Schneier on Security
NOVEMBER 20, 2023
Generative AI is going to be a powerful tool for data analysis and summarization. Here’s an example of it being used for sentiment analysis. My guess is that it isn’t very good yet, but that it will get better.
Tech Republic Security
NOVEMBER 20, 2023
New botnets, more AI in spearphishing and increases in hack-for-hire business are some of Kaspersky's security predictions. Get extensive APT mitigation tips, too.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
WIRED Threat Level
NOVEMBER 20, 2023
A WIRED analysis of leaked police documents verifies that a secretive government program is allowing federal, state, and local law enforcement to access phone records of Americans who are not suspected of a crime.
Security Affairs
NOVEMBER 20, 2023
The DarkCasino APT group leveraged a recently disclosed WinRAR zero-day vulnerability tracked as CVE-2023-38831. Researchers at cybersecurity firm NSFOCUS analyzed DarkCasino attack pattern exploiting the WinRAR zero-day vulnerability tracked as CVE-2023-38831. The economically motivated APT group used specially crafted archives in phishing attacks against forum users through online trading forum posts. “DarkCasino is an APT threat actor with strong technical and learning ability, who is g
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Bleeping Computer
NOVEMBER 20, 2023
The former chief operating officer of a cybersecurity company has pleaded guilty to hacking two hospitals, part of the Gwinnett Medical Center (GMC), in June 2021 to boost his company's business. [.
Tech Republic Security
NOVEMBER 20, 2023
The overall success of a business is often dependent on its ability to effectively share, transfer and process vast amounts of data. Much of this shared data is sensitive and must be protected wherever it travels on and outside the enterprise network. The best way to accomplish the important task of securing business data is.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
IT Security Guru
NOVEMBER 20, 2023
Cybersecurity professionals stand on the frontlines, ever-vigilant against an increasing tide of cyber threats. From protecting sensitive corporate data to safeguarding our personal information, the battle against cybercrime is ongoing. In today’s digital era, cybercriminals are becoming more sophisticated and professional in their methods. Hybrid work models and broadly adopted cloud technology create highly dispersed environments that assist bad actors in remaining covered in the shadow
Bleeping Computer
NOVEMBER 20, 2023
The Tor Project has explained its recent decision to remove multiple network relays that represented a threat to the safety and security of all Tor network users. [.
Security Boulevard
NOVEMBER 20, 2023
The federal government’s top cybersecurity agency wants to become the managed services provider for commercial critical infrastructure entities, which have become an increasing target of cybercriminals. The Cybersecurity and Infrastructure Security Agency (CISA) is piloting a program that will enable such organizations to voluntarily tap into the shared services, support, and security expertise that federal.
Bleeping Computer
NOVEMBER 20, 2023
The Canadian government says two of its contractors have been hacked, exposing sensitive information belonging to an undisclosed number of government employees. [.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Security Affairs
NOVEMBER 20, 2023
The Canadian government discloses a data breach after threat actors hacked two of its contractors. The Canadian government declared that two of its contractors,Brookfield Global Relocation Services (BGRS) and SIRVA Worldwide Relocation & Moving Services, have been hacked, resulting in the exposure of sensitive information belonging to an undisclosed number of government employees.
Bleeping Computer
NOVEMBER 20, 2023
The Lumma information-stealing malware is now using an interesting tactic to evade detection by security software - the measuring of mouse movements using trigonometry to determine if the malware is running on a real machine or an antivirus sandbox. [.
Security Affairs
NOVEMBER 20, 2023
US teenager Joseph Garrison pleads guilty to carrying out a credential stuffing attack on a betting website. US teenager Joseph Garrison (19) has pleaded guilty to his involvement in a credential stuffing campaign that targeted user accounts at a fantasy sports and betting website.3 On or about November 18, 2022, the man launched a credential stuffing attack on the Betting Website and gained access to approximately 60,000 accounts.
Security Boulevard
NOVEMBER 20, 2023
Articles related to cyber risk quantification, cyber risk management, and cyber resilience. The post Cybersecurity, Legal, and Financial Experts Share Their Reactions to the SEC’s Latest Cyber Disclosure Regulations | Kovrr Blog appeared first on Security Boulevard.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
The Hacker News
NOVEMBER 20, 2023
The stealer malware known as LummaC2 (aka Lumma Stealer) now features a new anti-sandbox technique that leverages the mathematical principle of trigonometry to evade detection and exfiltrate valuable information from infected hosts.
Dark Reading
NOVEMBER 20, 2023
China pairs cyber and kinetic attacks in the South Pacific as it continues to wrangle control of the South China Sea.
