Schneier on Security

JUNE 5, 2023

Developers are starting to talk about the software-defined car. For decades, features have accumulated like cruft in new vehicles: a box here to control the antilock brakes, a module there to run the cruise control radar, and so on. Now engineers and designers are rationalizing the way they go about building new models, taking advantage of much more powerful hardware to consolidate all those discrete functions into a small number of domain controllers.

Software 239

Software Engineering Internet Internet 239

Security Boulevard

JUNE 5, 2023

Malware Déjà Vu: Perhaps as many as 87 million victims—maybe more. The post Chrome Extensions Warning — Millions of Users Infected appeared first on Security Boulevard.

Malware 145

Malware Social Engineering Security Awareness Engineering 145

Bleeping Computer

JUNE 5, 2023

The Clop ransomware gang has told BleepingComputer they are behind the MOVEit Transfer data-theft attacks, where a zero-day vulnerability was exploited to breach multiple companies' servers and steal data. [.

Ransomware 140

Ransomware 140

The Last Watchdog

JUNE 5, 2023

As the threat of cybercrime grows with each passing year, cybersecurity must begin utilizing artificial intelligence tools to better combat digital threats. Related: Leveraging human sensors Although AI has become a powerful weapon, there’s concern it might be too effective compared to human cybersecurity professionals — leading to layoffs and replacements.

Cybersecurity 114

Cybersecurity Artificial Intelligence Cyber threats Cybercrime 114

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Bleeping Computer

JUNE 5, 2023

KeePass has released version 2.54, fixing the CVE-2023-3278 vulnerability that allows the extraction of the cleartext master password from the application's memory. [.

Passwords 141

Passwords 141

CyberSecurity Insiders

JUNE 5, 2023

In an increasingly connected world, where our lives revolve around the internet, safeguarding our privacy online has become paramount. From social media platforms to online shopping and banking, we share a wealth of personal information that can be vulnerable to misuse or exploitation. However, by adopting a few simple yet effective practices, you can significantly enhance your online privacy.

Passwords 126

Passwords Encryption Media Banking 126

CSO Magazine

JUNE 5, 2023

IT security teams lack confidence in their executives’ ability to prevent attacks on their personal hardware, systems, and network. This is according to a study sponsored by BlackCloak, a provider of digital privacy protection for high-profile executives, Ponemon Institute surveyed 553 US IT and IT security practitioners. Asked to rate from 1 to 10 how confident they were in CEOs and executives’ abilities to know how to recognize a phishing email, only 28% of respondents were confident.

CISO 125

CISO Phishing 125

Bleeping Computer

JUNE 5, 2023

​Outlook is down again for the second time today, with users facing a frustrating 503 error message when trying to access their accounts. [.

Mobile 144

Mobile Accountability Software 144

CSO Magazine

JUNE 5, 2023

The security of critical infrastructure has been high on the agenda in 2023, with cyberattacks and other risks posing a persistent threat to the technologies and systems relied upon for essential services such as energy, food, electricity, and healthcare. Research from cybersecurity services firm Bridewell assessed the current state of critical national infrastructure (CNI) threats in the UK and the US , warning that global economic downturns, geopolitical tensions, nation-state actors, and rans

Cybersecurity 124

Cybersecurity Healthcare Technology Ransomware 124

CyberSecurity Insiders

JUNE 5, 2023

Hackers somehow managed to exploit a vulnerability in Moveit file transfer software and ac-cessed information from the servers of Zellis, a payroll service provider in Britain. Unfortu-nately, British Airways (BA) and Boots are two among the list of companies that were impact-ed by the security incident. MOVEit produced by Progress Software is taking all precautions to mitigate the risks associat-ed with the incident and has informed the staff of Zellis on how to neutralize the effects of the cy

Data breaches 122

Data breaches Cybersecurity Insurance Ransomware 122

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Security Boulevard

JUNE 5, 2023

Red Sift today announced it is employing the GPT-4 generative artificial intelligence (AI) platform via a Relevance Detection capability to better determine whether a suspicious online entity should be monitored. Previously, Red Sift was applying machine learning algorithms to analyze domain name system (DNS) platforms, secure socket layer (SSL) certificates and the WHOIS database in.

