Schneier on Security

OCTOBER 13, 2023

Interesting New York Times article about high-school students hacking the grading system. What’s not helping? The policies many school districts are adopting that make it nearly impossible for low-performing students to fail—they have a grading floor under them, they know it, and that allows them to game the system. Several teachers whom I spoke with or who responded to my questionnaire mentioned policies stating that students cannot get lower than a 50 percent on any assignment, eve

Hacking 241

Hacking Education 241

Malwarebytes

OCTOBER 13, 2023

Quishing is phishing using QR (Quick Response) codes. QR codes are basically two-dimensional barcodes that hold encoded data, and they can be used to work as a link. Point your phone's camera at a QR code and it will ask you if you want to visit the link. The use of QR codes in malicious campaigns is not new, and because they can provide contactless access to a product or service they grew in popularity during the Covid-19 pandemic.

Phishing 139

Phishing Banking Mobile Accountability 139

Tech Republic Security

OCTOBER 13, 2023

We evaluate the features, performance, security, and pricing of Windscribe VPN to help you determine if it's a reliable VPN service for your needs.

VPN 137

VPN 137

Bleeping Computer

OCTOBER 13, 2023

Microsoft says Windows 10 security updates released during this month's Patch Tuesday may fail to install with 0x8007000d errors, although initially displaying progress. [.

134

134

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

The Hacker News

OCTOBER 13, 2023

Microsoft has announced that it plans to eliminate NT LAN Manager (NTLM) in Windows 11 in the future, as it pivots to alternative methods for authentication and bolster security. "The focus is on strengthening the Kerberos authentication protocol, which has been the default since 2000, and reducing reliance on NT LAN Manager (NTLM)," the tech giant said.

Authentication 130

Authentication 130

Bleeping Computer

OCTOBER 13, 2023

Genetic testing provider 23andMe faces multiple class action lawsuits in the U.S. following a large-scale data breach that is believed to have impacted millions of its customers. [.

Data breaches 131

Data breaches Healthcare 131

Bleeping Computer

OCTOBER 13, 2023

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has unveiled additional details regarding misconfigurations and security vulnerabilities exploited by ransomware gangs, aiming to help critical infrastructure organizations thwart their attacks. [.

Ransomware 122

Ransomware Cybersecurity 122

WIRED Threat Level

OCTOBER 13, 2023

The rapid spread of violent videos and photos, combined with a toxic stew of mis- and disinformation, now threatens to spill over into real-world violence.

129

129

Bleeping Computer

OCTOBER 13, 2023

Cybercriminals are employing a novel code distribution technique dubbed 'EtherHiding,' which abuses Binance's Smart Chain (BSC) contracts to hide malicious scripts in the blockchain. [.

Cryptocurrency 119

Cryptocurrency 119

The Hacker News

OCTOBER 13, 2023

The advanced persistent threat (APT) actor known as ToddyCat has been linked to a new set of malicious tools that are designed for data exfiltration, offering a deeper insight into the hacking crew's tactics and capabilities.

Hacking 116

Hacking 116

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Security Affairs

OCTOBER 13, 2023

FBI and CISA published a joint Cybersecurity Advisory (CSA) to disseminate IOCs, TTPs, and detection methods associated with AvosLocker ransomware. The joint Cybersecurity Advisory (CSA) published by the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) provides known IOCs, TTPs, and detection methods associated with the AvosLocker ransomware variant employed in recent attacks.

Ransomware 120

Ransomware System Administration Antivirus Malware 120

The Hacker News

OCTOBER 13, 2023

A piece of malware known as DarkGate has been observed being spread via instant messaging platforms such as Skype and Microsoft Teams. In these attacks, the messaging apps are used to deliver a Visual Basic for Applications (VBA) loader script that masquerades as a PDF document, which, when opened, triggers the download and execution of an AutoIt script designed to launch the malware.

Malware 112

Malware 112

Duo's Security Blog

OCTOBER 13, 2023

Multi-factor Authentication (MFA) protects your environment by guarding against password weaknesses with strong authentication methods. In today’s blog, we’re unpacking why MFA is a cornerstone topic in this year’s Cybersecurity Awareness Month and how it can keep your organization safe from potentially devastating cyber attacks. In our last blog, we discussed using strong passwords and a password manager to provide better defense at the first layer of the authentication process.

Authentication 115

Authentication Accountability Passwords Mobile 115

Tech Republic Security

OCTOBER 13, 2023

Read the comprehensive PureVPN review to learn about its features, pricing, security and more. Find out if PureVPN is the right VPN service for you.

VPN 113

VPN 113

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Dark Reading

OCTOBER 13, 2023

The writers' strike shows that balancing artificial intelligence and human ingenuity is the best possible outcome for creative as well as cybersecurity professionals.

