The Last Watchdog
SEPTEMBER 29, 2023
Once again, politicians are playing political football, threatening a fourth partial government shutdown in a decade. Related: Biden’s cybersecurity strategy As this political theater runs its course one of the many things at risk is national security, particularly on the cyber warfare front. Given the divergent path s of the U.S. Senate and the U.S.
Troy Hunt
SEPTEMBER 29, 2023
Ah, home 😊 It's been more than a month since I've been able to sit at this desk and stream a weekly video. And now I'm doing it with the glorious spring weather just outside my window, which I really must make more time to start enjoying. Anyway, this week is super casual due to having had zero prep time, but I hope the discussion about the ABC's piece on HIBP and I in particular is interesting.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Tech Republic Security
SEPTEMBER 29, 2023
We talked to Proofpoint researchers about this new malware threat and how it infects Windows systems to steal information.
We Live Security
SEPTEMBER 29, 2023
ESET researchers uncover a Lazarus attack against an aerospace company in Spain, where the group deployed several tools, including a publicly undocumented backdoor we named LightlessCan.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Tech Republic Security
SEPTEMBER 29, 2023
These open directories could leak sensitive data, intellectual property or technical data and let an attacker compromise the entire system. Follow these security best practices for open directories.
Bleeping Computer
SEPTEMBER 29, 2023
Proof-of-concept exploit code has surfaced on GitHub for a critical authentication bypass vulnerability in Microsoft SharePoint Server, allowing privilege escalation. [.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Bleeping Computer
SEPTEMBER 29, 2023
Many Discord users attempting to access the popular instant messaging and VoIP social platform today have been met with a scary "Sorry, you have been blocked" message. [.
Security Affairs
SEPTEMBER 29, 2023
Experts warn of a critical zero-day vulnerability, tracked as CVE-2023-42115, in all versions of Exim mail transfer agent (MTA) software. A critical zero-day vulnerability, tracked as CVE-2023-42115 (CVSS score 9.8), affects all versions of Exim mail transfer agent (MTA) software. A remote, unauthenticated attacker, can exploit the vulnerability to gain remote code execution (RCE) on Internet-exposed servers.
Bleeping Computer
SEPTEMBER 29, 2023
A critical zero-day vulnerability in all versions of Exim mail transfer agent (MTA) software can let unauthenticated attackers gain remote code execution (RCE) on Internet-exposed servers. [.
The Hacker News
SEPTEMBER 29, 2023
Malicious ads served inside Microsoft Bing's artificial intelligence (AI) chatbot are being used to distribute malware when searching for popular tools. The findings come from Malwarebytes, which revealed that unsuspecting users can be tricked into visiting booby-trapped sites and installing malware directly from Bing Chat conversations.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Malwarebytes
SEPTEMBER 29, 2023
Google has updated the Stable Channel for Chrome to 117.0.5938.132 for Windows, Mac and Linux. This update includes ten security fixes. According to Google there is an active exploit for one of the patched vulnerabilities, which means cybercriminals are aware of the vulnerability and are using it. The easiest way to update Chrome is to allow it to update automatically, which basically uses the same method as outlined below but does not require your attention.
Tech Republic Security
SEPTEMBER 29, 2023
Automatically create and save passwords, fill in forms and logins, even securely share passwords and sync across all of your devices via WiFi.
Graham Cluley
SEPTEMBER 29, 2023
Three Californian residents have been convicted of laundering millions of dollars tricked out of older adults who had fallen victim to government-imposter and tech support scams. Read more in my article on the Hot for Security blog.
Security Affairs
SEPTEMBER 29, 2023
The World Baseball Softball Confederation (WBSC) left open a data repository exposing nearly 50,000 files, some of which were highly sensitive, the Cybernews research team has discovered. On June 5th, our researchers discovered a misconfigured Amazon Web Services (AWS) bucket storing nearly 48,000 files. A bucket is a container for storing data within AWS’s cloud storage system.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Bleeping Computer
SEPTEMBER 29, 2023
The North Korean 'Lazarus' hacking group targeted employees of an aerospace company located in Spain with fake job opportunities to hack into the corporate network using a previously unknown 'LightlessCan' backdoor. [.
Malwarebytes
SEPTEMBER 29, 2023
GitHub is experiencing issues of the “breached account and malicious code” variety. ITPro reports that unnamed individuals have been compromising accounts and using them to install malware capable of password theft. It’s a fairly elaborate scam which even includes imitation of GitHub’s popular Dependabot feature. To make this scam work, attackers first obtained access tokens belonging to their targets.
The Hacker News
SEPTEMBER 29, 2023
Multiple security vulnerabilities have been disclosed in the Exim mail transfer agent that, if successfully exploited, could result in information disclosure and remote code execution. The list of flaws, which were reported anonymously way back in June 2022, is as follows - CVE-2023-42114 (CVSS score: 3.
