Wed.Dec 06, 2023

article thumbnail

Security Analysis of a Thirteenth-Century Venetian Election Protocol

Schneier on Security

Interesting analysis : This paper discusses the protocol used for electing the Doge of Venice between 1268 and the end of the Republic in 1797. We will show that it has some useful properties that in addition to being interesting in themselves, also suggest that its fundamental design principle is worth investigating for application to leader election protocols in computer science.

article thumbnail

ICANN Launches Service to Help With WHOIS Lookups

Krebs on Security

More than five years after domain name registrars started redacting personal data from all public domain registration records, the non-profit organization overseeing the domain industry has introduced a centralized online service designed to make it easier for researchers, law enforcement and others to request the information directly from registrars.

Phishing 236
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Windows 10 Extended Security Updates Promised for Small Businesses and Home Users

Tech Republic Security

Already common for enterprises, for the first time, individuals will also get the option to pay for extended security updates for a Windows operating system that's out of support.

article thumbnail

Navigating privacy: Should we put the brakes on car tracking?

We Live Security

Smart cars include many new functions that make our lives easier, but they also do so by intruding upon personal privacy through an incessant amount of tracking, which can make these cars targets of cyberattacks.

Phishing 129
article thumbnail

Guide to Business Writing

Everything you need to know about better business writing in one place. This is a complete guide to business writing — from a clear business writing definition to tips on how to hone your business writing skills.

article thumbnail

Cisco Talos Report: New Trends in Ransomware, Network Infrastructure Attacks, Commodity Loader Malware

Tech Republic Security

Based on the security researchers' analysis of the 2023 cyberthreat landscape, we highlight new or heightened risks.

Malware 187
article thumbnail

Nissan is investigating cyberattack and potential data breach

Bleeping Computer

Japanese car maker Nissan is investigating a cyberattack that targeted its systems in Australia and New Zealand, which may have let hackers access personal information. [.

More Trending

article thumbnail

New SLAM attack steals sensitive data from AMD, future Intel CPUs

Bleeping Computer

Academic researchers developed a new side-channel attack called SLAM that exploits hardware features designed to improve security in upcoming CPUs from Intel, AMD, and Arm to obtain the root password hash from the kernel memory. [.

Passwords 125
article thumbnail

The Binance Crackdown Will Be an 'Unprecedented' Bonanza for Crypto Surveillance

WIRED Threat Level

Binance’s settlement requires it to offer years of transaction data to US regulators and cops, exposing the company—and its customers—to a “24/7, 365-days-a-year financial colonoscopy.

article thumbnail

Survey Surfaces Wasted Efforts Collecting Cybersecurity Data

Security Boulevard

Security teams are wasting time and resources normalizing data to store and analyze it in a separate platform instead of relying on the same data IT teams use to manage operations. The post Survey Surfaces Wasted Efforts Collecting Cybersecurity Data appeared first on Security Boulevard.

article thumbnail

Navy contractor Austal USA confirms cyberattack after data leak

Bleeping Computer

Austal USA, a shipbuilding company and a contractor for the U.S. Department of Defense (DoD) and the Department of Homeland Security (DHS) confirmed that it suffered a cyberattack and is currently investigating the impact of the incident. [.

118
118
article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

Windows 10 gets its own extended security updates program

Malwarebytes

The day that Windows 10 machines will get their last security updates is set for October 14, 2025. So if you want to stay secure, you’d have to upgrade to a newer version. Either to Windows 11, which is not all that different, but more demanding when it comes to system requirements. Or to the rumored Windows 12 which might be out by then. Despite the fact that Windows 11 has been around for a while, market share would have it that Windows 10 is still far more popular.

Marketing 117
article thumbnail

Experts demonstrate a post-exploitation tampering technique to display Fake Lockdown mode

Security Affairs

Researchers devised a new post-exploitation tampering technique to trick users into believing that their iPhone is in Lockdown Mode. Researchers from Jamf Threat Labs devised a new post-exploit tampering technique to trick users that their compromised iPhone is running in Lockdown Mode while they are performing malicious activities. The researchers pointed out that the issue is not a flaw in the feature or an iOS vulnerability.

