Schneier on Security

NOVEMBER 9, 2023

Selling miniature replicas to unsuspecting shoppers: Online marketplaces sell tiny pink cowboy hats. They also sell miniature pencil sharpeners, palm-size kitchen utensils, scaled-down books and camping chairs so small they evoke the Stonehenge scene in “This Is Spinal Tap.” Many of the minuscule objects aren’t clearly advertised. […] But there is no doubt some online sellers deliberately trick customers into buying smaller and often cheaper-to-produce items, Witcher said

Retail 239

Retail Hacking Advertising 239

Tech Republic Security

NOVEMBER 9, 2023

A November report from Google Cloud details possible nation-state malware tactics in 2024 and new angles of cyberattacks.

Cybersecurity 194

Cybersecurity Malware Big data Social Engineering 194

SecureList

NOVEMBER 9, 2023

Almost every quarter, someone publishes major research focusing on campaigns or incidents that involve Asian APT groups. These campaigns and incidents target various organizations from a multitude of industries. Likewise, the geographic location of victims is not limited to just one region. This type of research normally contains detailed information about the tools used by APT actors, the vulnerabilities that they exploit and sometimes even a specific attribution.

Cybersecurity 145

Cybersecurity Cyber threats Risk Hacking 145

Tech Republic Security

NOVEMBER 9, 2023

Commonwealth Bank of Australia cyber defence operations leader Andrew Pade is building an AI legacy that will protect customers from cyber attacks and security professionals from career burnout.

Banking 141

Banking Cyber Attacks Artificial Intelligence Cyber threats 141

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Malwarebytes

NOVEMBER 9, 2023

A federal judge has refused to bring back a class action lawsuit that alleged four car manufacturers had violated Washington state’s privacy laws by using vehicles’ on-board infotainment systems to record customers’ text messages and mobile phone call logs. The judge ruled that the practice doesn’t meet the threshold for an illegal privacy violation under state law.

Manufacturing 144

Manufacturing Identity Theft Mobile Advertising 144

Tech Republic Security

NOVEMBER 9, 2023

The steps in this guide describe the process of associating an iPhone with an Apple ID when using iOS 17 on both your first iPhone and a second iPhone.

Mobile 144

Mobile 144

We Live Security

NOVEMBER 9, 2023

ESET researchers discover Kamran, previously unknown malware, which spies on Urdu-speaking readers of Hunza News in the Gilgit-Baltistan region

Malware 145

Malware 145

Bleeping Computer

NOVEMBER 9, 2023

Threat actors are exploiting a zero-day vulnerability in the service management software SysAid to gain access to corporate servers for data theft and to deploy Clop ransomware. [.

Ransomware 126

Ransomware Software 126

WIRED Threat Level

NOVEMBER 9, 2023

Experts are finding thousands of examples of AI-created content every week that could allow terrorist groups and other violent extremists to bypass automated detection systems.

117

117

Bleeping Computer

NOVEMBER 9, 2023

A threat actor has been abusing Google Ads to distribute a trojanized version of the CPU-Z tool to deliver the Redline info-stealing malware. [.

Malware 141

Malware Software 141

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Security Affairs

NOVEMBER 9, 2023

On-demand moving and delivery platform Dolly.com allegedly paid a ransom but crooks found an excuse not to hold their end of the bargain. Cybercriminals are hardly a trustworthy bunch. Case in point: Dolly.com. The Cybernews research team believes that the platform suffered a ransomware attack and at least partially paid the ransom – but was duped. The attackers complained that the payment wasn’t generous enough and published the stolen data.

Ransomware 120

Ransomware Hacking Backups Accountability 120

Bleeping Computer

NOVEMBER 9, 2023

Microsoft publicly acknowledged a known issue causing Windows Server 2022 virtual machine (VM) blue screens and boot failures on VMware ESXi hosts. [.

130

130

WIRED Threat Level

NOVEMBER 9, 2023

Russia's most notorious military hackers successfully sabotaged Ukraine's power grid for the third time last year. And in this case, the blackout coincided with a physical attack.

Hacking 114

Hacking 114

Bleeping Computer

NOVEMBER 9, 2023

The Industrial & Commercial Bank of China (ICBC) is restoring systems and services following a ransomware attack that disrupted the U.S. Treasury market, causing equities clearing issues. [.

Banking 117

Banking Ransomware Marketing 117

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Security Boulevard

NOVEMBER 9, 2023

Den Jones shares his perspective as a CSO on the recent Okta breach, and what that means for the broader security community. The post CSO’s Perspective: The Okta Breach and What It Means to the Broader Community first appeared on Banyan Security. The post CSO’s Perspective: The Okta Breach and What It Means to the Broader Community appeared first on Security Boulevard.

