Schneier on Security

DECEMBER 18, 2023

More unconstrained surveillance : Lawmakers noted the pharmacies’ policies for releasing medical records in a letter dated Tuesday to the Department of Health and Human Services (HHS) Secretary Xavier Becerra. The letter—signed by Sen. Ron Wyden (D-Ore.), Rep. Pramila Jayapal (D-Wash.), and Rep. Sara Jacobs (D-Calif.)—said their investigation pulled information from briefings with eight big prescription drug suppliers.

Surveillance 265

Surveillance Government Healthcare 265

Bleeping Computer

DECEMBER 18, 2023

Comcast Cable Communications, doing business as Xfinity, disclosed on Monday that attackers who breached one of its Citrix servers in October also stole customer-sensitive information from its systems. [.

Data breaches 135

Data breaches Hacking 135

Security Affairs

DECEMBER 18, 2023

An alleged Lockbit 3.0 ransomware attack on the Italian cloud service provider Westpole disrupted multiple services of local and government organizations and municipalities. A cyber attack hit on December 8, 2023 the Italian cloud service provider Westpole, which is specialized in digital services for public administration. The incident impacted a Westpole’s customer company named PA Digitale which offers its services to various local and government organizations that rely on its platform

Ransomware 129

Ransomware Cyber Attacks Media Government 129

Bleeping Computer

DECEMBER 18, 2023

Comcast Cable Communications, doing business as Xfinity, disclosed on Monday that attackers who breached one of its Citrix servers in October also stole customer-sensitive information from its systems. [.

Data breaches 133

Data breaches 133

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Security Boulevard

DECEMBER 18, 2023

With the holiday season well underway, a threat group with a history of gift card scams is ramping up its efforts, according to Microsoft. The vendor’s Threat Intelligence unit wrote in a posting on X (formerly Twitter) that it has seen a “significant surge in activity associated with the threat actor Storm-0539, known to target. The post Microsoft: Storm-0539 Group Behind a Surge of Gift Card Scams appeared first on Security Boulevard.

Scams 124

Scams Security Awareness Mobile Cybersecurity 124

WIRED Threat Level

DECEMBER 18, 2023

On Telegram, scammers are impersonating doctors to sell fake Covid-19 vaccination certificates and other products, showing how criminals are taking advantage of conspiracy theories.

124

124

Security Affairs

DECEMBER 18, 2023

Info stealers, the type of malware with its purpose in the name, can cripple businesses and everyday users alike. So, how do you protect against them? Info stealers, also known as information stealers, are a type of malicious software (malware) designed to covertly collect sensitive and personal information from a victim’s computer or network.

Banking 120

Banking Cybercrime Malware Accountability 120

Bleeping Computer

DECEMBER 18, 2023

The KB5033375 cumulative update released during the December 2023 Patch Tuesday causes Wi-Fi connectivity issues on some Windows 11 devices. [.

128

128

Security Boulevard

DECEMBER 18, 2023

They’ve been detailed, debated, and fretted about for months, but as of today, the Securities and Exchange Commission’s new set of rules dictating how and when public companies must disclose “material” cyberattacks go into effect. The new regulation and the SEC itself have gotten their share of blowback from companies worried that the rules –. The post Controversial SEC Cyber Disclosure Rules Take Effect appeared first on Security Boulevard.

Data breaches 113

Data breaches Data privacy Security Awareness Malware 113

Bleeping Computer

DECEMBER 18, 2023

Four vulnerabilities, one of which is rated critical, have been discovered in the Perforce Helix Core Server, a source code management platform widely used by the gaming, government, military, and technology sectors. [.

Government 112

Government Technology 112

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

eSecurity Planet

DECEMBER 18, 2023

The impending holidays don’t mean a break from cybersecurity threats. This week’s news includes open-source software vulnerabilities, endangered data, and continued attacks from state-sponsored Russian threat groups. Google’s Dataproc security issues could be exploited not just through the analytics engine but through Google Compute Engine, too.

Backups 113

Backups Firewall Engineering Software 113

Security Boulevard

DECEMBER 18, 2023

Automated tools simplify the Linux kernel patching process. Most distributions provide patches through system updates. Live patching eliminates the need to reboot the system. Debunking Myths about Linux Kernel Patching The kernel is the heart of the Linux operating system that powers a majority of computing devices around the globe. As […] The post Debunking Myths About Linux Kernel Patching appeared first on TuxCare.

Education 109

Education 109

Bleeping Computer

DECEMBER 18, 2023

Mr. Cooper is sending notices of a data breach to customers who were impacted by a cyberattack the firm suffered in November 2023. [.

Data breaches 126

Data breaches 126

Tech Republic Security

DECEMBER 18, 2023

Cyber scams pose a significant threat to organizations of all sizes, regardless of their industry or geographic location. This article from TechRepublic Premium digs into the nature of these scams while also highlighting the measures organizations can take to shield their employees from becoming victims. From the download: ESTABLISH STRONG PASSWORD POLICIES AND LEAST PRIVILEGED.

Scams 95

Scams Passwords 95

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Security Affairs

DECEMBER 18, 2023

Experts warn of a new phishing campaign distributing the QakBot malware, months after law enforcement dismantled its infrastructure. In August, the FBI announced that the Qakbot botnet was dismantled as a result of an international law enforcement operation named Operation ‘Duck Hunt.’ Qakbot , also known as QBot, QuackBot and Pinkslipbot, is an info-stealing malware that has been active since 2008.

