Schneier on Security
JANUARY 16, 2023
Cellebrite is an cyberweapons arms manufacturer that sells smartphone forensic software to governments around the world. MSAB is a Swedish company that does the same thing. Someone has released software and documentation from both companies.
The Last Watchdog
JANUARY 16, 2023
My name is Eden Zaraf. I’ve been driven by my passion for technology for as long as I can remember. Somewhere around the age of 13, I learned to code. I developed scripts, websites and got involved in security which led me to penetration testing. Related: Leveraging employees as detectors. Penetration Testing is a never-ending challenge. Five years ago, my friend Sahar Avitan began developing an automatic penetration testing tool for our own use.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
The Hacker News
JANUARY 16, 2023
Unidentified threat actors have deployed a new backdoor that borrows its features from the U.S. Central Intelligence Agency (CIA)'s Hive multi-platform malware suite, the source code of which was released by WikiLeaks in November 2017.
Security Boulevard
JANUARY 16, 2023
NortonLifeLock is warning customers their passwords are loose. First LastPass, now this? The post Another Password Manager Breach: NortonLifeLock Apes LastPass appeared first on Security Boulevard.
Speaker: Erroll Amacker
Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.
Trend Micro
JANUARY 16, 2023
We discovered an active campaign ongoing since at least mid-2022 which uses Middle Eastern geopolitical-themed lures to distribute NjRAT (also known as Bladabindi) to infect victims across the Middle East and North Africa.
CyberSecurity Insiders
JANUARY 16, 2023
First, is the news that the Indian government has launched its own Mobile Operating systems that have capabilities to take on international rivals like iOS and Android. Within the next few weeks, the government of the sub-continent is preparing to release an indigenous mobile operating system that has the potential to offer a health competition to American technology giants and will be safe to use in the current cyber threat landscape.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
|
CyberSecurity Insiders
JANUARY 16, 2023
School districts are constantly being targeted by cyber attacks, leading to data breaches and information misuse. So, to those who are worried about the privacy of student info, here are some tips to protect it from prying eyes. 1.) Categorization of data is important in such scenarios and that can be done through data classification where private data like Personally Identifiable Information(PII) can be protected with more security measures than the stuff that don’t need them. 2.
Graham Cluley
JANUARY 16, 2023
If you use Norton lifeLock as your password manager, your account may have been compromised. Learn more now.
Heimadal Security
JANUARY 16, 2023
On early Monday, numerous Danish smartphone users reported suspicious SMS-type content originating from a questionable source, allegedly related to Danske Spil. In all instances, a single message would be sent, informing the user of his enrollment in a monthly pay-to-win plan, rescindable via the web. The investigation revealed that the URL enclosed in the SMS […].
Naked Security
JANUARY 16, 2023
216 questioned, 15 arrested, 4 fake call centres searched, millions seized.
Advertisement
Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.
Trend Micro
JANUARY 16, 2023
We discuss the Batloader malware campaigns we observed in the last quarter of 2022, including our analysis of Water Minyades-related events (This is the intrusion set we track behind the creation of Batloader).
Dark Reading
JANUARY 16, 2023
Default settings can leave blind spots but avoiding this issue can be done.
Identity IQ
JANUARY 16, 2023
LifeLock Data Breach Compromises Thousands! Learn How to Help Protect Your Online Identity. IdentityIQ. Recently, thousands of Norton LifeLock customer accounts were compromised in a data breach. Criminal hackers attempted to break into Norton LifeLock customer accounts and possible password managers, meaning they might have gained access to customers’ usernames, passwords and other personal information.
Heimadal Security
JANUARY 16, 2023
Threat actors injected malware that steals customers` private data on Canada`s largest alcohol retailer online store. On January 10th, 2023, the Liquor Control Board of Ontario (LCBO), a Canadian government enterprise, announced that unknown hackers had breached their website. Cyber researchers discovered that a credit card stealing script had been exfiltrating data from the website […].
Advertisement
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
The Hacker News
JANUARY 16, 2023
A threat actor by the name Lolip0p has uploaded three rogue packages to the Python Package Index (PyPI) repository that are designed to drop malware on compromised developer systems. The packages – named colorslib (versions 4.6.11 and 4.6.12), httpslib (versions 4.6.9 and 4.6.11), and libhttps (version 4.6.12) – by the author between January 7, 2023, and January 12, 2023.
Heimadal Security
JANUARY 16, 2023
On Friday, DevOps platform CircleCI revealed that unidentified threat actors compromised an employee’s laptop and stole their two-factor authentication credentials to compromise the company’s systems and data. CI/CD service CircleCI said the “sophisticated attack” occurred on December 16, 2022, and its antivirus software could not detect the malware.
The Hacker News
JANUARY 16, 2023
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has released several Industrial Control Systems (ICS) advisories warning of critical security flaws affecting products from Sewio, InHand Networks, Sauter Controls, and Siemens.
