Schneier on Security

OCTOBER 6, 2023

Well designed and well timed deepfake or two Slovakian politicians discussing how to rig the election: Šimečka and Denník N immediately denounced the audio as fake. The fact-checking department of news agency AFP said the audio showed signs of being manipulated using AI. But the recording was posted during a 48-hour moratorium ahead of the polls opening, during which media outlets and politicians are supposed to stay silent.

Media 235

Media Artificial Intelligence 235

Tech Republic Security

OCTOBER 6, 2023

Microsoft, the Dark Web and the name John Malkovich all factor into this EvilProxy phishing attack. The good news is there are steps IT can take to mitigate this security threat.

Phishing 185

Phishing Cybersecurity 185

Bleeping Computer

OCTOBER 6, 2023

23andMe has confirmed to BleepingComputer that it is aware of user data from its platform circulating on hacker forums and attributes the leak to a credential-stuffing attack. [.

Healthcare 145

Healthcare 145

WIRED Threat Level

OCTOBER 6, 2023

At least a million data points from 23andMe accounts appear to have been exposed on BreachForums. While the scale of the campaign is unknown, 23andMe says it's working to verify the data.

Accountability 145

Accountability Hacking 145

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Tech Republic Security

OCTOBER 6, 2023

Read our comprehensive review of IPVanish VPN. Discover its features, pricing, and more to determine if it meets your online security and privacy needs.

VPN 142

VPN 142

Graham Cluley

OCTOBER 6, 2023

A joint advisory from the United States's National Security Agency (NSA) and Cybersecurity and Infrastructure Security Agency (CISA) has shone a light on the top ten most common cybersecurity misconfigurations found in large private and public organisations. Read more in my article on the Tripwire State of Security blog.

Cybersecurity 134

Cybersecurity 134

Dark Reading

OCTOBER 6, 2023

The information leaked in the breach involves personally identifiable information as well as genetic ancestry data, potential relatives, and geolocations.

139

139

Malwarebytes

OCTOBER 6, 2023

Recently, Amazon announced that it will require all privileged Amazon Web Services (AWS) accounts to use multi-factor authentication (MFA) , starting in mid-2024. Our regular readers will know that we feel that passwords alone are not adequate protection , especially not for your important accounts. So we wholeheartedly agree with Amazon on this. Multi-factor authentication is so much more secure, and with that a lot more forgiving, than passwords alone.

Authentication 128

Authentication Passwords Social Engineering Accountability 128

We Live Security

OCTOBER 6, 2023

One of the biggest threats to watch out for on social media is fraud perpetrated by people who aren’t who they claim to be. Here’s how to recognize them.

Media 132

Media 132

Security Affairs

OCTOBER 6, 2023

Hospitality and entertainment company MGM Resorts announced that the costs of the recent ransomware attack costs exceeded $110 million. In September the hospitality and entertainment company MGM Resorts was hit by a ransomware attack that shut down its systems at MGM Hotels and Casinos. The incident affected hotel reservation systems in the United States and other IT systems that run the casino floors.

Ransomware 123

Ransomware Insurance Banking Hacking 123

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

The Hacker News

OCTOBER 6, 2023

Threat actors have been observed targeting semiconductor companies in East Asia with lures masquerading as Taiwan Semiconductor Manufacturing Company (TSMC) that are designed to deliver Cobalt Strike beacons. The intrusion set, per EclecticIQ, leverages a backdoor called HyperBro, which is then used as a conduit to deploy the commercial attack simulation software and post-exploitation toolkit.

Manufacturing 109

Manufacturing Software 109

Security Affairs

OCTOBER 6, 2023

Cisco addressed a critical Static Credentials Vulnerability, tracked as CVE-2023-20101, impacting Emergency Responder. Cisco released security updates to address a critical vulnerability, tracked as CVE-2023-20101 (CVSS score: 9.8), impacting Emergency Responder. A remote, unauthenticated attacker can exploit the vulnerability to log in to susceptible systems using hard-coded credentials that cannot be changed.

VPN 116

VPN Accountability Hacking Software 116

The Hacker News

OCTOBER 6, 2023

Ensuring sensitive data remains confidential, protected from unauthorized access, and compliant with data privacy regulations is paramount. Data breaches result in financial and reputational damage but also lead to legal consequences. Therefore, robust data access security measures are essential to safeguard an organization’s assets, maintain customer trust, and meet regulatory requirements.

Data privacy 109

Data privacy Data breaches 109

Bleeping Computer

OCTOBER 6, 2023

Cloud computing provider Blackbaud reached a $49.5 million agreement with attorneys general from 49 U.S. states to settle a multi-state investigation of a May 2020 ransomware attack and the resulting data breach. [.

Data breaches 108

Data breaches Ransomware 108

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Digital Guardian

OCTOBER 6, 2023

Emerging cyber threats against Linux and Industrial Control Systems (ICSs), organizations’ pain points with identity and security management, and a rise in scamming took this week’s headlines. Catch up on these stories and more in this week’s Friday Five!

