Schneier on Security
DECEMBER 21, 2023
The Solntsepek group has taken credit for the attack. They’re linked to the Russian military, so it’s unclear whether the attack was government directed or freelance. This is one of the most significant cyberattacks since Russia invaded in February 2022.
Tech Republic Security
DECEMBER 21, 2023
Generative AI can be used by attackers, but security professionals shouldn't lose sleep over it, according to a Google Cloud threat intelligence analyst. Find out why.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Bleeping Computer
DECEMBER 21, 2023
Google and Twitter ads are promoting sites containing a cryptocurrency drainer named 'MS Drainer' that has already stolen $59 million from 63,210 victims over the past nine months. [.
Tech Republic Security
DECEMBER 21, 2023
ASIC research shows 44% of Australian organisations are not managing third-party supply chain risk. Tesserent says it remains a key risk, and disruption could emerge from geopolitical tensions.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Bleeping Computer
DECEMBER 21, 2023
First American Financial Corporation, the second-largest title insurance company in the United States, took some of its systems offline today to contain the impact of a cyberattack. [.
Malwarebytes
DECEMBER 21, 2023
Google has released an emergency security update for Chrome that brings the browser’s Stable channel to version 120.0.6099.129 for Mac, Linux and to 120.0.6099.129/130 for Windows. This update includes one security fix for a vulnerability that was subject to an existing exploit. The easiest way to update Chrome is to allow it to update automatically, which basically uses the same method as outlined below but does not require your attention.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
NetSpi Executives
DECEMBER 21, 2023
NetSPI has updated Attack Surface Management (ASM) coverage for CVE-2023-42793 and released a Breach and Attack Simulation (BAS) Playbook that allows you to quickly test if you have detection coverage for the TTPS used in a recent campaign by Russian Foreign Intelligence Service Actors also known as APT 29. Summary On December 13, 2023, the Cybersecurity & Infrastructure Security Agency (CISA) released Advisory AA23-347A.
Security Affairs
DECEMBER 21, 2023
An exposed instance contained information for a customer relationship management (CRM) system that likely belongs to Goyzer, a real estate property management software maker, the Cybernews research team has discovered. The data was leaked via a publicly exposed and passwordless MongoDB database, which has since been closed. Businesses employ MongoDB to organize and store large swaths of document-oriented information.
Security Boulevard
DECEMBER 21, 2023
As I begin to document the ransomware landscape of 2023, I recognize that the constantly changing nature of these attacks means that any momentary snapshot becomes quickly outdated. Ransomware, although not a novel threat vector, has undeniably intensified its grip this year, permeating diverse industries and platforms. What remains unchanged is the harsh reality that … Continue reading "2023, the year of ransomware" The post 2023, the year of ransomware appeared first on Solvo.
Bleeping Computer
DECEMBER 21, 2023
The Chameleon Android banking trojan has re-emerged with a new version that uses a tricky technique to take over devices — disable fingerprint and face unlock to steal device PINs. [.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Security Boulevard
DECEMBER 21, 2023
Did you know that $224 billion is spent annually on cybersecurity? Or did you know that $6 trillion is lost to cyber crimes each year? These statistics show that organizations struggled to maintain basic cybersecurity practices in 2023. But what can organizations do to improve their networks and help prevent attacks in 2024? Basic Cybersecurity […] The post Unpacking 2023 and Predicting 2024: What to Expect in Cybersecurity appeared first on CISO Global.
Bleeping Computer
DECEMBER 21, 2023
First American Financial Corporation, the second-largest title insurance company in the United States, took some of its systems offline today to contain the impact of a cyberattack. [.
Hack the Box
DECEMBER 21, 2023
The new year of HTB Seasons starts in January 2024. Get ready to survive the Savage Lands and dominate the leaderboard!
Security Affairs
DECEMBER 21, 2023
More than 22,000 users of Blink Mobility should take the necessary steps to protect themselves against the risk of identity theft. The Cybernews research team has discovered that their personal data was exposed in a leak. Los Angeles-based electric car-sharing provider Blink Mobility left a misconfigured MongoDB database open to the public. Its metadata was then indexed by search engines and discovered by Cybernews researchers on October 17th.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Malwarebytes
DECEMBER 21, 2023
In a notice for its customers , Xfinity acknowledges it recently fell victim to a data security incident. Xfinity is Comcast’s brand for TV, internet, and home phone services, sometimes referred to as Comcast Cable Communications. During the data breach the attackers were able to access 35.8 million customers’ usernames and hashed passwords.
Security Boulevard
DECEMBER 21, 2023
Shira Rubinoff talks with CySight's Rafi Sabel at AWS re:Invent 2023. The post AWS re:Invent 2023: Cybersecurity Visibility appeared first on Security Boulevard.
SecureList
DECEMBER 21, 2023
In April 2023, we published a blog post about a zero-day exploit we discovered in ransomware attacks that was patched as CVE-2023-28252 after we promptly reported it to Microsoft. In that blog post, we mentioned that the zero-day exploit we discovered was very similar to other Microsoft Windows elevation-of-privilege (EoP) exploits that we have seen in ransomware attacks throughout the year.
