Schneier on Security

AUGUST 31, 2023

A used government surveillance van is for sale in Chicago: So how was this van turned into a mobile spying center? Well, let’s start with how it has more LCD monitors than a Counterstrike LAN party. They can be used to monitor any of six different video inputs including a videoscope camera. A videoscope and a borescope are very similar as they’re both cameras on the ends of optical fibers, so the same tech you’d use to inspect cylinder walls is also useful for surveillance.

Surveillance 345

Surveillance Government Mobile Media 345

WIRED Threat Level

AUGUST 31, 2023

Child safety group Heat Initiative plans to launch a campaign pressing Apple on child sexual abuse material scanning and user reporting. The company issued a rare, detailed response on Thursday.

145

145

Security Affairs

AUGUST 31, 2023

The National Safety Council leaked thousands of emails and passwords of their members, including companies such as NASA and Tesla. The National Safety Council has leaked nearly 10,000 emails and passwords of their members, exposing 2000 companies, including governmental organizations and big corporations. The National Safety Council (NSC) is a non-profit organization in the United States providing workplace and driving safety training.

Backups 145

Backups Manufacturing Passwords Internet 145

The Hacker News

AUGUST 31, 2023

Three additional rogue Python packages have been discovered in the Package Index (PyPI) repository as part of an ongoing malicious software supply chain campaign called VMConnect, with signs pointing to the involvement of North Korean state-sponsored threat actors. The findings come from ReversingLabs, which detected the packages tablediter, request-plus, and requestspro.

Software 142

Software 142

Speaker: Erroll Amacker

Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.

Risk

Security Affairs

AUGUST 31, 2023

Researchers demonstrated how attackers can abuse the Windows Container Isolation Framework to bypass endpoint security solutions. Researcher Daniel Avinoam at the recent DEF CON hacking conference demonstrated how attackers can abuse the Windows Container Isolation Framework to bypass endpoint security solutions. The expert explained that Windows OS separates the file system from each container to the host and avoids duplication of system files.

Ransomware 137

Ransomware Antivirus Hacking Malware 137

The Hacker News

AUGUST 31, 2023

An open-source.NET-based information stealer malware dubbed SapphireStealer is being used by multiple entities to enhance its capabilities and spawn their own bespoke variants.

Malware 136

Malware Ransomware 136

The Hacker News

AUGUST 31, 2023

How often do cyberattacks happen? How frequently do threat actors target businesses and governments around the world? The BlackBerry® Threat Research and Intelligence Team recently analyzed 90 days of real-world data to answer these questions. Full results are in the latest BlackBerry Global Threat Intelligence Report, but read on for a teaser of several interesting cyber attack statistics.

Cyber Attacks 136

Cyber Attacks Government 136

Security Affairs

AUGUST 31, 2023

Experts warn of ongoing credential stuffing and brute-force attacks targeting Cisco ASA (Adaptive Security Appliance) SSL VPNs. Cisco is aware of attacks conducted by Akira ransomware threat actors targeting Cisco ASA VPNs that are not configured for multi-factor authentication. “Cisco is aware of reports that Akira ransomware threat actors have been targeting Cisco VPNs that are not configured for multi-factor authentication to infiltrate organizations, and we have observed instances wher

Authentication 135

Authentication Ransomware VPN Hacking 135

The Hacker News

AUGUST 31, 2023

A hacking outfit nicknamed Earth Estries has been attributed to a new, ongoing cyber espionage campaign targeting government and technology industries based in the Philippines, Taiwan, Malaysia, South Africa, Germany, and the U.S.

Government 128

Government Technology Hacking 128

Security Affairs

AUGUST 31, 2023

Multinational mass media conglomerate Paramount Global suffered a data breach after an unauthorized party accessed files from certain of its systems. Multinational mass media conglomerate Paramount Global disclosed a data breach. According to the data breach notification letter sent to the impacted individuals, an unauthorized party accessed files from certain systems of the company between May and June 2023.

Data breaches 134

Data breaches Media Hacking Government 134

Advertisement

Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.

Cyber threats

Dark Reading

AUGUST 31, 2023

A hacker published a real gem of an infostealer to GitHub that requires zero coding knowledge to use. Then a community sprung up around it, polishing the code to a high shine and creating new, even more robust features.

Malware 121

Malware 121

Security Affairs

AUGUST 31, 2023

Russia-linked threat actors have been targeting Android devices of the Ukrainian military with a new malware dubbed Infamous Chisel. GCHQ’s National Cyber Security Centre and international partners reported that Russia-linked threat actors are using a new malware to target the Ukrainian military Government experts attribute the attack to the Russian military intelligence service the GRU.

Malware 129

Malware Authentication Government Threat Detection 129

WIRED Threat Level

AUGUST 31, 2023

Plus: Mozilla patches more than a dozen vulnerabilities in Firefox, and enterprise companies Ivanti, Cisco, and SAP roll out a slew of updates to get rid of some high-severity bugs.

Hacking 120

Hacking 120

Trend Micro

AUGUST 31, 2023

Learn how the FBI found the Qakbot malware perpetrators and took them down.

Malware 120

Malware Cyber threats 120

Advertisement

The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.

