Schneier on Security

MAY 22, 2024

Experiments in unredacting text that has been pixelated.

242

242

The Last Watchdog

MAY 22, 2024

Torrance,Calif., May 22, 2024, CyberNewsWire — AI SPERA, a leader in Cyber Threat Intelligence (CTI) solutions, announced today that its proprietary search engine, Criminal IP , is now available on the AWS Marketplace. This integration ensures efficient software procurement and deployment, aligning seamlessly with customers’ existing cloud architectures.

Cyber threats 130

Cyber threats Engineering Internet Internet 130

Bleeping Computer

MAY 22, 2024

Microsoft's announcement of the new AI-powered Windows 11 Recall feature has sparked a lot of concern, with many thinking that it has created massive privacy risks and a new attack vector that threat actors can exploit to steal data. [.

Risk 143

Risk 143

Tech Republic Security

MAY 22, 2024

Other announcements included a Snapdragon Dev Kit for Windows, GitHub Copilot Extensions and the general availability of Azure AI Studio.

Artificial Intelligence 145

Artificial Intelligence Big data Software 145

Speaker: Speakers:

In today's digital age, having an untrained workforce can be a significant risk to your business. Cyber threats are evolving; without proper training, your employees could be the weakest link in your defense. This webinar empowers leaders like you with the tools and strategies needed to transform your employees into a robust frontline defense against cyber attacks.

Cyber Attacks

Malwarebytes

MAY 22, 2024

A cybercriminal going by the names of EquationCorp and USDoD have released an enormous database containing the criminal records of millions of Americans. The database is said to contain 70 million rows of data. Post by USDoD on a breach forum The leaked database is said to include full names, dates of birth, known aliases, addresses, arrest and conviction dates, sentences, and much more.

Passwords 137

Passwords Data breaches Phishing Password Management 137

Tech Republic Security

MAY 22, 2024

The European Union’s General Data Protection Regulation requires every business enterprise and public authority that collects personal data from EU customers and clients to protect that data from unauthorized access. Finding ideal candidates for the GDPR data protection compliance officer position will require thorough vetting, and potential candidates may be difficult to find.

Big data 124

Big data 124

Bleeping Computer

MAY 22, 2024

Microsoft announced today that it will start deprecating VBScript in the second half of 2024 by making it an on-demand feature until it's completely removed. [.

136

136

The Last Watchdog

MAY 22, 2024

It’s easy to compile a checklist on why the announced merger of LogRhythm and Exabeam could potentially make strategic sense. Related: Cisco pays $28 billion for Splunk LogRhythm’s is a long established SIEM provider and Exabeam has been making hay since its 2013 launch advancing its UEBA capabilities. Combining these strengths falls in line with the drive to make cloud-centric, hyper-interconnected company networks more resilient.

Marketing 100

Marketing Internet Internet Cybersecurity 100

Bleeping Computer

MAY 22, 2024

A previously unknown threat actor dubbed "Unfading Sea Haze" has been targeting military and government entities in the South China Sea region since 2018, remaining undetected all this time. [.

Government 126

Government 126

WIRED Threat Level

MAY 22, 2024

Ultra-wideband radio has been heralded as the solution for “relay attacks” that are used to steal cars in seconds. But researchers found Teslas equipped with it are as vulnerable as ever.

Hacking 123

Hacking 123

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Tech Republic Security

MAY 22, 2024

This guide explains how you can change the location of your virtual private network for privacy, security or geolocation issues.

VPN 129

VPN 129

The Hacker News

MAY 22, 2024

Microsoft on Wednesday outlined its plans to deprecate Visual Basic Script (VBScript) in the second half of 2024 in favor of more advanced alternatives such as JavaScript and PowerShell. "Technology has advanced over the years, giving rise to more powerful and versatile scripting languages such as JavaScript and PowerShell," Microsoft Program Manager Naveen Shankar said.

Technology 119

Technology 119

Security Affairs

MAY 22, 2024

A researcher discovered a consumer-grade spyware app on the check-in systems of at least three Wyndham hotels across the US. The security researcher Eric Daigle discovered a commercial spyware app, called pcTattletale, on the check-in systems of at least three Wyndham hotels across the US, TechCrunch first reported. Parents often use the app to monitor their children’s online activities or by employers to keep track of employee productivity and internet usage.

Spyware 118

Spyware Surveillance Software Internet 118

The Hacker News

MAY 22, 2024

An unknown threat actor is exploiting known security flaws in Microsoft Exchange Server to deploy a keylogger malware in attacks targeting entities in Africa and the Middle East. Russian cybersecurity firm Positive Technologies said it identified over 30 victims spanning government agencies, banks, IT companies, and educational institutions. The first-ever compromise dates back to 2021.

Education 119

Education Banking Government Technology 119

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Security Affairs

MAY 22, 2024

A threat actor is targeting organizations in Africa and the Middle East by exploiting Microsoft Exchange Server flaws to deliver malware. Positive Technologies researchers observed while responding to a customer’s incident spotted an unknown keylogger embedded in the main Microsoft Exchange Server page. The keylogger was used to collect account credentials.

Malware 118

Malware Accountability Technology Internet 118

The Hacker News

MAY 22, 2024

Cybersecurity researchers have discovered a new cryptojacking campaign that employs vulnerable drivers to disable known security solutions (EDRs) and thwart detection in what's called a Bring Your Own Vulnerable Driver (BYOVD) attack. Elastic Security Labs is tracking the campaign under the name REF4578 and the primary payload as GHOSTENGINE.