Malware 111
article thumbnail

Krasue RAT malware hides on Linux servers using embedded rootkits

Bleeping Computer

Security researchers discovered a remote access trojan they named Krasue that is targeting Linux systems of telecommunications companies and managed to remain undetected since 2021. [.

article thumbnail

Ostrich Cyber-Risk Announces Partnership with C-Risk to Strengthen Cybersecurity Resilience and Innovation

Security Boulevard

SALT LAKE CITY, — Ostrich Cyber-Risk (Ostrich) , a pioneer and prestigious provider of cyber-risk management solutions, is excited to announce a partnership with C-Risk , a leading service provider of cyber risk management in Europe. Tom Callaghan, Co-Founder of C-Risk, commented, "C-Risk has built a portfolio of services which help our clients to unlock the value of quantitative risk management.

article thumbnail

Beware of Pixels & Trackers on U.S. Healthcare Websites

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

article thumbnail

US senator: Govts spy on Apple, Google users via mobile notifications

Bleeping Computer

A U.S. senator revealed today that government agencies worldwide demand mobile push notification records from Apple and Google users to spy on their customers. [.

Mobile 115
article thumbnail

Defense-in-Depth: A Comprehensive Approach to Modern Cybersecurity

Security Boulevard

Defense-in-depth is a cybersecurity strategy that emphasizes deploying multiple layers of security controls and countermeasures to protect critical assets and mitigate the impact of potential attacks. The post Defense-in-Depth: A Comprehensive Approach to Modern Cybersecurity appeared first on Security Boulevard.

article thumbnail

Atlassian addressed four new RCE flaws in its products

Security Affairs

Australian Software giant Atlassian addressed four critical Remote Code Execution (RCE) vulnerabilities in its products. Atlassian released security patches to address four critical remote code execution vulnerabilities in its products. Below is the list of vulnerabilities addressed by the vendor: CVE-2022-1471 (CVSS score: 9.8) – SnakeYAML library RCE Vulnerability that impacts multiple products.

Software 109
article thumbnail

3 Data Masking Techniques and How to Implement Them

Digital Guardian

Data masking or data obfuscation has become a popular way to modify data to make it difficult to ascertain what's authentic vs. what's been modified. In today's blog we look at three different data masking techniques.

article thumbnail

Software Composition Analysis: The New Armor for Your Cybersecurity

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

article thumbnail

Top Security Trends and Predictions for 2024

Security Boulevard

Approov stands at the forefront of mobile cybersecurity: Our expansive customer base, ongoing research initiatives and the insights we collect from our live threat metrics , give us unique visibility into trends in mobile security. Based on this data, we wanted to share our predictions for 2024. We don't claim to be able to predict the future but we do think we can see some trends that will help you prepare your own plan for navigating the challenges and opportunities that lie ahead in 2024.

Mobile 109
article thumbnail

CISA adds Qualcomm flaws to its Known Exploited Vulnerabilities catalog

Security Affairs

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds four Qualcomm vulnerabilities to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Qualcomm vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. Below is the list of the issues added to the catalog: CVE-2023-33106 Qualcomm Multiple Chipsets Use of Out-of-Range Pointer Offset Vulnerability CVE-2023-33063 Qualcomm Multiple Chipsets Use-After-Free Vuln

article thumbnail

Atlassian patches critical RCE flaws across multiple products

Bleeping Computer

Atlassian has published security advisories for four critical remote code execution (RCE) vulnerabilities impacting Confluence, Jira, and Bitbucket servers, along with a companion app for macOS. [.