Scams 105

Scams Cyber threats 105

Bleeping Computer

OCTOBER 6, 2023

The District of Columbia Board of Elections (DCBOE) is currently probing a data leak involving an unknown number of voter records following breach claims from a threat actor known as RansomedVC. [.

Hacking 107

Hacking 107

Malwarebytes

OCTOBER 6, 2023

More often than not, its our solemn duty on this site to keep you informed about the nature and tactics of dangerous, cunnning, and persistent cybercriminals. This is not one of those days. In fact, this is the oppposite of one of those days. This is about a passable spam email sent by a spammer who did the phishing equivalent of arriving at the airport three hours early for their flight, the day after it left.

Scams 106

Scams Engineering Authentication Media 106

Bleeping Computer

OCTOBER 6, 2023

The Federal Trade Commission says Americans have lost at least $2.7 billion to social media scams since 2021, with the real number likely many times larger due to unreported incidents. [.

Media 104

Media Scams 104

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Security Affairs

OCTOBER 6, 2023

Researchers published PoC exploits for CVE-2023-4911 vulnerability (aka Looney Tunables) impacting most popular Linux distributions. The vulnerability CVE-2023-4911 (CVSS score 7.8) is a buffer overflow issue that resides in the GNU C Library’s dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. An attacker can trigger the vulnerability to execute code with elevated privileges. “A buffer overflow was discovered in the GNU C Library’s dynamic loader ld

Hacking 106

Hacking Risk Information Security 106

The Hacker News

OCTOBER 6, 2023

As much as $7 billion in cryptocurrency has been illicitly laundered through cross-chain crime, with the North Korea-linked Lazarus Group linked to the theft of roughly $900 million of those proceeds between July 2022 and July of this year.

Cryptocurrency 98

Cryptocurrency 98

Security Affairs

OCTOBER 6, 2023

The creation of a dedicated emergency number for cybersecurity could provide an effective solution to this rapidly growing challenge The growing threat of cybercrime is calling for new and innovative defense strategies. While the phone number for physical emergencies is already time-tested, the absence of a similar hotline for cybercrimes is a significant gap in our digital security.

Cybersecurity 106

Cybersecurity Cybercrime Computers and Electronics Education 106

Dark Reading

OCTOBER 6, 2023

MGM wins big bet that days of operations outages is better business than paying a ransom, following last month's data breach.

Data breaches 115

Data breaches Ransomware 115

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

Bleeping Computer

OCTOBER 6, 2023

MGM Resorts reveals that last month's cyberattack cost the company $100 million and allowed the hackers to steal customers' personal information.

Ransomware 101

Ransomware 101

The Hacker News

OCTOBER 6, 2023

GitHub has announced an improvement to its secret scanning feature that extends validity checks to popular services such as Amazon Web Services (AWS), Microsoft, Google, and Slack. Validity checks, introduced by the Microsoft subsidiary earlier this year, alert users whether exposed tokens found by secret scanning are active, thereby allowing for effective remediation measures.

90

90

Heimadal Security

OCTOBER 6, 2023

Lyca Mobile has released a statement about an unexpected disruption on its network caused by a cyberattack that may have also compromised customer data. The British company provides voice IP (VoIP) and mobile telecommunications services in 60 nations, including the US, UK, Germany, Australia, France, Italy, and the Netherlands. Details About the Attack The attack […] The post Lyca Mobile Affected by Cyberattack appeared first on Heimdal Security Blog.

Mobile 87

Mobile Telecommunications Cybersecurity 87

Dark Reading

OCTOBER 6, 2023

Try these steps to create an operational resilience action plan that will satisfy financial regulators and help sustain business without disruption.

95

95

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

CompTIA on Cybersecurity

OCTOBER 6, 2023

From the networking to business-building sessions, to connecting with friends, the EMEA Member and Partner Conference 2023 had something for everyone.

94

94

Heimadal Security

OCTOBER 6, 2023

On the majority of Linux distributions, proof-of-concept attacks for a high-severity vulnerability in the dynamic loader of the GNU C Library have previously been made public online. Details About the Vulnerability The security vulnerability is known as “Looney Tunables” and is tracked as CVE-2023-4911. The vulnerability occurs due to a buffer overflow weakness, and it […] The post PoC Exploits Released for Major Linux Flaw appeared first on Heimdal Security Blog.

Cybersecurity 79

Cybersecurity 79

Security Boulevard

OCTOBER 6, 2023

Protect AI this week has added three open source tools to detect threats to artificial intelligence (AI) models. The post ProtectAI Adds Three Tools to Secure AI Models appeared first on Security Boulevard.

Artificial Intelligence 76

Artificial Intelligence Data privacy Risk Government 76

Dark Reading

OCTOBER 6, 2023

The encrypted messaging app was hacked in the wake of an online scam before access was "swiftly restored.

Hacking 98

Hacking Accountability Scams Encryption 98

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.