Schneier on Security

APRIL 28, 2023

My latest book, A Hacker’s Mind , is filled with stories about the rich and powerful hacking systems, but it was hard to find stories of the hacking by the less powerful. Here’s one I just found. An article on how layoffs at big companies work inadvertently suggests an employee hack to avoid being fired: …software performs a statistical analysis during terminations to see if certain groups are adversely affected, said such reviews can uncover other problems.

Hacking 226

Hacking Software 226

The Last Watchdog

APRIL 28, 2023

“Stronger together” was the theme of RSA Conference 2023 , which returned to its pre-Covid grandeur under the California sunshine last week at San Francisco’s Moscone Center. Related: Demystifying ‘DSPM’ Rising from the din of 625 vendors, 700 speakers and 26,000 attendees came the clarion call for a new tier of overlapping, interoperable, highly automated security platforms needed to carry us forward.

Mobile 212

Mobile Cloud Migration Penetration Testing Authentication 212

Tech Republic Security

APRIL 28, 2023

Data synced between devices with the new Google Authenticator app update could be viewed by third parties. Google says the app works as planned. The post Google’s 2FA app update lacks end-to-end encryption, researchers find appeared first on TechRepublic.

Encryption 170

Encryption Authentication Big data Mobile 170

Security Boulevard

APRIL 28, 2023

40-year-old code: Starting with ancient, vulnerable legacy, Redmond team is rewriting chunks in the trendy secure language. The post Rust in Windows — it’s Official — Safe and Fast appeared first on Security Boulevard.

Security Awareness 143

Security Awareness IoT Ransomware Cybersecurity 143

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Tech Republic Security

APRIL 28, 2023

The U.S., Europe and Ukraine are reportedly targets in this malware threat. Learn how to protect affected Cisco routers. The post Threat actor APT28 targets Cisco routers with an old vulnerability appeared first on TechRepublic.

Malware 153

Malware Cybersecurity Network Security 153

CSO Magazine

APRIL 28, 2023

The Cloud Security Alliance (CSA) has revealed five ways malicious actors can use ChatGPT to enhance their attack toolset in a new report exploring the cybersecurity implications of large language models (LLMs). The Security Implications of ChatGPT paper details how threat actors can exploit AI-driven systems in different aspects of cyberattacks including enumeration, foothold assistance, reconnaissance, phishing, and the generation of polymorphic code.

Phishing 138

Phishing Cybersecurity 138

WIRED Threat Level

APRIL 28, 2023

In May 2020, the US Department of Justice noticed Russian hackers in its network but did not realize the significance of what it had found for six months.

Hacking 135

Hacking 135

Bleeping Computer

APRIL 28, 2023

Americold, a leading cold storage and logistics company, has been facing IT issues since its network was breached on Tuesday night. [.

143

143

CSO Magazine

APRIL 28, 2023

Researchers warn that a financially motivated cybercrime group known as FIN7 is compromising Veeam Backup & Replication servers and deploying malware on them. It's not yet clear how attackers are breaking into the servers, but a possibility is that they're taking advantage of a vulnerability patched in the popular enterprise data replication solution last month.

Backups 116

Backups Cybercrime Malware Cybersecurity 116

Bleeping Computer

APRIL 28, 2023

A new version of the ViperSoftX information-stealing malware has been discovered with a broader range of targets, including targeting the KeePass and 1Password password managers. [.

Password Management 122

Password Management Passwords Malware 122

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Security Boulevard

APRIL 28, 2023

The previous blog post in this series presented an introduction to secure software development for modern vehicles. In this blog post, we will do a deep dive on connected and autonomous vehicles (AVs) and focus on fuzz testing. Identifying high-risk interfaces and determining the level of fuzzing There are two important topics to consider when doing fuzz testing.

Risk 113

Risk Cybersecurity Software 113

Bleeping Computer

APRIL 28, 2023

Hackers are hijacking online stores to display modern, realistic-looking fake payment forms to steal credit cards from unsuspecting customers. [.

134

134

Security Boulevard

APRIL 28, 2023

Analyzing opportunities and challenges for the nine cybersecurity, privacy, and trust startups in Y Combinator's Winter 2023 batch. The post Y Combinator’s Winter 2023 Cybersecurity, Privacy, and Trust Startups appeared first on Security Boulevard.

Cybersecurity 113

Cybersecurity 113

eSecurity Planet

APRIL 28, 2023

Vulnerability management improves the security posture of all IT systems by locating vulnerabilities, implementing security controls to fix or protect those vulnerabilities, and then testing the fixes to verify vulnerability resolution. Patch management is the subset of vulnerability management that applies to third-party vendors and updates third-party systems using vendor-issued patches.

Penetration Testing 109

Penetration Testing IoT Firmware Software 109

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Security Boulevard

APRIL 28, 2023

Risks are like icebergs. Will you sink or sail? In today’s ever-changing business landscape, managing risk is crucial for the success and longevity of any organization. From financial risks to operational risks and cyber threats, businesses face a range of challenges that require a robust and secure risk strategy. With the complexities of modern business, […] The post Risk Management: Addressing Shortcomings and Paving the Way Forward first appeared on TrustCloud.

Risk 112

Risk Cyber threats CISO Government 112

Naked Security

APRIL 28, 2023

CryptBot criminals are alleged to have plundered browser passwords, illicitly-snapped screenshots, cryptocurrency account data, and more.

