Schneier on Security

FEBRUARY 7, 2023

Criminals using Google search ads to deliver malware isn’t new, but Ars Technica declared that the problem has become much worse recently. The surge is coming from numerous malware families, including AuroraStealer, IcedID, Meta Stealer, RedLine Stealer, Vidar, Formbook, and XLoader. In the past, these families typically relied on phishing and malicious spam that attached Microsoft Word documents with booby-trapped macros.

Malware 293

Malware Phishing Cybercrime 293

Krebs on Security

FEBRUARY 7, 2023

KrebsOnSecurity will likely have a decent amount of screen time in an upcoming Hulu documentary series about the 2015 megabreach at marital infidelity site Ashley Madison. While I can’t predict what the producers will do with the video interviews we shot, it’s fair to say the series will explore compelling new clues as to who may have been responsible for the attack.

Media 285

Media 285

The Last Watchdog

FEBRUARY 7, 2023

Throughout 2022, we saw hackers become far more sophisticated with their email-based cyber attacks. Using legitimate services and compromised corporate email addresses became a norm and is likely to continue in 2023 and beyond. Related: Deploying human sensors Additionally, with tools like ChatGPT, almost anyone can create new malware and become a threat actor.

Small Business 222

Small Business Technology Cyber Attacks Cybersecurity 222

Tech Republic Security

FEBRUARY 7, 2023

These ransomware infections on VMware ESXi software are due to a vulnerability that has existed since 2021. Find out the most targeted countries and how to secure your organization. The post Massive ransomware operation targets VMware ESXi: How to protect from this security threat appeared first on TechRepublic.

Ransomware 204

Ransomware Software Cybersecurity Network Security 204

Speaker: Erroll Amacker

Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.

Risk

SecureList

FEBRUARY 7, 2023

There is a vast number of trackers , which gather information about users’ activities online. For all intents and purposes, we have grown accustomed to online service providers, marketing agencies, and analytical companies tracking our every mouse click, our social posts, browser and streaming services history. The collected data can be used for improving their user interfaces or the overall user experience, or to personalize ads.

Advertising 142

Advertising Marketing Internet Internet 142

Tech Republic Security

FEBRUARY 7, 2023

With more companies investing in Web 3.0 this year, including blockchain, gaming and the metaverse, the cat and mouse game will continue, but with more dimensions. The post Metaverse adds new dimensions to Web 3.0 cybersecurity appeared first on TechRepublic.

Cybersecurity 183

Cybersecurity 183

We Live Security

FEBRUARY 7, 2023

No internet, perfect security? Two ESET researchers perform a thought experiment where they consider the implications of being plunged into digital darkness.

Internet 122

Internet Internet Cybersecurity 122

Dark Reading

FEBRUARY 7, 2023

Lazarus Group used a known Zimbra bug to steal data from medical and energy researchers.

115

115

Bleeping Computer

FEBRUARY 7, 2023

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has released a script to recover VMware ESXi servers encrypted by the recent widespread ESXiArgs ransomware attacks. [.

Ransomware 109

Ransomware Encryption Cybersecurity 109

Heimadal Security

FEBRUARY 7, 2023

Pix is an instant payment platform developed and managed by the Central Bank of Brazil (BCB), which enables quick payment and transfer execution, with over 100 million registered accounts worldwide. A new strain of mobile malware targeting Brazil and other LATAM nations has just been discovered. The malware is designed to steal sensitive data and […] The post PixPirate Malware Is Actively Stealing Banking Passwords appeared first on Heimdal Security Blog.

Banking 105

Banking Passwords Malware Mobile 105

Advertisement

Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.

Cyber threats

SecureBlitz

FEBRUARY 7, 2023

Learn why your small business need online scheduling in this post. If you’re a small business owner, you know that time is money. The less time you spend on administrative tasks, the more time you can spend developing your product or service, marketing your business, and growing your customer base. One way to free up […] The post Why Does Your Small Business Need Online Scheduling?

