Schneier on Security
JANUARY 9, 2024
This is an old piece of malware—the Chameleon Android banking Trojan—that now disables biometric authentication in order to steal the PIN : The second notable new feature is the ability to interrupt biometric operations on the device, like fingerprint and face unlock, by using the Accessibility service to force a fallback to PIN or password authentication.
The Last Watchdog
JANUARY 9, 2024
Augmented reality (AR) and virtual reality (VR) technologies provide intriguing opportunities for immersive and interactive experiences in cybersecurity training. Related: GenAI’ impact on DevSecOps Here’s how these technologies can bridge learning gaps in cybersecurity awareness and enhance the overall training experience. AR and VR technologies can create distinct immersive experiences by merging digital reality with the physical world.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Jane Frankland
JANUARY 9, 2024
In recent years, data breaches and compliance failures have made organisations increasingly aware of the need for comprehensive cybersecurity solutions to detect and address threats. However, not all organisations have had the means to invest in and manage the staffing and infrastructure required for a Security Operations Centre (SOC). This is where Managed Detection & Response (MDR) providers come in.
Tech Republic Security
JANUARY 9, 2024
ESET NOD32 Antivirus 2024 Edition provides multi-layered protection from malware and hackers without impeding the performance of your Mac or Windows PC.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Bleeping Computer
JANUARY 9, 2024
A Chinese state-backed research institute claims to have discovered how to decrypt device logs for Apple's AirDrop feature, allowing the government to identify phone numbers or email addresses of those who shared content. [.
We Live Security
JANUARY 9, 2024
Is AI companionship the future of not-so-human connection – and even the cure for loneliness? Let’s briefly look at some of the pros and cons that developing a “relationship” with an AI companion may involve.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Security Affairs
JANUARY 9, 2024
Microsoft Patch Tuesday security updates for January 2024 addressed a total of 49 flaws, including two critical vulnerabilities. Microsoft Patch Tuesday security updates for January 2024 fixed 49 flaws in Microsoft Windows and Windows Components; Office and Office Components; Azure; NET Framework and Visual Studio; SQL Server; Windows Hyper-V; and Internet Explorer.
Security Boulevard
JANUARY 9, 2024
Cybersecurity context is the missing puzzle piece that can transform a jumble of information into a clear and coherent picture of vulnerabilities. The post Deciphering Cybersecurity Vulnerabilities Requires Context appeared first on Security Boulevard.
Bleeping Computer
JANUARY 9, 2024
A group of financially motivated Turkish hackers targets Microsoft SQL (MSSQL) servers worldwide to encrypt the victims' files with Mimic (N3ww4v3) ransomware. [.
Security Boulevard
JANUARY 9, 2024
Entering a new year, the cybersecurity landscape is poised for significant shifts, driven by the dynamic interplay between technological advancements and persistent threats. In this blog, industry experts share their insights and predictions, offering a nuanced perspective on the cybersecurity… The post 2024 Cybersecurity Predictions appeared first on LogRhythm.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Bleeping Computer
JANUARY 9, 2024
Microsoft has released the KB5034122 cumulative update for Windows 10 21H2 and Windows 10 22H2, which includes only a small number of fixes due to the holiday season. [.
Security Affairs
JANUARY 9, 2024
The LockBit ransomware gang claimed responsibility for the cyber attack on the Capital Health hospital network. The LockBit ransomware operation has claimed responsibility for the cyberattack that hit the Capital Health hospital network in November 2023. Capital Health Regional Medical Center is a member of Capital Health System. Located in Trenton, New Jersey, Capital Health Regional Medical Center, is a regional academic medical center and state-designated trauma center that cares for both com
Security Boulevard
JANUARY 9, 2024
The issues of outside interference in U.S. elections and the security of the systems behind them have been talked and debate for at least a decade and promise to be at the forefront again as the country gears up for what promises to be a pivotal election year in 2024. However, local and state government. The post Survey: Election Workers Feel Unprepared for Upcoming Cyberthreats appeared first on Security Boulevard.
Bleeping Computer
JANUARY 9, 2024
Researchers from Cisco Talos working with the Dutch police obtained a decryption tool for the Tortilla variant of Babuk ransomware and shared intelligence that led to the arrest of the ransomware's operator. [.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Digital Guardian
JANUARY 9, 2024
Switzerland's revised data protection law took effect September 2023. What are the implications of the law and how can organizations comply with what it asks? We dig into it in today's blog.