Artificial Intelligence 117

Artificial Intelligence Cybersecurity DNS Malware 117

CyberSecurity Insiders

JUNE 5, 2023

To those interested in known news bits on the technology of Artificial Intelligence, here some fuel for thought. According to a report published in New York Post, a woman located in the same city has married a virtual man generated to the Artificial Intelligence. The woman named Rosanna Ramos, mother of two children, married a man named Eren Kartal, a person she met through an online dating app.

Artificial Intelligence 122

Artificial Intelligence Media Accountability Technology 122

Security Boulevard

JUNE 5, 2023

The explosion in the use of OpenAI's ChatGPT and other large language models (LLMs) — along with a range of other artificial intelligence (AI) and machine learning (ML) systems — is ramping up the security cat-and-mouse game. The post 5 AI threats keeping SOC teams up at night appeared first on Security Boulevard.

Artificial Intelligence 104

Artificial Intelligence Risk Government 104

CyberSecurity Insiders

JUNE 5, 2023

Attention all business Gmail account holders, it is crucial to stay informed about the following news story. Security experts have issued a warning regarding the exploitation of the Gmail Blue Check Mark feature by scammers. These individuals are utilizing the mark to create counterfeit email addresses resembling those of well-known brands. Their goal is to deceive users into providing personal credentials and making fraudulent payments.

Marketing 110

Marketing Engineering Accountability Technology 110

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Security Boulevard

JUNE 5, 2023

Attackers covet your data and never stop coming for it. In 2021, ransomware cases grew by 92.7%. Are you protecting your data with the same passion and with adequate cybersecurity solutions? • In 2022, the Austrian Health insurer Medibank lost the data of four million customers at an estimated cost of $25-35 million to the. The post When it Comes to Cybersecurity, Prepare, Protect, Deploy appeared first on Security Boulevard.

Cybersecurity 104

Cybersecurity Insurance Ransomware Data breaches 104

Graham Cluley

JUNE 5, 2023

Staff at the BBC have been warned that their personal data may now be in the hands of cybercriminals, following the exploitation of a vulnerability in a software tool used by the company that manages their payroll.

Data breaches 102

Data breaches Software Ransomware Malware 102

Security Boulevard

JUNE 5, 2023

An analysis of cybersecurity breaches in 2022 conducted by FireTail, a provider of a platform for securing application programming interfaces (APIs), found only 12 publicly recorded breaches involving APIs, with six more being disclosed thus far in 2023. However, the average mean size of API data breach exposure is over 10 million records per incident.

Data breaches 103

Data breaches Cybersecurity Malware 103

Bleeping Computer

JUNE 5, 2023

GIGABYTE has released firmware updates to fix security vulnerabilities in over 270 motherboards that could be exploited to install malware. [.

Firmware 114

Firmware Malware 114

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Security Boulevard

JUNE 5, 2023

Ransomware remains a top threat in 2023 and the Verizon Data Breach Investigations Report (DBIR) 2022 states that over 25% of breaches were caused by ransomware. The post Overview of Ransomware Solutions from Protection to Detection and Response appeared first on Seceon. The post Overview of Ransomware Solutions from Protection to Detection and Response appeared first on Security Boulevard.

Ransomware 98

Ransomware Data breaches Cybersecurity 98

Bleeping Computer

JUNE 5, 2023

The SpinOk malware was found in a new batch of Android apps on Google Play, reportedly installed an additional 30 million times. [.

Malware 120

Malware Mobile 120

Security Affairs

JUNE 5, 2023

KeePass addressed the CVE-2023-32784 bug that allows the extraction of the cleartext master password from the memory of the client. KeePass has addressed the CVE-2023-32784 vulnerability, which allowed the retrieval of the clear-text master password from the client’s memory. KeePass is a free and open-source software used to securely manage passwords.

