Mon.Jan 16, 2023

article thumbnail

Hacked Cellebrite and MSAB Software Released

Schneier on Security

Cellebrite is an cyberweapons arms manufacturer that sells smartphone forensic software to governments around the world. MSAB is a Swedish company that does the same thing. Someone has released software and documentation from both companies.

Software 205
article thumbnail

Another Password Manager Breach: NortonLifeLock Apes LastPass

Security Boulevard

NortonLifeLock is warning customers their passwords are loose. First LastPass, now this? The post Another Password Manager Breach: NortonLifeLock Apes LastPass appeared first on Security Boulevard.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Cyber Attack news headlines trending on Google

CyberSecurity Insiders

First, is the news that the Indian government has launched its own Mobile Operating systems that have capabilities to take on international rivals like iOS and Android. Within the next few weeks, the government of the sub-continent is preparing to release an indigenous mobile operating system that has the potential to offer a health competition to American technology giants and will be safe to use in the current cyber threat landscape.

article thumbnail

New Backdoor Created Using Leaked CIA's Hive Malware Discovered in the Wild

The Hacker News

Unidentified threat actors have deployed a new backdoor that borrows its features from the U.S. Central Intelligence Agency (CIA)'s Hive multi-platform malware suite, the source code of which was released by WikiLeaks in November 2017.

Malware 138
article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

How to handle personal data of students

CyberSecurity Insiders

School districts are constantly being targeted by cyber attacks, leading to data breaches and information misuse. So, to those who are worried about the privacy of student info, here are some tips to protect it from prying eyes. 1.) Categorization of data is important in such scenarios and that can be done through data classification where private data like Personally Identifiable Information(PII) can be protected with more security measures than the stuff that don’t need them. 2.

article thumbnail

Earth Bogle: Campaigns Target the Middle East with Geopolitical Lures

Trend Micro

We discovered an active campaign ongoing since at least mid-2022 which uses Middle Eastern geopolitical-themed lures to distribute NjRAT (also known as Bladabindi) to infect victims across the Middle East and North Africa.

Media 131

More Trending

article thumbnail

LifeLock Data Breach Compromises Thousands! Learn How to Help Protect Your Online Identity

Identity IQ

LifeLock Data Breach Compromises Thousands! Learn How to Help Protect Your Online Identity. IdentityIQ. Recently, thousands of Norton LifeLock customer accounts were compromised in a data breach. Criminal hackers attempted to break into Norton LifeLock customer accounts and possible password managers, meaning they might have gained access to customers’ usernames, passwords and other personal information.

article thumbnail

Warning! Credit Card Skimmer Injected on Canada’s Largest Alcohol Retailer’s Site

Heimadal Security

Threat actors injected malware that steals customers` private data on Canada`s largest alcohol retailer online store. On January 10th, 2023, the Liquor Control Board of Ontario (LCBO), a Canadian government enterprise, announced that unknown hackers had breached their website. Cyber researchers discovered that a credit card stealing script had been exfiltrating data from the website […].

Retail 95
article thumbnail

Forrester Research: Show, Don’t Tell, Your Developers How To Write Secure Code

Security Boulevard

If you’re a CISO, VP of Security, or a Staff Security Engineer and still wondering whether your developers own the keys to application security, this Forrester report is for you. Get your complimentary copy now, courtesy of GitGuardian. The post Forrester Research: Show, Don’t Tell, Your Developers How To Write Secure Code appeared first on Security Boulevard.

CISO 98
article thumbnail

TikTok dances to the tune of $5.4m cookie fine

Malwarebytes

The big social media fines just keep coming. Hot on the heels of Meta experiencing a $277m fine from the Irish Data Protection Commission , it’s now TikTok’s turn in the spotlight thanks to a cookie crumble. Can you walk into a huge fine in 2023 for making it difficult to refuse a cookie as easily as it might be to accept it? As it happens, you absolutely can, as TikTok is now finding out.

Media 98
article thumbnail

Beware of Pixels & Trackers on U.S. Healthcare Websites

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

article thumbnail

Ugh! Norton LifeLock password manager accounts accessed by hackers

Graham Cluley

If you use Norton lifeLock as your password manager, your account may have been compromised. Learn more now.

article thumbnail

What is Open AI ChatGPT ? How Open AI ChatGPT can benefit business owners in 2023?

