Troy Hunt

NOVEMBER 14, 2023

Allegedly, Acuity had a data breach. That's the context that accompanied a massive trove of data that was sent to me 2 years ago now. I looked into it, tried to attribute and verify it then put it in the "too hard basket" and moved onto more pressing issues. It was only this week as I desperately tried to make some space to process yet more data that I realised why I was short on space in the first place: Ah, yeah - Acuity - that big blue 437GB blob.

Healthcare 306

Healthcare Insurance Data breaches Scams 306

The Last Watchdog

NOVEMBER 14, 2023

Combining DevSecOps with Generative Artificial Intelligence (Gen-AI) holds the potential to transform both software development and cybersecurity protocols. Related: The primacy of DevSecOps Through harnessing the power of Generative AI, enterprises can usher in a new era of DevSecOps, elevating development velocity, security, and robustness to unprecedented levels.

Artificial Intelligence 262

Artificial Intelligence Software Engineering Cybersecurity 262

Krebs on Security

NOVEMBER 14, 2023

Microsoft today released updates to fix more than five dozen security holes in its Windows operating systems and related software, including three “zero day” vulnerabilities that Microsoft warns are already being exploited in active attacks. The zero-day threats targeting Microsoft this month include CVE-2023-36025 , a weakness that allows malicious content to bypass the Windows SmartScreen Security feature.

Social Engineering 242

Social Engineering Phishing Internet Internet 242

The Last Watchdog

NOVEMBER 14, 2023

Threat intelligence sharing has come a long way since Valentine’s Day 2015. Related: How ‘Internet Access Brokers’ fuel ransomware I happened to be in the audience at Stanford University when President Obama took to the stage to issue an executive order challenging the corporate sector and federal government to start collaborating as true allies.

Cyber threats 260

Cyber threats Ransomware Internet Internet 260

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Schneier on Security

NOVEMBER 14, 2023

This is a current list of where and when I am scheduled to speak: I’m speaking at the AI Summit New York on December 6, 2023. The list is maintained on this page.

207

207

Tech Republic Security

NOVEMBER 14, 2023

The U.K.'s position as a financial services hub puts it ahead in enterprise-wide IT automation, says Red Hat. But skills shortages remain an issue for all IT leaders surveyed.

Financial Services 132

Financial Services Artificial Intelligence Technology Network Security 132

Malwarebytes

NOVEMBER 14, 2023

As we head into shopping season, customers aren’t the only ones getting excited. More online shopping means more opportunities for cybercriminals to grab their share using scams and data theft. One particular threat we’re following closely and expect to increase over the next several weeks is credit card skimming. Online stores are not always as secure as you might think they are, and yet you need to hand over your valuable credit card information in order to buy anything.

Antivirus 144

Antivirus Scams Marketing Hacking 144

Bleeping Computer

NOVEMBER 14, 2023

The Lockbit ransomware attacks use publicly available exploits for the Citrix Bleed vulnerability (CVE-2023-4966) to breach the systems of large organizations, steal data, and encrypt files. [.

Ransomware 136

Ransomware Encryption 136

The Hacker News

NOVEMBER 14, 2023

Intel has released fixes to close out a high-severity flaw codenamed Reptar that impacts its desktop, mobile, and server CPUs. Tracked as CVE-2023-23583 (CVSS score: 8.8), the issue has the potential to "allow escalation of privilege and/or information disclosure and/or denial of service via local access.

Mobile 134

Mobile 134

Bleeping Computer

NOVEMBER 14, 2023

The WordPress plugin WP Fastest Cache is vulnerable to an SQL injection vulnerability that could allow unauthenticated attackers to read the contents of the site's database. [.

136

136

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

The Hacker News

NOVEMBER 14, 2023

Microsoft has released fixes to address 63 security bugs in its software for the month of November 2023, including three vulnerabilities that have come under active exploitation in the wild. Of the 63 flaws, three are rated Critical, 56 are rated Important, and four are rated Moderate in severity. Two of them have been listed as publicly known at the time of the release.

Software 129

Software 129

Bleeping Computer

NOVEMBER 14, 2023

Microsoft has fixed a critical security vulnerability that could let attackers steal credentials from GitHub Actions or Azure DevOps logs created using Azure CLI (short for Azure command-line interface). [.

134

134

Dark Reading

NOVEMBER 14, 2023

While China is already among the world's most formidable threat actors, a focus on exploiting public-facing appliances makes its state-sponsored APTs more dangerous than ever.

130

130

Security Boulevard

NOVEMBER 14, 2023

Lacework added tools for evaluating code security that are integrated with its cloud native application protection platform (CNAPP). The post Lacework Extends Security Reach Into Application Development appeared first on Security Boulevard.

Cybersecurity 128

Cybersecurity 128

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Bleeping Computer

NOVEMBER 14, 2023

Today is Microsoft's November 2023 Patch Tuesday, which includes security updates for a total of 58 flaws and five zero-day vulnerabilities.

