Tue.Jan 24, 2023

article thumbnail

Bulk Surveillance of Money Transfers

Schneier on Security

Just another obscure warrantless surveillance program. US law enforcement can access details of money transfers without a warrant through an obscure surveillance program the Arizona attorney general’s office created in 2014. A database stored at a nonprofit, the Transaction Record Analysis Center (TRAC), provides full names and amounts for larger transfers (above $500) sent between the US, Mexico and 22 other regions through services like Western Union, MoneyGram and Viamericas.

article thumbnail

Administrator of RSOCKS Proxy Botnet Pleads Guilty

Krebs on Security

Denis Emelyantsev , a 36-year-old Russian man accused of running a massive botnet called RSOCKS that stitched malware into millions of devices worldwide, pleaded guilty to two counts of computer crime violations in a California courtroom this week. The plea comes just months after Emelyantsev was extradited from Bulgaria, where he told investigators, “America is looking for me because I have enormous information and they need it.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

How hackers stole the personal data of 37 million T-Mobile customers

Tech Republic Security

The criminals took advantage of an API to grab personal details such as customer names, billing addresses, email addresses, phone numbers, dates of birth, and T-Mobile account numbers. The post How hackers stole the personal data of 37 million T-Mobile customers appeared first on TechRepublic.

Mobile 216
article thumbnail

What is PSaaS and is it Worthwhile?

Security Boulevard

Cloud computing has been adopted more rapidly in recent years, and we see more cloud applications in security. As businesses return to the office, they need to rethink physical security to futureproof their security strategy against the constantly evolving security landscape. Is physical security-as-a-service (PSaaS) the solution for a futureproof security strategy?

article thumbnail

How to Avoid Pitfalls In Automation: Keep Humans In the Loop

Speaker: Erroll Amacker

Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.

article thumbnail

Recent rise in SEO poisoning attacks compromise brand reputations

Tech Republic Security

A new research report from SentinelOne exposes a SEO poisoning attack campaign that hijacks brand names in paid search ads. The post Recent rise in SEO poisoning attacks compromise brand reputations appeared first on TechRepublic.

Media 205
article thumbnail

5 valuable skills your children can learn by playing video games

We Live Security

Gaming can help your children build and sharpen a range of life skills that will stand them in good stead in the future The post 5 valuable skills your children can learn by playing video games appeared first on WeLiveSecurity

138
138

LifeWorks

More Trending

article thumbnail

GoTo says hackers stole customers' backups and encryption key

Bleeping Computer

GoTo (formerly LogMeIn) is warning customers that threat actors who breached its development environment in November 2022 stole encrypted backups containing customer information and an encryption key for a portion of that data. [.

Backups 137
article thumbnail

Companies slow to “mask up” with zero trust cybersecurity protocols

Tech Republic Security

A new study by Gartner predicts that by 2026 just 10% of companies will have zero-trust protocols in place against cybersecurity exploits. The post Companies slow to “mask up” with zero trust cybersecurity protocols appeared first on TechRepublic.

article thumbnail

Google advertisements turning into malware spreading platforms

CyberSecurity Insiders

The next time when you search for a software download on the Google search engine, be cautious, as the software might also bring in new trouble as malware or might strictly act as a source to malware spread that can steal data and encrypt all the information on the web. Security analysts from MalwareHunterTeam have discovered a threat actor tracked DEV-0569 spreading malware dubbed ‘Rhadamanthys’( Son of Zeus in Greek) by hosting it in Google Ads.

article thumbnail

Attacking The Supply Chain: Developer

Trend Micro

In this proof of concept, we look into one of several attack vectors that can be abused to attack the supply chain: targeting the developer. With a focus on the local integrated developer environment (IDE), this proof considers the execution of malicious build scripts via injecting commands when the project or build is incorrectly “trusted”.

article thumbnail

Why Giant Content Libraries Do Nothing for Your Employees’ Cyber Resilience

Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.

article thumbnail

Ransomware access brokers use Google ads to breach your network

Bleeping Computer

A threat actor tracked as DEV-0569 uses Google Ads in widespread, ongoing advertising campaigns to distribute malware, steal victims' passwords, and ultimately breach networks for ransomware attacks. [.

article thumbnail

GoTo admits: Customer cloud backups stolen together with decryption key

Naked Security

We were going to write, "Once more unto the breach, dear friends, once more". but it seems to go without saying these days.

Backups 134
article thumbnail

China spies on the UK populace with microchips

CyberSecurity Insiders

Britain populace should start being cautious with smart appliances as security analysts suggest that china might have started a spying campaign on them via domestic appliances. Yes, what you’ve read is right! There is a fair amount of chance that Beijing might have weaponized millions of gadgets operating in the household of Britons through microchips.

article thumbnail

Cybercriminals Use VSCode Extensions as New Attack Vector

eSecurity Planet

Microsoft’s Visual Studio Code integrated development environment (IDE) is used by as much as 75% of developers, so any security issue has widespread implications. And Aqua Nautilus researchers have discovered a big one. The researchers reported earlier this month that the VSCode editor could be vulnerable to attacks targeting its extensions. The free open source and cross-platform IDE is very easy to use, and there are literally thousands of free extensions developers can install in one c

article thumbnail

Zero Trust Mandate: The Realities, Requirements and Roadmap

The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.

article thumbnail

The Security Challenges of API Sprawl

Security Boulevard

When you have a lot of something—of anything—it’s hard to keep track. It could be books, cats, tools in the garage, apps on the phone. And when you can’t keep track, you create some level of risk, likely as a result of poor inventory and control. Well, this is what we’re seeing with APIs today. The post The Security Challenges of API Sprawl appeared first on Security Boulevard.

