Schneier on Security
JANUARY 23, 2024
Really interesting research: “ Lend Me Your Ear: Passive Remote Physical Side Channels on PCs.” Abstract: We show that built-in sensors in commodity PCs, such as microphones, inadvertently capture electromagnetic side-channel leakage from ongoing computation. Moreover, this information is often conveyed by supposedly-benign channels such as audio recordings and common Voice-over-IP applications, even after lossy compression.
Jane Frankland
JANUARY 23, 2024
In last week’s blog (part 2), I continued to explore the pros and cons of using an MDR provider and whether it’s better choosing a boutique provider over that of a traditional big brand. Having begun by discussing the first core feature, technology, I then focused on the second core feature, contract terms. I wove in many data points, including some from Managed Threat Detection and Response firm, e2e-assure, who I’m partnering with, and their latest report, Rejuvenating Cyber Defence Strategies
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Tech Republic Security
JANUARY 23, 2024
The Midnight Blizzard gang appears to have been looking for information about itself. See how organizations can protect their accounts from password spray attacks.
Security Boulevard
JANUARY 23, 2024
The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) have issued a joint Cybersecurity Advisory warning of the escalating threat posed by Androxgh0st malware. Threat actors are using this Python-scripted malware to build a botnet focused on cloud credential theft, with the stolen information being leveraged to deliver additional malicious payloads.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Tech Republic Security
JANUARY 23, 2024
Australian organisations are so focused on preventing data breaches that they’re unaware that the concern of most of their customers has more to do with privacy.
Bleeping Computer
JANUARY 23, 2024
A recently uncovered ransomware operation named 'Kasseika' has joined the club of threat actors that employs Bring Your Own Vulnerable Driver (BYOVD) tactics to disable antivirus software before encrypting files. [.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Bleeping Computer
JANUARY 23, 2024
An exposed Trello API allows linking private email addresses with Trello accounts, enabling the creation of millions of data profiles containing both public and private information. [.
Malwarebytes
JANUARY 23, 2024
In a spy-vs-spy type of scenario, Microsoft has acknowledged that a group called Midnight Blizzard (also known as APT29 or Cozy Bear), gained access to a Microsoft legacy non-production test tenant account. According to Microsoft, the group managed to access the account in November after subjecting it to a password spray attack, a type of brute force attack where the attacker tries a large amount of logins until they succeed.
The Last Watchdog
JANUARY 23, 2024
Washington D.C. Jan. 22, 2024 – Today, the National Cybersecurity Alliance (NCA) , announced the program for its third annual Data Privacy Week campaign, which will take place from January 22nd to January 27th. Throughout the week, NCA will emphasize the critical significance of digital privacy for both consumers and businesses through a series of educational webinars featuring experts from various industries. “Knowing how to safeguard your personal information has never been more i
Security Affairs
JANUARY 23, 2024
The Black Basta ransomware gang claimed to have hacked the UK water utility Southern Water, a major player in the UK water industry. Southern Water is a private utility company responsible for collecting and treating wastewater in Hampshire, the Isle of Wight, West Sussex, East Sussex and Kent, and for providing public water supply to approximately half of this area.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Security Boulevard
JANUARY 23, 2024
Lacework and Securiti are partnering to integrate their respective DSPM and CNAPP platforms. The post Lacework and Securiti Ally to Better Secure Data appeared first on Security Boulevard.
Security Affairs
JANUARY 23, 2024
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds VMware vCenter Server Out-of-Bounds Write bug to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a VMware vCenter Server Out-of-Bounds Write bug, tracked as CVE-2023-34048 , to its Known Exploited Vulnerabilities (KEV) catalog. vCenter Server is a critical component in VMware virtualization and cloud computing software suite.
Security Boulevard
JANUARY 23, 2024
After some stops and starts, U.S. federal agencies have issued guidance to help water and wastewater system operators better respond to cyberattacks, an important step as threat actors are increasingly targeting the sector. The document was put together by the Environmental Protection Agency (EPA), FBI, and Cybersecurity and Infrastructure Security Agency (CISA) and touches on.
Security Affairs
JANUARY 23, 2024
Financial services company LoanDepot disclosed a data breach that impacted roughly 16.6 million individuals. LoanDepot is a financial services company that primarily operates as a mortgage lender. It is one of the largest nonbank lenders in the United States. The company provides a range of mortgage and non-mortgage loan products and services. LoanDepot disclosed this week a data breach that impacted roughly 16.6 million individuals.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Bleeping Computer
JANUARY 23, 2024
Veolia North America, a subsidiary of transnational conglomerate Veolia, disclosed a ransomware attack that impacted systems part of its Municipal Water division and disrupted its bill payment systems. [.
