Krebs on Security

FEBRUARY 13, 2024

Microsoft Corp. today pushed software updates to plug more than 70 security holes in its Windows operating systems and related products, including two zero-day vulnerabilities that are already being exploited in active attacks. Top of the heap on this Fat Patch Tuesday is CVE-2024-21412 , a “security feature bypass” in the way Windows handles Internet Shortcut Files that Microsoft says is being targeted in active exploits.

Engineering 217

Engineering Internet Internet Software 217

Schneier on Security

FEBRUARY 13, 2024

The paperback version of A Hacker’s Mind has just been published. It’s the same book, only a cheaper format. But—and this is the real reason I am posting this—Amazon has significantly discounted the hardcover to $15 to get rid of its stock. This is much cheaper than I am selling it for, and cheaper even than the paperback. So if you’ve been waiting for a price drop, this is your chance.

183

183

Tech Republic Security

FEBRUARY 13, 2024

The entry-level IBM and ISC2 Cybersecurity Specialist Professional Certificate takes four months to complete.

Cybersecurity 216

Cybersecurity 216

Bleeping Computer

FEBRUARY 13, 2024

Microsoft has patched today a Windows Defender SmartScreen zero-day exploited in the wild by a financially motivated threat group to deploy the DarkMe remote access trojan (RAT). [.

Malware 144

Malware 144

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Tech Republic Security

FEBRUARY 13, 2024

The mixed public and private consortium will focus on safety, standards and skills-building for AI generally and generative AI in particular.

Digital transformation 147

Digital transformation Artificial Intelligence 147

Bleeping Computer

FEBRUARY 13, 2024

A threat actor leaked 200,000 records on a hacker forum, claiming they contained the mobile phone numbers, email addresses, and other personal information of Facebook Marketplace users. [.

Hacking 141

Hacking Mobile 141

Digital Shadows

FEBRUARY 13, 2024

ReliaQuest has detected a variant of the SocGholish malware that uses Python instead of PowerShell for persistence, signaling an evolution in the TTPs of threat actors utilizing this malware.

Malware 138

Malware 138

Bleeping Computer

FEBRUARY 13, 2024

Prudential Financial has disclosed that its network was breached last week, with the attackers stealing employee and contractor data before being blocked from compromised systems one day later. [.

134

134

The Hacker News

FEBRUARY 13, 2024

Microsoft has released patches to address 73 security flaws spanning its software lineup as part of its Patch Tuesday updates for February 2024, including two zero-days that have come under active exploitation. Of the 73 vulnerabilities, 5 are rated Critical, 65 are rated Important, and three and rated Moderate in severity.

Software 131

Software 131

Malwarebytes

FEBRUARY 13, 2024

In 2022, we published an article about how photographs of children taken by a stalkerware-type app were found exposed on the internet because of poor cybersecurity practices by the app vendor. The stalkerware-type app involved, TheTruthSpy, has shown once again that the way in which it handles captured data shows no respect to its customers. And even less for the victims it’s monitoring.

Spyware 130

Spyware Data collection Malware Hacking 130

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Security Boulevard

FEBRUARY 13, 2024

Forget AI. The most immediate and threatening cybersecurity challenge is visibility into an organization’s encrypted cloud traffic. The post You Can’t Stop What You Can’t See: Addressing Encrypted Cloud Traffic appeared first on Security Boulevard.

Encryption 126

Encryption Cybersecurity Malware Network Security 126

The Last Watchdog

FEBRUARY 13, 2024

San Mateo, Calif., Feb. 13, 2023 – The U.S. White House announced groundbreaking collaboration between OpenPolicy and leading innovation companies, including Kiteworks , which delivers data privacy and compliance for sensitive content communications through its Private Content Network. The U.S. Department of Commerce’s National Institute of Standards and Technology (NIST) Artificial Intelligence Safety Institute Consortium (AISIC) will act as a collaborative platform where both public sector and

Artificial Intelligence 100

Artificial Intelligence Government Data privacy Risk 100

Security Boulevard

FEBRUARY 13, 2024

The 2023 ransomware attack report summarizes the major changes we saw in ransomware trends and tactics by geography, sector and variant. The post 2023 Ransomware Attack Report appeared first on Security Boulevard.

Ransomware 124

Ransomware 124

Bleeping Computer

FEBRUARY 13, 2024

Microsoft has released the KB5034765 cumulative update for Windows versions 23H2 and 22H2 to fix several bugs in the OS, including an issue that causes problems with the Start menu. [.

Software 123

Software 123

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Security Boulevard

FEBRUARY 13, 2024

Hackers are increasingly deploying “ultra-evasive, highly aggressive” malware with the ability to find and shut down enterprise security tools in compromised systems, allowing the bad actor to go undetected longer, according to researchers with Picus Security. In its Picus Red Report 2024, the security validation firm said there was a 333% year-over-year increase in such.

Malware 123

Malware Ransomware Cybersecurity Network Security 123

Tech Republic Security

FEBRUARY 13, 2024

RoboForm is a great solution for users who want a no-nonsense password manager with strong security and a straightforward user interface.

Password Management 120

Password Management Passwords 120

Bleeping Computer

FEBRUARY 13, 2024

Microsoft has released the KB5034763 cumulative update for Windows 10 21H2 and Windows 10 22H2, which includes a small number of changes, including the continued rollout of changes to comply with Europe's Digital Markets Act (DMA). [.

