Schneier on Security

NOVEMBER 15, 2023

This is interesting : For the first time, researchers have demonstrated that a large portion of cryptographic keys used to protect data in computer-to-server SSH traffic are vulnerable to complete compromise when naturally occurring computational errors occur while the connection is being established. […] The vulnerability occurs when there are errors during the signature generation that takes place when a client and server are establishing a connection.

342

342

Tech Republic Security

NOVEMBER 15, 2023

Cloud PCs give you access to Windows AI tools on any device, and Windows 365 now has AI-powered tools to help IT give users the right cloud PC for their needs.

Artificial Intelligence 157

Artificial Intelligence Software Network Security 157

Bleeping Computer

NOVEMBER 15, 2023

The ALPHV/BlackCat ransomware operation has taken extortion to a new level by filing a U.S. Securities and Exchange Commission complaint against one of their alleged victims for not complying with the four-day rule to disclose a cyberattack. [.

Ransomware 144

Ransomware 144

Tech Republic Security

NOVEMBER 15, 2023

The strange vulnerability could have allowed for escalation of privilege, denial of service or information disclosure attacks.

Software 171

Software 171

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Security Boulevard

NOVEMBER 15, 2023

IaaS Catch Fire: Google and Intel fuzz, find and fix a fabulous bug. Next up: More of the same. The post HALT! I am Reptar! Intel CPU Bug Panics Cloud Providers appeared first on Security Boulevard.

Social Engineering 125

Social Engineering Engineering IoT Security Awareness 125

Tech Republic Security

NOVEMBER 15, 2023

It doesn’t matter whether your organization is a huge multinational business enterprise or a one-person operation, cybersecurity will be an important issue. With this TechRepublic Premium pack, readers can get four cybersecurity glossaries for a bargain price. Each glossary explains the terminology and will help you understand the language with clear, concise definitions.

Cybersecurity 117

Cybersecurity 117

Security Affairs

NOVEMBER 15, 2023

The FBI and CISA warn of attacks carried out by the Rhysida ransomware group against organizations across multiple industry sectors. FBI and CISA published a joint Cybersecurity Advisory (CSA) to warn of Rhysida ransomware attacks against organizations across multiple industry sectors. The report is part of the ongoing #StopRansomware effort that disseminates advisories about tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) associated with ransomware groups.

Ransomware 118

Ransomware Healthcare Manufacturing Education 118

Security Boulevard

NOVEMBER 15, 2023

The asset management sector, a critical component of the financial industry, is facing a pressing challenge in the form of cybersecurity. During the first quarter of 2023, the number of weekly cyberattacks witnessed a 7% increase when compared to the corresponding period in the previous year. This rise in cyberattacks has significant implications for asset.

Cybersecurity 118

Cybersecurity Data breaches Network Security 118

WIRED Threat Level

NOVEMBER 15, 2023

Jacob Chansley, the January 6 rioter known as the QAnon Shaman, will run for Congress in Arizona. The most remarkable thing about his campaign so far is how unremarkable it is in a state that’s embraced election conspiracies.

118

118

Malwarebytes

NOVEMBER 15, 2023

Another important update round for this month’s Patch Tuesday. Microsoft has patched a total of 63 vulnerabilities in its operating systems. Five of these vulnerabilities qualify as zero-days, with three listed as being actively exploited. Microsoft considers a vulnerability to be a zero-day if it is publicly disclosed or actively exploited with no official fix available.

Internet 117

Internet Internet Media Ransomware 117

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Security Affairs

NOVEMBER 15, 2023

Enterprise software giant SAP addressed a critical improper access control vulnerability in its Business One product. SAP November 2023 Security Patch Day includes three new and three updated security notes. The most severe “hot news” is an improper access control vulnerability, tracked as CVE-2023-31403 (CVSS score of 9.6), that impacts SAP Business One product installation. “SAP Business One installation – version 10.0, does not perform proper authentication and authori

Authentication 112

Authentication Hacking Software Information Security 112

WIRED Threat Level

NOVEMBER 15, 2023

Poverty, fentanyl, and lack of public funding mean morgues are overloaded with unidentified bodies. TikTok and Facebook pages are filling the gap—with AI proving a powerful and controversial new tool.

Media 114

Media Artificial Intelligence 114

Security Boulevard

NOVEMBER 15, 2023

The prolific Royal ransomware group, which has demanded more than $275 million in ransom from as many as 350 targets since September 2022, may be preparing to rebrand itself or spin off a variant, according to a U.S. government advisory. The FBI and Cybersecurity and Infrastructure Security Agency (CISA) wrote in its advisory this week. The post FBI and CISA Say the Royal Ransomware Group May Rebrand appeared first on Security Boulevard.

Ransomware 113

Ransomware Government Cybersecurity IoT 113

Bleeping Computer

NOVEMBER 15, 2023

Microsoft fixed a known issue causing blue screens and boot failures in Windows Server 2022 virtual machines (VMs) deployed on VMware ESXi hosts. [.

