Schneier on Security
NOVEMBER 21, 2023
Google’s Threat Analysis Group announced a zero-day against the Zimbra Collaboration email server that has been used against governments around the world. TAG has observed four different groups exploiting the same bug to steal email data, user credentials, and authentication tokens. Most of this activity occurred after the initial fix became public on Github.
Tech Republic Security
NOVEMBER 21, 2023
This cheat sheet provides an overview of what a password manager is and what it does, helping you keep your online accounts safe and secure.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Bleeping Computer
NOVEMBER 21, 2023
Citrix reminded admins today that they must take additional measures after patching their NetScaler appliances against the CVE-2023-4966 'Citrix Bleed' vulnerability to secure vulnerable devices against attacks. [.
Tech Republic Security
NOVEMBER 21, 2023
The partnership with Intel allows for hardware-enforced security and confidentiality on 4th Gen Xeon processors.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Dark Reading
NOVEMBER 21, 2023
Threat actors were actively exploiting CVE-2023-36025 in Windows SmartScreen as a zero-day vulnerability before Microsoft patched it in November.
Tech Republic Security
NOVEMBER 21, 2023
Looking for a trustworthy password recovery tool? Use our guide to review our editorial picks and compare pricing, features, pros and cons.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Bleeping Computer
NOVEMBER 21, 2023
The Lumma information-stealer malware (aka 'LummaC2') is promoting a new feature that allegedly allows cybercriminals to restore expired Google cookies, which can be used to hijack Google accounts. [.
The Hacker News
NOVEMBER 21, 2023
A new variant of the Agent Tesla malware has been observed delivered via a lure file with the ZPAQ compression format to harvest data from several email clients and nearly 40 web browsers. "ZPAQ is a file compression format that offers a better compression ratio and journaling function compared to widely used formats like ZIP and RAR," G Data malware analyst Anna Lvova said in a Monday analysis.
Malwarebytes
NOVEMBER 21, 2023
Atomic Stealer, also known as AMOS, is a popular stealer for Mac OS. Back in September, we described how malicious ads were tricking victims into downloading this piece of malware under the disguise of a popular application. In an interesting new development, AMOS is now being delivered to Mac users via a fake browser update chain tracked as ‘ClearFake’ This may very well be the first time we see one of the main social engineering campaigns, previously reserved for Windows, branch ou
Trend Micro
NOVEMBER 21, 2023
The Trend Micro Managed XDR team encountered malicious operations that used techniques similar to the ones used by Genesis Market, a website for facilitating fraud that was taken down in April 2023.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
The Hacker News
NOVEMBER 21, 2023
The macOS information stealer known as Atomic is now being delivered to target via a bogus web browser update chain tracked as ClearFake. "This may very well be the first time we see one of the main social engineering campaigns, previously reserved for Windows, branch out not only in terms of geolocation but also operating system," Malwarebytes' Jérôme Segura said in a Tuesday analysis.
SecureList
NOVEMBER 21, 2023
At Kaspersky, we constantly monitor the financial cyberthreat landscape, which includes threats to financial institutions, such as banks, and financially motivated threats, such as ransomware, that target a broader range of industries. As part of our Kaspersky Security Bulletin, we try to predict how these cyberthreats will evolve in the coming year to help individuals and businesses to be prepared to face them.
Security Affairs
NOVEMBER 21, 2023
Experts warn of a surge in NetSupport RAT attacks against education, government, and business services sectors. The Carbon Black Managed Detection & Response team is warning of a surge in the number of new infections related to NetSupport RAT in the last few weeks. The most impacted sectors are education, government, and business services. NetSupport RAT is a remote control and desktop management software developed by NetSupport Ltd.
Malwarebytes
NOVEMBER 21, 2023
Sometimes it’s all in the name. The Nothing Chats beta has been pulled from the Google Play Store after reports that the company behind it has access to your (unencrypted) messages. Nothing Phone 2 owners were promised a first-of-its-kind app developed in partnership with Sunbird, which allowed them to message other iMessage users via blue bubbles on their Nothing Phone.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Bleeping Computer
NOVEMBER 21, 2023
The Idaho National Laboratory (INL) confirms they suffered a cyberattack after 'SiegedSec' hacktivists leaked stolen human resources data online.
