Schneier on Security

JUNE 5, 2023

Developers are starting to talk about the software-defined car. For decades, features have accumulated like cruft in new vehicles: a box here to control the antilock brakes, a module there to run the cruise control radar, and so on. Now engineers and designers are rationalizing the way they go about building new models, taking advantage of much more powerful hardware to consolidate all those discrete functions into a small number of domain controllers.

Software 228

Software Hacking Engineering Internet 228

Security Boulevard

JUNE 5, 2023

Malware Déjà Vu: Perhaps as many as 87 million victims—maybe more. The post Chrome Extensions Warning — Millions of Users Infected appeared first on Security Boulevard.

Malware 145

Malware Security Awareness Social Engineering Network Security 145

The Last Watchdog

JUNE 5, 2023

As the threat of cybercrime grows with each passing year, cybersecurity must begin utilizing artificial intelligence tools to better combat digital threats. Related: Leveraging human sensors Although AI has become a powerful weapon, there’s concern it might be too effective compared to human cybersecurity professionals — leading to layoffs and replacements.

Cybersecurity 113

Cybersecurity Artificial Intelligence Cyber threats Cyber Attacks 113

CyberSecurity Insiders

JUNE 5, 2023

In an increasingly connected world, where our lives revolve around the internet, safeguarding our privacy online has become paramount. From social media platforms to online shopping and banking, we share a wealth of personal information that can be vulnerable to misuse or exploitation. However, by adopting a few simple yet effective practices, you can significantly enhance your online privacy.

Encryption 126

Encryption Passwords VPN Phishing 126

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

CSO Magazine

JUNE 5, 2023

IT security teams lack confidence in their executives’ ability to prevent attacks on their personal hardware, systems, and network. This is according to a study sponsored by BlackCloak, a provider of digital privacy protection for high-profile executives, Ponemon Institute surveyed 553 US IT and IT security practitioners. Asked to rate from 1 to 10 how confident they were in CEOs and executives’ abilities to know how to recognize a phishing email, only 28% of respondents were confident.

CISO 125

CISO Phishing 125

CyberSecurity Insiders

JUNE 5, 2023

Hackers somehow managed to exploit a vulnerability in Moveit file transfer software and ac-cessed information from the servers of Zellis, a payroll service provider in Britain. Unfortu-nately, British Airways (BA) and Boots are two among the list of companies that were impact-ed by the security incident. MOVEit produced by Progress Software is taking all precautions to mitigate the risks associat-ed with the incident and has informed the staff of Zellis on how to neutralize the effects of the cy

Data breaches 122

Data breaches Cybersecurity Cyber Attacks Ransomware 122

CyberSecurity Insiders

JUNE 5, 2023

To those interested in known news bits on the technology of Artificial Intelligence, here some fuel for thought. According to a report published in New York Post, a woman located in the same city has married a virtual man generated to the Artificial Intelligence. The woman named Rosanna Ramos, mother of two children, married a man named Eren Kartal, a person she met through an online dating app.

Artificial Intelligence 122

Artificial Intelligence Cybersecurity Media Software 122

Bleeping Computer

JUNE 5, 2023

The Clop ransomware gang has told BleepingComputer they are behind the MOVEit Transfer data-theft attacks, where a zero-day vulnerability was exploited to breach multiple companies' servers and steal data. [.

Ransomware 132

Ransomware 132

Security Boulevard

JUNE 5, 2023

Red Sift today announced it is employing the GPT-4 generative artificial intelligence (AI) platform via a Relevance Detection capability to better determine whether a suspicious online entity should be monitored. Previously, Red Sift was applying machine learning algorithms to analyze domain name system (DNS) platforms, secure socket layer (SSL) certificates and the WHOIS database in.

Cybersecurity 117

Cybersecurity DNS Artificial Intelligence Network Security 117

Bleeping Computer

JUNE 5, 2023

KeePass has released version 2.54, fixing the CVE-2023-3278 vulnerability that allows the extraction of the cleartext master password from the application's memory. [.

Passwords 134

Passwords 134

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

Risk

CyberSecurity Insiders

JUNE 5, 2023

The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. In an era where digital technology increasingly underpins food production and distribution, the urgency of cybersecurity in agriculture has heightened. A surge of cyberattacks in recent years, disrupting operations, causing economic losses, and threatening food industry security- all underscore this escalatin

Cyber threats 114

Cyber threats Passwords Cybersecurity Digital transformation 114

Bleeping Computer

JUNE 5, 2023

​Outlook is down again for the second time today, with users facing a frustrating 503 error message when trying to access their accounts. [.

