Schneier on Security

JUNE 16, 2023

I’m just back from the sixteenth Workshop on Security and Human Behavior , hosted by Alessandro Acquisti at Carnegie Mellon University in Pittsburgh. SHB is a small, annual, invitational workshop of people studying various aspects of the human side of security, organized each year by Alessandro Acquisti, Ross Anderson, and myself. The fifty or so attendees include psychologists, economists, computer security researchers, criminologists, sociologists, political scientists, designers, lawyer

Cybersecurity 226

Cybersecurity 226

Tech Republic Security

JUNE 16, 2023

Threat intelligence firm Abnormal Software is seeing cybercriminals using generative AI to go phishing; the same technology is part of the defense. The post AI vs AI: Next front in phishing wars appeared first on TechRepublic.

Phishing 215

Phishing Technology Software Artificial Intelligence 215

The Last Watchdog

JUNE 16, 2023

It was bound to happen. Clop, the Russia-based ransomware gang that executed the MOVEit-Zellis supply chain hack, has commenced making extortion demands of some big name U.S. federal agencies, in addition to global corporations. Related: Supply-chain hack ultimatum The nefarious Clop gang initially compromised MOVEit, which provided them a beachhead to gain access to Zellis, a UK-based supplier of payroll services.

Hacking 189

Hacking Ransomware Cybersecurity Internet 189

Tech Republic Security

JUNE 16, 2023

The study shows attackers are using more bots and doing more sophisticated phishing exploits and server attacks, especially targeting retail. The post Akamai’s new study: Bots, phishing and server attacks making commerce a cybersecurity hotspot appeared first on TechRepublic.

Phishing 151

Phishing Retail Cybersecurity Network Security 151

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

The Hacker News

JUNE 16, 2023

The threat actor known as ChamelGang has been observed using a previously undocumented implant to backdoor Linux systems, marking a new expansion of the threat actor's capabilities. The malware, dubbed ChamelDoH by Stairwell, is a C++-based tool for communicating via DNS-over-HTTPS (DoH) tunneling.

DNS 145

DNS Technology Malware Cybersecurity 145

Bleeping Computer

JUNE 16, 2023

The Windows 11 22H2 KB5027231 cumulative update released during this month's Patch Tuesday also breaks Google Chrome on systems protected by Cisco and WatchGuard EDR and antivirus solutions. [.

Antivirus 142

Antivirus 142

Bleeping Computer

JUNE 16, 2023

Louisiana and Oregon warn that millions of driver's licenses were exposed in a data breach after a ransomware gang hacked their MOVEit Transfer security file transfer systems to steal stored data. [.

Data breaches 136

Data breaches Ransomware Hacking 136

Dark Reading

JUNE 16, 2023

MOVEit has created a patch to fix the issue and urges customers to take action to protect their environments, as Cl0p attacks continue to mount, including on government targets.

Software 130

Software Government 130

Bleeping Computer

JUNE 16, 2023

Polish police officers part of the country's Central Cybercrime Bureau detained two suspects believed to have been involved in the operation of a long-running DDoS-for-hire service (aka booter or stresser) active since at least 2013. [.

DDOS 125

DDOS Cybercrime 125

Security Boulevard

JUNE 16, 2023

A global attack campaign fueled by a vulnerability in MOVEit Transfer, a popular file transfer application, has now struck the U.S. Department of Energy, several other U.S. agencies and a spate of state government organizations and educational institutions. The reach of these attacks has expanded rapidly over the last few days as attackers from the.

Government 113

Government Education CISO Risk 113

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Bleeping Computer

JUNE 16, 2023

The MOVEit Transfer extortion attacks continue to dominate the news cycle, with the Clop ransomware operation now extorting organizations breached in the attacks. [.

Ransomware 122

Ransomware 122

We Live Security

JUNE 16, 2023

Strategies for stopping and responding to cyberbullying require a concerted, community-wide effort involving parents, educators and children themselves The post Stop Cyberbullying Day: Prevention is everyone’s responsibility appeared first on WeLiveSecurity

Education 112

Education 112

Bleeping Computer

JUNE 16, 2023

Google has filed a consumer protection lawsuit against Ethan QiQi Hu and his company, Rafadigital, accusing him of creating 350 fraudulent Business Profiles and 14,000 fake reviews for an alleged business verification service for Google services. [.

Consumer Protection 114

Consumer Protection 114

Security Boulevard

JUNE 16, 2023

Explore the main security challenges of cloud computing and learn how to mitigate risks to safeguard your data and protect your business. The post Main Security Challenges of Cloud Computing appeared first on GuardRails. The post Main Security Challenges of Cloud Computing appeared first on Security Boulevard.

Risk 109

Risk 109

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Bleeping Computer

JUNE 16, 2023

Western Digital is warning owners of My Cloud series devices that can no longer connect to cloud services starting on June 15, 2023, if the devices are not upgraded to the latest firmware, version 5.26.202. [.

Firmware 112

Firmware 112

Dark Reading

JUNE 16, 2023

This new role safeguarding cloud deployments requires an exceedingly rare set of technical and soft skills.

Engineering 137

Engineering 137

Security Boulevard

JUNE 16, 2023

For some, AI is the stuff of nightmares. Whether it’s Hal refusing to open the pod bay doors in 2001: A Space Odyssey or the wild thought experiment of Roko’s Basilisk—or even way back to (retellings of) Frankenstein’s monster or the ancient legend of the Golem—there’s a fear that our creations will turn against us. The post AI may not Destroy the World, but There are Other Risks appeared first on Security Boulevard.

