Schneier on Security
NOVEMBER 27, 2023
There seems to be no end to warrantless surveillance : According to the letter, a surveillance program now known as Data Analytical Services (DAS) has for more than a decade allowed federal, state, and local law enforcement agencies to mine the details of Americans’ calls, analyzing the phone records of countless people who are not suspected of any crime, including victims.
Bleeping Computer
NOVEMBER 27, 2023
Google Drive users are reporting that recent files stored in the cloud have suddenly disappeared, with the cloud service reverting to a storage snapshot as it was around April-May 2023. [.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
We Live Security
NOVEMBER 27, 2023
The holiday shopping season may be the time to splurge, but it’s a also favorite time of year for cybercriminals to target shoppers with phony deals, phishing scams and other threats
Bleeping Computer
NOVEMBER 27, 2023
Microsoft is deprecating Defender Application Guard for Office and the Windows Security Isolation APIs, and it recommends Defender for Endpoint attack surface reduction rules, Protected View, and Windows Defender Application Control as an alternative. [.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Security Boulevard
NOVEMBER 27, 2023
Even in uncertain economic conditions, the need for safety and security create opportunities for security providers to grow. The post Security is an Economically Resilient Market: Strategies for Uncertain Times appeared first on Security Boulevard.
WIRED Threat Level
NOVEMBER 27, 2023
Yes, your iPhone automatically turns on NameDrop with the latest software update. But you shouldn’t really be worried about it—regardless of what the police are saying.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Security Boulevard
NOVEMBER 27, 2023
Don’t be square: Newly-unsealed COPPA suit says Zuck’s mob knows full well there are loads of users under the age of 13, but did nothing. The post Meta Sued for Ignoring its Underage Kids Problem (Because Money) appeared first on Security Boulevard.
WIRED Threat Level
NOVEMBER 27, 2023
Congressional leaders are discussing ways to reauthorize Section 702 surveillance, including by attaching it to the National Defense Authorization Act, Capitol Hill sources tell WIRED.
Security Affairs
NOVEMBER 27, 2023
Ukraine’s intelligence service announced the hack of the Russian Federal Air Transport Agency, ‘Rosaviatsia.’ Ukraine’s intelligence service announced they have hacked Russia’s Federal Air Transport Agency, ‘Rosaviatsia.’ The attack is the result of a complex special cyber operation. “The Defence Intelligence of Ukraine informs that as a result of a successful complex special operation in cyberspace, a large volume of confidential documents of the
Bleeping Computer
NOVEMBER 27, 2023
Ukraine's intelligence service, operating under the Defense Ministry, claims they hacked Russia's Federal Air Transport Agency, 'Rosaviatsia,' to expose a purported collapse of Russia's aviation sector. [.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Security Boulevard
NOVEMBER 27, 2023
In cybersecurity, keeping digital threats at bay is a top priority. A new ally in this battle is robotic process automation (RPA.) This technology promises to simplify tasks, boost accuracy and quicken responses. Related: Gen-A’s impact on DevSecOps Robotic process … (more…) The post GUEST ESSAY: Steps to leveraging ‘Robotic Process Automation’ (RPA) in cybersecurity appeared first on Security Boulevard.
Bleeping Computer
NOVEMBER 27, 2023
American healthcare company Henry Schein has reported a second cyberattack this month by the BlackCat/ALPHV ransomware gang, who also breached their network in October. [.
Security Boulevard
NOVEMBER 27, 2023
Fear of making mistakes or being judged by colleagues keep SMBs from changing their cybersecurity behaviors, according to a Kaspersky survey. The post Small Business Cybersecurity Hampered by Fear of Change, Judgement appeared first on Security Boulevard.
Bleeping Computer
NOVEMBER 27, 2023
Slovenian power company Holding Slovenske Elektrarne (HSE) has suffered a ransomware attack that compromised its systems and encrypted files, yet the company says the incident did not disrupt electric power production. [.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Security Boulevard
NOVEMBER 27, 2023
Often called the ‘industrial internet’ or ‘industry 4.0,’ specialists anticipate that IIoT security will play a significant role in the fourth industrial revolution. In the face of narrowing profit margins, escalating inflation, and fiercer competition than ever before, businesses are embracing digital transformation as a vital strategy to stay competitive in today’s dynamic market.