Cybersecurity 113

Cybersecurity 113

Bleeping Computer

MAY 22, 2024

LastPass announced it will start encrypting URLs stored in user vaults for enhanced privacy and protection against data breaches and unauthorized access. [.

Encryption 114

Encryption Passwords Data breaches Software 114

The Hacker News

MAY 22, 2024

Rockwell Automation is urging its customers to disconnect all industrial control systems (ICSs) not meant to be connected to the public-facing internet to mitigate unauthorized or malicious cyber activity. The company said it's issuing the advisory due to "heightened geopolitical tensions and adversarial cyber activity globally.

Internet 111

Internet Internet Cyber threats 111

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Bleeping Computer

MAY 22, 2024

Security researchers are warning that China-linked state-backed hackers are increasingly relying on vast proxy networks of virtual private servers and compromised connected devices for cyberespionage operations. [.

106

106

Malwarebytes

MAY 22, 2024

Developing an AI-powered threat to security, privacy, and identity is certainly a choice, but it’s one that Microsoft was willing to make this week at its “Build” developer conference. On Monday, the computing giant unveiled a new line of PCs that integrate Artificial Intelligence (AI) technology to promise faster speeds, enhanced productivity, and a powerful data collection and search tool that screenshots a device’s activity—including password entry—every few seconds.

Artificial Intelligence 111

Artificial Intelligence Passwords Accountability Media 111

We Live Security

MAY 22, 2024

As AI gets closer to the ability to cause physical harm and impact the real world, “it’s complicated” is no longer a satisfying response to questions about AI-powere attacks.

105

105

Security Affairs

MAY 22, 2024

The digital imaging products manufacturer OmniVision disclosed a data breach after the 2023 ransomware attack. OmniVision Technologies is a company that specializes in developing advanced digital imaging solutions. In 2023, OmniVision employed 2,200 people and had an annual revenue of $1.4 billion. OmniVision Technologies Inc. is an American subsidiary of Chinese semiconductor device and mixed-signal integrated circuit design house Will Semiconductor.

Data breaches 104

Data breaches Ransomware Manufacturing Encryption 104

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

SecureList

MAY 22, 2024

Introduction Stealers are a prominent threat in the malware landscape. Over the past year we published our research into several stealers (see here , here and here ), and for now, the trend seems to persist. In the past months, we wrote several private reports on stealers as we discovered Acrid (a new stealer), ScarletStealer (another new stealer) and Sys01, which had been updated quite a bit since the previous public analysis.

Malware 101

Malware Cryptocurrency Passwords Marketing 101

Security Affairs

MAY 22, 2024

A critical security vulnerability in Veeam Backup Enterprise Manager could allow threat actors to bypass authentication. A critical vulnerability, tracked as CVE-2024-29849 (CVSS score: 9.8), in Veeam Backup Enterprise Manager could allow attackers to bypass authentication. Veeam Backup Enterprise Manager is a centralized management and reporting tool designed to simplify the administration of Veeam Backup & Replication environments.

Backups 99

Backups Authentication Accountability Software 99

Graham Cluley

MAY 22, 2024

The United States Department of Justice has dealt a blow to dark web drug traffickers by arresting a man alleged to operate the dark web drugs marketplace Incognito Market. According to a DOJ press release, the alleged operator of a darknet platform sold over $100 million worth of narcotics worldwide. Read more in my article on the Hot for Security blog.

Marketing 97

Marketing Cryptocurrency 97

Zero Day

MAY 22, 2024

Apple's handy trackers have been used to track people's location against their consent, but there's a way to determine if an AirTag is tracking you. Here's what to know.

98

98

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

Penetration Testing

MAY 22, 2024

Recently, a significant security flaw has been discovered in the Telesquare TLR-2005KSH LTE routers. These routers, widely used in South Korea and produced by the Telesquare company, have been found to possess an unauthorized... The post PoC Releases for Unauthorized RCE Flaw (CVE-2024-29269) Threatens 40K+ Telesquare Routers appeared first on Penetration Testing.

Penetration Testing 96

Penetration Testing 96

The Hacker News

MAY 22, 2024

Since the first edition of The Ultimate SaaS Security Posture Management (SSPM) Checklist was released three years ago, the corporate SaaS sprawl has been growing at a double-digit pace.

90

90

Graham Cluley

MAY 22, 2024

iPhone photos come back from the dead! Scarlett Johansson sounds upset about GPT-4o, and there's a cockup involving celebrity fakes. All this and much more is discussed in the latest edition of the “Smashing Security” podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by special guest Anna Brading of Malwarebytes.

Cybersecurity 90

Cybersecurity 90

ZoneAlarm

MAY 22, 2024

The American Radio Relay League (ARRL), the premier association for amateur radio enthusiasts, has suffered a significant cyberattack, resulting in the temporary shutdown of its Logbook of the World (LoTW) and raising serious data security concerns. The ARRL has been a bastion of amateur radio activity, providing a suite of services to ham radio operators, … The post American Radio Relay League Hit by Cyberattack appeared first on ZoneAlarm Security Blog.

Data privacy 89

Data privacy 89

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity