Joseph Steinberg

JANUARY 10, 2024

Cybersecurity For Dummies , the best-selling cybersecurity book written for general audiences by Joseph Steinberg , is now available in Portuguese. Like its English, French, Dutch, and German counterparts, the Portuguese edition, entitled Cibersegurança Para Leigos , and published in Brazil, helps people stay cyber-secure regardless of their technical skillsets.

Cybersecurity 275

Cybersecurity Artificial Intelligence Data breaches Malware 275

Krebs on Security

JANUARY 10, 2024

A California man who lost $100,000 in a 2021 SIM-swapping attack is suing the unknown holder of a cryptocurrency wallet that harbors his stolen funds. The case is thought to be first in which a federal court has recognized the use of information included in a bitcoin transaction — such as a link to a civil claim filed in federal court — as reasonably likely to provide notice of the lawsuit to the defendant.

Cryptocurrency 269

Cryptocurrency Government Cybercrime Accountability 269

Schneier on Security

JANUARY 10, 2024

In 2000, I wrote : “If McDonald’s offered three free Big Macs for a DNA sample, there would be lines around the block.” Burger King in Brazil is almost there , offering discounts in exchange for a facial scan. From a marketing video: “At the end of the year, it’s Friday every day, and the hangover kicks in,” a vaguely robotic voice says as images of cheeseburgers glitch in and out over fake computer code. “BK presents Hangover Whopper, a technology that

Marketing 256

Marketing Technology 256

Anton on Security

JANUARY 10, 2024

So, we ( Tim and Anton , the crew behind the podcast ) wanted to post another reflections blog based on our Cloud Security Podcast by Google being almost 3 (we will be 3 years old on Feb 11, 2024, to be precise), kind of similar to this one. But we realized we don’t have enough new profound reflections…. We do have a few fun new things! So, what did we do differently in 2023?

Cloud Migration 130

Cloud Migration Government Network Security Risk 130

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Tech Republic Security

JANUARY 10, 2024

While its small server suite may be a dealbreaker, Mullvad VPN’s strong focus on privacy sets it apart from other VPNs on the market. Read more below.

VPN 143

VPN Marketing 143

Bleeping Computer

JANUARY 10, 2024

Windows 10 users worldwide report problems installing Microsoft's January Patch Tuesday updates, getting 0x80070643 errors when attempting to install the KB5034441 security update for BitLocker. [.

139

139

Bleeping Computer

JANUARY 10, 2024

Ivanti has disclosed two Connect Secure (ICS) and Policy Secure zero-days exploited in the wild that can let remote attackers execute arbitrary commands on targeted gateways. [.

118

118

Security Affairs

JANUARY 10, 2024

Cisco addressed a critical Unity Connection security flaw that can be exploited by an unauthenticated attacker to get root privileges. Cisco has addressed a critical flaw, tracked as CVE-2024-20272, in its Unity Connection that can be exploited by a remote, unauthenticated attacker to gain root privileges on vulnerable devices. Cisco Unity Connection is a messaging platform and voicemail system that is part of the Cisco Unified Communications suite of products.

Authentication 116

Authentication Hacking Software Information Security 116

Bleeping Computer

JANUARY 10, 2024

Cisco has patched a critical Unity Connection security flaw that can let unauthenticated attackers remotely gain root privileges on unpatched devices. [.

129

129

Security Boulevard

JANUARY 10, 2024

In today’s digital age, where data is the lifeblood of organizations, cybersecurity has become paramount. As cyber threats evolve at an unprecedented pace, traditional security methods are struggling to keep up. This is where artificial intelligence (AI) and automation come into play, offering a transformative approach to cybersecurity. The Challenge of CyberThreats The cybersecurity landscape … Cybersecurity Automation with AI Read More » La entrada Cybersecurity Automation with AI se publicó p

Artificial Intelligence 118

Artificial Intelligence Cybersecurity Cyber threats 118

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Bleeping Computer

JANUARY 10, 2024

Fidelity National Financial (FNF) has confirmed that a November cyberattack (claimed by the BlackCat ransomware gang) has exposed the data of 1.3 million customers. [.