Small Business 104

Small Business Marketing Cybersecurity 104

WIRED Threat Level

FEBRUARY 7, 2023

Biden’s speech proves that protecting personal info is no longer a fringe issue. Now, Congress just needs to do something about it.

Data privacy 102

Data privacy 102

PCI perspectives

FEBRUARY 7, 2023

Welcome to our podcast series, Coffee with the Council. I'm Alicia Malone, Senior Manager of Public Relations for the PCI Security Standards Council. Today, we'll reflect on the accomplishments of 2022 and look ahead to what 2023 will bring at the PCI Security Standards Council. My guest for this episode is Lance Johnson, Executive Director at PCI SSC.

Software 101

Software Mobile 101

Trend Micro

FEBRUARY 7, 2023

In 2022, we discovered Earth Zhulong, a hacking group that has been targeting Asian firms similar to another well-known threat actor. In this article, we unravel their new tactics, techniques and procedures that they apply on their misdeeds.

Hacking 101

Hacking 101

Advertisement

The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.

Cybersecurity

Dark Reading

FEBRUARY 7, 2023

The global assault on vulnerable VMware hypervisors may have been mitigated by updating to the latest version of the product, but patch management is only part of the story.

Risk 99

Risk Ransomware 99

Naked Security

FEBRUARY 7, 2023

7 memory mismanagements and a timing attack. We explain all the jargon bug terminology in plain English.

99

99

Malwarebytes

FEBRUARY 7, 2023

Stalkerware is a huge problem when it comes to intrusion into people’s personal lives. “Friends”, strangers, family members, abusive spouses and many more can potentially dabble in this malignant pastime and cause all manner of trouble for their target. Thanks to the New York Attorney General’s office, some folks will shortly be made aware of a little extra something lurking on their devices , after it landed a developer with a $410,000 fine and a requirement to notify pe

Spyware 98

Spyware Software Risk Cybersecurity 98

Identity IQ

FEBRUARY 7, 2023

What is Phishing? IdentityIQ Cybercriminals are incredibly adaptable. They learn new security measures quickly and find new ways to steal sensitive information. One of the most common techniques used to exploit web users is the phishing scam. This article will cover what phishing is, cybercriminals’ different approaches, and how to prevent yourself from becoming a victim.

Phishing 98

Phishing Identity Theft Scams Banking 98

Speaker: Sierre Lindgren

Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.

Scams

Security Affairs

FEBRUARY 7, 2023

The maintainers of OpenSSH address multiple security issues, including a memory safety bug in the OpenSSH server (sshd). The maintainers of OpenSSH have addressed a number of security vulnerabilities with the release of version 9.2. One of the issues addressed by the maintainers is a memory safety bug in the OpenSSH server (sshd) tracked as CVE-2023-25136.

Authentication 98

Authentication Encryption Hacking Information Security 98

Malwarebytes

FEBRUARY 7, 2023

After eavesdropping on yet another encrypted messaging service for five months, law enforcement agencies decided to shut down the service that was popular among members of organized crime groups. The service called Exclu claims to use the “most secure encryption protocols”, as well as end-to-end encryption to ensure that only the sender and the person they’re communicating with can read what’s sent, not even Exclu itself.

Encryption 98

Encryption VPN Marketing Government 98

Security Affairs

FEBRUARY 7, 2023

The popular collective Anonymous has leaked 128 GB of data allegedly stolen from the Russian Internet Service Provider Convex. The collective Anonymous released last week 128 gigabytes of documents that were allegedly stolen from the Russian Internet Service Provider Convex. The huge trove of data was leased by an affiliate of Anonymous’s affiliate group called Caxxii.

Surveillance 98

Surveillance Internet Internet Government 98

Identity IQ

FEBRUARY 7, 2023

7 Tips to Follow for Safer Internet Day IdentityIQ The 20 th annual Safer Internet Day is taking place on Feb. 7! Safer Internet Day is a campaign that aims to educate the public on internet safety and encourage everyone to take part in creating a safer internet. Why is Safer Internet Day Important? Online safety is a global issue, with 60% of the word population using the internet.