Passwords 97

Passwords Password Management Encryption Hacking 97

CSO Magazine

JUNE 5, 2023

A cyberattack on crypto wallet Atomic Wallet has resulted in at least $35 million worth of crypto assets being stolen since June 2, according to ZachXBT, an independent on-chain investigator known for tracing stolen crypto funds and assisting with hacked projects. The five most significant losses account for $17 million. “Think it could surpass $50m.

Hacking 96

Hacking Accountability 96

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

Security Affairs

JUNE 5, 2023

Microsoft attributes the recent campaign exploiting a zero-day in the MOVEit Transfer platform to the Clop ransomware gang. The Clop ransomware gang (aka Lace Tempest ) is credited by Microsoft for the recent campaign that exploits a zero-day vulnerability, tracked as CVE-2023-34362 , in the MOVEit Transfer platform. Microsoft is attributing attacks exploiting the CVE-2023-34362 MOVEit Transfer 0-day vulnerability to Lace Tempest, known for ransomware operations & running the Clop extortion

Ransomware 96

Ransomware Authentication Engineering Internet 96

Security Boulevard

JUNE 5, 2023

Hidden code in hundreds of models of Gigabyte motherboards invisibly and insecurely downloads programs—a feature ripe for abuse, researchers say. Read More > The post WIRED: Millions of PC Motherboards Were Sold With a Firmware Backdoor appeared first on Eclypsium | Supply Chain Security for the Modern Enterprise. The post WIRED: Millions of PC Motherboards Were Sold With a Firmware Backdoor appeared first on Security Boulevard.

Firmware 96

Firmware 96

Malwarebytes

JUNE 5, 2023

In May, a lawyer who was defending their client in a lawsuit against Columbia's biggest airline, Avianca, submitted a legal filing before a court in Manhattan, New York, that listed several previous cases as support for their main argument to continue the lawsuit. But when the court reviewed the lawyer's citations, it found something curious: Several were entirely fabricated.

Artificial Intelligence 97

Artificial Intelligence Technology 97

Security Boulevard

JUNE 5, 2023

There’s a major discrepancy between the number of organizations that are investing in cybersecurity certification programs and the number that feel prepared for an attack, according to an Immersive Labs report. While almost all organizations encourage industry certifications, fewer than a third (32%) of the 570 senior security and risk leaders surveyed said they were.

Cybersecurity 96

Cybersecurity Risk CISO Security Awareness 96

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Security Affairs

JUNE 5, 2023

Last week two eastern Idaho hospitals and their clinics were hit by a cyberattack that temporarily impacted their operations. Last week the Idaho Falls Community Hospital was hit by a cyber attack that impacted its operations. Officials at the hospital confirmed that some clinics closed due to the cyber attack and some ambulances have been diverted to nearby hospitals.

Cyber Attacks 96

Cyber Attacks Hacking Ransomware Malware 96

CSO Magazine

JUNE 5, 2023

More information is coming to light after news last week that a critical vulnerability in a secure file transfer Web application called MOVEit Transfer was being exploited by hackers. Microsoft tied some of the attacks to a threat actor associated with the Clop ransomware gang. "Microsoft is attributing attacks exploiting the CVE-2023-34362 MOVEit Transfer zero-day vulnerability to Lace Tempest, known for ransomware operations and running the Clop extortion site," Microsoft's Threat Intelligence

Ransomware 95

Ransomware 95

The Hacker News

JUNE 5, 2023

Microsoft has officially linked the ongoing active exploitation of a critical flaw in the Progress Software MOVEit Transfer application to a threat actor it tracks as Lace Tempest. "Exploitation is often followed by deployment of a web shell with data exfiltration capabilities," the Microsoft Threat Intelligence team said in a series of tweets today.

Software 95

Software 95

Malwarebytes

JUNE 5, 2023

So, you’re on top of your software updates, you use a password manager, you’ve enabled two-factor authentication wherever you can, you’ve got BrowserGuard installed, and you’re running Malwarebytes Premium. If you're doing all of that you're already winning at security. But you want more, because you know that security is a journey and not a destination, and, let’s face it, you’re reading an article about five unusual cybersecurity tips: You’re hooked.

Cybersecurity 96

Cybersecurity Passwords Password Management Accountability 96

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.