Schneier on Security
SEPTEMBER 6, 2023
The cryptocurrency fintech startup Prime Trust lost the encryption key to its hardware wallet—and the recovery key—and therefore $38.9 million. It is now in bankruptcy. I can’t understand why anyone thinks these technologies are a good idea.
Troy Hunt
SEPTEMBER 6, 2023
I'm super late pushing out this week's video, I mean to the point where I now have a couple of days before doing the next one. Travel from the opposite side of the world is the obvious excuse, then frankly, just wanting to hang out with friends and relax. And now, I somehow find myself publishing this from the most mind-bending set of circumstances: Heading to 31C.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Tech Republic Security
SEPTEMBER 6, 2023
When it comes to DIY home security, there are many systems and components to consider and many decisions to make. This vendor comparison guide from TechRepublic Premium provides advice you can follow as you make decisions regarding how you will deploy a home security system. The accompanying comparison tool will document your research and provide.
Security Affairs
SEPTEMBER 6, 2023
Three critical remote code execution vulnerabilities in ASUS routers potentially allow attackers to hijack the network devices. ASUS routers RT-AX55, RT-AX56U_V2, and RT-AC86U are affected by three critical remote code execution vulnerabilities that can potentially allow threat actors to take over the devices. The three vulnerabilities were reported by the Taiwanese CERT, below are their descriptions: CVE-2023-39238 (CVSS 9.8): ASUS RT-AX55, RT-AX56U_V2 and RT-AC86U iperf-related modules set_ipe
Speaker: Erroll Amacker
Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.
WIRED Threat Level
SEPTEMBER 6, 2023
Some foreign companies may be complying—potentially offering China’s spies hints for hacking their customers.
Security Affairs
SEPTEMBER 6, 2023
MITRE and CISA released a Caldera extension for OT that allows the emulation of attacks on operational technology systems. MITRE Caldera is an open-source adversary emulation platform that helps cybersecurity practitioners to automate security assessments. The tool is built on the MITRE ATT&CK framework, which is a widely-recognized framework for understanding and responding to cyber threats. “Without further ado, the MITRE Caldera team is proud to announce the release of Caldera for O
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
|
WIRED Threat Level
SEPTEMBER 6, 2023
After leaving many questions unanswered, Microsoft explains in a new postmortem the series of slipups that allowed attackers to steal and abuse a valuable cryptographic key.
Security Affairs
SEPTEMBER 6, 2023
Experts warn of an Atlas VPN zero-day flaw impacting the Linux client that can reveal the user’s IP address by visiting a website. A Reddit user with the handle ‘Educational-Map-8145’ published a proof of concept exploit for a zero-day flaw in the Linux client of Atlas VPN. The exploit code works against the latest version of the client, 1.0.3.
The Hacker News
SEPTEMBER 6, 2023
The Iranian threat actor tracked as APT34 has been linked to a new phishing attack that leads to the deployment of a variant of a backdoor called SideTwist. “APT34 has a high level of attack technology, can design different intrusion methods for different types of targets, and has supply chain attack capability,” NSFOCUS Security Labs said in a report published last week.
Security Affairs
SEPTEMBER 6, 2023
Microsoft revealed that the Chinese group Storm-0558 stole a signing key used to breach government email accounts from a Windows crash dump. In July, Microsoft announced it had mitigated an attack conducted by a China-linked threat actor, tracked as Storm-0558, which targeted customer emails. Storm-0558 threat actors focus on government agencies in Western Europe and were observed conducting cyberespionage, data theft, and credential access attacks.
Advertisement
Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.
Bleeping Computer
SEPTEMBER 6, 2023
The Flipper Zero portable wireless pen-testing and hacking tool can be used to aggressively spam Bluetooth connection messages at Apple iOS devices, such as iPhones and iPads. [.
Security Affairs
SEPTEMBER 6, 2023
Google released September 2023 Android security updates to address multiple flaws, including an actively exploited zero-day. Google released September 2023 Android security updates that address tens of vulnerabilities, including a zero-day flaw tracked as CVE-2023-35674 that was actively exploited in the wild. This high-severity vulnerability CVE-2023-35674 resides in the Framework component, a threat actor could exploit the issue to escalate privileges without requiring user interaction or addi
Malwarebytes
SEPTEMBER 6, 2023
Today's ransomware is the scourge of many organizations. But where did it start? If we define ransomware as malware that encrypts files to extort the owner of the system, then the first malware that could be classified as ransomware is the 1989 AIDS Trojan. However, while it encrypted file(name)s and asked for a ransom, it was far from effective. The AIDS Trojan was sent by snail mail on a floppy disk to participants of a WHO conference about HIV.
