Tech Republic Security
DECEMBER 4, 2023
The ASEAN region is seeing more cyber attacks as digitisation advances. Recorded Future CISO Jason Steer said software digital supply chains are one of the top risks being faced.
Kali Linux
DECEMBER 4, 2023
With 2023 coming to an end and before the holiday season starts, we thought today would be a good time to release Kali 2023.4. Whilst this release may not have the most end-user features in it again, there are a number of new platform offerings and there still has been a lot of changes going on behind-the-scenes for us, which has a positive knock-on effect resulting in a benefit for everyone.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Tech Republic Security
DECEMBER 4, 2023
An Independent Security Verification badge is one indication that an app should go to the top of your list when evaluating options in the Google Workspace Marketplace.
Bleeping Computer
DECEMBER 4, 2023
WordPress administrators are being emailed fake WordPress security advisories for a fictitious vulnerability tracked as CVE-2023-45124 to infect sites with a malicious plugin. [.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
WIRED Threat Level
DECEMBER 4, 2023
A WIRED investigation into internet censorship in US schools found widespread use of filters to censor health, identity, and other crucial information. Students say it makes the web entirely unusable.
Bleeping Computer
DECEMBER 4, 2023
Microsoft's Threat Intelligence team issued a warning earlier today about the Russian state-sponsored actor APT28 (aka "Fancybear" or "Strontium") actively exploiting the CVE-2023-23397 Outlook flaw to hijack Microsoft Exchange accounts and steal sensitive information. [.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Graham Cluley
DECEMBER 4, 2023
Ransomware hits firm that providing cloud services to credit unions in order ensure that their business activities could "operate without interruption, even when nothing else seems to be going well." Read more in my article on the Tripwire State of Security blog.
Bleeping Computer
DECEMBER 4, 2023
Google announced today that the December 2023 Android security updates tackle 85 vulnerabilities, including a critical severity zero-click remote code execution (RCE) bug. [.
Malwarebytes
DECEMBER 4, 2023
In October we reported that the data of as many as seven million 23andMe customers were for sale on criminal forums following a password attack against the genomics company. Now, a filing with the US Securities and Exchange Commission (SEC) has provided some more insight into the data theft. The filed amendment supplements the original Form 8-K submitted by 23andMe.
Security Boulevard
DECEMBER 4, 2023
Given the alarming rise in software supply chain attacks and consumers growing more cyber-aware and security-conscious, software providers need to demonstrate a stronger commitment to securing their software and applications and fostering user confidence and trust. One of the vital security measures taken in this direction is the use of code signing certificates to prove […] The post Beware of Expired or Compromised Code Signing Certificates appeared first on Security Boulevard.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Malwarebytes
DECEMBER 4, 2023
Apple has released emergency security updates for iOS 17.1.2 and iPadOS 17.1.2 to patch for two zero-day vulnerabilities that may have been actively exploited. Apple said both vulnerabilities were in the WebKit component, which is the engine that powers Safari browser on Macs as well as all browsers on iPhones and iPads. It is also the web browser engine used by Mail, App Store, and many other apps on macOS, iOS, and Linux.
Security Affairs
DECEMBER 4, 2023
The LockBit ransomware attack on the Industrial & Commercial Bank of China demonstrates the weakness of global financial system to cyberattacks. The ransomware breach that crippled U.S. Treasury trading operations at an American subsidiary of Industrial & Commercial Bank of China Ltd. on November 8 has laid bare the vulnerability of the global financial system to cyberattacks.
Security Boulevard
DECEMBER 4, 2023
The expanding IoT landscape demands a collaborative approach to PKI, ensuring seamless security across diverse domains. The post Building a Collaborative Approach to Secure the Connected World appeared first on Security Boulevard.
Security Affairs
DECEMBER 4, 2023
Microsoft warns of ongoing malvertising attacks using the DanaBot malware to deploy the CACTUS ransomware. Microsoft uncovered ongoing malvertising attacks using the DanaBot Trojan (Storm-1044) to deploy the CACTUS ransomware. Microsoft the campaign to the ransomware operator Storm-0216 (Twisted Spider, UNC2198). Storm-0216 has historically used Qakbot malware for initial access, but has switched to other malware for initial access after the takedown of the Qakbot infrastructure.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Bleeping Computer
DECEMBER 4, 2023
The latest variants of the P2Pinfect botnet are now focusing on infecting devices with 32-bit MIPS (Microprocessor without Interlocked Pipelined Stages) processors, such as routers and IoT devices. [.