Security Boulevard
DECEMBER 21, 2023
If your social media networks are anything like mine, you’ve noticed an uptick in people getting “hacked” lately. Maybe you’ve gotten a weird Facebook message from someone you hadn’t spoken with in a while. Maybe your least tech-y friend is suddenly talking about crypto on Instagram. Or maybe you’ve seen post after post on your timeline of someone saying something like, “Sorry everyone, I got hacked!
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Security Affairs
DECEMBER 21, 2023
Threat actors are exploiting an old Microsoft Office vulnerability, tracked as CVE-2017-11882, to spread the Agent Tesla malware. Threat actors are exploiting an old Microsoft Office vulnerability, tracked as CVE-2017-11882 (CVSS score: 7.8), as part of phishing campaigns to spread the Agent Tesla malware. Agent Tesla is a spyware that is used to spy on the victims by collecting keystrokes, system clipboard, screenshots, and credentials from the infected system.
Bleeping Computer
DECEMBER 21, 2023
OpenAI has mitigated a data exfiltration bug in ChatGPT that could potentially leak conversation details to an external URL. [.
Security Affairs
DECEMBER 21, 2023
ESET fixes a high-severity flaw in Secure Traffic Scanning Feature that could have been exploited to cause web browsers to trust sites that should not be trusted. ESET has addressed a vulnerability (CVE-2023-5594, CVSS score 7.5) in the Secure Traffic Scanning Feature, preventing potential exploitation that could lead web browsers to trust websites using certificates signed with outdated and insecure algorithms.
Bleeping Computer
DECEMBER 21, 2023
Lapsus$ cybercrime and extortion group member, Arion Kurtaj has been sentenced to life in a 'secure hospital' by a UK judge. Kurtaj who is 18 years of age and autistic is among the primary Lapsus$ threat actors, and was involved in the leak of assets associated with the video game, Grand Theft Auto VI. [.
Advertisement
The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.
Malwarebytes
DECEMBER 21, 2023
An Akamai researcher has found two vulnerabilities in Windows that can be combined to achieve a full, zero-click remote code execution (RCE) in Outlook. Both vulnerabilities were responsibly disclosed to Microsoft and addressed in the August 2023 and October 2023 patch Tuesdays, so the researcher felt it was no problem to disclose their findings. The first vulnerability, listed as CVE-2023-35384 , is a Windows HTML platforms security feature bypass vulnerability.
Bleeping Computer
DECEMBER 21, 2023
Microsoft says the APT33 Iranian cyber-espionage group is using recently discovered FalseFont backdoor malware to attack defense contractors worldwide. [.
Penetration Testing
DECEMBER 21, 2023
In the ever-evolving world of cybersecurity threats, a new contender has emerged, showcasing the relentless adaptability and sophistication of malware targeting Android users. Dutch mobile security firm ThreatFabric detected “Chameleon,” a banking trojan first... The post Biometric Bypass: Chameleon Banking Trojan Evolves, Android 13 Vulnerable appeared first on Penetration Testing.
Bleeping Computer
DECEMBER 21, 2023
The BidenCash stolen credit card marketplace is giving away 1.9 million credit cards for free via its store to promote itself among cybercriminals. [.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Veracode Security
DECEMBER 21, 2023
As 2023 comes to a close, we aim to inspire excellence by highlighting our customers’ dedication to a more secure world. Thanks to you, we are honored to be (for the fourth consecutive year) recognized as a 2023 Gartner® Peer Insights™ Customers’ Choice. Let’s explore some of the stories that make this recognition possible. Veracode Named a 2023 Gartner® Peer Insights™ Customers’ Choice for the Fourth Consecutive Year Veracode is recognized by Gartner® Peer Insights™ in 2023 as a Customers’ Ch
Bleeping Computer
DECEMBER 21, 2023
Microsoft is deprecating Defender Application Guard (including the Windows Isolated App Launcher APIs) for Edge for Business users. [.
Malwarebytes
DECEMBER 21, 2023
Pharmacy chain Rite Aid has been denied the right to run facial recognition systems in its stores for five years, by a Federal Trade Commission (FTC) ruling. The regulator found so many flaws in the retailer’s surveillance program that it concluded Rite Aid had failed to implement reasonable procedures and prevent harm to consumers in its use of facial recognition technology in hundreds of stores.
Penetration Testing
DECEMBER 21, 2023
CloakQuest3r CloakQuest3r is a powerful Python tool meticulously crafted to uncover the true IP address of websites safeguarded by Cloudflare and other alternatives, a widely adopted web security and performance enhancement service. Its core... The post CloakQuest3r: Uncover the true IP address of websites safeguarded by Cloudflare & Others appeared first on Penetration Testing.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Expert insights. Personalized for you.
236 
Let's personalize your content