CSO 113

CSO 113

Bleeping Computer

NOVEMBER 9, 2023

Russian state hackers have evolved their methods for breaching industrial control systems by adopting living-off-the-land techniques that enable reaching the final stage of the attack quicker and with less resources [.

114

114

Security Affairs

NOVEMBER 9, 2023

Mandiant reported that Russia-linked Sandworm APT used a novel OT attack to cause power outages during mass missile strikes on Ukraine. Mandiant researchers reported that Russia-linked APT group Sandworm employed new operational technology (OT) attacks that caused power outages while the Russian army was conducting mass missile strikes on critical infrastructure in Ukraine in October.

Telecommunications 116

Telecommunications Hacking Technology Internet 116

Bleeping Computer

NOVEMBER 9, 2023

Cloudflare is investigating an ongoing outage causing 'We're sorry" Google errors to be shown on the company's website.

DDOS 128

DDOS Technology 128

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

The Hacker News

NOVEMBER 9, 2023

A new malvertising campaign has been found to employ fake sites that masquerade as legitimate Windows news portal to propagate a malicious installer for a popular system profiling tool called CPU-Z.

105

105

Security Affairs

NOVEMBER 9, 2023

US CISA added the vulnerability CVE-2023-29552 in the Service Location Protocol (SLP) to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the vulnerability CVE-2023-29552 (CVSS score: 7.5) in the Service Location Protocol (SLP) to its Known Exploited Vulnerabilities catalog. The Service Location Protocol (SLP) is a legacy service discovery protocol that allows computers and other devices to find services in a local area net

Internet 112

Internet Internet Firewall Hacking 112

Dark Reading

NOVEMBER 9, 2023

The Clop ransomware group is actively exploiting a SysAid zero-day flaw after running rampant through enterprise systems using MOVEit file transfer bug.

Ransomware 116

Ransomware 116

Malwarebytes

NOVEMBER 9, 2023

The FBI is investigating a data breach where cybercriminals were able to steal patients’ records from a Las Vegas plastic surgeon’s office, and then post the details online which included nude photos. In February, cybercriminals gained access to Hankins & Sohn’s network, which has offices in both Henderson and Las Vegas. From there, the cybercriminals were able to download patient information.

Data breaches 106

Data breaches Identity Theft Passwords Phishing 106

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

Dark Reading

NOVEMBER 9, 2023

The cybersecurity skills gap is making businesses more vulnerable, but it won't be fixed by upskilling high-potential recruits alone.

Cybersecurity 119

Cybersecurity 119

The Hacker News

NOVEMBER 9, 2023

The threat actor known as Lace Tempest has been linked to the exploitation of a zero-day flaw in SysAid IT support software in limited attacks, according to new findings from Microsoft. Lace Tempest, which is known for distributing the Cl0p ransomware, has in the past leveraged zero-day flaws in MOVEit Transfer and PaperCut servers.

Software 100

Software Ransomware 100

Bleeping Computer

NOVEMBER 9, 2023

Kyocera AVX Components Corporation (KAVX) is sending notices of a data breach exposing personal information of 39,111 individuals following a ransomware attack. [.

Ransomware 104

Ransomware Data breaches 104

Dark Reading

NOVEMBER 9, 2023

One of the main challenges for Android users is protecting themselves malicious applications that can damage devices or perform other harmful actions.

Antivirus 109

Antivirus Malware 109

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Heimadal Security

NOVEMBER 9, 2023

A notorious hacker, previously involved in high-profile data breaches of InfraGard and Twitter, has now leaked a substantial LinkedIn database on a clear web hacking forum. The scraped LinkedIn database was leaked in two parts: one containing 5 million user records and the other 35 million records. Troy Hunt, a cybersecurity expert, examined the recent […] The post 35 Million LinkedIn Users’ Information Shared on Hacking Forum appeared first on Heimdal Security Blog.

Hacking 97

Hacking Data breaches Cybersecurity 97

Dark Reading

NOVEMBER 9, 2023

A premier Russian APT used living-off-the-land techniques in a major OT hit, raising tough questions about whether or not we can defend against the attack vector.

101

101

WIRED Threat Level

NOVEMBER 9, 2023

Omegle connected strangers to one another and had a long-standing problem of pairing minors with sexual predators. A legal settlement took it down.

107

107

The Hacker News

NOVEMBER 9, 2023

Urdu-speaking readers of a regional news website that caters to the Gilgit-Baltistan region have likely emerged as a target of a watering hole attack designed to deliver a previously undocumented Android spyware dubbed Kamran. The campaign, ESET has discovered, leverages Hunza News (urdu.hunzanews[.

Spyware 92

Spyware Mobile 92

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.