Fri.Jul 15, 2022

article thumbnail

San Francisco Police Want Real-Time Access to Private Surveillance Cameras

Schneier on Security

Surely no one could have predicted this : The new proposal—championed by Mayor London Breed after November’s wild weekend of orchestrated burglaries and theft in the San Francisco Bay Area—would authorize the police department to use non-city-owned security cameras and camera networks to live monitor “significant events with public safety concerns” and ongoing felony or misdemeanor violations.

article thumbnail

Weekly Update 304

Troy Hunt

It's very much a last-minute agenda this week as I catch up on the inevitable post-travel backlog and pretty much just pick stuff from my tweet timeline over the week 😊 But hey, there's some good stuff in there and I still managed to knock out almost an hour worth of content! References La Poste Mobile got themselves ransom'd and their data dumped (and they're still offline) Mangatoon are very clearly covering up their breach (which is now hard to do given it's i

Mobile 216
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Brave uses Goggle to show only cybersecurity websites

Tech Republic Security

The independent search engine introduced its new feature that filters results. The post Brave uses Goggle to show only cybersecurity websites appeared first on TechRepublic.

article thumbnail

Fake cricket, real betting – story of a not so deep fake

Javvad Malik

We see many discussions these days around deep fakes and how AI will be able to create content that the human eye cannot spot as being fake, leading us to be easily manipulated. However, the reality is that people can be fooled far more easily. The BBC reports that a fake IPL Cricket match was put on by a few villagers who cleared out a ground, nailed down a bit of cloth to resemble a “pitch” and live streamed it on YouTube.

Scams 140
article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

Password recovery tool infects industrial systems with Sality malware

Bleeping Computer

A threat actor is infecting industrial control systems (ICS) to create a botnet through password "cracking" software for programmable logic controllers (PLCs). [.].

Passwords 145
article thumbnail

Hackers targeting journalists across the World

CyberSecurity Insiders

All these days we have seen hackers targeting companies, individuals, politicians and celebrity stalwarts. But now, security research conducted by Proofpoint says that APT groups are now after journalists across the world and are interested in gaining access to classical information, n sources, manipulate their news drafts and postings and use their credentials to get into the networks of media outlets.

Media 130

More Trending

article thumbnail

Sandworm APT Trolls Researchers on Its Trail as It Targets Ukraine

Dark Reading

Researchers who helped thwart the Russian nation-state group's recent attack on Ukraine's power supply will disclose at Black Hat USA what they found while reverse-engineering the powerful Industroyer2 malware used by the powerful hacking team.

article thumbnail

RedAlert, LILITH, and 0mega, 3 new ransomware in the wild 

Security Affairs

Cyble researchers warn of three new ransomware operations named Lilith, RedAlert and 0mega targeting organizations worldwide. Researchers from threat intelligence firm Cyble warn of new ransomware gangs that surfaced recently, named Lilith, RedAlert, and 0mega. RedAlert (aka N13V) targets both Windows and Linux VMWare ESXi servers of target organizations.

article thumbnail

Attackers scan 1.6 million WordPress sites for vulnerable plugin

Bleeping Computer

Security researchers have detected a massive campaign that scanned close to 1.6 million WordPress sites for the presence of a vulnerable plugin that allows uploading files without authentication. [.].

article thumbnail

Email Attack via a Recycled Domain

Security Boulevard

A software engineering friend fell victim to an almost-successful attack on his Facebook account. The attacker seemed to have a database of email addresses and user physical locations (i.e. cities, states, small countries). If the email’s domain name wasn’t registered, the attacker constructed a domain registration and directed its email to a mailbox he controls. […].

article thumbnail

Beware of Pixels & Trackers on U.S. Healthcare Websites

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

article thumbnail

Netwrix Auditor Bug Could Lead to Active Directory Domain Compromise

Dark Reading

IT asset tracker and auditor software has a critical issue with insecure object deserialization that could allow threat actors to execute code, researchers say.

Software 124
article thumbnail

Tainted password-cracking software for industrial systems used to spread P2P Sality bot

Security Affairs

Dragos researchers uncovered a small-scale campaign targeting industrial engineers and operators with Sality malware. During a routine vulnerability assessment, Dragos researchers discovered a campaign targeting industrial engineers and operators with Sality malware. Threat actors behind the campaign used multiple accounts across several social media platforms to advertise password-cracking software for Programmable Logic Controller (PLC), Human-Machine Interface (HMI), and project files.

Passwords 112
article thumbnail

Tor Browser now bypasses internet censorship automatically

Bleeping Computer

The Tor Project team has announced the release of Tor Browser 11.5, a major release that brings new features to help users fight censorship easier. [.].

Internet 125
article thumbnail

How Hackers Create Fake Personas for Social Engineering

Dark Reading

And some ways to up your game for identifying fabricated online profiles of people who don't exist.

article thumbnail

Software Composition Analysis: The New Armor for Your Cybersecurity

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

article thumbnail

New PayPal Phishing Kit Hijacks WordPress Sites

Heimadal Security

Researchers have uncovered a new phishing kit that, under the guise of security controls, injects malware into legitimate WordPress sites and uses a fake PayPal-branded social engineering scam to trick targets into handing over their most sensitive data. This data includes government documents, photos, and even financial information. Researchers from Akamai said that the attackers […].

Phishing 104
article thumbnail

Offensive nation-state cyber threats: Who takes the top spot?

