Schneier on Security

AUGUST 31, 2023

A used government surveillance van is for sale in Chicago: So how was this van turned into a mobile spying center? Well, let’s start with how it has more LCD monitors than a Counterstrike LAN party. They can be used to monitor any of six different video inputs including a videoscope camera. A videoscope and a borescope are very similar as they’re both cameras on the ends of optical fibers, so the same tech you’d use to inspect cylinder walls is also useful for surveillance.

Surveillance 287

Surveillance Government Mobile Media 287

Security Affairs

AUGUST 31, 2023

The National Safety Council leaked thousands of emails and passwords of their members, including companies such as NASA and Tesla. The National Safety Council has leaked nearly 10,000 emails and passwords of their members, exposing 2000 companies, including governmental organizations and big corporations. The National Safety Council (NSC) is a non-profit organization in the United States providing workplace and driving safety training.

Backups 141

Backups Manufacturing Passwords Internet 141

WIRED Threat Level

AUGUST 31, 2023

Child safety group Heat Initiative plans to launch a campaign pressing Apple on child sexual abuse material scanning and user reporting. The company issued a rare, detailed response on Thursday.

139

139

Bleeping Computer

AUGUST 31, 2023

Forever 21 clothing and accessories retailer is sending data breach notifications to more than half a million individuals who had their personal information exposed to network intruders. [.

Data breaches 127

Data breaches Retail 127

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Security Affairs

AUGUST 31, 2023

Fashion retailer Forever 21 disclosed a data breach that exposed the personal information of more than 500,000 individuals. On March 20, 2023, the fashion retailer Forever 21 has discovered a cyber incident that impacted a limited number of systems. The company immediately launched an investigation into the incident with the help of leading cybersecurity firms.

Retail 126

Retail Data breaches Identity Theft Banking 126

The Last Watchdog

AUGUST 31, 2023

Hannover, Germany, Aug. 31, 2023 – Hornetsecurity has recently launched The Security Swarm podcast series to shed light on the latest cybersecurity issues. The weekly show, hosted by Hornetsecurity’s Andy Syrewicze , brings together experts from across the cybersecurity sector to discuss industry challenges, how businesses can overcome ever-changing threats, and future cybersecurity issues.

Cybersecurity 100

Cybersecurity Risk Education Backups 100

The Last Watchdog

AUGUST 31, 2023

San Francisco, Calif., Aug. 30, 2023 — Every year over 340m workers suffer a workplace injury: slips and falls, strains and sprains, vehicle collisions and crashes. Voxel, an AI startup using computer vision to transform safety and operations in the workplace , is today announcing a $12m strategic funding round to improve workplace safety and save lives.

Artificial Intelligence 100

Artificial Intelligence Manufacturing B2B Technology 100

Bleeping Computer

AUGUST 31, 2023

Researchers took advantage of a weakness in the encryption scheme of Key Group ransomware and developed a decryption tool that lets some victims to recover their files for free. [.

Ransomware 119

Ransomware Encryption 119

Dark Reading

AUGUST 31, 2023

A hacker published a real gem of an infostealer to GitHub that requires zero coding knowledge to use. Then a community sprung up around it, polishing the code to a high shine and creating new, even more robust features.

Malware 121

Malware 121

Security Affairs

AUGUST 31, 2023

Multinational mass media conglomerate Paramount Global suffered a data breach after an unauthorized party accessed files from certain of its systems. Multinational mass media conglomerate Paramount Global disclosed a data breach. According to the data breach notification letter sent to the impacted individuals, an unauthorized party accessed files from certain systems of the company between May and June 2023.

Data breaches 120

Data breaches Media Government Hacking 120

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

The Hacker News

AUGUST 31, 2023

Three additional rogue Python packages have been discovered in the Package Index (PyPI) repository as part of an ongoing malicious software supply chain campaign called VMConnect, with signs pointing to the involvement of North Korean state-sponsored threat actors. The findings come from ReversingLabs, which detected the packages tablediter, request-plus, and requestspro.

Software 117

Software 117

Security Affairs

AUGUST 31, 2023

Experts warn of ongoing credential stuffing and brute-force attacks targeting Cisco ASA (Adaptive Security Appliance) SSL VPNs. Cisco is aware of attacks conducted by Akira ransomware threat actors targeting Cisco ASA VPNs that are not configured for multi-factor authentication. “Cisco is aware of reports that Akira ransomware threat actors have been targeting Cisco VPNs that are not configured for multi-factor authentication to infiltrate organizations, and we have observed instances wher

Authentication 119

Authentication Ransomware VPN Hacking 119

Bleeping Computer

AUGUST 31, 2023

Network monitoring company LogicMonitor confirmed today that some users of its SaaS platform have fallen victim to cyberattacks. [.

