Schneier on Security
NOVEMBER 29, 2023
They’re not that good : Security researchers Jesse D’Aguanno and Timo Teräs write that, with varying degrees of reverse-engineering and using some external hardware, they were able to fool the Goodix fingerprint sensor in a Dell Inspiron 15, the Synaptic sensor in a Lenovo ThinkPad T14, and the ELAN sensor in one of Microsoft’s own Surface Pro Type Covers.
Tech Republic Security
NOVEMBER 29, 2023
The Guidelines for Secure AI System Development have been drawn up to help developers ensure security is baked into the heart of new artificial intelligence models.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Malwarebytes
NOVEMBER 29, 2023
Google has released an update to Chrome which includes seven security fixes including one for a vulnerability which is known to have already been exploited. If you’re a Chrome user on Windows, Mac, or Linux, you should update as soon as possible. The easiest way to update Chrome is to set it to update automatically, but you have to make sure to close your browser for the update to finish.
Bleeping Computer
NOVEMBER 29, 2023
CISA (Cybersecurity & Infrastructure Security Agency) is warning that threat actors breached a U.S. water facility by hacking into Unitronics programmable logic controllers (PLCs) exposed online. [.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Malwarebytes
NOVEMBER 29, 2023
A new study that examines the current state of password policies across the internet shows that many of the most popular websites allow users to create weak passwords. For the Georgia Tech study , the researchers designed an algorithm that automatically determined a website’s password policy. With the help of machine learning, they could see the consistency of length requirements and restrictions for numbers, upper- and lower-case letters, special symbols, combinations, and starting letters.
Bleeping Computer
NOVEMBER 29, 2023
Discount store chain Dollar Tree was impacted by a third-party data breach affecting 1,977,486 people after the hack of service provider Zeroed-In Technologies. [.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
We Live Security
NOVEMBER 29, 2023
GPS jamming technology is both widely available and well developed, hence it's also poised to proliferate, especially in the hands of those wishing ill
Security Boulevard
NOVEMBER 29, 2023
The very features that make responsive web design (RWD) so flexible can also introduce new security vulnerabilities if not properly managed. The post 5 Security Risks of Responsive Web Design appeared first on Security Boulevard.
The Last Watchdog
NOVEMBER 29, 2023
San Mateo, Calif., November 29, 2023 – Kiteworks , which delivers data privacy and compliance for sensitive content communications through its Private Content Network (PCN), released today its Sensitive Content Communications 2024 Forecast Report. The report outlines 12 predictions and strategies to help IT, security, risk management, and compliance leaders tackle data privacy and cyber-risk challenges for the coming year.
Security Boulevard
NOVEMBER 29, 2023
Here are three major reasons why workers should consider upskilling to a new career in the cybersecurity field. The post 3 Reasons to Consider Reskilling to a Role in Cybersecurity appeared first on Security Boulevard.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Security Affairs
NOVEMBER 29, 2023
Google released security updates to address a new actively exploited zero-day vulnerability, tracked as CVE-2023-6345, in the Chrome browser. Google on Wednesday released security updates to address a new actively exploited zero-day, tracked as CVE-2023-6345, in the Chrome browser. The CVE-2023-5217 is a high-severity integer overflow in Skia. Skia is an open-source 2D graphics library that provides common APIs that work across a variety of hardware and software platforms.
Duo's Security Blog
NOVEMBER 29, 2023
Epic is one of the leading software providers for systems that manage electronic healthcare records (EHR). “More than 250 million patients have a current electronic record in Epic.” Epic for Electronic Prescriptions for Controlled Substances (EPCS) allows physicians, with the authority to do so, to transmit prescriptions for controlled substances electronically to pharmacies.
Bleeping Computer
NOVEMBER 29, 2023
The U.S. Department of the Treasury has sanctioned the Sinbad cryptocurrency mixing service for its use as a money-laundering tool by the North Korean Lazarus hacking group. [.
Security Boulevard
NOVEMBER 29, 2023
Email Encryption allows you to jumble message content into an incomprehensible format that cannot be decoded by threat actors, preventing data breaches. The post What is Email Encryption and What are its Various Types? appeared first on Security Boulevard.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Bleeping Computer
NOVEMBER 29, 2023
The Japan Aerospace Exploration Agency (JAXA) was hacked in a cyberattack over the summer, potentially compromising sensitive space-related technology and data. [.
Security Boulevard
NOVEMBER 29, 2023
One way to characterize a cybersecurity strategy is by whether it takes action based on the definition of “known good” activity or “known bad” activity. The “known bad” approach attempts to identify threats by monitoring activity (network requests, user actions, application behavior, etc.) and watching for anything that matches a predefined set of malicious or unsafe actions.
