Schneier on Security

MARCH 20, 2024

The Wall Street Journal is reporting on a variety of techniques drivers are using to obscure their license plates so that automatic readers can’t identify them and charge tolls properly. Some drivers have power-washed paint off their plates or covered them with a range of household items such as leaf-shaped magnets, Bramwell-Stewart said. The Port Authority says officers in 2023 roughly doubled the number of summonses issued for obstructed, missing or fictitious license plates compared wit

257

257

Krebs on Security

MARCH 20, 2024

It’s not unusual for the data brokers behind people-search websites to use pseudonyms in their day-to-day lives (you would, too). Some of these personal data purveyors even try to reinvent their online identities in a bid to hide their conflicts of interest. But it’s not every day you run across a US-focused people-search network based in China whose principal owners all appear to be completely fabricated identities.

Marketing 247

Marketing Technology Data privacy Advertising 247

Tech Republic Security

MARCH 20, 2024

Risky cyber security behaviours are putting employees at risk of phishing and other attacks, according to Proofpoint research, with many employees still unclear security is their responsibility, too.

Phishing 143

Phishing Risk Data privacy Information Security 143

Malwarebytes

MARCH 20, 2024

Earlier this week, the data of over 70 million people was posted for sale on an online cybercrime forum. The person selling the data claims it stems from a 2021 breach at AT&T. Back in 2021, a hacker named Shiny Hunters claimed to have breached AT&T and put the alleged stolen data up for sale for $1 million for a direct sell. Fast forward three years and another threat actor calling themselves MajorNelson has leaked what they say is the same data.

Identity Theft 140

Identity Theft Data breaches Cybercrime Mobile 140

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Tech Republic Security

MARCH 20, 2024

Explore top multi-factor authentication solutions for enhanced security and user authentication. Learn about the benefits and features of leading MFA providers.

Authentication 147

Authentication 147

Bleeping Computer

MARCH 20, 2024

The March 2024 Windows Server updates are causing some domain controllers to crash and restart, according to widespread reports from Windows administrators. [.

143

143

Bleeping Computer

MARCH 20, 2024

Users of the social media platform X (Twitter) have often been left puzzled when they click on a post with an external link but arrive at an entirely unexpected website from the one displayed. A Twitter ad spotted below by a security researcher shows forbes.com as its destination but instead takes you to a Telegram account. [.

Media 135

Media Accountability 135

Security Affairs

MARCH 20, 2024

Atlassian fixed tens of vulnerabilities in Bamboo, Bitbucket, Confluence, and Jira products, including a critical flaw that can be very dangerous. Atlassian addressed multiple vulnerabilities in its Bamboo, Bitbucket, Confluence, and Jira products. The most severe vulnerability, tracked as CVE-2024-1597 (CVSS score of 10), is a SQL injection flaw that impacts the org.postgresql:postgresql third-party dependency of Bamboo Data Center and Server. “This org.postgresql:postgresql Dependency

Hacking 127

Hacking Software Information Security 127

Bleeping Computer

MARCH 20, 2024

A new denial-of-service attack dubbed 'Loop DoS' targeting application layer protocols can pair network services into an indefinite communication loop that creates large volumes of traffic. [.

131

131

Security Affairs

MARCH 20, 2024

Multiple threat actors are exploiting the recently disclosed JetBrains TeamCity flaw CVE-2024-27198 in attacks in the wild. Trend Micro researchers are exploiting the recently disclosed vulnerabilities CVE-2024-27198 (CVSS score: 9.8) and CVE-2024-27199 (CVSS score 7.3) security flaws in JetBrains TeamCity to deploy multiple malware families and gain administrative control over impacted systems.

Malware 123

Malware Authentication Cryptocurrency Ransomware 123

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Bleeping Computer

MARCH 20, 2024

GitHub introduced a new AI-powered feature capable of speeding up vulnerability fixes while coding. This feature is in public beta and automatically enabled on all private repositories for GitHub Advanced Security (GHAS) customers [.

Software 127

Software 127

The Hacker News

MARCH 20, 2024

A novel denial-of-service (DoS) attack vector has been found to target application-layer protocols based on User Datagram Protocol (UDP), putting hundreds of thousands of hosts likely at risk.

Risk 121

Risk 121

Bleeping Computer

MARCH 20, 2024

The makers of Flipper Zero have responded to the Canadian government's plan to ban the device in the country, arguing that it is wrongfully accused of facilitating car thefts. [.

Government 120

Government 120

WIRED Threat Level

MARCH 20, 2024

Cookie pop-ups now show the number of “partners” that websites may share data with. Here's how many of these third-party companies may get your data from some of the most popular sites online.

119

119

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Security Affairs

MARCH 20, 2024

The Pokemon Company resets some users’ passwords in response to hacking attempts against some of its users. The Pokemon Company announced it had reset the passwords for some accounts after it had detected hacking attempts, Techcrunch first reported. The company was likely the target of credential stuffing attacks. Credential stuffing is an attack in which hackers use automation and lists of compromised usernames and passwords to defeat authentication and authorization mechanisms, with the

Passwords 113

Passwords Accountability Authentication Hacking 113

Security Boulevard

MARCH 20, 2024

Congressional bi-partisanship these day seems nigh impossible. Related: Rising tensions spell need for tighter cybersecurity Yet by a resounding vote of 352-65, the U.S. House of Representatives recently passed a bill that would ban TikTok unless its China-based owner, ByteDance … (more…) The post LW ROUNDTABLE: Will the U.S. Senate keep citizens safe, vote to force China to divest TikTok?

