Troy Hunt

NOVEMBER 23, 2022

We've had great feedback from people who have gotten Pwned. Loads of people had told us how much they've enjoyed it and would like to get their friends Pwned too. Personally, I think everyone should get Pwned! Which is why we're making it possible for 30% less 😊 Ok, being more serious for a moment, I'm talking about Pwned the book which we launched a couple of months ago and it's chock full of over 800 pages worth of epic blog posts and more importantly, the stor

225

225

Schneier on Security

NOVEMBER 23, 2022

Nothing beats a dog’s nose for detecting explosives. Unfortunately, there aren’t enough dogs : Last month, the US Government Accountability Office (GAO) released a nearly 100-page report about working dogs and the need for federal agencies to better safeguard their health and wellness. The GOA says that as of February the US federal government had approximately 5,100 working dogs, including detection dogs, across three federal agencies.

Government 193

Government Accountability 193

Tech Republic Security

NOVEMBER 23, 2022

Industrial IoT is gaining adoption, but this comes with some security risks. Check out the dangers and how you can avoid them. The post Top 6 security risks associated with industrial IoT appeared first on TechRepublic.

IoT 199

IoT Risk Internet Internet 199

Security Boulevard

NOVEMBER 23, 2022

Some incredibly personal details are being sent to Facebook, without your consent, using the “Meta Pixel.”. The post ‘This is Appalling’ — Tax-Prep Sites Leak PII to Facebook appeared first on Security Boulevard.

CISO 138

CISO Security Awareness Risk Mobile 138

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Tech Republic Security

NOVEMBER 23, 2022

Distributed denial-of-service protection from OVHcloud takes the complexity out of avoiding denial of service attacks for your business. The post DDoS protection from OVHcloud appeared first on TechRepublic.

DDOS 148

DDOS Software 148

We Live Security

NOVEMBER 23, 2022

Malicious apps used in this active campaign exfiltrate contacts, SMS messages, recorded phone calls, and even chat messages from apps such as Signal, Viber, and Telegram. The post Bahamut cybermercenary group targets Android users with fake VPN apps appeared first on WeLiveSecurity.

VPN 138

VPN 138

Bleeping Computer

NOVEMBER 23, 2022

The website of the European Parliament has been taken down following a DDoS (Distributed Denial of Service) attack claimed by a pro-Russia group of hacktivists calling themselves Anonymous Russia. [.].

DDOS 130

DDOS 130

CyberSecurity Insiders

NOVEMBER 23, 2022

For the past seven to eight months, we have been constantly reading or listening to Russia’s negative involvement in cybersecurity. Now, the latest that has been published by Group-IB claims Moscow’s involvement in the password stealing of over 50 million users. Yes, according to a report compiled after analyzing over 34 telegram groups’ involvement in cybercrime, researchers from Group-IB have confirmed the involvement of hacking groups linked to the Kremlin stealing 50m passwords from about 89

Passwords 127

Passwords Scams Authentication Cybercrime 127

Bleeping Computer

NOVEMBER 23, 2022

Chrome browser extension 'SearchBlox' installed by more than 200,000 users has been discovered to contain a backdoor that can steal your Roblox credentials as well as your assets on Rolimons, a Roblox trading platform. [.].

123

123

Security Boulevard

NOVEMBER 23, 2022

Multifactor authentication (MFA) push notification fatigue attacks are increasing and are proving more effective, according to Expel’s quarterly threat report, based on data from the company’s customer base. The report also indicated that automated orchestration is proving to be a big advantage, with the median time to perform a remediation action automated via orchestration dropping.

Authentication 125

Authentication Threat Reports Social Engineering Engineering 125

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

CSO Magazine

NOVEMBER 23, 2022

A report released by Meta’s security team describes the company’s shutdown of a network of Facebook and Instagram accounts participating in what it calls coordinated inauthentic behavior, and linking some of those accounts to the US military. “Coordinated inauthentic behavior” is Meta’s term for misinformation activity performed by groups of social media accounts on its platforms that target particular groups or demographics.

Media 118

Media Accountability 118

Security Boulevard

NOVEMBER 23, 2022

As we embark on the U.S. Thanksgiving holiday, we’re supposed to be grateful for our gifts. And I am certainly thankful for my family, my health (injured knee notwithstanding) and being able to work at Techstrong, which is a very cool gig. But to be honest, I’m just not feeling very thankful from a security. The post Thanks for Nothing appeared first on Security Boulevard.

Security Awareness 109

Security Awareness Cybersecurity 109

Bleeping Computer

NOVEMBER 23, 2022

At least 34 distinct Russian-speaking cybercrime groups using info-stealing malware like Raccoon and Redline have collectively stolen 50,350,000 account passwords from over 896,000 individual infections from January to July 2022. [.].

Passwords 105

Passwords Cybercrime Accountability Malware 105

Security Boulevard

NOVEMBER 23, 2022

Hospitals, government health agencies and other health care entities have a growing need to securely store and transfer personal data, both from patient to provider and with relevant agencies, insurers and regulators. Considering the exponential rise in cyberattacks, it has never been more crucial for health care organizations to take the risk out of data.

Encryption 104

Encryption Insurance Government Risk 104

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Bleeping Computer

NOVEMBER 23, 2022

A set of five exploitable vulnerabilities in Arm's Mali GPU driver remain unfixed months after the chip maker patched them, leaving potentially millions of Android devices exposed to attacks. [.].