Graham Cluley
SEPTEMBER 29, 2023
Attackers are using the "ZeroFont" technique to manipulate the preview of a message to suggest it had already been scanned for threats. Read more in my article in the Tripwire State of Security blog.
Speaker: William Hord, Vice President of ERM Services
A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.
The Hacker News
SEPTEMBER 29, 2023
Threat actors are selling a new crypter and loader called ASMCrypt, which has been described as an "evolved version" of another loader malware known as DoubleFinger. "The idea behind this type of malware is to load the final payload without the loading process or the payload itself being detected by AV/EDR, etc.," Kaspersky said in an analysis published this week.
Dark Reading
SEPTEMBER 29, 2023
In the wake of Cl0p's MOVEit rampage, Progress Software is sending file-transfer customers scrambling again — this time to patch a critical bug that is easily exploitable with a specially crafted HTTPS POST request.
The Hacker News
SEPTEMBER 29, 2023
The North Korea-linked Lazarus Group has been linked to a cyber espionage attack targeting an unnamed aerospace company in Spain in which employees of the firm were approached by the threat actor posing as a recruiter for Meta.
SecureWorld News
SEPTEMBER 29, 2023
Single Sign-On (SSO) is a technology that allows users to access multiple applications with a single set of login credentials. This can make it easier for users to log in to applications and can also help to improve security. There are many different SSO vendors available, each with its own strengths and weaknesses. When choosing an SSO vendor, it is important to consider the following factors: Features: What features are important to you?
Speaker: William Hord, Senior VP of Risk & Professional Services
Enterprise Risk Management (ERM) is critical for industry growth in today’s fast-paced and ever-changing risk landscape. When building your ERM program foundation, you need to answer questions like: Do we have robust board and management support? Do we understand and articulate our bank’s risk appetite and how that impacts our business units? How are we measuring and rating our risk impact, likelihood, and controls to mitigate our risk?
Security Affairs
SEPTEMBER 29, 2023
China-linked threat actors stole around 60,000 emails from U.S. State Department after breaching Microsoft’s Exchange email platform in May. China-linked hackers who breached Microsoft’s email platform in May have stolen tens of thousands of emails from U.S. State Department accounts, a Senate staffer told Reuters this week. During a briefing by U.S.
Bleeping Computer
SEPTEMBER 29, 2023
Sebastien Raoult, a 22-year-old from France, has pleaded guilty in the U.S. District Court of Seattle to conspiracy to commit wire fraud and aggravated identity theft as part of his activities in the ShinyHunters hacking group. [.
Dark Reading
SEPTEMBER 29, 2023
Cybersecurity's constant stream of shiny new things shouldn't distract managers from their focus on the people they're protecting.
The Hacker News
SEPTEMBER 29, 2023
Most people are barely thinking about basic cybersecurity, let alone post-quantum cryptography. But the impact of a post-quantum world is coming for them regardless of whether or not it's keeping them up tonight.
Speaker: Ronald Eddings, Cybersecurity Expert and Podcaster
So, you’ve accomplished an organization-wide SaaS adoption. It started slow, and now just a few team members might be responsible for running Salesforce, Slack, and a few others applications that boost productivity, but it’s all finished. Or is it? Through all the benefits offered by SaaS applications, it’s still a necessity to onboard providers as quickly as possible.
SecureWorld News
SEPTEMBER 29, 2023
As the clock ticks down to another potential shutdown of the U.S. federal government, concerns are mounting over the impact such an event could have on the cybersecurity of the United States. The U.S. Cybersecurity and Infrastructure Security Agency (CISA), the agency tasked with safeguarding the nation's critical infrastructure and defending against cyber threats, is facing the possibility of losing a significant portion of its workforce.
Heimadal Security
SEPTEMBER 29, 2023
Zero Trust security is evolving from “nice to have” to an absolute must for organizations everywhere. Fortunately, Zero Trust offers numerous advantages to companies of all sizes, including medium-sized ones. While achieving full Zero Trust is a long-term goal, even partial Zero Trust environments help businesses of this size enhance their security posture and benefit […] The post 12 Benefits of Zero Trust for Mid-Sized Businesses appeared first on Heimdal Security Blog.
Digital Guardian
SEPTEMBER 29, 2023
Going forward, customers of Digital Guardian Secure Collaboration, formerly Vera, can find everything they need about the product, including support on Digital Guardian's website.
Dark Reading
SEPTEMBER 29, 2023
The federal department that oversees the US diplomatic corps abroad suffers a serious lack of visibility into the cyber threats it faces and the security vulnerabilities it's harboring.
Speaker: Dr. Karen Hardy, CEO and Chief Risk Officer of Strategic Leadership Advisors LLC
Communication is a core component of a resilient organization's risk management framework. However, risk communication involves more than just reporting information and populating dashboards, and we may be limiting our skillset. Storytelling is the ability to express ideas and convey messages to others, including stakeholders. When done effectively, it can help interpret complex risk environments for leaders and inform their decision-making.
Expert insights. Personalized for you.
289 
Let's personalize your content