Fri.Dec 16, 2022

article thumbnail

Apple Patches iPhone Zero-Day

Schneier on Security

The most recent iPhone update—to version 16.1.2—patches a zero-day vulnerability that “may have been actively exploited against versions of iOS released before iOS 15.1.” News : Apple said security researchers at Google’s Threat Analysis Group, which investigates nation state-backed spyware, hacking and cyberattacks, discovered and reported the WebKit bug.

Spyware 205
article thumbnail

Operation PowerOFF: DDoS Sites Denied Service (by US, UK, Europol)

Security Boulevard

Around 50 so-called “booter” DDoS sites have been nuked by international law enforcement. And seven of their alleged administrators have been charged. The post Operation PowerOFF: DDoS Sites Denied Service (by US, UK, Europol) appeared first on Security Boulevard.

DDOS 117
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

As Long as We’re on the Subject of CAPTCHAs

Schneier on Security

There are these.

276
276
article thumbnail

The Data of 5.7 Million Gemini Users Leaked by Threat Actors

Heimadal Security

This week, the Gemini cryptocurrency exchange disclosed that after a threat actor obtained the clients’ data from a third-party vendor, they became the victim of phishing attacks. BleepingComputer identified multiple posts on hacker forums offering to sell a database allegedly from Gemini containing email addresses, phone numbers, and other personal data of 5.7 million users. […].

article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

Backup saves the day after crime author loses laptop in blizzard

Graham Cluley

Celebrated crime author Ann Cleeves turned to Twitter this week, desperate for help. The reason? The author, whose novels had been the inspiration for TV series like "Vera", had lost her HP laptop during a blizzard in Shetland.

Backups 108
article thumbnail

2023 cybersecurity predictions by the IronNet team

Security Boulevard

As we wrap up a year marked by a global pandemic, a protracted war in Ukraine, soaring inflation, exorbitant gas prices, and relentless ransomware attacks, we nevertheless look to 2023 in cybersecurity with a bit of hopefulness. Why? Because the drum beat for Collective Defense is gaining momentum across the public and private sectors. What's more, IronNet has launched a proactive threat intelligence feed called IronRadar SM that detects and blocks malicious command and control (C2) infrastructu

More Trending

article thumbnail

8 Social Media Influencers Accused of Securities Fraud in the US

Heimadal Security

Authorities from the Southern District of Texas accused eight men of committing securities fraud by participating in a “pump and dump” scheme. The scammers were running the fraud scheme on social media and managed to earn $114 million before they were discovered. How the “Pump and Dump” Scheme Worked The eight men used social media […]. The post 8 Social Media Influencers Accused of Securities Fraud in the US appeared first on Heimdal Security Blog.

Media 97
article thumbnail

Microsoft: Edge update will disable Internet Explorer in February

Bleeping Computer

Microsoft announced today that a future Microsoft Edge update would permanently disable the Internet Explorer 11 desktop web browser on some Windows 10 systems in February. [.].

article thumbnail

CISA adds Veeam Backup and Replication bugs to Known Exploited Vulnerabilities Catalog

Security Affairs

US CISA added two vulnerabilities impacting Veeam Backup & Replication software to its Known Exploited Vulnerabilities Catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added two vulnerabilities impacting Veeam Backup & Replication software, tracked as CVE-2022-26500 and CVE-2022-26501 (CVSS 3.1 Base Score 9.8), to its Known Exploited Vulnerabilities Catalog.

Backups 98
article thumbnail

Top Three Tips for Building Your MSP Audience

Security Boulevard

The way MSPs target prospects has evolved. Using a one-size-fits-all approach is no longer the most effective option for MSPs. Read More. The post Top Three Tips for Building Your MSP Audience appeared first on Kaseya. The post Top Three Tips for Building Your MSP Audience appeared first on Security Boulevard.

article thumbnail

Beware of Pixels & Trackers on U.S. Healthcare Websites

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

article thumbnail

Update now! Apple patches active exploit vulnerability for iPhones

Malwarebytes

Apple has released new security content for iOS 16.1.2 and Safari 16.2. Normally we would say that Apple pushed out updates, but in this mysterious case the advisory is about an iPhone software update Apple released two weeks ago. As it turns out, to fix a zero-day security vulnerability that was actively exploited. Mitigation. The updates should all have reached you in your regular update routines, but it doesn't hurt to check if your device is at the latest update level.