Cybersecurity 113

Cybersecurity Security Awareness 113

The Hacker News

MARCH 20, 2024

Cybersecurity researchers have discovered an updated variant of a stealer and malware loader called BunnyLoader that modularizes its various functions as well as allow it to evade detection.

Malware 107

Malware Cryptocurrency Cybersecurity 107

Bleeping Computer

MARCH 20, 2024

Hackers hijacked the official contact email for the Belgian Grand Prix event and used it to lure fans to a fake website promising a €50 gift voucher. [.

Banking 112

Banking Accountability Phishing Hacking 112

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

The Hacker News

MARCH 20, 2024

Multiple threat actors are exploiting the recently disclosed security flaws in JetBrains TeamCity software to deploy ransomware, cryptocurrency miners, Cobalt Strike beacons, and a Golang-based remote access trojan called Spark RAT. The attacks entail the exploitation of CVE-2024-27198 (CVSS score: 9.

Ransomware 104

Ransomware Cryptocurrency Authentication Software 104

Graham Cluley

MARCH 20, 2024

Are you using the same passwords in multiple places online? Well, stop. Stop right now. And make sure that you've told your friends and family to stop being reckless too. Read more in my article on the Hot for Security blog.

Passwords 102

Passwords Hacking Data breaches Phishing 102

The Hacker News

MARCH 20, 2024

Atlassian has released patches for more than two dozen security flaws, including a critical bug impacting Bamboo Data Center and Server that could be exploited without requiring user interaction. Tracked as CVE-2024-1597, the vulnerability carries a CVSS score of 10.0, indicating maximum severity. Described as an SQL injection flaw, it's rooted in a dependency called org.

101

101

Bleeping Computer

MARCH 20, 2024

Ivanti warned customers to immediately patch a critical severity Standalone Sentry vulnerability reported by NATO Cyber Security Centre researchers. [.

109

109

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

The Hacker News

MARCH 20, 2024

Ivanti has disclosed details of a critical remote code execution flaw impacting Standalone Sentry, urging customers to apply the fixes immediately to stay protected against potential cyber threats. Tracked as CVE-2023-41724, the vulnerability carries a CVSS score of 9.6.

Cyber threats 98

Cyber threats 98

Graham Cluley

MARCH 20, 2024

The United States Federal Trade Commission (FTC) has warned the public to be cautious if contacted by people claiming to be. FTC staff. Read more in my article on the Tripwire State of Security blog.

Scams 97

Scams 97

WIRED Threat Level

MARCH 20, 2024

Anonymous, candid reviews made Glassdoor a powerful place to research potential employers. A policy shift requiring users to privately verify their real names is raising privacy concerns.

Media 97

Media 97

Graham Cluley

MARCH 20, 2024

There's a Bing ding dong, after Microsoft (over?) enthusiastically encourages Chrome users to stop using Google, and silence hits the British Library as it shares its story of a ransomware attack. All this and more is discussed in the latest edition of the “Smashing Security” podcast by cybersecurity veterans Graham Cluley and Carole Theriault. Plus: Don't miss our featured interview with Kolide founder Jason Meller about his firm's acquisition by 1Password.

Ransomware 95

Ransomware Cybersecurity Data breaches Malware 95

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

SecureWorld News

MARCH 20, 2024

Ransomware attacks have become a significant threat to organizations of all kinds worldwide, with attackers encrypting data and demanding payment for its release. The consequences of these kinds of attacks can be quite severe, with effects ranging from operational disruption to substantial financial losses and reputational damage. In this regard, many have touted cyber insurance as the knight in shining armor, the end all-be all in terms of mitigating criminals' assaults on your network.

Cyber Insurance 91

Cyber Insurance Insurance Ransomware Risk 91

Cisco Security

MARCH 20, 2024

There has been an exponential increase in breaches within enterprises despite the carefully constructed and controlled perimeters that exist around applications and data. Once an attacker can access… Read more on Cisco Blogs Discover the powerful partnership between Cisco and Nvidia, offering an AI-driven enterprise security solution with Cisco Secure Workload 3.9 and Nvidia Bluefield DPUs.

Cyber threats 90

Cyber threats Cybersecurity Network Security 90

Bleeping Computer

MARCH 20, 2024

UK bakery chain Greggs is the latest victim of recent point of sale system outages that forced store closures at large retail chains over the past few weeks. [.

Retail 93

Retail Technology 93

SecureList

MARCH 20, 2024

Introduction Malware for mobile devices is something we come across very often. In 2023 , our technologies blocked 33.8 million malware, adware, and riskware attacks on mobile devices. One of 2023’s most resonant attacks was Operation Triangulation , targeting iOS, but that was rather a unique case. Among the mobile platforms, Android remains the most popular target operating system for cybercriminals.

Malware 85

Malware Mobile Firmware Spyware 85

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.