Marketing 116

Marketing 116

Security Affairs

FEBRUARY 13, 2024

Authorities in Romania reported that at least 100 hospitals went offline after a ransomware attack hit the Hipocrate platform. Authorities in Romania confirmed that a ransomware attack that targeted the Hipocrate Information System (HIS) has disrupted operations for at least 100 hospitals. Hipocrate Information System (HIS) is a software suite designed to manage the medical and administrative activities of hospitals and other healthcare institutions.

Ransomware 119

Ransomware Backups Encryption Healthcare 119

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Security Boulevard

FEBRUARY 13, 2024

FCC FAIL: While Rome burns, Federal Communications Commission is once again behind the curve. The post ‘Incompetent’ FCC Fiddles With Data Breach Rules appeared first on Security Boulevard.

Data breaches 113

Data breaches Data privacy CISO Security Awareness 113

Malwarebytes

FEBRUARY 13, 2024

Remote Monitoring & Management (RMM) software, including popular tools like AnyDesk, Atera, and Splashtop, are invaluable for IT administrators today, streamlining tasks and ensuring network integrity from afar. However, these same tools have caught the eye of cybercriminals, who exploit them to infiltrate company networks and pilfer sensitive data.

Phishing 114

Phishing Software Scams Banking 114

We Live Security

FEBRUARY 13, 2024

As fabricated images, videos and audio clips of real people go mainstream, the prospect of a firehose of AI-powered disinformation is a cause for mounting concern

116

116

Security Affairs

FEBRUARY 13, 2024

Bank of America revealed that the personal information of some customers was stolen in a data breach affecting a third-party services provider. Bank of America began notifying some customers following a data breach at the third-party services provider Infosys McCamish System (IMS). The bank has sent notification letters to 57,000 customers, informing them that their personal information has been compromised Infosys disclosed the security breach on November 3, 2023, in a filing with SEC the compa

Data breaches 115

Data breaches Banking Identity Theft Ransomware 115

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

Malwarebytes

FEBRUARY 13, 2024

On February 9, 2024, the Justice Department announced that an international operation had seized internet domains that were selling information-stealing malware. Federal authorities in Boston seized www.warzone.ws and three related domains, which sold the Warzone RAT malware. The Warzone RAT malware, a sophisticated Remote Access Trojan (RAT), enabled cybercriminals to browse victims’ file systems, take screenshots, record keystrokes, steal victims’ usernames and passwords, and watch victims thr

Social Engineering 112

Social Engineering Internet Internet Malware 112

SecureWorld News

FEBRUARY 13, 2024

As artificial intelligence continues advancing at a rapid pace, criminals are increasingly using AI capabilities to carry out sophisticated scams and attacks. Technologies that synthesize realistic fake media, known as deepfakes, are among the newest tools being deployed to enable fraud. A finance clerk working at a Hong Kong branch of a large multinational corporation recently fell victim to an elaborate scam utilizing deepfake technology to impersonate senior executives and swindle more than $

Scams 110

Scams Artificial Intelligence Social Engineering Media 110

The Hacker News

FEBRUARY 13, 2024

A newly disclosed security flaw in the Microsoft Defender SmartScreen has been exploited as a zero-day by an advanced persistent threat actor called Water Hydra (aka DarkCasino) targeting financial market traders.

Malware 106

Malware Marketing Internet Internet 106

eSecurity Planet

FEBRUARY 13, 2024

Packet filtering is a firewall feature that allows or drops data packets based on simple, pre-defined rules regarding IP addresses, ports, or protocols. Once a type of firewall, packet filtering now provides a fundamental feature of nearly all firewalls and some network equipment (routers, smart switches, etc.). The feature involves key principles, as well as pros and cons, and there are four packet filtering types to be aware of, which determine its best use cases.

Firewall 109

Firewall DDOS Cybersecurity Security Defenses 109

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Security Affairs

FEBRUARY 13, 2024

Maintainers behind the Ransomfeed platform have released Q3 Report 2023 including activities of 185 criminal groups operating worldwide. A comprehensive report delving into the intricate landscape of ransomware threats during the last four months of 2023 is out, with a meticulous focus on the monitoring activities conducted by the OSINT Ransomfeed platform ( www.ransomfeed.it ).

Ransomware 112

Ransomware Data collection Hacking Cybersecurity 112

Bleeping Computer

FEBRUARY 13, 2024

Hackers are believed to have used a stolen private key to mint and steal over $290 million in PLA tokens, a cryptocurrency used within the PlayDapp ecosystem. [.

Cryptocurrency 111

Cryptocurrency 111

Security Boulevard

FEBRUARY 13, 2024

The post Patch Tuesday Update - February 2024 appeared first on Digital Defense. The post Patch Tuesday Update – February 2024 appeared first on Security Boulevard.

106

106

Penetration Testing

FEBRUARY 13, 2024

A severe zero-day vulnerability (CVE-2023-50358) has been discovered in QNAP Network Attached Storage (NAS) devices. This flaw allows attackers to execute commands remotely, potentially taking full control of vulnerable systems. Threat actors are already... The post CVE-2023-50358: A zero-day vulnerability affecting QNAP NAS devices appeared first on Penetration Testing.

Penetration Testing 111

Penetration Testing 111

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.