Ransomware 121

Ransomware 121

Security Boulevard

JANUARY 10, 2024

This article was originally published in Hackernoon on 12.13.23 by Charlie Sander, CEO at ManagedMethods. With the surge in cyber events making headlines, district leaders have to allocate more resources to cybersecurity programs, leading them to seek cybersecurity ROI proof from Technology Directors Additionally, education has undergone a historic digital transformation, which, unfortunately, comes with […] The post In the News | How To Measure Cybersecurity ROI for Schools appeared first

Digital transformation 113

Digital transformation Cybersecurity Education Technology 113

Security Affairs

JANUARY 10, 2024

Threat actors hacked the X account of the US Securities and Exchange Commission (SEC) and used it to publish the fake news on the Bitcoin ETF approval. Hackers hijacked the X account of the US Securities and Exchange Commission (SEC) and used it to publish fake news on the Bitcoin ETF approval. “Today the SEC grants approval to Bitcoin ETFs for listing on registered national security exchanges,” read the fake massage which was promtly removed. “The approved Bitcoin ETFs will be

Accountability 111

Accountability Hacking Cryptocurrency Surveillance 111

Security Boulevard

JANUARY 10, 2024

Data breaches are a major concern in the ever-evolving landscape of digital healthcare. One recent incident that has come to light involves ESO Solutions, a software provider for healthcare organizations and fire departments. The company revealed that a ransomware attack had resulted in a data breach that exposed the personal information of 2.7 million patients. […] The post ESO Solutions Healthcare Data Breach Impacts 2.7 Million appeared first on TuxCare.

Data breaches 113

Data breaches Healthcare Ransomware Software 113

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Security Affairs

JANUARY 10, 2024

A U.S. District Court sentenced ShinyHunters hacker Sebastien Raoult to three years in prison and ordered him to pay more than $5 million in restitution. The member of the ShinyHunters hacker group Sebastien Raoult was sentenced in U.S. District Court in Seattle to three years in prison and more than $5 million in restitution for conspiracy to commit wire fraud and aggravated identity theft.

Identity Theft 108

Identity Theft Hacking Cryptocurrency Advertising 108

Bleeping Computer

JANUARY 10, 2024

Cybersecurity firm and Google subsidiary Mandiant says its Twitter/X account was hijacked last week by a Drainer-as-a-Service (DaaS) gang in what it described as "likely a brute force password attack." [.

Accountability 109

Accountability Hacking Passwords Cybersecurity 109

Security Affairs

JANUARY 10, 2024

The Healthcare services provider HMG Healthcare has disclosed a data breach that impacted 40 affiliated nursing facilities. In November 2023, the Healthcare services provider HMG Healthcare discovered a data breach that exposed personal health information related to residents and employees at HMG affiliated nursing facilities. The company immediately launched an investigation into the incident and discovered that threat actors in August gained access to a company server and stolen unencrypted fi

Data breaches 106

Data breaches Healthcare Hacking Accountability 106

Bleeping Computer

JANUARY 10, 2024

A pro-Ukraine hacktivist group named 'Blackjack' has claimed a cyberattack against Russian provider of internet services M9com as a direct response to the attack against Kyivstar mobile operator. [.

Mobile 108

Mobile Internet Internet 108

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Security Boulevard

JANUARY 10, 2024

Health organizations need to adopt an approach that covers both cloud security posture management (CSPM) and application security posture management (ASPM). The post How Healthcare Organizations can use ASPM to Fill CSPM Coverage Gaps and Save Money appeared first on Security Boulevard.

Healthcare 109

Healthcare Data privacy Security Awareness Risk 109

We Live Security

JANUARY 10, 2024

WhatsApp, Telegram and Signal clones and mods remain a popular vehicle for malware distribution.Here's how to avoid getting taken for a ride.