139

139

The Last Watchdog

NOVEMBER 14, 2023

New York, New York, Nov. 14, 2023 — 1touch.io , a pioneer in sensitive data intelligence, today announced Ashish Gupta as its new Chief Executive Officer and President. Gupta will also join the 1touch.io Board of Directors. Previously, he served as the CEO and President of Bugcrowd, where he successfully led the company’s rapid scaling by transforming it into a multi-product, industry-leading platform.

Data privacy 100

Data privacy Digital transformation Marketing Technology 100

Bleeping Computer

NOVEMBER 14, 2023

A new software-based fault injection attack, CacheWarp, can let threat actors hack into AMD SEV-protected virtual machines by targeting memory writes to escalate privileges and gain remote code execution. [.

Software 122

Software Hacking 122

Security Boulevard

NOVEMBER 14, 2023

A Rubrik survey found more than half of organizations suffered a loss of sensitive data in the last year, with 16% experiencing multiple incidents. The post Rubrik Report Surfaces Scope of Data Security Challenge appeared first on Security Boulevard.

Data privacy 117

Data privacy Cybersecurity 117

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Bleeping Computer

NOVEMBER 14, 2023

Intel has fixed a high-severity CPU vulnerability in its modern desktop, server, mobile, and embedded CPUs, including the latest Alder Lake, Raptor Lake, and Sapphire Rapids microarchitectures. [.

Mobile 122

Mobile 122

Dark Reading

NOVEMBER 14, 2023

The swift-moving ransomware crew continues to evolve quickly and has already attacked more than 350 victims since it was first detected just over a year ago.

Ransomware 123

Ransomware 123

Security Affairs

NOVEMBER 14, 2023

Experts warn of an alarming rise in ransomware operations targeting the energy sector, including nuclear facilities and related research entities. Resecurity, Inc. (USA) protecting major Fortune 100 and government agencies globally has identified an alarming rise in ransomware operators targeting the energy sector, including nuclear facilities and related research entities.

Ransomware 117

Ransomware Cyber threats Government Hacking 117

We Live Security

NOVEMBER 14, 2023

Discover six games that will provide valuable knowledge while turning learning about digital security into an enjoyable and rewarding adventure

Cybersecurity 126

Cybersecurity 126

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

Security Affairs

NOVEMBER 14, 2023

VMware disclosed a critical bypass vulnerability in VMware Cloud Director Appliance that can be exploited to bypass login restrictions when authenticating on certain ports. VMware disclosed an authentication bypass vulnerability, tracked as CVE-2023-34060 (CVSS score 9.8), in its Cloud Director Appliance that can be exploited by an attacker with network access to the appliance bypassing login restrictions when authenticating on port 22 (ssh) or port 5480 (appliance management console). “VM

Authentication 117

Authentication Hacking Information Security 117

Dark Reading

NOVEMBER 14, 2023

Another two bugs in this month's set of fixes for 63 CVEs were publicly disclosed previously but have not been exploited yet.

132

132

Security Affairs

NOVEMBER 14, 2023

Patch Tuesday security updates for November 2023 fixed three vulnerabilities actively exploited in the wild. Microsoft Patch Tuesday security updates for November 2023 addressed 63 new vulnerabilities in Microsoft Windows and Windows Components; Exchange Server; Office and Office Components; ASP.NET and.NET Framework; Azure; Mariner; Microsoft Edge (Chromium-based), Visual Studio, and Windows Hyper-V.

Phishing 115

Phishing Hacking Information Security 115

Bleeping Computer

NOVEMBER 14, 2023

A Russian hacking group known as AlphaLock is launching a "pentest" marketplace and training platform to empower a new generation of threat actors. Learn more from Flare about the new hacking group. [.

Hacking 110

Hacking 110

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Security Boulevard

NOVEMBER 14, 2023

There are expected to be 3.5 million open cybersecurity jobs by 2025, but breaking into cybersecurity is tough. Here's how to do it. The post Closing the Talent Gap in Cybersecurity appeared first on Security Boulevard.

Cybersecurity 109

Cybersecurity 109

WIRED Threat Level

NOVEMBER 14, 2023

Roswell, New Mexico, remains synonymous with the “discovery” of alien life on Earth—and a US government coverup. But history shows the reality may be far less out of this world—and still fascinating.

Government 110

Government 110

The Hacker News

NOVEMBER 14, 2023

The Vietnamese threat actors behind the Ducktail stealer malware have been linked to a new campaign that ran between March and early October 2023, targeting marketing professionals in India with an aim to hijack Facebook business accounts. "An important feature that sets it apart is that, unlike previous campaigns, which relied on.

Marketing 105

Marketing Malware Accountability 105

Bleeping Computer

NOVEMBER 14, 2023

VMware disclosed a critical and unpatched authentication bypass vulnerability affecting Cloud Director appliance deployments. [.

Authentication 128

Authentication 128

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.