Cryptocurrency 126

Cryptocurrency Passwords Accountability Scams 126

Security Boulevard

APRIL 28, 2023

Ransomware actors continue to focus their attacks on the manufacturing sector, and LockBit remains the most prolific threat group, according to the results of the GuidePoint Research and Intelligence Team’s (GRIT) Q1 2023 ransomware report. The study indicates ransomware activity rose by 25% compared to the fourth quarter of last year, with the United States.

Ransomware 109

Ransomware Manufacturing Malware Cybersecurity 109

Bleeping Computer

APRIL 28, 2023

Websites and mobile apps of Lloyds Bank, Halifax, TSB Bank, and Bank of Scotland have experienced web and mobile app outages today leaving customers unable to access their account balances and information. [.

Banking 107

Banking Mobile Accountability Technology 107

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Security Boulevard

APRIL 28, 2023

The post Fidelis Cybersecurity Awarded Gold for Security Innovations by Merit Awards appeared first on Fidelis Cybersecurity. The post Fidelis Cybersecurity Awarded Gold for Security Innovations by Merit Awards appeared first on Security Boulevard.

Cybersecurity 106

Cybersecurity 106

Heimadal Security

APRIL 28, 2023

On the 28th of April, acting on a tip received from an anonymous source, Heimdal®’s SOC team has come across an active phishing campaign that appears to specifically target Romanian telecom customers. The preliminary analysis of all of the evidence presented so far has indicated that the threat actor(s) involved in this operation exhibit the […] The post SECURITY ALERT: Heimdal® Identifies Active Phishing Campaign Singleing Out Romanian Telecom Users appeared first on Heimdal Security Blog

Phishing 104

Phishing 104

Security Boulevard

APRIL 28, 2023

Insight #1 "If we learned anything from RSA, AI is the new buzzword like “Big Data” or “Zero Trust.” One thing that is apparent is if you are not figuring out ways to make your business and security teams more efficient with AI, you are falling behind." Insight #2 "If you are a SaaS vendor, please expose audit logs to your customers as part of the basic tier.

CISO 104

CISO Cyber Insurance Insurance Cybersecurity 104

The Hacker News

APRIL 28, 2023

Threat actors are advertising a new information stealer for the Apple macOS operating system called Atomic macOS Stealer (or AMOS) on Telegram for $1,000 per month, joining the likes of MacStealer.

Passwords 103

Passwords Malware Advertising 103

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

Graham Cluley

APRIL 28, 2023

Boffins at McAfee have identified 38 Android apps in the Google Play store that unashamedly rip off the ever-popular gaming sensation Minecraft , but are actually designed to stealthily earn advertising revenue.

Advertising 100

Advertising Adware 100

The Hacker News

APRIL 28, 2023

Networking equipment maker Zyxel has released patches for a critical security flaw in its firewall devices that could be exploited to achieve remote code execution on affected systems. The issue, tracked as CVE-2023-28771, is rated 9.8 on the CVSS scoring system. Researchers from TRAPA Security have been credited with reporting the flaw.

Firewall 102

Firewall 102

Security Boulevard

APRIL 28, 2023

When you visit the doctor or have a hospital stay, you and your patient data become elements in a vast, highly complex digital technology ecosystem. This is because you (as the patient) generate enormous volumes of data which is stored and analyzed across interconnected systems. The goal of all of this is improved health care. The post Protecting Patient Data: Why Quantum Security is a Must in Health Care appeared first on Security Boulevard.

Technology 100

Technology Healthcare Security Awareness Risk 100

Dark Reading

APRIL 28, 2023

Software bugs are ubiquitous, and we're familiar with hardware threats. But what about the gap in the middle? Two researchers at Black Hat Asia will attempt to focus our attention there.

Firmware 99

Firmware Cybersecurity Software 99

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Security Boulevard

APRIL 28, 2023

At the RSA Cybersecurity 2023 conference, Flashpoint this week launched a cybersecurity intelligence platform that promises to streamline workflows by providing a unified real-time view of the relevant data and information pertaining to a specific cyberattack or a newly discovered vulnerability. Matt Howell, vice president of product for Flashpoint, said the Flashpoint Ignite platform makes.

Cybersecurity 98

Cybersecurity Network Security 98

eSecurity Planet

APRIL 28, 2023

Automated patch management can help prevent security breaches by automatically identifying, downloading, testing, and delivering software and firmware updates to devices and applications through the use of specialized software tools. Automated patching can save IT and security staff time by deploying the latest security and performance enhancements, fixing bugs, and conducting other upgrades to ensure that software is in its most current state.

Software 98

Software Firmware Risk Antivirus 98

Bleeping Computer

APRIL 28, 2023

The U.S. Cybersecurity Infrastructure Security Agency (CISA) and the FDA have issued an urgent alert about two vulnerabilities that impact Illumina's Universal Copy Service (UCS), used for DNA sequencing in medical facilities and labs worldwide. [.

Cybersecurity 98

Cybersecurity Healthcare 98

Security Affairs

APRIL 28, 2023

A vulnerability impacting Zyxel firewalls, tracked as CVE-2023-28771, can be exploited to execute arbitary code on vulnerable devices. Researchers from TRAPA Security have discovered a critical remote code execution vulnerability, tracked as CVE-2023-28771 (CVSS score 9.8), impacting Zyxel Firewall. The vulnerability is an improper error message handling in Zyxel ZyWALL/USG series firmware versions 4.60 through 4.73, VPN series firmware versions 4.60 through 5.35, USG FLEX series firmware versio

Firewall 95

Firewall Firmware VPN Authentication 95

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.