SecureWorld News
SEPTEMBER 6, 2023
We're all looking for quick fixes these days so that we can implement them and get on with our lives, and security is no different. So here are three quick moves you can make right now to dramatically improve your security. And guess what? Not one of them involves passwords. Multi-factor authentication If changing passwords is like the eating your veggies of the security world, multi-factor authentication (MFA) is more like eating fresh fruits.
Advertisement
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
We Live Security
SEPTEMBER 6, 2023
New reports from Europol and the UK’s National Crime Agency (NCA) shed a light on how the battle against cybercrime is being fought
Bleeping Computer
SEPTEMBER 6, 2023
Microsoft says Storm-0558 Chinese hackers stole a signing key used to breach government email accounts from a Windows crash dump after compromising a Microsoft engineer's corporate account. [.
WIRED Threat Level
SEPTEMBER 6, 2023
Chatbots like Open AI’s ChatGPT and Google’s Bard are vulnerable to indirect prompt injection attacks. Security researchers say the holes can be plugged—sort of.
Bleeping Computer
SEPTEMBER 6, 2023
In an ironic twist, Rockstar Games reportedly uses pirated software cracks to remove its DRM from some games they sell on Steam. [.
Speaker: Sierre Lindgren
Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.
GlobalSign
SEPTEMBER 6, 2023
This helpful guide breaks down what an electronic seal is, and how to choose one that is right for your organization.
Dark Reading
SEPTEMBER 6, 2023
A secretive phishing cabal boasts a sophisticated affiliate network and a modular, custom toolset that's claiming victims on three continents.
Bleeping Computer
SEPTEMBER 6, 2023
Toyota says a recent disruption of operations in Japan-based production plants was caused by its database servers running out of storage space. [.
Dark Reading
SEPTEMBER 6, 2023
Legacy systems of all kinds pose significant cybersecurity risks. Here's how to mitigate them.
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
Anton on Security
SEPTEMBER 6, 2023
“Threat-informed Defense Is Hard …” Cross-post for Safekeeping Medium frowns at re-/cross-posting, so this should work: Threat-informed Defense Is Hard, So We Are Still Not Doing It! Enjoy! “Threat-informed Defense Is Hard …” Cross-post for Safekeeping was originally published in Anton on Security on Medium, where people are continuing the conversation by highlighting and responding to this story.
Dark Reading
SEPTEMBER 6, 2023
All it takes is a simple copy-paste to undo a VPN service used by millions worldwide.
Security Boulevard
SEPTEMBER 6, 2023
The threat landscape has never been more challenging for CISOs and security teams than in 2023. Our research has found ransomware attacks have increased by more than 100% since 2022, hundreds of thousands of corporate credentials are being distributed on Telegram with SSO, active directory, and corporate SaaS application credentials, and initial access brokers (IAB) […] The post Threat Intelligence Analytics: Making the Most of Your CTI Program appeared first on Flare | Cyber Threat Intel &
Dark Reading
SEPTEMBER 6, 2023
This Tech Tip focuses on best security practices to write secure JavaScript code.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
SecureWorld News
SEPTEMBER 6, 2023
More than 1.1 million U.S. customers of Callaway, the American sports equipment maker best known for its golf equipment and accessories, had their personal data compromised in an early-August data breach. In an August 29 letter , parent company Topgolf Callaway Brands Corp. alerted customers to the incident, disabling security questions and forcing them to take a mulligan on their passwords—requiring a reset of passwords for all accounts.
Dark Reading
SEPTEMBER 6, 2023
The group, best known for 2016 US election interference and other attacks on Ukraine, used phishing emails offering pictures of women to lure its victim into opening a malicious attachment.
SecureWorld News
SEPTEMBER 6, 2023
In a recent cyberattack, the LockBit ransomware group targeted U.K-based Zaun, a manufacturer of high-security perimeter fencing—revealing critical vulnerabilities in manufacturing networks. LockBit, a well-documented threat actor, struck Zaun with a sophisticated attack on August 5-6. Zaun's cybersecurity systems managed to thwart the encryption of its servers, preventing further catastrophic damage.
Dark Reading
SEPTEMBER 6, 2023
Researchers have discovered that despite Google's adoption of the Manifest V3 security standard to protect against malicious plug-ins, attackers can still get bad extensions past its review process.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Expert insights. Personalized for you.
343 
Let's personalize your content