Mon.Dec 04, 2023

article thumbnail

IT Professionals in ASEAN Confronting Rising Cyber Security Risks

Tech Republic Security

The ASEAN region is seeing more cyber attacks as digitisation advances. Recorded Future CISO Jason Steer said software digital supply chains are one of the top risks being faced.

Risk 187
article thumbnail

Kali Linux 2023.4 Release (Cloud ARM64, Vagrant Hyper-V & Raspberry Pi 5)

Kali Linux

With 2023 coming to an end and before the holiday season starts, we thought today would be a good time to release Kali 2023.4. Whilst this release may not have the most end-user features in it again, there are a number of new platform offerings and there still has been a lot of changes going on behind-the-scenes for us, which has a positive knock-on effect resulting in a benefit for everyone.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Google Workspace Marketplace: 4 Tips for Choosing the Best Apps

Tech Republic Security

An Independent Security Verification badge is one indication that an app should go to the top of your list when evaluating options in the Google Workspace Marketplace.

Mobile 142
article thumbnail

Inside America's School Internet Censorship Machine

WIRED Threat Level

A WIRED investigation into internet censorship in US schools found widespread use of filters to censor health, identity, and other crucial information. Students say it makes the web entirely unusable.

Internet 136
article thumbnail

Guide to Business Writing

Everything you need to know about better business writing in one place. This is a complete guide to business writing — from a clear business writing definition to tips on how to hone your business writing skills.

article thumbnail

Fake WordPress security advisory pushes backdoor plugin

Bleeping Computer

WordPress administrators are being emailed fake WordPress security advisories for a fictitious vulnerability tracked as CVE-2023-45124 to infect sites with a malicious plugin. [.

131
131
article thumbnail

The Top 7 Cyber Risk Management Trends for 2024 | Kovrr blog

Security Boulevard

Articles related to cyber risk quantification, cyber risk management, and cyber resilience. The post The Top 7 Cyber Risk Management Trends for 2024 | Kovrr blog appeared first on Security Boulevard.

More Trending

article thumbnail

23andMe says, er, actually some genetic and health data might have been accessed in recent breach

Malwarebytes

In October we reported that the data of as many as seven million 23andMe customers were for sale on criminal forums following a password attack against the genomics company. Now, a filing with the US Securities and Exchange Commission (SEC) has provided some more insight into the data theft. The filed amendment supplements the original Form 8-K submitted by 23andMe.

Passwords 127
article thumbnail

Supply-chain ransomware attack causes outages at over 60 credit unions

Graham Cluley

Ransomware hits firm that providing cloud services to credit unions in order ensure that their business activities could "operate without interruption, even when nothing else seems to be going well." Read more in my article on the Tripwire State of Security blog.

article thumbnail

Update your iPhones! Apple fixes two zero-days in iOS

Malwarebytes

Apple has released emergency security updates for iOS 17.1.2 and iPadOS 17.1.2 to patch for two zero-day vulnerabilities that may have been actively exploited. Apple said both vulnerabilities were in the WebKit component, which is the engine that powers Safari browser on Macs as well as all browsers on iPhones and iPads. It is also the web browser engine used by Mail, App Store, and many other apps on macOS, iOS, and Linux.

article thumbnail

Beware of Expired or Compromised Code Signing Certificates

Security Boulevard

Given the alarming rise in software supply chain attacks and consumers growing more cyber-aware and security-conscious, software providers need to demonstrate a stronger commitment to securing their software and applications and fostering user confidence and trust. One of the vital security measures taken in this direction is the use of code signing certificates to prove […] The post Beware of Expired or Compromised Code Signing Certificates appeared first on Security Boulevard.

Software 116
article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

December Android updates fix critical zero-click RCE flaw

Bleeping Computer

Google announced today that the December 2023 Android security updates tackle 85 vulnerabilities, including a critical severity zero-click remote code execution (RCE) bug. [.