Cybersecurity

Bleeping Computer

AUGUST 31, 2023

Forever 21 clothing and accessories retailer is sending data breach notifications to more than half a million individuals who had their personal information exposed to network intruders. [.

Data breaches 116

Data breaches Retail 116

Trend Micro

AUGUST 31, 2023

In this entry, we summarize the security analyses and investigations done on phishing-as-a-service 16shop through the years. We also outline the partnership between Trend Micro and Interpol in taking down the main administrators and servers of this massive phishing campaign.

Phishing 117

Phishing Cyber threats Malware 117

Heimadal Security

AUGUST 31, 2023

On Tuesday, the U.S. Department of Justice announced the disruption of an international law enforcement operation that targeted the QakBot botnet and its related malware, which has been linked to numerous cyberattacks and caused nearly $60 million in global losses for victims. Evolution of QakBot Malware Originally identified as a banking trojan, QakBot, also known […] The post Notorious QakBot Malware Dismantled: $8.6M Seized and 700K Computers Freed appeared first on Heimdal Security Blo

Malware 115

Malware Banking Cybersecurity 115

Bleeping Computer

AUGUST 31, 2023

Network monitoring company LogicMonitor confirmed today that some users of its SaaS platform have fallen victim to cyberattacks. [.

Hacking 114

Hacking Ransomware 114

Speaker: Sierre Lindgren

Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.

Scams

SecureWorld News

AUGUST 31, 2023

In the shadowy realms of the digital world, where information is both the weapon and the prize, a formidable adversary known as UNC4841 has emerged. Like a phantom in the night, this Chinese cyber espionage group has orchestrated a relentless campaign targeting governments and high-value organizations across the globe. The arsenal? A potent combination of Zero-Day exploits, cunning tactics, and a thirst for sensitive information.

Government 112

Government Malware Cybersecurity Cybercrime 112

Heimadal Security

AUGUST 31, 2023

In a recent surge of cyber threats, hackers have targeted Cisco Adaptive Security Appliance (ASA) SSL VPNs using a combination of brute-force attacks and credential stuffing. These attacks have taken advantage of security vulnerabilities, particularly the absence of robust multi-factor authentication (MFA) measures. The incidents have sparked concerns about the security of remote network access […] The post Weaknesses in Cisco ASA SSL VPNs Exploited Through Brute-Force Attacks appeared fir

Cyber threats 111

Cyber threats Authentication Cybersecurity 111

Bleeping Computer

AUGUST 31, 2023

Researchers took advantage of a weakness in the encryption scheme of Key Group ransomware and developed a decryption tool that lets some victims to recover their files for free. [.

Ransomware 108

Ransomware Encryption 108

Dark Reading

AUGUST 31, 2023

Since launching in 2019, the Security Device Research Program has discovered 130 critical vulnerabilities; applications are now open for Apple's 2024 iteration.

Hacking 107

Hacking 107

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

GlobalSign

AUGUST 31, 2023

What do statistics, AI, fires, scandal, aliens and sharks all have in common? The August edition of NewsScam, of course!

105

105

Dark Reading

AUGUST 31, 2023

Cybercrime syndicates are forcing people into working for them, and it's a difficult issue to solve, involving digital platforms, political powers, and organized crime on a global scale.

Cybercrime 106

Cybercrime 106

SecureWorld News

AUGUST 31, 2023

The University of Michigan experienced an internet outage on August 27th that affected students, faculty, and staff across all three campuses just as the fall semester was kicking off. The outage began at approximately 1:40 p.m. and lasted for several hours. The university said that the outage was caused by a "significant cybersecurity concern," but it did not provide any further details about the nature of the threat.

Internet 104

Internet Internet Identity Theft Passwords 104

Dark Reading

AUGUST 31, 2023

The Forever 21 breach alone affects a half-million people, who could be a mix of consumers and employees; Paramount is staying mum on who exactly is impacted.

Data breaches 106

Data breaches 106

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

The Last Watchdog

AUGUST 31, 2023

Hannover, Germany, Aug. 31, 2023 – Hornetsecurity has recently launched The Security Swarm podcast series to shed light on the latest cybersecurity issues. The weekly show, hosted by Hornetsecurity’s Andy Syrewicze , brings together experts from across the cybersecurity sector to discuss industry challenges, how businesses can overcome ever-changing threats, and future cybersecurity issues.

Cybersecurity 100

Cybersecurity Risk Education Backups 100

Dark Reading

AUGUST 31, 2023

The Kinsing threat group has launched more than 1,000 cyberattacks in less than two months, exploiting a security vulnerability in the internal corporate messaging app in order to upload the malware and a cryptominer.

Malware 103

Malware 103

The Last Watchdog

AUGUST 31, 2023

San Francisco, Calif., Aug. 30, 2023 — Every year over 340m workers suffer a workplace injury: slips and falls, strains and sprains, vehicle collisions and crashes. Voxel, an AI startup using computer vision to transform safety and operations in the workplace , is today announcing a $12m strategic funding round to improve workplace safety and save lives.

Artificial Intelligence 100

Artificial Intelligence Manufacturing B2B Technology 100

Dark Reading

AUGUST 31, 2023

The UK has agreed to help the Kuwaitis meet their stated goal of information-sharing and achieving globally coordinated incident response going forward.

Cybersecurity 101

Cybersecurity 101

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!