Digital Guardian
DECEMBER 4, 2023
In cybersecurity, privilege refers to the authority that certain accounts have; what they can and can't perform. When it comes to privileged accounts, there's a handful of different types, and with them, no shortage of challenges for managing and securing them.
Security Affairs
DECEMBER 4, 2023
Cybersecurity researchers discovered a new variant of the P2PInfect botnet that targets routers and IoT devices. Researchers at Cado Security Labs discovered a new variant of the P2Pinfect botnet that targets routers, IoT devices, and other embedded devices. This variant has been compiled for the Microprocessor without Interlocked Pipelined Stages (MIPS) architecture.
Bleeping Computer
DECEMBER 4, 2023
Microsoft has released the KB5032288 November 2023 Windows 11 preview update with improvements for the Copilot AI assistant and almost a dozen bug fixes. [.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Veracode Security
DECEMBER 4, 2023
Stepping in 2024, the dynamics of open source vulnerability management are shifting. Rapid changes to software development demand a more nuanced approach to open source security from practitioners. From redefining risk to the cautious integration of auto-remediation, here are the pivotal recommendations for successful open source vulnerability management in 2024 and beyond. 1.
Penetration Testing
DECEMBER 4, 2023
MetaHub MetaHub is an open-source security tool for context-based security vulnerability management. It can automate the process of contextualizing and prioritizing security findings based on your environment and your needs, YOUR context. It focuses on... The post metahub: open-source security tool for context-based security vulnerability management appeared first on Penetration Testing.
Bleeping Computer
DECEMBER 4, 2023
A previously unknown cyber espionage hacking group named 'AeroBlade' was discovered targeting organizations in the United States aerospace sector. [.
WIRED Threat Level
DECEMBER 4, 2023
Legislation set to be introduced in Congress this week would extend Section 702 surveillance of people applying for green cards, asylum, and some visas—subjecting loved ones to similar intrusions.
Advertisement
The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.
Bleeping Computer
DECEMBER 4, 2023
Microsoft has fixed a known issue causing Outlook Desktop clients to crash when sending emails from Outlook.com accounts. [.
Security Boulevard
DECEMBER 4, 2023
The significance of cloud computing in today’s world is unmistakable. Companies not using cloud technology are becoming rarer compared to those that do. A. The post Best Practices for Efficient and Secure Cloud Deployments appeared first on OpsCanvas. The post Best Practices for Efficient and Secure Cloud Deployments appeared first on Security Boulevard.
SecureWorld News
DECEMBER 4, 2023
Fidelity National Financial (FNF), one of the largest title insurance providers in the United States, announced on November 21 that it fell victim to a sophisticated cyberattack. The incident caused widespread disruptions to FNF's operations, affecting title insurance, escrow, and other title-related services, as well as mortgage transactions and technology for the real estate and mortgage industries.
Penetration Testing
DECEMBER 4, 2023
Apache OFBiz is a popular open-source enterprise resource planning (ERP) software that provides a comprehensive suite of business applications for various industries. Recently, a critical vulnerability, designated as CVE-2023-49070, has been discovered in Apache... The post CVE-2023-49070: Critical Pre-auth RCE Vulnerability Discovered in Apache OFBiz appeared first on Penetration Testing.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
SecureList
DECEMBER 4, 2023
All statistics in this report come from the Kaspersky Security Network (KSN) global cloud service, which receives information from components in our security solutions. The data was obtained from users who had given their consent to it being sent to KSN. Millions of Kaspersky users around the globe assist us in collecting information about malicious activity.
Malwarebytes
DECEMBER 4, 2023
Last week on Malwarebytes Labs: Explained: Domain fronting Will ChatGPT write ransomware? Yes. Associated Press, ESPN, CBS among top sites serving fake virus alerts Meta sued over forcing users to pay to stop tracking Update now! Chrome fixes actively exploited zero-day vulnerability Many major websites allow users to have weak passwords Ransomware gangs and Living Off the Land (LOTL) attacks: A deep dive ownCloud vulnerability can be used to extract admin passwords Stay safe!
Bleeping Computer
DECEMBER 4, 2023
Tipalti says they are investigating claims that the ALPHV ransomware gang breached its network and stole 256 GB of data, including data for Roblox and Twitch. [.
SecureBlitz
DECEMBER 4, 2023
Learn how to buy and sell domain names using Dynadot in this post. Domain buying and selling remains one of the best ways to make money online. It’s straightforward and highly rewarding, especially when you focus on premium names. However, the issue most people have is settling on the right platform. From experience, we recommend […] The post How To Buy And Sell Domain Names Using Dynadot appeared first on SecureBlitz Cybersecurity.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Expert insights. Personalized for you.
179 
Let's personalize your content