Schneier on Security

JANUARY 24, 2023

Just another obscure warrantless surveillance program. US law enforcement can access details of money transfers without a warrant through an obscure surveillance program the Arizona attorney general’s office created in 2014. A database stored at a nonprofit, the Transaction Record Analysis Center (TRAC), provides full names and amounts for larger transfers (above $500) sent between the US, Mexico and 22 other regions through services like Western Union, MoneyGram and Viamericas.

Surveillance 218

Surveillance Government Accountability 218

Krebs on Security

JANUARY 24, 2023

Denis Emelyantsev , a 36-year-old Russian man accused of running a massive botnet called RSOCKS that stitched malware into millions of devices worldwide, pleaded guilty to two counts of computer crime violations in a California courtroom this week. The plea comes just months after Emelyantsev was extradited from Bulgaria, where he told investigators, “America is looking for me because I have enormous information and they need it.

Cybercrime 207

Cybercrime Advertising IoT Malware 207

Tech Republic Security

JANUARY 24, 2023

The criminals took advantage of an API to grab personal details such as customer names, billing addresses, email addresses, phone numbers, dates of birth, and T-Mobile account numbers. The post How hackers stole the personal data of 37 million T-Mobile customers appeared first on TechRepublic.

Mobile 215

Mobile Accountability Data breaches Phishing 215

Bleeping Computer

JANUARY 24, 2023

A threat actor tracked as DEV-0569 uses Google Ads in widespread, ongoing advertising campaigns to distribute malware, steal victims' passwords, and ultimately breach networks for ransomware attacks. [.

Ransomware 143

Ransomware Advertising Passwords Malware 143

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Tech Republic Security

JANUARY 24, 2023

A new research report from SentinelOne exposes a SEO poisoning attack campaign that hijacks brand names in paid search ads. The post Recent rise in SEO poisoning attacks compromise brand reputations appeared first on TechRepublic.

Media 190

Media Engineering Malware 190

Security Boulevard

JANUARY 24, 2023

Cloud computing has been adopted more rapidly in recent years, and we see more cloud applications in security. As businesses return to the office, they need to rethink physical security to futureproof their security strategy against the constantly evolving security landscape. Is physical security-as-a-service (PSaaS) the solution for a futureproof security strategy?

Security Awareness 143

Security Awareness Risk Government Cybersecurity 143

Bleeping Computer

JANUARY 24, 2023

GoTo (formerly LogMeIn) is warning customers that threat actors who breached its development environment in November 2022 stole encrypted backups containing customer information and an encryption key for a portion of that data. [.

Backups 140

Backups Encryption 140

Tech Republic Security

JANUARY 24, 2023

A new study by Gartner predicts that by 2026 just 10% of companies will have zero-trust protocols in place against cybersecurity exploits. The post Companies slow to “mask up” with zero trust cybersecurity protocols appeared first on TechRepublic.

Cybersecurity 171

Cybersecurity Malware 171

The Last Watchdog

JANUARY 24, 2023

In an ideal world, cybersecurity analysts would get legitimate daily reports on improving a company’s security. Unfortunately, the likelihood of being handed unsolicited, untrustworthy advice is high. Related: Tech giants foster third-party snooping This is what fake bug reports are all about. Scammers now routinely spray out fake bug reports designed to take advantage of the naiveite and/or lack of vigilance of security analysts in the field.

Computers and Electronics 113

Computers and Electronics Cybersecurity Scams Software 113

CyberSecurity Insiders

JANUARY 24, 2023

The next time when you search for a software download on the Google search engine, be cautious, as the software might also bring in new trouble as malware or might strictly act as a source to malware spread that can steal data and encrypt all the information on the web. Security analysts from MalwareHunterTeam have discovered a threat actor tracked DEV-0569 spreading malware dubbed ‘Rhadamanthys’( Son of Zeus in Greek) by hosting it in Google Ads.

Advertising 137

Advertising Malware Engineering Software 137

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

We Live Security

JANUARY 24, 2023

Gaming can help your children build and sharpen a range of life skills that will stand them in good stead in the future The post 5 valuable skills your children can learn by playing video games appeared first on WeLiveSecurity

139

139

CyberSecurity Insiders

JANUARY 24, 2023

Britain populace should start being cautious with smart appliances as security analysts suggest that china might have started a spying campaign on them via domestic appliances. Yes, what you’ve read is right! There is a fair amount of chance that Beijing might have weaponized millions of gadgets operating in the household of Britons through microchips.

Manufacturing 134

Manufacturing Marketing Government Cybersecurity 134

Security Boulevard

JANUARY 24, 2023

When you have a lot of something—of anything—it’s hard to keep track. It could be books, cats, tools in the garage, apps on the phone. And when you can’t keep track, you create some level of risk, likely as a result of poor inventory and control. Well, this is what we’re seeing with APIs today. The post The Security Challenges of API Sprawl appeared first on Security Boulevard.

Risk 119

Risk Cybersecurity 119

CSO Magazine

JANUARY 24, 2023

Cyber recovery startup CYGNVS announced its emergence from stealth today, having raised $55 million in series A funding and created a highly functional “cyber crisis” platform which promises to help organizations recover from major breaches. The company’s product is in its name – CYGNVS says it’s an acronym for Cyber GuidaNce Virtual Space. It’s effectively an all-in-one disaster recovery system for cyberattacks.

Mobile 115

Mobile 115

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Bleeping Computer

JANUARY 24, 2023

VMware released security patches on Tuesday to address vRealize Log Insight vulnerabilities that could enable attackers to gain remote execution on unpatched appliances. [.

