Schneier on Security
DECEMBER 15, 2023
In 2016, I wrote about an Internet that affected the world in a direct, physical manner. It was connected to your smartphone. It had sensors like cameras and thermostats. It had actuators: Drones, autonomous cars. And it had smarts in the middle, using sensor data to figure out what to do and then actually do it. This was the Internet of Things (IoT).
Troy Hunt
DECEMBER 15, 2023
I'd say the balloon fetish segment was the highlight of this week's video. No, seriously, it's a moment of levity in an otherwise often serious industry. It's still a bunch of personal info exposed publicly and that suchs regardless of the nature of the site, but let's be honest, the subject matter did make for some humorous comments 🤣 References Sponsored by: Identity theft isn’t cheap.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Tech Republic Security
DECEMBER 15, 2023
Learn about the different types of VPNs and when to use them. Find out which type of VPN suits your needs with this comprehensive guide.
The Hacker News
DECEMBER 15, 2023
Multiple security vulnerabilities have been discovered in the open-source Netgate pfSense firewall solution called pfSense that could be chained by an attacker to execute arbitrary commands on susceptible appliances. The issues relate to two reflected cross-site scripting (XSS) bugs and one command injection flaw, according to new findings from Sonar.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Bleeping Computer
DECEMBER 15, 2023
VoIP communications company 3CX warned customers today to disable SQL Database integrations because of risks posed by what it describes as a potential vulnerability. [.
Malwarebytes
DECEMBER 15, 2023
Google has announced that it will start rolling its Chrome web browser’s new Tracking Protection feature from January of 2024. Tracking Protection is part of Google’s Privacy Sandbox initiative to phase out third-party cookies. The Tracking Protection feature aims to disable third-party cookies completely in the second half of 2024. Third-party cookies, often referred to as non-essential cookies, can be used to track visitors as they move from one website to another, with the purpose of cr
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Security Affairs
DECEMBER 15, 2023
Security flaws in Netgate pfSense firewall solution can potentially lead to arbitrary code execution on vulnerable devices. pfSense is a popular open-source firewall solution maintained by Netgate, researchers discovered multiple security issues affecting it. Researchers from SonarCloud discovered several security issues, Cross-Site Scripting (XSS) vulnerabilities and a Command Injection vulnerability in pfSense CE ( CVE-2023-42325 , CVE-2023-42327 , CVE-2023-42326 ).
Malwarebytes
DECEMBER 15, 2023
During this past year, we have seen an increase in the use of malicious ads (malvertising) and specifically those via search engines, to drop malware targeting businesses. In fact, browser-based attacks overall have been a lot more common if we include social engineering campaigns. Criminals have found success in acquiring new victims thanks to search ads; we believe there are specialized services that help malware distributors and affiliates to bypass Google’s security measures and helpin
Bleeping Computer
DECEMBER 15, 2023
Today, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) urged technology manufacturers to stop providing software and devices with default passwords. [.
Security Affairs
DECEMBER 15, 2023
The Snatch ransomware group announced it had hacked the food giant Kraft Heinz, the company is investigating the claims. Kraft Heinz is an American food company, it is one of the largest food and beverage manufacturers globally. Kraft Heinz produces a wide range of popular food products, including condiments, sauces, cheese, snacks, and ready-to-eat meals.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Bleeping Computer
DECEMBER 15, 2023
Delta Dental of California and its affiliates are warning almost seven million patients that they suffered a data breach after personal data was exposed in a MOVEit Transfer software breach. [.
Security Affairs
DECEMBER 15, 2023
Experts uncovered a new Go-based multi-platform malware, tracked as NKAbuse, which is the first malware abusing NKN technology. Researchers from Kaspersky’s Global Emergency Response Team ( GERT ) and GReAT uncovered a new multiplatform malware dubbed NKAbuse. The malicious code is written in Go language, it is the first malware that relies on the NKN technology for data exchange between peers.
Bleeping Computer
DECEMBER 15, 2023
Former Amazon security engineer Shakeeb Ahmed pleaded guilty this week to hacking and stealing over $12.3 million from two cryptocurrency exchanges in July 2022. [.
Security Affairs
DECEMBER 15, 2023
The Idaho National Laboratory (INL) announced that it has suffered a data breach impacting more than 45,000 individuals. In November, the hacktivist group SiegedSec claimed responsibility for the hack of The Idaho National Laboratory (INL) and leaked stolen human resources data. SiegedSec is a threat actor that last year carried out multiple attacks against U.S. organizations, especially U.S. municipalities.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Security Boulevard
DECEMBER 15, 2023
A new multiplatform threat that uses the peer-to-peer (P2P) NKN network connectivity protocol as a communication channel for launching a range of threats, from distributed denial-of-service (DDoS) attacks to a remote access trojan (RAT). The multiple-threat malware, dubbed NKAbuse, appears to be targeting Linux desktops, though it also can infect Arm and MIPS systems, which.