Security Boulevard
NOVEMBER 21, 2023
How data discovery and classification supports NIST cybersecurity and data privacy framework alignment, stronger security hygiene and privacy policies. The post Leverage the NIST Data Protection Cybersecurity Frameworks in 4 Steps appeared first on Security Boulevard.
Bleeping Computer
NOVEMBER 21, 2023
Microsoft has unveiled a new bug bounty program aimed at the Microsoft Defender security platform, with rewards between $500 and $20,000. [.
The Hacker News
NOVEMBER 21, 2023
Phishing attacks are steadily becoming more sophisticated, with cybercriminals investing in new ways of deceiving victims into revealing sensitive information or installing malicious software. One of the latest trends in phishing is the use of QR codes, CAPTCHAs, and steganography. See how they are carried out and learn to detect them.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Bleeping Computer
NOVEMBER 21, 2023
Microsoft is now rolling out the Copilot AI assistant to eligible non-managed systems enrolled in the Windows Insider program and running Windows 10 22H2 Home and Pro editions. [.
The Hacker News
NOVEMBER 21, 2023
Multiple threat actors, including LockBit ransomware affiliates, are actively exploiting a recently disclosed critical security flaw in Citrix NetScaler application delivery control (ADC) and Gateway appliances to obtain initial access to target environments. The joint advisory comes from the U.S.
Bleeping Computer
NOVEMBER 21, 2023
The Criminal IP Threat Intelligence (CTI) search engine has integrated its IP address and URL scans into VirusTotal. Learn more from Criminal IP about how this integration can help you. [.
Penetration Testing
NOVEMBER 21, 2023
Security researchers have deconstructed the patch released by Microsoft and crafted a proof-of-concept (PoC) exploit for the CVE-2023-36025 vulnerability. This flaw has been discovered and patched, but not before it was actively exploited by... The post Researchers Published PoC Exploit for Windows Zero-Day CVE-2023-36025 Vulnerability appeared first on Penetration Testing.
Advertisement
The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.
We Live Security
NOVEMBER 21, 2023
What happens when problems caused by autonomous vehicles are not the result of errors, but the result of purposeful attacks?
Bleeping Computer
NOVEMBER 21, 2023
A sophisticated phishing campaign pushing the DarkGate malware infections has recently added the PikaBot malware into the mix, making it the most advanced phishing campaign since the Qakbot operation was dismantled. [.
Dark Reading
NOVEMBER 21, 2023
Researchers used machine learning to analyze Hungarian media reports and found Russian narratives soured the nation's perspective on EU sanctions and arms deliveries months before the Ukraine invasion.
Malwarebytes
NOVEMBER 21, 2023
In an advisory aimed at the protection of customers’ personal data, the Australian Cyber Security Centre (ACSC) has emphasized that businesses should only collect personal data from customers that they need in order to operate effectively. While that may seem like kicking in an open door, it’s really not. It’s relatively easy to decide which personal data you need to have for a new customer.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
The Hacker News
NOVEMBER 21, 2023
The Kinsing threat actors are actively exploiting a critical security flaw in vulnerable Apache ActiveMQ servers to infect Linux systems with cryptocurrency miners and rootkits.
Malwarebytes
NOVEMBER 21, 2023
Scammers are abusing an Apple feature that allows websites to create push notifications that look like they’re coming from macOS, or apps. The notifications try to scare users into clicking a link with fake virus alerts or messages saying their account has been hacked. Years ago we warned our readers about the introduction of browser push notifications because we felt they were a feature waiting to be abused.
Dark Reading
NOVEMBER 21, 2023
No one has turned the job market into an attack surface quite like North Korea, which plays both sides for financial gain and, possibly, espionage.
SecureWorld News
NOVEMBER 21, 2023
In a groundbreaking investigative report, the European Investigative Collaborations (EIC) media network, with technical assistance from Amnesty International's Security Lab, has exposed the shocking extent of the global surveillance crisis and the glaring inadequacies of EU regulation in curbing it. The report, titled " Predator Files: Caught in the Net ," delves into the operations of the "Intellexa alliance," a complex network of interconnected companies that develop and market powerful spywar
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Expert insights. Personalized for you.
239 
Let's personalize your content