Risk 104

Risk Social Engineering Antivirus Authentication 104

Dark Reading

JUNE 16, 2023

Mobile users in the Middle East and Africa often download moneylending apps that ask for excessive permissions — an all too common issue in an area where mobile-only is the norm and cyber awareness is low.

Mobile 103

Mobile 103

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Security Boulevard

JUNE 16, 2023

Once is happenstance. Twice is coincidence. Three times is sheer incompetence. The post CISA Warning: MOVEit Has Yet Another Zero-Day SQL Injection RCE Bug appeared first on Security Boulevard.

Digital transformation 104

Digital transformation Software Security Awareness Ransomware 104

The Hacker News

JUNE 16, 2023

The U.S. Department of Justice (DoJ) on Thursday unveiled charges against a Russian national for his alleged involvement in deploying LockBit ransomware to targets in the U.S., Asia, Europe, and Africa. Ruslan Magomedovich Astamirov, 20, of Chechen Republic has been accused of perpetrating at least five attacks between August 2020 and March 2023.

Ransomware 103

Ransomware 103

Security Boulevard

JUNE 16, 2023

Wiz this week unveiled a platform that provides bi-directional integration between its namesake cloud-native application protection platform (CNAPP) and third-party cybersecurity platforms. At the same time, Wiz also announced it signed a strategic collaboration agreement with Amazon Web Services (AWS) to improve cloud cybersecurity. As part of that agreement, Wiz is committing to exploring artificial.

Cybersecurity 104

Cybersecurity 104

Google Security

JUNE 16, 2023

Asra Ali, Razieh Behjati, Tiziano Santoro, Software Engineers Every day, personal data, such as location information, images, or text queries are passed between your device and remote, cloud-based services. Your data is encrypted when in transit and at rest, but as potential attack vectors grow more sophisticated, data must also be protected during use by the service, especially for software systems that handle personally identifiable user data.

Software 98

Software Engineering Encryption 98

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

Security Boulevard

JUNE 16, 2023

Insight #1 " Cyber insurance premiums have skyrocketed (50%) because of ransomware, and there is no end in sight. Not only are we still paying ransoms, but we are using insurance to do it." Insight #2 " Do not rely on ChatGPT for therapy or medical diagnoses - these LLMs have too many hallucinations that could lead to death." Insight #3 " Large organizations are starting to ban the usage of ChatGPT and other LLMs, showing extremely conservative approaches in their AI strategies.

CISO 104

CISO Cyber Insurance Insurance Cybersecurity 104

Security Affairs

JUNE 16, 2023

An updated version of the Android remote access trojan GravityRAT can steal WhatsApp backup files and can delete files ESET researchers discovered an updated version of Android GravityRAT spyware that steals WhatsApp backup files and can delete files. The malware is distributed as the messaging apps BingeChat and Chatico. MalwareHunterTeam researchers first shared the hash for a GravityRAT sample via a tweet.

Backups 96

Backups Spyware Malware Accountability 96

Security Boulevard

JUNE 16, 2023

Let’s talk about the darker side of the ChatGPT security story: a recent DarkReading report found that 4% of workers are leaking protected corporate information into AI tools by feeding schematics, statistics, instructions, and other intellectual property into large language learning models (LLMs). ChatGPT security took center stage in April 2023 when Samsung employees leaked […] The post ChatGPT Security: Discovering and Securing AI Tools first appeared on Banyan Security.

104

104

Dark Reading

JUNE 16, 2023

To properly secure DNS infrastructure, organizations need strong security hygiene around DNS infrastructure and records management as well as closely monitoring and filtering DNS traffic.

DNS 95

DNS Security Awareness 95

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Security Boulevard

JUNE 16, 2023

The NIST CSF was first released in 2014, and since then, it has been adopted by thousands of organizations. The NIST Cybersecurity Framework has profoundly impacted the industry by promoting consistent cybersecurity practices, fostering collaboration and information sharing, and establishing a common language and understanding of cybersecurity concepts.

Cyber threats 104

Cyber threats Cybersecurity Cyber Risk Risk 104

Heimadal Security

JUNE 16, 2023

In the constantly changing cybersecurity world, organizations confront a variety of obstacles when trying to protect their digital assets. Businesses must rely on comprehensive security solutions to safeguard their sensitive data as attacks become more complex and breaches more frequent. Two popular options that have emerged to address these needs are Managed Detection and Response […] The post MDR vs.

Cybersecurity 95

Cybersecurity 95

Security Boulevard

JUNE 16, 2023

It was bound to happen. Clop, the Russia-based ransomware gang that executed the MOVEit-Zellis supply chain hack, has commenced making extortion demands of some big name U.S. federal agencies, in addition to global corporations. Related: Supply-chain hack ultimatum The nefarious … (more…) The post My Take: Russian hackers put the squeeze on U.S agencies, global corps in MOVEit-Zellis hack appeared first on Security Boulevard.

Hacking 101

Hacking Ransomware Security Awareness 101

Security Affairs

JUNE 16, 2023

Progress Software addressed a third vulnerability impacting its MOVEit Transfer application that could lead to privilege escalation and information disclosure. Progress Software disclosed a new SQL injection vulnerability impacting its MOVEit Transfer application, it is the third issue fixed by the company after: CVE-2023-35036 (June 9, 2023) CVE-2023-34362 (May 31, 2023) “Progress has discovered a vulnerability in MOVEit Transfer that could lead to escalated privileges and potential un

Software 95

Software Penetration Testing Government Media 95

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.