Joseph Steinberg

APRIL 25, 2023

It is hardly a secret that, for nearly 30 years, I have been warning about the danger posed to US national security by the simultaneous combination of our growing reliance on Chinese technology, and our general indifference to China’s huge technological “leaps forward” in the realm of cybersecurity. At the same time, I do use Tik Tok, an app that many American officials would like to ban due to the app being owned and operated by a Chinese concern.

Artificial Intelligence 195

Artificial Intelligence Cybersecurity Manufacturing Software 195

The Last Watchdog

APRIL 25, 2023

Software composition analysis — SCA – is a layer of the security stack that, more so than ever, plays a prominent role in protecting modern business networks. Related: All you should know about open-source exposures This is especially true as software developers increasingly rely on generic open source and commercial components to innovate in hyperkinetic DevOps and CI/CD mode.

Software 201

Software Technology Internet Internet 201

Tech Republic Security

APRIL 25, 2023

Cisco took the stage at RSA 2023 to tout extended detection and response as key to a unified cross-domain security platform, plus new Duo MFA features. The post RSA: Cisco launches XDR, with focus on platform-based cybersecurity appeared first on TechRepublic.

Cybersecurity 156

Cybersecurity Authentication 156

Security Boulevard

APRIL 25, 2023

2FA OTP ASAP? Google Authenticator app now syncs your secrets: No stress if you break your phone. The post FINALLY! Google Makes 2FA App Useable — BUT There’s a Catch appeared first on Security Boulevard.

Authentication 144

Authentication Social Engineering Security Awareness Engineering 144

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

CyberSecurity Insiders

APRIL 25, 2023

The Quad nations comprising India, Japan, Australia, and the United States will reach an agreement on how to create a collective approach to blocking cyber attacks on critical public infrastructure, such as the power and communication sectors. The Quad countries have devised a plan to meet next month in Australia to reach an agreement on how to involve, deal with, and address state-funded attacks on national infrastructure.

Cyber Attacks 123

Cyber Attacks Ransomware Cybersecurity 123

Bleeping Computer

APRIL 25, 2023

The Mirai malware botnet is actively exploiting a TP-Link Archer A21 (AX1800) WiFi router vulnerability tracked as CVE-2023-1389 to incorporate devices into DDoS (distributed denial of service) swarms. [.

Malware 115

Malware DDOS 115

Bleeping Computer

APRIL 25, 2023

The Google Authenticator app has received a critical update for Android and iOS that allows users to back up their two-factor authentication one-time passwords (OTPs) to their Google Accounts and have multi-device support. [.

Authentication 115

Authentication Passwords Accountability 115

Security Boulevard

APRIL 25, 2023

If you are part of an app and security team, or work with sensitive data, especially those in the tech industries, or have a global consumer base, then GDPR compliance needs to be on your radar. The General Data Protection Regulation (GDPR) is a set of regulations designed to protect the privacy of European Union […] The post Why App Security Teams Need to Understand GDPR Compliance appeared first on Security Boulevard.

109

109

CSO Magazine

APRIL 25, 2023

The EU Commission has announced 19 large online platforms and search engines that will face new content moderation rules under the Digital Services Act. The legislation, passed last year, introduced a specific regime for Very Large Online Platforms (VLOPs) and Very Large Online Search Engines (VLOSEs), all of which have more than 45 million users in the EU.

Engineering 109

Engineering 109

Bleeping Computer

APRIL 25, 2023

VMware has released security updates to address zero-day vulnerabilities that could be chained to gain code execution systems running unpatched versions of the company's Workstation and Fusion software hypervisors. [.

Software 100

Software 100

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

CSO Magazine

APRIL 25, 2023

Security researchers sounded the alert about a vulnerability in an UDP-based network service called the Service Location Protocol (SLP) that can be abused to amplify DDoS attacks. Tens of thousands of systems and devices have this service exposed to the internet. Attackers could use them to generate massive attacks, and cleaning them up will likely take a very long time.

DDOS 105

DDOS Internet Internet 105

Dark Reading

APRIL 25, 2023

The Data Security Maturity Model ditches application, network, and device silos when it comes to architecting a data security strategy.

CISO 115

CISO 115

Security Boulevard

APRIL 25, 2023

At the RSA Conference 2023 event, CrowdStrike and Google today announced they are collaborating on an effort to better secure instances of ChromeOS being used at the network edge. It will be delivered via CrowdStrike Falcon Insight detection and response services starting in June 2023. Raj Rajamani, chief product officer for data, identity, cloud and.

Cybersecurity 98

Cybersecurity Network Security 98

Security Affairs

APRIL 25, 2023

VMware addressed zero-day flaws that can be chained to achieve arbitrary code execution on Workstation and Fusion software hypervisors. VMware released security updates to address two zero-day vulnerabilities ( CVE-2023-20869, CVE-2023-20870 ) that were chained by the STAR Labs team during the Pwn2Own Vancouver 2023 hacking contest against Workstation and Fusion software hypervisors.

Hacking 97

Hacking Education Software Media 97

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Security Boulevard

APRIL 25, 2023

Palo Alto Networks and Accenture today announced they have extended their alliance to jointly deliver instances of secure access service edge (SASE) services. Accenture will work with organizations to either set up Palo Alto Networks’ Prisma SASE or completely manage it on their behalf. Palo Alto Networks has been making a case for a SASE. The post Palo Alto Networks Enlists Accenture to Drive SASE Adoption appeared first on Security Boulevard.