Hacking 127

Hacking Ransomware 127

Security Affairs

AUGUST 31, 2023

Russia-linked threat actors have been targeting Android devices of the Ukrainian military with a new malware dubbed Infamous Chisel. GCHQ’s National Cyber Security Centre and international partners reported that Russia-linked threat actors are using a new malware to target the Ukrainian military Government experts attribute the attack to the Russian military intelligence service the GRU.

Malware 115

Malware Authentication Threat Detection Government 115

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Dark Reading

AUGUST 31, 2023

Cybercrime syndicates are forcing people into working for them, and it's a difficult issue to solve, involving digital platforms, political powers, and organized crime on a global scale.

Cybercrime 106

Cybercrime 106

The Hacker News

AUGUST 31, 2023

How often do cyberattacks happen? How frequently do threat actors target businesses and governments around the world? The BlackBerry® Threat Research and Intelligence Team recently analyzed 90 days of real-world data to answer these questions. Full results are in the latest BlackBerry Global Threat Intelligence Report, but read on for a teaser of several interesting cyber attack statistics.

Cyber Attacks 105

Cyber Attacks Government 105

Bleeping Computer

AUGUST 31, 2023

Hackers working for the Main Directorate of the General Staff of the Armed Forces of the Russian Federation, more commonly known as the GRU, have been targeting Android devices in Ukraine with a new malicious framework named 'Infamous Chisel. [.

Malware 105

Malware Mobile 105

The Hacker News

AUGUST 31, 2023

An open-source.NET-based information stealer malware dubbed SapphireStealer is being used by multiple entities to enhance its capabilities and spawn their own bespoke variants.

Malware 104

Malware Ransomware 104

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Bleeping Computer

AUGUST 31, 2023

AI-powered coding platform Sourcegraph revealed that its website was breached this week using a site-admin access token accidentally leaked online on July 14th. [.

109

109

Dark Reading

AUGUST 31, 2023

The Kinsing threat group has launched more than 1,000 cyberattacks in less than two months, exploiting a security vulnerability in the internal corporate messaging app in order to upload the malware and a cryptominer.

Malware 103

Malware 103

Bleeping Computer

AUGUST 31, 2023

The "Classiscam" scam-as-a-service operation has broadened its reach worldwide, targeting many more brands, countries, and industries, causing more significant financial damage than before. [.

Banking 100

Banking Scams 100

Dark Reading

AUGUST 31, 2023

Since launching in 2019, the Security Device Research Program has discovered 130 critical vulnerabilities; applications are now open for Apple's 2024 iteration.

Hacking 107

Hacking 107

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

Identity IQ

AUGUST 31, 2023

How to Identify and Avoid Holiday Phishing Scams IdentityIQ The holiday season brings joy, celebrations, and… a surge in online scams. While you’re shopping for gifts or booking flights, hackers are plotting to trick you into revealing your personal details and financial information. Holiday phishing scams are an ongoing issue that ramps up when folks are feeling the most festive.

Scams 98

Scams Phishing Identity Theft Banking 98

Dark Reading

AUGUST 31, 2023

The Forever 21 breach alone affects a half-million people, who could be a mix of consumers and employees; Paramount is staying mum on who exactly is impacted.

Data breaches 106

Data breaches 106

Trend Micro

AUGUST 31, 2023

In this entry, we summarize the security analyses and investigations done on phishing-as-a-service 16shop through the years. We also outline the partnership between Trend Micro and Interpol in taking down the main administrators and servers of this massive phishing campaign.

Phishing 96

Phishing Cyber threats Malware 96

WIRED Threat Level

AUGUST 31, 2023

Plus: Mozilla patches more than a dozen vulnerabilities in Firefox, and enterprise companies Ivanti, Cisco, and SAP roll out a slew of updates to get rid of some high-severity bugs.

Hacking 95

Hacking 95

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Dark Reading

AUGUST 31, 2023

The UK has agreed to help the Kuwaitis meet their stated goal of information-sharing and achieving globally coordinated incident response going forward.

Cybersecurity 101

Cybersecurity 101

The Hacker News

AUGUST 31, 2023

A hacking outfit nicknamed Earth Estries has been attributed to a new, ongoing cyber espionage campaign targeting government and technology industries based in the Philippines, Taiwan, Malaysia, South Africa, Germany, and the U.S.

Government 93

Government Technology Hacking 93

Heimadal Security

AUGUST 31, 2023

On Tuesday, the U.S. Department of Justice announced the disruption of an international law enforcement operation that targeted the QakBot botnet and its related malware, which has been linked to numerous cyberattacks and caused nearly $60 million in global losses for victims. Evolution of QakBot Malware Originally identified as a banking trojan, QakBot, also known […] The post Notorious QakBot Malware Dismantled: $8.6M Seized and 700K Computers Freed appeared first on Heimdal Security Blo

Malware 92

Malware Banking Cybersecurity 92

Bleeping Computer

AUGUST 31, 2023

North Korean state-sponsored hackers have uploaded malicious packages to the PyPI (Python Package Index) repository, camouflaging one of them as a VMware vSphere connector module named vConnector. [.

89

89

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.