Schneier on Security
JANUARY 26, 2023
We recently learned that Alec Baldwin is being charged with involuntary manslaughter for his accidental shooting on a movie set. I don’t know the details of the case, nor the intricacies of the law, but I have a question about movie props. Why was an actual gun used on the set? And why were actual bullets used on the set? Why wasn’t it a fake gun: plastic, or metal without a working barrel?
Bleeping Computer
JANUARY 26, 2023
Microsoft urged customers today to keep their on-premises Exchange servers patched by applying the latest supported Cumulative Update (CU) to have them always ready to deploy an emergency security update. [.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Security Boulevard
JANUARY 26, 2023
Summary In the midst of significant layoffs hitting the previously immune tech industry, scammers have mobilized and doubled down on targeting job seekers with various employment scams. Stealing personal information and extorting victims for money, these scams leverage fake job postings, sites or portals, and forms, wrapped in social engineering to attract job seekers.
Bleeping Computer
JANUARY 26, 2023
Today, the Hive ransomware Tor payment and data leak sites were seized as part of an international law enforcement operation involving the US Department of Justice, FBI, Secret Service, Europol, and Germany's BKA and Polizei. [.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Security Boulevard
JANUARY 26, 2023
The ongoing spate of breaches against critical infrastructure and government entities underscores the vulnerability of this sector. In July 2022, officials announced the federal court system had experienced a major data breach via its document filing system – back in 2020. In September 2022, the IRS admitted that a data leak exposed the personal info.
Bleeping Computer
JANUARY 26, 2023
Bitwarden and other password managers are being targeted in Google ads phishing campaigns to steal users' password vault credentials. [.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Bleeping Computer
JANUARY 26, 2023
A Yandex source code repository allegedly stolen by a former employee of the Russian technology company has been leaked as a Torrent on a popular hacking forum. [.
Naked Security
JANUARY 26, 2023
Undercover Austrian "controlled data buy" leads to Amsterdam arrest and ongoing investigation. Suspect is said to steal and sell all sorts of data, including medical records.
CSO Magazine
JANUARY 26, 2023
Application programming interfaces (APIs) have become a critical part of networking, programs, applications, devices, and nearly everything else in the computing landscape. This is especially true for cloud and mobile computing, neither of which could probably exist in its current form without APIs holding everything together or managing much of backend functionality.
Appknox
JANUARY 26, 2023
Data privacy has become a hot-button issue in recent times, leading to the implementation of stringent laws governing who can collect information and how it is accessed. Governments across the world are increasingly turning their attention towards ensuring data protection for citizens.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
We Live Security
JANUARY 26, 2023
The data trail you leave behind whenever you're online is bigger – and more revealing – than you may think The post Why your data is more valuable than you may realize appeared first on WeLiveSecurity
Security Boulevard
JANUARY 26, 2023
DevOps is a great approach to improve the speed and efficiency of software development, but there is an even better way to approach the process with security in mind. Find out what approach works for best digital business leaders and how to implement these changes in your organization. The post A DevOps Security Tutorial for Digital Business Leaders (Clone) appeared first on Security Boulevard.
InfoWorld on Security
JANUARY 26, 2023
Canonical’s Ubuntu Pro , a Linux security maintenance subscription service covering thousands of applications and toolchains in the open-source ecosystem, is generally available as of January 26. Released in beta in October, Ubuntu Pro helps users of Linux desktops and servers get CVE (common vulnerabilities and exposures) patches, harden their systems at scale, and stay compliant with standards such as FedRAMP, HIPPA, PCI-DSS.
The Hacker News
JANUARY 26, 2023
Proof-of-concept (Poc) code has been released for a now-patched high-severity security flaw in the Windows CryptoAPI that the U.S. National Security Agency (NSA) and the U.K. National Cyber Security Centre (NCSC) reported to Microsoft last year. Tracked as CVE-2022-34689 (CVSS score: 7.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Bleeping Computer
JANUARY 26, 2023
The U.S. Department of State today offered up to $10 million for information that could help link the Hive ransomware group (or other threat actors) with foreign governments. [.
Security Boulevard
JANUARY 26, 2023
Welcome to the latest edition of The Week in Security , which brings you the newest headlines from both the world and our team across the full stack of security: application security, cybersecurity, and beyond. This week: IT management firm GoTo says a 2022 breach was much worse than reported. Also: a hacktivist found the FBI's No Fly list on a publicly-accessible airline server.
Bleeping Computer
JANUARY 26, 2023
A new ransomware family named 'Mimic' has been spotted in the wild abusing the APIs of a legitimate Windows file search tool called 'Everything' to achieve file enumeration. [.