Malware 107

Malware Phishing Ransomware Hacking 107

Penetration Testing

DECEMBER 18, 2023

In the ever-evolving landscape of cybersecurity, a new threat has emerged, targeting the integrity of Secure Shell (SSH) communications – the Terrapin Attack. SSH, a vital tool for secure access to network services, is... The post CVE-2023-48795: SSH Flaw Lets Hackers Strip Secrets From Your Connection appeared first on Penetration Testing.

Penetration Testing 111

Penetration Testing Cybersecurity 111

Bleeping Computer

DECEMBER 18, 2023

American global apparel and footwear giant VF Corporation, the owner of brands like Supreme, Vans, Timberland, and The North Face, has disclosed a security incident that caused operational disruptions. [.

Ransomware 102

Ransomware 102

Hacker Combat

DECEMBER 18, 2023

Copying and pasting text and images on a Mac is easy using keyboard shortcuts or the contextual menu, yet sometimes files that have been copied over lose their formatting when. The post How to Copy and Paste on Mac? appeared first on Hacker Combat.

103

103

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Malwarebytes

DECEMBER 18, 2023

Database provider MongoDB has posted a security notice about a security incident in which attackers obtained unauthorized access to some of its corporate systems. The targeted system contained customer names, phone numbers, and email addresses among other customer account metadata, including system logs for one customer. That customer has been notified separately and there is no evidence that any other customers’ system logs were accessed.

Data breaches 99

Data breaches Social Engineering Phishing Authentication 99

Identity IQ

DECEMBER 18, 2023

How to Avoid Fake QR Code Scams IdentityIQ In today’s tech-driven world, QR (quick response) codes are everywhere. From facilitating contactless payments to accessing menus and websites, these quick response codes offer convenience and speed and are trusted by almost everyone. But how do you know what you’re getting with a QR code? Fake QR code scams have quickly become a massive issue.

Scams 96

Scams Identity Theft Phishing Malware 96

Penetration Testing

DECEMBER 18, 2023

Recently, a significant security vulnerability in the Linux NetFilter kernel has been discovered, allowing unprivileged local users to escalate their privileges, allowing complete control over a system. This flaw, designated as CVE-2023-6817, poses a... The post CVE-2023-6817: Linux Kernel NetFilter Flaw Opens Root Access appeared first on Penetration Testing.

Penetration Testing 110

Penetration Testing 110

The Hacker News

DECEMBER 18, 2023

Technical details have emerged about two now-patched security flaws in Microsoft Windows that could be chained by threat actors to achieve remote code execution on the Outlook email service sans any user interaction.

Internet 100

Internet Internet 100

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

Bleeping Computer

DECEMBER 18, 2023

Microsoft has released a troubleshooter tool to fix an issue where the HP Smart app would automatically install on Windows systems after renaming all printers to HP LaserJet M101-M106. [.

92

92

Hacker Combat

DECEMBER 18, 2023

Instagram is an amazing social platform where you can stay in touch with your friends and influencers, but sometimes it can be too much. Taking a break may help. Instagram. The post How to Temporarily Deactivate Instagram? appeared first on Hacker Combat.

88

88

Bleeping Computer

DECEMBER 18, 2023

Conor LaHiff, a former IT manager for a New Jersey public high school, has admitted to committing a cyberattack against his former employer following the termination of his employment in June 2023. [.

91

91

We Live Security

DECEMBER 18, 2023

ESET researchers discuss the dynamics within and between various groups of scammers who use a Telegram bot called Telekopye to scam people on online marketplaces

Scams 91

Scams 91

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Malwarebytes

DECEMBER 18, 2023

This week on the Lock and Code podcast… It talks, it squawks, it even blocks! The stocking-stuffer on every hobby hacker’s wish list this year is the Flipper Zero. “Talk” across low-frequency radio to surreptitiously change TV channels, emulate garage door openers, or even pop open your friend’s Tesla charging port without their knowing! “Squawk” with the Flipper Zero’s mascot and user-interface tour guide, a “cyber-dolphin” who can “read” the minds of office key fobs and insecure hotel en

Government 85

Government Cybersecurity Software Risk 85

Hacker Combat

DECEMBER 18, 2023

Keep your AirPods protected when not in use by keeping them inside a waterproof charging case to protect them from falling into liquid environments such as puddles, sinks or other. The post Why Your AirPods Aren’t Waterproof appeared first on Hacker Combat.

85

85

Heimadal Security

DECEMBER 18, 2023

The Exploit Prediction Scoring System (EPSS) is a data-driven tool highlighting what vulnerabilities hackers will likely exploit. EPSS was created by a group of experts at the Forum of Incident Response and Security Teams (FIRST). Its purpose is to make it easier for security teams to prioritize vulnerability remediation better. Making a better choice of […] The post What is the EPSS score?

83

83

Hacker Combat

DECEMBER 18, 2023

Instagram doesn’t inform its users when their Story or Reel has been screengrabbed – no matter whether they have millions of followers or just an everyday account – which means. The post How to Know If Someone Screengrabs Your Instagram Story appeared first on Hacker Combat.

Accountability 83

Accountability 83

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.