experts mapped all embedded DJB2 hash values for every API used by the malicious code.

Malware 95

Malware Antivirus Hacking Cybersecurity 95

Security Boulevard

DECEMBER 26, 2022

We all have been witnessing ransomware attacks for so long. Now the topic of cybersecurity board rooms now. Recent data suggests that around 21 percent of global organizations experienced a ransomware attack in 2022. Of those, 43 % had a […]. The post Top 5 Cybersecurity Trends to Keep an Eye on in 2023 appeared first on WeSecureApp :: Simplifying Enterprise Security.

Cybersecurity 104

Cybersecurity Ransomware Cyber threats 104

The Hacker News

DECEMBER 26, 2022

Meta Platforms, the parent company of Facebook, Instagram, and WhatsApp, has agreed to pay $725 million to settle a long-running class-action lawsuit filed in 2018.

Media 96

Media 96

Security Boulevard

DECEMBER 26, 2022

As the threat landscape continues to evolve, so too must the strategies used to combat it. Organizations must stay ahead of the curve by investing in the latest security solutions and implementing employee training and awareness initiatives. The post Top 5 Cybersecurity Predictions for 2023 appeared first on Security Boulevard.

Cybersecurity 104

Cybersecurity 104

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Security Affairs

DECEMBER 26, 2022

The FBI warns of cybercriminals using search engine advertisement services to impersonate brands and defraud users. The FBI is warning of cyber criminals using search engine advertisement services to impersonate brands and direct users to websites that were used to defraud users. The sites host ransomware and are used to steal login credentials and other financial information from users.

Advertising 89

Advertising Engineering Education Internet 89

Security Boulevard

DECEMBER 26, 2022

The last of a two part series projecting the industry's most likely IPO candidates for the upcoming year. The post Best of 2022: Cybersecurity’s 2022 IPO Pipeline (Part 2) appeared first on Security Boulevard.

Cybersecurity 98

Cybersecurity 98

The Hacker News

DECEMBER 26, 2022

The pay-per-install (PPI) malware downloader service known as PrivateLoader is being used to distribute a previously documented information-stealing malware dubbed RisePro. Flashpoint spotted the newly identified stealer on December 13, 2022, after it discovered "several sets of logs" exfiltrated using the malware on an illicit cybercrime marketplace called Russian Market.

Malware 88

Malware Cybercrime Marketing 88

CSO Magazine

DECEMBER 26, 2022

The technology sector's vulnerability to the vagaries of geopolitics and the macroeconomy became clearer than ever in 2022, as IT giants laid off workers en masse, regulators cracked down on tech rule-breakers, nations negotiated data privacy, the EU-China chip war widened, and the Ukraine war disrupted business as usual. Through it all the classic tech themes—including innovation, constant change, and the fight to bolster cybersecurity—continued as ChatGPT was released, Broadcom sought to purch

Data privacy 80

Data privacy Technology Cybersecurity 80

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

The Hacker News

DECEMBER 26, 2022

As we are nearing the end of 2022, looking at the most concerning threats of this turbulent year in terms of testing numbers offers a threat-based perspective on what triggers cybersecurity teams to check how vulnerable they are to specific threats.

Cybersecurity 86

Cybersecurity 86

WIRED Threat Level

DECEMBER 26, 2022

From SBF to the GRU, these were the most disruptive forces of online chaos this year.

Internet 89

Internet Internet Hacking 89

The Hacker News

DECEMBER 26, 2022

Cybersecurity researchers have exposed a wide variety of techniques adopted by an advanced malware downloader called GuLoader to evade security software.

Software 93

Software Malware Cybersecurity 93

Security Affairs

DECEMBER 26, 2022

Cybersecurity researchers exposed new evasion techniques adopted by an advanced malware downloader called GuLoader. CrowdStrike researchers d a detailed multiple evasion techniques implemented by an advanced malware downloader called GuLoader (aka CloudEyE ). GuLoader uses a polymorphic shellcode loader to avoid traditional security solutions, the experts mapped all embedded DJB2 hash values for every API used by the malicious code.

Malware 52

Malware Antivirus Hacking Cybersecurity 52

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Security Boulevard

DECEMBER 26, 2022

Last August, LastPass reported a security breach, saying that no customer information—or passwords—were compromised. Turns out the full story is worse : While no customer data was accessed during the August 2022 incident, some source code and technical information were stolen from our development environment and used to target another employee, obtaining credentials and keys which were used to access and decrypt some storage volumes within the cloud-based storage service. […].

Backups 52

Backups Passwords Accountability Data breaches 52

Security Boulevard

DECEMBER 26, 2022

via the respected security expertise of Robert M. Lee and the superlative illustration talents of Jeff Haas at Little Bobby Comic. Permalink. The post Robert M. Lee’s & Jeff Haas’ Little Bobby Comic – ‘WEEK 413’ appeared first on Security Boulevard.

52

52

Security Boulevard

DECEMBER 26, 2022

Five Tips to Put the Bah Humbug in Their Holiday Capers. Since the outbreak of the coronavirus pandemic in 2020, many organizations have struggled to stay a step ahead of attackers who are taking advantage of remote workforces and rapidly adopted technologies—many of which don’t have the same cyber protections and training we might have once expected in an onsite business world. .

Ransomware 52

Ransomware Technology Risk Government 52

Security Boulevard

DECEMBER 26, 2022

New Year’s resolutions aren’t the only thing you should be preparing for this time of year. January 1st, 2023, CCPA will come into effect. The CCPA (California Consumer Privacy Act) is, in a way, California’s version of the EU’s GDPR regulation with the purpose of protecting PII / customer data. While there are some differences …. Continue reading "Is your cloud ready for CCPA?".

52

52

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

Security Boulevard

DECEMBER 26, 2022

Complete Title : USENIX Security '22 - Masoud Mehrabi Koushki, Yue Huang, Julia Rubin, Konstantin Beznosov ‘Neither Access Nor Control: A Longitudinal Investigation Of The Efficacy Of User Access-Control Solutions On Smartphones’. Our thanks to USENIX for publishing their Presenter’s USENIX Security ’22 Conference tremendous content on the organization’s’ YouTube channel.

Education 40

Education Cybersecurity 40

Security Boulevard

DECEMBER 26, 2022

Our thanks to USENIX for publishing their Presenter’s USENIX Security ’22 Conference tremendous content on the organization’s’ YouTube channel. Permalink. The post USENIX Security ’22 – David Schrammel, Samuel Weiser, Richard Sadek, Stefan Mangard ‘Jenny: Securing Syscalls for PKU-based Memory Isolation Systems’ appeared first on Security Boulevard.

Education 40

Education InfoSec Cybersecurity 40