Security Affairs
NOVEMBER 29, 2023
Thousands of secrets have been left exposed on Docker Hub, a platform where web developers collaborate on their code for web applications. While some are harmless API keys, others could lead to unauthorized access, data breaches, or identity theft, the latest Cybernews research reveals. The Docker Hub store has at least 5,493 container images that contain secrets and could be considered as exposing sensitive information.
Security Boulevard
NOVEMBER 29, 2023
In a digital realm characterized by rapidly evolving threats, organizations are in constant search of effective defense mechanisms. Managed Detection and Response, commonly referred to as MDR, has emerged as a pivotal solution in this context. This blog aims to explore the depths of MDR, its importance, and its limitations. What is MDR? Managed Detection.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Security Affairs
NOVEMBER 29, 2023
Cloud identity and access management solutions provider Okta revealed additional threat actor activity linked to the October 2023 breach. Okta provided additional details about the October 2023 breach and revealed additional threat actor malicious activities. In October, the Cloud identity and access management solutions provider said that threat actors broke into its support case management system and stole authentication data, including cookies and session tokens, that can be abused in future
Bleeping Computer
NOVEMBER 29, 2023
Russia-linked ransomware gang Black Basta has raked in at least $100 million in ransom payments from more than 90 victims since it first surfaced in April 2022, according to joint research from Corvus Insurance and Elliptic. [.
WIRED Threat Level
NOVEMBER 29, 2023
Released earlier this month, OpenAI’s GPTs let anyone create custom chatbots. But some of the data they’re built on is easily exposed.
Bleeping Computer
NOVEMBER 29, 2023
Okta's investigation into the breach of its Help Center environment last month revealed that the hackers obtained data belonging to all customer support system users. [.
Advertisement
The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.
Security Boulevard
NOVEMBER 29, 2023
Choosing office facilities involves far more than evaluating rent and location. In the current landscape of seemingly escalating workplace violence, prioritizing workplace safety has never been more important. Security teams play a pivotal role in shaping the work environment, strategically implementing security measures that align with the layout and available resources in each office location.… The post The Underestimated Value of Security in Selecting Corporate Real Estate appeared first on O
SecureWorld News
NOVEMBER 29, 2023
Ardent Health Services, a Nashville-based healthcare provider, fell victim to a ransomware attack on Thanksgiving Day morning, November 23, that disrupted its IT operations and forced hospitals to divert emergency room patients to other facilities. The incident highlighted the growing threat of cyberattacks to healthcare organizations, which are increasingly reliant on technology to deliver care.
Security Boulevard
NOVEMBER 29, 2023
San Mateo, Calif., November 29, 2023 – Kiteworks , which delivers data privacy and compliance for sensitive content communications through its Private Content Network (PCN), released today its Sensitive Content Communications 2024 Forecast Report. The report outlines 12 predictions … (more…) The post News alert: Kiteworks forecast lays out risk predictions, strategies for sensitive content in 2024 appeared first on Security Boulevard.
Google Security
NOVEMBER 29, 2023
Elie Bursztein, Cybersecurity & AI Research Director, and Marina Zhang, Software Engineer Systems such as Gmail, YouTube and Google Play rely on text classification models to identify harmful content including phishing attacks, inappropriate comments, and scams. These types of texts are harder for machine learning models to classify because bad actors rely on adversarial text manipulations to actively attempt to evade the classifiers.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
LRQA Nettitude Labs
NOVEMBER 29, 2023
As Red Teamers, we need an OPSEC safe method to execute shellcode via a range of initial access vectors. Things are getting more and more difficult with Endpoint Detection and Response (EDR) products improving, making it more challenging to get an implant. This post is going to present a slightly new method for bypassing EDR, commonly known as CreateThreadPoolWait.
Bleeping Computer
NOVEMBER 29, 2023
Microsoft has started testing a new Windows 11 Energy Saver feature that helps customers extend their portable computers' battery life.
Heimadal Security
NOVEMBER 29, 2023
The ongoing Okta data breach investigation brings new details to light. The company announced that hackers have accessed data from every user of Okta’s customer support system. David Bradbury, Okta’s Chief Security Officer said We have determined that the threat actor ran and downloaded a report that contained the names and email addresses of all […] The post All Customer Support System Users Exposed in The Okta Data Breach appeared first on Heimdal Security Blog.
Bleeping Computer
NOVEMBER 29, 2023
Amir Hossein Golshan, 25, was sentenced to eight years in prison by a Los Angeles District Court and ordered to pay $1.2 million in restitution for crimes involving SIM swapping, merchant fraud, support fraud, account hacking, and cryptocurrency theft. [.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Expert insights. Personalized for you.
278 
Let's personalize your content