Schneier on Security

JUNE 16, 2023

I’m just back from the sixteenth Workshop on Security and Human Behavior , hosted by Alessandro Acquisti at Carnegie Mellon University in Pittsburgh. SHB is a small, annual, invitational workshop of people studying various aspects of the human side of security, organized each year by Alessandro Acquisti, Ross Anderson, and myself. The fifty or so attendees include psychologists, economists, computer security researchers, criminologists, sociologists, political scientists, designers, lawyer

Cybersecurity 281

Cybersecurity 281

Tech Republic Security

JUNE 16, 2023

Threat intelligence firm Abnormal Software is seeing cybercriminals using generative AI to go phishing; the same technology is part of the defense. The post AI vs AI: Next front in phishing wars appeared first on TechRepublic.

Phishing 217

Phishing Technology Software Artificial Intelligence 217

The Last Watchdog

JUNE 16, 2023

It was bound to happen. Clop, the Russia-based ransomware gang that executed the MOVEit-Zellis supply chain hack, has commenced making extortion demands of some big name U.S. federal agencies, in addition to global corporations. Related: Supply-chain hack ultimatum The nefarious Clop gang initially compromised MOVEit, which provided them a beachhead to gain access to Zellis, a UK-based supplier of payroll services.

Hacking 189

Hacking Ransomware Cybersecurity Internet 189

Tech Republic Security

JUNE 16, 2023

The study shows attackers are using more bots and doing more sophisticated phishing exploits and server attacks, especially targeting retail. The post Akamai’s new study: Bots, phishing and server attacks making commerce a cybersecurity hotspot appeared first on TechRepublic.

Phishing 180

Phishing Retail Cybersecurity Network Security 180

Speaker: Erroll Amacker

Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.

Risk

The Hacker News

JUNE 16, 2023

The threat actor known as ChamelGang has been observed using a previously undocumented implant to backdoor Linux systems, marking a new expansion of the threat actor's capabilities. The malware, dubbed ChamelDoH by Stairwell, is a C++-based tool for communicating via DNS-over-HTTPS (DoH) tunneling.

DNS 145

DNS Technology Malware Cybersecurity 145

Dark Reading

JUNE 16, 2023

This new role safeguarding cloud deployments requires an exceedingly rare set of technical and soft skills.

Engineering 137

Engineering 137

Dark Reading

JUNE 16, 2023

The DDoS collective claims to be teaming up with ReVIL and Anonymous Sudan for destructive financial attacks in retaliation for US aid in Ukraine, but the partnerships (and danger) are far from verified.

Banking 135

Banking DDOS 135

The Hacker News

JUNE 16, 2023

The U.S. Department of Justice (DoJ) on Thursday unveiled charges against a Russian national for his alleged involvement in deploying LockBit ransomware to targets in the U.S., Asia, Europe, and Africa. Ruslan Magomedovich Astamirov, 20, of Chechen Republic has been accused of perpetrating at least five attacks between August 2020 and March 2023.

Ransomware 134

Ransomware 134

CyberSecurity Insiders

JUNE 16, 2023

By Sudeep Padiyar, Senior Director, Product Management at Traceable AI Preventing data loss has become incredibly challenging in an application programming interface (API)-driven world. Companies lockdown sensitive data internally with access controls, encryption, data classification and data loss prevention (DLP) platforms. They typically safeguard web applications with application security tooling or Web Application Firewalls (WAF).

Risk 131

Risk Firewall Data breaches InfoSec 131

Dark Reading

JUNE 16, 2023

MOVEit has created a patch to fix the issue and urges customers to take action to protect their environments, as Cl0p attacks continue to mount, including on government targets.

Software 130

Software Government 130

Advertisement

Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.

Cyber threats

Bleeping Computer

JUNE 16, 2023

Louisiana and Oregon warn that millions of driver's licenses were exposed in a data breach after a ransomware gang hacked their MOVEit Transfer security file transfer systems to steal stored data. [.

Data breaches 128

Data breaches Ransomware Hacking 128

We Live Security

JUNE 16, 2023

Strategies for stopping and responding to cyberbullying require a concerted, community-wide effort involving parents, educators and children themselves The post Stop Cyberbullying Day: Prevention is everyone’s responsibility appeared first on WeLiveSecurity

Education 119

Education 119

Bleeping Computer

JUNE 16, 2023

Polish police officers part of the country's Central Cybercrime Bureau detained two suspects believed to have been involved in the operation of a long-running DDoS-for-hire service (aka booter or stresser) active since at least 2013. [.

DDOS 116

DDOS Cybercrime 116

Security Boulevard

JUNE 16, 2023

A global attack campaign fueled by a vulnerability in MOVEit Transfer, a popular file transfer application, has now struck the U.S. Department of Energy, several other U.S. agencies and a spate of state government organizations and educational institutions. The reach of these attacks has expanded rapidly over the last few days as attackers from the.

Government 115

Government Education CISO Risk 115

Advertisement

The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.

Cybersecurity

Bleeping Computer

JUNE 16, 2023

The MOVEit Transfer extortion attacks continue to dominate the news cycle, with the Clop ransomware operation now extorting organizations breached in the attacks. [.

Ransomware 115

Ransomware 115

The Hacker News

JUNE 16, 2023

Cybersecurity researchers have discovered previously undocumented payloads associated with a Romanian threat actor named Diicot, revealing its potential for launching distributed denial-of-service (DDoS) attacks. "The Diicot name is significant, as it's also the name of the Romanian organized crime and anti-terrorism policing unit," Cado Security said in a technical report.