Malware 122

Malware 122

Security Boulevard

JANUARY 10, 2024

Malware remains a significant and pervasive threat in the digital age, with its impacts being felt across various sectors globally. Recent incidents highlight the severity of this issue. For instance, healthcare organizations have been particularly vulnerable. Ardent Health Services experienced a devastating cyber-attack, leading to significant operational disruptions and, more critically, delaying patient care​​.

Healthcare 106

Healthcare Cyber Attacks Malware 106

Penetration Testing

JANUARY 10, 2024

Redis often hailed as a versatile data structures server, has recently found itself at the center of a critical security vulnerability. Known for its efficiency in providing mutable data structures through a server-client model,... The post CVE-2023-41056: Redis Remote Code Execution Vulnerability appeared first on Penetration Testing.

Penetration Testing 111

Penetration Testing 111

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

Bleeping Computer

JANUARY 10, 2024

Threat actors are using communication about personal pension accounts (the 401(k) plans in the U.S.), salary adjustments, and performance reports to steal company employees' credentials. [.

Accountability 104

Accountability 104

Penetration Testing

JANUARY 10, 2024

Bypass Fuzzer Fuzz 401/403ing endpoints for bypasses This tool performs various checks via headers, path normalization, verbs, etc. to attempt to bypass ACLs or URL validation. It will output the response codes and length... The post BypassFuzzer: Fuzz 401/403/404 pages for bypasses appeared first on Penetration Testing.

Penetration Testing 111

Penetration Testing 111

Graham Cluley

JANUARY 10, 2024

The official Twitter account of the US Securities and Exchange Commission (SEC) was hacked yesterday, with scammers posting an unauthorised message to its 660,000+ followers. The false message - which has since been deleted - claimed that the SEC had approved the listing and trading of spot bitcoin ETFs, and caused the market price of Bitcoin to immediately jump to nearly US $48,000.

Accountability 105

Accountability Hacking Marketing Cryptocurrency 105

Penetration Testing

JANUARY 10, 2024

In the digital age, where virtual meetings and webinars have become ubiquitous, Zoom Video Communications’ software, Zoom Meetings, stands out as a linchpin of virtual communication. However, the discovery of CVE-2023-49647, a significant privilege... The post CVE-2023-49647: A High-Risk Zoom Vulnerability appeared first on Penetration Testing.

Penetration Testing 111

Penetration Testing Risk Software 111

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Bleeping Computer

JANUARY 10, 2024

Microsoft announced the end of mainstream support for its Exchange Server 2019 on-premises mail server software on January 9, 2023. [.

Software 118

Software 118

Penetration Testing

JANUARY 10, 2024

kanha Kanha is a tool that can help you perform, a variety of attacks based on the target domain. With just kanha, you can do, Fuzzing, Reverse dns lookup, common http response, subdomain takeover detection and many more. The project... The post kanha: A web-app pentesting suite written in Rust appeared first on Penetration Testing.

Penetration Testing 105

Penetration Testing DNS 105

Identity IQ

JANUARY 10, 2024

Is Identity Theft Protection Worth It? IdentityIQ Your identity is your most valuable asset – and thieves want it. As identity theft cases rise, the question on many minds is, “Is identity theft protection worth the investment?” Let’s break it down: what these services offer, how they help, and if the peace of mind is worth the price tag.

Identity Theft 98

Identity Theft Insurance Accountability Surveillance 98

The Hacker News

JANUARY 10, 2024

A decryptor for the Tortilla variant of the Babuk ransomware has been released by Cisco Talos, allowing victims targeted by the malware to regain access to their files. The cybersecurity firm said the threat intelligence it shared with Dutch law enforcement authorities made it possible to arrest the threat actor behind the operations.

Ransomware 105

Ransomware Encryption Malware Cybersecurity 105

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.