Schneier on Security
DECEMBER 19, 2023
There’s a rumor flying around the Internet that OpenAI is training foundation models on your Dropbox documents. Here’s CNBC. Here’s Boing Boing. Some articles are more nuanced , but there’s still a lot of confusion. It seems not to be true. Dropbox isn’t sharing all of your documents with OpenAI. But here’s the problem: we don’t trust OpenAI.
Krebs on Security
DECEMBER 19, 2023
The U.S. Federal Bureau of Investigation (FBI) disclosed today that it infiltrated the world’s second most prolific ransomware gang, a Russia-based criminal group known as ALPHV and BlackCat. The FBI said it seized the gang’s darknet website, and released a decryption tool that hundreds of victim companies can use to recover systems. Meanwhile, BlackCat responded by briefly “unseizing” its darknet site with a message promising 90 percent commissions for affiliates who con
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Tech Republic Security
DECEMBER 19, 2023
Australia is about to get a national online ID system — the Digital ID — which promises to improve the security and privacy of data online. However, concerns among Australians persist.
Bleeping Computer
DECEMBER 19, 2023
The Department of Justice announced today that the FBI successfully breached the ALPHV ransomware operation's servers to monitor their activities and obtain decryption keys. [.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Tech Republic Security
DECEMBER 19, 2023
As the year comes to a close, Mac users should take these steps to ensure their device's security, performance and organization.
Security Boulevard
DECEMBER 19, 2023
Another day, another huge leak: In October, they called it an “outage;” last month, it became a “cybersecurity incident;” now it’s a full-on PII leak. The post Mr. Cooper Hackers Stole ~15 Million Users’ Data appeared first on Security Boulevard.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Bleeping Computer
DECEMBER 19, 2023
A new malware campaign that emerged in March 2023 used JavaScript web injections to try to steal the banking data of over 50,000 users of 40 banks in North America, South America, Europe, and Japan. [.
Security Boulevard
DECEMBER 19, 2023
Even though organizations are using AI-based coding, about the benefits and security fears of AI-based software development. The post AI Coding Tools: How to Address Security Issues appeared first on Security Boulevard.
Bleeping Computer
DECEMBER 19, 2023
An international law enforcement operation codenamed 'Operation HAECHI IV' has led to the arrest of 3,500 suspects of various lower-tier cybercrimes and seized $300 million in illicit proceeds. [.
Security Boulevard
DECEMBER 19, 2023
The Play ransomware group, which was behind such high-profile attacks as those on the city of Oakland, California, and Dallas County, Texas, is behind at least 300 similar cyber-incidents since June 2022, according to government cybersecurity agencies in the United States and Australia. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the FBI, joined.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Security Affairs
DECEMBER 19, 2023
Comcast’s Xfinity discloses a data breach after a cyber attack hit the company by exploiting the CitrixBleed vulnerability. Comcast’s Xfinity is notifying its customers about the compromise of their data in a cyberattack that involved the exploitation of the CitrixBleed flaw. CitrixBleed is a critical vulnerability, tracked as CVE-2023-4966 , in Citrix NetScaler ADC (Application Delivery Controller) software.
Bleeping Computer
DECEMBER 19, 2023
Microsoft has confirmed that some Windows 11 devices experience Wi-Fi connectivity issues after installing recent cumulative updates. [.
eSecurity Planet
DECEMBER 19, 2023
Infrastructure as a service security is a concept that assures the safety of organizations’ data, applications, and networks in the cloud. Understanding the risks, advantages, and best practices connected with IaaS security is becoming increasingly important as enterprises shift their infrastructure to the cloud. By exploring the top eight issues and preventative measures, as well as shedding light on the security benefits of IaaS, you can better secure your cloud security infrastructure.
Security Affairs
DECEMBER 19, 2023
The Federal Bureau of Investigation (FBI) announced the seizure of the Tor leak site of the AlphV/Blackcat ransomware group. The FBI seized the Tor leak site of the AlphV/Blackcat ransomware group and replaced the home page with the announcement of the seizure. BlackCat/ALPHV ransomware gang has been active since November 2021, the list of its victims is long and includes industrial explosives manufacturer SOLAR INDUSTRIES INDIA , the US defense contractor NJVC , gas pipeline Creos Luxembourg S.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Bleeping Computer
DECEMBER 19, 2023
An unsealed FBI search warrant revealed how law enforcement hijacked the ALPHV/BlackCat ransomware operations websites and seized the associated URLs. [.