Security Affairs
JANUARY 23, 2024
Fortra addressed a new authentication bypass vulnerability impacting GoAnywhere MFT (Managed File Transfer) product. Fortra warns customers of a new authentication bypass vulnerability tracked as CVE-2024-0204 (CVSS score 9.8), impacting the GoAnywhere MFT (Managed File Transfer) product. Fortra GoAnywhere Managed File Transfer is a comprehensive solution for secure file transfer, data encryption, and compliance management.
Bleeping Computer
JANUARY 23, 2024
Exploit code is now available for a critical authentication bypass vulnerability in Fortra's GoAnywhere MFT (Managed File Transfer) software that allows attackers to create new admin users on unpatched instances via the administration portal. [.
We Live Security
JANUARY 23, 2024
As AI-powered voice cloning turbocharges imposter scams, we sit down with ESET’s Jake Moore to discuss how to hang up on ‘hi-fi’ scam calls – and what the future holds for deepfake detection
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Bleeping Computer
JANUARY 23, 2024
Microsoft has released the January 2024 preview update for Windows 10, version 22H2, which adds Digital Markets Act (DMA) compliance in the European Economic Area (EEA) to allow European users to uninstall all apps in Windows by March 6. [.
Tech Republic Security
JANUARY 23, 2024
While artificial intelligence discourse and chatbots dominated 2023, the cybersecurity space still pulled our attention now and then with cyberattacks, reminding us that technology advancements without cybersecurity can be counterintuitive, an approach akin to setting the cart before the horse. With this in mind, TechRepublic Premium spoke with a wide range of experts to find.
Bleeping Computer
JANUARY 23, 2024
Fortra is warning of a new authentication bypass vulnerability impacting GoAnywhere MFT (Managed File Transfer) versions before 7.4.1 that allows an attacker to create a new admin user. [.
Security Affairs
JANUARY 23, 2024
The Australian government announced sanctions for a member of the REvil ransomware group for the Medibank hack that occurred in 2022. The Australian government announced sanctions for Aleksandr Gennadievich Ermakov (aka GustaveDore, aiiis_ermak, blade_runner, JimJones), a Russian national who is a member of the REvil ransomware group. The man is responsible for the cyber attacks that in 2022 hit the Australian insurance provider Medibank. “This morning I can announce that Australia has use
Advertisement
The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.
Digital Guardian
JANUARY 23, 2024
Hiring a SOC analyst? Asking the right questions is key to identifying the best employee as well as helping determine what skills can best complement your organization.
Bleeping Computer
JANUARY 23, 2024
Jason's Deli is warning of a data breach in notifications sent to customers of its online platform stating that their personal data was exposed in credential stuffing attacks. [.
Penetration Testing
JANUARY 23, 2024
As the digital landscape evolves, so too does the sophistication of threats that lurk within it. The Kasseika ransomware, identified amidst a surge in bring-your-own-vulnerable-driver (BYOVD) attacks in 2023, emerges as a formidable adversary.... The post Unpacking Kasseika: The Latest Ransomware to Exploit BYOVD Tactics appeared first on Penetration Testing.
Security Boulevard
JANUARY 23, 2024
AKA APT29: Midnight Blizzard / Cozy Bear makes it look easy (and makes Microsoft look insecure). The post Russia Hacked Microsoft Execs — SolarWinds Hackers at it Again appeared first on Security Boulevard.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Penetration Testing
JANUARY 23, 2024
Researchers from ReversingLabs have recently illuminated the dark corners of npm, revealing two malicious packages that exploit GitHub’s infrastructure to orchestrate their clandestine operations. Named `warbeast2000` and `kodiak2k`, these packages represent a grave threat... The post ReversingLabs Exposes Malicious npm Packages Storing Stolen SSH Keys on GitHub appeared first on Penetration Testing.
WIRED Threat Level
JANUARY 23, 2024
The company says it wants to protect you from “viruses.” Experts are skeptical.
Penetration Testing
JANUARY 23, 2024
Proof-of-concept (PoC) exploit code has been made available for recently disclosed and patched critical flaws (CVE-2023-45866, CVE-2024-21306) impacting Bluetooth. This flaw affects a broad spectrum of operating systems, including Android, Linux, macOS, iOS, and... The post 0-Click Exploit: PoC Targets Android, Linux, macOS, and iOS Devices via Bluetooth CVE-2023-45866 Flaw appeared first on Penetration Testing.
SecureWorld News
JANUARY 23, 2024
Jen Easterly, Director of the U.S. Cybersecurity and Infrastructure Security Agency (CISA), told MSNBC's Andrea Mitchell in a January 19th segment that " the American people should have confidence in the election process" in 2024 and beyond, despite concerns over AI capabilities. In a LinkedIn post the day after her interview with Mitchell, Easterly said: "Enjoyed talking with Andrea Mitchell on MSNBC yesterday about the intersection of elections and AI, and importantly, why the American people
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Expert insights. Personalized for you.
249 
Let's personalize your content