Lohrman on Security
DECEMBER 23, 2022
After a year full of data breaches, ransomware attacks and real-world cyber impacts stemming from Russia’s invasion of Ukraine, what’s next? Here’s part 1 of your annual roundup of security industry forecasts for 2023 and beyond.
Schneier on Security
DECEMBER 23, 2022
Two men have been convicted of hacking the taxi dispatch system at the JFK airport. This enabled them to reorder the taxis on the list; they charged taxi drivers $10 to cut the line.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
CyberSecurity Insiders
DECEMBER 23, 2022
By Steven Spadaccini, VP Threat Intelligence, SafeGuard Cyber. In 2022, cybersecurity further became a top priority for businesses around the world following critical attacks on both the public and private sectors and of course, the use of cyber warfare as a Russian tactic in its invasion of Ukraine. This year, organizations have spent significant time and resources attempting to mitigate the risks associated with Business Communication Compromise, including phishing attacks and Personally-Ident
Bleeping Computer
DECEMBER 23, 2022
The Irish Data Protection Commission (DPC) has launched an inquiry following last month's news reports of a massive Twitter data leak. [.].
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
CyberSecurity Insiders
DECEMBER 23, 2022
According to a secret mission launched by South Korean Spy Agency ‘The National Intelligence Service (NIS)’ North Korea hackers have so far managed to siphon $1.2 billion worth digital currency with a large amount($686 million) stolen in the current year i.e. 2022. NIS anticipates that the year 2023 will witness more such attacks from Kim Jong Un, possibly of larger scale, as they need a large sum to quench their thirst for the eight nuclear tests.
Naked Security
DECEMBER 23, 2022
The crooks now know who you are, where you live, which computers are yours, where you go online. and they got those password vaults, too.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Bleeping Computer
DECEMBER 23, 2022
A critical vulnerability in the Ghost CMS newsletter subscription system could allow external users to create newsletters or modify existing ones so that they contain malicious JavaScript. [.].
Security Affairs
DECEMBER 23, 2022
ByteDance admitted that its employees accessed TikTok data to track journalists to identify the source of leaks to the media. TikTok parent company ByteDance revealed that several employees accessed the TikTok data of two journalists to investigate leaks of company information to the media. . According to an email from ByteDance’s general counsel Erich Andersen which was seen by the AFP news agency, the Chinese company was attempting to discover who shared company information with a Financ
The Hacker News
DECEMBER 23, 2022
The developers behind the Brave open-source web browser have revealed a new privacy-preserving data querying and retrieval system called FrodoPIR. The idea, the company said, is to use the technology to build out a wide range of use cases such as safe browsing, checking passwords against breached databases, certificate revocation checks, and streaming, among others.
Security Affairs
DECEMBER 23, 2022
Online sports betting company BetMGM suffered a data breach and threat actors offered for sale a database containing the data of 1.5 million customers. On December 21, the online sports betting company BetMGM disclosed a data breach while threat actors offered for sale a database containing the information of 1,569,310 million BetMGM customers. “ We breached BetMGM’s casino database current as of Nov 2022.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Dark Reading
DECEMBER 23, 2022
A complete bypass of the Kyverno security mechanism for container image imports allows cyberattackers to completely take over a Kubernetes pod to steal data and inject malware.
The Hacker News
DECEMBER 23, 2022
The Vice Society ransomware actors have switched to yet another custom ransomware payload in their recent attacks aimed at a variety of sectors. "This ransomware variant, dubbed 'PolyVice,' implements a robust encryption scheme, using NTRUEncrypt and ChaCha20-Poly1305 algorithms," SentinelOne researcher Antonio Cocomazzi said in an analysis.
Heimadal Security
DECEMBER 23, 2022
To compromise corporate networks, steal data, and pursue targets for ransomware attacks based on financial size, recent finds show the FIN7 hacking group is using an automated attack system that exploits Microsoft Exchange and SQL injection vulnerabilities. The attack system was discovered by Prodaft’s threat intelligence team, which at this point has been closely following […].
The Hacker News
DECEMBER 23, 2022
A new targeted phishing campaign has zoomed in on a two-factor authentication solution called Kavach that's used by Indian government officials. Cybersecurity firm Securonix dubbed the activity STEPPY#KAVACH, attributing it to a threat actor known as SideCopy based on tactical overlaps with prior attacks. ".
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Heimadal Security
DECEMBER 23, 2022
The DuckDuckGo apps and extensions are blocking Google Sign-in pop-ups, removing what it perceives as an annoyance and a privacy risk. DuckDuckGo offers a privacy-focused search engine, an email service, mobile apps, and data-protecting browser extensions. A standalone web browser is currently in beta and only available on macOS. Chrome, Firefox, Brave, and Microsoft Edge […].
