Fri.Jun 23, 2023

article thumbnail

UPS Data Harvested for SMS Phishing Attacks

Schneier on Security

I get UPS phishing spam on my phone all the time. I never click on it, because it’s so obviously spam. Turns out that hackers have been harvesting actual UPS delivery data from a Canadian tracking tool for its phishing SMSs.

Phishing 258
article thumbnail

Dell Technologies World 2023: Q&A on how Dell sees security at the edge

Tech Republic Security

Read our interview from Dell Technologies World 2023 about cloud and edge workloads and Dell's NativeEdge product. The post Dell Technologies World 2023: Q&A on how Dell sees security at the edge appeared first on TechRepublic.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Apple Fixes 0-Days — Russia Says US Used for Spying

Security Boulevard

Vulns unpatched for FOUR years: ‘Triangulation’ spyware said to use backdoor Apple gave to NSA. The post Apple Fixes 0-Days — Russia Says US Used for Spying appeared first on Security Boulevard.

Spyware 145
article thumbnail

Palo Alto Networks CTO Talks Securing ‘Code to Cloud’

Tech Republic Security

The company’s CTO of its Prisma Cloud says that when the software development process meets continuous integration and development, security must be efficient and holistic. The post Palo Alto Networks CTO Talks Securing ‘Code to Cloud’ appeared first on TechRepublic.

Software 183
article thumbnail

How to Avoid Pitfalls In Automation: Keep Humans In the Loop

Speaker: Erroll Amacker

Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.

article thumbnail

BlackLotus bootkit patch may bring “false sense of security”, warns NSA

Graham Cluley

The NSA has publsihed a guide about how to mitigate against attacks involving the BlackLotus bootkit malware, amid fears that system administrators may not be adequately protecting against the threat. Read more in my article on the Tripwire State of Security blog.

article thumbnail

Dell Technologies World 2023: Interview with Rob Emsley on data protection, recovery and more

Tech Republic Security

Explore what matters in data protection today. Cyber resilience, recovery and streamlined software make the list. The post Dell Technologies World 2023: Interview with Rob Emsley on data protection, recovery and more appeared first on TechRepublic.

LifeWorks

More Trending

article thumbnail

5 Best Chrome VPN Extensions for 2023

Tech Republic Security

Looking for the best VPNs for Chrome extension to enhance your online security and privacy? Dive into our list of top rated VPNs and find your best fit. The post 5 Best Chrome VPN Extensions for 2023 appeared first on TechRepublic.

VPN 158
article thumbnail

NSA Releases Guide to Combat Powerful BlackLotus Bootkit Targeting Windows Systems

The Hacker News

The U.S. National Security Agency (NSA) on Thursday released guidance to help organizations detect and prevent infections of a Unified Extensible Firmware Interface (UEFI) bootkit called BlackLotus. To that end, the agency is recommending that "infrastructure owners take action by hardening user executable policies and monitoring the integrity of the boot partition.

Firmware 129
article thumbnail

Suspicious Smartwatches Mailed to US Army Personnel

Dark Reading

Unknown senders have been shipping smartwatches to service members, leading to questions regarding what kind of ulterior motive is at play, malware or otherwise.

Malware 118
article thumbnail

US Gov’t Puts $10M Bounty on CL0P as MOVEit Fallout Continues 

Security Boulevard

The U.S. State Department is offering a $10 million bounty for information related to the Cl0p ransomware gang, which is thought to be behind the MOVEit Transfer vulnerabilities. The post US Gov’t Puts $10M Bounty on CL0P as MOVEit Fallout Continues appeared first on Security Boulevard.

article thumbnail

Why Giant Content Libraries Do Nothing for Your Employees’ Cyber Resilience

Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.

article thumbnail

FBI seizes BreachForums after arresting its owner Pompompurin in March

Bleeping Computer

U.S. law enforcement today seized the clear web domain of the notorious BreachForums (aka Breached) hacking forum three months after apprehending its owner Conor Fitzpatrick (aka Pompompurin), under cybercrime charges. [.

article thumbnail

CISA Pressures Federal Civilian Agencies to Secure Network Devices

Security Boulevard

CISA put federal civilian agencies on notice that they were expected to secure network devices within 14 days of discovering they had been exposed on the internet. The post CISA Pressures Federal Civilian Agencies to Secure Network Devices appeared first on Security Boulevard.

Internet 115
article thumbnail

News Alert: Dasera unveils new data security and governance platform for ‘Snowflake’ users

The Last Watchdog

Mountain View, Calif. June 22, 2023 — Dasera , the premier automated data security and governance platform for top-tier finance, healthcare, and technology enterprises, is thrilled to unveil “Ski Lift,” a complimentary platform exclusively designed for Snowflake users. With “Ski Lift,” Snowflake customers can gain a panoramic view of their Snowflake environment while scaling their data security and governance controls.

article thumbnail

Aussie PM says, “Shut down your phone every 24 hours for 5 mins” – but that’s not enough on its own

Naked Security

Don’t treat rebooting your phone once a day as a cybersecurity talisman… here are 8 additional tips for better mobile phone security.

Mobile 108
article thumbnail

Zero Trust Mandate: The Realities, Requirements and Roadmap

The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.

article thumbnail

NSA: BlackLotus BootKit Patching Won't Prevent Compromise

Dark Reading

It's unclear why the NSA issued in-depth mitigation guidance for the software boot threat now, but orgs should take steps to harden their environments.