Digital Shadows

It has almost been six months since Russia invaded Ukraine, and understandably, the world and its media have focused on. The post Offensive nation-state cyber threats: Who takes the top spot? first appeared on Digital Shadows.

article thumbnail

TikTok resets the clock on security leadership

CSO Magazine

The best time to do succession planning was last year. But the next best time is right now. The news this morning that Roland Cloutier is stepping away from the TikTok Global CSO role may or may not be surprising. After all, Roland joined TikTok a couple of years ago, around the same time that TikTok was dragged into some US political maneuverings.

CSO 105
article thumbnail

Google Removes "App Permissions" List from Play Store for New "Data Safety" Section

The Hacker News

Following the launch of a new "Data safety" section for the Android app on the Play Store, Google appears to be readying to remove the app permissions list from both the mobile app and the web. The change was highlighted by Esper's Mishaal Rahman earlier this week.

Mobile 105
article thumbnail

From Complexity to Clarity: Strategies for Effective Compliance and Security Measures

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

article thumbnail

Friday Five 7/15

Digital Guardian

This week saw the conviction of a former CIA engineer, a brief takedown of Congress.gov, and news of a promising decline in ransomware. Read about all of this and more in this week's Friday Five!

article thumbnail

Hackers Targeting VoIP Servers By Exploiting Digium Phone Software

The Hacker News

VoIP phones using Digium's software have been targeted to drop a web shell on their servers as part of an attack campaign designed to exfiltrate data by downloading and executing additional payloads.

Software 105
article thumbnail

Microsoft investigates July updates breaking Access applications

Bleeping Computer

Microsoft is investigating user reports that MS Access runtime applications stop opening after installing this month's Patch Tuesday Office/Access security updates. [.].

99
article thumbnail

New Cache Side Channel Attack Can De-Anonymize Targeted Online Users

The Hacker News

A group of academics from the New Jersey Institute of Technology (NJIT) has warned of a novel technique that could be used to defeat anonymity protections and identify a unique website visitor. "An attacker who has complete or partial control over a website can learn whether a specific target (i.e., a unique individual) is browsing the website," the researchers said.

article thumbnail

Successful Change Management with Enterprise Risk Management

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

article thumbnail

7 cybersecurity tips for your summer vacation!

Naked Security

Here you go - seven thoughtful cybersecurity tips to help you travel safely.

article thumbnail

North Korean Hackers Targeting Small and Midsize Businesses with H0lyGh0st Ransomware

The Hacker News

An emerging threat cluster originating from North Korea has been linked to developing and using ransomware in cyberattacks targeting small businesses since September 2021.

article thumbnail

How Attackers Could Dupe Developers into Downloading Malicious Code From GitHub

Dark Reading

Developers need to be cautious about whom they trust on GitHub because it's easy to establish fake credibility on the platform, security vendor warns.

102
102
article thumbnail

Tips For Keeping Your Server Room Safe And Secure

SecureBlitz

Here are tips for keeping your server room safe and secure. The safety of your server room is important for. Read more. The post Tips For Keeping Your Server Room Safe And Secure appeared first on SecureBlitz Cybersecurity.

article thumbnail

ERM Program Fundamentals for Success in the Banking Industry

Speaker: William Hord, Senior VP of Risk & Professional Services

Enterprise Risk Management (ERM) is critical for industry growth in today’s fast-paced and ever-changing risk landscape. When building your ERM program foundation, you need to answer questions like: Do we have robust board and management support? Do we understand and articulate our bank’s risk appetite and how that impacts our business units? How are we measuring and rating our risk impact, likelihood, and controls to mitigate our risk?

article thumbnail

New Netwrix Auditor Bug Could Let Attackers Compromise Active Directory Domain

The Hacker News

Researchers have disclosed details about a security vulnerability in the Netwrix Auditor application that, if successfully exploited, could lead to arbitrary code execution on affected devices.

97
article thumbnail

What Are the Risks of Employees Going on a 'Hybrid Holiday'?

Dark Reading

As more employees plan on taking longer holidays and working remotely from the destination for part of that time, organizations have to consider the risks. Like Wi-Fi networks.

Risk 84
article thumbnail

5 Key Things We Learned from CISOs of Smaller Enterprises Survey

The Hacker News

New survey reveals lack of staff, skills, and resources driving smaller teams to outsource security. As business begins its return to normalcy (however “normal” may look), CISOs at small and medium-size enterprises (500 – 10,000 employees) were asked to share their cybersecurity challenges and priorities, and their responses were compared the results with those of a similar survey from 2021.

CISO 96
article thumbnail

Ex-CIA Programmer Found Guilty of Stealing Vault 7 Data, Giving It to Wikileaks

Dark Reading

Joshua Schulte has been convicted for his role in the Vault 7 Wikileaks data dump that exposed invasive US cyber intelligence tactics.

99
article thumbnail

Cover Your SaaS: How to Overcome Security Challenges and Risks For Your Organization

Speaker: Ronald Eddings, Cybersecurity Expert and Podcaster

So, you’ve accomplished an organization-wide SaaS adoption. It started slow, and now just a few team members might be responsible for running Salesforce, Slack, and a few others applications that boost productivity, but it’s all finished. Or is it? Through all the benefits offered by SaaS applications, it’s still a necessity to onboard providers as quickly as possible.