115

115

CSO Magazine

JANUARY 24, 2023

US financial institutions see peer-to-peer fraud and other digital fraud as the biggest cybersecurity concern in 2023. It was cited by 29% of respondents in a survey by Computer Systems Inc. (CSI), followed by data breaches (23%), ransomware (20%) and a breach at a third party (15%). Industry respondents also expressed concerns over identity theft at 4%, unavailable or unaffordable cyber insurance at 4%, geopolitical risks at 3%, DDoS attacks at 2% and website defacement at 0.9%, according to C

Cyber threats 111

Cyber threats Identity Theft Cyber Insurance Insurance 111

Bleeping Computer

JANUARY 24, 2023

A Chinese-speaking hacking group tracked as 'DragonSpark' was observed employing Golang source code interpretation to evade detection while launching espionage attacks against organizations in East Asia. [.

Hacking 113

Hacking 113

Naked Security

JANUARY 24, 2023

We were going to write, "Once more unto the breach, dear friends, once more". but it seems to go without saying these days.

Backups 134

Backups 134

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

CSO Magazine

JANUARY 24, 2023

Passwords are a central aspect of security infrastructure and practice, but they are also a principal weakness involved in 81% of all hacking breaches. Inherent useability problems make passwords difficult for users to manage safely. These security and useability shortcomings have driven the search for alternative approaches known generally as passwordless authentication.

Authentication 109

Authentication Passwords Hacking 109

Trend Micro

JANUARY 24, 2023

In this proof of concept, we look into one of several attack vectors that can be abused to attack the supply chain: targeting the developer. With a focus on the local integrated developer environment (IDE), this proof considers the execution of malicious build scripts via injecting commands when the project or build is incorrectly “trusted”.

Cyber threats 106

Cyber threats Risk Mobile 106

Bleeping Computer

JANUARY 24, 2023

The WordPress online course plugin 'LearnPress' was vulnerable to multiple critical-severity flaws, including pre-auth SQL injection and local file inclusion. [.

110

110

eSecurity Planet

JANUARY 24, 2023

Microsoft’s Visual Studio Code integrated development environment (IDE) is used by as much as 75% of developers, so any security issue has widespread implications. And Aqua Nautilus researchers have discovered a big one. The researchers reported earlier this month that the VSCode editor could be vulnerable to attacks targeting its extensions. The free open source and cross-platform IDE is very easy to use, and there are literally thousands of free extensions developers can install in one c

Social Engineering 104

Social Engineering Accountability Marketing Engineering 104

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

CSO Magazine

JANUARY 24, 2023

ServiceNow Vulnerability Response users will now have access to Snyk Open Source. This will represent the Israeli-US vendor’s advanced software composition analysis (SCA) backed by Snyk’s security intelligence—a combination of public sources, data from the developer community, proprietary expert research, machine learning, and human-in-the-loop AI. ServiceNow Vulnerability Response is part of ServiceNow Security Operations and connects the workflow and automation capabilities of the ServiceNow p

Security Intelligence 101

Security Intelligence Software 101

Security Boulevard

JANUARY 24, 2023

The newest season of Fauda, now streaming on Netflix, is a real Hollywood meets Cybersecurity moment. Find out how realistic - or not - it is. The post Fauda: When Hollywood and Cybersecurity Meet appeared first on Ermetic. The post Fauda: When Hollywood and Cybersecurity Meet appeared first on Security Boulevard.

Cybersecurity 98

Cybersecurity 98

Malwarebytes

JANUARY 24, 2023

A fish is in hot water (metaphorically speaking) after having performed some incredible antics on a video game live stream. The fish, known for playing popular video game titles to completion on live streams, decided to take that whole gamer lifestyle thing a little too far and went on a rip-roaring crime rampage which came to a grand total of about 4 dollars.

Accountability 98

Accountability Phishing Risk Cybersecurity 98

SecureBlitz

JANUARY 24, 2023

Implementing a company-wide cybersecurity plan is essential for the success of any organization. With the rapid growth of technology, cybersecurity threats of any magnitude can come from anywhere and anytime. To avert this and protect your business, have a company-wide cybersecurity plan and ensure that it’s comprehensive and well-thought-out to protect your valuable data and […] The post Why And How To Implement A Company-Wide Cybersecurity Plan appeared first on SecureBlitz Cyberse

Cybersecurity 96

Cybersecurity Technology 96

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Malwarebytes

JANUARY 24, 2023

In December, 2022, we warned our readers about an actively exploited vulnerability in Apple’s WebKit. Back then we wondered why Apple specifically stated that the issue may have been actively exploited against versions of iOS released before iOS 15.1. At the time, our resident Apple expert Thomas Reed said that Apple has been known to release fixes for older systems when it is aware of active attacks taking place.

Engineering 97

Engineering Software 97

Bleeping Computer

JANUARY 24, 2023

Riot Games says it will not pay a $10 million ransom demanded by attackers who stole League of Legends source code in last week's security breach. [.

105

105

Malwarebytes

JANUARY 24, 2023

Yesterday I spent some time helping to fix a relative’s gaming PC. Their gaming data tied to Rockstar’s Grand Theft Auto 5 (GTAV) had somehow become corrupted and was no longer functional. I managed to repair the account and restore everything back to the way it was, but this isn’t the end of the story. There’s a possibility that my relative has been impacted by a hack claimed to be doing the rounds in GTAV circles.

Accountability 94

Accountability Risk Hacking Cybersecurity 94

Tech Republic Security

JANUARY 24, 2023

The Seed4.me VPN is now on sale for a limited time. The post Get lifetime access to this feature-rich VPN for just $60 appeared first on TechRepublic.

VPN 90

VPN 90

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.