Digital Guardian
NOVEMBER 27, 2023
For many companies, patents, trademarks, and designs can be priceless, meaning if jeopardized, they could have far-ranging repercussions for owners. Protecting that IP is critical.
Dark Reading
NOVEMBER 27, 2023
Weapons systems data, AI research, and other classified information may be up for sale, not to mention access to other government agencies.
Identity IQ
NOVEMBER 27, 2023
What You Need to Know About Apple’s NameDrop iOS17 Feature IdentityIQ Apple’s recent iOS17 update introduced NameDrop, enabling users to exchange contact information quickly and easily. While this feature offers unmatched convenience, it also has raised some safety concerns. Here is what you need to know about Apple’s NameDrop iOS17 feature.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Security Boulevard
NOVEMBER 27, 2023
Shift Left… it’s a term used almost ubiquitously across application security by both security practitioners implementing programs, regardless of scale, as well as just about every vendor selling an application security solution. The idea that it’s faster, cheaper, and often easier to fix a security flaw when the code is being created (as opposed to later in the software development lifecycle (SDLC)) is widely accepted within the AppSec community.
Bleeping Computer
NOVEMBER 27, 2023
Ardent Health Services, a healthcare provider operating 30 hospitals across five U.S. states, disclosed today that its systems were hit by a ransomware attack on Thursday. [.
Dark Reading
NOVEMBER 27, 2023
Companies must do a delicate dance between consumer privacy protection, upholding their product's efficacy, and de-risking cyber breaches to run the business.
Bleeping Computer
NOVEMBER 27, 2023
A ransomware attack on the "Ethyrial: Echoes of Yore" MMORPG last Friday destroyed 17,000 player accounts, deleting their in-game items and progress in the game. [.
Advertisement
The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.
Graham Cluley
NOVEMBER 27, 2023
Graham Cluley Security News is sponsored this week by the folks at Glide. Thanks to the great team there for their support! AI technology is quickly finding it’s footing in the workplace. IT teams need to lead the charge on AI adoption at their companies to ensure it happens safely, securely, and successfully.
Thales Cloud Protection & Licensing
NOVEMBER 27, 2023
How better key management can close cloud security gaps troubling US government (Part 1 of 2) sparsh Tue, 11/28/2023 - 05:20 Bruce Schneier recently blogged : A bunch of networks, including US Government networks , have been hacked by the Chinese. The hackers used forged authentication tokens to access user email, using a stolen Microsoft Azure account consumer signing key.
SecureWorld News
NOVEMBER 27, 2023
Ever since the first GPS (Global Positioning Satellites) systems went live back in the early nineties, privacy experts have warned us about our diminishing rights. And while we have gained both safety and security as a result of this ability to globally track people and things, we seemed to have lost our true sense of privacy. I’ve been inventing devices that track these trackers for decades, mostly in an effort to assist law enforcement from becoming the victims of tracking themselves, and here
Dark Reading
NOVEMBER 27, 2023
As cyber threats evolve in 2024, organizations must prepare for deepfakes, extortion, cloud targeting, supply chain compromises, and zero day exploits. Robust security capabilities, employee training, and incident response plans are key.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
SecureWorld News
NOVEMBER 27, 2023
In a significant step forward to safeguard the digital landscape, the United States Cybersecurity and Infrastructure Security Agency (CISA) and the United Kingdom National Cyber Security Centre (NCSC) have jointly released the Guidelines for Secure AI System Development. These comprehensive guidelines aim to empower organizations worldwide to design, develop, deploy, and operate AI systems with cybersecurity at their core.
Dark Reading
NOVEMBER 27, 2023
US and UK authorities issued new recommendations for companies that build and rely on AI, but they stop short of laying down the law.
Duo's Security Blog
NOVEMBER 27, 2023
CISA recently published a report on Scattered Spider , a threat actor that has been increasingly active and impactful over the past year. The report is important reading for any security practitioner because, in addition to being a threat in and of itself, Scattered Spider has been a leading indicator showing how threat actors pivot into new techniques.
Dark Reading
NOVEMBER 27, 2023
More than two dozen hospitals have been impacted by the breach and are diverting emergency care for patients to other healthcare facilities.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Expert insights. Personalized for you.
284 
Let's personalize your content