Schneier on Security
DECEMBER 29, 2023
Wow : To test PIGEON’s performance, I gave it five personal photos from a trip I took across America years ago, none of which have been published online. Some photos were snapped in cities, but a few were taken in places nowhere near roads or other easily recognizable landmarks. That didn’t seem to matter much. It guessed a campsite in Yellowstone to within around 35 miles of the actual location.
Krebs on Security
DECEMBER 29, 2023
KrebsOnSecurity celebrates its 14th year of existence today! I promised myself this post wouldn’t devolve into yet another Cybersecurity Year in Review. Nor do I wish to hold forth about whatever cyber horrors may await us in 2024. But I do want to thank you all for your continued readership, encouragement and support, without which I could not do what I do.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Tech Republic Security
DECEMBER 29, 2023
With cyberthreats and cyberattacks always on the rise, developing security and risk management skills could be one of the best moves for your business or career.
Bleeping Computer
DECEMBER 29, 2023
Multiple information-stealing malware families are abusing an undocumented Google OAuth endpoint named "MultiLogin" to restore expired authentication cookies and log into users' accounts, even if an account's password was reset. [.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Security Affairs
DECEMBER 29, 2023
The Resecurity’s HUNTER unit spotted a new version of the Meduza stealer (version (2.2)) that was released in the dark web. On Christmas Eve, Resecurity’s HUNTER unit spotted the author of perspective password stealer Meduza has released a new version (2.2). One of the key significant improvements are support of more software clients (including browser-based cryptocurrency wallets), upgraded credit card (CC) grabber, and additional advanced mechanisms for password storage dump on var
Bleeping Computer
DECEMBER 29, 2023
Two not-for-profit hospitals in New York are seeking a court order to retrieve data stolen in an August ransomware attack that's now stored on the servers of a Boston cloud storage company. [.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Bleeping Computer
DECEMBER 29, 2023
It's been a quiet week, with even threat actors appearing to take some time off for the holidays. We did not see much research released on ransomware this week, with most of the news focusing on new attacks and LockBit affiliates increasingly targeting hospitals. [.
Security Affairs
DECEMBER 29, 2023
Ukraine’s CERT (CERT-UA) warned of a new phishing campaign by the APT28 group to deploy previously undocumented malware strains. The Computer Emergency Response Team of Ukraine (CERT-UA) warned of a new cyber espionage campaign carried out by the Russia-linked group APT28 (aka “ Forest Blizzard ”, “ Fancybear ” or “ Strontium ”). The group employed previously undetected malware such as OCEANMAP, MASEPIE, and STEELHOOK to steal sensitive information from target networks.
Penetration Testing
DECEMBER 29, 2023
ForensicMiner ForensicMiner, a PowerShell-based DFIR automation tool, revolutionizes the field of digital investigations. Designed for efficiency, it automates artifact and evidence collection from Windows machines. Compatibility with Flacon Crowdstrike RTR and Palo Alto Cortex... The post ForensicMiner: PowerShell-based DFIR automation tool appeared first on Penetration Testing.
Security Affairs
DECEMBER 29, 2023
An exposed database and secrets on a third-party app puts Clash of Clans players at risk of attacks from threat actors. The Cybernews research team has discovered that the Clash Base Designer Easy Copy app exposed its Firebase database and user-sensitive information. With 100,000 downloads on the Google Play store, the app enables Clash of Clans players to build a custom base layout and import it into the game.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Penetration Testing
DECEMBER 29, 2023
Invoke-SessionHunter Retrieve and display information about active user sessions on remote computers. No admin privileges are required. The tool leverages the remote registry service to query the HKEY_USERS registry hive on the remote computers.... The post Invoke-SessionHunter: Retrieve & display information about active user sessions on remote computers appeared first on Penetration Testing.
Heimadal Security
DECEMBER 29, 2023
Over 1.3 million customers across the U.S. are being alerted by mortgage servicing company LoanCare that a data breach at its parent company, Fidelity National Financial, may have compromised their private information. With 1.2 million loans and $390 billion in balances under management, LoanCare is a major player in the mortgage servicing industry, offering both […] The post Data Breach Impacts LoanCare Customers appeared first on Heimdal Security Blog.
Malwarebytes
DECEMBER 29, 2023
Ransomware gangs care about one thing: Stealing money. Over time, their craven, cybercriminal efforts have toppled businesses, destabilized hospitals, and ruined lives. Worst of all, they show no sign of slowing down, and their extortion attempts—which no longer focus on ransomware delivery alone—are getting bolder, meaner, and uglier. As Allan Liska, intelligence analyst at Recorded Future, recently said on the Lock and Code podcast , times have changed.
WIRED Threat Level
DECEMBER 29, 2023
It was a year of devastating cyberattacks around the globe, from ransomware attacks on casinos to state-sponsored breaches of critical infrastructure.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Heimadal Security
DECEMBER 29, 2023
Katholische Hospitalvereinigung Ostwestfalen (KHO), a German hospital network, has confirmed that a cyberattack launched by the Lockbit ransomware group is the cause of recent service disruptions at three hospitals in its network. The attack occurred in the early morning of December 24, 2023, and it drastically impacted the systems that supports the operations of three […] The post Lockbit Ransomware Attack Affects Three German Hospitals appeared first on Heimdal Security Blog.
The Hacker News
DECEMBER 29, 2023
The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of a new phishing campaign orchestrated by the Russia-linked APT28 group to deploy previously undocumented malware such as OCEANMAP, MASEPIE, and STEELHOOK to harvest sensitive information.