Mobile 101

Mobile 101

Security Boulevard

NOVEMBER 23, 2022

This Black Friday, we are offering an amazing 50% discount on all new plugin subscriptions. This is the perfect opportunity to shore up your WordPress security and administration (at a hefty discount) as we head into a busy festive season. The post Black Friday deals 2022 appeared first on WP White Security. The post Black Friday deals 2022 appeared first on Security Boulevard.

104

104

Bleeping Computer

NOVEMBER 23, 2022

Meta has removed several accounts on Facebook and Instagram associated with the U.S. military, saying they were used as part of covert influence operations targeting the Middle East and Russia. [.].

Accountability 101

Accountability 101

CSO Magazine

NOVEMBER 23, 2022

The UK has finalized its first independent data adequacy decision since leaving the European Union (EU) which will allow UK organisations to securely transfer personal data to the Republic of Korea without restrictions by the end of the year. The UK government stated that the new legislation, first agreed upon in principle in July, will allow businesses in both countries to share data more easily, enhancing opportunities for cooperation and growth.

Government 101

Government 101

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

SecureList

NOVEMBER 23, 2022

The shopping event of the year, Black Friday, is almost here, and while the big day does not officially arrive until Friday, November 25 th , deals are already starting. The day kickstarts the frenzied holiday shopping season with eye-catching promotional deals that lure shoppers into spending more of their hard-earned cash. In the weeks leading up to Black Friday, we have already seen discounts reaching 70% and even 80%, grabbing the attention of millions of customers.

Phishing 101

Phishing Banking Scams Retail 101

Security Affairs

NOVEMBER 23, 2022

Microsoft released an out-of-band update to fix problems tied to a recent Windows security patch that caused Kerberos authentication issues. Microsoft released an out-of-band update to address issues caused by a recent Windows security patch that causes Kerberos authentication problems. Microsoft Patch Tuesday security updates for November 2022 addressed a privilege escalation vulnerability, tracked as CVE-2022-37966 , that impacts Windows Server.

Authentication 100

Authentication Encryption Hacking Accountability 100

Dark Reading

NOVEMBER 23, 2022

The infostealer Aurora’s low detection rates and newcomer status are helping it fly under the radar, as more cybercriminal gangs target cryptocurrency wallets and communications apps.

Cyber threats 100

Cyber threats Cryptocurrency 100

Approachable Cyber Threats

NOVEMBER 23, 2022

Category Awareness, News, Vulnerabilities. Risk Level. “Ready to log-in and shop?” As things return to their pre-COVID levels, crowds at malls are returning to their claustrophobic norms, parking is a nightmare, and you can see the panic in people’s eyes again as they search for the perfect gift. In 2022 though, there are likely less people who still seek the thrill of a Black Friday sale at the mall, but for the rest of us, we have online shopping to the rescue.

Scams 98

Scams Passwords Banking Accountability 98

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

Security Boulevard

NOVEMBER 23, 2022

The NIST cybersecurity framework is a powerful tool to organize and improve your cybersecurity program. Today many businesses see cybersecurity with a kind of laissez-faire attitude where they purchase few tools and assign some people to look after their overall IT […]. The post Leveraging the NIST Cybersecurity Framework For Business appeared first on WeSecureApp :: Simplifying Enterprise Security!

Cybersecurity 98

Cybersecurity Security Awareness 98

Bleeping Computer

NOVEMBER 23, 2022

Windows gamers and power users are being targeted by fake MSI Afterburner download portals to infect users with cryptocurrency miners and the RedLine information-stealing malware. [.].

Cryptocurrency 96

Cryptocurrency Malware 96

Security Boulevard

NOVEMBER 23, 2022

Understand the challenges of securing your cloud and key best practices for minimizing your cloud’s blast radius. The post Sealing Off Your Cloud’s Blast Radius appeared first on Ermetic. The post Sealing Off Your Cloud’s Blast Radius appeared first on Security Boulevard.

97

97

Naked Security

NOVEMBER 23, 2022

Five tips to keep yourself, and your friends and family, out of the clutches of "chopping block" scammers.

Scams 125

Scams Malware 125

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Security Boulevard

NOVEMBER 23, 2022

Software supply chain attacks are on the rise because of their reach. Here are 10 valuable lessons from the recent GitHub namespace attack. The post GitHub repojacking attack: 10 lessons for software teams appeared first on Security Boulevard.

Software 97

Software 97

Dark Reading

NOVEMBER 23, 2022

Chinese threat actors have already used the vulnerable and pervasive Boa server to infiltrate the electrical grid in India, in spate of malicious incidents.

IoT 100

IoT 100

The Hacker News

NOVEMBER 23, 2022

The Android banking fraud malware known as SharkBot has reared its head once again on the official Google Play Store, posing as file managers to bypass the app marketplace's restrictions. A majority of the users who downloaded the rogue apps are located in the U.K. and Italy, Romanian cybersecurity company Bitdefender said in an analysis published this week.

Malware 92

Malware Banking Cybersecurity 92

Security Affairs

NOVEMBER 23, 2022

Pro-Russian hacker collective Killnet took down the European Parliament website with a DDoS cyberattack. The Pro-Russia group of hacktivists Killnet claimed responsibility for the DDoS attack that today took down the website of the European Parliament website. #KILLNET , the Pro-Russia #hacking group, claims to have launched a #DDoS attack against the European Parliament's ( @Europarl_EN ) official website.

DDOS 91

DDOS Hacking Information Security 91

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.