124

124

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Security Boulevard

NOVEMBER 15, 2023

In today’s business world, companies are determined to create software faster than ever before. Developers are under immense pressure to deliver products to customers quickly. To accelerate this process, developers often rely on pre-made “building blocks” – open-source components. This means that modern software is frequently assembled from existing parts rather than being built entirely […] The post Navigating Open-Source Supply Chain Threats: Protecting Your Software Ecosystem appeared first o

Software 113

Software Malware Cybersecurity 113

Dark Reading

NOVEMBER 15, 2023

With a two-pronged approach, the group trains its hackers in penetration testing, only to set them free to build a marketplace for pen-testing services.

Penetration Testing 121

Penetration Testing 121

Security Boulevard

NOVEMBER 15, 2023

Deploying SD-WAN across multiple multi-orbit satellite links creates a reliable virtual network on top of the physical infrastructure. The post Using SD-WAN to Optimize Security and Connectivity of Satellite Networks appeared first on Security Boulevard.

Cybersecurity 109

Cybersecurity Network Security 109

Dark Reading

NOVEMBER 15, 2023

Rackspace's 2022 ransomware attack costs only continue to mount, with lawsuits in the offing — and show the long-tail costs of a cyberattack.

Ransomware 122

Ransomware 122

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

The Hacker News

NOVEMBER 15, 2023

Russian threat actors have been possibly linked to what's been described as the "largest cyber attack against Danish critical infrastructure," in which 22 companies associated with the operation of the country's energy sector were targeted in May 2023. "22 simultaneous, successful cyberattacks against Danish critical infrastructure are not commonplace," Denmark's SektorCERT said [PDF].

Cyber Attacks 109

Cyber Attacks 109

Bleeping Computer

NOVEMBER 15, 2023

Samsung Electronics is notifying some of its customers of a data breach that exposed their personal information to an unauthorized individual. [.

Data breaches 117

Data breaches 117

The Hacker News

NOVEMBER 15, 2023

Cybersecurity researchers have demonstrated a new technique that exploits a critical security flaw in Apache ActiveMQ to achieve arbitrary code execution in memory. Tracked as CVE-2023-46604 (CVSS score: 10.0), the vulnerability is a remote code execution bug that could permit a threat actor to run arbitrary shell commands. It was patched by Apache in ActiveMQ versions 5.15.16, 5.16.7, 5.17.

Cybersecurity 100

Cybersecurity 100

Bleeping Computer

NOVEMBER 15, 2023

PJ&A (Perry Johnson & Associates) is warning that a cyberattack in March 2023 exposed the personal information of almost nine million patients. [.

Healthcare 111

Healthcare 111

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

The Hacker News

NOVEMBER 15, 2023

The U.S. government on Tuesday announced the takedown of the IPStorm botnet proxy network and its infrastructure, as the Russian and Moldovan national behind the operation pleaded guilty.

Computers and Electronics 99

Computers and Electronics Government 99

Malwarebytes

NOVEMBER 15, 2023

This article is based on research by Marcelo Rivero, Malwarebytes’ ransomware specialist, who monitors information published by ransomware gangs on their Dark Web sites. In this report, “known attacks” are those where the victim did not pay a ransom. This provides the best overall picture of ransomware activity, but the true number of attacks is far higher.

Ransomware 97

Ransomware Education Backups Cyber Insurance 97

Bleeping Computer

NOVEMBER 15, 2023

Multiple fake accounts impersonating cryptocurrency scam investigators and blockchain security companies are promoting phishing pages to drain wallets in an ongoing campaign on X (former Twitter). [.

Cryptocurrency 98

Cryptocurrency Scams Phishing Accountability 98

WIRED Threat Level

NOVEMBER 15, 2023

The new generation of hardware authentication key includes support for cryptographic passkeys as Google pushes adoption of the more secure login alternative.

Passwords 104

Passwords Authentication Hacking 104

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Bleeping Computer

NOVEMBER 15, 2023

Citrix has released hotfixes for two vulnerabilities impacting Citrix Hypervisor, one of them being the "Reptar" high-severity flaw that affects Intel CPUs for desktop and server systems. [.

97

97

Graham Cluley

NOVEMBER 15, 2023

Who's more incompetent - the cryptocurrency exchanges or some of the people who hack them? Plus a closer look at the reliability of AI chatbots. All this and more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault.

Hacking 94

Hacking Cryptocurrency Cybersecurity 94

Bleeping Computer

NOVEMBER 15, 2023

The Toronto Public Library (TPL) confirmed that the personal information of employees, customers, volunteers, and donors was stolen from a compromised file server during an October ransomware attack. [.

Ransomware 95

Ransomware 95

Thales Cloud Protection & Licensing

NOVEMBER 15, 2023

Ready for Take-off: Rising Above Airport Cybersecurity Challenges sparsh Thu, 11/16/2023 - 04:52 Aviation is a fast-paced world, with airports around the globe serving billions of passengers annually. These bustling hubs require robust security systems to ensure the safety of passengers, staff, and infrastructure. The entire passenger process, from check-in to boarding, involves multiple stakeholders, including government regulators, airport management, airline personnel, and on-premise security

Cybersecurity 87

Cybersecurity Authentication Digital transformation Cyber Insurance 87

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.