IT Security Guru
NOVEMBER 20, 2023
With the ever-growing threat of cyberattacks on the UK government and Critical National Infrastructure cyber safety matters more than ever. With the rising tide of ever-resent threat in mind, GovAssure was launched by the UK government in April 2023. It’s a cyber security programme that aims to ensure government IT systems are fully protected from cyberattacks.
Bleeping Computer
NOVEMBER 20, 2023
Microsoft is rolling out fixes for known Microsoft 365 issues causing 'Something Went Wrong [1001]' sign-in errors and rendering desktop applications unusable for many customers. [.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
The Hacker News
NOVEMBER 20, 2023
Bitcoin wallets created between 2011 and 2015 are susceptible to a new kind of exploit called Randstorm that makes it possible to recover passwords and gain unauthorized access to a multitude of wallets spanning several blockchain platforms.
SecureList
NOVEMBER 20, 2023
As the annual Black Friday approaches, the digital landscape experiences an unprecedented surge in e-commerce and online shopping activity. Major sales aside, e-commerce is still a huge market. In 2022, global e-commerce retail revenue was estimated to reach $5.7 trillion worldwide, marking nearly a 10% increase compared to the previous year. The annual Black Friday rise in online transactions sets the stage for a cyber-battleground, where malicious actors exploit users’ interest in online
Security Boulevard
NOVEMBER 20, 2023
Understanding Endpoint Encryption: The First Line of Data Defense Today, safeguarding sensitive information has become paramount for businesses of all sizes. At the forefront of this protective shield is endpoint encryption, a critical component in a robust security strategy. But what exactly is endpoint encryption, and how does it function as a cornerstone in safeguarding … What is Endpoint Encryption: Unveiling A Data Security Strategy Read More » The post What is Endpoint Encryption: Unveilin
Dark Reading
NOVEMBER 20, 2023
The latest LummaC2 infostealer version includes a novel anti-sandbox trick to avoid detonating when no human mouse movements are detected.
Advertisement
The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.
Security Boulevard
NOVEMBER 20, 2023
Our industry is way more complex than meets the eye. MSPs and MSSPs are not just managing their clients' cybersecurity programs, The post CyberTalk Series: MSP and MSSP Cybersecurity Compliance Challenges in 2023 and Goals for 2024 with Kimberly Simon appeared first on Seceon. The post CyberTalk Series: MSP and MSSP Cybersecurity Compliance Challenges in 2023 and Goals for 2024 with Kimberly Simon appeared first on Security Boulevard.
Penetration Testing Lab
NOVEMBER 20, 2023
Windows Task Scheduler enables windows users and administrators to perform automated tasks at specific time intervals.
Security Boulevard
NOVEMBER 20, 2023
Discover how Vermeer Corporation transformed its software development lifecycle to prioritize security. Learn about their journey from open-source tools to adopting GitGuardian for seamless, integrated secret scanning, enhancing DevSecOps with a 'Secure by Default' approach. The post Secure by Default: Integrating GitGuardian in Vermeer’s Software Development Lifecycle appeared first on Security Boulevard.
Malwarebytes
NOVEMBER 20, 2023
Last week on Malwarebytes Labs: Signal is testing usernames so you don’t have to share your phone number State of Maine data breach impacts 1.3 million people Credit card skimming on the rise for the holiday shopping season Update now! Microsoft patches 3 actively exploited zero-days Ransomware review: November 2023 Alarm system cyberattack leaves those in need struggling to call for help 3 benefits of ThreatDown bundles Ransomware gang files SEC complaint about victim Stay safe!
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Security Boulevard
NOVEMBER 20, 2023
Many thanks to DEF CON 31 for publishing their terrific DefCon Conference 31 presenters content. Originating from the conference events at Caesars Forum, Flamingo, Harrah’s and Linq in Las Vegas, Nevada ; via the organizations YouTube channel. Permalink The post DEF CON 31 – Panel: ‘Hack the Future – Why Congress & White House Support AI Red Teaming’ appeared first on Security Boulevard.
The Hacker News
NOVEMBER 20, 2023
Phishing campaigns delivering malware families such as DarkGate and PikaBot are following the same tactics previously used in attacks leveraging the now-defunct QakBot trojan.
Dark Reading
NOVEMBER 20, 2023
CISOs and vendors must work together to keep up with emerging threats and find solutions, says a group of CISOs and security entrepreneurs.
The Hacker News
NOVEMBER 20, 2023
Android smartphone users in India are the target of a new malware campaign that employs social engineering lures to install fraudulent apps that are capable of harvesting sensitive data.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Expert insights. Personalized for you.
258 
Let's personalize your content