108
108
article thumbnail

PipeViewer: shows detailed information about named pipes in Windows

Penetration Testing

PipeViewer A GUI tool for viewing Windows Named Pipes and searching for insecure permissions. PipeViewer is a GUI tool that allows users to view details about Windows-named pipes and their permissions. It is designed... The post PipeViewer: shows detailed information about named pipes in Windows appeared first on Penetration Testing.

article thumbnail

From Complexity to Clarity: Strategies for Effective Compliance and Security Measures

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

article thumbnail

GST Invoice Billing Inventory exposes sensitive data to threat actors

Security Affairs

GST Invoice Billing Inventory, a business accounting app for small and medium businesses with over 1M downloads has left a database open, exposing sensitive personal and corporate data up for grabs. The popular and reputable GST Invoice Billing Inventory (previously known as Book Keeper) app is one of the thousands of apps on the Google Play Store with sensitive data hard-coded into the client side of an app.

article thumbnail

Critical WordPress Vulnerability Patched: Remote Code Execution Possible

Penetration Testing

A critical security vulnerability patched in the recent WordPress 6.4.2 update could have allowed attackers to take full control of vulnerable websites. While the vulnerability itself resided within WordPress core, its potential for harm... The post Critical WordPress Vulnerability Patched: Remote Code Execution Possible appeared first on Penetration Testing.

article thumbnail

$10 million up for grabs in fight against North Korean hackers

Graham Cluley

$10 million reward is focused on hackers working on behalf of the North Korean government, who are using cryptocurrency mixers to launder the funds they are stealing from financial institutions and businesses. Read more in my article on the Hot for Security blog.

article thumbnail

New macOS Trojan-Proxy piggybacking on cracked software

SecureList

Illegally distributed software historically has served as a way to sneak malware onto victims’ devices. Oftentimes, users are not willing to pay for software tools they need, so they go searching the Web for a “free lunch” They are an excellent target for cybercriminals who realize that an individual looking for a cracked app will be willing to download an installer from a questionable website and disable security on their machine, and so they will be fairly easy to trick into

article thumbnail

Successful Change Management with Enterprise Risk Management

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

article thumbnail

Alert: Threat Actors Can Leverage AWS STS to Infiltrate Cloud Accounts

The Hacker News

Threat actors can take advantage of Amazon Web Services Security Token Service (AWS STS) as a way to infiltrate cloud accounts and conduct follow-on attacks. The service enables threat actors to impersonate user identities and roles in cloud environments, Red Canary researchers Thomas Gardner and Cody Betsworth said in a Tuesday analysis.

article thumbnail

2023 Review: Reflecting on Cybersecurity Trends

Trend Micro

Every year, experts weigh in with predictions of what the big cybersecurity trends will be—but how often are they right? That’s the question Trend Micro’s Greg Young and Bill Malik asked recently on their Real Cybersecurity podcast, looking at what forecasters got wrong on a wide range of topics, from AI to human factors.

article thumbnail

Hackers Exploited ColdFusion Vulnerability to Breach Federal Agency Servers

The Hacker News

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned of active exploitation of a high-severity Adobe ColdFusion vulnerability by unidentified threat actors to gain initial access to government servers.

article thumbnail

Splunk Predictions 2024: Leadership Trends and Emerging Technologies

Tech Republic Security

Ready or not, here comes 2024. From resilience to board priorities, Splunk executives across security, IT and engineering weigh in on what to expect in the era of AI. AI: The hype will pay off, but business impact will take another 12-24 months. C-suite transformation: CISOs, CTOs and CIOs will have expanded roles in the.

article thumbnail

ERM Program Fundamentals for Success in the Banking Industry

Speaker: William Hord, Senior VP of Risk & Professional Services

Enterprise Risk Management (ERM) is critical for industry growth in today’s fast-paced and ever-changing risk landscape. When building your ERM program foundation, you need to answer questions like: Do we have robust board and management support? Do we understand and articulate our bank’s risk appetite and how that impacts our business units? How are we measuring and rating our risk impact, likelihood, and controls to mitigate our risk?