Artificial Intelligence 118

Artificial Intelligence Cybersecurity 118

Bleeping Computer

OCTOBER 13, 2023

Microsoft announced earlier this week that the NTLM authentication protocol will be killed off in Windows 11 in the future. [.

Authentication 137

Authentication 137

The Hacker News

OCTOBER 13, 2023

The AvosLocker ransomware gang has been linked to attacks against critical infrastructure sectors in the U.S., with some of them detected as recently as May 2023. That's according to a new joint cybersecurity advisory released by the U.S.

Ransomware 110

Ransomware Cybersecurity 110

Dark Reading

OCTOBER 13, 2023

Progress Software plans to collect millions in cyber insurance policy payouts after the MOVEit breaches, which will make getting coverage more expensive and harder to get for everyone else, experts say.

Cyber Insurance 112

Cyber Insurance Insurance Software 112

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Digital Guardian

OCTOBER 13, 2023

This past week was marked by an increase of DDoS attacks, hacktivism, elaborate phishing scams, and more. Catch up on all of these stories and more in this week’s Friday Five!

Scams 111

Scams Phishing DDOS 111

Graham Cluley

OCTOBER 13, 2023

Valve, the company behind the Steam video game platform, has announced a new security feature after multiple reports of game updates being poisoned with malware. But have they chosen the best way to protect developers' accounts? Read more in my article on the Hot for Security blog.

Malware 109

Malware Accountability 109

Dark Reading

OCTOBER 13, 2023

The Cyber Resilience Act's requirement to disclose vulnerabilities within 24 hours could expose organizations to attacks — or government surveillance.

Surveillance 118

Surveillance Government 118

Security Affairs

OCTOBER 13, 2023

A cyberespionage campaign, tracked as Stayin’ Alive, targeted high-profile government and telecom entities in Asia. Cybersecurity company Check Point uncovered a malicious activity, tracked as Stayin’ Alive , that is targeting high-profile government and telecom entities in Asian countries, including Vietnam, Uzbekistan, Pakistan, and Kazakhstan.

Government 110

Government Encryption Phishing Malware 110

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

The Hacker News

OCTOBER 13, 2023

Ransomware attacks have only increased in sophistication and capabilities over the past year. From new evasion and anti-analysis techniques to stealthier variants coded in new languages, ransomware groups have adapted their tactics to effectively bypass common defense strategies.

Cyber threats 100

Cyber threats Ransomware 100

SecureWorld News

OCTOBER 13, 2023

The U.S. Securities and Exchange Commission (SEC) has initiated an investigation into Progress Software regarding the high-profile MOVEit data breach incident that unfolded earlier this year. The investigation focuses on the critical vulnerability in Progress Software's file transfer service, MOVEit, which exposed sensitive data from millions of individuals and organizations worldwide.

Data breaches 98

Data breaches Software Insurance Cybercrime 98

The Hacker News

OCTOBER 13, 2023

European Union military personnel and political leaders working on gender equality initiatives have emerged as the target of a new campaign that delivers an updated version of RomCom RAT called PEAPOD.

Cybersecurity 98

Cybersecurity 98

Bleeping Computer

OCTOBER 13, 2023

​Kwik Trip has been impacted by a wide range of mysterious business disruptions since this weekend that are indicative of a ransomware attack. [.

Ransomware 107

Ransomware Technology 107

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Heimadal Security

OCTOBER 13, 2023

A new Balada Injector campaign used known WordPress plugin and theme vulnerabilities to hack over 17,000 websites during September 2023. Threat actors exploited the CVE-2023-3169 cross-site scripting (XSS) vulnerability in tagDiv Composer. Composer is a tool for the tagDiv’s Newspaper and Newsmag WordPress themes. Both themes are paid for and used by 155,500 websites.

Malware 96

Malware Hacking Cybersecurity 96

Dark Reading

OCTOBER 13, 2023

The botnet — built for DDoS, backdooring, and dropping malware — is evading standard URL signature detections with a novel approach.

DDOS 113

DDOS Malware 113

Heimadal Security

OCTOBER 13, 2023

In a new joint cybersecurity advisory, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have released information on the AvosLocker ransomware gang, that has been linked to attacks against critical infrastructure sectors in the U.S., some of them detected as recently as May 2023. Beware of AvosLocker’s Techniques […] The post FBI, CISA: Beware of AvosLocker Ransomware Attacks appeared first on Heimdal Security Blog.

Ransomware 95

Ransomware Cybersecurity 95

Dark Reading

OCTOBER 13, 2023

CISA and FBI warn the RaaS provider's affiliates are striking critical industries, with more attacks expected to come from additional ransomware groups in the months ahead.

Ransomware 95

Ransomware 95

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.