WIRED Threat Level
JANUARY 16, 2023
Cupertino puts privacy first in a lot of its products. But the company still gathers a bunch of your information.
Speaker: Sierre Lindgren
Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.
The Hacker News
JANUARY 16, 2023
A "large and resilient infrastructure" comprising over 250 domains is being used to distribute information-stealing malware such as Raccoon and Vidar since early 2020.
Malwarebytes
JANUARY 16, 2023
The case of Karlee Besse, an accountant in British Colombia, was recently dismissed by the Civil Resolution Tribunal (CRT) in Canada, with a judge ordering her to pay back her former employer, Reach CPA, for "engaging in time theft"—a revelation that wouldn't have been possible if not for software Reach installed on her computer. According to the decision, Besse filed a counterclaim against Reach for terminating her employment without just cause, and is entitled to unpaid wages and severan
Security Affairs
JANUARY 16, 2023
Netlab 360 observed unidentified threat actors using a new backdoor based on the US CIA’s Project Hive malware suite. Researchers from Qihoo Netlab 360 reported that unidentified threat actors using a new backdoor based on the US CIA’s Project Hive malware suite. “ Hive provides a covert communications platform for a whole range of CIA malware to send exfiltrated information to CIA servers and to receive new instructions from operators at the CIA.”.
Malwarebytes
JANUARY 16, 2023
The big social media fines just keep coming. Hot on the heels of Meta experiencing a $277m fine from the Irish Data Protection Commission , it’s now TikTok’s turn in the spotlight thanks to a cookie crumble. Can you walk into a huge fine in 2023 for making it difficult to refuse a cookie as easily as it might be to accept it? As it happens, you absolutely can, as TikTok is now finding out.
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
Security Affairs
JANUARY 16, 2023
Antivirus firm Avast released a free decryptor for the BianLian ransomware family that allows victims to recover locked files. Security firm Avast has released a free decryptor for the BianLian ransomware to allow victims of the malware to recover locked files. The BianLian ransomware emerged in August 2022, the malware was employed in attacks against organizations in various industries, including manufactoring, media and entertainment, and healthcare.
Malwarebytes
JANUARY 16, 2023
Days after Meta achieved victory after suing the NSO Group for Computer Fraud and Abuse Act charges, Meta filed a lawsuit against surveillance company Voyager Labs for violations of its Terms and Policies and California law. According to court documents, Voyager Labs created 38,000 fake accounts on Facebook and Instagram so it could use its home-brew surveillance software to scrape data from them.
Security Affairs
JANUARY 16, 2023
Expert discovered that the T95 Android TV box, available for sale on Amazon and AliExpress, came with sophisticated pre-installed malware. Security researcher, Daniel Milisic, discovered that the T95 Android TV box he purchased on Amazon was infected with sophisticated pre-installed malware. This Android TV box model is available on Amazon and AliExpress for as low as $40.
Security Boulevard
JANUARY 16, 2023
If you’re a CISO, VP of Security, or a Staff Security Engineer and still wondering whether your developers own the keys to application security, this Forrester report is for you. Get your complimentary copy now, courtesy of GitGuardian. The post Forrester Research: Show, Don’t Tell, Your Developers How To Write Secure Code appeared first on Security Boulevard.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Heimadal Security
JANUARY 16, 2023
Threat Actors evade security measures by creating files that are a combination of polyglot and malicious Java archive (JAR). This way they can deploy malware without being discovered. How Does This Work? Polyglot files integrate vocabulary from two or more different formats in such a way that each format can be read without error. And […]. The post Cybercriminals Are Using Malicious JARs and Polyglot Files to Distribute Malware appeared first on Heimdal Security Blog.
SecureWorld News
JANUARY 16, 2023
The uber popular short-form video sharing platform has been fined 5 million euros for its cookie policies, and no, we're not talking about chocolate chip or oatmeal raisin. On December 29, 2022, the French data protection authority (CNIL) imposed a fine of €5 million on TikTok for violations of the French Data Protection Act. The company was found to have made it more difficult for users to refuse cookies than to accept them, and to have not provided sufficient information about the purposes of
Malwarebytes
JANUARY 16, 2023
On January 12, 2023, the Liquor Control Board of Ontario (LCBO) published a news release about a cybersecurity incident, affecting online sales through LCBO.com. It is one of the largest retailers and wholesalers of beverage alcohol in the world. Web skimmer. The cybersecurity incident was a web skimmer , which is designed to retrieve customer payment information.
Security Boulevard
JANUARY 16, 2023
As businesses continue to seek ways to streamline operations, improve customer service, and reduce costs, chatbots have emerged as a popular solution. These artificial intelligence-powered. Read More. The post What is Open AI ChatGPT ? How Open AI ChatGPT can benefit business owners in 2023? appeared first on ISHIR | Software Development India.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Expert insights. Personalized for you.
283 
Let's personalize your content