Cybersecurity 98

Cybersecurity Network Security 98

Bleeping Computer

APRIL 25, 2023

Microsoft has released the optional April 2023 non-security cumulative updates for all editions of Windows 11 22H2 with a new option to prioritize non-security and feature Windows updates. [.

97

97

Dark Reading

APRIL 25, 2023

Ultimately AI will protect the enterprise, but it's up to the cybersecurity community to protect 'good' AI in order to get there, RSA's Rohit Ghai says.

Architecture 105

Architecture Cybersecurity 105

Security Affairs

APRIL 25, 2023

Peugeot, a French brand of automobiles owned by Stellantis, exposed its users in Peru, a South American country with a population of nearly 34 million. A brand, best known for its lion roaring for over a century, has leaked access to its user data in Peru. And while the country is not that big of a market for the car maker, this discovery is yet another example of how big and well-known brands fail to secure sensitive data.

Social Engineering 95

Social Engineering Education Media Marketing 95

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

The Hacker News

APRIL 25, 2023

Details have emerged about a high-severity security vulnerability impacting Service Location Protocol (SLP) that could be weaponized to launch volumetric denial-of-service attacks against targets.

DDOS 96

DDOS 96

Security Affairs

APRIL 25, 2023

Mirai botnet started exploiting the CVE-2023-1389 vulnerability (aka ZDI-CAN-19557/ZDI-23-451 ) in TP-Link Archer A21 in recent attacks. Last week, the Zero Day Initiative (ZDI) threat-hunting team observed the Mirai botnet attempting to exploit the CVE-2023-1389 vulnerability (aka ZDI-CAN-19557/ZDI-23-451, CVSS v3: 8.8) in TP-Link Archer AX21 Wi-Fi routers.

DDOS 92

DDOS Engineering Firmware Architecture 92

Dark Reading

APRIL 25, 2023

Customers should apply updates to the print management software used by more than 100 million organizations worldwide, with typical US customers found in the SLED sector.

Software 95

Software 95

Security Affairs

APRIL 25, 2023

Google Cloud Security and Project Zero researchers found multiple vulnerabilities in the Intel Trust Domain Extensions (TDX). Google Cloud Security and Project Zero researchers, working with Intel experts, discovered multiple vulnerabilities in the Intel Trust Domain Extensions (TDX). The Intel Trust Domain Extensions (Intel® TDX) allows to deploy hardware-isolated, virtual machines (VMs) called trust domains (TDs).

Software 89

Software Education Media Hacking 89

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

The Hacker News

APRIL 25, 2023

A financially-motivated North Korean threat actor is suspected to be behind a new Apple macOS malware strain called RustBucket. "[RustBucket] communicates with command and control (C2) servers to download and execute various payloads," Jamf Threat Labs researchers Ferdous Saljooki and Jaron Bradley said in a technical report published last week.

Malware 91

Malware 91

CyberSecurity Insiders

APRIL 25, 2023

In times of economic downturn, companies may become reactive in their approach to cybersecurity management, prioritizing staying afloat over investing in proactive cybersecurity measures. However, it’s essential to recognize that cybersecurity is a valuable investment in your company’s security and stability. Taking necessary precautions against cybercrime can help prevent massive losses and protect your business’s future.

Cybersecurity 90

Cybersecurity Penetration Testing Cyber Risk Cybercrime 90

Security Affairs

APRIL 25, 2023

A flaw in the Service Location Protocol (SLP), tracked as CVE-2023-29552, can allow to carry out powerful DDoS attacks. A high-severity security vulnerability (CVE-2023-29552, CVSS score: 8.6) impacting the Service Location Protocol ( SLP ) can be exploited by threat actors to conduct powerful volumetric DDoS attacks. The Service Location Protocol (SLP) is a legacy service discovery protocol that allows computers and other devices to find services in a local area network without prior configurat

DDOS 86

DDOS Internet Internet Firewall 86

CSO Magazine

APRIL 25, 2023

Phishing attacks are one of the most significant threats that organizations face today. As businesses increasingly rely on digital communication channels, cybercriminals exploit email, SMS, and voice communication vulnerabilities to launch sophisticated phishing attacks. Moreover, with the COVID-19 pandemic leading to a surge in remote work over the past several years, the risk of phishing attacks has only increased.

Phishing 88

Phishing Retail Education Risk 88

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Security Affairs

APRIL 25, 2023

North Korea-linked APT group BlueNoroff (aka Lazarus) was spotted targeting Mac users with new RustBucket malware. Researchers from security firm Jamf observed the North Korea-linked BlueNoroff APT group using a new macOS malware, dubbed RustBucket, family in recent attacks. The group BlueNoroff is considered a group that operates under the control of the notorious North Korea-linked Lazarus APT group.

Malware 85

Malware Social Engineering Architecture Education 85

CSO Magazine

APRIL 25, 2023

Leading cybersecurity response firms Accenture, IBM, and Mandiant have joined the Elite Cyber Defenders Program – a new, collaborative initiative designed to help secure critical infrastructure. Led by Nozomi Networks, the program aims to provide global industrial and government customers access to strong cybersecurity defense tools, incident response teams, and threat intelligence.

Government 87

Government Cybersecurity 87

Dark Reading

APRIL 25, 2023

The judges appreciated the scale of the problem the startup set out to solve: protecting the integrity of AI systems.

109

109

Trend Micro

APRIL 25, 2023

Two vulnerabilities in PaperCut have been found, and one of them is being actively exploited in the wild. This blog entry provides a summary of the vulnerabilities, and includes security guidance for IT and SOC professionals.

86

86

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.