Schneier on Security

OCTOBER 10, 2023

Adi Shamir et al. have a new model extraction attack on neural networks: Polynomial Time Cryptanalytic Extraction of Neural Network Models Abstract: Billions of dollars and countless GPU hours are currently spent on training Deep Neural Networks (DNNs) for a variety of tasks. Thus, it is essential to determine the difficulty of extracting all the parameters of such neural networks when given access to their black-box implementations.

257

257

Krebs on Security

OCTOBER 10, 2023

Microsoft today issued security updates for more than 100 newly-discovered vulnerabilities in its Windows operating system and related software, including four flaws that are already being exploited. In addition, Apple recently released emergency updates to quash a pair of zero-day bugs in iOS. Apple last week shipped emergency updates in iOS 17.0.3 and iPadOS 17.0.3 in response to active attacks.

Engineering 216

Engineering DDOS Software Authentication 216

Jane Frankland

OCTOBER 10, 2023

We all know the feeling: ensuring that your business is secure and running efficiently can feel overwhelming. It’s a hard balancing act between protecting valuable data, increasing productivity, controlling costs – especially when technology often seems to be outpacing security measures. But with the range of cloud-based security solutions available today, there doesn’t have to be an underlying fear of losing sensitive information or assets – not with the right solution and partner.

Risk 147

Risk Technology Cybersecurity Encryption 147

The Last Watchdog

OCTOBER 10, 2023

As tragic as it is, we are in a space where video has become a crucial asset in wartime. Related: Apple tool used as warfare weapon Ukraine’s defense against Russian invaders has changed the role of video. Accessing video-based intelligence at the right time and place is a very effective method for gaining information about the constantly changing military landscape.

Encryption 130

Encryption Technology Surveillance Authentication 130

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Tech Republic Security

OCTOBER 10, 2023

Australian and New Zealand businesses will increase spending on cybersecurity by double digits… but they might not be able to spend their way to safety.

Cybersecurity 167

Cybersecurity Artificial Intelligence 167

The Hacker News

OCTOBER 10, 2023

Amazon Web Services (AWS), Cloudflare, and Google on Tuesday said they took steps to mitigate record-breaking distributed denial-of-service (DDoS) attacks that relied on a novel technique called HTTP/2 Rapid Reset. The layer 7 attacks were detected in late August 2023, the companies said in a coordinated disclosure.

DDOS 131

DDOS 131

Bleeping Computer

OCTOBER 10, 2023

The Exchange Team asked admins to deploy a new and "better" patch for a critical Microsoft Exchange Server vulnerability initially addressed in August. [.

127

127

The Hacker News

OCTOBER 10, 2023

Google on Tuesday announced the ability for all users to set up passkeys by default, five months after it rolled out support for the FIDO Alliance-backed passwordless standard for Google Accounts on all platforms.

Accountability 118

Accountability 118

Bleeping Computer

OCTOBER 10, 2023

A Mirai-based DDoS (distributed denial of service) malware botnet tracked as IZ1H9 has added thirteen new payloads to target Linux-based routers and routers from D-Link, Zyxel, TP-Link, TOTOLINK, and others. [.

DDOS 113

DDOS Malware 113

Dark Reading

OCTOBER 10, 2023

An unprecedented collaboration by various APTs within the DPKR makes them harder to track, setting the stage for aggressive, complex cyberattacks that demand strategic response efforts, Mandiant warns.

108

108

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Bleeping Computer

OCTOBER 10, 2023

Microsoft warned customers this week of incorrect BitLocker drive encryption errors being shown in some managed Windows environments. [.

Encryption 130

Encryption 130

Security Affairs

OCTOBER 10, 2023

A new DDoS technique named ‘HTTP/2 Rapid Reset’ is actively employed in attacks since August enabling record-breaking attacks. Researchers disclosed a new zero-day DDoS attack technique, named ‘HTTP/2 Rapid Reset’, that was exploited since August in record-breaking attacks. Google announced to have observed a new series of massive DDoS attacks that reached a peak of 398 million requests per second (rps).

DDOS 107

DDOS Internet Internet Risk 107

NSTIC

OCTOBER 10, 2023

Today’s blog is the second one in our 2023 Cybersecurity Awareness Month series and examines different factors associated with using strong passwords and a password manager. We interviewed NIST’s Yee-Yin Choong and Meghan Anderson to get their unique thoughts and insights. This week’s Cybersecurity Awareness Month theme is ‘ using strong passwords and a password manager.

Password Management 106

Password Management Passwords Cybersecurity Technology 106

Security Affairs

OCTOBER 10, 2023

A vulnerability in the libcue library impacting GNOME Linux systems can be exploited to achieve remote code execution (RCE) on affected hosts. A threat actor can trigger a vulnerability, tracked as CVE-2023-43641 (CVSS score: 8.8), in the libcue library impacting GNOME Linux systems to achieve remote code execution (RCE) on affected hosts. libcue provides an API for parsing and extracting data from CUE sheets.