Software 108
article thumbnail

Powerful JavaScript Dropper PindOS Distributes Bumblebee and IcedID Malware

The Hacker News

A new strain of JavaScript dropper has been observed delivering next-stage payloads like Bumblebee and IcedID. Cybersecurity firm Deep Instinct is tracking the malware as PindOS, which contains the name in its "User-Agent" string. Both Bumblebee and IcedID serve as loaders, acting as a vector for other malware on compromised hosts, including ransomware.

Malware 107
article thumbnail

Microsoft Teams Attack Skips the Phish to Deliver Malware Directly

Dark Reading

Exploiting a flaw in how the app handles communication with external tenants gives threat actors an easy way to send malicious files from a trusted source to an organization's employees, but no patch is imminent.

Phishing 107
article thumbnail

Cybercrime Group 'Muddled Libra' Targets BPO Sector with Advanced Social Engineering

The Hacker News

A threat actor known as Muddled Libra is targeting the business process outsourcing (BPO) industry with persistent attacks that leverage advanced social engineering ploys to gain initial access.

article thumbnail

Next-Level Fraud Prevention: Strategies for Today’s Threat Landscape

Speaker: Sierre Lindgren

Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.

article thumbnail

Amid the Software Engineering Paradigm Shift, How Must AppSec Evolve?

Security Boulevard

Attitudes around software engineering have evolved, posing a key paradigm shift for organizations regarding how they think about and manage software engineering functions. As cloud adoption continues to accelerate, software engineering is taking a front seat, commanding an even bigger role in business growth and success. This is especially prevalent today as organizations compete with.

article thumbnail

Why Legacy System Users Prioritize Uptime Over Security

Dark Reading

For line-of-business execs, the fear of grinding mission-critical systems to a halt overrides the fear of ransomware. How can CISOs overcome this?

CISO 103
article thumbnail

Cybersecurity Insights with Contrast CISO David Lindner | 6/23

Security Boulevard

Insight #1 "AI is not going to solve the 20-plus-year-old problem of Application Security, but it will do one of two things…add to the noise of SAST or kill off SAST completely allowing businesses to move on to bigger and better runtime analysis of their applications. I vote for the latter." Insight #2 "The cyber security talent shortage is not just about hiring new people into the field, that’s easy.

CISO 105
article thumbnail

The Power of Browser Fingerprinting: Personalized UX, Fraud Detection, and Secure Logins

The Hacker News

The case for browser fingerprinting: personalizing user experience, improving fraud detection, and optimizing login security Have you ever heard of browser fingerprinting? You should! It's an online user identification technique that collects information about a visitor's web browser and its configuration preferences to associate individual browsing sessions with a single website visitor.

103
103
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

The Journey to a Scalable Software Maturity Model

Security Boulevard

The Purple Book Community S3M2 is a framework designed to help organizations assess and improve their software security practices. The post The Journey to a Scalable Software Maturity Model appeared first on Security Boulevard.

Software 105
article thumbnail

New Cryptocurrency Mining Campaign Targets Linux Systems and IoT Devices

The Hacker News

Internet-facing Linux systems and Internet of Things (IoT) devices are being targeted as part of a new campaign designed to illicitly mine cryptocurrency. "The threat actors behind the attack use a backdoor that deploys a wide array of tools and components such as rootkits and an IRC bot to steal device resources for mining operations," Microsoft threat intelligence researcher Rotem Sde-Or said.

article thumbnail

IRONSCALES Brings Generative AI to Email Security

Security Boulevard

IRONSCALES this week made available in beta a tool that leverages OpenAI’s generative pre-trained transformer (GPT) technology to make it simpler for end users to identify suspicious emails. IRONSCALES CEO Eyal Benishti said Themis Co-pilot for Microsoft Outlook is based on PhishLLM, a large language model (LLM) that the company hosts on behalf of customers.

article thumbnail

What to know about the MoveIT hack – Week in security with Tony Anscombe

We Live Security

The US government has now announced a bounty of $10 million for intel linking the Cl0p ransomware gang to a foreign government The post What to know about the MoveIT hack – Week in security with Tony Anscombe appeared first on WeLiveSecurity

Hacking 98
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

CISA orders govt agencies to fix recently disclosed flaws in Apple devices

Security Affairs

U.S. Cybersecurity and Infrastructure Security Agency (CISA) added six new vulnerabilities to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added six new security flaws to its Known Exploited Vulnerabilities Catalog. Below is the list of the issues added to the catalog: CVE-2023-32434 : Apple Multiple Products Integer Overflow Vulnerability – Apple iOS. iPadOS, macOS, and watchOS contain an integer overflow vulnerability tha

article thumbnail

How to Maximize the Value of Penetration Tests

eSecurity Planet

All organizations should perform penetration tests, yet many worry about not receiving the full value of their investment. Organizations have two choices: perform penetration tests with their internal teams, or hire an external vendor and find ways to lower costs. Either case presents challenges, but to maximize the value of a penetration test, the organization must balance cost savings with quality.

article thumbnail

Fortinet fixes critical FortiNAC RCE, install updates asap

Security Affairs

Fortinet addressed a critical remote command execution vulnerability, tracked as CVE-2023-33299, affecting FortiNAC solution. FortiNAC is a network access control (NAC) solution designed by Fortinet that is used by organizations to secure and control access to networks by enforcing security policies, monitoring devices, and managing their access privileges.

IoT 98
article thumbnail

UPS Discloses Data Breach Caused by an SMS Phishing Campaign

Heimadal Security

Canadian clients of international shipping company UPS are being warned that some of their personal information may have been stolen in phishing attacks after potentially being made public through its online package look-up tools. UPS is aware that some package recipients have received fraudulent text messages demanding payment before a package can be delivered, Brett […] The post UPS Discloses Data Breach Caused by an SMS Phishing Campaign appeared first on Heimdal Security Blog.

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!