116
116
article thumbnail

Building a Collaborative Approach to Secure the Connected World

Security Boulevard

The expanding IoT landscape demands a collaborative approach to PKI, ensuring seamless security across diverse domains. The post Building a Collaborative Approach to Secure the Connected World appeared first on Security Boulevard.

IoT 109
article thumbnail

LockBit on a Roll – ICBC Ransomware Attack Strikes at the Heart of the Global Financial Order

Security Affairs

The LockBit ransomware attack on the Industrial & Commercial Bank of China demonstrates the weakness of global financial system to cyberattacks. The ransomware breach that crippled U.S. Treasury trading operations at an American subsidiary of Industrial & Commercial Bank of China Ltd. on November 8 has laid bare the vulnerability of the global financial system to cyberattacks.

article thumbnail

Stealthier version of P2Pinfect malware targets MIPS devices

Bleeping Computer

The latest variants of the P2Pinfect botnet are now focusing on infecting devices with 32-bit MIPS (Microprocessor without Interlocked Pipelined Stages) processors, such as routers and IoT devices. [.

IoT 107
article thumbnail

Beware of Pixels & Trackers on U.S. Healthcare Websites

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

article thumbnail

Malvertising attacks rely on DanaBot Trojan to spread CACTUS Ransomware

Security Affairs

Microsoft warns of ongoing malvertising attacks using the DanaBot malware to deploy the CACTUS ransomware. Microsoft uncovered ongoing malvertising attacks using the DanaBot Trojan (Storm-1044) to deploy the CACTUS ransomware. Microsoft the campaign to the ransomware operator Storm-0216 (Twisted Spider, UNC2198). Storm-0216 has historically used Qakbot malware for initial access, but has switched to other malware for initial access after the takedown of the Qakbot infrastructure.

article thumbnail

What Are Privileged Accounts? Common Types & Security Risks

Digital Guardian

In cybersecurity, privilege refers to the authority that certain accounts have; what they can and can't perform. When it comes to privileged accounts, there's a handful of different types, and with them, no shortage of challenges for managing and securing them.

article thumbnail

CVE-2023-49070: Critical Pre-auth RCE Vulnerability Discovered in Apache OFBiz

Penetration Testing

Apache OFBiz is a popular open-source enterprise resource planning (ERP) software that provides a comprehensive suite of business applications for various industries. Recently, a critical vulnerability, designated as CVE-2023-49070, has been discovered in Apache... The post CVE-2023-49070: Critical Pre-auth RCE Vulnerability Discovered in Apache OFBiz appeared first on Penetration Testing.

article thumbnail

US Lawmakers Want to Use a Powerful Spy Tool on Immigrants and Their Families

WIRED Threat Level

Legislation set to be introduced in Congress this week would extend Section 702 surveillance of people applying for green cards, asylum, and some visas—subjecting loved ones to similar intrusions.

article thumbnail

Software Composition Analysis: The New Armor for Your Cybersecurity

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

article thumbnail

metahub: open-source security tool for context-based security vulnerability management

Penetration Testing

MetaHub MetaHub is an open-source security tool for context-based security vulnerability management. It can automate the process of contextualizing and prioritizing security findings based on your environment and your needs, YOUR context. It focuses on... The post metahub: open-source security tool for context-based security vulnerability management appeared first on Penetration Testing.

article thumbnail

New P2PInfect bot targets routers and IoT devices

Security Affairs

Cybersecurity researchers discovered a new variant of the P2PInfect botnet that targets routers and IoT devices. Researchers at Cado Security Labs discovered a new variant of the P2Pinfect botnet that targets routers, IoT devices, and other embedded devices. This variant has been compiled for the Microprocessor without Interlocked Pipelined Stages (MIPS) architecture.

IoT 102
article thumbnail

Windows 11 KB5032288 update improves Copilot, fixes 11 bugs

Bleeping Computer

Microsoft has released the KB5032288 November 2023 Windows 11 preview update with improvements for the Copilot AI assistant and almost a dozen bug fixes. [.