Engineering 107

Engineering Information Security Hacking 107

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

The Hacker News

OCTOBER 10, 2023

Microsoft has linked the exploitation of a recently disclosed critical flaw in Atlassian Confluence Data Center and Server to a nation-state actor it tracks as Storm-0062 (aka DarkShadow or Oro0lxy). The tech giant's threat intelligence team said it observed in-the-wild abuse of the vulnerability since September 14, 2023.

105

105

Dark Reading

OCTOBER 10, 2023

An overlooked library contains a vulnerability that could enable full remote takeover simply by clicking a link.

Risk 131

Risk 131

The Hacker News

OCTOBER 10, 2023

A sophisticated Magecart campaign has been observed manipulating websites' default 404 error page to conceal malicious code in what's been described as the latest evolution of the attacks. The activity, per Akamai, targets Magento and WooCommerce websites, with some of the victims belonging to large organizations in the food and retail industries.

Retail 104

Retail 104

Dark Reading

OCTOBER 10, 2023

October's CVE update is here. Here's which security vulnerabilities to patch now to exorcise your Microsoft systems demons.

118

118

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Malwarebytes

OCTOBER 10, 2023

On September 18, 2023, the Cybersecurity & Infrastructure Security Agency (CISA) announced that its Known Exploited Vulnerabilities (KEV) catalog has reached the milestone of covering more than 1,000 vulnerabilities since its launch in November 2021. This may seem like a lot, but with over 25,000 new vulnerabilities released in 2022 alone, it helps organizations to focus on the vulnerabilities that matter the most.

Internet 100

Internet Internet Healthcare Education 100

Dark Reading

OCTOBER 10, 2023

Threat intel experts see a reduced focus on desktop malware as threat groups prioritize passwords and tokens that let them access the same systems as remote workers.

Passwords 104

Passwords Malware 104

WIRED Threat Level

OCTOBER 10, 2023

Google is making passkeys, the emerging passwordless login technology, the default option for users as it moves to make passwords “obsolete.

Passwords 113

Passwords Technology 113

Heimadal Security

OCTOBER 10, 2023

The ALPHV ransomware group, also known as BlackCat, has claimed responsibility for a cyberattack that disrupted numerous state courts in Northwest Florida, specifically within the First Judicial Circuit, last week. Allegedly, the malicious actors were able to obtain sensitive personal information of employees and judges, including Social Security numbers and CVs.

Ransomware 98

Ransomware Cybersecurity 98

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

Dark Reading

OCTOBER 10, 2023

Researchers believe that more than 70,000 Android devices may have been affected with preloaded Peachpit malware that was installed on the electronics before being sold at market.

Marketing 96

Marketing Malware 96

SecureWorld News

OCTOBER 10, 2023

Tech Day of Pink is an annual initiative launched in 2017 by The Estée Lauder Companies (ELC) to focus on raising awareness, educating, and fundraising for breast cancer research directly within the IT community in the fight to end breast cancer. Michael W. Smith , CIO of ELC and Founder of Tech Day of Pink, was inspired by ELC's Breast Cancer Campaign, which began in 1993, to start this initiative.

Education 94

Education Media Cybersecurity Mobile 94

Dark Reading

OCTOBER 10, 2023

Keyloggers have been used for espionage since the days of the typewriter, but today's threats are easier to get and use than ever.

113

113

We Live Security

OCTOBER 10, 2023

Late nights at the VB2023 conference featured intriguing interactions between security experts and the somewhat enigmatic world of grayware purveyors.

101

101

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Tech Republic Security

OCTOBER 10, 2023

“Transform rooms, buildings and spaces into assets that inform new insights, inspire collaboration and drive efficiencies through automation and analytics. With our best-in-class, cloud-first technologies, Cisco Meraki removes complexity so you can focus on employees, customers and business. We bring IT, IoT and physical environments together so all IT teams can bring automated smart spaces.

IoT 85

IoT Technology 85

Dark Reading

OCTOBER 10, 2023

The cold, hard truth? Cybercriminals are still perpetuating plenty of unsophisticated attacks for a simple reason: They work.

108

108

The Hacker News

OCTOBER 10, 2023

A previously undocumented threat actor of unknown provenance has been linked to a number of attacks targeting organizations in the manufacturing, IT, and biomedical sectors in Taiwan. The Symantec Threat Hunter Team, part of Broadcom, attributed the attacks to an advanced persistent threat (APT) it tracks under the name Grayling.

Manufacturing 90

Manufacturing 90

SecureWorld News

OCTOBER 10, 2023

Some organizations do not consider IT disasters as an imminent danger. However, a disaster resulting in data loss and downtime is a common threat nowadays. Natural disasters, human error, cyberattacks, and other disruptive events can cause irreparable harm to your organization which can lead to financial loss, reputational damage, or even a complete business shut down.

Backups 80

Backups Education Social Engineering Risk 80

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.