Risk 121
article thumbnail

Privacy’s impact continues to grow, but more remains to be done

Cisco Security

As part of Cisco’s recognition of International Data Privacy Day, today we released the Cisco 2023 Data Privacy Benchmark Study , our sixth annual review of key privacy issues and their impact on business. Drawing on responses from more than 3100 organizations in 26 geographies, the findings show that organizations continue to prioritize and get attractive returns from their privacy investments, while integrating privacy into many of their most important processes, including sales motions, mana

article thumbnail

CYGNVS exits stealth, trumpeting its cyberattack recovery platform

CSO Magazine

Cyber recovery startup CYGNVS announced its emergence from stealth today, having raised $55 million in series A funding and created a highly functional “cyber crisis” platform which promises to help organizations recover from major breaches. The company’s product is in its name – CYGNVS says it’s an acronym for Cyber GuidaNce Virtual Space. It’s effectively an all-in-one disaster recovery system for cyberattacks.

Mobile 115
article thumbnail

SHARED INTEL: Here’s why security analysts need to remain on high alert for fake bug reports

The Last Watchdog

In an ideal world, cybersecurity analysts would get legitimate daily reports on improving a company’s security. Unfortunately, the likelihood of being handed unsolicited, untrustworthy advice is high. Related: Tech giants foster third-party snooping This is what fake bug reports are all about. Scammers now routinely spray out fake bug reports designed to take advantage of the naiveite and/or lack of vigilance of security analysts in the field.

article thumbnail

Next-Level Fraud Prevention: Strategies for Today’s Threat Landscape

Speaker: Sierre Lindgren

Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.

article thumbnail

Why And How To Implement A Company-Wide Cybersecurity Plan

SecureBlitz

Implementing a company-wide cybersecurity plan is essential for the success of any organization. With the rapid growth of technology, cybersecurity threats of any magnitude can come from anywhere and anytime. To avert this and protect your business, have a company-wide cybersecurity plan and ensure that it’s comprehensive and well-thought-out to protect your valuable data and […] The post Why And How To Implement A Company-Wide Cybersecurity Plan appeared first on SecureBlitz Cyberse

article thumbnail

P-to-P fraud most concerning cyber threat in 2023: CSI

CSO Magazine

US financial institutions see peer-to-peer fraud and other digital fraud as the biggest cybersecurity concern in 2023. It was cited by 29% of respondents in a survey by Computer Systems Inc. (CSI), followed by data breaches (23%), ransomware (20%) and a breach at a third party (15%). Industry respondents also expressed concerns over identity theft at 4%, unavailable or unaffordable cyber insurance at 4%, geopolitical risks at 3%, DDoS attacks at 2% and website defacement at 0.9%, according to C

article thumbnail

Security and the Electric Vehicle Charging Infrastructure

Dark Reading

When EVs and smart chargers plug in to critical infrastructure, what can go wrong? Plenty.

111
111
article thumbnail

Get lifetime access to this feature-rich VPN for just $60

Tech Republic Security

The Seed4.me VPN is now on sale for a limited time. The post Get lifetime access to this feature-rich VPN for just $60 appeared first on TechRepublic.

VPN 110
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

How passkeys are changing authentication

CSO Magazine

Passwords are a central aspect of security infrastructure and practice, but they are also a principal weakness involved in 81% of all hacking breaches. Inherent useability problems make passwords difficult for users to manage safely. These security and useability shortcomings have driven the search for alternative approaches known generally as passwordless authentication.

article thumbnail

VMware fixes critical security bugs in vRealize log analysis tool

Bleeping Computer

VMware released security patches on Tuesday to address vRealize Log Insight vulnerabilities that could enable attackers to gain remote execution on unpatched appliances. [.

105
105
article thumbnail

Emotet Malware Makes a Comeback with New Evasion Techniques

The Hacker News

The Emotet malware operation has continued to refine its tactics in an effort to fly under the radar, while also acting as a conduit for other dangerous malware such as Bumblebee and IcedID.

Malware 105
article thumbnail

Chat Cybersecurity: AI Promises a Lot, But Can It Deliver?

Dark Reading

Machine learning offers great opportunities, but it still can't replace human experts.

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

SEC to Put More Onus on Corporate Boards for Cybersecurity

SecureWorld News

From the "why has it taken this long" file, the U.S. Securities and Exchange Commission (SEC) sometime this year will require corporate boards to clean up their cybersecurity act and increase transparency by disclosing cybersecurity incidents with full details to the SEC and investors within four business days. In addition to reporting there was an incident, publicly traded corporations must identify who on their board or which subcommittee is responsible for cybersecurity and their relevant exp

article thumbnail

Apple Issues Updates for Older Devices to Fix Actively Exploited Vulnerability

The Hacker News

Apple has backported fixes for a recently disclosed critical security flaw affecting older devices, citing evidence of active exploitation. The issue, tracked as CVE-2022-42856, is a type confusion vulnerability in the WebKit browser engine that could result in arbitrary code execution when processing maliciously crafted web content.

article thumbnail

Hackers use Golang source code interpreter to evade detection

Bleeping Computer

A Chinese-speaking hacking group tracked as 'DragonSpark' was observed employing Golang source code interpretation to evade detection while launching espionage attacks against organizations in East Asia. [.

Hacking 101
article thumbnail

FBI Says North Korean Hackers Behind $100 Million Horizon Bridge Crypto Theft

The Hacker News

The U.S. Federal Bureau of Investigation (FBI) on Monday confirmed that North Korean threat actors were responsible for the theft of $100 million in cryptocurrency assets from Harmony Horizon Bridge in June 2022.

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!