Schneier on Security

AUGUST 25, 2023

This article talks about new Mexican laws about food labeling, and the lengths to which food manufacturers are going to ensure that they are not effective. There are the typical high-pressure lobbying tactics and lawsuits. But there’s also examples of companies hacking the laws: Companies like Coca-Cola and Kraft Heinz have begun designing their products so that their packages don’t have a true front or back, but rather two nearly identical labels—except for the fact that only

Hacking 197

Hacking Manufacturing Marketing 197

Krebs on Security

AUGUST 25, 2023

Security consulting giant Kroll disclosed today that a SIM-swapping attack against one of its employees led to the theft of user information for multiple cryptocurrency platforms that are relying on Kroll services in their ongoing bankruptcy proceedings. And there are indications that fraudsters may already be exploiting the stolen data in phishing attacks.

Mobile 193

Mobile Cyber Risk Cryptocurrency Data breaches 193

Tech Republic Security

AUGUST 25, 2023

A new variant of malware called XLoader is targeting macOS users. Learn more about how to protect yourself from this malicious software.

Malware 145

Malware Software Cybersecurity 145

Digital Shadows

AUGUST 25, 2023

Loader malware is working behind the scenes in many organizations' environments, doing the heavy lifting that helps an infection spread. ReliaQuest has picked out the most commonly observed loaders and outlined why SOC analysts should worry about them, plus how to defend against them.

Malware 98

Malware Cybercrime 98

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Tech Republic Security

AUGUST 25, 2023

The Cisco Talos report exposes new malware used by the group to target Internet backbone infrastructure and healthcare organizations in the U.K. and the U.S.

Malware 133

Malware Healthcare Internet Internet 133

Security Boulevard

AUGUST 25, 2023

It’s been reported that 2.6 million user records sourced from the Duolingo app are for sale. The attacker apparently obtained them from an open API provided by the company. There’s a more technical explanation available here. While we talk a lot about the vulnerabilities in the OWASP API Top-10 and the exploits associated with those [.] The post API Abuse – Lessons from the Duolingo Data Scraping Attack appeared first on Wallarm.

98

98

Security Affairs

AUGUST 25, 2023

Experts observed the SmokeLoader malware delivering a new Wi-Fi scanning malware strain dubbed Whiffy Recon. Secureworks Counter Threat Unit (CTU) researchers observed the Smoke Loader botnet dropping a new Wi-Fi scanning malware named Whiffy Recon. The malicious code triangulates the positions of the infected systems using nearby Wi-Fi access points as a data point for Google’s geolocation API. “The scan results are mapped to a JSON structure (see Figure 5) that is sent to the Googl

Malware 95

Malware Wireless Mobile Encryption 95

Bleeping Computer

AUGUST 25, 2023

MSI has officially confirmed the recent surge of blue screens of death (BSODs) encountered by Windows users after installing this week's optional preview updates is linked to some of its motherboard models. [.

Technology 94

Technology Software 94

The Hacker News

AUGUST 25, 2023

Risk and financial advisory solutions provider Kroll on Friday disclosed that one of its employees fell victim to a "highly sophisticated" SIM swapping attack. The incident, which took place on August 19, 2023, targeted the employee's T-Mobile account, the company said.

Data breaches 91

Data breaches Mobile Accountability Risk 91

Bleeping Computer

AUGUST 25, 2023

Pôle emploi, France's governmental unemployment registration and financial aid agency, is informing of a data breach that exposed data belonging to 10 million individuals. [.

Data breaches 90

Data breaches 90

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Malwarebytes

AUGUST 25, 2023

Google has published details about the first weekly update for the Chrome browser. Recently Google announced that it would start shipping weekly security updates for the Stable channel (the version most of us use). Regular Chrome releases will still come every four weeks, but to get security fixes out faster, updates to address security and other high impact bugs will be scheduled weekly.

Engineering 89

Engineering Risk Cybersecurity 89

Security Affairs

AUGUST 25, 2023

China-linked APT group Flax Typhoon targeted dozens of organizations in Taiwan as part of a suspected espionage campaign. Microsoft linked the Chinese APT Flax Typhoon (aka Ethereal Panda) to a cyber espionage campaign that targeted dozens of organizations in Taiwan. The researchers observed Flax Typhoon gaining and maintaining long-term access to Taiwanese organizations’ networks with minimal use of malware.

VPN 87

VPN Manufacturing Education Hacking 87

Bleeping Computer

AUGUST 25, 2023

Multiple reports on social media warn of a data breach at financial and risk advisory company Kroll that resulted in exposing to an unauthorized third-party the personal data of some credit claimants. [.

Data breaches 87

Data breaches Media Risk Cryptocurrency 87

The Hacker News

AUGUST 25, 2023

Every company has some level of tech debt. Unless you’re a brand new start-up, you most likely have a patchwork of solutions that have been implemented throughout the years, often under various leadership teams with different priorities and goals. As those technologies age, they can leave your organization vulnerable to cyber threats.

CISO 87

CISO Cyber threats Technology 87

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Bleeping Computer

AUGUST 25, 2023

Leaseweb, one of the world's largest cloud and hosting providers, notified people that it's working on restoring "critical" systems disabled following a recent security breach. [.

