Schneier on Security

JANUARY 3, 2024

A helpful summary of which US retail stores are using facial recognition, thinking about using it, or currently not planning on using it. (This, of course, can all change without notice.) Three years ago, I wrote that campaigns to ban facial recognition are too narrow. The problem here is identification, correlation, and then discrimination. There’s no difference whether the identification technology is facial recognition, the MAC address of our phones, gait recognition, license plate reco

Retail 254

Retail Technology Surveillance 254

Tech Republic Security

JANUARY 3, 2024

Commentary: Australia’s Cyber Security Strategy 2023-2030 is a bold and far-reaching vision that will see Australia become a world leader. However, a lack of bipartisan agreement may undermine it.

Cybersecurity 165

Cybersecurity 165

Security Boulevard

JANUARY 3, 2024

How stupid does he think we are? You’ll want to turn off this new app setting. The post Facebook’s New Privacy Nightmare: ‘Link History’ appeared first on Security Boulevard.

Social Engineering 138

Social Engineering Advertising Data privacy Engineering 138

Bleeping Computer

JANUARY 3, 2024

HealthEC LLC, a provider of health management solutions, suffered a data breach that impacts close to 4.5 million individuals who received care through one of the company's customers. [.

Data breaches 136

Data breaches Healthcare 136

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Security Affairs

JANUARY 3, 2024

Crypto platform Orbit Chain suffered a cyberattack, threat actors have stolen more than $81 million worth of cryptocurrency. Orbit Chain has suffered a security breach that has resulted in the theft of more than $81 million worth of cryptocurrency. Orbit Chain is a multi-asset blockchain platform that connects various blockchains through Inter-Blockchain Communication (IBC).

Cryptocurrency 129

Cryptocurrency Internet Internet Cybercrime 129

Bleeping Computer

JANUARY 3, 2024

Orange Spain suffered an internet outage today after a hacker breached the company's RIPE account to misconfigure BGP routing and an RPKI configuration. [.

Accountability 143

Accountability Internet Internet 143

Bleeping Computer

JANUARY 3, 2024

The U.S. Cybersecurity and Infrastructure Security Agency has added two vulnerabilities to the Known Exploited Vulnerabilities catalog, a recently patched flaw in Google Chrome and a bug affecting an open-source Perl library for reading information in an Excel file called Spreadsheet::ParseExcel. [.

Cybersecurity 127

Cybersecurity 127

Security Affairs

JANUARY 3, 2024

Sometimes, you can’t even trust links with your own domain. As the Cybernews research team has discovered, some BMW subdomains were vulnerable to redirect vulnerability, enabling attackers to forge links leading to malicious sites through them. Cybernews researchers have discovered two BMW subdomains that were vulnerable to SAP redirect vulnerability.

Phishing 121

Phishing Manufacturing Firewall Cybercrime 121

Bleeping Computer

JANUARY 3, 2024

Almost 11 million internet-exposed SSH servers are vulnerable to the Terrapin attack that threatens the integrity of some SSH connections. [.

Internet 140

Internet Internet 140

Malwarebytes

JANUARY 3, 2024

In what might be conceived as one of Microsoft’s new year resolutions, it has disclosed that it’s turned off the ms-appinstaller protocol handler by default. The change is designed to make installing apps easier, but it also makes installing malware easier. Typically, an app needs to be on a device before it can be installed, which normally means that a user has to download it first.

Social Engineering 117

Social Engineering Ransomware Backups Malware 117

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Bleeping Computer

JANUARY 3, 2024

LastPass notified customers today that they are now required to use complex master passwords with a minimum of 12 characters to increase their accounts' security. [.

Passwords 128

Passwords Account Security Accountability 128

We Live Security

JANUARY 3, 2024

If you like typing with your voice, it should also go without saying that you need to take some precautions and avoid spilling your secrets.

Risk 133

Risk 133

Bleeping Computer

JANUARY 3, 2024

The Twitter account of American cybersecurity firm and Google subsidiary Mandiant was hijacked earlier today to impersonate the Phantom crypto wallet and share a cryptocurrency scam. [.

Cryptocurrency 120

Cryptocurrency Scams Accountability Hacking 120

Security Boulevard

JANUARY 3, 2024

Container technologies are rapidly transforming application development and deployment practices at many organizations. But they also present a minefield of security risks for the growing number of organizations using the technology to package and deploy modern, microservices-based applications. The post The state of container security: 5 key steps to locking down your releases appeared first on Security Boulevard.

Technology 113

Technology Risk 113

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Security Affairs

JANUARY 3, 2024

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Google Chrome and Perl library flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added two Qlik Sense vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. Below is the list of the issues added to the catalog: CVE-2023-7024 – The vulnerability is a Heap buffer overflow issue in WebRTC.

Surveillance 112

Surveillance Cybersecurity Hacking Risk 112

Security Boulevard

JANUARY 3, 2024

The post 2024 Trends Affecting Software Product Security appeared first on CodeSecure. The post 2024 Trends Affecting Software Product Security appeared first on Security Boulevard.