Mobile 140

Mobile Accountability Software 140

CyberSecurity Insiders

JUNE 5, 2023

Attention all business Gmail account holders, it is crucial to stay informed about the following news story. Security experts have issued a warning regarding the exploitation of the Gmail Blue Check Mark feature by scammers. These individuals are utilizing the mark to create counterfeit email addresses resembling those of well-known brands. Their goal is to deceive users into providing personal credentials and making fraudulent payments.

Cybersecurity 110

Cybersecurity Engineering Accountability Technology 110

Bleeping Computer

JUNE 5, 2023

Cybersecurity firm Kaspersky has released a tool to detect if Apple iPhones and other iOS devices are infected with a new 'Triangulation' malware. [.

Malware 133

Malware Cybersecurity Mobile 133

Speaker: William Hord, Senior VP of Risk & Professional Services

Enterprise Risk Management (ERM) is critical for industry growth in today’s fast-paced and ever-changing risk landscape. When building your ERM program foundation, you need to answer questions like: Do we have robust board and management support? Do we understand and articulate our bank’s risk appetite and how that impacts our business units? How are we measuring and rating our risk impact, likelihood, and controls to mitigate our risk?

Banking

SecureList

JUNE 5, 2023

Satacom downloader, also known as LegionLoader, is a renowned malware family that emerged in 2019. It is known to use the technique of querying DNS servers to obtain the base64-encoded URL in order to receive the next stage of another malware family currently distributed by Satacom. The Satacom malware is delivered via third-party websites. Some of these sites do not deliver Satacom themselves, but use legitimate advertising plugins that the attackers abuse to inject malicious ads into the webpa

Cryptocurrency 106

Cryptocurrency DNS Malware Encryption 106

Dark Reading

JUNE 5, 2023

Some billion-dollar organizations have already been identified as victims of the prolific ransomware group's latest exploit, amidst ongoing attacks.

Ransomware 109

Ransomware 109

Security Boulevard

JUNE 5, 2023

The explosion in the use of OpenAI's ChatGPT and other large language models (LLMs) — along with a range of other artificial intelligence (AI) and machine learning (ML) systems — is ramping up the security cat-and-mouse game. The post 5 AI threats keeping SOC teams up at night appeared first on Security Boulevard.

Artificial Intelligence 104

Artificial Intelligence Risk Government 104

Graham Cluley

JUNE 5, 2023

Staff at the BBC have been warned that their personal data may now be in the hands of cybercriminals, following the exploitation of a vulnerability in a software tool used by the company that manages their payroll.

Data breaches 101

Data breaches Software Ransomware Malware 101

Speaker: Ronald Eddings, Cybersecurity Expert and Podcaster

So, you’ve accomplished an organization-wide SaaS adoption. It started slow, and now just a few team members might be responsible for running Salesforce, Slack, and a few others applications that boost productivity, but it’s all finished. Or is it? Through all the benefits offered by SaaS applications, it’s still a necessity to onboard providers as quickly as possible.

Risk

Security Boulevard

JUNE 5, 2023

Attackers covet your data and never stop coming for it. In 2021, ransomware cases grew by 92.7%. Are you protecting your data with the same passion and with adequate cybersecurity solutions? • In 2022, the Austrian Health insurer Medibank lost the data of four million customers at an estimated cost of $25-35 million to the. The post When it Comes to Cybersecurity, Prepare, Protect, Deploy appeared first on Security Boulevard.

Cybersecurity 104

Cybersecurity Ransomware Insurance Security Awareness 104

Dark Reading

JUNE 5, 2023

A firmware update for hundreds of Gigabyte PC models gets rid of a backdoor capability that could be hijacked by cybercriminals, the company says.

Firmware 111

Firmware 111

Security Boulevard

JUNE 5, 2023

An analysis of cybersecurity breaches in 2022 conducted by FireTail, a provider of a platform for securing application programming interfaces (APIs), found only 12 publicly recorded breaches involving APIs, with six more being disclosed thus far in 2023. However, the average mean size of API data breach exposure is over 10 million records per incident.

Data breaches 103

Data breaches Cybersecurity Malware 103

Dark Reading

JUNE 5, 2023

To stem supply chain attacks, forging a new dynamic of shared cybersecurity hygiene accountability is the right thing to do.

