Krebs on Security

MAY 2, 2023

A sprawling online company based in Georgia that has made tens of millions of dollars purporting to sell access to jobs at the United States Postal Service (USPS) has exposed its internal IT operations and database of nearly 900,000 customers. The leaked records indicate the network’s chief technology officer in Pakistan has been hacked for the past year, and that the entire operation was created by the principals of a Tennessee-based telemarketing firm that has promoted USPS employment we

Marketing 258

Marketing Advertising Scams Telecommunications 258

Schneier on Security

MAY 2, 2023

NIST has release a draft of Special Publication1800-38A: Migration to Post-Quantum Cryptography: Preparation for Considering the Implementation and Adoption of Quantum Safe Cryptography.” It’s only four pages long, and it doesn’t have a lot of detail—more “volumes” are coming, with more information—but it’s well worth reading.

237

237

The Last Watchdog

MAY 2, 2023

The rising complexity and prevalence of cybersecurity threats are making experts anxious. Related: Training employees to mitigate phishing It pressures working analysts to perform 24 hours’ worth of work in an 8-hour day. Automation could alleviate the burden on IT teams and cybersecurity professionals by shouldering some monotonous, time-consuming tasks.

Cybersecurity 202

Cybersecurity Firewall Risk Cyber Risk 202

Tech Republic Security

MAY 2, 2023

Domain security firm Infoblox discovered a command-and-control exploit that, while extremely rare and complex, could be a warning growl from a new, as-yet anonymous state actor. The post Infoblox discovers rare Decoy Dog C2 exploit appeared first on TechRepublic.

144

144

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Security Boulevard

MAY 2, 2023

PATCH NOW! Oh, wait, you can’t: “You are no longer connected to the internet,” it sneers. The post New Apple ‘Rapid’ Update is Slow, Messy FAIL appeared first on Security Boulevard.

Internet 145

Internet Internet Security Awareness Risk 145

Tech Republic Security

MAY 2, 2023

At the RSA Conference Akamai launched a new security platform for fake websites and touted its focus on protecting application protocol interfaces, or APIs. The post At RSA, Akamai put focus on fake sites, API vulnerabilities appeared first on TechRepublic.

Phishing 127

Phishing Cybersecurity 127

CyberSecurity Insiders

MAY 2, 2023

Cyber swindlers, also known as cyber fraudsters, are individuals or groups who use the internet and technology to commit fraud or deception for financial gain. They use various methods, such as phishing scams, identity theft, credit card fraud, and other forms of online scams to steal money or sensitive information from their victims. Some cyber swindlers use sophisticated techniques to deceive their targets, such as creating fake websites or emails that look like legitimate businesses or organi

Identity Theft 128

Identity Theft Scams Internet Internet 128

CSO Magazine

MAY 2, 2023

It’s no secret that humans are the biggest vulnerability to any corporate network. Whether it’s an inability to properly manage password complexity across multiple systems, poor social media habits, or even a lack of awareness with things like email links, online shopping, or app and software usage. A major problem for businesses, particularly in a post-COVID world with so many people working remotely, is the fact that these security challenges employees face extend very easily to their personal

Media 123

Media Engineering Passwords Software 123

CyberSecurity Insiders

MAY 2, 2023

Australia’s HWL Ebsworth law firm has issued a statement stating that its servers have been hacked and the personal data of its clients and some employees were accessed and siphoned by criminals. The Blackcat ransomware gang posted a statement on its website reiterating the same, stating that they had siphoned approximately 4TB of company data, including employee CVs, ID card details, financial reports, account information, client documentation, credit card information, and a blueprint con

Ransomware 121

Ransomware Firewall Cybersecurity Government 121

Bleeping Computer

MAY 2, 2023

Google announced today that the lock icon, long thought to be a sign of website security and trustworthiness, will soon be changed with a new icon that doesn't imply that a site is secure or should be trusted. [.

120

120

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

We Live Security

MAY 2, 2023

A quick dive into the murky world of cyberespionage and other growing threats facing managed service providers – and their customers The post APT groups muddying the waters for MSPs appeared first on WeLiveSecurity

120

120

Bleeping Computer

MAY 2, 2023

Hackers exploited a Level Finance smart contract vulnerability to drain 214,000 LVL tokens from the decentralized exchange and swapped them for 3,345 BNB, worth approximately $1,100,000. [.

Hacking 118

Hacking Cryptocurrency 118

Tech Republic Security

MAY 2, 2023

Joseph Vijay, CEO of Intelli-Systems, talks about the challenges of supporting critical infrastructure, and right-sizing data center power portfolios without disruption. The post Juggling critical infrastructure for data centers, hospitals and more, with an eye on resilience appeared first on TechRepublic.

Network Security 101

Network Security 101

Bleeping Computer

MAY 2, 2023

An international law enforcement operation codenamed 'SpecTor' has arrested 288 dark web vendors and customers worldwide, with police seizing €50.8 million ($55.9M) in cash and cryptocurrency. [.

Cryptocurrency 104

Cryptocurrency 104

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

CSO Magazine

MAY 2, 2023

Samsung has reportedly issued a memo prohibiting the use of generative AI systems like ChatGPT to prevent the upload of sensitive company data on external servers.

108

108

Bleeping Computer

MAY 2, 2023

1Password says a recent incident that caused customers to receive notifications about changed passwords was the result of service disruption and not a security breach. [.

Passwords 106

Passwords 106

CSO Magazine

MAY 2, 2023

Data security authorization vendor Veza has announced a new solution for access security and governance across SaaS applications including Salesforce, GitHub, and Slack. Veza for SaaS Apps allows customers to automate access reviews, find and fix privilege access violations, trim privilege sprawl, and prevent SaaS misconfigurations – securing the attack surface associated with widespread SaaS app usage and enabling compliance with frameworks like ISO 27001 and GDPR, according to the firm.