Bleeping Computer
JANUARY 9, 2024
The X account for the U.S. Securities and Exchange Commission was hacked today to issue a fake announcement on the approval of Bitcoin ETFs on security exchanges. [.
Security Affairs
JANUARY 9, 2024
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Apache Superset vulnerability to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added an Apache Superset flaw, tracked as CVE-2023-27524 , to its Known Exploited Vulnerabilities (KEV) catalog. Apache Superset is an open-source Data Visualization and Data Exploration Platform, it is written in Python and based on the Flask web framework.
Bleeping Computer
JANUARY 9, 2024
Microsoft has released the Windows 11 KB5034123 cumulative update for versions 23H2 and 22H2 to fix a variety of issues, including a potential Wi-Fi bug that was fixed in a KIR last month. [.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Graham Cluley
JANUARY 9, 2024
Clients of a pregnancy care clinic in Ontario have had their personal information exposed to hackers. I'm sure I don't need to tell anyone who has made use of the services of a midwife, that a lot can happen in nine months. Read more in my article on the Hot for Security blog.
Bleeping Computer
JANUARY 9, 2024
Today, the U.S. Federal Trade Commission (FTC) banned data broker Outlogic, formerly X-Mode Social, from selling Americans' raw location data that could be used for tracking purposes. [.
WIRED Threat Level
JANUARY 9, 2024
The US financial regulator says its official @SECGov account was “compromised,” resulting in an “unauthorized” post about the status of Bitcoin ETFs.
Bleeping Computer
JANUARY 9, 2024
The U.S. Cybersecurity and Infrastructure Security Agency has added to its to the Known Exploited Vulnerabilities catalog six vulnerabilities that impact products from Adobe, Apache, D-Link, and Joomla. [.
Advertisement
The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.
Penetration Testing
JANUARY 9, 2024
The AI Engine plugin, a popular AI-related WordPress plugin with over 50,000 active installations, recently experienced a significant security vulnerability. This vulnerability tracked as CVE-2023-51409, classified as an “unauthenticated arbitrary file upload” issue, posed... The post CVE-2023-51409: The Severe Vulnerability Threatening 50,000 WordPress Sites appeared first on Penetration Testing.
Bleeping Computer
JANUARY 9, 2024
Some organizations victimized by the Royal and Akira ransomware gangs have been targeted by a threat actor posing as a security researcher who promised to hack back the original attacker and delete stolen victim data. [.
Veracode Security
JANUARY 9, 2024
Veracode has recently introduced a new feature called Dynamic Analysis MFA, which provides automated support for multi-factor authentication (MFA) setups during dynamic analysis scans. This eliminates the need for you to disable or manually support your MFA configurations when conducting security testing. Understanding Dynamic Analysis MFA When we log into applications, we usually use a username and password, which is considered one-factor authentication.
Bleeping Computer
JANUARY 9, 2024
A Nigerian man was sentenced on Monday to 10 years and one month in prison for conspiring to launder millions stolen from elderly victims in internet fraud schemes. [.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
The Hacker News
JANUARY 9, 2024
Threat actors are resorting to YouTube videos featuring content related to cracked software in order to entice users into downloading an information stealer malware called Lumma.
Bleeping Computer
JANUARY 9, 2024
The Paraguay military is warning of Black Hunt ransomware attacks after Tigo Business suffered a cyberattack last week impacting cloud and hosting services in the company's business division. [.
Penetration Testing
JANUARY 9, 2024
In a significant breakthrough in the fight against cybercrime, Cisco Talos, in cooperation with Dutch Police and Avast, has recovered a crucial decryptor for systems affected by the Babuk ransomware variant known as Tortilla.... The post Avast Unveils Updated Babuk Decryptor in Collaboration with Cisco Talos and Dutch Police appeared first on Penetration Testing.
The Hacker News
JANUARY 9, 2024
Poorly secured Microsoft SQL (MS SQL) servers are being targeted in the U.S., European Union, and Latin American (LATAM) regions as part of an ongoing financially motivated campaign to gain initial access.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Expert insights. Personalized for you.
246 
Let's personalize your content