109
109
article thumbnail

Fidelity National Financial Cyber Attack Disrupts Real Estate Services

SecureWorld News

Fidelity National Financial (FNF), one of the largest title insurance providers in the United States, announced on November 21 that it fell victim to a sophisticated cyberattack. The incident caused widespread disruptions to FNF's operations, affecting title insurance, escrow, and other title-related services, as well as mortgage transactions and technology for the real estate and mortgage industries.

article thumbnail

From Complexity to Clarity: Strategies for Effective Compliance and Security Measures

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

article thumbnail

New AeroBlade hackers target aerospace sector in the U.S.

Bleeping Computer

A previously unknown cyber espionage hacking group named 'AeroBlade' was discovered targeting organizations in the United States aerospace sector. [.

Hacking 109
article thumbnail

Kaspersky Security Bulletin 2023. Statistics

SecureList

All statistics in this report come from the Kaspersky Security Network (KSN) global cloud service, which receives information from components in our security solutions. The data was obtained from users who had given their consent to it being sent to KSN. Millions of Kaspersky users around the globe assist us in collecting information about malicious activity.

Banking 96
article thumbnail

Best Practices for Efficient and Secure Cloud Deployments

Security Boulevard

The significance of cloud computing in today’s world is unmistakable. Companies not using cloud technology are becoming rarer compared to those that do. A. The post Best Practices for Efficient and Secure Cloud Deployments appeared first on OpsCanvas. The post Best Practices for Efficient and Secure Cloud Deployments appeared first on Security Boulevard.

article thumbnail

Microsoft Warns of Kremlin-Backed APT28 Exploiting Critical Outlook Vulnerability

The Hacker News

Microsoft on Monday said it detected Kremlin-backed nation-state activity exploiting a critical security flaw in its Outlook email service to gain unauthorized access to victims' accounts within Exchange servers.

article thumbnail

Successful Change Management with Enterprise Risk Management

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

article thumbnail

A week in security (November 27 – December 3)

Malwarebytes

Last week on Malwarebytes Labs: Explained: Domain fronting Will ChatGPT write ransomware? Yes. Associated Press, ESPN, CBS among top sites serving fake virus alerts Meta sued over forcing users to pay to stop tracking Update now! Chrome fixes actively exploited zero-day vulnerability Many major websites allow users to have weak passwords Ransomware gangs and Living Off the Land (LOTL) attacks: A deep dive ownCloud vulnerability can be used to extract admin passwords Stay safe!

article thumbnail

New P2PInfect Botnet MIPS Variant Targeting Routers and IoT Devices

The Hacker News

Cybersecurity researchers have discovered a new variant of an emerging botnet called P2PInfect that's capable of targeting routers and IoT devices. The latest version, per Cado Security Labs, is compiled for Microprocessor without Interlocked Pipelined Stages (MIPS) architecture, broadening its capabilities and reach.

IoT 97
article thumbnail

Microsoft fixes Outlook Desktop crashes when sending emails

Bleeping Computer

Microsoft has fixed a known issue causing Outlook Desktop clients to crash when sending emails from Outlook.com accounts. [.

article thumbnail

New BLUFFS Bluetooth Attack Expose Devices to Adversary-in-the-Middle Attacks

The Hacker News

New research has unearthed multiple novel attacks that break Bluetooth Classic's forward secrecy and future secrecy guarantees, resulting in adversary-in-the-middle (AitM) scenarios between two already connected peers. The issues, collectively named BLUFFS, impact Bluetooth Core Specification 4.2 through 5.4. They are tracked under the identifier CVE-2023-24023 (CVSS score: 6.

96
article thumbnail

ERM Program Fundamentals for Success in the Banking Industry

Speaker: William Hord, Senior VP of Risk & Professional Services

Enterprise Risk Management (ERM) is critical for industry growth in today’s fast-paced and ever-changing risk landscape. When building your ERM program foundation, you need to answer questions like: Do we have robust board and management support? Do we understand and articulate our bank’s risk appetite and how that impacts our business units? How are we measuring and rating our risk impact, likelihood, and controls to mitigate our risk?