DDOS 111

DDOS Cybersecurity 111

Security Boulevard

JUNE 16, 2023

Explore the main security challenges of cloud computing and learn how to mitigate risks to safeguard your data and protect your business. The post Main Security Challenges of Cloud Computing appeared first on GuardRails. The post Main Security Challenges of Cloud Computing appeared first on Security Boulevard.

Risk 111

Risk 111

Google Security

JUNE 16, 2023

Asra Ali, Razieh Behjati, Tiziano Santoro, Software Engineers Every day, personal data, such as location information, images, or text queries are passed between your device and remote, cloud-based services. Your data is encrypted when in transit and at rest, but as potential attack vectors grow more sophisticated, data must also be protected during use by the service, especially for software systems that handle personally identifiable user data.

Software 107

Software Engineering Encryption 107

Speaker: Sierre Lindgren

Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.

Scams

The Hacker News

JUNE 16, 2023

As Threat Actors Continuously Adapt their TTPs in Today’s Threat Landscape, So Must You Earlier this year, threat researchers at Cybersixgill released the annual report, The State of the Cybercrime Underground. The research stems from an analysis of Cybersixgill's collected intelligence items throughout 2022, gathered from the deep, dark and clear web.

Cybercrime 106

Cybercrime Cybersecurity 106

Security Boulevard

JUNE 16, 2023

For some, AI is the stuff of nightmares. Whether it’s Hal refusing to open the pod bay doors in 2001: A Space Odyssey or the wild thought experiment of Roko’s Basilisk—or even way back to (retellings of) Frankenstein’s monster or the ancient legend of the Golem—there’s a fear that our creations will turn against us. The post AI may not Destroy the World, but There are Other Risks appeared first on Security Boulevard.

Risk 105

Risk Social Engineering Antivirus Authentication 105

Dark Reading

JUNE 16, 2023

Mobile users in the Middle East and Africa often download moneylending apps that ask for excessive permissions — an all too common issue in an area where mobile-only is the norm and cyber awareness is low.

Mobile 103

Mobile 103

Security Boulevard

JUNE 16, 2023

Once is happenstance. Twice is coincidence. Three times is sheer incompetence. The post CISA Warning: MOVEit Has Yet Another Zero-Day SQL Injection RCE Bug appeared first on Security Boulevard.

Digital transformation 105

Digital transformation Software Security Awareness Ransomware 105

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

Bleeping Computer

JUNE 16, 2023

Google has filed a consumer protection lawsuit against Ethan QiQi Hu and his company, Rafadigital, accusing him of creating 350 fraudulent Business Profiles and 14,000 fake reviews for an alleged business verification service for Google services. [.

Consumer Protection 103

Consumer Protection 103

Security Boulevard

JUNE 16, 2023

Wiz this week unveiled a platform that provides bi-directional integration between its namesake cloud-native application protection platform (CNAPP) and third-party cybersecurity platforms. At the same time, Wiz also announced it signed a strategic collaboration agreement with Amazon Web Services (AWS) to improve cloud cybersecurity. As part of that agreement, Wiz is committing to exploring artificial.

Cybersecurity 105

Cybersecurity 105

Bleeping Computer

JUNE 16, 2023

Western Digital is warning owners of My Cloud series devices that can no longer connect to cloud services starting on June 15, 2023, if the devices are not upgraded to the latest firmware, version 5.26.202. [.

Firmware 101

Firmware 101

Security Boulevard

JUNE 16, 2023

Let’s talk about the darker side of the ChatGPT security story: a recent DarkReading report found that 4% of workers are leaking protected corporate information into AI tools by feeding schematics, statistics, instructions, and other intellectual property into large language learning models (LLMs). ChatGPT security took center stage in April 2023 when Samsung employees leaked […] The post ChatGPT Security: Discovering and Securing AI Tools first appeared on Banyan Security.

105

105

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

WIRED Threat Level

JUNE 16, 2023

The ransomware gang Clop exploited a vulnerability in a file transfer service. The flaw is now patched, but the damage is still coming into focus.

Hacking 101

Hacking Ransomware 101

Security Boulevard

JUNE 16, 2023

The NIST CSF was first released in 2014, and since then, it has been adopted by thousands of organizations. The NIST Cybersecurity Framework has profoundly impacted the industry by promoting consistent cybersecurity practices, fostering collaboration and information sharing, and establishing a common language and understanding of cybersecurity concepts.

Cyber threats 105

Cyber threats Cybersecurity Cyber Risk Risk 105

Security Affairs

JUNE 16, 2023

British multinational oil and gas company Shell has confirmed that it has suffered a ransomware attack conducted by the Clop group. Oil and Gas giant Shell has confirmed that it is one of the victims of the recent large-scale ransomware campaign conducted by the Clop gang exploiting a MOVEit zero-day vulnerability Threat actors are actively exploiting the zero-day vulnerability, tracked as CVE-2023-34362 , to steal data from organizations worldwide.

Ransomware 98

Ransomware Data breaches Penetration Testing Government 98

Security Boulevard

JUNE 16, 2023

It was bound to happen. Clop, the Russia-based ransomware gang that executed the MOVEit-Zellis supply chain hack, has commenced making extortion demands of some big name U.S. federal agencies, in addition to global corporations. Related: Supply-chain hack ultimatum The nefarious … (more…) The post My Take: Russian hackers put the squeeze on U.S agencies, global corps in MOVEit-Zellis hack appeared first on Security Boulevard.

Hacking 102

Hacking Ransomware Security Awareness 102

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!