Security Boulevard

As businesses continue to seek ways to streamline operations, improve customer service, and reduce costs, chatbots have emerged as a popular solution. These artificial intelligence-powered. Read More. The post What is Open AI ChatGPT ? How Open AI ChatGPT can benefit business owners in 2023? appeared first on ISHIR | Software Development India.

article thumbnail

Accountant ordered to pay ex-employer after bossware shows "time theft"

Malwarebytes

The case of Karlee Besse, an accountant in British Colombia, was recently dismissed by the Civil Resolution Tribunal (CRT) in Canada, with a judge ordering her to pay back her former employer, Reach CPA, for "engaging in time theft"—a revelation that wouldn't have been possible if not for software Reach installed on her computer. According to the decision, Besse filed a counterclaim against Reach for terminating her employment without just cause, and is entitled to unpaid wages and severan

article thumbnail

2023 The Year of Redefining API Security

Security Boulevard

With the start of a new year, most security firms feel obligated to dust off their crystal ball (AI-driven, of course) and cart out their predictions for the coming year. With such tradition, how could we resist to do otherwise. Rather than simply prognosticate, we turned to customer conversations to reflect what is already happening. Organizations are quickly waking up to the big stakes of not monitoring and protecting APIs and how traditional API security approaches are largely inadequate to m

98
article thumbnail

Software Composition Analysis: The New Armor for Your Cybersecurity

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

article thumbnail

Batloader Malware Abuses Legitimate Tools, Uses Obfuscated JavaScript Files in Q4 2022 Attacks

Trend Micro

We discuss the Batloader malware campaigns we observed in the last quarter of 2022, including our analysis of Water Minyades-related events (This is the intrusion set we track behind the creation of Batloader).

Malware 94
article thumbnail

Complete Guide to Zero Trust Security

Security Boulevard

Zero Trust Security – Always Verify and Authenticate Zero Trust Security architecture functions on the premise that any connection requires mandatory identification, verification, and authentication. Previously, networks were potentially secure from outside threats. At the same time, those inside the system had complete access to every nook and corner of the network.

article thumbnail

T95 Android TV Box sold on Amazon hides sophisticated malware

Security Affairs

Expert discovered that the T95 Android TV box, available for sale on Amazon and AliExpress, came with sophisticated pre-installed malware. Security researcher, Daniel Milisic, discovered that the T95 Android TV box he purchased on Amazon was infected with sophisticated pre-installed malware. This Android TV box model is available on Amazon and AliExpress for as low as $40.

Malware 97
article thumbnail

Cybercriminals Are Using Malicious JARs and Polyglot Files to Distribute Malware

Heimadal Security

Threat Actors evade security measures by creating files that are a combination of polyglot and malicious Java archive (JAR). This way they can deploy malware without being discovered. How Does This Work? Polyglot files integrate vocabulary from two or more different formats in such a way that each format can be read without error. And […]. The post Cybercriminals Are Using Malicious JARs and Polyglot Files to Distribute Malware appeared first on Heimdal Security Blog.

Malware 93
article thumbnail

From Complexity to Clarity: Strategies for Effective Compliance and Security Measures

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

article thumbnail

Experts spotted a backdoor that borrows code from CIA’s Hive malware

Security Affairs

Netlab 360 observed unidentified threat actors using a new backdoor based on the US CIA’s Project Hive malware suite. Researchers from Qihoo Netlab 360 reported that unidentified threat actors using a new backdoor based on the US CIA’s Project Hive malware suite. “ Hive provides a covert communications platform for a whole range of CIA malware to send exfiltrated information to CIA servers and to receive new instructions from operators at the CIA.”.

Malware 94
article thumbnail

CircleCI Security Incident: How a Malware Attack on An Engineer’s Laptop Led to Chaos

Heimadal Security

On Friday, DevOps platform CircleCI revealed that unidentified threat actors compromised an employee’s laptop and stole their two-factor authentication credentials to compromise the company’s systems and data. CI/CD service CircleCI said the “sophisticated attack” occurred on December 16, 2022, and its antivirus software could not detect the malware.