Cybersecurity 113

Cybersecurity Accountability 113

Speaker: Dr. Karen Hardy, CEO and Chief Risk Officer of Strategic Leadership Advisors LLC

Communication is a core component of a resilient organization's risk management framework. However, risk communication involves more than just reporting information and populating dashboards, and we may be limiting our skillset. Storytelling is the ability to express ideas and convey messages to others, including stakeholders. When done effectively, it can help interpret complex risk environments for leaders and inform their decision-making.

Risk

Security Boulevard

JUNE 5, 2023

Ransomware remains a top threat in 2023 and the Verizon Data Breach Investigations Report (DBIR) 2022 states that over 25% of breaches were caused by ransomware. The post Overview of Ransomware Solutions from Protection to Detection and Response appeared first on Seceon. The post Overview of Ransomware Solutions from Protection to Detection and Response appeared first on Security Boulevard.

Ransomware 98

Ransomware Data breaches Cybersecurity 98

Dark Reading

JUNE 5, 2023

Social media data can provide critical clues to help get ahead of the next cyberattack, experts say.

Cybersecurity 126

Cybersecurity Media 126

Malwarebytes

JUNE 5, 2023

In May, a lawyer who was defending their client in a lawsuit against Columbia's biggest airline, Avianca, submitted a legal filing before a court in Manhattan, New York, that listed several previous cases as support for their main argument to continue the lawsuit. But when the court reviewed the lawyer's citations, it found something curious: Several were entirely fabricated.

Artificial Intelligence 96

Artificial Intelligence Technology 96

Dark Reading

JUNE 5, 2023

With the leak of information such as Social Security numbers, in addition to other protected information, 600,000 of the nearly 2.5 million affected are at risk for identity theft.

Identity Theft 85

Identity Theft Ransomware Risk 85

Speaker: Karl Camilleri, Cloud Services Product Manager at phoenixNAP

Did you know that 2021 was a record-breaking year for ransomware? The days of a “once in a while” attack against businesses and organizations are over. Cyberthreats have become a serious issue. With 495.1 million attacks, the threat marked a 148% increase compared to 2020 and was the most expensive year on record! As a result, data protection needs to be a concern for most banks, businesses, and information technology specialists.

Ransomware

CSO Magazine

JUNE 5, 2023

A cyberattack on crypto wallet Atomic Wallet has resulted in at least $35 million worth of crypto assets being stolen since June 2, according to ZachXBT, an independent on-chain investigator known for tracing stolen crypto funds and assisting with hacked projects. The five most significant losses account for $17 million. “Think it could surpass $50m.

Hacking 96

Hacking Accountability 96

Security Boulevard

JUNE 5, 2023

Hidden code in hundreds of models of Gigabyte motherboards invisibly and insecurely downloads programs—a feature ripe for abuse, researchers say. Read More > The post WIRED: Millions of PC Motherboards Were Sold With a Firmware Backdoor appeared first on Eclypsium | Supply Chain Security for the Modern Enterprise. The post WIRED: Millions of PC Motherboards Were Sold With a Firmware Backdoor appeared first on Security Boulevard.

Firmware 96

Firmware 96

CSO Magazine

JUNE 5, 2023

More information is coming to light after news last week that a critical vulnerability in a secure file transfer Web application called MOVEit Transfer was being exploited by hackers. Microsoft tied some of the attacks to a threat actor associated with the Clop ransomware gang. "Microsoft is attributing attacks exploiting the CVE-2023-34362 MOVEit Transfer zero-day vulnerability to Lace Tempest, known for ransomware operations and running the Clop extortion site," Microsoft's Threat Intelligence

Ransomware 95

Ransomware 95

Security Boulevard

JUNE 5, 2023

There’s a major discrepancy between the number of organizations that are investing in cybersecurity certification programs and the number that feel prepared for an attack, according to an Immersive Labs report. While almost all organizations encourage industry certifications, fewer than a third (32%) of the 570 senior security and risk leaders surveyed said they were.

Cybersecurity 96

Cybersecurity Risk Security Awareness CISO 96

Speaker: Ryan McInerny, CAMS, FRM, MSBA - Principal, Product Strategy

Cryptocurrency and non-fungible tokens (NFTs) - what are they and why should you care? With 20% of Americans owning cryptocurrencies, speaking "fluent crypto" in the financial sector ensures you are prepared to discuss growth and risk management strategies when the topic arises. Join this exclusive webinar with Ryan McInerny to learn: Cryptocurrency asset market trends How to manage risk and compliance to serve customers safely Best practices for identifying crypto transactions and companies Rev

Cryptocurrency