Spyware 98
article thumbnail

Cybersecurity Insights with Contrast CISO David Lindner | 12/16

Security Boulevard

Insight #1. ". Lobbying from ITIC has pushed back on the recent OMB 22-18 directive to require self-attestations and SBOMs from software vendors selling to the US Government. It’s time we all start being more transparent about our secure software development processes and stop delaying the inevitable.". . Insight #2. ". Multiple state governments have banned TikTok on state-owned devices over the past few weeks due to concerns over how data has been managed.

CISO 98
article thumbnail

Virtual kidnapping scam strikes again. Spot the signs

Malwarebytes

Warnings abound of a major new piece of fraud doing the rounds which uses your relative’s voice as part of a blackmail scam. What happens is the victim receives a call from said relative’s number, and they’re cut off by blackmailers who have them held hostage. The only way to get them back safely is to pay a sizable sum of money, usually within a time limit.

Scams 98
article thumbnail

Emerging Cybersecurity Threats: Prepare Now for 2023

Security Boulevard

As an eventful 2022 draws to a close, it’s worth analyzing and understanding the challenges organizations will be facing in the new year. This becomes even more imperative as the ever-changing cybersecurity landscape continues to evolve, often resembling a game of cat-and-mouse, where organizations and attackers compete to outwit one another. From bad bots to […].

article thumbnail

Software Composition Analysis: The New Armor for Your Cybersecurity

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

article thumbnail

Ex-Twitter employee Gets 3.5 Years Jail for Spying on Behalf of Saudi Arabia

The Hacker News

A former Twitter employee who was found guilty of spying on behalf of Saudi Arabia by sharing data pertaining to specific individuals has been sentenced to three-and-a-half years in prison. Ahmad Abouammo, 45, was convicted earlier this August on various criminal counts, including money laundering, fraud, falsifying records, and being an illegal agent of a foreign government.

article thumbnail

Microsoft: Minecraft Servers Are Being Attacked by a Cross-Platform DDoS Botnet

Heimadal Security

On Thursday, Microsoft warned users about a cross-platform botnet that targets private Minecraft servers with distributed denial-of-service (DDoS) attacks. The botnet, known as MCCrash, has a special technique for propagating that allows it to infect Linux-based computers despite its origins in malicious software downloaded on Windows hosts. Cybersecurity researchers from Microsoft are tracking the cluster of […].

DDOS 95
article thumbnail

Samba Issues Security Updates to Patch Multiple High-Severity Vulnerabilities

The Hacker News

Samba has released software updates to remediate multiple vulnerabilities that, if successfully exploited, could allow an attacker to take control of affected systems. The high-severity flaws, tracked as CVE-2022-38023, CVE-2022-37966, CVE-2022-37967, and CVE-2022-45141, have been patched in versions 4.17.4, 4.16.8 and 4.15.13 released on December 15, 2022.

article thumbnail

Phishing Attack Uses Facebook Posts to Evade Email Security

Heimadal Security

Phishing scams have become more complex over time, and scammers are finding new ways to obtain information about their victims. This new phishing campaign is no different. The crook hides text in the Facebook posts to trick potential victims into giving up their account credentials and personally identifiable information. A malicious email impersonating Facebook’s copyright […].

article thumbnail

From Complexity to Clarity: Strategies for Effective Compliance and Security Measures

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

article thumbnail

A Spotlight on Cybersecurity: 2022 Trends and 2023 Predictions

Security Boulevard

The post A Spotlight on Cybersecurity: 2022 Trends and 2023 Predictions appeared first on Digital Defense. The post A Spotlight on Cybersecurity: 2022 Trends and 2023 Predictions appeared first on Security Boulevard.

article thumbnail

Ukrainian Government Hacked Through Malicious Windows ISO Files

Heimadal Security

Ukrainian government networks were infected via trojanized ISO files posing as legitimate Windows 10 installers and several governmental institutions were hacked. Threat actors used malware to collect data from their victims, deploy additional malicious tools, and exfiltrate stolen data to controlled servers. According to cyber researchers, one of the malicious ISOs was hosted on the […].

article thumbnail

Worldwide law enforcement action takes down major DDoS booter services

Malwarebytes

Criminals making use of booter services which execute Distributed Denial of Service (DDoS) attacks to take down websites will have to try a little bit harder today: A major international operation has taken no fewer than 48 of the most popular booter services offline. The operation, known as “Power Off,” included law enforcement agencies from the UK, the US, the Netherlands, Germany, and Poland.