Malware 92
article thumbnail

Avast researchers released a free BianLian ransomware decryptor for some variants of the malware

Security Affairs

Antivirus firm Avast released a free decryptor for the BianLian ransomware family that allows victims to recover locked files. Security firm Avast has released a free decryptor for the BianLian ransomware to allow victims of the malware to recover locked files. The BianLian ransomware emerged in August 2022, the malware was employed in attacks against organizations in various industries, including manufactoring, media and entertainment, and healthcare.

article thumbnail

Europol Dismantled a Cybercrime Ring Involved in Cryptocurrency Scams

Heimadal Security

Authorities from Bulgaria, Cyprus, Germany, and Serbia, with help from Europol and Eurojust, worked together to break up a cybercrime ring that was involved in online investment fraud. Since June 2022, when German authorities first asked for help, the European police have supported this investigation. The suspects used advertisements on social networks to lure victims […].

article thumbnail

Successful Change Management with Enterprise Risk Management

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

article thumbnail

CISA Warns for Flaws Affecting Industrial Control Systems from Major Manufacturers

The Hacker News

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has released several Industrial Control Systems (ICS) advisories warning of critical security flaws affecting products from Sewio, InHand Networks, Sauter Controls, and Siemens.

article thumbnail

Web skimmer found on website of Liquor Control Board of Ontario

Malwarebytes

On January 12, 2023, the Liquor Control Board of Ontario (LCBO) published a news release about a cybersecurity incident, affecting online sales through LCBO.com. It is one of the largest retailers and wholesalers of beverage alcohol in the world. Web skimmer. The cybersecurity incident was a web skimmer , which is designed to retrieve customer payment information.

Retail 86
article thumbnail

TikTok Fined $5.4 Million By French Authorities Over Cookie Opt-Out Feature

Heimadal Security

TikTok UK and TikTok Ireland have been fined €5,000,000 by France’s Commission Nationale de l’Informatique et des Libertés (CNIL) for making it impossible for platform users to reject cookies and for failing to adequately explain their function. Article 82 of France’s data protection regulations (DPA), a national statute that complies with the GDPR (General Data […].

article thumbnail

Researchers Uncover 3 PyPI Packages Spreading Malware to Developer Systems

The Hacker News

A threat actor by the name Lolip0p has uploaded three rogue packages to the Python Package Index (PyPI) repository that are designed to drop malware on compromised developer systems. The packages – named colorslib (versions 4.6.11 and 4.6.12), httpslib (versions 4.6.9 and 4.6.11), and libhttps (version 4.6.12) – by the author between January 7, 2023, and January 12, 2023.

Malware 89
article thumbnail

ERM Program Fundamentals for Success in the Banking Industry

Speaker: William Hord, Senior VP of Risk & Professional Services

Enterprise Risk Management (ERM) is critical for industry growth in today’s fast-paced and ever-changing risk landscape. When building your ERM program foundation, you need to answer questions like: Do we have robust board and management support? Do we understand and articulate our bank’s risk appetite and how that impacts our business units? How are we measuring and rating our risk impact, likelihood, and controls to mitigate our risk?

article thumbnail

Avast releases free BianLian ransomware decryptor

Bleeping Computer

Security software company Avast has released a free decryptor for the BianLian ransomware strain to help victims of the malware recover locked files without paying the hackers. [.].

article thumbnail

University suffers leaks, shutdowns at the hands of Vice Society

Malwarebytes

The Vice Society ransomware gang is back and making some unfortunate waves in the education sector. According to Bleeping Computer, the Society has held their ransomware laden hands up and admitted an attack on the University of Duisberg-Essen. Sadly this isn’t the University’s first encounter with ransomware attacks , though it has proven to perhaps be its worst, given reports of leaks and changes to its IT infrastructure.

article thumbnail

Pro-Russian Group Targets Organizations in Ukraine and NATO Countries with DDoS Attacks

Heimadal Security

Pro-Russian group NoName057(16) continues to wreak havoc. Cybersecurity experts discovered that the group is behind a wave of DDoS attacks against organizations based in Ukraine and NATO countries. The attacks started in March 2022 and since then, governmental and critical infrastructure organizations have been targeted. The Activity of the Group According to SecurityAffairs, in Denmark’s […].

DDOS 82
article thumbnail

Multi-million investment scammers busted in four-country Europol raid

Naked Security

216 questioned, 15 arrested, 4 fake call centres searched, millions seized.

article thumbnail

Cover Your SaaS: How to Overcome Security Challenges and Risks For Your Organization

Speaker: Ronald Eddings, Cybersecurity Expert and Podcaster

So, you’ve accomplished an organization-wide SaaS adoption. It started slow, and now just a few team members might be responsible for running Salesforce, Slack, and a few others applications that boost productivity, but it’s all finished. Or is it? Through all the benefits offered by SaaS applications, it’s still a necessity to onboard providers as quickly as possible.