Software 113

Software 113

Graham Cluley

JANUARY 3, 2024

Hackers are believed to have successfully accessed several weeks' worth of sensitive video and audio recordings of court hearings, including one made at a children's court where the identities of minors are supposed to be particularly critical to protect. Read more in my article on the Hot for Security blog.

Data breaches 110

Data breaches Ransomware Malware 110

Bleeping Computer

JANUARY 3, 2024

The Twitter account of American cybersecurity firm and Google subsidiary Mandiant was hijacked earlier today to impersonate the Phantom crypto wallet and share a cryptocurrency scam. [.

Cryptocurrency 109

Cryptocurrency Scams Accountability Hacking 109

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Security Boulevard

JANUARY 3, 2024

Software supply chain attacks are seeing an unprecedented surge. According to the Sonatype State of the Software Supply Chain Report, twice as many incidents were recorded in 2023 as compared to the cumulative total from 2019-2022. The numbers are stark indicators of the fact that the software supply chain, rich with native code, open-source packages, […] The post How Secure Code Signing Aligns With The Principles of DevSecOps appeared first on Security Boulevard.

Software 104

Software Risk Government 104

The Hacker News

JANUARY 3, 2024

As technology adoption has shifted to be employee-led, just in time, and from any location or device, IT and security teams have found themselves contending with an ever-sprawling SaaS attack surface, much of which is often unknown or unmanaged.

Risk 98

Risk Technology 98

Security Boulevard

JANUARY 3, 2024

It’s unfortunately become an all-to-common scenario: you’re waiting for a package to be delivered—but then you receive an SMS text message that seems to be from the carrier, demanding payment before delivery can be completed. If you follow the link in the message, a look-alike website will be reached where you can enter your credit […] The post The Complete Guide to Smishing (SMS Phishing) appeared first on CybeReady.

Phishing 102

Phishing 102

Malwarebytes

JANUARY 3, 2024

Europols’s spotlight report ‘ Online fraud schemes: a web of deceit’ , looks into online fraud schemes—a major crime threat in the EU and beyond—and one of the report’s primary themes is investment fraud. But first I want to share some more remarkable conclusions from the report: Charity scams that prey on concern about international conflicts and natural disasters are becoming more prevalent.

Scams 97

Scams Cryptocurrency Social Engineering Internet 97

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

Penetration Testing

JANUARY 3, 2024

Flutter Spy Flutter Spy is a Bash-based command-line tool designed to provide insightful code analysis and data extraction capabilities from built Flutter apps with reverse engineering. It empowers developers, bug hunters, and security enthusiasts... The post flutter-spy: Explore, analyze, and gain valuable data & insights from reverse engineered Flutter apps appeared first on Penetration Testing.

Engineering 104

Engineering Penetration Testing 104

The Hacker News

JANUARY 3, 2024

Information stealing malware are actively taking advantage of an undocumented Google OAuth endpoint named MultiLogin to hijack user sessions and allow continuous access to Google services even after a password reset.

Passwords 103

Passwords Malware 103

Heimadal Security

JANUARY 3, 2024

Transformative Healthcare announces Fallon Ambulance data breach exposed sensitive information of 911,757 customers. Fallon ceased operations in December 2022 but is still responsible for a data storage archive that hackers targeted with ransomware. The ALPHV threat group a.k.a. BlackCat, claimed responsibility for the cyberattack. What`s the Impact of the Fallon Ambulance Data Breach Security experts […] The post Massive Fallon Ambulance Data Breach Impacts Nearly One Million People appea

Data breaches 96

Data breaches Healthcare Ransomware Cybersecurity 96

Penetration Testing

JANUARY 3, 2024

In the ever-evolving world of cybersecurity, the HAFNIUM threat actor has emerged with a novel and clandestine approach to manipulating scheduled tasks, a technique aimed at establishing persistence in compromised systems. This method centered... The post The Stealthy Tech of Scheduled Task Tampering: A Deep Dive into the HAFNIUM Threat Actor’s Latest Tactic appeared first on Penetration Testing.

Penetration Testing 99

Penetration Testing Cybersecurity Malware 99

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Bleeping Computer

JANUARY 3, 2024

Adult media giant Aylo has blocked access to many of its websites, including PornHub, to visitors from Montana and North Caroline as new age verifications laws go into effect. [.

Media 91

Media Technology 91

Thales Cloud Protection & Licensing

JANUARY 3, 2024

Navigating the Future: Strategic Insights on Identity Verification and Digital Banking in 2024 madhav Thu, 01/04/2024 - 05:32 As we embark on 2024, the digital landscape is undergoing a seismic shift, especially in identity verification and digital banking. This transformation presents both opportunities and challenges for business executives. Understanding these emerging trends is crucial to navigating this new terrain strategically.

Banking 87

Banking Data privacy Technology Encryption 87

The Hacker News

JANUARY 3, 2024

A new exploitation technique called Simple Mail Transfer Protocol (SMTP) smuggling can be weaponized by threat actors to send spoofed emails with fake sender addresses while bypassing security measures.

Phishing 98

Phishing 98

Bleeping Computer

JANUARY 3, 2024

A Nigerian national was arrested in Ghana and is facing charges related to business email compromise (BEC) attacks that caused a charitable organization in the United States to lose more than $7.5 million. [.

91

91

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.