Security Boulevard
DECEMBER 19, 2023
As CMMC Final Rule approaches, one of the most common concerns defense contractors have is the cost of achieving compliance. CMMC will step up enforcement of the 110 NIST 800-171 controls, making compliance a prerequisite for continued work with the Department of Defense (DoD). In order to achieve certification, defense contractors will need to budget […] The post <span style="color:#f05f2a;">CMMC Enclaves:</span> What they are.<br/> How they help compliance. appeared fir
We Live Security
DECEMBER 19, 2023
The H2 2023 issue of ESET Threat Report reviews the key trends and developments that shaped the threat landscape from June to Novembery 2023.
Security Affairs
DECEMBER 19, 2023
By neglecting to set a password, a BMW dealer in India has jeopardized the entire network of car dealerships in the country and put its clients at risk. The Cybernews research team has discovered that the Bengaluru branch of BMW Kun Exclusive, a BMW dealership in India, has exposed sensitive data to the public. The data leak could have resulted in unauthorized access to sensitive clients’ and business data or even a full takeover of the BMW outlet’s internal systems by threat actors.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Bleeping Computer
DECEMBER 19, 2023
The ALPHV/BlackCat ransomware gang has made over $300 million in ransom payments from more than 1,000 victims worldwide as of September 2023, according to the Federal Bureau of Investigation (FBI). [.
Security Affairs
DECEMBER 19, 2023
Smishing Triad: Researchers warn crooks impersonating UAE Federal Authority for Identity and citizenship ahead of the Holiday Season Resecurity, Inc. (USA) has identified a new fraudulent campaign by the Smishing Triad gang in which they are impersonating the United Arab Emirates Federal Authority for Identity and Citizenship. This campaign involves malicious SMS/iMessage texts that pretend to be on behalf of the General Directorate of Residency and Foreigners Affairs, targeting digital identity
Bleeping Computer
DECEMBER 19, 2023
Academic researchers developed a new attack called Terrapin that manipulates sequence numbers during the handshake process to breaks the SSH channel integrity when certain widely-used encryption modes are used. [.
Penetration Testing
DECEMBER 19, 2023
A vulnerability has recently been identified in Apache Guacamole, an HTML5 web application that provides access to desktop environments using remote desktop protocols (such as VNC or RDP). Guacamole is also the project that... The post CVE-2023-43826: Integer Overflow in Apache Guacamole Opens Door to RCE appeared first on Penetration Testing.
Advertisement
The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.
Digital Guardian
DECEMBER 19, 2023
Microsoft DLP, part of the larger Purview offering, can be a part of your organization's defensive strategy and complemented by Digital Guardian's enhanced offering.
CompTIA on Cybersecurity
DECEMBER 19, 2023
CompTIA has produced an abundance of YouTube content and we’ve rallied our top 10 videos of the year. Here are the Top 10 videos from the CompTIA Connect YouTube channel for 2023.
The Hacker News
DECEMBER 19, 2023
The U.S. Justice Department (DoJ) has officially announced the disruption of the BlackCat ransomware operation and released a decryption tool that victims can use to regain access to files locked by the malware. Court documents show that the U.S.
Graham Cluley
DECEMBER 19, 2023
Simon Whittaker, CEO of Vertical Structure, invited me onto the "CyberTuesday" show to share some stories and opinions from the world of cybersecurity. I couldn't resist also breaking into my Jason Statham impression at one point.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Malwarebytes
DECEMBER 19, 2023
MetaStealer is a popular piece of malware that came out in 2022, levering previous code base from RedLine. Stealers have become a very hot commodity in the criminal space, so much so that there is competition between various groups. Threat actors have primarily used malspam as an infection vector to drop MetaStealer as well as cracked software via stolen YouTube accounts, but it was at least once previously seen in a malvertising campaign.
The Hacker News
DECEMBER 19, 2023
Some of you have already started budgeting for 2024 and allocating funds to security areas within your organization. It is safe to say that employee security awareness training is one of the expenditure items, too. However, its effectiveness is an open question with people still engaging in insecure behaviors at the workplace.
Penetration Testing
DECEMBER 19, 2023
In light of a severe vulnerability discovered in Apache Struts, Cisco Systems has elucidated the impact on its products. The culprit, a path traversal vulnerability identified as CVE-2023-50164, has sent ripples through the cyber... The post Apache Struts (CVE-2023-50164) RCE Vulnerability Affects some Cisco Products appeared first on Penetration Testing.
Digital Shadows
DECEMBER 19, 2023
ReliaQuest responded to a double-extortion attack by an unknown actor, whose malicious activity was aided by their use of TTPs to evade detection and deploy ransomware.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Expert insights. Personalized for you.
259 
Let's personalize your content