Tech Republic Security
DECEMBER 20, 2023
The ransomware group, which has distributed ransomware to more than 1,000 victims, reportedly recovered control of its website on Tuesday. Learn how to defend against ransomware.
Schneier on Security
DECEMBER 20, 2023
Looks like fun. Details here.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Tech Republic Security
DECEMBER 20, 2023
Ransomware attacks on infrastructure and mid-market businesses are tipped to rise, while the use of AI cyber tools will grow as IT customers seek more signal and less noise from vendors.
Bleeping Computer
DECEMBER 20, 2023
A new phishing campaign pretending to be a 'copyright infringement' email attempts to steal the backup codes of Instagram users, allowing hackers to bypass the two-factor authentication configured on the account. [.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Security Affairs
DECEMBER 20, 2023
Google has released emergency updates to address a new actively exploited zero-day vulnerability in the Chrome browser. Google has released emergency updates to address a new zero-day vulnerability, tracked as CVE-2023-7024, in its web browser Chrome. The flaw has been addressed with the release of version 120.0.6099.129 for Mac,Linux and 120.0.6099.129/130 for Windows which will roll out over the coming days/weeks.
Bleeping Computer
DECEMBER 20, 2023
Google has released emergency updates to fix another Chrome zero-day vulnerability exploited in the wild, the eighth patched since the start of the year. [.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Bleeping Computer
DECEMBER 20, 2023
The Federal Criminal Police Office in Germany (BKA) and the internet-crime combating unit of Frankfurt (ZIT) have announced the seizure of Kingdom Market, a dark web marketplace for drugs, cybercrime tools, and fake government IDs. [.
Security Affairs
DECEMBER 20, 2023
JaskaGO is a new Go-based information stealer malware that targets both Windows and Apple macOS systems, experts warn. Researchers from AT&T Alien Labs uncovered a previously undetected Go-based information stealer dubbed JaskaGO that targets Windows and macOS systems. JaskaGO is a sophisticated malware that supports an extensive array of commands and can maintain persistence in different ways.
Bleeping Computer
DECEMBER 20, 2023
ESO Solutions, a provider of software products for healthcare organizations and fire departments, disclosed that data belonging to 2.7 million patients has been compromised as a result of a ransomware attack. [.
eSecurity Planet
DECEMBER 20, 2023
Attack surface management (ASM) is a relatively new cybersecurity technology that combines elements of vulnerability management and asset discovery with the automation capabilities of breach and attack simulation (BAS) and applies them to an organization’s entire IT environment, from networks to the cloud. That makes ASM’s ambitions much greater than legacy vulnerability management tools.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Bleeping Computer
DECEMBER 20, 2023
Microsoft has fixed a known issue causing Wi-Fi network connectivity problems on Windows 11 systems triggered by recently released cumulative updates. [.
Security Affairs
DECEMBER 20, 2023
The German police seized the dark web marketplace Kingdom Market as a result of an international law enforcement operation. The Federal Criminal Police Office in Germany (BKA) and the internet-crime combating unit of Frankfurt (ZIT), along with law enforcement agencies from multiple countries (United States, Switzerland, Moldova, and Ukraine), conducted an operation that resulted in the seizure of the dark web marketplace Kingdom Market.
Bleeping Computer
DECEMBER 20, 2023
​Ivanti has released security updates to fix 13 critical security vulnerabilities in the company's Avalanche enterprise mobile device management (MDM) solution. [.
The Hacker News
DECEMBER 20, 2023
Google has rolled out security updates for the Chrome web browser to address a high-severity zero-day flaw that it said has been exploited in the wild. The vulnerability, assigned the CVE identifier CVE-2023-7024, has been described as a heap-based buffer overflow bug in the WebRTC framework that could be exploited to result in program crashes or arbitrary code execution.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Security Affairs
DECEMBER 20, 2023
An international law enforcement operation, named HAECHI IV, led to the arrest of approximately 3,500 suspects and the seizure of roughly $300 million worth of assets. Interpol this week announced that an international law enforcement operation, named HAECHI IV, led to the arrest of approximately 3,500 suspects and the seizure of roughly $300 million worth of assets.
Graham Cluley
DECEMBER 20, 2023
The FBI has disrupted the operations of the ALPHV ransomware group, and seized decryption keys that could help 500 victims unscramble their files without having to pay a ransom. Read more in my article on the Hot for Security blog.