Security Affairs
DECEMBER 15, 2023
Resecurity has uncovered a meaningful link between three major ransomware groups, BianLian, White Rabbit, and Mario Ransomware. Based on a recent Digital Forensics & Incident Response (DFIR) engagement with a law enforcement agency (LEA) and one of the leading investment organizations in Singapore (and other victims), Resecurity (USA) has uncovered a meaningful link between three major ransomware groups.
Security Boulevard
DECEMBER 15, 2023
Life comes at you fast, and that’s especially true for CISOs grappling with the many compliance risks in cybersecurity. From greater regulatory pressures and heightened privacy standards to increased personal liability, topped off with new rules for artificial intelligence — a lot happened in 2023. With these changes come implications for you in 2024.
Bleeping Computer
DECEMBER 15, 2023
The Hunters International ransomware gang claimed to be behind a cyberattack on the Fred Hutchinson Cancer Center (Fred Hutch) that resulted in patients receiving personalized extortion threats. [.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Graham Cluley
DECEMBER 15, 2023
US authorities have charged four people for their alleged roles in a fraudulent cryptocurrency investment scheme that saw targets approached via dating sites and social media, and cost victims more than $80 million. Read more in my article on the Hot for Security blog.
Penetration Testing
DECEMBER 15, 2023
Two vulnerabilities in Microsoft SharePoint Server have recently come under the spotlight, thanks to the detailed work of STAR Labs researcher Nguyễn Tiến Giang (Jang). In March, at the Pwn2Own contest in Vancouver, a... The post PoC Released for SharePoint Pre-Auth RCE Chain (CVE-2023-29357 & CVE-2023-24955) appeared first on Penetration Testing.
Bleeping Computer
DECEMBER 15, 2023
Cloud storage provider Box.com is suffering an outtage preventing customers from accessing their files. [.
Security Affairs
DECEMBER 15, 2023
GokuMarket, a centralized crypto exchange owned by ByteX, left an open instance, revealing the details of virtually all of its users, the Cybernews research team has discovered. The leak comes after the team discovered an unprotected MongoDB instance, which stored information on GokuMarket crypto exchange users. Businesses employ MongoDB to organize and store large swaths of document-oriented information, and in GokuMarket’s case, the details of over a million customers and admin users.
Advertisement
The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.
Bleeping Computer
DECEMBER 15, 2023
The big news over the past two weeks is the continued drama plaguing BlackCat/ALPHV after their infrastructure suddenly stopped working for almost five days. Multiple sources told BleepingComputer that this outage was related to a law enforcement operation, but BlackCat claims the outages were caused by a hardware/hosting issue. [.
Heimadal Security
DECEMBER 15, 2023
Kyivstar, Ukraine’s main provider of telecommunication services, says that it’s been the target of a ‘powerful hacker attack’. The attack left customers without mobile or internet signal and caused the air raid sirens in the northeastern city of Sumy to malfunction as a result of the outage. Kyivstar has over 25 million mobile customers and […] The post Ukraine’s Largest Telecommunication Provider Paralysed by a Massive Cyberattack appeared first on Heimdal Security Blog.
InfoWorld on Security
DECEMBER 15, 2023
The arrival of ChatGPT in late 2022 and the ensuing cascade of large language models ensured that 2023 will forever be known as the year of generative AI (GenAI). With amazing speed, generative AI has rippled across the entire information technology landscape—from software development and devops tools, to data management platforms and analytics tools, to cloud security, compliance, and governance solutions.
We Live Security
DECEMBER 15, 2023
Your iPhone has just received a new feature called iMessage Contact Key Verification that is designed to help protect your messages from prying eyes
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
The Hacker News
DECEMBER 15, 2023
A new botnet consisting of firewalls and routers from Cisco, DrayTek, Fortinet, and NETGEAR is being used as a covert data transfer network for advanced persistent threat actors, including the China-linked threat actor called Volt Typhoon.
Security Boulevard
DECEMBER 15, 2023
2024 almost here: Rollout begins Jan 4, but few trust Google’s motives. The post Happy New Year: Google Cookie Block Starts Soon, but Fear Remains appeared first on Security Boulevard.
The Hacker News
DECEMBER 15, 2023
Microsoft is warning of an uptick in malicious activity from an emerging threat cluster it's tracking as Storm-0539 for orchestrating gift card fraud and theft via highly sophisticated email and SMS phishing attacks against retail entities during the holiday shopping season.
Penetration Testing
DECEMBER 15, 2023
Kerbeus-BOF Beacon Object Files for Kerberos abuse. This is an implementation of some important features of the Rubeus project, written in C. The project features integration with the C2 frameworks Cobalt Strike and Havoc. Download git clone [link] Use... The post Kerbeus-BOF: Beacon Object Files for Kerberos abuse appeared first on Penetration Testing.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Expert insights. Personalized for you.
273 
Let's personalize your content