86

86

SecureWorld News

AUGUST 25, 2023

As Labor Day approaches, millions of people eagerly anticipate a long weekend of relaxation, barbecues, and online shopping deals. However, this annual holiday has also become an opportune time for cybercriminals to exploit unsuspecting individuals. While it is a time of celebration, the weekend also marks an uptick in online scams and phishing attacks.

Scams 86

Scams Retail Phishing Authentication 86

The Hacker News

AUGUST 25, 2023

The U.S. Federal Bureau of Investigation (FBI) is warning that Barracuda Networks Email Security Gateway (ESG) appliances patched against a recently disclosed critical flaw continue to be at risk of potential compromise from suspected Chinese hacking groups.

Risk 86

Risk Hacking 86

Dark Reading

AUGUST 25, 2023

Deployed by the infamous SmokeLoader botnet, the location-tracking malware could be used for a host of follow-on cyberattacks or even physical targeting.

Malware 91

Malware 91

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Malwarebytes

AUGUST 25, 2023

A wave of video game developer compromises has come to a court-based conclusion for those responsible , with several convictions the end result. Arion Kurtaj, and a second teen who cannot be named due to their age, are finding themselves to be in quite a lot of trouble after repeated and sustained attacks on multiple businesses. The infamous Lapsus$ ransomware gang gained notoriety for a number of attacks against companies involved in game development, or companies closely associated with gaming

Ransomware 83

Ransomware Backups Software Cryptocurrency 83

Dark Reading

AUGUST 25, 2023

The cyber-espionage group has created a stealthy, hard-to-mitigate network of persistent access across a range of organizations, but the endgame is unclear.

89

89

The Hacker News

AUGUST 25, 2023

Two U.K. teenagers have been convicted by a jury in London for being part of the notorious LAPSUS$ (aka Slippy Spider) transnational gang and for orchestrating a series of brazen, high-profile hacks against major tech firms and demanding a ransom in exchange for not leaking the stolen information.

Hacking 82

Hacking 82

Dark Reading

AUGUST 25, 2023

Roblox gaming developers are lured in by a package that claims to create useful scripts to interact with the Roblox website, for example by “promot(ing) users, shout events, and so on, or to create Discord utiltiies (sic) to manage their community.

Malware 82

Malware 82

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

The Hacker News

AUGUST 25, 2023

A nation-state activity group originating from China has been linked to cyber attacks on dozens of organizations in Taiwan as part of a suspected espionage campaign. The Microsoft Threat Intelligence team is tracking the activity under the name Flax Typhoon, which is also known as Ethereal Panda.

Cyber Attacks 81

Cyber Attacks 81

Bleeping Computer

AUGUST 25, 2023

Microsoft has identified a new hacking group it now tracks as Flax Typhoon that argets government agencies and education, critical manufacturing, and information technology organizations likely for espionage purposes. [.

Manufacturing 80

Manufacturing Education Government Technology 80

Heimadal Security

AUGUST 25, 2023

The fact that malicious software gets smarter and more sophisticated every day that goes by is no news to any IT professional. Add the fact that the attack surface continues to expand as our lives get highly connected to the Internet, and you have the perfect storm. Cybersecurity experts’ first response – to get more […] The post How to Choose the Best XDR Solution for Your Organization?

Internet 79

Internet Internet Software Cybersecurity 79

SecureBlitz

AUGUST 25, 2023

Learn how to prepare for a cyber assessment in this post. Cybersecurity assessments are more important than ever in today's rapidly evolving digital landscape. These assessments are designed to uncover vulnerabilities and help organizations strengthen their cyber defenses. This article offers guidance on how to prepare for a cyber assessment, ensuring that your business remains […] The post How To Prepare For A Cyber Assessment appeared first on SecureBlitz Cybersecurity.

Cybersecurity 78

Cybersecurity 78

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Bleeping Computer

AUGUST 25, 2023

UK's Information Commissioner's Office (ICO), together with eleven data protection and privacy authorities from around the world, have published a statement calling social media platforms to up their protections against data scrapers. [.

Media 78

Media 78

Heimadal Security

AUGUST 25, 2023

HIDS stands for host-based intrusion detection system and is an application that monitors a computer or network for suspicious activities. The monitored activities can include external actors` intrusions and also internal misuse of resources or data. A host intrusion detection system’s job is to look for suspicious activities or unusual patterns that could result in […] The post What Is a Host Intrusion Detection System (HIDS) and How It Works appeared first on Heimdal Security Blog.

Cybersecurity 78

Cybersecurity 78

Cisco Security

AUGUST 25, 2023

In our March 2023 blog, “What is EPSS and Why Does It Matter?” , Michael Roytman, Distinguished Engineer at Cisco (former Chief Data Scientist at Kenna Security) and co-creator of EPSS, covers the role the Exploit Prediction Scoring System (EPSS) plays in a security program. To sum it up, EPSS enables practitioners to have a defensible way to forecast how likely a newly published vulnerability is to become exploited before attackers have a chance to build new ransomware or exploits.

Risk 71

Risk Engineering Internet Internet 71

Heimadal Security

AUGUST 25, 2023

XDR software collects and processes data from various security layers, networks, and endpoints in an organization`s IT environment. It is a fast and accurate tool that helps security teams detect and respond faster to cyber threats wherever they might be located: endpoints, networks, or the cloud. In a more and more complex threat landscape, XDR […] The post How Does XDR Software Help Security Teams appeared first on Heimdal Security Blog.

Software 77

Software Cyber threats 77

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.