Internet 98

Internet Internet Identity Theft Scams 98

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

Security Affairs

FEBRUARY 7, 2023

A new Linux variant of the Clop ransomware has been observed in the wild, the good news is that its encryption algorithm is flawed. SentinelLabs researchers have observed the first Linux variant of the Clop ransomware. The researchers noticed that the encryption algorithm implemented in the ELF executable is flawed and can allow victims to decrypt locked files without paying a ransom.

Encryption 98

Encryption Ransomware Cybercrime Engineering 98

The Hacker News

FEBRUARY 7, 2023

The first-ever Linux variant of the Clop ransomware has been detected in the wild, but with a faulty encryption algorithm that has made it possible to reverse engineer the process. "The ELF executable contains a flawed encryption algorithm making it possible to decrypt locked files without paying the ransom," SentinelOne researcher Antonis Terefos said in a report shared with The Hacker News.

Encryption 98

Encryption Ransomware Engineering 98

Security Affairs

FEBRUARY 7, 2023

VMware said there is no evidence that threat actors are exploiting a zero-day flaw in its software as part of an ongoing ESXiArgs ransomware campaign. VMware said that it found no evidence that the threat actors behind the ongoing ESXiArgs ransomware attacks are leveraging a zero-day vulnerability in VMware ESXi servers. “VMware has not found evidence that suggests an unknown vulnerability (0-day) is being used to propagate the ransomware used in these recent attacks.” reads the late

Ransomware 98

Ransomware Hacking Technology Software 98

Heimadal Security

FEBRUARY 7, 2023

The „Holy Souls” or NEPTUNIUM threat group is considered responsible for the recent attack on the satirical French magazine Charlie Hebdo. The group is known to be backed up by the Iranian state and was previously sanctioned by the U.S. government. Due to a successful data breaching attack, hackers claim they are now in possession […] The post Iranian Threat Group Behind Charlie Hebdo Data Breach appeared first on Heimdal Security Blog.

Data breaches 98

Data breaches Government Cybersecurity 98

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

SecureWorld News

FEBRUARY 7, 2023

VMware has recently issued a warning to its customers to install the latest security updates and disable the OpenSLP service on their ESXi servers. This warning comes after a large-scale campaign of ransomware attacks targeted internet-exposed and vulnerable ESXi servers. According to VMware , the attackers are not exploiting a Zero-Day vulnerability, and this service is disabled by default in ESXi software releases that were issued after 2021.

Ransomware 98

Ransomware Internet Internet Malware 98

Security Boulevard

FEBRUARY 7, 2023

For the generation of children growing up today, advanced technology has been integrated into their lives since they were born. With 2020 YouGov statistics showing that 85% of six-year-olds have access to a tablet at home and, by age 17, only 4% of teenagers said that they don’t have access to a computer, it is. The post The Rise of Script Kiddies: Where Inexperience Meets Opportunity appeared first on Security Boulevard.

Technology 98

Technology Security Awareness Cybercrime Hacking 98

Identity IQ

FEBRUARY 7, 2023

SIM Swap Scams: How SIM Swapping Works and How To Protect Yourself IdentityIQ According to the Federal Bureau of Investigation, SIM swap scams are on the rise. The FBI reported that they had received 1,611 SIM swapping complaints with losses of more than $68 million in 2021. If you’re unfamiliar with this scam, it takes advantage of people’s lack of knowledge of how SIM cards work and puts their information at risk.

Scams 98

Scams Identity Theft Wireless Accountability 98

Cisco Security

FEBRUARY 7, 2023

Cisco Live is the premier destination for Cisco customers and partners to gain knowledge and build community. Our teams work hard to deliver education and inspiration, ignite creativity, deliver practical know-how, and accelerate the connections that fuel your digital future. The Cisco Secure team is excited to share our expertise to help power the strategies – and safety – of your organization.

Risk 98

Risk Authentication Education Technology 98

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!