Security Boulevard
DECEMBER 29, 2023
Detect & stop black hat hackers with honeytokens. Placed in datasets, these mimic real data, triggering alerts upon interaction. Bolster your cybersecurity now! The post How Honeytokens Can Detect and Stop Black Hat Computer Hackers appeared first on Security Boulevard.
The Hacker News
DECEMBER 29, 2023
Nation-state actors affiliated to North Korea have been observed using spear-phishing attacks to deliver an assortment of backdoors and tools such as AppleSeed, Meterpreter, and TinyNuke to seize control of compromised machines. South Korea-based cybersecurity company AhnLab attributed the activity to an advanced persistent threat group known as Kimsuky.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Security Boulevard
DECEMBER 29, 2023
Understanding MFA: A Security Necessity for Small Businesses In an age where cyber threats loom larger than ever, Multi-Factor Authentication (MFA) emerges as a vital safeguard for small businesses. MFA, which adds additional layers of security beyond the traditional username and password, is no longer a luxury but a necessity in the modern digital landscape. … MFA For Small Businesses: How to Leverage Multi-Factor Authentication Read More » The post MFA For Small Businesses: How to Leverage Mul
The Hacker News
DECEMBER 29, 2023
The Assembly of the Republic of Albania and telecom company One Albania have been targeted by cyber attacks, the country’s National Authority for Electronic Certification and Cyber Security (AKCESK) revealed this week. “These infrastructures, under the legislation in force, are not currently classified as critical or important information infrastructure,” AKCESK said.
Security Boulevard
DECEMBER 29, 2023
The Initial Overview: Learning about MQTT & AMQP In the dynamic arenas of Internet of Things (IoT) and cloud computing, communication protocols that are robust, reliable and capable of handling high traffic volumes have become essential. The two protocols that have recently gained significant ground in this regard are MQTT (Message Queuing Telemetry Transport) and [.
Schneier on Security
DECEMBER 29, 2023
They’re short unique strings : Sqids (pronounced “squids”) is an open-source library that lets you generate YouTube-looking IDs from numbers. These IDs are short, can be generated from a custom alphabet and are guaranteed to be collision-free. I haven’t dug into the details enough to know how they can be guaranteed to be collision-free.
Advertisement
The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.
Security Boulevard
DECEMBER 29, 2023
Seceon has a long history of innovating our cybersecurity platform and its powerful detection and response capabilities. Seceon was founded in 2015 and since then has been recognized The post Seceon Innovations in 2023 – A Look Back on a Big Year appeared first on Seceon. The post Seceon Innovations in 2023 – A Look Back on a Big Year appeared first on Security Boulevard.
Security Boulevard
DECEMBER 29, 2023
Authors/Presenters: Shimaa Ahmed, Yash Wani, Ali Shahin Shamsabadi, Mohammad Yaghin, Ilia Shumailov, Nicolas Papernot, Kassem Fawaz Many thanks to USENIX for publishing their outstanding USENIX Security ’23 Presenter’s content, and the organizations strong commitment to Open Access. Originating from the conference’s events situated at the Anaheim Marriott ; and via the organizations YouTube channel.
Security Boulevard
DECEMBER 29, 2023
Welcome to the TuxCare Weekly Blog Wrap-Up – your go-to resource for the latest insights on cybersecurity strategy, Linux security, and how to simplify the way your organization protects its data and customers. At TuxCare, we understand the importance of safeguarding your valuable data and ensuring the smooth operation of your Linux infrastructure. That’s why […] The post Weekly Blog Wrap-Up (December 25- December 28 , 2023) appeared first on TuxCare.
Security Boulevard
DECEMBER 29, 2023
By Max Ammann Behind Ethereum’s powerful blockchain technology lies a lesser-known challenge that blockchain developers face: the intricacies of writing robust Ethereum ABI (Application Binary Interface) parsers. Ethereum’s ABI is critical to the blockchain’s infrastructure, enabling seamless interactions between smart contracts and external applications.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Security Boulevard
DECEMBER 29, 2023
Many thanks to USENIX for publishing their outstanding USENIX Security ’23 Presenter’s content, and the organizations strong commitment to Open Access. Originating from the conference’s events situated at the Anaheim Marriott ; and via the organizations YouTube channel. Permalink The post USENIX Security ’23 – Xinghui Wu, Shiqing Ma, Chao Shen, Chenhao Lin, Qian Wang, Qi Li, Yuan Rao ‘KENKU: Towards Efficient And Stealthy Black-box Adversarial Attacks Against ASR Systems’ appeared first on
Security Boulevard
DECEMBER 29, 2023
In today’s interconnected, cloud-based world, user credentials are the keys that grant entry to the house that stores an organization’s digital treasure. Just as burglars pick the lock on a physical house, cybercriminals use stolen credentials to gain unauthorized access to a company’s systems and networks. Similarly, cybercriminals can purchase high volumes of stolen credentials […] The post Combo Lists & the Dark Web: Understanding Leaked Credentials appeared first on Flare | Cyber Th
Security Boulevard
DECEMBER 29, 2023
via the comic artistry and dry wit of Randall Munroe , creator of XKCD Permalink The post Randall Munroe’s XKCD ‘Hydrothermal Vents’ appeared first on Security Boulevard.
Expert insights. Personalized for you.
248 
Let's personalize your content