DDOS 96
article thumbnail

Former Twitter employee sentenced to 3.5 years in jail for spying on behalf of Saudi Arabia

Security Affairs

An ex Twitter employee has been sentenced to three-and-a-half years in prison for spying on individuals on behalf of Saudi Arabia. On august 2022, the former Twitter employee, Ahmad Abouammo (44), was found guilty of gathering private information of certain Twitter users and passing them to Saudi Arabia. Now Abouammo was has been sentenced to three-and-a-half years in prison for spying on individuals on behalf of Saudi Arabia. “A California man was sentenced yesterday to 42 months in fed

article thumbnail

Successful Change Management with Enterprise Risk Management

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

article thumbnail

InfraGard infiltrated by cybercriminal

Malwarebytes

InfraGard, a partnership between the FBI and members of the private sector that was established to protect critical infrastructure in the US, has been infiltrated by a cybercriminal. As a result, its database of contact information is now for sale on an English-language cybercrime forum. InfraGard. InfraGard is a partnership between the Federal Bureau of Investigation (FBI) and members of the private sector that was created to help protect US critical infrastructure.

article thumbnail

How To Generate Strong Passwords With SecureBlitz Password Generator

SecureBlitz

In this post, we will show you how to use our very own SecureBlitz Strong Password Generator. A completely free online password generator for internet users. It is no longer news that cybercriminals have doubled, and are wreaking havoc all over the world, cybersecurity experts and researchers reel out periodic findings on cyber-attacks week after […].

article thumbnail

Social Blade discloses security breach

Security Affairs

Social media analytics service Social Blade disclosed a security breach after a database containing allegedly stolen data from the company was offered for sale. Social Blade is an American social media analytics platform, the company disclosed the security breach after a database containing company data was offered for sale on a hacker forum this week.

article thumbnail

GitHub Announces Free Secret Scanning for All Public Repositories

The Hacker News

GitHub on Thursday said it is making available its secret scanning service to all public repositories on the code hosting platform for free. "Secret scanning alerts notify you directly about leaked secrets in your code," the company said, adding it's expected to complete the rollout by the end of January 2023.

97
article thumbnail

ERM Program Fundamentals for Success in the Banking Industry

Speaker: William Hord, Senior VP of Risk & Professional Services

Enterprise Risk Management (ERM) is critical for industry growth in today’s fast-paced and ever-changing risk landscape. When building your ERM program foundation, you need to answer questions like: Do we have robust board and management support? Do we understand and articulate our bank’s risk appetite and how that impacts our business units? How are we measuring and rating our risk impact, likelihood, and controls to mitigate our risk?

article thumbnail

Key Benefits of Using Extended Detection and Response (XDR) Solutions

Heimadal Security

If you are into cybersecurity, you already know that, in this field, change is the only constant. Threat actors are always changing their ways, finding newer, stronger, and more sophisticated software to attack your network and endpoints. So, security experts have to innovate too, and this is how more traditional endpoint detection and response solutions […].

article thumbnail

Cyber Security Is Not a Losing Game – If You Start Right Now

The Hacker News

Reality has a way of asserting itself, irrespective of any personal or commercial choices we make, good or bad. For example, just recently, the city services of Antwerp in Belgium were the victim of a highly disruptive cyberattack. As usual, everyone cried "foul play" and suggested that proper cybersecurity measures should have been in place. And again, as usual, it all happens a bit too late.

article thumbnail

MCCrash botnet targets private Minecraft servers, Microsoft warns

Security Affairs

Microsoft announced that a botnet dubbed MCCrash is launching distributed denial-of-service (DDoS) attacks against private Minecraft servers. Microsoft spotted a cross-platform botnet, tracked as MCCrash, which has been designed to launch distributed denial-of-service (DDoS) attacks against private Minecraft servers. The IT giant tracks this cluster of activity as DEV-1028.

DDOS 92
article thumbnail

Live From London: Next-Gen Cybersecurity Takes Stage at Black Hat Europe

Dark Reading

Check out our slideshow detailing the emerging cybersecurity trends in cloud, creating a defensible Internet, malware evolution, and more that lit up audiences in London.

article thumbnail

Cover Your SaaS: How to Overcome Security Challenges and Risks For Your Organization

Speaker: Ronald Eddings, Cybersecurity Expert and Podcaster

So, you’ve accomplished an organization-wide SaaS adoption. It started slow, and now just a few team members might be responsible for running Salesforce, Slack, and a few others applications that boost productivity, but it’s all finished. Or is it? Through all the benefits offered by SaaS applications, it’s still a necessity to onboard providers as quickly as possible.