Bleeping Computer
DECEMBER 20, 2023
Cryptocurrency scammers are abusing a legitimate X "feature" to promote scams, fake giveaways, and fraudulent Telegram channels used to steal your crypto and NFTs. [.
Penetration Testing
DECEMBER 20, 2023
PoolParty A collection of fully-undetectable process injection techniques abusing Windows Thread Pools. Presented at Black Hat EU 2023 Briefings under the title – The Pool Party You Will Never Forget: New Process Injection Techniques Using... The post PoolParty: A set of fully-undetectable process injection techniques appeared first on Penetration Testing.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Bleeping Computer
DECEMBER 20, 2023
The password attacks of 2023 involved numerous high-profile brands, leading to the exposure of millions of users' data. Learn more from Specops Software on how to respond to these types of attacks. [.
Thales Cloud Protection & Licensing
DECEMBER 20, 2023
2024 Tech and Cybersecurity Forecast: Navigating New Frontiers in Business madhav Thu, 12/21/2023 - 05:15 People always want to comprehend what the future brings. Ancient Greeks, for example, were famous for consulting with Oracle before making a crucial decision. The same is true for today’s business leaders. In an era where technology evolves at a blistering pace, business leaders must stay ahead of the curve. 2024 promises to be a pivotal year, bringing transformative advancements and new cha
The Hacker News
DECEMBER 20, 2023
Ransomware groups are increasingly switching to remote encryption in their attacks, marking a new escalation in tactics adopted by financially motivated actors to ensure the success of their campaigns.
Penetration Testing
DECEMBER 20, 2023
In an era where mobile banking has become the norm, a new threat looms large, especially in India’s banking sector – Android phishing. Neil Tyagi and Fernando Ruiz from McAfee Labs have uncovered a... The post One Click, Bankrupt: Android Trojan Steals Through WhatsApp appeared first on Penetration Testing.
Advertisement
The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.
We Live Security
DECEMBER 20, 2023
You may get more than you bargained for when you buy a budget-friendly smartphone and forgo safeguards baked into Google Play
Security Boulevard
DECEMBER 20, 2023
Testy Testudine: Lurking vuln in SSH spec means EVERY implementation must build patches. The post SSH FAIL: Terrapin Attack Smashes ‘Secure’ Shell Spec appeared first on Security Boulevard.
Bleeping Computer
DECEMBER 20, 2023
Cryptocurrency scammers are abusing a legitimate Twitter "feature" to promote scams, fake giveaways, and fraudulent Telegram channels used to steal your crypto and NFTs. [.
Graham Cluley
DECEMBER 20, 2023
Piers Morgan is less than happy after a judgement that there is "no doubt" he knew phone hacking was going on at the Daily Mirror, and a shopper comes a-cropper just before Christmas. All this and more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
SecureBlitz
DECEMBER 20, 2023
In this post, I will be exploring security considerations for Fax APIs. As the digital transformation era continues to shape various aspects of the corporate landscape, businesses need to keep abreast with existing technological advancements. One such innovation involves leveraging Fax Application Programming Interfaces (APIs) to streamline and fortify business communication systems.
Penetration Testing
DECEMBER 20, 2023
In the ever-evolving landscape of cyber threats, a new malevolent force emerged in 2022, known as MetaStealer. This potent malware, built on the foundational code of RedLine, quickly became a coveted tool in the... The post MetaStealer Malware Spreads via Crack Software, Targets Google Ad Clicks appeared first on Penetration Testing.
The Hacker News
DECEMBER 20, 2023
Attackers are weaponizing an old Microsoft Office vulnerability as part of phishing campaigns to distribute a strain of malware called Agent Tesla. The infection chains leverage decoy Excel documents attached in invoice-themed messages to trick potential targets into opening them and activate the exploitation of CVE-2017-11882 (CVSS score: 7.
Penetration Testing
DECEMBER 20, 2023
Proof-of-concept (PoC) exploit code has been published for a Windows vulnerability tracked as CVE-2023-36424. This high-severity Windows vulnerability, scoring 7.8, opens a gateway for attackers to elevate privileges from Medium to High Integrity Level.... The post Windows Common Log File System Driver EoP Flaw Gets PoC Exploit appeared first on Penetration Testing.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Expert insights. Personalized for you.
167 
Let's personalize your content