Bleeping Computer
DECEMBER 23, 2022
Hackers are actively targeting a critical flaw in YITH WooCommerce Gift Cards Premium, a WordPress plugin used on over 50,000 websites. [.].
The Hacker News
DECEMBER 23, 2022
Tis the season for security and IT teams to send out that company-wide email: “No, our CEO does NOT want you to buy gift cards.” As much of the workforce signs off for the holidays, hackers are stepping up their game. We’ll no doubt see an increase in activity as hackers continue to unleash e-commerce scams and holiday-themed phishing attacks.
Bleeping Computer
DECEMBER 23, 2022
Reports this week illustrate how threat actors consider Microsoft Exchange as a prime target for gaining initial access to corporate networks to steal data and deploy ransomware. [.].
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Heimadal Security
DECEMBER 23, 2022
As businesses have become increasingly susceptible to cyberattacks, the use of CSaaS has become more important. In this article, we’ll outline what CSaaS is, and discuss some of the benefits it can offer businesses. We’ll also give you a few tips on how to choose the best provider for your needs. So whether you’re new […]. The post Cybersecurity-as-a-service (CSaaS) appeared first on Heimdal Security Blog.
Dark Reading
DECEMBER 23, 2022
Securing videoconferencing solutions is just one of many IT security challenges small businesses are facing, often with limited financial and human resources.
Heimadal Security
DECEMBER 23, 2022
Automated tools and a huge amount of information available on the dark web make password spraying attacks a rising threat, especially for organizations. Once an account is compromised, the cybercriminal can exfiltrate sensitive data from your company, engage in lateral movement or even blackmail you. And the consequences of such an incident can range from […].
Dark Reading
DECEMBER 23, 2022
To stay safer, restrict access to data, monitor for breaches in the supply chain, track relevant data that is sold on the Dark Web, and implement best safety practices.
Advertisement
The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.
Heimadal Security
DECEMBER 23, 2022
BetMGM, a major player in the sports betting industry, recently reported a data breach in which the personal information of an unspecified number of customers was stolen by a threat actor. The data breach exposed information such as names, postal addresses, email addresses, phone numbers, dates of birth, hashed Social Security numbers, account identifiers (such […].
Dark Reading
DECEMBER 23, 2022
APIs are key to cloud transformation, but two Google surveys find that cyberattacks targeting them are reaching a tipping point, even as general cloud security issues abound.
Heimadal Security
DECEMBER 23, 2022
Several critical security vulnerabilities have been found in Passwordstate password management solution. The flaws can be leveraged by a cybercriminal to steal a user’s plaintext passwords. Passwordstate, owned by the Australian company Click Studios, has over 29,000 clients, and more than 370,000 IT experts employ it. Details About the Vulnerabilities and How They Can Be […].
Dark Reading
DECEMBER 23, 2022
The follow-on attack from August's source-code breach could fuel future campaigns against LastPass customers.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Heimadal Security
DECEMBER 23, 2022
Malicious actors succeeded in stealing customer vault data during LastPass` cloud storage breach. According to researchers, for this attack, they used data stolen during an incident that took place in August this year. Over 33 million people and 100,000 businesses around the globe use LastPass` password management software. After the company’s CEO, Karim Toubba, stated […].
Security Boulevard
DECEMBER 23, 2022
In what can only be described as one of the most bizarre events in the history of open source, we find that the massively popular open source libraries, colors.js , and faker.js were sabotaged by their very own maintainer, as I first reported on over the weekend. The post Best of 2022: npm Libraries ‘colors’ and ‘faker’ Sabotaged in Protest by Their Maintainer—What to do Now?
Security Affairs
DECEMBER 23, 2022
Online sports betting company BetMGM suffered a data breach and threat actors offered for sale a database containing the data of 1.5 million customers. On December 21, the online sports betting company BetMGM disclosed a data breach while threat actors offered for sale a database containing the information of 1,569,310 million BetMGM customers. “ We breached BetMGM’s casino database current as of Nov 2022.
Security Boulevard
DECEMBER 23, 2022
Vulnerable websites are built for beginners who are learning ethical hacking to test their skills. We have mentioned a few of such best sites in our article. The post 25+ Vulnerable websites to practice your ethical hacking skills appeared first on Cyphere | Securing Your Cyber Sphere. The post Best of 2022: 25+ Vulnerable websites to practice your ethical hacking skills appeared first on Security Boulevard.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Expert insights. Personalized for you.
302 
Let's personalize your content