Dark Reading
JANUARY 26, 2023
The rapid maturation and rebranding of ransomware groups calls for relentless preparation and flexibility in response, according to one view from the trenches.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
eSecurity Planet
JANUARY 26, 2023
Security researchers are warning that Google Ads are being actively leveraged to distribute malware to unsuspecting victims searching for software downloads. On January 20, CronUp researcher Germán Fernández warned that the DEV-0569 ransomware group is using Google Ads to distribute Gozi/Ursnif malware, RedLine stealer, and Royal ransomware. “For deployment, they use Add-MpPreference to configure exclusions in Windows Defender (extensions, paths and processes), NSudo to launch binaries wit
Bleeping Computer
JANUARY 26, 2023
Lexmark has released a security firmware update to fix a severe vulnerability that could enable remote code execution (RCE) on more than 100 printer models. [.
Heimadal Security
JANUARY 26, 2023
SEO poisoning attacks have been on the rise in recent years, as more and more people are using search engines to find information online. Attackers are constantly coming up with new ways to exploit SEO vulnerabilities, so it’s important to be aware of the risks and take steps to protect yourself. In this article, I’ll explain […] The post What Is an SEO Poisoning Attack and How Does It Affect Network Security?
Bleeping Computer
JANUARY 26, 2023
Microsoft has started the forced rollout of Windows 11 22H2 to systems running Windows 11 21H2 that are approaching their end-of-support (EOS) date on October 10, 2023. [.
Advertisement
The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.
CSO Magazine
JANUARY 26, 2023
Despite the hoodie-wearing bad guy image, most hackers are bona fide security researchers protecting users by probing and testing the security configurations of digital networks and assets. Yet the law has often failed to distinguish between malicious hackers and good-faith security researchers. This failure to distinguish between the two hacker camps has, however, improved over the past two years, according to Harley Geiger, an attorney with Venable LLP, who serves as counsel in the Privacy and
Bleeping Computer
JANUARY 26, 2023
Google's Threat Analysis Group terminated tens of thousands of accounts linked to a group known as "Dragonbridge" or "Spamouflage Dragon" that is disseminating pro-Chinese disinformation across multiple online platforms. [.
Security Boulevard
JANUARY 26, 2023
January 9, 2023, was the deadline for financial services companies doing business in New York (including cryptocurrency entities with a Bit license) to comment on new proposed cybersecurity regulations which would mandate, among other things, that such regulated entities report and justify any payments of ransomware or extortionate to the Department of Financial Services within.
Heimadal Security
JANUARY 26, 2023
On January 25th, Killnet Russian activist threat group put several German websites offline after performing a DDoS attack. The hackers claimed they targeted government websites, banks, and airports as a reaction to Germany`s decision to supply Ukraine with 2 Leopard tanks. According to Germany’s BSI cyber agency, the attack campaign had low, short-term effects: Currently, […] The post Killnet Russian Hacking Group Launches DDoS Attacks on German Websites appeared first on Heimdal Security
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Malwarebytes
JANUARY 26, 2023
Move over Lockbit , there's a new ransomware-as-a-service (RaaS) player in town attacking the education sector—and its name is Vice Society. Vice Society is believed to be a Russian-based intrusion, exfiltration, and extortion group. And their ideal prey? You guessed it: universities, colleges, and K-12 schools. The Federal Bureau of Investigation (FBI) has even released a joint Cybersecurity Advisory (CSA) after observing that Vice Society has disproportionately targeted the education sec
Dark Reading
JANUARY 26, 2023
Whether you dream of your child growing into a CISO or just want them to improve their security hygiene, consider this roundup of literary geekery.
Graham Cluley
JANUARY 26, 2023
A 22-year-old suspected of being "Seyzo", a member of the ShinyHunters cybercrime gang, has been extradited from Morocco to the United States, where - if convicted - he could face up to 116 years in prison. The ShinyHunters gang became notorious in 2020, following a series of data breaches that impacted over 60 companies - including Microsoft. Read more in my article on the Tripwire State of Security blog.
Security Affairs
JANUARY 26, 2023
Experts warn of a spike in the attacks that between August and October 2022 attempted to exploit a Realtek Jungle SDK RCE (CVE-2021-35394). Palo Alto Networks researchers reported that between August and October 2022 the number of attacks that attempted to exploit a Realtek Jungle SDK RCE ( CVE-2021-35394 ) (CVSS score 9.8) accounted for more than 40% of the total number of attacks. “Realtek Jungle SDK version v2.x up to v3.4.14B provides a diagnostic tool called ‘MP Daemon’ th
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Expert insights. Personalized for you.
202 
Let's personalize your content