Government 102

Government 102

Security Boulevard

MAY 2, 2023

The rising complexity and prevalence of cybersecurity threats are making experts anxious. Related: Training employees to mitigate phishing It pressures working analysts to perform 24 hours’ worth of work in an 8-hour day. Automation could alleviate the burden on IT … (more…) The post GUEST ESSAY: Making the case for leveraging automation to eradicate cybersecurity burnout appeared first on Security Boulevard.

Cybersecurity 100

Cybersecurity Phishing Security Awareness 100

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

CSO Magazine

MAY 2, 2023

The way we do business has changed dramatically over the last several years. To remain agile and competitive, organizations must embrace digital transformation. But doing so securely means stepping outside the old ways of establishing a network perimeter, protecting it, and trusting everything inside. Doing things the way they have always been done doesn’t work in the hybrid workplace, where the perimeter is everywhere.

Digital transformation 101

Digital transformation Architecture Network Security 101

Dark Reading

MAY 2, 2023

The cyberattack campaign, similar to one to spread the Rhadamanthys Stealer, is part of a larger trend by attackers to use malvertising as initial access for ransomware and other threat activity.

Ransomware 99

Ransomware 99

Security Boulevard

MAY 2, 2023

As the cybersecurity industry has endeavored to reduce the risk of software supply chain security flaws, software bills of materials (SBOMs) have received a ton of attention of late, as security pundits have promoted them as a key building block in software supply chain security programs. The post How to operationalize SBOMs for incident response appeared first on Security Boulevard.

Software 98

Software Risk Cybersecurity Government 98

Duo's Security Blog

MAY 2, 2023

At Duo Security, we want to make it easier for our customers to stay secure, which is why we’re happy to announce that starting May 1st, all Duo customers will be able to happily say, “Aw, CRUD” (create, read, update, delete) to their Duo policies through our existing Admin API using our new policy endpoints. Our Duo Documentation has been updated with the how-tos of applying these policy endpoints, and in this post we’ll be sharing use cases of why our customers will benefit from this update.

Accountability 98

Accountability Authentication Education Risk 98

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

Security Affairs

MAY 2, 2023

FortiGuard Labs researchers observed a worrisome level of attacks attempting to exploit an authentication bypass vulnerability in TBK DVR devices. FortiGuard Labs researchers are warning of a spike in malicious attacks targeting TBK DVR devices. Threat actors are attempting to exploit a five-year-old authentication bypass issue, tracked as CVE-2018-9995 (CVSS score of 9.8), in TBK DVR devices.

Authentication 98

Authentication Retail Surveillance Education 98

Security Boulevard

MAY 2, 2023

With Indiana Jones about to enter the space race in the Dial of Destiny, I am reminded of the great Tom Lehrer’s 1965 song about former Nazi scientist Dr. Wernher von Braun’s “apolitical” approach to the engineering of rockets. According to Lehrer’s parody, “’Once the rockets are up, who cares where they come down? That’s. The post The Ethics of Selling Hacker Tools appeared first on Security Boulevard.

Engineering 98

Engineering Risk Government Cybersecurity 98

WIRED Threat Level

MAY 2, 2023

The attackers were in thousands of corporate and government networks. They might still be there now. Behind the scenes of the SolarWinds investigation.

Hacking 104

Hacking Government 104

Security Boulevard

MAY 2, 2023

When it comes to Cybersecurity and Generative AI, you have to look at what traditionally takes time and investment by expert practitioners. One of the major things SOC analysts have to build and maintain is an alerting framework for their environment. The post Delivering Generative AI to Cybersecurity for Over 3 Years appeared first on Security Boulevard.

Cybersecurity 97

Cybersecurity 97

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Malwarebytes

MAY 2, 2023

Website owners are once again at war with tools designed to scrape content from their sites. An AI scraper called img2dataset is scouring the Internet for pictures that can be used to train image-generating AI tools. These generators are increasingly popular text-to-image services, where you enter a suggestion (“A superhero in the ocean, in the style of Van Gogh”) and it produces a visual to match.

Engineering 94

Engineering Internet Internet Ransomware 94

Security Boulevard

MAY 2, 2023

Palo Alto Networks today launched a managed firewall service for Microsoft Azure environments. The next-generation firewall (NGFW) can be accessed via a console running on the Microsoft cloud platform or in an on-premises environment using the company’s Panorama console for managing firewalls. Tanya Shastri, senior vice president for product management for next-generation firewall at Palo.

Firewall 95

Firewall Cybersecurity Network Security 95

The Hacker News

MAY 2, 2023

A new Android surveillanceware possibly used by the Iranian government has been used to spy on over 300 individuals belonging to minority groups. The malware, dubbed BouldSpy, has been attributed with moderate confidence to the Law Enforcement Command of the Islamic Republic of Iran (FARAJA). Targeted victims include Iranian Kurds, Baluchis, Azeris, and Armenian Christian groups.

Spyware 95

Spyware Government Malware 95

Security Affairs

MAY 2, 2023

A joint operation conducted by the FBI and Ukrainian police seized 9 crypto exchanges used by cybercriminal groups for money laundering. The Cyber ​​Police Department together with the Main Investigative Department of the National Police, the Office of the Prosecutor General of Ukraine and in cooperation with the FBI conducted an international operation that seized nine crypto exchanges used by cybercriminal groups to launder profits from illegal activities, including ransomware attacks and onli

Cybercrime 93

Cybercrime Cryptocurrency Advertising Education 93

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.